Method and apparatus to determine user identity and limit access to a communications network

US 6,256,739 B1
Filed: 11/26/1997
Issued: 07/03/2001
Est. Priority Date: 10/30/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of operating an access control system for information retrievable using a communications network, comprising the steps of:

receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;

receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;

determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;

deciding at the access control system whether to grant the information request based on the requesting user identity; and

if the information request was granted, then;

retrieving by the access control system the requested information using one of;

the communications network; and

a cache; and

sending by the access control system the retrieved information to the client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus to determine user identity and limit access to a communications network. A first message containing user identity information is received from a client computer in accordance with a first protocol. A first network address is determined from the first message. A second message containing an information request is also received from the client in accordance with a second protocol, and a second network address is determined from the second message. The requesting user identity is then determined based on the first network address, the user identity information and the second network address. Based on the requesting user identity, it can be decided whether to grant the information request. If access is granted, the requested information is retrieved using the communications network.

Citations

31 Claims

1. A method of operating an access control system for information retrievable using a communications network, comprising the steps of:
- receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
  
  receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
  
  determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
  
  deciding at the access control system whether to grant the information request based on the requesting user identity; and
  
  if the information request was granted, then;
  
  retrieving by the access control system the requested information using one of;
  
  the communications network; and
  
  a cache; and
  
  sending by the access control system the retrieved information to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the communications network is a packet network.
  - 3. The method of claim 1, wherein the client is a computer located remote from the access control system.
  - 4. The method of claim 1, wherein said step of deciding is also based on information stored in a user database.
  - 5. The method of claim 1, wherein the information request is a request to retrieve an information page.
  - 6. The method of claim 5, wherein the communications network is the Internet, the information page is a World Wide Web page and the first and second network addresses are Internet protocol addresses.
  - 7. The method of claim 5, further comprising the step of:
8. The method of claim 7, further comprising the step of:
- reporting composite history data based on recorded user history data for a plurality of requesting user identities.
9. The method of claim 5, wherein said step of deciding is also based on an access control list of information pages.
10. The method of claim 9, wherein said step of deciding is also based on at least one of:
- the number of requests for the information page that have previously been associated with the requesting user identity;
  
  the amount of time the information page has previously been displayed to the requesting user identity; and
  
  demographic information associated with the requesting user identity.
11. The method of claim 5, wherein the second message is received in accordance with hypertext transfer protocol and the first message is received in accordance with a protocol other than hypertext transfer protocol.
12. The method of claim 1, further comprising the step of storing the requested information in a cache.
13. The method of claim 1, wherein said steps of receiving a second message and retrieving are performed by a proxy.
14. The method of claim 1, wherein the first message also includes credential information and further comprising the step of deciding whether the client is authorized to use the access control system based on the credential information and a user credential database.
15. The method of claim 1, wherein said step of determining is based on user identity information associated with the first network address when the first network address has been determined to be the same as the second network address.

16. An apparatus for limiting information retrievable using a communications network, comprising:
- a proxy controller, comprising;
  
  a user identity database, a proxy control processor, in communication with a client and said user identity database, configured to receive from the client a first message containing user identity information, wherein a first network address can be determined from the first message; and
  
  an access control proxy in communication with said proxy controller, comprising;
  
  a communications port capable of receiving information page data using the communications network, and a proxy processor, in communication with the client and said communications port, configured to receive from the client a second maessage containing a request for an information page, wherein a second network address can be determined from the second message and said proxy processor is configured to decide whether to retrieve the associated information page data from said communications port based on the first network address, the user identity information and the second network address and if the information request was granted, then;
  
  said proxy processor configured to retrieve the associated information page from one of;
  
