WO2001052071A1 - System and method for managing network access - Google Patents
System and method for managing network access Download PDFInfo
- Publication number
- WO2001052071A1 WO2001052071A1 PCT/US2001/000730 US0100730W WO0152071A1 WO 2001052071 A1 WO2001052071 A1 WO 2001052071A1 US 0100730 W US0100730 W US 0100730W WO 0152071 A1 WO0152071 A1 WO 0152071A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- network access
- application program
- service gateway
- policy server
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Definitions
- the invention relates to the field of managing network access. More specifically, the invention relates to a system and method for receiving payment to provide access to a network such as the Internet. Background
- the Internet and personal computers have become ubiquitous in modern society. Although the Internet has existed in various forms for many years, the Internet became popular as a mass communication vehicle with the introduction of the world wide web.
- the world wide web is, from a user's perspective, a way of easily identifying a remote computer, connecting to the remote computer, and viewing information stored on the remote computer.
- RFCs are exclusively available via the Internet at various web sites.
- Web sites are specified by a text description or name referred to as a uniform resource locator (URL) that is now encompassed by the term uniform resource identifier (URI).
- URL uniform resource locator
- URI uniform resource identifier
- UDP user datagram protocol
- TCP IP transmission control protocol/Internet protocol
- HTTP hypertext transfer protocol
- a way to provide Internet users in multi-occupant, multi-room or shared buildings such as apartments, office buildings, dorm rooms and the like with high-speed Internet access is to allow multiple users at one location to share access to a high-speed Internet connection. These Internet users may be willing and able to provide payment for access to the Internet, particularly if the costs may be shared with others using the same high-speed access method.
- network resources such as Internet web servers
- locations remote from their home or office such as, for example, hotels.
- some locations such as, for example, hotels, may provide network access for a visiting user's temporary, as needed, on demand use.
- Such users may wish to access network resources, such as Internet web servers, and the location may provide this network access.
- These computer users may be willing and able to provide payment for access to the Internet, and the locations may be similarly willing to provide Internet access, so long as they can be compensated for their costs or make a profit.
- the method and system of the present invention allow an owner or operator of a multi-occupant, multi-room building to provide shared high speed access to a network such as the Internet.
- the method and system involve a policy server n Qf-vr ⁇ / ir'f* ' cmfp ⁇ rnxr wrsifYi cp*nr1 mpco ⁇ w C tn ⁇ nntlipr IM Q ⁇ O ⁇ -T' O ⁇ /-*•.- o p e gateway will then provide the user access to a network such as the Internet.
- the policy server receives an authorization request message from a user's network access application program that was initiated by the service gateway.
- the policy server processes payment information received from the user and, assuming that the payment information is sufficient, provides an authorization granted message regarding the user to the service gateway via the user's network access application program.
- Figure 1 illustrates the flow of actions taken according to an embodiment of the system and method of the present invention.
- Figure 2 illustrates the network architecture of an embodiment of a system and method of the present invention.
- Figures 3A and 3B illustrate the flow of actions of a service gateway and a policy server taken according to an embodiment of the system and method of the present invention.
- the method and system of the present invention allow an owner or operator of a multi-occupant, multi-room building to provide shared high speed access to a network such as the Internet.
- a network such as the Internet.
- a guest in a hotel room may be provided a high speed connection to the Internet.
- a renter in an apartment or office building may be provided similar access.
- a student in a dorm room may be provided similar access.
- Figure 1 illustrates the flow of actions taken according to an embodiment of the system and method of the present invention.
- the user a guest, renter, etc. may plug in a computer, be it a laptop, desktop, personal computing device, etc., to a line providing direct network access, boot up the computer and start a network access application program such as an Internet web browser, intending to access a web site.
- the user issues a network access request by specifying a web site in the web browser, as shown in block 2. Instead of the specified web page of the web site appearing on the user's screen, a web page provided by the hotel, the property management company, etc.
- a service gateway at the site of the multi-occupant dwelling intercepts the web site request and redirects the user's web browser to a policy server such that the user's web browser sends an authorization request message to the policy server, as shown in block 4.
- the policy server then provides a web page to the user requesting payment information and usage information, as shown in block 5.
