System for securing inbound and outbound data packet flow in a computer network

US 7,934,090 B2
Filed: 05/12/2008
Issued: 04/26/2011
Est. Priority Date: 12/22/1998
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for providing access to a network resource, comprising:

receiving, at a network node that is pre-authorized to access the network resource, a request to allow a first user to assume an identity of the network node, the network node that is pre-authorized having a plurality of access privileges associated therewith;

allowing the first user to assume the identity of the network node that is pre-authorized, such that the first user appears to the network resource to be the network node that is pre-authorized, after verifying that the first user is authorized; and

based on the first user assuming the identity of the network node that is pre-authorized, allowing the first user to access the network resource using the plurality of access privileges associated with the network node that is pre-authorized.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method provides for control of access to network resources. A virtual identity machine resides in the network and is pre-authorized to access certain network resources. End users desiring access to those network resources attempt to logically connect to the virtual identity machines. If the logical connection attempt is successful, then the end user assumes the virtual identity of the virtual identity machine and has access to all of the same information that was available to the virtual identity machine.

Citations

18 Claims

1. A method for providing access to a network resource, comprising:
- receiving, at a network node that is pre-authorized to access the network resource, a request to allow a first user to assume an identity of the network node, the network node that is pre-authorized having a plurality of access privileges associated therewith;
  
  allowing the first user to assume the identity of the network node that is pre-authorized, such that the first user appears to the network resource to be the network node that is pre-authorized, after verifying that the first user is authorized; and
  
  based on the first user assuming the identity of the network node that is pre-authorized, allowing the first user to access the network resource using the plurality of access privileges associated with the network node that is pre-authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - receiving, at the network node, a request to allow a second user to assume the identity of the network node;
      
      allowing the second user to assume the identity of the network node that is pre-authorized after verifying that the second user is authorized, andbased on the second user assuming the identity of the network node that is pre-authorized, allowing the second user to access the network resource.
  - 3. The method of claim 2, wherein the first and second users assume the identity of the network node that is pre-authorized during overlapping time periods.
  - 4. The method of claim 1, wherein verifying that the first user is authorized includes:
    - receiving an identifier associated with the first user;
      
      comparing the identifier received to a table of authorized identifiers; and
      
      determining whether the identifier received matches any of the authorized identifiers.
  - 5. The method of claim 1, wherein verifying that the first user is authorized includes:
    - receiving a first identifier associated with the first user and a second identifier associated with a requested resource;
      
      comparing the first identifier received and second identifier received to contents of an authorized memory; and
      
      determining that the first user is authorized to access the network resource if a match is found for the first and second identifiers in the memory.
  - 6. The method of claim 1, wherein the network node is an internet service provider.
  - 7. The method of claim 1, wherein the network resource is on the internet.
  - 8. The method of claim 1, wherein the network node has a plurality of logical ports through which the request may be received.

9. A computer program product configured to provide access to a network resource, comprising a non-transitory computer readable medium having computer readable program code embodied therein, the computer readable program product comprising:
- computer readable program code configured to receive a request to allow a first user to assume an identity of a network node that is pre-authorized to access the network resource, the network node that is pre-authorized having a plurality of access privileges associated therewith;
  
  computer readable program code configured to verify that the first user is authorized, and to allow the first user to assume the identity of the network node that is pre-authorized, such that the first user appears to the network resource to be the network node that is pre-authorized, after verifying that the first user is authorized; and
  
  computer readable program code configured to allow the first user to access the network resource using the plurality of access privileges associated with the network node that is pre-authorized, based on the first user assuming the identity of the network node that is pre-authorized.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer program product of claim 9, further comprising:
    - computer readable program code configured to receive a request to allow a second user to assume the identity of the network node;
      
      computer readable program code configured to allow the second user to assume the identity of the network node that is pre-authorized after verifying that the second user is authorized, andcomputer readable program code configured to allow the second user to access the network resource, based on the second user assuming the identity of the network node that is pre-authorized.
  - 11. The computer program product of claim 10, further comprising computer readable program code configured to allow the first and second users to assume the identity of the network node that is pre-authorized during overlapping time periods.
  - 12. The computer program product of claim 9, wherein the computer readable program code configured to verify that the first user is authorized includes:
    - computer readable program code configured to receive an identifier associated with the first user;
      
      computer readable program code configured to compare the identifier received to a table of authorized identifiers; and
      
      computer readable program code configured to determine whether the identifier received matches any of the authorized identifiers.
  - 13. The computer program product of claim 9, wherein the computer readable program code configured to verify that the first user is authorized includes:
    - computer readable program code configured to receive a first identifier associated with the first user and a second identifier associated with a requested resource;
      
      computer readable program code configured to compare the first identifier received and second identifier received to contents of an authorized memory; and
      
      computer readable program code configured to determine that the first user is authorized to access the network resource if a match is found for the first and second identifiers in the memory.

14. A computer system comprising:
- a network resource; and
  
  a network node that is pre-authorized to access the network resource and having a plurality of access privileges associated therewith;
  
  wherein the network node is configured to receive a request to allow a first user to assume an identity of the network node, to verify that the first user is authorized, and to allow the first user to assume the identity of the network node, such that the first user appears to the network resource to be the network node that is pre-authorized, andwherein the network resource is configured to allow the first user to access the network resource using the plurality of access privileges associated with the network node that is pre-authorized, based on the first user assuming the identity of the network node.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer system of claim 14, wherein the network node is further configured to receive a request to allow a second user to assume the identity of the network node, to verify that the second user is authorized, and to allow the second user to assume the identity of the network node, such that the second user appears to the network resource to be the network node that is pre-authorized, andwherein the network resource is further configured to allow the second user to access the network resource using the plurality of access privileges associated with the network node that is pre-authorized, based on the second user assuming the identity of the network node.
  - 16. The computer system of claim 15, wherein the network node is further configured to allow the first and second users to assume the identity of the network node that is pre-authorized during overlapping time periods.
  - 17. The computer system of claim 14, wherein the network node that is configured to verify that the first user is authorized is further configured to receive an identifier associated with the first user, to compare the identifier received to a table of authorized identifiers, and to determine whether the identifier received matches any of the authorized identifiers.
  - 18. The computer system of claim 14, wherein the network node that is configured to verify that the first user is authorized is further configured to receive a first identifier associated with the first user and a second identifier associated with a requested resource, to compare the first identifier received and second identifier received to contents of an authorized memory, and to determine that the first user is authorized to access the network resource if a match is found for the first and second identifiers in the memory.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
American Patents LLC
Original Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Maria, Arturo
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Jackson, Jenise E

Application Number

US12/149,991
Publication Number

US 20080263639A1
Time in Patent Office

1,079 Days
Field of Search

713/160, 726/15, 726/3, 726 27- 29, 709/229
US Class Current

713/160
CPC Class Codes

G06F 21/41 where a single sign-on prov...

System for securing inbound and outbound data packet flow in a computer network

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for securing inbound and outbound data packet flow in a computer network

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links