Controlling usage of network resources by a user at the user's entry point to a communications network based on an identity of the user

US 6,892,309 B2
Filed: 02/08/2002
Issued: 05/10/2005
Est. Priority Date: 02/08/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling usage, by a user, of network resources of a communications network beyond a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, the method comprising acts of:

(A) configuring a port module of the network entry device with one or more packet rules corresponding to an identity of the user;

(B) receiving, at the port module, a packet from a user device; and

(C) before using, by the user, any of the network resources beyond the network entry device, applying the one or more packet rules to the received packet to control usage, by the user, of any of the network resources beyond the network entry device.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user'"'"'s usage of network resources is controlled, after the user has been authenticated, without using any network resources beyond the user'"'"'s entry point to the network. Packet rules may be provisioned to the user'"'"'s entry point to the network, and the packet rules may be applied to each packet received from the user before any network resources beyond the entry point are used. These packet rules may be associated with an identity of the user and then provisioned to the user'"'"'s entry point in response to the user being authenticated. Usage of network resources of a communications network by a user beyond a network device of the communications network that serves as the user'"'"'s entry point to the communications network is controlled. The port module of the network device is configured with one or more packet rules corresponding to an identity of the user. A packet is received from a device used by the user at the port module, and, before using any of the network resources beyond the network device, the one or more packet rules are applied to the received packet. Another embodiment is provided for controlling usage of network resources of a communications network by a user. The user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at a device satisfies the condition. A packet including identification information of the user is received from a device of the user at a port module of a network device. The assigned role of the user is determined based on the identification information, and the port module is configured with the one or more packet rules associated with the assigned role of the user.

143 Citations

46 Claims

1. A method of controlling usage, by a user, of network resources of a communications network beyond a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, the method comprising acts of:
- (A) configuring a port module of the network entry device with one or more packet rules corresponding to an identity of the user;
  
  (B) receiving, at the port module, a packet from a user device; and
  
  (C) before using, by the user, any of the network resources beyond the network entry device, applying the one or more packet rules to the received packet to control usage, by the user, of any of the network resources beyond the network entry device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising:
    - (D) prior to act (A), authenticating the identity of the user, wherein act (A) results from the authentication.
  - 3. The method of claim 1, wherein act (C) further comprises:
    - applying the one or more packet rules for all packets received at the port module.
  - 4. The method of claim 1, wherein the port module is dedicated to receiving one or more packets from the user device.
  - 5. The method of claim 1, the method further comprising:
    - (D) selecting the one or more packet rules based on the identity of the user.
  - 6. The method of claim 5, wherein the identity of the user is associated with a role assigned to the user, and the role is associated with the one or more packet rules, and wherein act (D) further comprises:
    - selecting the one or more packet rules based on the role assigned to the user.
  - 7. The method of claim 6, wherein act (A) further comprises:
    - configuring the port module according to the role assigned to the user.
  - 8. The method of claim 1, wherein the method further comprises an act of:
    - (D) routing the packet beyond the network entry device based on the one or more packet rules.
  - 9. The method of claim 1, wherein the method further comprises an act of:
    - (D) preventing the packet from being transmitted beyond the network entry device based on the one or more packet rules.
  - 10. The method of claim 1, wherein act (C) comprises:
    - configuring the received packet based on the one or more packet rules.
  - 11. The method of claim 10, wherein configuring the received packet comprises an act of:
    - changing information included in the received packet.
  - 12. The method of claim 10, wherein configuring the received packet comprises an act of:
    - adding information to the received packet.
  - 13. The method of claim 1, wherein the method further comprises an act of:
    - (D) controlling an amount of bandwidth on the communications network consumed by the user based on the one or more packet rules.
  - 14. The method of claim 1, wherein the method further comprises an act of:
    - (D) controlling access to at least a second device residing on the communications network based on the one or more packet rules.
  - 15. The method of claim 1, wherein the method further comprises an act of:
    - (D) controlling access to information stored on devices residing on the communications network based on the one or more packet rules.
  - 16. The method of claim 1, wherein the method further comprises an act of:
    - (D) controlling access to at least a portion of an application stored on a device residing on the communications network based on the one or more packet rules.
  - 17. The method of claim 1, wherein act (B) further comprises, receiving, at the port module, a packet from the user device to identify the user to the network entry device.
  - 18. The method of claim 17, wherein act (B) further comprises, receiving, at the port module, the packet in response to the network entry device requesting login information from the user device.

