Virtual private data network session count limitation
First Claim
1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
- maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group.
1 Assignment
0 Petitions
Accused Products
Abstract
A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.
-
Citations
34 Claims
-
1. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
-
maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group. - View Dependent Claims (2, 3, 4, 5, 6)
allowing said user'"'"'s attempt to initiate a VPN session if it would not exceed any maximum number of VPN sessions associated with the user'"'"'s group;
incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session; and
incrementing a VPN session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s VPN session.
-
-
6. A method according to claim 1, further comprising:
-
allowing said user'"'"'s attempt to initiate a VPN session if it would not exceed any maximum number of VPN sessions associated with the user'"'"'s group;
incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session; and
incrementing a VPN session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s VPN session.
-
-
7. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
-
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network. - View Dependent Claims (8, 9, 10)
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network.
-
-
9. A method according to claim 8, further comprising:
-
allowing said user'"'"'s VPN session if it is not rejected;
incrementing a VPN session count associated the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
first publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
incrementing a data communications network current VPN session count at each subscribing PoP in response to said first publishing.
-
-
10. A method according to claim 9, further comprising:
-
decrementing a VPN session count associated with the user'"'"'s group at the local database in response to a user'"'"'s VPN session termination;
second publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to a user'"'"'s VPN session;
decrementing a data communications network current VPN session count at each subscribing PoP in response to said second publishing.
-
-
11. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
-
a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications names, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
a central database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group at a PoP, checks the local database associated with the PoP to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
a VPN session rejecter which rejects said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with the user'"'"'s group or by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP. - View Dependent Claims (12, 13)
a publisher associated with each PoP of the data communications network publishing VPN start events occurring at PoPs of the data communications network; and
a subscriber associated with said central database, said subscriber subscribing to said VPN start events and coupled to said central database.
-
-
13. A data communications network according to claim 12, further comprising:
-
a VPN session count incrementer associated with the local database and the user'"'"'s group, responsive to a user'"'"'s VPN session; and
a VPN session count incrementer associated with the central database and responsive to said subscriber.
-
-
14. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
-
a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network. - View Dependent Claims (15, 16, 17)
a VPN session rejecter which rejects said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network.
-
-
16. A data communications network according to claim 15, further comprising:
-
a VPN session count incrementor associated with the local database and the user'"'"'s group and responsive to the user'"'"'s initiation of a VPN session;
a VPN start event publisher which publishes VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
a data communications network current VPN session count incrementor at each subscribing PoP responsive to said VPN start event publisher.
-
-
17. A data communications network according to claim 16, further comprising:
-
a VPN session count decrementer associated with the local database and a user'"'"'s group, said VPN session count responsive to the user'"'"'s log out;
a VPN stop event publisher publishing VPN session termination events corresponding to a user'"'"'s group to other subscribing PoPs in response to said user'"'"'s termination of the VPN connection log out;
a data communications network current VPN session count decrementer at each subscribing PoP responsive to said VPN stop event publisher.
-
-
18. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method steps comprising:
-
maintaining a central database including group identifications, corresponding network-wide maximum numbers of VPN sessions for each group, and corresponding current network wide VPN session counts for each group;
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, and corresponding current VPN session counts for each group at the PoP;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the central database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of VPN sessions associated with said particular group;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP; and
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group.
-
-
19. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method steps comprising:
-
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network; and
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network. - View Dependent Claims (20, 21, 22)
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network.
-
-
21. A program storage device according to claim 20, wherein said method further comprises:
-
allowing said user'"'"'s VPN session if it is not rejected;
incrementing a VPN session count associated the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
first publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
incrementing a data communications network current VPN session count at each subscribing PoP in response to said first publishing.
-
-
22. A program storage device according to claim 21, wherein said method further comprises:
-
decrementing a VPN session count associated with the user'"'"'s group at the local database in response to a user'"'"'s VPN session termination;
second publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to a user'"'"'s VPN session; and
decrementing a data communications network current VPN session count at each subscribing PoP in response to said second publishing.
