Method and apparatus to determine user identity and limit access to a communications network
First Claim
1. A method of operating an access control system for information retrievable using a communications network, comprising the steps of:
- receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
deciding at the access control system whether to grant the information request based on the requesting user identity; and
if the information request was granted, then;
retrieving by the access control system the requested information using one of;
the communications network; and
a cache; and
sending by the access control system the retrieved information to the client.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus to determine user identity and limit access to a communications network. A first message containing user identity information is received from a client computer in accordance with a first protocol. A first network address is determined from the first message. A second message containing an information request is also received from the client in accordance with a second protocol, and a second network address is determined from the second message. The requesting user identity is then determined based on the first network address, the user identity information and the second network address. Based on the requesting user identity, it can be decided whether to grant the information request. If access is granted, the requested information is retrieved using the communications network.
-
Citations
31 Claims
-
1. A method of operating an access control system for information retrievable using a communications network, comprising the steps of:
-
receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
deciding at the access control system whether to grant the information request based on the requesting user identity; and
if the information request was granted, then;
retrieving by the access control system the requested information using one of;
the communications network; and
a cache; and
sending by the access control system the retrieved information to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
recording user history data based on the information page requests made by the requesting user identity.
-
-
8. The method of claim 7, further comprising the step of:
reporting composite history data based on recorded user history data for a plurality of requesting user identities.
-
9. The method of claim 5, wherein said step of deciding is also based on an access control list of information pages.
-
10. The method of claim 9, wherein said step of deciding is also based on at least one of:
-
the number of requests for the information page that have previously been associated with the requesting user identity;
the amount of time the information page has previously been displayed to the requesting user identity; and
demographic information associated with the requesting user identity.
-
-
11. The method of claim 5, wherein the second message is received in accordance with hypertext transfer protocol and the first message is received in accordance with a protocol other than hypertext transfer protocol.
-
12. The method of claim 1, further comprising the step of storing the requested information in a cache.
-
13. The method of claim 1, wherein said steps of receiving a second message and retrieving are performed by a proxy.
-
14. The method of claim 1, wherein the first message also includes credential information and further comprising the step of deciding whether the client is authorized to use the access control system based on the credential information and a user credential database.
-
15. The method of claim 1, wherein said step of determining is based on user identity information associated with the first network address when the first network address has been determined to be the same as the second network address.
-
16. An apparatus for limiting information retrievable using a communications network, comprising:
-
a proxy controller, comprising;
a user identity database, a proxy control processor, in communication with a client and said user identity database, configured to receive from the client a first message containing user identity information, wherein a first network address can be determined from the first message; and
an access control proxy in communication with said proxy controller, comprising;
a communications port capable of receiving information page data using the communications network, and a proxy processor, in communication with the client and said communications port, configured to receive from the client a second maessage containing a request for an information page, wherein a second network address can be determined from the second message and said proxy processor is configured to decide whether to retrieve the associated information page data from said communications port based on the first network address, the user identity information and the second network address and if the information request was granted, then;
said proxy processor configured to retrieve the associated information page from one of;
said communications port; and
a cache; and
said proxy processor configured to send the retrieved information page to the client. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
a request history storage unit in communication with the proxy processor, said proxy processor storing information related to information page requests in said request history storage unit.
-
-
22. The apparatus of claim 16, wherein said proxy processor is also configured to decide whether to grant access based on an access control list of information pages.
-
23. The apparatus of claim 16, wherein said proxy processor is also configured to determine a requesting user identity based on the first network address, the user identity information and the second network address, and said proxy controller is further configured to decide whether to grant access based on at least one of the following:
-
the number of requests for the information page that have previously been associated with the requesting user identity;
the amount of time the information page has previously been displayed to the requesting user identity; and
demographic information associated with the requesting user identity.
-
-
24. A computer readable medium having stored thereon instructions which, when executed by a processor, cause the processor to perform steps for operating an access control system for information retrievable using a communications network, said steps comprising:
-
receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
deciding at the access control system whether to grant the information request based on the requesting user identity; and
if the information request was granted, then;
retrieving by the access control system the requested information using one of;
the communications network; and
a cache; and
sending by the access control system the retrieved information to the client.
-
-
25. An apparatus for operating an access control system for information retrievable using a communications network, comprising:
-
means for receiving at the access control system from a client a first message containing user identity information in accordance with a first protocol, wherein a first network address can be determined from the first message;
means for receiving at the access control system from the client a second message containing an information request in accordance with a second protocol, wherein a second network address can be determined from the second message;
means for determining at the access control system a requesting user identity based on the first network address, the user identity information and the second network address;
means for deciding at the access control system whether to grant the information request based on the requesting user identity; and
if the information request was granted, then;
means for retrieving by the access control system the requested information using one of;
the communications network; and
a cache; and
means for sending by the access control system the retrieved information to the client.
-
-
26. A method of operating an access control system for information retrievable using a communications network, said access control system communicating with a plurality of clients, comprising the steps of:
-
receiving at the access control system from a first client of the plurality of clients a first message containing information identifying a first user in accordance with a first protocol, wherein a first network address can be determined from the first message and wherein the first network address and the information identifying the first user is stored in a database;
receiving at the access control system from a second client of the plurality of clients a second message containing information identifying a second user in accordance with a first protocol, wherein a second network address can be determined from the second message and wherein the second network address and the information identifying the second user is stored in the database;
receiving at the access control system from one of the first client and the second client a third message containing an information request in accordance with a second protocol, wherein a third network address can be determined from the third message;
determining at the access control system a requesting user identity based on the third network address, the stored user identifying information and the stored network addresses;
deciding at the access control system whether to grant the information request based on the requesting user identity; and
if the information request was granted, then;
retrieving by the access control system the requested information using one of;
the communications network; and
a cache; and
sending by the access control system the retrieved information to the client. - View Dependent Claims (27, 28, 29, 30, 31)
the number of requests for the information page that have previously been associated with the requesting user dentity;
the amount of time the information page has previously been displayed to the requesting user identity; and
demographic information associated with the requesting user identity.
-
-
30. The method of claim 29, wherein said steps of receiving the third message and retrieving are performed by a proxy.
-
31. The method of claim 30, wherein said step of determining is based on user identity information associated with the first network address when the first network address has been determined to be the same as the third network address.
Specification