U.S. patent number RE46,459 [Application Number 14/691,246] was granted by the patent office on 2017-06-27 for user specific automatic data redirection system.
This patent grant is currently assigned to LINKSMART WIRELESS TECHNOLOGY, LLC. The grantee listed for this patent is Linksmart Wireless Technology, LLC. Invention is credited to Koichiro Ikudome, Moon Tai Yeung.
United States Patent |
RE46,459 |
Ikudome , et al. |
June 27, 2017 |
User specific automatic data redirection system
Abstract
A data redirection system for redirecting user's data based on a
stored rule set. The redirection of data is performed by a
redirection server, which receives the redirection rule sets for
each user from an authentication and accounting server, and a
database. Prior to using the system, users authenticate with the
authentication and accounting server, and receive a network
address. The authentication and accounting server retrieves the
proper rule set for the user, and communicates the rule set and the
user's address to the redirection server. The redirection server
then implements the redirection rule set for the user's address.
Rule sets are removed from the redirection server either when the
user disconnects, or based on some predetermined event. New role
sets are added to the redirection server either when a user
connects, or based on some predetermined event.
Inventors: |
Ikudome; Koichiro (Lomita,
CA), Yeung; Moon Tai (Monrovia, CA) |
Applicant: |
Name |
City |
State |
Country |
Type |
Linksmart Wireless Technology, LLC |
Pasadena |
CA |
US |
|
|
Assignee: |
LINKSMART WIRELESS TECHNOLOGY,
LLC (Pasadena, CA)
|
Family
ID: |
26770414 |
Appl.
No.: |
14/691,246 |
Filed: |
April 20, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
Issue Date |
|
|
60084014 |
May 4, 1998 |
|
|
|
Reissue of: |
09295966 |
Apr 21, 1999 |
6779118 |
Aug 17, 2004 |
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L
63/102 (20130101); H04L 63/0227 (20130101); H04L
29/06 (20130101); H04L 63/0236 (20130101); H04L
63/0263 (20130101); H04L 29/06 (20130101); H04L
67/2814 (20130101); H04L 63/0435 (20130101); H04L
63/08 (20130101); H04L 67/42 (20130101); H04L
63/08 (20130101) |
Current International
Class: |
H04L
29/06 (20060101) |
Field of
Search: |
;726/7,14
;705/50-80 |
References Cited
[Referenced By]
U.S. Patent Documents
Foreign Patent Documents
|
|
|
|
|
|
|
2226814 |
|
Jul 1998 |
|
CA |
|
2226814 |
|
Mar 2003 |
|
CA |
|
699 41 540 |
|
Jun 2016 |
|
DE |
|
0 811 939 |
|
Dec 1997 |
|
EP |
|
0854621 |
|
Jul 1998 |
|
EP |
|
0854621 |
|
Jul 1998 |
|
EP |
|
2316841 |
|
Mar 1998 |
|
GB |
|
WO 96/05549 |
|
Feb 1996 |
|
WO |
|
WO 96/39668 |
|
Dec 1996 |
|
WO |
|
WO 97/11429 |
|
Mar 1997 |
|
WO |
|
WO 98/03927 |
|
Jan 1998 |
|
WO |
|
WO 98/26548 |
|
Jun 1998 |
|
WO |
|
WO 99/57660 |
|
Nov 1999 |
|
WO |
|
WO 00/16529 |
|
Mar 2000 |
|
WO |
|
Other References
Hiden, R. et al.: Gateway Special Interest Group Meeting Notes;
Request for comments 898898, published in Apr. 1984. cited by
applicant .
Clark, D.: Policy routing in Internet Protocols; Request for
comments 1102, published in May 1989. cited by applicant .
Berners-Lee, T et al.: Hypertext Transfer Protocol--http/1.0,
Request for comments 1945, published in May 1996. cited by
applicant .
English language translation of the relevant portions of a Judgment
rendered on Patent No. EP 1 076 975 by the German Patent and
Trademark Office on Dec. 14, 2015 in the Action by Plaintiff
Deutsche Telekom AG. cited by applicant .
Aas, Gisle, Maceachern, Doug, Apache.pm, 18 pages; available at
http://www.apache.org/docs>. cited by applicant .
Amended Invalidity Contentions of AT&T et al., Linksmart
Wireless Technology, LLC v. T-Mobile, LLC, Inc., et al., Case Nos.
(consolidated) 2:08-cv-00264-DF-CE, 2:08-cv-00304-DF-CE,
2:08-cv-00385-DF-CD, 2:09-cv-00026-DF-CE, U.S .District Court
Eastern District of Texas, Marshall Division, 100 pages, Aug. 19,
2010. cited by applicant .
Amended Complaint, Demand for Jury Trial, IP3 Networks, Inc. v.
Nomadix, Inc., Case No. 04-cv-1485 DMS (POR), 48 pages (including
Exhibits 1-3, Sep. 20, 2004, United States District Court, Southern
District of California. cited by applicant .
Answer and Counterclaims of Nomadix Inc. to the Amended Complaint,
IP3 Networks, Inc. v. Nomadix, Inc., Case No. 04-cv-1485 DMS (POR);
46 pages, filed Oct. 21, 2004, United States District Court,
Southern District of California. cited by applicant .
Arar, Yardena, Prepaid Internet Access Cards: Instant ISP,
pcworld.com, 1 page, Jul. 14, 1997. cited by applicant .
Armstead, Internet post: "Re: redirect," dated Mar. 2, 1998,
archived at www.squid-cache.org, document states that archive was
generated on Dec. 9, 2003, 2 pages. cited by applicant .
Auric Web Systems, News, web page at
http://www.auricweb.com/news.html>, 3 pages, accessed Jul. 12,
1999, including press releases: Prepaid Card Has Made An Exciting
Debut, Dec. 10, 1998; ISP's Now Can provide "Commercial Breaks" on
the Web With Our User side Software, Dec. 7, 1998; Beyond Banner
Ads, Beyond "Push," Jun. 16, 1998; New Internet Advertisement Tool
Make a Successful Debut, May 18, 1998; Auric Web System announces
Micro Gateway, Sep. 1, 1997; Auric Web Systems announces ISP
Enhancer, Dec. 15, 1997; and Auric Web Systems announces EC
Gateway, Jan. 15, 1997. cited by applicant .
Auric Web Systems unveils software to reduce the opening costs of
Internet service providers, press release, Auric Web Systems, Inc.,
Business Wire, 2 pages, Mar. 25, 1997. cited by applicant .
Auric Web Unveils Tool to Navigate Customer Directly to a Specific
Website, press release, Auric Web Systems, Inc., 1 page, Nov. 24,
1997. cited by applicant .
Avolio and Ranum, "A Network Perimeter with Secure External
Access," 11 pages; Trusted Information Systems, Jan. 25, 1994.
cited by applicant .
Bahn (ed.), Microsoft Computer Dictionary, Microsoft Press, 4.ed.,
1999, p. 136. cited by applicant .
Baker et al., Local Control Over Filtered WWW Access, 12 pages;
http://www.w3.org/Conferences/WWW4/Papers/117, Fourth International
World Wide Web Conference, Dec. 1995. cited by applicant .
Baker, Mary G. et al., Supporting Mobility in MosquitoNet,
Proceedings of the 1996 USENIX Technical Conference, San Diego, CA,
13 pages, Jan. 1996. cited by applicant .
Beerman, Cord, Re: Support for cern like Pass/Fair proxy limits?; 2
pages, available at
http://www.squid-cache.org/mail-archive/squid-users/199611/0385.html
(visited Feb. 1, 2005). cited by applicant .
Berners-Lee, T. et al., Network Working Group, Request for
Comments: 1945, "Hypertext Transfer Protocol--HTTP/1.0," May 1996;
60 pages. cited by applicant .
Best Western's Supplemental Claim Construction Brief, Linksmart
Wireless Technology, LLC v. T-Mobile USA, Inc. et al., U.S.
District Court of Eastern District of Texas, Marshall Division,
Case No. 2:08-cv-000264-DF-CF, filed Apr. 16, 2010, pp. 1-16
(including Exhibits 1-2). cited by applicant .
Blankers, "Network solutions for Internet access servers," 12
pages; Ericsson Review, Internet Access Servers 1998. cited by
applicant .
Boutell, "CGI Programming in C & Perl," 7 pages; 1996. cited by
applicant .
Braden, B. Postel, J., Requirements for Internet Gateways, Jun.
1987; 50 pages; Network Working Group, Request for Comments 1009.
cited by applicant .
Buying Made Easy: Auric Web Bypasses Credit Cards, Internet Week, 1
page, Feb. 17, 1997. cited by applicant .
"Campus World," Presentation by Phil Moore, 1998, 15 pages. cited
by applicant .
Carl-Mitchell, Smoot, Quaterman, John, S., Using ARP to Implement
Transparent Subnet Gateways; Oct. 1987; 8 pages, Network Working
Group, Request for Comments 1027. cited by applicant .
Chapman and Zwicky, Building Internet Firewalls O'Reilly &
Associates, 1995. cited by applicant .
Chatel, M., Classical Versus Transparent IP Proxies; Mar. 1996; 32
pages, Network Working Group, Request for Comments 1919. cited by
applicant .
Cisco 2500 Access Server Series, Data Sheet, Cisco Systems, 5
pages, Sep. 1997. cited by applicant .
Cisco 2509-2512 Series Access Servers, Product Announcement, I.D.
No. 027ALL, Cisco Systems, 8 pages, undated (1995 copyright
notice). cited by applicant .
