Subscription access system for use with an untrusted network

US 6,516,416 B2
Filed: 06/11/1997
Issued: 02/04/2003
Est. Priority Date: 06/11/1997
Status: Expired due to Term

- Alert
- Pin

Associated Case

Associated Defendants

First Claim

Patent Images

1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:

clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;

server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;

client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;

at least one hardware key connected to the subscriber client computer, said key being adapted to generate a predetermined digital identification, which identification is part of said identity data;

said server software means installed on the first server computer being adapted to selectively request the subscriber client computer to forward said predetermined digital identification to the first server computer to thereby confirm that said hardware key is connected to said subscriber client computer;

said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;

said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer; and

, said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making first request.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system and method is disclosed for controlling access to computer resources using an untrusted network. The system preferably uses a hardware key connected to each subscriber client computer and adds software to the subscriber client computer and to the existing server computer. A clearinghouse is provided to store client and server identification data, including demographic data, including URL data, usage data and billing information. The clearinghouse authenticates the subscriber and server computers before an operating session occurs. For every new client session, a login mechanism requires the client computer to supply appropriate identification data, including a digital identification generated by the hardware key. The login parameters are verified by the clearinghouse and a session is then started. The system is adapted to protect preselected content from being printed or copied by a client using a web browser. The system architecture permits a geographical distributed system of multiple subscriber client computers, multiple server computers and multiple clearinghouses which can interact with each other.

696 Citations

31 Claims

1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:
- clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;
  
  server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;
  
  client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
  
  at least one hardware key connected to the subscriber client computer, said key being adapted to generate a predetermined digital identification, which identification is part of said identity data;
  
  said server software means installed on the first server computer being adapted to selectively request the subscriber client computer to forward said predetermined digital identification to the first server computer to thereby confirm that said hardware key is connected to said subscriber client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer; and
  
  , said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making first request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A system as defined in claim 1 wherein the untrusted network is the Internet.
  - 3. A system as defined in claim 1 wherein said subscriber client computer identity data includes a client name, a client password and said predetermined digital identification.
  - 4. A system as defined in claim 1 wherein successive ones of said intermittent requests occur at predetermined time intervals.
  - 5. A system as defined in claim 1 wherein said clearinghouse means provides authentication confirmation data to said subscriber client computers and to said first server computer when the identities of the same are authenticated, said authentication confirmation data being encrypted in subsequent communications from each of said first server computer, subscriber client computer and clearinghouse means to another of said first server computer, subscriber client computer and clearinghouse means.
  - 6. A system as defined in claim 1 wherein said first server computer has the ability to change said predetermined digital identification of the hardware key connected to each of said subscriber client computers, said changed predetermined digital identification being transmitted to said clearinghouse means.
  - 7. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server computer and each subscriber client computer during operating sessions and acquire and store demographic data for each subscriber client computer.
  - 8. A system as defined in claim 7 wherein said demographic data comprises personal profile information, including at least two of the following items of information including:
    - user name, user password, address, type of browser used, operating systems used, phone number, job title, name of employer, type of business, credit card identification and credit card number.
  - 9. A system as defined in claim 7 wherein said demographic data comprises the history of all URL sites visited by a subscriber client computer.
  - 10. A system as defined in claim 1 further characterized in that it is adapted to monitor the communications between said first server component and each subscriber client computer during operating sessions and acquire and store billing data based upon the subscriber client computer'"'"'s usage of server computer resources.
  - 11. A system as defined in claim 1 further including at least two server computers and at least two clearinghouse means, said server computers and clearinghouse means being capable of being at separate physical locations.
  - 12. A system as defined in claim 1 wherein said clearinghouse means is adapted to operate as an independent entity and can provide said authentication operations for multiple server computers.
  - 13. A system as defined in claim 1 wherein said server computer is adapted to selectively query each of said subscriber client computers to generate said predetermined digital identification during an operating session, each of said subscriber client computers generating said digital identification in response to said query.
  - 14. A system as defined in claim 13 wherein said server computer'"'"'s selective querying of subscriber client computers occurs by operation of query algorithms, said server computer being adapted to change said query algorithms.
  - 15. A system as defined in claim 1 wherein said server computer is adapted to selectively prompt said subscriber client computers to enter its identity data including its username and password in the beginning of an operating session.
  - 16. A system as defined in claim 1 wherein said first server computer is adapted to assign one of a plurality of authorization levels to the computer resources provided by said first server computer, said identity data of each of said subscriber client computers including a particular authorization level, said first server computer only permitting access to particular computer resources by a subscriber client computer that are permitted by said particular authorization level.
  - 17. A system as defined in claim 16 wherein said computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a directory level.
  - 18. A system as defined in claim 16 wherein said computer resources are contained in a plurality of directories containing files, said authorization levels being assigned on a file level.

19. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, and each of said subscriber client computers has a standard browser application for browsing the untrusted network, comprising:
- clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;
  
  server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested; and
  
  , client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
  
  said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
  
  said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer;
  
  said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request;
  
  said server software means installed on the first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content;
  
  said client software means installed on each of said subscriber client computers being adapted to monitor said data defining a hierarchical system of protection and selectively disable predetermined application functions of the standard browser application previously installed on said subscriber client computer for said designated specific resources content.
- View Dependent Claims (20, 21)
- - 20. A system as defined in claim 19 wherein said application has the application functions of print, save, cut/copy/paste, said protection data identifying various combinations of said functional operations which are disabled.
  - 21. A system as defined in claim 19 wherein said server computer is adapted to selectively enable and disable said disabling predetermined functionality of said application for said designated specific resource content.

22. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, wherein each of said subscriber client computers has a standard browser application for browsing the untrusted network, said first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content, said data defining a hierarchical system of protection is being monitored by said subscriber client computer, and said subscriber client computer selectively disables predetermined application functions of the standard browser application previously installed on said subscriber client computer for said designated specific resource content responsive to said predetermined protection data from said first server computer.
- View Dependent Claims (23)
- - 23. A system as defined in claim 22 wherein said application has the application functions of print, save, cut/copy/paste, said protection data identifying various combinations of said functional operations which are disabled.

24. A method of controlling access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network during an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising the steps of:
- registering identity data of said first server computer and the identity data of each of said subscriber client computers and storing the registered identity data in a clearinghouse means associated with said first server computer and said subscriber client computers;
  
  requiring a subscriber client computer to forward its identity data to said clearinghouse means at the beginning of an operating session in which access to selected computer resources is requested;
  
  requiring a subscriber client computer to forward a predetermined digital identification to said first server computer to thereby confirm that a hardware key is connected to said subscriber client computer;
  
  attempting to authenticate the identity of said subscriber client computer from said clearinghouse means responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
  
  attempting to authenticate the identity of said first server computer from said clearinghouse means responsive to said subscriber client computer making the request for selected computer resources; and
  
  , permitting access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. A method as defined in claim 24 wherein said subscriber client computer identity data includes a client name and a client password.
  - 26. A method as defined in claim 24 wherein access is permitted subsequent to initial successful authentication only when said predetermined digital identification is forwarded to said clearinghouse means subsequently during an operating session by said subscriber client computer.
  - 27. A method as defined in claim 24 wherein said untrusted network is the Internet.
  - 28. A method as defined in claim 24 further including the steps of:
29. A method as defined in claim 28 further including the step of:
- acquiring and storing demographic data on each client computer.
30. A method as defined in claim 28 further including the step of:
- acquiring and storing billing data based upon the subscriber client computer'"'"'s usage of server computer resources.
31. A method as defined in claim 24 wherein said first server computer can change the predetermined digital identification of a hardware key connected to a subscriber client computer.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Prism Technologies LLC (Prism Technologies Group, Inc.)
Original Assignee
Prism Resources, Inc.
Inventors
Gregg, Richard L., Goeke, Timothy C., Giri, Sandeep
Primary Examiner(s)
Smithers, Matthew

Application Number

US08/872,710
Publication Number

US 20020002688A1
Time in Patent Office

2,064 Days
Field of Search

380/25, 380/21, 380/49, 380/30, 713/202, 713/201, 713/200, 705/54, 705/51
US Class Current

726/8
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/34   involving the use of extern...

G06F 2221/2103   Challenge-response

G06F 2221/2135   Metering

H04L 63/08   for authentication of entit...

Subscription access system for use with an untrusted network

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

696 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Subscription access system for use with an untrusted network

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

696 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links