- This web pages contains a hidden reference to the policy server such that when the user enters payment information and usage information, the user unknowingly submits the payment information to a policy server, as shown in block 6.
- this policy server remotely situated on the Internet, that may grant or deny the user access to the Internet. If the user agrees to accept the charges and provides the requested payment and usage information, the policy server authorizes the user to have access to the Internet, as shown in block 8. The policy server then instructs the service gateway that the user is to be given access to the Internet by redirecting the user's web browser to notify the service gateway that the user' is to be granted Internet access, as shown in block 10. In one embodiment, this is achieved by the policy server sending a message to the user's web browser which causes the user's web browser, to unknown to the user, provide an authorization granted message to the service gateway.
- the guest's computer is granted access to the Internet by the service gateway for the period of authorization, such as, for example, until check-out, until a specified date and time, and for a specified number of days or hours.
- the service gateway may then provide confirmation of access to the user via a web page, and, in one embodiment, may provide a default start web page, and, in another embodiment, may redirect the user's web browser to the web site initially requested by the user, as shown in block 12.
- Figure 2 illustrates the network architecture of an embodiment of a system and method of the present invention.
- the system and method involves a plurality of user computers 40, only three of which are depicted, a hub 48, a policy server 34, and a service gateway 14.
- a policy server 34, and a service gateway 14 are attached to the Internet 50. Such attachment is made according to methods known to those skilled in the art, including but not limited to connection by Integrated Services Digital Network (ISDN), Digital Subscriber Line (DSL), cable modem, Tl line, T3 line, etc.
- ISDN Integrated Services Digital Network
- DSL Digital Subscriber Line
- cable modem Tl line
- T3 line Integrated Services Digital Network
- wireless communication may also be used.
- policy server 34 and service gateway 14 may be connected to one another by any means of computer communication that allows for data to be communicated between them.
- Such connections include, but are not limited to, leased lines, etc.
- multiple policy servers 34 and service gateways 14 may participate in the method of the present invention, particularly when the multi-occupant building is large and/or when the entity that own the dwellings and owns or hires the policy servers owns multiple buildings or owns geographically distant buildings.
- multiple hubs 48 or similar devices such as multiplexors, concentrators and the like may be connected to one or more service gateways.
- the method is implemented as software stored in and executed by policy server 34 and service gateway 14.
- Policy server 34 and service gateway 14 may each be any server computer that can execute software programs and access a communications network such as the Internet.
- service gateway 14 comprises processor 15 and memory 16.
- Processor 15 may be any computer processor, and memory 16 may be any random access memory (RAM) or other readable and writeable memory device.
- Disk drive 17 may be a hard disk drive, a readable and writeable compact disk (CDRW) drive, a floppy disk drive, a stick or card memory device, a digital audio tape (DAT) reader, etc., or any other machine readable medium local to the processor, as well as remotely connected by a network or any method of communication.
- the processor may communicate instructions to display controller 20 to display images on display device 22.
- Display controller 20 may be any display controller, and display device 22 may be any display monitor, including, but not limited to, a cathode ray tube (CRT) display monitor, or thin film transistor (TFT) display screen.
- CRT cathode ray tube
- TFT thin film transistor
- a system administrator or other similar person may access payment system server 14 via any computer input device, such as, for example, keyboard 24 and mouse 26 which are coupled to the processor by I/O controller 28.
- Service gateway 14 also includes network interface 30.
- service gateway 14 communicates with a network, a wide area network, or, in one embodiment, the Internet 50.
- Network interface 30 may be a digital modem, a cable modem, an Ethernet card, or any other kind of network access device that allows for connection to the Internet 50 via a digital subscriber line (DSL), cable television line, Tl line, T3 line, or any other high speed, dedicated line capable of communicating information over a network.
- DSL digital subscriber line
- Processor 15, memory 16, disk controller 18, display controller 20, I O controller 28, and network interface 30 may be coupled to one another via and communicate with one another over bus 32.
- Bus 32 may be any bus that provides for communication of and between components within a computer.
- service gateway 14 communicates over the Internet via network interface 30 and receives information from and communicates information to devices connected to the Internet such as policy server 34 and web servers (not shown).
- each of service gateway 14, policy server 34 and user computer 40 include software that allows for communication over the Internet 50.
- this includes software that provides for communication via the hyper-text transfer protocol (HTTP), the user datagram protocol (UDP), the transmission connect protocol/internet protocol (TCP/IP), and/or other network communications protocols.
- HTTP hyper-text transfer protocol
- UDP user datagram protocol
- TCP/IP transmission connect protocol/internet protocol
- a system that implements the service gateway of the present invention may be comprised of multiple computers in the form of a local area network (LAN), cluster, grouping, subnetwork, etc. (not shown).
- This system in the form of a grouping, cluster, LAN, subnetwork, etc. may be connected to the Internet or other global communications network, in one embodiment, via one or more firewalls or other security devices and systems so that the server is separated from the Internet and other computers for security purposes.
- This system may be comprised of graphics servers, application servers and other specialized, dedicated servers (not shown).
- a system that implements the policy server of the present invention may be comprised of multiple computers in the form of a local area network (LAN), cluster, grouping, subnetwork, etc. (not shown).
- This system in the form of a grouping, cluster, LAN, subnetwork, etc. may be connected to the Internet or other global communications network, in one embodiment, via one or more firewalls or other security devices and systems so that the server is separated from the Internet and other computers for security purposes.
- This system may be comprised of graphics servers, application servers and other specialized, dedicated servers (not shown).
- User computer 40 may be any personal computer having components and features similar to service gateway 14.
- user computer 40 may be any personal computing device that can execute programs and access a network such as the Internet, including, but not limited to, cellular telephones, personal digital assistants, desktop personal computers, portable computers, computer tablets, computer headsets, laptop computers, computer workstations, etc.
- user computer 40 runs a network access application program such as Internet web browsing software, an example of which is Netscape Communicator ® available from Netscape Communications of Mountain View, California, in addition to software that allows for accessing the Internet as described above.
- a network access application program such as Internet web browsing software, an example of which is Netscape Communicator ® available from Netscape Communications of Mountain View, California, in addition to software that allows for accessing the Internet as described above.
- Figures 3A and 3B illustrate the flow of actions of a service gateway and a policy server taken according to an embodiment of the system and method of the present invention.
- a service gateway Upon powering up, a service gateway sets all ports to an unauthorized state, as shown in block 52. This state signifies that the computing devices attached via ports are not authorized to access the internet. In this way, the service gateway prohibits Internet access by computing devices attached via ports that are in the unauthorized state.
- the service gateway may consult with its own internal database and place those ports having time remaining or having not reached an agreed- upon expiration date and time in the authorized state. The service gateway may then receive a web site access request from a user over a port, as shown in block 54.
- This request is, in one embodiment, a URL specifying a web site.
- the service gateway If the port on which the web access request is received is in the unauthorized state, the service gateway generates an authorization request message (AR-MSG) and sends a redirection instruction to the user redirecting the user's web browser to send the AR-MSG to a policy server, as shown in block 56.
- the redirection instruction is in the form of a URL containing an HTTP redirect to the policy server and also includes as keywords the fields of the AR-MSG.
- the policy server specified may be determined by the configuration of the service gateway, the specific access port, the current load of various policy servers, or other factors.
- the policy server receives the AR-MSG, validates the message, and requests payment information and usage information from the user, as shown in block 58.
- the policy server provides a web page to the user to request the payment information and usage information.
- the payment information and usage information will be sent to the policy server.
- the payment information and usage information is transmitted from the user to the policy server in an encrypted format, such as according to secured sockets layer (SSL) encryption and the transport layer security (TLS) protocol provided via the user's web browser. More information on SSL is available from Netscape Communications of Mountain View, California, and additional information concerning TLS is available in E. Rescorla, HTTP Over TLS.
- SSL secured sockets layer
- TLS transport layer security
- the policy server then receives the payment information and usage information from the user and processes the AR-MSG, the payment information and the usage information, as shown in block 59.
- the policy server then makes a determination as to whether authorization to access the Internet should be granted, as shown in block 60.
- the policy server may make this determination using an internal policy database.
- the structure of the policy database may be any way of storing, retrieving and maintaining the information needed to process the AR-MSG.
- the policy server may communicate with a credit card processing company, financial institution or other similar entity to verify that the payment information is accurate, is not fraudulent and/or that there are sufficient funds or credit available. In various embodiments, this may include the policy server consulting with blacklists maintained internally and/or accessed by communicating with a third party computer.