19. A network entry device serving as an entry point to a communications network for a user and operative to control usage of network resources by the user beyond the network entry device, the network entry device comprising:
- a port module including port configuration logic to configure the port module with one or more packet rules corresponding to an identity of the user, the port module further including a physical port to receive a packet from at least one user device and rule application logic to apply the one or more packet rules to the received packet before using, by the user, any of the network resources beyond the network entry device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 20. The system of claim 19, further comprising:
    - authentication logic to authenticate the identity of the user, wherein the configuration logic is operative to configure the port module in response to the authentication of the user.
  - 21. The system of claim 19, wherein the rule application logic is operative to apply the one or more packet rules to all packets received from the least one user device at the port module.
  - 22. The system of claim 19, wherein the port module is dedicated to receiving one or more packets from the least one user device.
  - 23. The system of claim 19, wherein the port configuration logic is operative to select the one or more packet rules based on the identity of the user.
  - 24. The system of claim 23, wherein the identity of the user is associated with a role assigned to the user, and the role is associated with the one or more packet rules, and wherein the port configuration logic is operative to select the one or more packet rules based on the role assigned to the user.
  - 25. The system of claim 24, wherein the port configuration logic is operative to configure the port module according to the role.
  - 26. The system of claim 19, wherein the port module is operative to route the packet beyond the network entry device based on the one or more packet rules.
  - 27. The system of claim 19, wherein the port module is operative to prevent the packet from being transmitted beyond the network entry device based on the one or more packet rules.
  - 28. The system of claim 19, wherein the rule application logic is operative to configure the received packet based on the one or more packet rules.
  - 29. The system of claim 28, wherein the rule application logic is operative to configure the received packet by changing information included in the received packet.
  - 30. The system of claim 28, wherein the rule application logic is operative to configure the received packet by adding information to the received packet.
  - 31. The system of claim 19, wherein the port module is operative to control an amount of bandwidth on the communications network consumed by the user based on the one or more packet rules.
  - 32. The system of claim 19, wherein the port module is operative to control access to at least a second device residing on the communications network based on the one or more packet rules.
  - 33. The system of claim 19, wherein the port module is operative to control access to information stored on devices residing on the communications network based on the one or more packet rules.
  - 34. The system of claim 19, wherein the port module is operative to control access to at least a portion of an application stored on a device residing on the communications network based on the one or more packet rules.

35. A network entry device serving as an entry point to a communications network for a user, the network entry device operative to control usage of network resources beyond the network entry device by the user and comprising:
- a port module including a physical port to receive a packet from a device used by the user and rule application logic to apply one or more packet rules to the received packet before using, by the user, any of the network resources beyond the network entry device; and
  
  means for configuring the port module with the one or more packet rules based on an identity of the user.

36. A computer program product, comprising:
- a computer-readable medium; and
  
  computer-readable information stored on the computer-readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling usage of network resources, by a user, of a communications network beyond a network entry device that serves as the user'"'"'s entry point to the communications network, the process comprising acts of;
  
  (A) configuring a port module of the network entry device with one or more packet rules corresponding to an identity of the user;
  
  (B) receiving, at the port module, a packet from the user device; and
  
  (C) before using, by the user, any of the network resources beyond the network entry device, applying the one or more packet rules to the received packet to control the usage, by the user, of any of the network resources beyond the network entry device.

