Method and system for controlling network access

US 8,543,710 B2
Filed: 03/10/2005
Issued: 09/24/2013
Est. Priority Date: 03/10/2004
Status: Active Grant

First Claim

Patent Images

1. A method of network traffic quarantine control, comprising:

at a network access gateway device between a local network and the Internet, selecting a client device in a first network segment of the network;

at the network access gateway device, performing a plurality of quarantine control functions over the client device, wherein the plurality of quarantine control functions comprises;

a) restricting all network traffic emanating from the client device to one or more network destination addresses that are not in or subordinate to the first network segment;

b) restricting all network traffic emanating from the client device to an allowed network destination address to selected one or more network protocols; and

rendering a web page to display on the client device from the network access gateway device, wherein the web page contains an offer for a user of the client device to perform an action in order to obtain unrestricted access to the Internet responsive to implementation of one of the plurality of quarantine control function of the client device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods intended to control a network devices access to a network are disclosed. Embodiments of the current invention expose a method for confining a network client'"'"'s network access to a specific logical region of the network. A network communication may be received and the client that originated this communication determined. This client is associated with a set of rules or walled garden that specifies the access allowed by that client. The destination of the communication may also be determined and if the destination is allowed by the set of rules associated with the client and access to the destination allowed if access to the destination is allowed by the set of rules.

267 Citations

20 Claims

1. A method of network traffic quarantine control, comprising:
- at a network access gateway device between a local network and the Internet, selecting a client device in a first network segment of the network;
  
  at the network access gateway device, performing a plurality of quarantine control functions over the client device, wherein the plurality of quarantine control functions comprises;
  
  a) restricting all network traffic emanating from the client device to one or more network destination addresses that are not in or subordinate to the first network segment;
  
  b) restricting all network traffic emanating from the client device to an allowed network destination address to selected one or more network protocols; and
  
  rendering a web page to display on the client device from the network access gateway device, wherein the web page contains an offer for a user of the client device to perform an action in order to obtain unrestricted access to the Internet responsive to implementation of one of the plurality of quarantine control function of the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the action requires the user to obtain and execute abnormal behavior scanning software from a server machine running at one of the one or more allowed network destination addresses.
  - 3. The method according to claim 1, further comprising:
    - evaluating network traffic emanating from the client device after the client device has been scanned and abnormal behavior has been removed, mitigated or rendered inert.
  - 4. The method according to claim 1, further comprising:
    - filtering the network traffic emanating from the client device to limit network packet flow by the client device.
  - 5. The method according to claim 1, further comprising:
    - routing the network traffic emanating from the client device to limit network packet traversal by the client device.
  - 6. The method according to claim 1, wherein the plurality of quarantine control functions further comprises:
    - restricting all network traffic emanating from the client device to one or more network destination addresses in one or more network segments that are not in or subordinate to the first network segment.
  - 7. The method according to claim 1, further comprising:
    - performing all of the plurality of quarantine control functions over the client device.

8. A computer program product comprising at least one non-transitory computer readable medium storing instructions translatable by at least one processor to perform:
- a plurality of quarantine control functions over a client device coupled to the network access gateway device, wherein the network access gateway device is between a local network and the Internet, wherein the client device is in a first network segment of the network, and wherein the plurality of quarantine control functions comprises;
  
  a) restricting all network traffic emanating from the client device to one or more network destination addresses that are not in or subordinate to the first network segment;
  
  b) restricting all network traffic emanating from the client device to an allowed network destination address to selected one or more network protocols; and
  
  rendering a web page to display on the client device from the network access gateway device, wherein the web page contains an offer for a user of the client device to perform an action in order to obtain unrestricted access to the Internet responsive to the implementation of one of the plurality of quarantine control function of the client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the action requires the user to obtain and execute abnormal behavior scanning software from a server machine running at one of the one or more allowed network destination addresses.
  - 10. The computer program product of claim 8, wherein the instructions are further translatable by the at least one processor to perform:
    - evaluating network traffic emanating from the client device after the client device has been scanned and abnormal behavior has been removed, mitigated or rendered inert.
  - 11. The computer program product of claim 8, wherein the instructions are further translatable by the at least one processor to perform:
    - filtering the network traffic emanating from the client device to limit network packet flow by the client device.
  - 12. The computer program product of claim 8, wherein the instructions are further translatable by the at least one processor to perform:
    - routing the network, traffic emanating from the client device to limit network packet traversal by the client device.
  - 13. The computer program product of claim 8, wherein the plurality of quarantine control functions further comprises:
    - restricting all network traffic emanating from the client device to one or more network destination addresses in one or more network segments that are not in or subordinate to the first network segment.
  - 14. The computer program product of claim 8, wherein the instructions are further translatable by the at least one processor to perform:
    - all of the plurality of quarantine control functions over the client device.

15. A network access gateway device, comprising:
- at least one processor; and
  
  at least one non-transitory computer readable medium storing instructions translatable by the at least one processor to perform;
  
  a plurality of quarantine control functions over a client device coupled to the network access gateway device, wherein the network access gateway device is between a local network and the Internet, wherein the client device is in a first network segment of the network, and wherein the plurality of quarantine control functions comprises;
  
  a) restricting all network traffic emanating from the client device to one or more network destination addresses that are not in or subordinate to the first network segment;
  
  b) restricting all network traffic emanating from the client device to an allowed network destination address to selected one or more network protocols; and
  
  rendering a web page to display on the client device from the network access gateway device, wherein the web page contains an offer for a user of the client device to perform an action in order to obtain unrestricted access to the Internet responsive to implementation of one of the plurality of quarantine control function of the client device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the action requires the user to obtain and execute abnormal behavior scanning software from a server machine running at one of the one or more allowed network destination addresses.
  - 17. The system of claim 15, wherein the instructions are further translatable by the at least one processor to perform:
    - evaluating network traffic emanating from the client device after the client device has been scanned and abnormal behavior has been removed, mitigated or rendered inert.
  - 18. The system of claim 15, wherein the instructions are further translatable by the at least one processor to perform:
    - filtering the network traffic emanating from the client device to limit network packet flow by the client device.
  - 19. The system of claim 15, wherein the instructions are further translatable by the at least one processor to perform:
    - routing the network traffic emanating from the client device to limit network packet traversal by the client device.
  - 20. The system of claim 15, wherein the plurality of quarantine control functions further comprises:
    - restricting all network traffic emanating from the client device to one or more network destination addresses in one or more network segments that are not in or subordinate to the first network segment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
RPX Corporation
Inventors
Johnston, Keith, Tonnesen, Steven D., Turley, Patrick
Primary Examiner(s)
BOUTAH, ALINA A

Application Number

US11/076,591
Publication Number

US 20050204050A1
Time in Patent Office

3,120 Days
Field of Search

709/229, 709/224, 709/225, 726/1, 726/2, 726/4, 726/6, 726/11, 726/22, 726 26- 30
US Class Current

709/229
CPC Class Codes

H04L 63/0263 Rule management

H04L 63/105 Multiple levels of security

Method and system for controlling network access

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

267 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling network access

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

267 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links