Cisco 6510 Service Selection Gateway, End of Sale Announcement,
End-of-Life Notice No. 1135, Cisco Systems, 4 pages, Apr. 2005.
cited by applicant .
Cisco 6510 Service Selection Gateway Version 1.0(2), Release Notes,
Doc. No. 78-5181-03, Cisco Systems, 6 pages, undated (1998
copyright notice). cited by applicant .
Cisco Announces DSL Service Creation and Control Platforms: Enables
Service Providers to Create Differentiated Internet Services on a
Per-Use Basis, press release, Cisco Systems, 2 pages, May 26, 1998.
cited by applicant .
Cisco Internetworking Technologies Handbook, Chapter 15, entitled
Dial-up Technology, Cisco, pp. 1-12. cited by applicant .
Cisco Secure ACS 2.1(4), for Windows NT, Release Notes, Doc. No.
78-5462-01 Rev. A0, Cisco Systems, 6 pages, Jun. 15, 1998. cited by
applicant .
"ChoiceNet Administrator's Guide," Livingston Enterprises, 88
pages, Jan. 1997. cited by applicant .
Claim Construction Brief of Defendants of Linksmart Wireless
Technologies, Inc. v. T-Mobile USA, Inc. et al., U.S. District
Court for the Eastern District of Texas, Marshall Division, Case
No. 2:08-cv-000264-DF-CE, filed Apr. 16, 2010, pp. 1-39. cited by
applicant .
Complaint, Demand for Jury Trial; IP3 Networks, Inc. v. Nomadix,
Inc., Case No. 04-cv-1485 DMS (POR); 48 pages, filed Jul. 23, 2004,
United States District Court, Southern District of California.
cited by applicant .
Connoly et al., Database Systems: A Practical Approach to Design,
Implementation, and Management, 3.ed., Addison-Wesley, 2002, p. 72.
cited by applicant .
Corner, Internetworking with TCP/IP, 3.sup.rd ed., vol. 1, cover,
title page, p. 46 (3 pages) 1995. cited by applicant .
D. Carrel, L. Grant, "TACACS+ Protocol Version 1.75," 40 pages,
Internet Draft (TACACS+)/RFC1492, Cisco Systems, Oct. 1996. cited
by applicant .
Declaration of Kevin Jeffay, Ph.D., Linksmart Wireless Technology,
LLC v. T-Mobile USA, Inc. et al., District Court of the Eastern
District of Texas, Marshall Division, Case No.
2:08-cv-000264-DF-CF, filed Apr. 16, 2010, pp. 1-21 (including
Exhibit A). cited by applicant .
Declaration of Kevin Jeffay, Ph.D., Linksmart Wireless Technology,
LLC v. T-Mobile USA, Inc. et al., District Court of the Eastern
District of Texas, Marshall Division, Case No.
2:08-cv-000264-DF-CF, filed Apr. 16, 2010, pp. 1-53 (including
Exhibit A-C). cited by applicant .
Declaration of Noah A. Levine in Support of Claim Construction
Brief of Defendants, Linksmart Wireless Technology, LLC v. T-Mobile
USA, Inc. et al., District Court of the Eastern District of Texas,
Marshall Division, Case No. 2:08-cv-000264-DF-CF, filed Apr. 16,
2010, pp. 1-131 (including exhibits 1-9). cited by applicant .
Defendants' Patent Local Rule 4-2 Preliminary Constructions and
Extrinsic Evidence of Linksmart Technology, LLC c. T-Mobile USA,
Inc. et al., U.S. District Court for the Eastern District of Texas,
Marshall Division, Case No. 2:08-cv-000264-DF-CE, filed Apr. 16,
2010, p. 1-6. cited by applicant .
Dial-up Networking and Mobile Computing: The Basics, Microsoft
TechNet, available at
http://technet.microsoft.com/en-us/library/cc751107(printer).aspx
on Jan. 21, 2010; pp. 1-26. cited by applicant .
Dominik, Internet post: "redirect," dated Nov. 30, 1997, as
archived at www.squid-cache.org, document states that archive was
generated on Dec. 9, 2003, 1 page. cited by applicant .
Douglas Comer, Internetworking with TCP/IP, 3.ed., 1995. cited by
applicant .
Droms, R., Dynamic Host Configuration Protocol, Network Working
Group, Request for Comments 1531, 35 pages, Oct. 1993. cited by
applicant .
Droms, R., Dynamic Host Configuration Protocol, Network Working
Group, Request for Comments 2131, 43 pages, Mar. 1997. cited by
applicant .
Duane Wessels, Squid and ICP: Past, Present and Future, Aug. 16,
1997; 15 pages. cited by applicant .
Egevang, K., Francis, P., The IP Network Address Translator (NAT);
May 1994; 9 pages, Network Working Group, Request for Comments
1631. cited by applicant .
Elmasri et al., Fundamentals of Database Systems, 2.ed.,
Addison-Wesley, 1994. cited by applicant .
Ex Parte Linksmart Wireless Technology, LLC, No. 2011-009566
(B.P.A.I., Aug. 23, 2011). cited by applicant .
Felton, E. W., et al., Wob Spoofing: An Internet Con Game,
Technical Report 540-96 (Revised Feb. 1997), Department of Computer
Science, Princeton University, 1996, 1997, 9 pages. cited by
applicant .
Fiedler, D., et al., Dr. Website: Using META Tags for
Identification and Control of Pages,
http://www.webdeveloper.com/drweb/19971103-drweb.html, Nov. 3,
1997; 4 pages. cited by applicant .
First Supplemental Invalidity Contentions of AT&T et al.,
Linksmart Wireless Technology, LLC v. T-Mobile, LLC, Inc., et al.,
Case Nos. (consolidated) 2:08-cv-00264-DF-CE, 2:08-cv-00304-DF-CE,
2:08-cv-00385-DF-CD, 2:09-cv-00026-DF-CE, U.S .District Court
Eastern District of Texas, Marshall Division, 82 pages, Mar. 25,
2010. cited by applicant .
First Supplemental Invalidity Contentions of Cisco Systems, Inc. et
al., Linksmart Wireless Technology, LLC v. T-Mobile, LLC, Inc., et
al., Case Nos. (consolidated) 2:08-cv-00264-DF-CE,
2:08-cv-00304-DF-CE, 2:08-cv-00385-DF-CD, 2:09-cv-00026-DF-CE, U.S
.District Court Eastern District of Texas, Marshall Division, 91
pages, May 17, 2010. cited by applicant .
George, Mike, Hardware Hustle hits the Classroom, 3 pages, The
Independent, May 20, 1996. cited by applicant .
Grice, Corey, Comcast launches broadband portal, news.cnet.com, 3
pages, Jan. 4, 1999. cited by applicant .
Guido Appenzeller, Mema Roussopoulos and Mary Baker, User-Friendly
Access Control for Public Network Ports, 8 pages, IEEE
Transactions, Mar. 1999. cited by applicant .
Hornig, Charles, A Standard for the Transmission of IP Diagrams
over Ethernet Networks; Apr. 1984; 3 pages, Network Working Group,
Request for Comments 894. cited by applicant .
Housel and Lindquist, WebExpress: A System for Optimizing Web
Browsing in a Wireless Environment, 10 pages; Proceedings of the
Second Annual International Conference on Mobile Computing and
Networking; Nov. 1996. cited by applicant .
How to Determine the Version of Windows 95/98/Me in Use, May 12,
2007; Microsoft, available at
http://support.microsoft.com/kb/158238; Jan. 21, 200 (4 pages).
cited by applicant .
Iain Langdon, Education for Changing Times--An Online Learning
Framework, 3 pages, WebNet 96, Oct. 15-19, 1996. cited by applicant
.
Ikudome et al., User Specific Automatic Web Redirection System,
Technical Innovation Report, Auric Web Systems, Aug. 14, 1997, 8
pages. cited by applicant .
Information Science Institute, Internet Protocol, DARPA Internet
Program, Protocol Specification, Sep. 1981, 49 pages, available at
<http://www.faqs.org/rfcs/rfc791.html> (visited Feb. 1,
2005). cited by applicant .
Interactive Media Works and Netcom Incorporate NetCruiser Software
and Internet Access with sampleNET, press release, Interactive
Media Works, LLC, 1 page, Feb. 5, 1996. cited by applicant .
Interactive Media Works Brings Web Browsing to Pre-Paid Phone Cards
with the sampleNET Card, press release, Interactive Media Works,
LLC, 2 pages, Feb. 13, 1996. cited by applicant .
International Telecommunication Union, Telecommunication Standard
ITU-T Standard: Data Communication Over the Telephone Network, v.8,
ITU, Sep. 1994; pp. 1-10. cited by applicant .
Invalidity Contentions of AT&T et al., Linksmart Wireless
Technologies, Inc. v. T-Mobile USA, Inc. et al., District Court of
the Eastern District of Texas, Marshall Division, Case Nos.
(consolidated) 2:08-cv-000264-DF-CE, 2:08-cv-000304-DF-CE,
2:08-cv-000385-DF-CE, 2:09-cv-00026-DF-CE, Oct. 8, 2009, 754 pages
(including appendixes A-C). cited by applicant .
Invalidity Contentions of T-Mobile USA, Inc., Linksmart Wireless
Technologies, Inc. v. T-Mobile USA, Inc. et al., District Court of
the Eastern District of Texas, Marshall Division, Case Nos.
