System and method of redirecting internet protocol traffic for network based parental controls
First Claim
1. A method, comprising:
- receiving, by a system comprising a host server having a processor, a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith;
assigning, by the system, a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers;
receiving, by the system, a first transaction over the network from a source device, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device on the network having the first destination IP address;
determining, by the system, whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses wherein the determining is based only on the first source IP address or the first destination IP address respectively;
redirecting, by the system, the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting,wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the source device indicates whether the first source IP address is included in the first block of IP addresses,wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses,wherein the parental control device routes the first transaction to the first destination IP address responsive to determining that the first transaction is permitted according to a parental control policy associated with the parental control service, the parental control policy comprising content filtering applied to the first transaction,wherein the parental control device prevents routing of the first transaction responsive to the parental control device determining that the first transaction is not permitted according to the parental control policy; and
routing, by the system, the first transaction on a second network path distinct from the first network path to the first destination IP address responsive to determining that the first source IP address is not included in the first block of IP addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of redirecting traffic on a network includes receiving a subscriber request to use a parental control service, assigning to the subscriber'"'"'s access device an Internet protocol (IP) address from a block of addresses reserved for the service, receiving a transaction, determining that the transaction is from an address in the block, and redirecting the transaction to a parental control device on the network. A network-based parental control system includes an access device for an account that uses a parental control service, a dynamic host configuration protocol server that assigns to the access device an IP address from a block of addresses reserved for the parental control service, a parental control policy device, and a router that receives a transaction from the access device, determines that the transaction is from an address in the block, and redirects the transaction to the parental control policy device.
39 Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a system comprising a host server having a processor, a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith; assigning, by the system, a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers; receiving, by the system, a first transaction over the network from a source device, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device on the network having the first destination IP address; determining, by the system, whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses wherein the determining is based only on the first source IP address or the first destination IP address respectively; redirecting, by the system, the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting, wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the source device indicates whether the first source IP address is included in the first block of IP addresses, wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses, wherein the parental control device routes the first transaction to the first destination IP address responsive to determining that the first transaction is permitted according to a parental control policy associated with the parental control service, the parental control policy comprising content filtering applied to the first transaction, wherein the parental control device prevents routing of the first transaction responsive to the parental control device determining that the first transaction is not permitted according to the parental control policy; and routing, by the system, the first transaction on a second network path distinct from the first network path to the first destination IP address responsive to determining that the first source IP address is not included in the first block of IP addresses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network-based parental control system, comprising:
-
a memory storing executable instructions; and a processor coupled to the memory, which responsive to executing the instructions, performs operations comprising; receiving, from a residential gateway of a system, a first transaction destined for a destination device on the network, the network including a plurality of access routers each having a range of IP addresses associated therewith, the first transaction including a first source IP address and a first destination IP address, wherein the first transaction is redirected by the system on a first network path to the network-based parental control system, responsive to the system detecting the first source IP address in the first transaction having a first address portion associated with a first block of IP addresses reserved, in accordance with an address assignment performed by a host server, for parental control services provided by the network-based parental control system, or detecting that the first destination IP address has a second address portion associated with the first block of IP addresses, wherein IP addresses in the first block of IP addresses are not in the range associated with the access routers and are assigned to residential gateways distinct from equipment of network subscribers; wherein the first address portion of the first source IP address corresponds to a range of IP addresses, is not specific to the residential gateway, and indicates whether the first source IP address is included in the first block of IP addresses, wherein the second address portion of the first destination IP address corresponds to a range of IP addresses, is not specific to the destination device, and indicates whether the first destination IP address is included in the first block of IP addresses, wherein the first transaction is routed on a second network path distinct from the first network path if not redirected; determining, using a parental control policy comprising content filtering applied to the first transaction by a policy manager server distinct from the host server, whether the first transaction is allowed; routing the first transaction to the first destination IP address responsive to determining the first transaction is allowed; and preventing a routing of the first transaction responsive to determining the first transaction is not permitted. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory machine-readable storage device, comprising executable code, which when executed by a processor of a host server, causes the processor to perform operations comprising:
-
receiving a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith; assigning a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers; receiving a first transaction from the first access device, the first access device being a source of the first transaction, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device having the first destination IP address; determining whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses, wherein the determining is based only on the first IP source address or the first IP destination address respectively; redirecting the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting, wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the first access device indicates whether the first source IP address is included in the first block of IP addresses, wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses, wherein the parental control device, using a parental control policy comprising content filtering applied to the first transaction, determines whether to route or block the first transaction; routing the first transaction on a second network path distinct from the first network path to the first destination IP address in response to determining that the first source IP address is not included in the first block of IP addresses; receiving a second transaction destined for the first access device; determining that a second destination IP address of the second transaction is included in the first block of IP addresses; and redirecting the second transaction to the parental control device in response to determining that the second destination IP address is included in the first block of IP addresses. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification