System and method of redirecting internet protocol traffic for network based parental controls

US 9,497,164 B2
Filed: 05/27/2010
Issued: 11/15/2016
Est. Priority Date: 05/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a system comprising a host server having a processor, a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith;

assigning, by the system, a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers;

receiving, by the system, a first transaction over the network from a source device, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device on the network having the first destination IP address;

determining, by the system, whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses wherein the determining is based only on the first source IP address or the first destination IP address respectively;

redirecting, by the system, the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting,wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the source device indicates whether the first source IP address is included in the first block of IP addresses,wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses,wherein the parental control device routes the first transaction to the first destination IP address responsive to determining that the first transaction is permitted according to a parental control policy associated with the parental control service, the parental control policy comprising content filtering applied to the first transaction,wherein the parental control device prevents routing of the first transaction responsive to the parental control device determining that the first transaction is not permitted according to the parental control policy; and

routing, by the system, the first transaction on a second network path distinct from the first network path to the first destination IP address responsive to determining that the first source IP address is not included in the first block of IP addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of redirecting traffic on a network includes receiving a subscriber request to use a parental control service, assigning to the subscriber'"'"'s access device an Internet protocol (IP) address from a block of addresses reserved for the service, receiving a transaction, determining that the transaction is from an address in the block, and redirecting the transaction to a parental control device on the network. A network-based parental control system includes an access device for an account that uses a parental control service, a dynamic host configuration protocol server that assigns to the access device an IP address from a block of addresses reserved for the parental control service, a parental control policy device, and a router that receives a transaction from the access device, determines that the transaction is from an address in the block, and redirects the transaction to the parental control policy device.

39 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a system comprising a host server having a processor, a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith;
  
  assigning, by the system, a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers;
  
  receiving, by the system, a first transaction over the network from a source device, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device on the network having the first destination IP address;
  
  determining, by the system, whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses wherein the determining is based only on the first source IP address or the first destination IP address respectively;
  
  redirecting, by the system, the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting,wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the source device indicates whether the first source IP address is included in the first block of IP addresses,wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses,wherein the parental control device routes the first transaction to the first destination IP address responsive to determining that the first transaction is permitted according to a parental control policy associated with the parental control service, the parental control policy comprising content filtering applied to the first transaction,wherein the parental control device prevents routing of the first transaction responsive to the parental control device determining that the first transaction is not permitted according to the parental control policy; and
  
  routing, by the system, the first transaction on a second network path distinct from the first network path to the first destination IP address responsive to determining that the first source IP address is not included in the first block of IP addresses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving a second transaction destined for the first access device;
      
      determining that a second destination IP address of the second transaction is included in the first block of IP addresses; and
      
      redirecting the second transaction to the parental control device in response to determining that the second destination IP address is included in the first block of IP addresses.
  - 3. The method of claim 2, further comprising:
    - receiving a second request from equipment of a second subscriber to not use the network-based parental control service provided by the network;
      
      assigning a second IP address to a second access device associated with the equipment of the second subscriber in response to receiving the second request, the second access device comprising a residential gateway for the second subscriber, wherein the second IP address is selected from a second block of IP addresses that are reserved on the network for users who have requested to not use the network-based parental control service;
      
      receiving a third transaction from the second access device;
      
      determining that a second source IP address of the third transaction is included in the second block of IP addresses; and
      
      routing the third transaction to a third destination IP address associated with the third transaction in response to determining that the second source IP address is included in the second block of IP addresses.
  - 4. The method of claim 3, further comprising:
    - receiving a fourth transaction;
      
      determining that a fourth destination IP address of the fourth transaction is included in the second block of IP addresses; and
      
      routing the fourth transaction to the fourth destination IP address in response to determining that the fourth destination IP address is included in the second block of IP addresses.
  - 5. The method of claim 2, wherein the parental control policy further comprises usage control and management applied to the first transaction, and the parental control device routes the first transaction to the first destination IP address in response to determining that the first transaction is allowed.
  - 6. The method of claim 5, wherein the parental control device determines that the first transaction is not allowed based on the parental control policy, and prevents routing of the first transaction in response to determining that the first transaction is not allowed.
  - 7. The method of claim 6, wherein the parental control device issues a third transaction from the parental control device that is destined to the first source IP address, and that indicates that routing of the first transaction was prevented in response to determining the first transaction is not allowed.
  - 8. The method of redirecting IP traffic of claim 2, wherein the parental control device determines that the second transaction is allowed based on a content filter, and routes the second transaction to the second destination IP address in response to determining that the second transaction is allowed.
  - 9. The method of claim 8, wherein the parental control device issues a third transaction from the parental control device that is destined to the first source IP address, and that indicates that routing of the second transaction was prevented.

10. A network-based parental control system, comprising:
- a memory storing executable instructions; and
  
  a processor coupled to the memory, which responsive to executing the instructions, performs operations comprising;
  
  receiving, from a residential gateway of a system, a first transaction destined for a destination device on the network, the network including a plurality of access routers each having a range of IP addresses associated therewith, the first transaction including a first source IP address and a first destination IP address,wherein the first transaction is redirected by the system on a first network path to the network-based parental control system, responsive to the system detecting the first source IP address in the first transaction having a first address portion associated with a first block of IP addresses reserved, in accordance with an address assignment performed by a host server, for parental control services provided by the network-based parental control system, or detecting that the first destination IP address has a second address portion associated with the first block of IP addresses, wherein IP addresses in the first block of IP addresses are not in the range associated with the access routers and are assigned to residential gateways distinct from equipment of network subscribers;
  