(consolidated) 2:08-cv-000264-DF-CE, 2:08-cv-000304-DF-CE,
2:08-cv-000385-DF-CD, 2:09-cv-00026-DF-CE, Oct. 8, 2009, 325 pages
(including appendixes A). cited by applicant .
Kostick, Building a Linux Firewall, 9 pages, Linux Journal, Apr.
1996 (accessed at http://delivery.acm.org/10.1145/330000/3255560).
cited by applicant .
Kostick, Chris, System Administration: IP Masquerading Code
Follow-up, Linux Journal, (accessed at
http://delivey.acm.org/10.1145/330000/327059/), 14 pages, Nov.
1997. cited by applicant .
Levene et al., A Guided Tour of Relational Databases and Beyond,
Springer, 1999, pp. 1-12. cited by applicant .
Leveridge, Phil C., CampusWorld and BT's On-Line Education
Services, 6 pages; BT Technology Journal, v.15, No. 2, Apr. 1997.
cited by applicant .
Linksmart Wireless Technology, LLC Disclosure for Asserted Claims
and Infringement Contentions Against Defendants. cited by applicant
.
Linksmart Marksman Brief, Weiss Declaration and Exhibits. cited by
applicant .
Linksmart Opening Claim Construction Brief, Linksmart Wireless
Technology, LLC v. T-Mobile, LLC, Inc., et al., Case Nos.
(consolidated) 2:08-cv-00264-DF-CE, 2:08-cv-00304-DF-CE,
2:08-cv-00385-DF-CD, 2:09-cv-00026-DF-CE, U.S .District Court
Eastern District of Texas, Marshall Division, 91 pages, May 17,
2010. cited by applicant .
"Livingston ChoiceNet--How it Works,"
www.livingston.com/Marketing/Products/choicenet.sub.--H1W.shtml,
retrieved from <web.archibve.org> purportedly archived on
Apr. 30, 1997; 1 page. cited by applicant .
Loon et al., Alleviating the Latency and Bandwidth Problems in WWW
Browsing, 13 pages, Proceedings of the USENIX Symposium on Internet
Technologies and Systems, Monterey, California, Dec. 1977. cited by
applicant .
Lopez, Bryan S., An Investigation and Assessment of Linux IPChains
and Its Vulnerability with Respect to Network Security, Thesis,
Naval Postgraduate School, Monterey, CA, 136 pages, Jun. 2000.
cited by applicant .
Luotonen, Arj, Altis, Kevin, World-Wide Web Proxies; Apr. 1994; 8
pages. cited by applicant .
Maceachern, Doug, Apachel/Perl Integration Project; README; 2
pages, available at <http://apache.perl.org>,
<http://outside.organic.com/mail-archives/modperl>, and
<http://www.ping.de/.about.fdc/mod.sub.--perl>. cited by
applicant .
"Major Telecom Company launches Education Internet Service for
Schools," 3 pages, Learning in a Global Information Society, Sep.
20, 1995. cited by applicant .
Make users go thru login, Available at
http://www.microsoft.public.inetserver.iis.activeserverpages.html
(visited Oct. 5, 2005 but including items dated Jan. 19, 1998); 2
pages. cited by applicant .
Malkin, Comprehensive Networking Glossary and Acronym Guide 47,
1995. cited by applicant .
Malkin, Comprehensive Networking Glossary and Acronym Guide, 1995,
title page, preface, pp. 46-47, 114-115, 154-155 (4 pages). cited
by applicant .
"Max 6000 Series Administration Guide," Ascend Communications,
Inc., 428 pages (copyright notice 1998). cited by applicant .
"Max 6000 Series Hardware Installation Guide," Ascend
Communications, Inc., 159 pages (copyright notice 1998). cited by
applicant .
"Max 6000 Series Network Configuration Guide," Ascend
Communications, Inc., 523 pages (copyright notice 1998). cited by
applicant .
"Max 800 Series Administration Guide," Ascend Communications, Inc.,
286 pages (copyright notice 1998). cited by applicant .
"Max 800 Series Hardware Installation Guide," Ascend
Communications, Inc., 51 pages (copyright notice 1998). cited by
applicant .
"Max 800 Series Network Configuration Guide," Ascend
Communications, Inc., 280 pages (copyright notice 1998). cited by
applicant .
"Max Glossary," Ascend Communications, Inc., 226 pages (copyright
notice 1998). cited by applicant .
"Max Radius Configuration Guide," Ascend Communications, Inc., 556
pages, (copyright notice 1998). cited by applicant .
"Max Reference Guide," Ascend Communications, 307 pages (copyright
notice 1998). cited by applicant .
"Max Security Supplement," Ascend Communications, 176 pages
(copyright notice 1998). cited by applicant .
"Max T1/PRI Radius Supplement," Ascend Communications, Inc., 82
pages, 1996. cited by applicant .
Memorandum and Order [regarding claim construction issues],
Linksmart Wireless Technology, LLC v. T-Mobile, LLC, Inc., et al.,
Case Nos. 2:08-cv-00264-DF-CE, U.S .District Court Eastern District
of Texas, Marshall Division, 23 pages, Jun. 30, 2010. cited by
applicant .
Microsoft Windows NT Server Resource Kit, Version 4.0, Supplement
One, Microsoft Press, 1997, pp. 88-89. cited by applicant .
Microsoft Windows NT Workstation Resource Kit: Comprehensive
Resource Guide and Utilities for Windows NT Workstation Version
4.0, Microsoft Press, 1996, pp. 1023-1025. cited by applicant .
Mockapetris, P., Domain Names--Implementation and Specification,
Network Working Group, Request for Comments 1035; 52 pages, Nov.
1987. cited by applicant .
Mockapetris, P., Domain Names--Concepts and Facilities, Nov. 1987,
49 pages, Network Working Group, Request for Comments 1034. cited
by applicant .
Mod.sub.--perl.c; Copyright; 1995-1997 The Apache Group; 20 pages.
cited by applicant .
NavisConnect User's Guide, Ascend Communications, 46 pages
(copyright notice 1998). cited by applicant .
"New Internet Card Offers Free Access," 3 pages; The Yomiuri
Shimbun/Daily Yomiuri, Sep. 29, 1998. cited by applicant .
Newton, Newton's Telecom Dictionary, Telecom Books and Flatiron
Publishing, 10.ed., Jan. 1998, cover, title page, p. 194 (3 pages).
cited by applicant .
Newton, Newton's Telecom Dictionary, Telecom Books and Flatiron
Publishing, 10.ed., Jan. 1998, p. 208. cited by applicant .
Nordstrom, Henrik, Internet post: Re: redirect, dated Mar. 2, 1998,
as archived at www.squid-cache.org, document states that archive
was generated on Dec. 9, 2003; 1 page. cited by applicant .
ODN Web Card, available at
<http://www.asahi.com/ad/clients/tsuuhan/entry.html>, 1 page,
Mar.-Apr. 1998, Japan (in Japanese). cited by applicant .
PC Work, article with picture of ODN Web Card, 1 page, Dec. 1998,
Japan (in Japanese). cited by applicant .
Person et al., Using Windows 95, Platinum Edition, Que Corporation,
1996, pp. 205 (7 pages). cited by applicant .
Phone Cards and the Internet: A Profitable Link, Intele-Card News,
2 pages, Mar. 1996. cited by applicant .
Plaintiff/Counter Defendant IPE Networks Inc.'s Reply to Defendant
Nomadix Inc.'s Counterclaim; IP3 Networks, Inc. v. Nomadix, Inc.,
Case No. 04-cv-1485 DMS (POR); 8 pages, Nov. 15, 2004, United
States District Court, Southern District of California. cited by
applicant .
Plummer, David C., An Ethernet Address Resolution Protocol or
Converting Network Protocol Addresses to 48.bit Ethernet Address
for Transmission on Ethernet Hardware; Nov. 1982; 8 pages, Network
Working Group, Request for Comments 826. cited by applicant .
Poger et al., Secure Public Internet Access Handler (SPINACH),
Proceedings of the USENIX Symposium on Internet Technologies and
Systems, Monterey, California, Dec. 1997; 12 pages. cited by
applicant .
Pop Go The Ads with Auric Systems Software, The Los Angeles Times,
1 page, Jan. 4, 1999. cited by applicant .
Postel, J., Multi-Lan Address Resolution, Oct. 1984; 14 pages,
Network Working Group, Request for Comments 925. cited by applicant
.
Prepaid Internet Access Cards, Card Track Online,
www.ramresearc.com/cardtrak/news/cf7.sub.--14f.sub.--97.html>, 1
page, Jul. 14, 1997. cited by applicant .
Prepaid Web-Surfing Cards Now Available for Easy Internet Access
From PCs and Video Game Boxes, press releases, Seer Technologies
Inc., Business Wire, 2 pages, Oct. 8, 1996. cited by applicant
.
"Proxy Server Version 2.0: Reviewer's Guide," 88 pages, 1997. cited
by applicant .
Request for Comments 2138, Internet Engineering Task Force, Apr.
1997. cited by applicant .
Riedman, Pat, Alcone's NetPerks to offer rewards to frequent
surfers, Advertising Age, 1 page, Jan. 6, 1997. cited by applicant
.
Rigney et al., Request for Comments 2138, Remote Authentication
Dial in User Service (RADIUS), Apr. 1997, The Internet Engineering
Task Force (IETF), The RFC Editor. cited by applicant .
Rigney, C., Radius Accounting, Network Working Group, Request for
Comments 2139, Apr. 1997; 25 pages. cited by applicant .
Russell, Rusty, Linux IPChains-Howto, v.1.0.8, 55 pages, Jul. 4,
2000. cited by applicant .