37. A method of controlling network resource usage by a user at a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, wherein the user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at the network entry device satisfies the condition, the method comprising acts of:
- (A) receiving a packet including identification information of the user from a device of the user at a port module of the network entry device before using, by the user, any of the network resources beyond the port module of the network entry device;
  
  (B) determining the assigned role of the user based on the identification information; and
  
  (C) configuring the port module of the network entry device with the one or more packet rules associated with the assigned role of the user to control usage, by the user, of any of the network resources beyond the port module of the network entry device.
- View Dependent Claims (38, 39, 40)
- - 38. The method of claim 37, wherein user information about the user is stored on a computer-readable medium residing on the communications network, the user information including identification information and the assigned role of the user, and act (B) further comprises acts of:
    - accessing the stored user information to determine if the identification information included therein matches the identification information included in the received packet; and
      
      if it is determined that the stored identification information matches the received identification information, determining the assigned role from the stored user information.
  - 39. The method of claim 37, further comprising:
    - (D) assigning the assigned role to the user.
  - 40. The method of claim 37, further comprising:
    - (D) authenticating the identity of the user.

41. A system for controlling network resource usage by a user at a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, wherein the user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at the network entry device satisfies the condition, the system comprising:
- a port module of the network entry device, the port module including a physical port to receive a packet including identification information of the user from a device of the user before using, by the user, any of the network resources beyond the port module of the network entry device and port configuration logic to configure the port module with the one or more packet rules associated with the assigned role of the user to control usage, by the user, of any of the network resources beyond the port module of the network entry device; and
  
  an authentication module to determine the assigned role of the user based on the identification information.
- View Dependent Claims (42, 43, 44)
- - 42. The system of claim 41, wherein user information about the user is stored on a computer-readable medium residing on the communications network, the user information including identification information and the assigned role of the user, andwherein the authentication module is operative to control accessing the stored user information to determine if the identification information included therein matches the identification information included in the received packet, and to determine the assigned role from the stored user information if it is determined that the stored identification information matches the received identification information.
  - 43. The system of claim 41, further comprising:
    - assigning logic to assign the assigned role to the user.
  - 44. The system of claim 41, the authentication module is operative to authenticate the identity of the user.

45. A system for controlling usage of network resources of a communications network by a user at a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, wherein the user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at the network entry device satisfies the condition, the system comprising:
- a port module of the network entry device, the port module including a physical port to receive a packet including identification information of the user from a device of the user before using, by the user, any of the network resources beyond the port module of the network entry device and port configuration logic to configure the port module with the one or more packet rules associated with the assigned role of the user to control usage, by the user, of any of the network resources beyond the port module of the network entry device; and
  
  means for determining the assigned role of the user based on the identification information.

46. A computer program product, comprising:
- a computer-readable medium; and
  
  computer-readable information stored on the computer-readable medium that define instructions that, as a result of being executed by a computer, instruct the computer to perform a process of controlling network resource usage by a user at a network entry device of the communications network that serves as the user'"'"'s entry point to the communications network, wherein the user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at the network entry device satisfies the condition, the process comprising acts of;
  
  (A) receiving a packet including identification information of the user from a device of the user at a port module of a network entry device before using, by the user, any of the network resources beyond the port module of the network device;
  
  (B) determining the assigned role of the user based on the identification information; and
  
  (C) configuring the port module with the one or more packet rules associated with the assigned role of the user to control usage, by the user, of any of the network resources beyond the port module of the network entry device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
Pettit, Steven A., Kjendal, David L., Dunigan, Paula Jane, Richmond, James
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/071,873
Publication Number

US 20030154380A1
Time in Patent Office

1,187 Days
Field of Search

713200-202, 709223-229
US Class Current

726/7
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Controlling usage of network resources by a user at the user's entry point to a communications network based on an identity of the user

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

143 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling usage of network resources by a user at the user's entry point to a communications network based on an identity of the user

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

143 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links