  wherein the first address portion of the first source IP address corresponds to a range of IP addresses, is not specific to the residential gateway, and indicates whether the first source IP address is included in the first block of IP addresses,wherein the second address portion of the first destination IP address corresponds to a range of IP addresses, is not specific to the destination device, and indicates whether the first destination IP address is included in the first block of IP addresses,wherein the first transaction is routed on a second network path distinct from the first network path if not redirected;
  
  determining, using a parental control policy comprising content filtering applied to the first transaction by a policy manager server distinct from the host server, whether the first transaction is allowed;
  
  routing the first transaction to the first destination IP address responsive to determining the first transaction is allowed; and
  
  preventing a routing of the first transaction responsive to determining the first transaction is not permitted.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The network-based parental control system of claim 10, wherein the determining comprises determining that the first transaction is allowed based on the content filtering.
  - 12. The network-based parental control system of claim 10, wherein the determining comprises determining that the first transaction is not permitted based on the content filtering.
  - 13. The network-based parental control system of claim 12, wherein the processor further performs operations comprising issuing a third transaction directed to the first source IP address that indicates that routing of the first transaction was prevented.
  - 14. The network-based parental control system of claim 10, wherein the processor further performs operations comprising:
    - receiving from the system a second transaction including a second destination IP address;
      
      determining whether the second transaction is allowed; and
      
      routing the second transaction to the second destination IP address in response to determining that the second transaction is allowed.

15. A non-transitory machine-readable storage device, comprising executable code, which when executed by a processor of a host server, causes the processor to perform operations comprising:
- receiving a first request from equipment of a first subscriber to use a network-based parental control service provided by a network, the network including a plurality of access routers each having a range of IP addresses associated therewith;
  
  assigning a first IP address to a first access device in response to receiving the first request, the first access device comprising a residential gateway distinct from the equipment of the first subscriber, wherein the first IP address is selected from a first block of IP addresses that are reserved on the network for the network-based parental control service and not in the range associated with the access routers;
  
  receiving a first transaction from the first access device, the first access device being a source of the first transaction, the first transaction having a first source IP address and a first destination IP address, the first transaction being destined for a destination device having the first destination IP address;
  
  determining whether either the first source IP address or the first destination IP address of the first transaction is included in the first block of IP addresses, wherein the determining is based only on the first IP source address or the first IP destination address respectively;
  
  redirecting the first transaction on a first network path to a parental control device on the network in response to determining that the first source IP address or the first destination IP address is included in the first block of IP addresses, the parental control device comprising a policy manager server distinct from the host server and coupled to an access router performing the redirecting,wherein a first address portion of the first source IP address corresponding to a range of IP addresses and not specific to the first access device indicates whether the first source IP address is included in the first block of IP addresses,wherein a second address portion of the first destination IP address corresponding to a range of IP addresses and not specific to the destination device indicates whether the first destination IP address is included in the first block of IP addresses,wherein the parental control device, using a parental control policy comprising content filtering applied to the first transaction, determines whether to route or block the first transaction;
  
  routing the first transaction on a second network path distinct from the first network path to the first destination IP address in response to determining that the first source IP address is not included in the first block of IP addresses;
  
  receiving a second transaction destined for the first access device;
  
  determining that a second destination IP address of the second transaction is included in the first block of IP addresses; and
  
  redirecting the second transaction to the parental control device in response to determining that the second destination IP address is included in the first block of IP addresses.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable storage device of claim 15, wherein the operations further comprise:
    - receiving a second request from equipment of a second subscriber to not use the network-based parental control service provided by the network;
      
      assigning a second IP address to a second access device associated with the equipment of the second subscriber in response to receiving the second request, the second access device comprising a residential gateway for the second subscriber, wherein the second IP address is selected from a second block of IP addresses that are reserved on the network for users who have requested to not use the network-based parental control service;
      
      receiving a third transaction from the second access device;
      
      determining that a second source IP address of the third transaction is included in the second block of IP addresses;
      
      routing the third transaction to a third destination IP address associated with the third transaction in response to determining that the second source IP address is included in the second block of IP addresses;
      
      receiving a fourth transaction;
      
      determining that a fourth destination IP address of the fourth transaction is included in the second block of IP addresses; and
      
      routing the fourth transaction to the fourth destination IP address in response to determining that the fourth destination IP address is included in the second block of IP addresses.
  - 17. The non-transitory machine-readable storage device of claim 15, wherein the parental control policy further comprises usage control and management applied to the first transaction.
  - 18. The non-transitory machine-readable storage device of claim 17, wherein the parental control device issues a fifth transaction destined to the first source IP address that indicates that routing of the first transaction was prevented.
  - 19. The non-transitory machine-readable storage device of claim 17, wherein the parental control device performs operations comprising:
    - determining that the first transaction is allowed based on the content filtering; and
      
      routing the first transaction to the first destination IP address in response to determining that the second transaction is allowed.
  - 20. The non-transitory machine-readable storage device of claim 17, wherein the parental control device performs operations comprising:
    - determining that the first transaction is not allowed based on the content filtering;
      
      preventing the routing of the first transaction in response to determining that the first transaction is not allowed; and
      
      issuing a fifth transaction that is destined to the first source IP address, and that indicates that routing of the first transaction was prevented.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Harp, David, Bearden, Toby, Godfrey, Jason M.
Primary Examiner(s)
Banks Harold, Marsha D.
Assistant Examiner(s)
WYLLIE, CHRISTOPHER T

Application Number

US12/789,001
Publication Number

US 20110292938A1
Time in Patent Office

2,364 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/9535   Search customisation based ...

H04L 12/56   Packet switching systems

H04L 45/306   Route determination based o...

H04L 61/5014   using dynamic host configur...

H04L 61/5061   Pools of addresses

H04L 63/0245   Filtering by information in...

H04L 63/168   above the transport layer

System and method of redirecting internet protocol traffic for network based parental controls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of redirecting internet protocol traffic for network based parental controls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links