"SampleNET Products," <samplenet.com>, retrieved from
<web.archive.org>, purportedly archived on Apr. 4, 1997; 2
pages. cited by applicant .
Sclater, Neil, Markus, John, McGraw-Hill Electronics Dictionary,
6.ed., 1997, cover, title pages (2), pp. 110, 119 (5 pages). cited
by applicant .
S.D. Hubbard et al., Firewalling the Net, 13 pages, BT Technology
Journal, v.15, No. 2, Apr. 1997. cited by applicant .
Second Supplemental Invalidity Contentions of Cisco Systems, Inc.
et al., Linksmart Wireless Technology, LLC v. T-Mobile, LLC, Inc.,
et al., Case Nos. (consolidated) 2:08-cv-00264-DF-CE,
2:08-cv-00304-DF-CE, 2:08-cv-00385-DF-CD, 2:09-cv-00026-DF-CE, U.S
.District Court Eastern District of Texas, Marshall Division, 11
pages, Aug. 19, 2010. cited by applicant .
Simpson, et al. (eds.), Oxford English Dictionary, Clarendon Press,
2.ed., v.3, 1998, pp. 514-515. cited by applicant .
Simpson, et al. (eds.), Oxford English Dictionary, Clarendon Press,
2.ed., v.7, 1998, p. 881. cited by applicant .
Squid: Optimizing Web Delivery, squid.cache.org, 1 page, Aug. 25,
2009. cited by applicant .
Stewart, John N., Working with Proxy Servers, Mar. 1997, pp. 19-22,
WebServer Magazine. cited by applicant .
Stuart Elliot, The Media Business: Advertising--Addenda;
Interactive Media Begins Samplenet, 1 page, The New York Times,
Jul. 17, 1995. cited by applicant .
T-Mobile HotSpot,
http://hotspot.t-mobile.com/services.sub.--about.htm, viewed Jan.
5, 2009. cited by applicant .
The ChoiceNet.TM. Administrator's Guide, Livingston Enterprises, 88
pages, Jan. 1997. cited by applicant .
Trendy, article on second page with picture of Japan Telecom ODN
Web Card, 2 pages, May 1998, Japan (in Japanese). cited by
applicant .
Various authors, www.aquid.cache.org; 4 pages. cited by applicant
.
Videotaped Deposition of Koichiro Ikudome, Mar. 4, 2010, pp. 1, 238
and 239. cited by applicant .
Welsh, Implementing Loadable Kernal Modules for Linux, Dr. Dobb's
Software Tools for the Professional Programmer, May 1995 (accessed
at http://www.ddj.com); 9 pages. cited by applicant .
Wessels, D., Squid Proxy Server Configuration File 1.932.2 TAG
deny.sub.--info; Mar. 1997, 19 pages, available at
<http://www.squid-cache.org/mail-archive/squid-users/199703/att-0250/s-
quid.conf>; (visited Feb. 1, 2005). cited by applicant .
Windows History: Windows Desktop Timeline, Jun. 30, 2003; available
at http://www.microsoft.com/windows/WinHistoryProGraphic.mspx on
Jan. 21, 2010, Microsoft, pp. 1-2. cited by applicant.
|
Primary Examiner: Worjloh; Jalatee
Attorney, Agent or Firm: Hershkovitz & Associates, PLLC
Hershkovitz; Abe
Parent Case Text
RELATED APPLICATION
This application claims priority of U.S. Provisional Application
No. 60/084,014 filed May 4, 1998, the disclosure of which is
incorporated fully herein by reference.
Claims
What is claimed is:
1. A system comprising: a database with entries correlating each of
a plurality of user IDs with an individualized rule set; a dial-up
network server that receives user IDs from users' computers; a
redirection server connected to the dial-up network server and a
public network, and an authentication accounting server connected
to the database, the dial-up network server and the redirection
server; wherein the dial-up network server communicates a first
user ID for one of the users' computers and a temporarily assigned
network address for the first user ID to the authentication
accounting server; wherein the authentication accounting server
accesses the database arid communicates the individualized rule set
that correlates with the first user ID and the temporarily assigned
network address to the redirection server; and wherein data
directed toward the public network from the one of the users'
computers are processed by the redirection server according to the
individualized rule set.
2. The system of claim 1, wherein the redirection server further
provides control over a plurality of data to and from the users'
computers as a function of the individualized rule set.
3. The system of claim 1, wherein the redirection server further
blocks the data to and from the users' computers as a function of
the individualized rule set.
4. The system of claim 1, wherein the redirection server further
allows the data to and from the users' computers as a function of
the individualized rule set.
5. The system of claim 1, wherein the redirection server further
redirects the data to and from the users' computers as a function
of the individualized rule set.
6. The system of claim 1, wherein the redirection server further
redirects the data from the users' computers to multiple
destinations as a function of the individualized rule set.
7. The system of claim 1, wherein the database entries for a
plurality of the plurality of users' IDs are correlated with a
common individualized rule set.
8. In a system comprising a database with entries correlating each
of a plurality of user IDs with an individualized rule set; a
dial-up network server that receives user IDs from users'
computers; a redirection server connected to the dial-up network
server and a public network, and an authentication accounting
server connected to the database, the dial-up network server and
the redirection server, the method comprising the steps of:
communicating a first user ID for one of the users' computers and a
temporarily assigned network address for the first user ID from the
dial-up network server to the authentication accounting server;
communicating the individualized rule set that correlates with the
first user ID and the temporarily assigned network address to the
redirection server from the authentication accounting server; and
processing data directed toward the public network from the one of
the users' computers according to the individualized rule set.
9. The method of claim 8, further including the step of controlling
a plurality of data to and from the users' computers as a function
of the individualized rule set.
10. The method of claim 8, further including the step of blocking
the data to and from the users' computers as a function of the
individualized rule set.
11. The method of claim 5, further including the step of allowing
the data to and from the users' computers as a function of the
individualized rule set.
12. The method of claim 8, further including the step of
redirecting the data to and from the users' computers as a function
of the individualized rule set.
13. The method of claim 8, further including the step of
redirecting the data from the users' computers to multiple
destinations a function of the individualized rule set.
14. The method of claim 8, further including the step of creating
database entries for a plurality of the plurality of users' IDs,
the plurality of users' ID further being correlated with a common
individualized rule set.
15. A system comprising: a redirection server programmed with a
user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control passing between the user and a public
network; wherein the redirection server is configured to allow
automated modification of at least a portion of the rule set
correlated to the temporarily assigned network address; and wherein
the redirection server is configured to allow modification of at
least a portion of the rule set as a function of some combination
of time, data transmitted to or from the user, or location the user
access.
16. The system of claim 15, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of time.
17. The system of claim 15, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of the data transmitted to or from the user.
18. The system of claim 15, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of the location or locations the user access.
19. The system of claim 15, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of time.
20. The system of claim 15, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of the data transmitted to or
from the user.
21. The system of claim 15, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of the location or locations
the user access.
22. The system of claim 15, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of some combination of time,
data transmitted to or from the user, or location or locations the
user access.
23. The system of claim 15, wherein the redirection server has a
user side that is connected to a computer using the temporarily
assigned network address and a network side connected to a computer
network and wherein the computer using the temporarily assigned
network address is connected to the computer network through the
redirection server.
24. The system of claim 23 wherein instructions to the redirection
server to modify the rule set are received by one or more of the
user side of the redirection server and the network side of the
redirection server.
25. In a system comprising a redirection server containing a user's
rule set correlated to a temporarily assigned network address
wherein the user's rule set contains at least one of a plurality of
functions used to control data passing between the user and a
public network; the method comprising the step of: modifying at
least a portion of the user's rule set while the user's rule set
remains correlated to the temporarily assigned network address in
the redirection server; and wherein the redirection server has a
user side that is connected to a computer using the temporarily
assigned network address and a network address and a network side
connected to a computer network and wherein the computer using the
temporarily assigned network address is connected to the computer
network through the redirection server and the method further
includes the step of receiving instructions by the redirection
server to modify at least a portion of the user's rule set through
one or more of the user side of the redirection server and the
network side of the redirection server.
26. The method of claim 25, further including the step of modifying
at least a portion of the user's rule set as a function of one or
more of: time, data transmitted to or from the user, and location
or locations the user access.
27. The method of claim 25, further including the step of removing
or reinstating at least a portion of the user's rule set as a
function of one or more of: time, the data transmitted to or from
the user and the location or locations the user access.
28. The system of claim 1, wherein the individualized rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service.
29. The system of claim 1, wherein the individualized rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set.
30. The system of claim 1, wherein the individualized rule set
includes at least one rule allowing access based on a request type
and a destination address.
31. The system of claim 1, wherein the individualized rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address.
32. The method of claim 8, wherein the individualized rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service.
33. The method of claim 8, wherein the individualized rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set.
34. The method of claim 8, wherein the individualized rule set
includes at least one rule allowing access based on a request type
and a destination address.
35. The method of claim 8, wherein the individualized rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address.
36. A system comprising: a redirection server programmed with a
users rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
allow automated modification of at least a portion of the rule set
correlated to the temporarily assigned network address; wherein the
redirection server is configured to allow automated modification of
at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the modified rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service.
37. A system comprising: a redirection server programmed with a
user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
allow automated modification of at least a portion of the rule set
correlated to the temporarily assigned network address; wherein the
redirection server is configured to allow automated modification of
at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the modified rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set.
