Method and system using shared configuration information to manage network access for network users

US 7,764,699 B2
Filed: 05/16/2005
Issued: 07/27/2010
Est. Priority Date: 05/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method using shared configuration information to manage network access for externally generated communications, comprising:

providing an association information store that maintains association information for a first end user of a private network;

providing a data storage system that maintains configuration information for a first endpoint associated with the first end user;

receiving an externally generated communication at an access point to the private network, the communication addressed for delivery to a second endpoint associated with a second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;

using a computing device to obtain the association information and determine an association between the first end user and the second end user; and

using the computing device to obtain the configuration information for the first endpoint associated with the first end user and configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with a particular embodiment of the present invention, a method using shared configuration information to manage network access for externally generated communications includes maintaining association information for a first end user of a private network and maintaining configuration information for a first endpoint associated with the first end user. When an externally generated communication that is addressed for delivery to a second endpoint associated with a second end user is received at an access point to the private network, the association information is used to determine an association between the first end user and the second end user. The configuration information for the first end user is used to configure the access point to allow the communication to be delivered to the second endpoint.

Citations

28 Claims

1. A method using shared configuration information to manage network access for externally generated communications, comprising:
- providing an association information store that maintains association information for a first end user of a private network;
  
  providing a data storage system that maintains configuration information for a first endpoint associated with the first end user;
  
  receiving an externally generated communication at an access point to the private network, the communication addressed for delivery to a second endpoint associated with a second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  using a computing device to obtain the association information and determine an association between the first end user and the second end user; and
  
  using the computing device to obtain the configuration information for the first endpoint associated with the first end user and configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 22, 23)
- - 2. The method of claim 1, wherein maintaining the association information for the first end user comprises maintaining presence information relating to the availability of the first end user at the first endpoint.
  - 3. The method of claim 2, further comprising:
    - storing a list of one or more presence watchers that are authorized to access presence information for the first end user; and
      
      determining that the second end user is listed as a presence watcher of the first end user.
  - 4. The method of claim 2, wherein using the association information to determine the association between the first end user and the second end user comprises determining that the second end user is a subscribed presence watcher of the presence information for the first end user.
  - 5. The method of claim 1, wherein:
    - maintaining the association information for the first end user comprises storing a list of one or more trusted end users associated with the first end user; and
      
      using the association information to determine the association between the first end user and the second end user comprises determining that the second end user is one of the one or more trusted end users on the list.
  - 6. The method of claim 1, wherein:
    - maintaining the association information for the first end user comprises;
      
      storing a first list of one or more trusted end users associated with the first end user, a third end user included on the first list as one of the one or more trusted end users; and
      
      storing a second list of one or more trusted end users associated with the third end user;
      
      using the association information to determine the association between the first end user and the second end user comprises;
      
      determining that the third end user is one of the one or more trusted end users on the first list; and
      
      determining that the second end user is one of the one or more trusted end users on the second list.
  - 7. The method of claim 1, wherein using the configuration information for the first end user comprises:
    - determining that the first endpoint is configured to allow the communication from the third endpoint associated with the third end user to pass through the access point; and
      
      applying the configuration information associated with the first end user to the second endpoint.
  - 8. The method of claim 1, wherein using the configuration information for the first end user comprises opening one or more pinholes in a firewall.
  - 9. The method of claim 1, further comprising taking a vote of a plurality of network end users to determine that the communication is trustworthy.
  - 22. The method of claim 1, further comprising using the computing device to determine that the configuration information for the first endpoint associated with the first end user allows communication from the third endpoint associated with the third end user.
  - 23. The method of claim 1, further comprising:
    - store a first list of one or more trusted end users associated with the first end user; and
      
      determine that the third end user is included on the first list as one of the one or more trusted end users.

10. A method using shared configuration information to manage network access for externally generated communications, comprising:
- providing an association information store that maintains association information for a first end user and a second end user of a private network;
  
  providing a configuration information server that maintains configuration information for each of a first endpoint associated with the first end user and a second endpoint associated with the second end user;
  
  receiving an externally generated communication at an access point to the private network, the communication addressed for delivery to the second endpoint associated with the second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  using a computing device to obtain the association information and determine an association between the first end user and the second end user, the first end user identified in the association information as untrustworthy; and
  
  if the association information identifies the first end user as untrustworthy, use the computing device to;
  
  configure the access point to disallow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint; and
  
  if the association information identifies the first end user as trustworthy, use the computing device to;
  
  determine that the first endpoint associated with the first end user is configured to accept the externally generated communication from the third endpoint associated with the third end user; and
  
  configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.

