Proxy session count limitation

US 6,529,955 B1
Filed: 05/06/1999
Issued: 03/04/2003
Est. Priority Date: 05/06/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method comprising:

maintaining a central database including group identifications, corresponding maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group; and

responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user'"'"'s log in would exceed a predetermined number said corresponding maximum number of proxy sessions associated with said particular group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

71 Citations

View as Search Results

37 Claims

1. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method comprising:
- maintaining a central database including group identifications, corresponding maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group; and
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user'"'"'s log in would exceed a predetermined number said corresponding maximum number of proxy sessions associated with said particular group.
- View Dependent Claims (2, 3, 11, 13, 14, 15, 19)
- - 2. A method according to claim 1, further comprising:
3. A method according to claim 2, wherein said predetermined number is zero.
11. A method according to claim 1 wherein said maintaining a central database includes publishing proxy session log in events occurring at PoPs of the data communications network and subscribing to said events at said central database.
13. A method according to claim 1, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.
14. A method according to claim 2, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.
15. A method according to claim 3, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.
19. A method according to claim 11, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.

4. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP.
- View Dependent Claims (5, 6, 16, 17)
- - 5. A method according to claim 4, further comprising:
6. A method according to claim 5, wherein said predetermined number is zero.
16. A method according to claim 4, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.
17. A method according to claim 5, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.

7. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method comprising:
- maintaining a central database including group identifications, corresponding network-wide maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group;
  
  maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of proxy sessions associated with said particular group;
  
  rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of proxy sessions associated with said particular group;
  
  further responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP;
  
  rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group.
- View Dependent Claims (8, 9, 10, 12, 18, 20)
- - 8. A method according to claim 7, wherein said first predetermined number is zero.
  - 9. A method according to claim 7, wherein said second predetermined number is zero.
  - 10. A method according to claim 9, wherein said first predetermined number is zero.
  - 12. A method according to claim 7 wherein said maintaining a central database includes publishing proxy session log in events occurring at PoPs of the data communications network and subscribing to said events at said central database.
  - 18. A method according to claim 7, further comprising:
20. A method according to claim 12, further comprising:
- allowing said user'"'"'s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user'"'"'s group;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in; and
  
  incrementing a proxy session count associated with the user'"'"'s group at the central database in response to allowing said user'"'"'s log in.

21. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, corresponding current proxy session counts for each group at the PoP, corresponding maximum numbers of proxy users for each group on the data communications network, and corresponding current network-wide proxy session counts for each group on the data communications network;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
- View Dependent Claims (22, 23, 24)
- - 22. A method according to claim 21, further comprising:
23. A method according to claim 22, further comprising:
- allowing said user'"'"'s attempt to log in if it is not rejected;
  
  incrementing a proxy session count associated the user'"'"'s group at the local database in response to allowing said user'"'"'s log in;
  
  first publishing a proxy session log in event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s log in; and
  
  incrementing a data communications network current proxy session count at each subscribing PoP in response to said first publishing.
24. A method according to claim 23, further comprising:
- decrementing a proxy session count associated with the user'"'"'s group at the local database in response to a user'"'"'s log out;
  
  second publishing a proxy session log out event corresponding to the user'"'"'s group to other subscribing PoPs in response to a user'"'"'s log out;
  
  decrementing a data communications network current proxy session count at each subscribing PoP in response to said second publishing.

25. A data communications network limiting access to a predetermined number of proxy sessions belonging to a particular group, said data communications network comprising:
- a central database including group identifications, corresponding maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group; and
  
  a central database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks the central database to determine if the user'"'"'s log in would exceed a predetermined number said corresponding maximum number of proxy sessions associated with said particular group.

26. A data communications network limiting access to a predetermined number of proxy sessions belonging to a particular group, said data communications network comprising:
- a local database associated with a particular PoP of the data communications network, said local database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  a local database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks the local database to determine if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP.

27. A data communications network limiting access to a predetermined number of proxy sessions belonging to a particular group, said data communications network comprising:
- a central database including group identifications, corresponding network-wide maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group;
  
  a local database associated with a particular PoP of the data communications network, said database including group identifications names, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  a central database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks the central database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of proxy sessions associated with said particular group;
  
  a local database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group at a PoP, checks the local database associated with the PoP to determine if the user'"'"'s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP; and
  
  a log in rejecter which rejects said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of proxy sessions associated with the user'"'"'s group or by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP.
- View Dependent Claims (28, 29)
- - 28. A data communications network according to claim 27, further comprising:
29. A data communications network according to claim 28, further comprising:
- a proxy session count incrementer associated with the local database and the user'"'"'s group, responsive to a user'"'"'s proxy session log in; and
  
  a proxy session count incrementer associated with the central database and responsive to said subscriber.

30. A data communications network limiting access to a predetermined number of proxy sessions belonging to a particular group, said data communications network comprising:
- a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, corresponding current proxy session counts for each group at the PoP, corresponding maximum numbers of proxy sessions for each group on the data communications network, and corresponding current network-wide proxy session counts for each group on the data communications network;
  
  a local database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks the local database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group for the data communications network.
- View Dependent Claims (31, 32, 33)
- - 31. A data communications network according to claim 30, further comprising:
32. A data communications network according to claim 31, further comprising:
- a proxy session count incrementor associated with the local database and the user'"'"'s group and responsive to the user'"'"'s log in;
  
  a proxy session log in event publisher which publishes proxy session log in events corresponding to a user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s log in; and
  
  a data communications network current proxy session count incrementor at each subscribing PoP responsive to receipt of said proxy session log in events.
33. A data communications network according to claim 32, further comprising:
- a proxy session count decrementer associated with the local database and the user'"'"'s group proxy session count responsive to the user'"'"'s log out;
  
  a proxy session log out event publisher publishing proxy session log out events corresponding to a user'"'"'s group to other subscribing PoPs in response to said user'"'"'s log out;
  
  a data communications network current proxy session count decrementer at each subscribing PoP responsive to receipt of said proxy session log out events.

34. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method steps comprising:
- maintaining a central database including group identifications, corresponding maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group; and
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user'"'"'s log in would exceed a predetermined number said corresponding maximum number of proxy sessions associated with said particular group.

35. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method steps comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP.

36. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method steps comprising:
- maintaining a central database including group identifications, corresponding network-wide maximum numbers of proxy sessions for each group, and corresponding current network-wide proxy session counts for each group;
  
  maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding network-wide maximum number of proxy sessions associated with said particular group;
  
  rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by said first predetermined number said corresponding network-wide maximum number of proxy sessions associated with said particular group;
  
  further responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP. rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group.

37. A program storage device readable by a machine, tangible embodying a program of instructions executable by the machine to perform method steps for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, said method steps comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, corresponding current proxy session counts for each group at the PoP, corresponding maximum numbers of proxy users for each group on the data communications network, and corresponding current network-wide proxy session counts for each group on the data communications network;
  
  responding to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user'"'"'s log in would exceed by a first predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sitaraman, Aravind, Yager, Charles Troper, Alesso, Craig Michael
Primary Examiner(s)
Chin, Wellington
Assistant Examiner(s)
HO, CHUONG T

Application Number

US09/306,691
Time in Patent Office

1,398 Days
Field of Search

709/225, 709/201, 709/217, 709/219, 709/229, 709/223, 709/226, 709/224, 713/201, 370/328
US Class Current

709/225
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 67/2885   Hierarchically arranged int...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/565   Conversion or adaptation of...

H04L 69/329   in the application layer [O...

Proxy session count limitation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

Proxy session count limitation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others