38. A system comprising: a redirection server programmed with a
user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
allow automated modification of at least a portion of the rule set
correlated to the temporarily assigned network address; wherein the
redirection server is configured to allow automated modification of
at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the modified rule set
includes at least one rule allowing access based on a request type
and a destination address.
39. A system comprising: a redirection server programmed with a
user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
allow automated modification of at least a portion of the rule set
correlated to the temporarily assigned network address; wherein the
redirection server is configured to allow automated modification of
at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the modified rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address.
40. The method of claim 25, wherein the modified rule set includes
at least one rule as a function of a type of IP (Internet Protocol)
service.
41. The method of claim 25, wherein the modified rule set includes
an initial temporary rule set and a standard rule set, and wherein
the redirection server is configured to utilize the temporary rule
set for an initial period of time and to thereafter utilize the
standard rule set.
42. The method of claim 25, wherein the modified rule set includes
at least one rule allowing access based on a request type and a
destination address.
43. The method of claim 25, wherein the modified rule set includes
at least one rule redirecting the data to a new destination address
based on a request type and an attempted destination address.
44. A system comprising: a database with entries correlating each
of a plurality of user IDs with an individualized rule set; a dial
up network server that receives user IDs from users' computers; a
redirection server connected between the dial up network server and
a public network, and an authentication accounting server connected
to the database, the dial up network server and the redirection
server; wherein the dial up network server communicates a first
user ID for one of the users' computers and a temporarily assigned
network address for the first user ID to the authentication
accounting server; p1 wherein the authentication accounting server
accesses the database and communicates the individualized rule set
that correlates with the first user ID and the temporarily assigned
network address to the redirection server; and wherein data
directed toward the public network from the one of the users'
computers are processed by the redirection server according to the
individualized rule set.
45. The system of claim 44, wherein the redirection server further
provides control over a plurality of data to and from the users'
computers as a function of the individualized rule set.
46. The system of claim 44, wherein the redirection server further
blocks the data to and from the users' computers as a function of
the individualized rule set.
47. The system of claim 44, wherein the redirection server further
allows the data to and from the users' computers as a function of
the individualized rule set.
48. The system of claim 44, wherein the redirection server further
redirects the data to and from the users' computers as a function
of the individualized rule set.
49. The system of claim 44, wherein the redirection server further
redirects the data from the users' computers to multiple
destinations as a function of the individualized rule set.
50. The system of claim 44, wherein the database entries for a
plurality of the plurality of users' IDs are correlated with a
common individualized rule set.
51. The system of claim 44, wherein the individualized rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service.
52. The system of claim 44, wherein the individualized rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set.
53. The system of claim 44, wherein the individualized rule set
includes at least one rule allowing access based on a request type
and a destination address.
54. The system of claim 44, wherein the individualized rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address.
55. The system of claim 44, wherein the redirection server is
configured to redirect data from the users' computers by replacing
a first destination address in an IP (Internet Protocol) packet
header by a second destination address as a function of the
individualized rule set.
56. In a system comprising a database with entries correlating each
of a plurality of user IDs with an individualized rule set; a dial
up network server that receives user IDs from users' computers; a
redirection server connected between the dial up network server and
a public network, and an authentication accounting server connected
to the database, the dial up network server and the redirection
servers, a method comprising the steps of: communicating a first
user ID for one of the users' computers and a temporarily assigned
network address for the first user ID from the dial up network
server to the authentication accounting server; communicating the
individualized rule set that correlates with the first user ID and
the temporarily assigned network address to the redirection server
from the authentication accounting server; and processing data
directed toward the public network from the one of the users'
computers according to the individualized rule set.
57. The method of claim 56, further including the step of
controlling a plurality of data to and from the users' computers as
a function of the individualized rule set.
58. The method of claim 56, further including the step of blocking
the data to and from the users' computers as a function of the
individualized rule set.
59. The method of claim 56, further including the step of allowing
the data to and from the users' computers as a function of the
individualized rule set.
60. The method of claim 56, further including the step of
redirecting the data to and from the users' computers as a function
of the individualized rule set.
61. The method of claim 56, further including the step of
redirecting the data from the users' computers to multiple
destinations a function of the individualized rule set.
62. The method of claim 56, further including the step of creating
database entries for a plurality of the plurality of users' IDs,
the plurality of users' ID further being correlated with a common
individualized rule set.
63. The method of claim 56, wherein the individualized rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service.
64. The method of claim 56, wherein the individualized rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set.
65. The method of claim 56, wherein the individualized rule set
includes at least one rule allowing access based on a request type
and a destination address.
66. The method of claim 56, wherein the individualized rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address.
67. The method of claim 56, wherein the redirection server is
configured to redirect data from the users' computers by replacing
a first destination address in an IP (Internet Protocol) packet
header by a second destination address as a function of the
individualized rule set.
68. A system comprising: a redirection server connected between a
user computer and a public network, the redirection server
programmed with a users' rule set correlated to a temporarily
assigned network address; wherein the rule set contains at least
one of a plurality of functions used to control data passing
between the user and a public network; wherein the redirection
server is configured to allow automated modification of at least a
portion of the rule set correlated to the temporarily assigned
network address; and wherein the redirection server is configured
to allow automated modification of at least a portion of the rule
set as a function of some combination of time, data transmitted to
or from the user, or location the user accesses.
69. The system of claim 68, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of time.
70. The system of claim 68, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of the data transmitted to or from the user.
71. The system of claim 68, wherein the redirection server is
configured to allow modification of at least a portion of the rule
set as a function of the location or locations the user
accesses.
72. The system of claim 68, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of time.
73. The system of claim 68, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of the data transmitted to or
from the user.
74. The system of claim 68, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of the location or locations
the user accesses.
75. The system of claim 68, wherein the redirection server is
configured to allow the removal or reinstatement of at least a
portion of the rule set as a function of some combination of time,
data transmitted to or from the user, or location or locations the
user accesses.
76. The system of claim 68, wherein the redirection server has a
user side that is connected to a computer using the temporarily
assigned network address and a network side connected to a computer
network and wherein the computer using the temporarily assigned
network address is connected to the computer network through the
redirection server.
77. The system of claim 68 wherein instructions to the redirection
server to modify the rule set are received by one or more of the
user side of the redirection server and the network side of the
redirection server.
78. The system of claim 68, wherein the modified rule set includes
at least one rule as a function of a type of IP (Internet Protocol)
service.
79. The system of claim 68, wherein the modified rule set includes
an initial temporary rule set and a standard rule set, and wherein
the redirection server is configured to utilize the temporary rule
set for an initial period of time and to thereafter utilize the
standard rule set.
80. The system of claim 68, wherein the modified rule set includes
at least one rule allowing access based on a request type and a
destination address.
81. The system of claim 68, wherein the modified rule set includes
at least one rule redirecting the data to a new destination address
based on a request type and an attempted destination address.
82. The system of claim 68, wherein the redirection server is
configured to redirect data from the users' computers by replacing
a first destination address in an IP (Internet Protocol) packet
header by a second destination address as a function of the
modified rule set.
83. In a system comprising a redirection server connected between a
user computer and a public network, the redirection server
containing a user's rule set correlated to a temporarily assigned
network address wherein the user's rule set contains at least one
of a plurality of functions used to control data passing between
the user and a public network; a method comprising the step of:
modifying at least a portion of the user's rule set while the
user's rule set remains correlated to the temporarily assigned
network address in the redirection server; and wherein the
redirection server has a user side that is connected to a computer
using the temporarily assigned network address and a network
address and a network side connected to a computer network; and
wherein the computer using the temporarily assigned network address
is connected to the computer network through the redirection server
and the method further includes the step of receiving instructions
by the redirection server to modify at least a portion of the
user's rule set through one or more of the user side of the
redirection server and the network side of the redirection
server.
84. The method of claim 83, further including the step of modifying
at least a portion of the user's rule set as a function of one or
more of time, data transmitted to or from the user, and location or
locations the user accesses.
85. The method of claim 83, further including the step of removing
or reinstating at least a portion of the user's rule set as a
function of one or more of time, the data transmitted to or from
the user and a location or locations the user accesses.
86. The method of claim 83, wherein the modified rule set includes
at least one rule as a function of a type of IP (Internet Protocol)
service.
87. The method of claim 83, wherein the modified rule set includes
an initial temporary rule set and a standard rule set, and wherein
the redirection server is configured to utilize the temporary rule
set for an initial period of time and to thereafter utilize the
standard rule set.
88. The method of claim 83, wherein the modified rule set includes
at least one rule allowing access based on a request type and a
destination address.
89. The method of claim 83, wherein the modified rule set includes
at least one rule redirecting the data to a new destination address
based on a request type and an attempted destination address.
90. The method of claim 83, wherein the redirection server is
configured to redirect data from the users' computers by replacing
a first destination address in an IP (Internet Protocol) packet
header by a second destination address as a function of the
individualized rule set.
.Iadd.91. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to modify at least a portion of the rule set as a
function of time while the rule set is correlated to the
temporarily assigned network address..Iaddend.
.Iadd.92. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to modify at least a portion of the rule set as a
function of the data transmitted to or from the user while the rule
set is correlated to the temporarily assigned network
address..Iaddend.
.Iadd.93. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to modify at least a portion of the rule set as a
function of the location or locations the user accesses while the
rule set is correlated to the temporarily assigned network
addresses..Iaddend.
.Iadd.94. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to remove or reinstate at least a portion of the rule
set as a function of time while the rule set is correlated to the
temporarily assigned network address..Iaddend.