  said communications port; and
  
  a cache; and
  
  said proxy processor configured to send the retrieved information page to the client.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The apparatus of claim 16, wherein said proxy processor is configured to use a Web proxy cache.
  - 18. The apparatus of claim 16, wherein said proxy processor communicates with the client using a first protocol and said proxy processor communicates with the client using a protocol other than the first protocol.
  - 19. The apparatus of claim 16, wherein the communications network is a packet network.
  - 20. The apparatus of claim 16, wherein the communications network is the Internet, the information page is a World Wide Web page and the first and second network addresses are Internet protocol addresses.
  - 21. The apparatus of claim 16, wherein the access control proxy further comprises:
22. The apparatus of claim 16, wherein said proxy processor is also configured to decide whether to grant access based on an access control list of information pages.
23. The apparatus of claim 16, wherein said proxy processor is also configured to determine a requesting user identity based on the first network address, the user identity information and the second network address, and said proxy controller is further configured to decide whether to grant access based on at least one of the following:
- the number of requests for the information page that have previously been associated with the requesting user identity;
  
  the amount of time the information page has previously been displayed to the requesting user identity; and
  
  demographic information associated with the requesting user identity.

24. A computer readable medium having stored thereon instructions which, when executed by a processor, cause the processor to perform steps for operating an access control system for information retrievable using a communications network, said steps comprising:
- receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
  
  receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
  
  determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
  
  deciding at the access control system whether to grant the information request based on the requesting user identity; and
  
  if the information request was granted, then;
  
  retrieving by the access control system the requested information using one of;
  
  the communications network; and
  
  a cache; and
  
  sending by the access control system the retrieved information to the client.

25. An apparatus for operating an access control system for information retrievable using a communications network, comprising:
- means for receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
  
  means for receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
  
  means for determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
  
  means for deciding at the access control system whether to grant the information request based on the requesting user identity; and
  
  if the information request was granted, then;
  
  means for retrieving by the access control system the requested information using one of;
  
  the communications network; and
  
  a cache; and
  
  means for sending by the access control system the retrieved information to the client.

26. A method of operating an access control system for information retrievable using a communications network, said access control system communicating with a plurality of clients, comprising the steps of:
- receiving at the access control system from a first client of the plurality of clients a first message containing information identifying a first user in accordance with a first protocol, wherein a first network address can be determined from the first message and wherein the first network address and the information identifying the first user is stored in a database;
  
  receiving at the access control system from a second client of the plurality of clients a second message containing information identifying a second user in accordance with a first protocol, wherein a second network address can be determined from the second message and wherein the second network address and the information identifying the second user is stored in the database;
  
  receiving at the access control system from one of the first client and the second client a third message containing an information request in accordance with a second protocol, wherein a third network address can be determined from the third message;
  
  determining at the access control system a requesting user identity based on the third network address, the stored user identifying information and the stored network addresses;
  
  deciding at the access control system whether to grant the information request based on the requesting user identity; and
  
  if the information request was granted, then;
  
  retrieving by the access control system the requested information using one of;
  
  the communications network; and
  
  a cache; and
  
  sending by the access control system the retrieved information to the client.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The method of claim 26, wherein the communications network is a packet network.
  - 28. The method of claim 26, wherein the information request is a request to retrieve an information page.
  - 29. The method of claim 28, wherein said step of deciding is also based on at least one of:
30. The method of claim 29, wherein said steps of receiving the third message and retrieving are performed by a proxy.
31. The method of claim 30, wherein said step of determining is based on user identity information associated with the first network address when the first network address has been determined to be the same as the third network address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juno Online Services Incorporated (B. Riley Financial, Inc.)
Original Assignee
Juno Online Services Incorporated (B. Riley Financial, Inc.)
Inventors
Skopp, Peter, Vitale, Benjamin F., Marur, Vinod R., Tse, Clifford S.C., Dulai, Dharmender S.
Primary Examiner(s)
LE, DIEU MINH T

Application Number

US08/980,313
Time in Patent Office

1,315 Days
Field of Search

713/201, 713/200, 713/202, 709/225, 709/229, 380/2, 380/3, 380/4, 380/23, 380/25, 340/825.31, 340/825.32
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

H04L 41/28   Restricting access to netwo...

H04L 63/101   Access control lists [ACL]

Method and apparatus to determine user identity and limit access to a communications network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to determine user identity and limit access to a communications network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links