-
-
23. A method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
-
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
allowing said user'"'"'s VPN session if it is not rejected;
incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
incrementing a data communications network current VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session. - View Dependent Claims (24, 25, 26)
receiving a VPN start event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the allowance of a VPN session by one of the subscribing PoPs; and
incrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.
-
-
25. The method according to claim 23, further comprising:
-
decrementing said VPN session count associated with the user'"'"'s group at the local database in response to terminating said user'"'"'s VPN session; and
publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session.
-
-
26. The method according to claim 23, further comprising:
-
receiving a VPN stop event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
decrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.
-
-
27. A data communications network limiting access to a predetermined number of VPN sessions belonging to a particular group, said data communications network comprising:
-
a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
a local database checker which, in response to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group, checks the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network;
a VPN session rejecter which rejects said user'"'"'s attempt to initiate a VPN session if said user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and rejects said user'"'"'s attempt to intiate a VPN session if said user'"'"'s log would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group for the data communications network;
a VPN session allower which allows said user'"'"'s attempt to initiate a VPN session if it is not rejected;
a VPN session count incrementer associated with the local database and the user'"'"'s group and responsive to allowing said user'"'"'s VPN session;
a VPN start event publisher for publishing VPN start events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
a data communications network current VPN session count incrementer associated with the local database and the user'"'"'s group and responsive to allowing said user'"'"'s VPN session. - View Dependent Claims (28, 29, 30)
a VPN start event publication receiver for receiving publications corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the allowance of a VPN session by one of the subscribing PoPs, wherein said data communications network current VPN session count incrementer is also responsive to the allowance of a VPN session by one of the subscribing PoPs.
-
-
29. The data communications network according to claim 27, further comprising:
-
a VPN session count decrementer associated with the local database and a user'"'"'s group and responsive to terminating said user'"'"'s VPN session;
a VPN stop event publisher for publishing VPN stop events corresponding to a user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session; and
a data communications network current VPN session count decrementer associated with the local database and the user'"'"'s group and responsive to terminating said user'"'"'s VPN session.
-
-
30. The data communications network according to claim 27, further comprising:
-
a VPN stop event publication receiver for receiving publications corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
a data communications network current VPN session count decrementer associated with the local database and the user'"'"'s group and responsive to the termination of a VPN session by one of the subscribing PoPs.
-
-
31. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for limiting the number of VPN sessions raised by users belonging to a particular group in a data communications network to a predetermined number, said method comprising:
-
maintaining a local database associated with a particular PoP of the data communications network, said database being part of a set of distributed databases and including group identifications, corresponding maximum numbers of VPN sessions for each group at the PoP, corresponding current VPN session counts for each group at the PoP, corresponding maximum numbers of VPN sessions for each group on the data communications network, and corresponding current network-wide VPN session counts for each group on the data communications network;
responding to a user'"'"'s attempt to initiate a VPN session on the data communications network as a member of a particular group by checking the local database to determine if the user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP and checking the local database to determine if the user'"'"'s VPN session would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
rejecting said user'"'"'s attempt to initiate a VPN session if said user'"'"'s VPN session would exceed by a first predetermined number said corresponding maximum number of VPN sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of VPN sessions associated with said particular group on the data communications network;
allowing said user'"'"'s VPN session if it is not rejected;
incrementing a VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session;
publishing a VPN start event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s VPN session; and
incrementing a data communications network current VPN session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s VPN session. - View Dependent Claims (32, 33, 34)
receiving a VPN start event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the allowance of a VPN session by one of the subscribing PoPs; and
incrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.
-
-
33. A program storage device according to claim 31, wherein said method further comprises:
-
decrementing said VPN session count associated with the user'"'"'s group at the local database in response to terminating said user'"'"'s VPN session; and
publishing a VPN stop event corresponding to the user'"'"'s group to other subscribing PoPs in response to terminating said user'"'"'s VPN session.
-
-
34. A program storage device according to claim 31, wherein said method further comprises:
-
receiving a VPN stop event publication corresponding to the user'"'"'s group from one of the other subscribing PoPs in response to the termination of a VPN session at one of the subscribing PoPs; and
decrementing said data communications network current VPN session count associated with the user'"'"'s group at the local database in response to said receiving.
-
Specification