.Iadd.95. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to remove or reinstate at least a portion of the rule
set as a function of the data transmitted to or from the user while
the rule set is correlated to the temporarily assigned network
address..Iaddend.
.Iadd.96. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to remove or reinstate at least a portion of the rule
set as a function of the location or locations the user accesses
while the rule set is correlated to the temporarily assigned
network address..Iaddend.
.Iadd.97. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server is
configured to remove or reinstate at least a portion of the rule
set as a function of some combination of time, data transmitted to
or from the user, or location or locations the user accesses while
the rule set is correlated to the temporarily assigned network
address..Iaddend.
.Iadd.98. A system comprising: a redirection server programmed with
a user's rule set correlated to a temporarily assigned network
address; wherein the rule set contains at least one of a plurality
of functions used to control data passing between the user and a
public network; wherein the redirection server is configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
wherein the redirection server is configured to automatically
modify at least a portion of the rule set as a function of some
combination of time, data transmitted to or from the user, or
location the user accesses; and wherein the redirection server has
a user side that is connected to a computer using the temporarily
assigned network address and a network side connected to a computer
network, and wherein the computer using the temporarily assigned
network address is connected to the computer network through the
redirection server..Iaddend.
.Iadd.99. The system of claim 98, wherein the redirection server
modifies the rule set in response to instructions received by one
or more of the user side of the redirection server and the network
side of the redirection server..Iaddend.
.Iadd.100. In a system comprising a redirection server containing a
user's rule set correlated to a temporarily assigned network
address wherein the user's rule set contains at least one of a
plurality of functions used to control data passing between the
user and a public network; a method comprising: the redirection
server modifying at least a portion of the user's rule set while
the user's rule set remains correlated to the temporarily assigned
network address in the redirection server; connecting a user side
of the redirection server to a computer using the temporarily
assigned network address and a network side connected to a computer
network; connecting the computer using the temporarily assigned
network address to the computer network through the redirection
server; receiving instructions by the redirection server; and the
redirection server modifying at least a portion of the user's rule
set through one or more of the user side of the redirection server
and the network side of the redirection server while the rule set
is correlated with the temporarily assigned network
address..Iaddend.
.Iadd.101. The method of claim 100, wherein the method further
comprises modifying at least a portion of the user's rule set by
the redirection server as a function of one or more of: time, data
transmitted to or from the user, and location or locations the user
accesses..Iaddend.
.Iadd.102. The method of claim 100, wherein the method further
comprises removing or reinstating at least a portion of the user's
rule set by the redirection server as a function of one or more of:
time, the data transmitted to or from the user and a location or
locations the user accesses..Iaddend.
.Iadd.103. The method of claim 100, wherein the modified rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service..Iaddend.
.Iadd.104. The method of claim 100, wherein the modified rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set..Iaddend.
.Iadd.105. The method of claim 100, wherein the modified rule set
includes at least one rule allowing access based on a request type
and a destination address..Iaddend.
.Iadd.106. The method of claim 100, wherein the modified rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address..Iaddend.
.Iadd.107. A system comprising: a redirection server programmed
with a user's rule set correlated to a temporarily assigned network
address; the rule set containing at least one of a plurality of
functions used to control data passing between the user and a
public network; the redirection server being configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
the redirection server being configured to automatically modify at
least a portion of the rule set as a function of some combination
of time, data transmitted to or from the user, or location the user
accesses; and the modified rule set including at least one rule as
a function of a type of IP (Internet Protocol)
service..Iaddend.
.Iadd.108. A system comprising: a redirection server programmed
with a user's rule set correlated to a temporarily assigned network
address; the rule set containing at least one of a plurality of
functions used to control data passing between the user and a
public network; the redirection server being configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
the redirection server being configured to automatically modify at
least a portion of the rule set as a function of some combination
of time, data transmitted to or from the user, or location the user
accesses; and the modified rule set includes an initial temporary
rule set and a standard rule set, and the redirection server
utilizes the temporary rule set for an initial period of time and
thereafter utilizes the standard rule set while the rule set is
correlated to the temporarily assigned network
address..Iaddend.
.Iadd.109. A system comprising: a redirection server programmed
with a user's rule set correlated to a temporarily assigned network
address; the rule set containing at least one of a plurality of
functions used to control data passing between the user and a
public network; the redirection server being configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
the redirection server being configured to automatically modify at
least a portion of the rule set as a function of some combination
of time, data transmitted to or from the user, or location the user
accesses; and the modified rule set includes at least one rule
allowing access based on a request type and a destination
address..Iaddend.
.Iadd.110. A system comprising: a redirection server programmed
with a user's rule set correlated to a temporarily assigned network
address; the rule set containing at least one of a plurality of
functions used to control data passing between the user and a
public network; the redirection server being configured to
automatically modify at least a portion of the rule set while the
rule set is correlated to the temporarily assigned network address;
the redirection server being configured to automatically modify at
least a portion of the rule set as a function of some combination
of time, data transmitted to or from the user, or location the user
accesses; and the modified rule set includes at least one rule
redirecting the data to a new destination address based on a
request type and an attempted destination address..Iaddend.
.Iadd.111. A system comprising: a redirection server connected
between a user computer and a public network, the redirection
server programmed with a users' rule set correlated to a
temporarily assigned network address; the rule set containing at
least one of a plurality of functions used to control data passing
between the user and a public network; the redirection server being
configured to automatically modify at least a portion of the rule
set while the rule set is correlated to the temporarily assigned
network address; and the redirection server being configured to
automatically modify at least a portion of the rule set as a
function of some combination of time, data transmitted to or from
the user, or location the user accesses while the rule set is
correlated to the temporarily assigned network
address..Iaddend.
.Iadd.112. The system of claim 111, the redirection server being
configured to modify at least a portion of the rule set as a
function of time..Iaddend.
.Iadd.113. The system of claim 111, the redirection server being
configured to modify at least a portion of the rule set as a
function of the data transmitted to or from the user..Iaddend.
.Iadd.114. The system of claim 111, the redirection server being
configured to modify at least a portion of the rule set as a
function of the location or locations the user
accesses..Iaddend.
.Iadd.115. The system of claim 111, the redirection server being
configured to remove or reinstate at least a portion of the rule
set as a function of time..Iaddend.
.Iadd.116. The system of claim 111, the redirection server being
configured to remove or reinstate at least a portion of the rule
set as a function of the data transmitted to or from the
user..Iaddend.
.Iadd.117. The system of claim 111, the redirection server being
configured to remove or reinstate at least a portion of the rule
set as a function of the location or locations the user
accesses..Iaddend.
.Iadd.118. The system of claim 111, the redirection server being
configured to remove or reinstate at least a portion of the rule
set as a function of some combination of time, data transmitted to
or from the user, or location or locations the user
accesses..Iaddend.
.Iadd.119. The system of claim 111, wherein the redirection server
has a user side that is connected to a computer using the
temporarily assigned network address and a network side connected
to a computer network and wherein the computer using the
temporarily assigned network address is connected to the computer
network through the redirection server..Iaddend.
.Iadd.120. The system of claim 111, wherein the redirection server
modifies the rule set received by one or more of the user side of
the redirection server and the network side of the redirection
server in response to instructions received by the redirection
server..Iaddend.
.Iadd.121. The system of claim 111, wherein the modified rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service..Iaddend.
.Iadd.122. The system of claim 111, wherein the modified rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set..Iaddend.
.Iadd.123. The system of claim 111, wherein the modified rule set
includes at least one rule allowing access based on a request type
and a destination address..Iaddend.
.Iadd.124. The system of claim 111, wherein the modified rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address..Iaddend.
.Iadd.125. The system of claim 111, the redirection server
redirecting data from the users' computers by replacing a first
destination address in an IP (Internet Protocol) packet header by a
second destination address as a function of the modified rule
set..Iaddend.
.Iadd.126. In a system comprising a redirection server connected
between a user computer and a public network, the redirection
server containing a user's rule set correlated to a temporarily
assigned network address wherein the user's rule set contains at
least one of a plurality of functions used to control data passing
between the user and a public network; a method comprising: the
redirection server modifying at least a portion of the user's rule
set while the user's rule set remains correlated to the temporarily
assigned network address in the redirection server; wherein the
redirection server has a user side that is connected to a computer
using the temporarily assigned network address and a network
address and a network side connected to a computer network; wherein
the computer using the temporarily assigned network address is
connected to the computer network through the redirection server;
and the redirection server modifying at least a portion of the
user's rule set through one or more of the user side of the
redirection server and the network side of the redirection server
while the rule set is correlated to the temporarily assigned
network address, in response to instructions received by the
redirection server..Iaddend.
.Iadd.127. The method of claim 126, wherein the modification is a
function of one or more of time, data transmitted to or from the
user, and location or locations the user accesses..Iaddend.
.Iadd.128. The method of claim 126, wherein the modification
comprises removing or reinstating at least a portion of the user's
rule set as a function of one or more of time, the data transmitted
to or from the user and a location or locations the user
accesses..Iaddend.
.Iadd.129. The method of claim 126, wherein the modified rule set
includes at least one rule as a function of a type of IP (Internet
Protocol) service..Iaddend.
.Iadd.130. The method of claim 126, wherein the modified rule set
includes an initial temporary rule set and a standard rule set, and
wherein the redirection server is configured to utilize the
temporary rule set for an initial period of time and to thereafter
utilize the standard rule set..Iaddend.
.Iadd.131. The method of claim 126, wherein the modified rule set
includes at least one rule allowing access based on a request type
and a destination address..Iaddend.
