Proxy session count limitation

US 6,816,901 B1
Filed: 01/31/2003
Issued: 11/09/2004
Est. Priority Date: 05/06/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, the method comprising:

maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;

responding to a user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by checking the local database to determine if the users log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP; and

responding to said user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by further checking a central database, said central database including group identifications, corresponding maximum numbers of proxy sessions for each group in the data communications network, and corresponding current proxy session counts for each group in the data communications network, said checking a central database including determining if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

154 Citations

View as Search Results

24 Claims

1. A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, the method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by checking the local database to determine if the users log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP; and
  
  responding to said user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by further checking a central database, said central database including group identifications, corresponding maximum numbers of proxy sessions for each group in the data communications network, and corresponding current proxy session counts for each group in the data communications network, said checking a central database including determining if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
3. The method of claim 1, further comprising:
- rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
4. The method of claim 1, wherein said predetermined number is zero.
5. The method of claim 1, further comprising:
- allowing said user'"'"'s attempt to log in if it is not rejected;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in;
  
  publishing a proxy session log in event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s log in; and
  
  notifying the central database to increment a data communications network current proxy session count at the central database in response to said publishing.
6. The method of claim 5, further comprising:
- decrementing a proxy session count associated with the user'"'"'s group at the local database in response to a user'"'"'s log out;
  
  publishing a proxy session log out event corresponding to the user'"'"'s group to other subscribing PoPs in response to said user'"'"'s log out; and
  
  notifying the central database to decrement a data communications network current proxy count at the central database in response to said publishing a proxy session log out event.

7. An apparatus for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, the apparatus comprising:
- a local database associate with a particular PoP of the data communications network, said local database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, corresponding current proxy session counts for each group at the PoP, corresponding maximum numbers of proxy sessions for each group on the data communications networks, and corresponding current network-wide proxy session counts for each group on the data communications network;
  
  a local database checker which, in response to a user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks said local database to determine if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy session associated with said particular group at the PoP; and
  
  a central database checker which, in response to user'"'"'s attempt to log in to the data communications network as a proxy user of a particular group, checks a central database, said central database including group identifications, corresponding maximum numbers of proxy sessions for each group in the data communication network, and corresponding current proxy session counts for each group in the data communications network, and determines if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus of claim 7, further comprising:
9. The apparatus of claim 8, wherein said log in rejecter further rejects said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
10. The apparatus of claim 7, wherein said predetermined number is zero.
11. The apparatus of claim 7, further comprising:
- a proxy session count incrementer which increments a proxy session count associated with the user'"'"'s group at the local database if said user'"'"'s log in is not rejected;
  
  a proxy session log in event publisher which publishes a proxy session log in event corresponding to the user'"'"'s group to other subscribing PoPs if said user'"'"'s log in is not rejected; and
  
  a central database notifier which notifies the central database to increment a data communications network current proxy session count at the central database in response to said publishing.
12. The apparatus of claim 11, further comprising:
- a proxy session count decrementer which decrements a proxy session count associated with the user'"'"'s group at the local database in response to a user'"'"'s log out;
  
  a proxy session log out event publisher which publishes a proxy session log out event corresponding to the user'"'"'s group to other subscribing PoPs in response to said user'"'"'s log out; and
  
  a data communications network current proxy session count decrementer which notifies the central database to decrement a data communications network current proxy count at the central database in response to said publishing a proxy session log out event.

13. An apparatus for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, the apparatus comprising:
- means for maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  means for responding to a user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by checking the local database to determine if the users log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP; and
  
  means for responding to said user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by further checking a central database, said central database including group identifications, corresponding maximum numbers of proxy sessions for each group in the data communications network, and corresponding current proxy session counts for each group in the data communications network, said checking a central database including determining if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, further comprising:
15. The apparatus of claim 13, further comprising:
- means for rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
16. The apparatus of claim 13, wherein said predetermined number is zero.
17. The apparatus of claim 13, further comprising:
- means for allowing said user'"'"'s attempt to log in if it is not rejected;
  
  means for incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in;
  
  means for publishing a proxy session log in event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s log in; and
  
  means for notifying the central database to increment a data communications network current proxy session count at the central database in response to said publishing.
18. The apparatus of claim 17, further comprising:
- means for decrementing a proxy session count associated with the user'"'"'s group at the local database in response to a user'"'"'s log out;
  
  means for publishing a proxy session log out event corresponding to the user'"'"'s group to other subscribing PoPs in response to said user'"'"'s log out; and
  
  means for notifying the central database to decrement a data communications network current proxy count at the central database in response to said publishing a proxy session log out event.

19. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group, the method comprising:
- maintaining a local database associated with a particular PoP of the data communications network, said database including group identifications, corresponding maximum numbers of proxy sessions for each group at the PoP, and corresponding current proxy session counts for each group at the PoP;
  
  responding to a user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by checking the local database to determine if the users log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP; and
  
  responding to said user'"'"'s attempt to log in to the data communications as a proxy user of a particular group by further checking a central database, said central database including group identifications, corresponding maximum numbers of proxy sessions for each group in the data communications network, and corresponding current proxy session counts for each group in the data communications network, said checking a central database including determining if the user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The program storage device of claim 19, wherein the method further comprises:
21. The program storage device of claim 19, wherein the method further comprises:
- rejecting said user'"'"'s attempt to log in if said user'"'"'s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network.
22. The program storage device of claim 19, wherein said predetermined number is zero.
23. The program storage device of claim 19, wherein the method further comprises:
- allowing said user'"'"'s attempt to log in if it is not rejected;
  
  incrementing a proxy session count associated with the user'"'"'s group at the local database in response to allowing said user'"'"'s log in;
  
  publishing a proxy session log in event corresponding to the user'"'"'s group to other subscribing PoPs in response to allowing said user'"'"'s log in; and
  
  notifying the central database to increment a data communications network current proxy session count at the central database in response to said publishing.
24. The program storage device of claim 23, wherein the method further comprises:
- decrementing a proxy session count associated with the user'"'"'s group at the local database in response to a user'"'"'s log out;
  
  publishing a proxy session log out event corresponding to the user'"'"'s group to other subscribing PoPs in response to said user'"'"'s log out; and
  
  notifying the central database to decrement a data communications network current proxy count at the central database in response to said publishing a proxy session log out event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Yager, Charles Troper, Alesso, Craig Michael, Sitaraman, Aravind
Primary Examiner(s)
Chin, Wellington
Assistant Examiner(s)
HO, CHUONG T

Application Number

US10/355,666
Time in Patent Office

648 Days
Field of Search

709/225, 709/226, 709/229, 709/224, 709/223, 709/217, 709/219, 713/201, 370/328
US Class Current

709/225
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 67/2885   Hierarchically arranged int...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/565   Conversion or adaptation of...

H04L 69/329   in the application layer [O...

Proxy session count limitation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

154 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy session count limitation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links