Subscription access system for use with an untrusted network
DCFirst Claim
1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:
- clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;
server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;
client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
at least one hardware key connected to the subscriber client computer, said key being adapted to generate a predetermined digital identification, which identification is part of said identity data;
said server software means installed on the first server computer being adapted to selectively request the subscriber client computer to forward said predetermined digital identification to the first server computer to thereby confirm that said hardware key is connected to said subscriber client computer;
said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer; and
, said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making first request.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method is disclosed for controlling access to computer resources using an untrusted network. The system preferably uses a hardware key connected to each subscriber client computer and adds software to the subscriber client computer and to the existing server computer. A clearinghouse is provided to store client and server identification data, including demographic data, including URL data, usage data and billing information. The clearinghouse authenticates the subscriber and server computers before an operating session occurs. For every new client session, a login mechanism requires the client computer to supply appropriate identification data, including a digital identification generated by the hardware key. The login parameters are verified by the clearinghouse and a session is then started. The system is adapted to protect preselected content from being printed or copied by a client using a web browser. The system architecture permits a geographical distributed system of multiple subscriber client computers, multiple server computers and multiple clearinghouses which can interact with each other.
-
Citations
31 Claims
-
1. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising:
-
clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;
server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested;
client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
at least one hardware key connected to the subscriber client computer, said key being adapted to generate a predetermined digital identification, which identification is part of said identity data;
said server software means installed on the first server computer being adapted to selectively request the subscriber client computer to forward said predetermined digital identification to the first server computer to thereby confirm that said hardware key is connected to said subscriber client computer;
said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer; and
,said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making first request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, and each of said subscriber client computers has a standard browser application for browsing the untrusted network, comprising:
-
clearinghouse means for storing identity data of said first server computer and the identity data of each of said subscriber client computers;
server software means installed on said first server computer adapted to forward its identity data and identity data of each subscriber client computer to said clearinghouse means at the beginning of an operating session in which access to selected computer resources of said first server computer is requested; and
,client software means installed on each of said subscriber client computers adapted to forward its identity data to said first server computer at the beginning of an operating session in which access to selected computer resources is requested;
said clearinghouse means being adapted to authenticate the identity of said subscriber client computer responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
said clearinghouse means being adapted to authenticate the identity of said first server computer responsive to said subscriber client computer making the request for selected computer resources of said first server computer;
said clearinghouse means being adapted to permit access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request;
said server software means installed on the first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content;
said client software means installed on each of said subscriber client computers being adapted to monitor said data defining a hierarchical system of protection and selectively disable predetermined application functions of the standard browser application previously installed on said subscriber client computer for said designated specific resources content. - View Dependent Claims (20, 21)
-
- 22. A system for controlling the operation of and access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network in an operating session, wherein each of said subscriber client computers has a standard browser application for browsing the untrusted network, said first server computer being adapted to designate specific resource content as being protected and to provide predetermined protection data identifying said resource content as being protected when said data is transmitted to one of said subscriber client computers responsive to a request for said resource content, said data defining a hierarchical system of protection is being monitored by said subscriber client computer, and said subscriber client computer selectively disables predetermined application functions of the standard browser application previously installed on said subscriber client computer for said designated specific resource content responsive to said predetermined protection data from said first server computer.
-
24. A method of controlling access to selected computer resources of at least a first server computer by at least one subscriber client computer via an untrusted network during an operating session, without necessarily controlling access to other computer resources provided by the first server computer and by other server computers and nonsubscriber client computers, comprising the steps of:
-
registering identity data of said first server computer and the identity data of each of said subscriber client computers and storing the registered identity data in a clearinghouse means associated with said first server computer and said subscriber client computers;
requiring a subscriber client computer to forward its identity data to said clearinghouse means at the beginning of an operating session in which access to selected computer resources is requested;
requiring a subscriber client computer to forward a predetermined digital identification to said first server computer to thereby confirm that a hardware key is connected to said subscriber client computer;
attempting to authenticate the identity of said subscriber client computer from said clearinghouse means responsive to a request for selected computer resources of said first server computer by a subscriber client computer;
attempting to authenticate the identity of said first server computer from said clearinghouse means responsive to said subscriber client computer making the request for selected computer resources; and
,permitting access to said selected computer resources responsive to successful initial authentication of said first server computer and of said subscriber client computer making said request. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
monitoring the communications between said first server computer and each subscriber client computer during operating sessions;
acquiring and storing usage data relating to said communications.
-
-
29. A method as defined in claim 28 further including the step of:
acquiring and storing demographic data on each client computer.
-
30. A method as defined in claim 28 further including the step of:
acquiring and storing billing data based upon the subscriber client computer'"'"'s usage of server computer resources.
-
31. A method as defined in claim 24 wherein said first server computer can change the predetermined digital identification of a hardware key connected to a subscriber client computer.
Specification