.Iadd.132. The method of claim 126, wherein the modified rule set
includes at least one rule redirecting the data to a new
destination address based on a request type and an attempted
destination address..Iaddend.
.Iadd.133. The method of claim 126, wherein the redirection server
redirects data from the users' computers by replacing a first
destination address in an IP (Internet Protocol) packet header by a
second destination address as a function of the individualized rule
set..Iaddend.
Description
FIELD OF THE INVENTION
This invention relates to the field of Internet communications,
more particularly, to a database system for use in dynamically
redirecting and filtering Internet traffic.
BACKGROUND OF THE INVENTION
In prior art systems as shown in FIG. 1 when an Internet user
establishes a connection with an Internet Service Provider (ISP),
the user first makes a physical connection between their computer
100 and a dial-up networking server 102, the user provides to the
dial-up networking server their user ID and password. The dial-up
networking server then passes the user ID and password, along with
a temporary Internet Protocol (IP) address for use by the user to
the ISP's authentication and accounting server 104. A detailed
description of the IP communications protocol is discussed in
Internetworking with TCP/IP, 3rd ed., Douglas Comer, Prentice Hall,
1995, which is fully incorporated herein by reference. The
authentication and accounting server, upon verification of the user
ID and password using a database 106 would send an authorization
message to the dial-up networking server 102 to allow the user to
use the temporary IP address assigned to that user by the dial-up
networking server and then logs the connection and assigned IP
address. For the duration of that session, whenever the user would
make a request to the Internet 110 via a gateway 108, the end user
would be identified by the temporarily assigned IP address.
The redirection of Internet traffic is most often done with World
Wide Web (WWW) traffic (more specifically, traffic using the HTTP
(hypertext transfer protocol)). However, redirection is not limited
to WWW traffic, and the concept is valid for all IP services. To
illustrate how redirection is accomplished, consider the following
example, which redirects a user's request for a WWW page (typically
an html (hypertext markup language) file) to some other WWW page.
First, the user instructs the WWW browser (typically software
running on the user's PC) to access a page on a remote WWW server
by typing in the URL (universal resource locator) or clicking on a
URL link. Note that a URL provides information about the
communications protocol, the location of the server (typically an
Internet domain name or IP address), and the location of the page
on the remote server. The browser next sends a request to the
server requesting the page. In response to the user's request, the
web server sends the requested page to the browser. The page,
however, contains html code instructing the browser to request some
other WWW page--hence the redirection of the user begins. The
browser then requests the redirected WWW page according to the URL
contained in the first page's html code. Alternately, redirection
can also be accomplished by coding the page such that it instructs
the browser to run a program, like a Java applet or the like, which
then redirects the browser. One disadvantage with current
redirection technology is that control of the redirection is at the
remote end, or WWW server end--and not the local, or user end. That
is to say that the redirection is performed by the remote server,
not the user's local gateway.
Filtering packets at the Internet Protocol (IP) layer has been
possible using a firewall device or other packet filtering device
for several years. Although packet filtering is most often used to
filter packets coming into a private network for security purposes,
once properly programed, they can filter outgoing packets sent from
users to a specific destination as well. Packet filtering can
distinguish, and filter based on, the type of IP service contained
within an IP packet. For example, the packet filter cart determine
if the packet contains FTP (file transfer protocol) data, WWW data,
or Telnet session data. Service identification is achieved by
identifying the terminating port number contained within each IP
packet header. Port numbers are standard within the industry to
allow for interoperability between equipment. Packet filtering
devices allow network administrators to filter packets based on the
source and/or destination information, as well as on the type of
service being transmitted within each IP packet. Unlike redirection
technology, packet filtering technology allows control at the local
end of the network connection, typically by the network
administrator. However, packet filtering is very limited because it
is static. Once packet filtering rule sets are programed into a
firewall or other packet filter device, the rule set can only be
changed by manually reprogramming the device.
Packet filter devices are often used with proxy server systems,
which provide access control to the Internet and are most often
used to control access to the world wide web. In a typical
configuration, a firewall or other packet filtering device filters
all WWW requests to the Internet from a local network, except for
packets from the proxy server. That is to say that a packet filter
or firewall blocks all traffic originating from within the local
network which is destined for connection to a remote server on port
80 (the standard WWW port number). However, the packet filter or
firewall permits such traffic to and from the proxy server.
Typically, the proxy server is programed with a set of destinations
that are to be blocked, and packets destined for blocked addresses
are not forwarded. When the proxy server receives a packet, the
destination is checked against a database for approval. If the
destination is allowed, the proxy server simply forwards packets
between the local user and the remote server outside the firewall.
However, proxy servers are limited to either blocking or allowing
specific system terminals access to remote databases.
A recent system is disclosed in U.S. Pat. No. 5,696,898. This
patent discloses a system, similar to a proxy server, that allows
network administrators to restrict specific IP addresses inside a
firewall from accessing information from certain public or
otherwise uncontrolled databases (i.e., the WWW/Internet).
According to the disclosure, the system has a relational database
which allows network administrators to restrict specific terminals,
or groups of terminals, from accessing certain locations. Similarly
limited as a proxy server, this invention can only block or allow
terminals' access to remote sites. This system is also static in
that rules programmed into the database need to be reprogramming in
order to change which locations specific terminals may access.
SUMMARY OF THE INVENTION
The present invention allows for creating and implementing
dynamically changing rules, to allow the redirection, blocking, or
allowing, of specific data traffic for specific users, as a
function of database entries and the user's activity. In certain
embodiments according to the present invention, when the user
connects to the local network, as in the prior art system, the
user's ID and password are sent to the authentication accounting
server. The user ID and password are checked against information in
an authentication database. The database also contains personalized
filtering and redirection information for the particular user ID.
During the connection process, the dial-up network server provides
the authentication accounting server with the IP address that is
going to be temporarily assigned to the user. The authentication
accounting server then sends both the user's temporary IP address
and all of the particular user's filter and redirection information
to a redirection server. The IP address temporarily assigned to the
end user is then sent back to the end user for use in connecting to
the network.
Once connected to the network, all data packets sent to, or
received by, the user include the user's temporary IP address in
the IP packet header. The redirection server uses the filter and
redirection information supplied by the authentication accounting
server, for that particular IP address, to either allow packets to
pass through the redirection server unmolested, block the request
all together, or modify the request according to the redirection
information.
When the user terminates the connection with the network, the
dial-up network server informs the authentication accounting
server, which in turn, sends a message to the redirection server
telling it to remove any remaining filtering and redirection
information for the terminated user's temporary IP address. This
then allows the dial-up network to reassign that IP address to
another user. In such a case, the authentication accounting server
retrieves the new user's filter and redirection information from
the database and passes it, with the same IP address which is now
being used by a different user, to the redirection server. This new
user's filter may be different from the first user's filter.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram of a typical Internet Service Provider
environment.
FIG. 2 is a block diagram of an embodiment of an Internet Service
Provider environment with integrated redirection system.
DETAILED DESCRIPTION OF THE INVENTION
In the following embodiments of the invention, common reference
numerals are used to represent the same components. If the features
of an embodiment are incorporated into a single system, these
components can be shared and perform all the functions of the
described embodiments.
FIG. 2. shows a typical Internet Service Provider (ISP) environment
with integrated user specific automatic data redirection system. In
a typical use of the system, a user employs a personal computer
(PC) 100, which connects to the network. The system employs: a
dial-up network server 102, an authentication accounting server
204, a database 206 and a redirection server 208.
The PC 100 first connects to the dial-up network server 102. The
connection is typically created using a computer modem, however a
local area network (LAN) or other communications link can be
employed. The dial-up network server 102 is used to establish a
communications link with the user's PC 100 using a standard
communications protocol. In the preferred embodiment Point to Point
Protocol (PPP) is used to establish the physical link between the
PC 100 and the dial-up network server 102, and to dynamically
assign the PC 100 an IP address from a list of available addresses.
However, other embodiments may employ different communications
protocols, and the IP address may also be permanently assigned to
the PC 100. Dial-up network servers 102. PPP and dynamic IP address
assignment are well known in the art.
An authentication accounting server with Auto-Navi component
(hereinafter, authentication accounting server) 204 is used to
authenticate user ID and permit, or deny, access to the network.
The authentication accounting server 204 queries the database 206
to determine if the user ID is authorized to access the network. If
the authentication accounting server 204 determines the user ID is
authorized, the authentication accounting server 204 signals the
dial-up network server 102 to assign the PC 100 an IP address, and
the Auto-Navi component of the authentication accounting server 204
sends the redirection server 208 (1) the filter and redirection
information stored in database 206 for that user ID and (2) the
temporarily assigned IP address for the session. One example of an
authentication accounting server is discussed in U S. Pat. No.
5,845,070, which is fully incorporated here by reference. Other
types of authentication accounting servers are known in the art.
However, these authentication accounting servers lack an Auto-Navi
component.
The system described herein operates based on user Id's supplied to
it by a computer. Thus the system does not "know" who the human
being "user" is at the keyboard of the computer that supplies a
user ID. However, for the purposes of this detailed description.
"user" will often be used as a short hand expression for "the
person supplying inputs to a computer that is supplying the system
with a particular user ID."
The database 206 is a relational database which stores the system
data. FIG. 3 shows one embodiment of the database structure. The
database, in the preferred embodiment, includes the following
fields: a user account number, the services allowed or denied each
user (for example: e-mail, Telnet, FTP, WWW), and the locations
each user is allowed to access.
