Web-based security and filtering system for inbound/outbound communications with proxy chaining

US 9,037,738 B2
Filed: 07/29/2009
Issued: 05/19/2015
Est. Priority Date: 09/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the Internet for access to web resources protected by the system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, the system having at least one user account, said system comprising:

one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;

the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;

an administrative module,wherein said administrative module includes configuration settings for inbound or outbound communications,wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;

a first proxy server in at least one of the said one or more user computers;

wherein the first proxy server has access to the world wide web,wherein said first proxy server is configured by the administrative module,wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account,wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account,wherein said first proxy server is programmed to;

receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list and the unfriendly inbound list of a particular user account;

check the text of a requested URL (uniform resource locator) against one or more of the friendly outbound list and the unfriendly outbound list of the particular user account; and

either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;

wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser;

a second proxy server in at least one of the one or more computers;

wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;

wherein said second proxy server does not comprise said administrative module, said friendly inbound list of the particular user account, said friendly outbound list of the particular user account, said unfriendly inbound list of the particular user account, or said unfriendly outbound list of the particular user account;

wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;

wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;

wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;

wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A customizable system for filtering web-based HTTP requests for outbound and inbound access to web sites. An administrative module in a user computer configures a range of access levels for inbound and outbound communications and has list maintenance functions. Users attempting to access an unfriendly site are anonymously forwarded to a friendly site or the request is terminated. A first proxy server in each user computer of a LAN has access to the WWW, has a customizable friendly and unfriendly outbound list, one of which is active and a customizable friendly and unfriendly inbound list, one of which is active. A second HTTP proxy server without an administrative module or friendly or unfriendly lists is between the first proxy server and the Internet as a LAN gateway or at an ISP domain, the second proxy being capable of communicating to a proxy of a destination or directly to a destination.

49 Citations

View as Search Results

99 Claims

1. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the Internet for access to web resources protected by the system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, the system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module,wherein said administrative module includes configuration settings for inbound or outbound communications,wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web,wherein said first proxy server is configured by the administrative module,wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account,wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account,wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list and the unfriendly inbound list of a particular user account;
  
  check the text of a requested URL (uniform resource locator) against one or more of the friendly outbound list and the unfriendly outbound list of the particular user account; and
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser;
  
  a second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module, said friendly inbound list of the particular user account, said friendly outbound list of the particular user account, said unfriendly inbound list of the particular user account, or said unfriendly outbound list of the particular user account;
  
  wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein when a user logs into said first proxy server and presents said one or more unique authentication credentials, said first proxy server checks an identity of said user.
  - 3. The system of claim 2, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server either checks said one or more identity attributes of said requesting client against at least one of said friendly inbound list of the particular user account or said unfriendly inbound list of the particular user account, or else checks said text of said requested URL against at least one of said friendly outbound list of the particular user account or said unfriendly outbound list of the particular user account.
  - 4. The system of claim 2, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 5. The system of claim 2, wherein upon a successful authentication of said user'"'"'s identity by said first proxy, the said user logs into the system.
  - 6. The system of claim 5, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 7. The system of claim 1, wherein one or more different types of user accounts further includes a type of user account without administrative privileges or the ability to view information on additional user accounts.
  - 8. The system of claim 1, wherein said first proxy server registers said request of said requesting client in a logfile of all URLs requested by said user.
  - 9. The system of claim 1, wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of the particular user account, only one of said friendly inbound list and said unfriendly inbound list is active in said first proxy server at any given time;
    - andwherein when said first proxy server comprises both a friendly outbound list and an unfriendly outbound list of the particular user account, only one of said friendly outbound list and said unfriendly outbound list is active in said first proxy server at any given time.
  - 10. The system of claim 1, wherein said administrative module also performs list maintenance functions and wherein said list maintenance functions comprise at least one of list editing, list deleting, searching of lists, saving of lists, adding and deleting users, interchanging lists, and importing and exporting lists.
  - 11. The system of claim 1, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 12. The system of claim 1, wherein said one or more different types of user accounts includes an administrator account with full configuration right without the ability to create additional user accounts.

13. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the providing for access to web resources protected by said system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account;
  
  wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account, wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list of a particular user account and the unfriendly inbound list of the particular user account;
  
  check the text of a requested URL against one or more of the friendly outbound list of the particular user account and the unfriendly outbound list of the particular user account; and
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) client application or a web browser.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 14. The system of claim 13, wherein said one or more different types of user accounts may be configured with access levels ranging from no access to all access.
  - 15. The system of claim 13, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by a user.
  - 16. The system of claim 13, wherein said one or more user computers further comprise said first proxy server in all of said one or more user computers.
  - 17. The system of claim 13, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 18. The system of claim 13, wherein said system is used with a dialup modem connection to the Internet, a local area network, or a virtual network connection.
  - 19. The system of claim 18, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 20. The system of claim 13, wherein said one or more different types of user accounts further includes an anonymous guest user account, wherein the anonymous guest user account is for use by general users without authentication credentials.
  - 21. The system of claim 20, wherein when said user presents said one or more unique authentication credentials, said first proxy server checks an identity of said user.
  - 22. The system of claim 21, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 23. The system of claim 21, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to either check said one or more identity attributes of said requesting client against at least one of said friendly inbound list of the particular user account or said unfriendly inbound list of the particular user account, or to check said text of said requested URL against at least one of said friendly outbound list of the particular user account or said unfriendly outbound list of the particular user account.
  - 24. The system of claim 21, wherein if said first proxy server fails to authenticate said user, said first proxy server offers said user an opportunity to log in as an anonymous guest user.
  - 25. The system of claim 13, wherein, in inbound communications, if said request from said requesting client is rejected by said first proxy server, said request is forwarded to a replacement location of said resource, wherein an actual location of said replacement location is an unpublished location when said user considers said resource to be sensitive;
    - wherein said one or more identity attributes of requesting clients of approved users are listed in said unfriendly inbound list of the particular user account;
      
      wherein said requests from said requesting clients of approved users are sent by said first proxy server to said replacement location;
      
      wherein said one or more identity attributes of said requesting clients of an unapproved user are not listed in said unfriendly inbound list of the particular user account;
      
      wherein said requests of said requesting clients of unapproved users are sent to a published address containing information that said user considers unimportant.
  - 26. The system of claim 25, wherein said first proxy server registers said request of said requesting client in a logfile of all URLs requested by said user.
  - 27. The system of claim 13, wherein when a user presents said one or more unique authentication credentials, said first proxy server checks an identity of said user.
  - 28. The system of claim 27, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to either check said identity attributes of said requesting client against at least one of said friendly inbound list of the particular user account or said unfriendly inbound list of the particular user account, or to check said text of said requested URL against at least one of said friendly outbound list of the particular account or said unfriendly outbound list of the particular user account.
  - 29. The system of claim 27, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 30. The system of claim 27, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, the said user logs into the system.
  - 31. The system of claim 13, wherein, in inbound communications, if said request from said requesting client is rejected by said first proxy server, said request is forwarded to a replacement location of said resource, wherein an actual location of said replacement location is an unpublished location when said user considers said resource to be sensitive;
    - wherein said identity attributes of requesting clients of an approved user are not listed in said friendly inbound list of the particular user account;
      
      wherein said requests of said requesting clients of approved users are sent by said first proxy server to said replacement location;
      
      wherein said one or more identity attributes of said requesting clients of an unapproved user are listed in said friendly inbound list of the particular user account;
      
      wherein said requests of said requesting clients of said unapproved users are sent to a published address containing information that said user considers unimportant.
  - 32. The system of claim 31, wherein when said user presents said one or more unique authentication credentials, said first proxy server checks an identity of said user.
  - 33. The system of claim 32, wherein if said first proxy server fails to authenticate said user, said first proxy server offers said user an opportunity to log in as an anonymous guest user.
  - 34. The system of claim 13, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 35. The system of claim 13, wherein said system is used with a dialup modem connection to the Internet, a local area network, or a virtual network connection.
  - 36. The system of claim 35, wherein said one or more different types of user accounts is configured with access levels ranging from no access to all access.
  - 37. The system of claim 13, wherein said one or more different types of user accounts further includes a type of user account without administrative privileges or the ability to view information on additional user accounts.
  - 38. The system of claim 13, wherein at least one additional proxy server is communicatively located between said first proxy server and said resource, said at least one additional proxy server comprising executable instructions stored on the memory of the one or more user computers.
  - 39. The system of claim 13, wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of the particular user account, only one of said friendly inbound list and said unfriendly inbound list is active in said first proxy server at any given time;
    - andwherein when said first proxy server comprises both a friendly outbound list and an unfriendly outbound list of the particular user account, only one of said friendly outbound list and said unfriendly outbound list is active in said first proxy server at any given time.
  - 40. The system of claim 13, wherein said administrative module also performs list maintenance functions and wherein said list maintenance functions comprise at least one of list editing, list deleting, searching of lists, saving of lists, adding and deleting users, interchanging lists, and importing and exporting lists.
  - 41. The system of claim 13, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 42. The system of claim 13, wherein said one or more different types of user accounts includes an administrator account with full configuration right without the ability to create additional user accounts.

43. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for filtering both outbound requests and inbound requests from the providing for access to web resources protected by said system, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account;
  
  wherein when said first proxy server comprises both a friendly outbound list and an unfriendly outbound list of a particular user account, only one of said friendly outbound list and said unfriendly outbound list of the particular user account is active in said first proxy server at any given time;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check the text of a requested URL against one or more of the friendly outbound list of the particular user account and the unfriendly outbound list of the particular user account; and
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) client application or a web browser.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 44. The system of claim 43, wherein said one or more different types of user accounts further includes an anonymous guest user account, wherein the anonymous guest user account is for use by general users without authentication credentials.
  - 45. The system of claim 44, wherein when a user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 46. The system of claim 45, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said user logs into the system.
  - 47. The system of claim 44, wherein if said first proxy server fails to authenticate said user, said first proxy server offers said user an opportunity to log in as an anonymous guest user.
  - 48. The system of claim 44, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 49. The system of claim 43, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 50. The system of claim 43, wherein said system is used with a dialup modem connection to the Internet, a local area network, or a virtual network connection.
  - 51. The system of claim 50, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 52. The system of claim 43, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 53. The system of claim 43, wherein when a user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 54. The system of claim 53, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to check said text of said requested URL at least one of said friendly outbound list of the particular user account or said unfriendly outbound list of the particular user account.
  - 55. The system of claim 53, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 56. The system of claim 43, wherein said one or more different types of user accounts further includes a type of user account without administrative privileges or the ability to view information on additional user accounts.
  - 57. The system of claim 43, wherein at least one proxy server is communicatively located between said first proxy server and said resource, said at least one additional proxy server comprising executable instructions stored on the memory of the one or more user computers.
  - 58. The system of claim 43, wherein said administrative module also performs list maintenance functions and wherein said list maintenance functions comprise at least one of list editing, list deleting, searching of lists, saving of lists, adding and deleting users, interchanging lists, and importing and exporting lists.
  - 59. The system of claim 43, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 60. The system of claim 43, wherein said one or more different types of user accounts includes an administrator account with full configuration right without the ability to create additional user accounts.

61. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for filtering both inbound requests for access to web resources protected by said system and for outbound requests, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account;
  
  wherein when said first proxy server comprises both a friendly outbound list and an unfriendly outbound list of a particular user account, only one of said friendly outbound list and said unfriendly outbound list of the particular user account is active in said first proxy server at any given time;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check said text of a requested URL (uniform resource locator) against one or more of the friendly outbound list of the particular user account and the unfriendly outbound list of the particular user account;
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) client application or a web browser;
  
  a second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module, said friendly outbound list of the particular user account, or said unfriendly outbound list of the particular user account;
  
  wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
- - 62. The system of claim 61, wherein said one or more different types of user accounts further includes an anonymous guest user account, wherein the anonymous guest user account is for use by general users without authentication credentials.
  - 63. The system of claim 62, wherein when a user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 64. The system of claim 63, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to check said text of said requested URL at least one of said friendly outbound list of the particular user account or said unfriendly outbound list of the particular user account.
  - 65. The system of claim 63, wherein if said first proxy server fails to authenticate said user, said first proxy server offers said user an opportunity to log in as an anonymous guest user.
  - 66. The system of claim 63, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 67. The system of claim 61, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 68. The system of claim 61, wherein said system is used with a dialup modem connection to the Internet, a local area network, or a virtual network connection.
  - 69. The system of claim 68, wherein said one or more different types of user accounts are configured with access levels ranging from no access to all access.
  - 70. The system of claim 61, wherein said first proxy server further registers said requests from said requesting client in a logfile of all URLs requested by said user.
  - 71. The system of claim 61, wherein when said user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 72. The system of claim 71, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to check said text of said requested URL at least one of said friendly outbound list of the particular user account, or said unfriendly outbound list of the particular user account.
  - 73. The system of claim 71, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 74. The system of claim 61, wherein at least one additional proxy server is communicatively located between said first proxy server and said resource, said at least one additional proxy server comprising executable instructions stored on the memory of the one or more user computers.
  - 75. The system of claim 61, wherein said multiple types of user accounts further includes a type of user account without administrative privileges or the ability to view information on additional user accounts.
  - 76. The system of claim 61, wherein said administrative module also performs list maintenance functions and wherein said list maintenance functions comprise at least one list editing, list deleting, searching of lists, saving of lists, adding and deleting users, interchanging lists, and importing and exporting lists.
  - 77. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 78. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration right without the ability to create additional user accounts.
  - 79. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 80. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration right without the ability to create additional user accounts.
  - 81. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration rights, said administrative account configured to create additional user accounts.
  - 82. The system of claim 61, wherein said one or more different types of user accounts includes an administrator account with full configuration rights but without the ability to create additional user accounts.

83. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests for access to web resources protected by said system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, said system having at least one user account, the system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client, check said identity attributes of said requesting client against one or more of the friendly inbound list of a particular user account and the unfriendly inbound list of the particular user account;
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser.
- View Dependent Claims (84, 85, 86, 87, 88, 89)
- - 84. The system of claim 83, wherein said one or more different types of user accounts further includes a type of user account without administrative privileges and without the ability to view information on additional user accounts.
  - 85. The system of claim 83, wherein said one or more different types of user accounts further includes a type of user account without administrative privileges and without the ability to view information on additional user accounts.
  - 86. The system of claim 83, wherein when a user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 87. The system of claim 86, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to check said one or more identity attributes of said requesting client against one or more of the friendly inbound list of the particular user account and the unfriendly inbound list of the particular user account.
  - 88. The system of claim 86, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 89. The system of claim 83, wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of the particular user account, only one of said friendly inbound list and said unfriendly inbound list is active in said first proxy server at any given time.

90. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests for access to web resources protected by said system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check said identity attributes of said requesting client against one or more of the friendly inbound list of a particular user account and the unfriendly inbound list of the particular user account;
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser;
  
  a second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module, said friendly inbound list of the particular user account, or said unfriendly inbound list of the particular user account;
  
  wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.
- View Dependent Claims (91, 92, 93, 94)
- - 91. The system of claim 90, wherein when a user'"'"'s one or more unique authentication credentials are presented, said first proxy server checks an identity of said user.
  - 92. The system of claim 91, wherein upon a successful authentication of said user'"'"'s identity by said first proxy server, said first proxy server uses said user'"'"'s account to check said one or more identity attributes of said requesting client against one or more of the friendly inbound list of the particular user account and the unfriendly inbound list of the particular user account.
  - 93. The system of claim 91, wherein said first proxy server, upon a failed authentication of said user, will either offer said user an opportunity to login again, deny said request from said requesting client, or re-route said request from said requesting client to replacement resources.
  - 94. The system of claim 90, wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of the particular user account, only one of said friendly inbound list and said unfriendly inbound list is active in said first proxy server at any given time.

95. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests for access to web resources protected by said system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said multiple types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account;
  
  wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of a particular user account, only one of said friendly inbound list and said unfriendly inbound list of the particular user account is active in said first proxy server at any given time;
  
  wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account;
  
  wherein when said first proxy server comprises both a friendly outbound list and an unfriendly outbound list of the particular user account, only one of said friendly outbound list and said unfriendly outbound list of the particular user account is active in said first proxy server at any given time;
  
  wherein either (i) said one of the said friendly inbound list and said unfriendly inbound list in said first proxy server is uniquely configurable for each user account or (ii) said one of the said friendly outbound list and said unfriendly outbound list in said first proxy server is uniquely configurable for each user account;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list of a particular user account and the unfriendly inbound list of the particular user account;
  
  check said text of said requesting URL against one or more of the friendly outbound list of the particular user account and the unfriendly outbound list of the particular user account;
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser.

96. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests for access to web resources protected by said system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, said system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module;
  
  wherein said administrative module includes configuration settings for inbound or outbound communications;
  
  wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server is part of a local area network with access to the world wide web;
  
  wherein said first proxy server is configured by the administrative module;
  
  wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account;
  
  wherein when said first proxy server comprises both a friendly inbound list and an unfriendly inbound list of a particular user account, only one of said friendly inbound list and said unfriendly inbound list of the particular user account is active in said first proxy server at any given time;
  
  wherein said one of said friendly inbound list and said unfriendly inbound list in said first proxy server is uniquely configurable for each user account;
  
  wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list of the particular user account and the unfriendly inbound list of the particular user account;
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser.

97. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the Internet for access to web resources protected by the system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, the system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module,wherein said administrative module includes configuration settings for inbound or outbound communications,wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said multiple types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web,wherein said first proxy server is configured by the administrative module,wherein said first proxy server further comprises at least one of a friendly inbound list and an unfriendly inbound list per user account,wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check one or more identity attributes of said requesting client against one or more of the friendly inbound list of a particular user account and the unfriendly inbound list of the particular user account; and
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HHTP application or a web browser;
  
  a second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module, said friendly inbound list of the particular user account, or (ii) said unfriendly inbound list of the particular user account;
  
  wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.

98. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the Internet for access to web resources protected by the system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, the system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module,wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures one or more different access levels, andwherein said administrative module is configured to create one or more different types of user accounts, wherein each of the said one or more different types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web,wherein said first proxy server is configured by the administrative module,wherein said first proxy server is programmed to;
  
  receive a request from said requesting client, andeither approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP application or a web browser;
  
  second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module,wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.

99. A versatile customizable combination system for providing filtering of outbound requests for access to web sites on the Internet or for controlling inbound requests from the Internet for access to web resources protected by the system, or for filtering both outbound requests for access to web sites on the Internet and controlling inbound requests from the Internet for access to web resources protected by said system, the system having at least one user account, said system comprising:
- one or more user computers, wherein each of the said one or more user computers comprises either a dynamically allocated Internet protocol address or a static Internet protocol address;
  
  the one or more user computers comprising one or more hardware processors and comprising memory, wherein the memory stores executable instructions, the executable instructions comprising;
  
  an administrative module,wherein said administrative module includes configuration settings for inbound or outbound communications,wherein said administrative module is located in one of the one or more user computers,wherein said administrative module configures a range of access levels, andwherein said administrative module is configured to create multiple types of user accounts, wherein each of the said multiple types of user accounts requires one or more unique authentication credentials;
  
  a first proxy server in at least one of the said one or more user computers;
  
  wherein the first proxy server has access to the world wide web,wherein said first proxy server is configured by the administrative module,wherein said first proxy server further comprises at least one of a friendly outbound list and an unfriendly outbound list per user account,wherein said first proxy server is programmed to;
  
  receive a request from said requesting client,check the text of a requested URL (uniform resource locator) against one or more of the friendly outbound list of a particular user account and the unfriendly outbound list of the particular user account; and
  
  either approve said request from said requesting client, terminate said request from said requesting client, or re-route said request from said requesting client;
  
  wherein said requesting client is either an HTTP (Hypertext Transfer Protocol) application or a web browser;
  
  a second proxy server in at least one of the one or more computers;
  
  wherein said second proxy server is placed between said first proxy server and either a resource or the Internet;
  
  wherein said second proxy server does not comprise said administrative module, said friendly outbound list of the particular user account, or said unfriendly outbound list of the particular user account;
  
  wherein said second proxy server communicates either with a proxy of a destination or directly to said destination;
  
  wherein said second proxy server further comprises an Internet Protocol address used for proxy forwarding, wherein said Internet Protocol address used for proxy forwarding is set during configuration of said first proxy server, wherein said Internet Protocol address used for proxy forwarding is configurable by either an administrative account or a type of user account with administrative privileges;
  
  wherein said first proxy server forwards said request to said second proxy server if said first proxy server approves said request;
  
  wherein said first proxy server and said second proxy server are in communication with one another through a network communication link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Joshua Haghpassand
Original Assignee
Joshua Haghpassand
Inventors
Haghpassand, Joshua
Primary Examiner(s)
Swearingen, Jeffrey R

Application Number

US12/462,122
Publication Number

US 20090300196A1
Time in Patent Office

2,120 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

H04L 51/212   using filtering or selectiv...

H04L 61/10   of different types

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 67/02   based on web technology, e....

H04L 67/566   Grouping or aggregating ser...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Web-based security and filtering system for inbound/outbound communications with proxy chaining

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

99 Claims

Specification

Solutions

Use Cases

Quick Links

Web-based security and filtering system for inbound/outbound communications with proxy chaining

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

99 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links