System and method for providing access control
First Claim
1. A method for network access control, comprising:
- at a control device, receiving a packet originating from a user device in a first network, wherein the first network is connected to a second network via the control device, and wherein the user device is associated with a user;
processing the packet according to a plurality of stages, including a client discrimination stage and a user specific rule stage;
at the client discrimination stage, extracting information associated with the user device from a header of the packet and associating the packet with user specific traffic control rules and user specific firewall rules; and
at the user specific rule stage, accessing the user specific traffic control rules and user specific firewall rules based on the extracted information associated with the user device and applying the user specific traffic control rules and the user specific firewall rules to the packet as governed by at least one user specific class of service rule associated with the user on the user device in the first network.
11 Assignments
0 Petitions
Accused Products
Abstract
Embodiments disclosed herein provide systems and methods for provisioning network access for a user in order to provide access control to one or more networks with regard to the user. More particularly, a user may be authenticated and, based on a user profile associated with the authenticated user, provisioning rules may be established for the user such that the user'"'"'s network access to one or more networks may be controlled based upon the user profile associated with the user. In a network utilized by multiple users, the use of access control based on user profiles associated with the users may prevent any one user or users from accessing one or more networks to the exclusion or detriment of other users because each user may be limited to the network resources provisioned to that user based on the user profile associated with the user.
271 Citations
27 Claims
-
1. A method for network access control, comprising:
-
at a control device, receiving a packet originating from a user device in a first network, wherein the first network is connected to a second network via the control device, and wherein the user device is associated with a user; processing the packet according to a plurality of stages, including a client discrimination stage and a user specific rule stage; at the client discrimination stage, extracting information associated with the user device from a header of the packet and associating the packet with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage, accessing the user specific traffic control rules and user specific firewall rules based on the extracted information associated with the user device and applying the user specific traffic control rules and the user specific firewall rules to the packet as governed by at least one user specific class of service rule associated with the user on the user device in the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product comprising at least one non-transitory computer-readable storage medium storing computer instructions translatable by a processor of a control device to perform:
-
receiving a packet originating from a user device in a first network, wherein the first network is connected to a second network via the control device, and wherein the user device is associated with a user; processing the packet according to a plurality of stages, including a client discrimination stage and a user specific rule stage; at the client discrimination stage, extracting information associated with the user device from a header of the packet and associating the packet with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage, accessing the user specific traffic control rules and user specific firewall rules based on the extracted information associated with the user device and applying the user specific traffic control rules and the user specific firewall rules to the packet as governed by at least one user specific class of service rule associated with the user on the user device in the first network. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A control device for network access control, comprising:
-
a processor; at least one computer-readable storage medium storing computer instructions translatable by the processor to perform; receiving a packet originating from a user device in a first network, wherein the first network is connected to a second network via the control device, and wherein the user device is associated with a user; processing the packet according to a plurality of stages, including a client discrimination stage and a user specific rule stage; at the client discrimination stage, extracting information associated with the user device from a header of the packet and associating the packet with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage, accessing the user specific traffic control rules and user specific firewall rules based on the extracted information associated with the user device and applying the user specific traffic control rules and the user specific firewall rules to the packet as governed by at least one user specific class of service rule associated with the user on the user device in the first network. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A control device for network access control, comprising:
-
a processor; at least one computer-readable storage medium storing computer instructions translatable by the processor to perform; receiving a packet originating from a user device in a first network, wherein the first network is connected to a second network via the control device, and wherein the user device is associated with a user; determining whether the user has authenticated; if the user has not authenticated; redirecting the user to a login web page that requests user credentials; and using the user credentials received from the user to authenticate the user; processing the packet according to a plurality of stages, including a client discrimination stage and a user specific rule stage; at the client discrimination stage, extracting information associated with the user device from a header of the packet and associating the packet with user specific traffic control rules and user specific firewall rules; and at the user specific rule stage, accessing the user specific traffic control rules and user specific firewall rules based on the extracted information associated with the user device and applying the user specific traffic control rules and the user specific firewall rules to the packet as governed by at least one user specific class of service rule associated with the user on the user device in the first network.
-
Specification