Rule sets are employed by the system and are unique for each user
ID, or a group of user ID's. The rule sets specify elements or
conditions about the user's session. Rule sets may contain data
about a type of service which may or may not be accessed, a
location which may or may not be accessed, how long to keep the
rule set active, under what conditions the rule set should be
removed, when and how to modify the rule set during a session, and
the like. Rule sets may also have a preconfigured maximum lifetime
to ensure their removal from the system.
The redirection server 208 is logically located between the user's
computer 100 and the network, and controls the user's access to the
network. The redirection server 208 performs all the central tasks
of the system. The redirection server 208 receives information
regarding newly established sessions from the authentication
accounting server 204. The Auto-Navi component of the
authentication accounting server 204 queries the database for the
rule set to apply to each new session, and forwards the rule set
and the currently assigned IP address to the redirection server
208. The redirection server 208 receives the IP address and rule
set, and is programed to implement the rule set for the IP address,
as well as other attendant logical decisions such as: checking data
packets and blocking or allowing the packets as a function of the
rule sets, performing the physical redirection of data packets
based on the rule sets, and dynamically changing the rule sets
based on conditions. When the redirection server 208 receives
information regarding a terminated session from the authentication
accounting server 204, the redirection server 208 removes any
outstanding rule sets and information associated with the session.
The redirection server 208 also checks for and removes expired ride
sets from time to time.
In an alternate embodiment, the redirection server 208 reports all
or some selection of session information to the database 206. This
information may then be used for reporting, or additional rule set
generation.
System Features Overview
In the present embodiment, each specific user may be limited to, or
allowed, specific IP services, such as WWW, FTP and Telnet. This
allows a user, for example, WWW access, but not FTP access or
Telnet access. A user's access can be dynamically changed by
editing the user's database record and commanding the Auto-Navi
component of the authentication accounting server 204 to transmit
the user's new rule set and current IP address to the redirection
server 208.
A user's access can be "locked" to only allow access to one
location, or a set of locations, without affecting other users'
access. Each time a locked user attempts to access another
location, the redirection server 208 redirects the user to a
default location. In such a case, the redirection server 208 acts
either as proxy for the destination address, or in the case of WWW
traffic the redirection server 208 replies to the user's request
with a page containing a redirection command.
A user may also be periodically redirected to a location, based on
a period of time or some other condition. For example, the user
will first be redirected to a location regardless of what location
the user attempts to reach, then permitted to access other
locations, but every ten minutes the user is automatically
redirected to the first location. The redirection server 208
accomplishes such a rule set by setting an initial temporary rule
set to redirect all traffic; after the user accesses the redirected
location, the redirection server then either replaces the temporary
rule set with the user's standard rule set or removes the rule set
altogether from the redirection server 208. After a certain or
variable time period, such as ten minutes, the redirection server
208 reinstates the rule set again.
The following steps describe details of a typical user session: A
user connects to the dial-up network server 102 through computer
100. The user inputs user ID and password to the dial-up network
server 102 using computer 100 which forwards the information to the
authentication accounting server 204 The authentication accounting
server 204 queries database 206 and performs validation check of
user ID and password. Upon a successful user authentication, the
dial-up network server 102 completes the negotiation and assigns an
IP address to the user. Typically, the authentication accounting
server 204 logs the connection in the database 206. The Auto-Navi
component of the authentication accounting server 204 then sends
both the user's rule set (contained in database 206) and the user's
IP address (assigned by the dial-up network server 102) in real
time to the redirection server 208 so that it can filter the user's
IP packets. The redirection server 208 programs the rule set and IP
address so as to control (filter, block, redirect, and the like)
the user's data as a function of the rule set.
The following is an example of a typical user's rule set, attendant
logic and operation:
If the rule set for a particular user (i.e., user UserID-2) was
such as to only allow that user to access the web site www.us.com,
and permit Telnet services, and redirect all web access from any
server at xyz.com to www.us.com, then the logic would be as
follows:
The database 206 would contain the following record for user
UserID-2:
TABLE-US-00001 ID UserID-2 Password: secret ################ ###
Rule Sets ### ################ #service rule expire http www.us.com
0 http *.xyz.com=>www.us.com 0
the user initiates a session, and sends the correct user ID and
password (UserID-2 and secret) to the dial-up network server 102.
As both the user ID and password are correct, the authentication
accounting server 204 authorizes the dial-up network server 102 to
establish a session. The dial-up network server 102 assigns
UserID-2 an IP address (for example, 10.0.0.1) to the user and
passes the IP address to the authentication accounting server 204.
The Auto-Navi component of the authentication accounting server 204
sends both the user's rule set and the user's IP address (10.0.0.1)
to the redirection server 208. The redirection server 208 programs
the rule set and IP address so as to filter and redirect the user's
packets according to the rule set. The logic employed by the
redirection server 208 to implement the rule set is as follows: IF
source IP-address=10.0.0.1 AND ( ((request type=HTTP) AND
(destination address=www.us.com) ) OR (request type=Telnet) ) THEN
ok. IF source IP-address=10.0.0.1 AND ( (request type=HTTP) AND
(destination address=*.xyz.com) ) THEN (redirect=www.us.com)
The redirection server 208 monitors all the IP packets, checking
each against the rule set. In this situation, if IP address
10.0.0.1 (the address assigned to user ID UserID-2) attempts to
send a packet containing HTTP data (i.e., attempts to connect to
port 80 on any machine within the xyz.com domain) the traffic is
redirected by the redirection server 208 to www.us.com. Similarly,
if the user attempts to connect to any service other then HTTP at
www.us.com or Telnet anywhere, the packet will simply be blocked by
the redirection server 208.
When the user logs out or disconnects from the system, the
redirection server will remove all remaining rule sets.
The following is another example of a typical user's rule set,
attendant logic and operation:
If the rule set for a particular user (i.e., user UserID-3) was to
force the user to visit the web site www.widgetsell.com, first,
then to have unfettered access to other web sites, then the logic
would be as follows:
The database 206 would contain the following record for user
UserID-3;
TABLE-US-00002 ID UserID-3 Password: top-secret ################
### Rule Sets ### ################ #service rule expire http
*=>www.widgetsell.com 1x
the user initiates a session, and sends the correct user ID and
password (UserID-3 and top-secret) to the dial-up network server
102. As both the user ID and password are correct, the
authentication accounting server 204 authorizes the dial-up network
server 102 to establish a session. The dial-up network server 102
assigns user ID 3 an IP address (for example, 10.0.0.1) to the user
and passes the IP address to the authentication accounting server
204. The Auto-Navi component of the authentication accounting
server 204 sends both the user's rule set and the user's IP address
(10.0.0.1) to the redirection server 208. The redirection server
208 programs the rule set and IP address so as to filter and
redirect the user's packets according to the rule set. The logic
employed by the redirection server 208 to implement the rule set is
as follows: IF source IP-address=10.0.0.1 AND (request type=HTTP)
THEN (redirect=www.widgetsell.com) THEN SET NEW RULE IF source
IP-address=10.0.0.1 AND (request type=HTTP) THEN ok.
The redirection server 208 monitors all the IP packets, checking
each against the rule set. In this situation, if IP address
10.0.0.1 (the address assigned to user ID UserID-3) attempts to
send a packet containing HTTP data (i.e., attempts to connect to
port 80 on any machine) the traffic is redirected by the
redirection server 208 to www.widgetsell.com. Once this is done,
the redirection server 208 will remove the rule set and the user if
free to use the web unmolested.
When the user logs out or disconnects from the system, the
redirection server will remove all remaining rule sets.
In an alternate embodiment a user may be periodically redirected to
a location, based on the number of other factors, such as the
number of locations accessed, the time spent at a location, the
types of locations accessed, and other such factors.
A user's account can also be disabled after the user has exceeded a
length of time. The authentication accounting server 204 keeps
track of user's time online. Prepaid use subscriptions can thus be
easily managed by the authentication accounting Server 204.
In yet another embodiment, signals from the Internet 110 side of
redirection server 208 can be used to modify rule sets being used
by the redirection server. Preferably, encryption and/or
authentication are used to verify that the server or other computer
on the Internet 110 side of redirection server 208 is authorized to
modify the rule set or rule sets that are being attempted to be
modified. An example of this embodiment is where it is desired that
a user be redirected to a particular web site until the fill out a
questionnaire or satisfy some other requirement on such a web site.
In this example, the redirection server redirects a user to a
particular web site that includes a questionnaire. After this web
site receives acceptable data in all required fields, the web site
then sends an authorization to the redirection server that deletes
the redirection to the questionnaire web site from the rule set for
the user who successfully completed the questionnaire. Of course,
the type of modification an outside server can make to a rule set
on the redirection server is not limited to deleting a redirection
rule, but can include any other type of modification to the rule
set that is supported by the redirection server as discussed
above.
It will be clear to one skilled in the art that the invention may
be implemented to control (block, allow and redirect) any type of
service, such as Telnet, FTP, WWW and the like. The invention is
easily programmed to accommodate new services or networks and is
not limited to those services and networks (e.g., the Internet) now
know in the art.
It will also be clear that the invention may be implemented on a
non-IP based networks which implement other addressing schemes,
such as IPX, MAC addresses and the like. While the operational
environment detailed in the preferred embodiment is that of an ISP
connecting users to the Internet, it will be clear to one skilled
in the art that the invention may be implemented in any application
where control over users' access to a network or network resources
is needed, such as a local area network, wide area network and the
like. Accordingly, neither the environment nor the communications
protocols are limited to those discussed.
* * * * *
References