11. A system using shared configuration information to manage network access for externally generated communications, comprising:
- an association information store in communication with a private network, the association information store operable to maintain association information for a first end user of the private network;
  
  a configuration server in communication with the private network, the configuration server operable to maintain configuration information for a first endpoint associated with the first end user; and
  
  an access point in communication with the private network, the access point operable to;
  
  receive an externally generated communication, the communication addressed for delivery to a second endpoint associated with a second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  use the association information to determine an association between the first end user and the second end user; and
  
  use the configuration information for the first end point associated with the first end user to authorize the communication from the third endpoint associated with the third end user to enter the private network for delivery to the second endpoint associated with the second end user based on the association between the first end user and the second end user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 24, 25)
- - 12. The system of claim 11, wherein the association information store comprises a presence server operable to:
    - maintain presence information for the first end user of the private network;
      
      the presence information relating to the availability of the first end user at the first endpoint.
  - 13. The system of claim 12, wherein the presence server is further operable to:
    - store a list of one or more presence watchers that are authorized to access presence information for the first end user; and
      
      determine that the second end user is listed as a presence watcher of the first end user.
  - 14. The system of claim 12, wherein the access point is further operable to use the presence information to determine that the second end user is a subscribed presence watcher of the presence information for the first end user.
  - 15. The system of claim 11, wherein:
    - the association information comprises a list of one or more trusted end users associated with the first end user; and
      
      the access point is operable to use the association information to determine the association between the first end user and the second end user by determining that the second end user is one of the one or more trusted end users on the list.
  - 16. The system of claim 11, wherein:
    - the association information store is further operable to;
      
      store a first list of one or more trusted end users associated with the first end user, a third end user included on the first list as one of the one or more trusted end users; and
      
      store a second list of one or more trusted end users associated with the third end user; and
      
      the access point is further operable to use the association information by;
      
      determining that the third end user is one of the one or more trusted end users on the first list; and
      
      determining that the second end user is one of the one or more trusted end users on the second list.
  - 17. The system of claim 11, wherein the access point is further operable to:
    - use the configuration information to determine that the first endpoint is configured to allow the communication from the third endpoint associated with the third end user to pass through the access point; and
      
      apply the configuration information associated with the first end user to the second endpoint.
  - 18. The system of claim 11, wherein the access point is further operable to use the configuration information to open one or more pinholes in a firewall.
  - 19. The system of claim 11, wherein the access point is further operable to take a vote of a plurality of network end users to determine that the communication is trustworthy.
  - 24. The system of claim 11 wherein the access point is further operable to determine that the configuration information for the first endpoint associated with the first end user allows communication from the third endpoint associated with the third end user.
  - 25. The system of claim 11, wherein:
    - at least one of the association information store and the configuration server is further operable to maintain a first list of one or more trusted end users associated with the first end user; and
      
      the access point is further operable to determine that the third end user is included on the first list as one of the one or more trusted end users.

20. A system using shared configuration information to manage network access for externally generated communications, comprising:
- means for maintaining association information for a first end user of a private network;
  
  means for maintaining configuration information for a first endpoint associated with the first end user;
  
  means for receiving an externally generated communication at an access point to the private network, the communication addressed for delivery to a second endpoint associated with a second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  means for using the association information to determine an association between the first end user and the second end user; and
  
  means for using the configuration information for the first endpoint associated with the first end user to configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.

21. A non-transitory computer readable medium comprising code operable to:
- A non-transitory computer-readable medium encoded with software for using shared configuration information to manage network access for externally generated communications, the software executed by a computer to perform operations comprising;
  
  maintain association information for each of a first end user and a second end user of a private network;
  
  maintain configuration information for each of a first endpoint associated with the first end user and a second endpoint associated with the second end user;
  
  receive an externally generated communication at an access point to the private network, the communication addressed for delivery to the second endpoint associated with the second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  use the association information to determine an association between the first end user and the second end user; and
  
  if the association information identifies the first end user as untrustworthy;
  
  use the configuration information for the first end user to configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint; and
  
  if the association information identifies the first end user as trustworthy;
  
  determine that the first endpoint associated with the first end user configured to accept the externally generated communication from the third endpoint associated with the third end user; and
  
  configure the access point to allow the communication from de source other than the first endpoint to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.

26. A non-transitory computer-readable medium encoded with software for using shared configuration information to manage network access for externally generated communications, the software executed by a computer to perform operations comprising:
- maintain association information for a first end user of a private network;
  
  maintain configuration information for a first endpoint associated with the first end user;
  
  receive an externally generated communication at an access point to the private network, the communication addressed for delivery to a second endpoint associated with a second end user of the private network, the externally generated communication received from a third endpoint associated with a third end user;
  
  obtain the association information and determine an association between the first end user and the second end user; and
  
  obtain the configuration information for the first endpoint associated with the first end user and configure the access point to allow the communication from the third endpoint associated with the third end user to be delivered to the second endpoint associated with the second end user based on the association between the first end user and the second end user.
- View Dependent Claims (27, 28)
- - 27. The non-transitory computer-readable medium of claim 26, further operable when execute to:
    - determine that the configuration information for the first endpoint associated with the first end user allows communication from the third endpoint associated with the third end user.
  - 28. The non-transitory computer-readable medium of claim 26, further operable when executed to:
    - store a first list of one or more trusted end users associated with the first end user; and
      
      determine that the third end user is included on the first list as one of the one or more trusted end users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jennings, Cullen F., FitzGerald, Cary W.
Primary Examiner(s)
Hoang; Thai D

Application Number

US11/130,439
Publication Number

US 20060256731A1
Time in Patent Office

1,898 Days
Field of Search

370400-402, 370420-421, 385186-188, 713167-200, 709227-229
US Class Current

370/401
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/2859   Point-to-point connection b...

H04L 67/54   Presence management, e.g. m...

Method and system using shared configuration information to manage network access for network users

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system using shared configuration information to manage network access for network users

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links