- the policy server If the policy server does not grant authorization to the user, the policy server sends an access refused web page to the user, as shown in block 62. No message is sent to the service gateway as the port for the user was initialized as unauthorized to access the Internet. If authorization is granted by the policy server, the policy server generates an authorization granted message (AG-MSG) and, in one embodiment, sends a redirection instruction to the user's web browser to send the AG-MSG to the service gateway, as shown in block 64. This redirection instruction is in the form of a URL that includes as keywords the fields of the AG-MSG. In another embodiment, policy server presents the user with a web page via the user's web browser that has an HTML link that points to the service gateway that contains the AG-MSG.
- AG-MSG authorization granted message
- the user may be presented with a web page that states "Click Here To Access the Internet.”
- the user clicks on or otherwise activates the link associated with this web page the user's browser sends the AG-MSG to the service gateway.
- the service gateway receives the AG-MSG from the user (unknown to the user), validates the message, and transitions the user's port to the authorized state, as shown in block 66.
- the service gateway may provide a welcome web page and may also, after displaying a welcome web page for a short time, provide the web page initially requested by the user, as shown in block 68.
- the service gateway then provides Internet access to the user, as shown in block 70.
- the service gateway may also act as a firewall, preventing unwanted access to the user's computer.
- the service gateway periodically checks to determine whether the authorization granted to the user has expired, as shown in block 72. If authorization has not expired, the service gateway continues providing Internet access to the user, as shown in block 70.
- the service gateway may send an access expired web page to the user and set the user's port to the unauthorized state, so that further access to the Internet by the user will be denied by the service gateway, as shown in block 74.
- the system and method operate completely through the sending of HTTP messages.
- the AR-MSG is initiated by the service gateway and is received by the policy server
- the AG-MSG is initiated by the policy server and received by the service gateway, there is no direct communication addressed between the policy server and the service gateway.
- each message generated and communicated by the policy server and the service gateway may contain a message digest 5 (MD5) digital signature and may incorporate a shared secret. Validation of the message is achieved by checking the signature upon message receipt. Additional information concerning MD5 is available in R. Rivest, The MD5 Message-Digest Algorithm. RFC 1321, April 1992, http://www.ietf.org/rfc/rfcl321.txt.
- MD5 message digest 5
- each message may contain a random sequence number which, if repeated, will cause the message to be ignored by the service gateway. Checking the sequence number is part of message validation.
- each port is designated as being in one of two states, authorized and unauthorized.
- unauthorized state a computer connected via the port in the unauthorized state is allowed only restricted Internet access.
- authorized state a computer connected via the port in the unauthorized state is allowed unrestricted Internet access.
- each logical port is initialized to the unauthorized state. A port enters the authorized state upon reception of a valid granting message from the policy server. The logical port returns to unauthorized state when authorization expires, when the user is disconnected from the service gateway, when a system operator intervenes, and upon reinitialization.
- either or both the policy server and the service gateway may implement the remote authentication dial in user service (RADIUS) protocol.
- RADIUS may be used by the service gateway to authenticate and maintain administrative information for each of the ports through which users may be granted Internet access.
- the service gateway may maintain information regarding each logical port, including state information, expiration information such as time remaining or date and time of expiration, user identifying information, etc.
- RADIUS may be used by the policy servers to manage information concerning the users for which access has been granted and which service gateways are providing the users with Internet access.
- policy servers may use RADIUS for obtaining, processing and maintaining the payment information and usage information. Information regarding RADIUS is available in C. Rigney, et al, Remote Authentication Dial In User Service fRADIUSl RFC 2865, June 2000, http://www. ietf. org/rfc/rfc2865. txt.
- the Authorization Request Message An AR-MSG is generated by the service gateway on behalf of the user that is requesting Internet access.
- the AR-MSG and the URL string that constitutes the AR-MSG may include some or all of the following fields/keywords: a port identifier ("port"), a host identifier ("host”), a mac address (“mac”), an initial URL designation ("origurl”), a sequence number (“seq”), a digital signature ("sig”), and a version number (“ver”).
- the AR-MSG in the form of a URL string may include the port through which the user connects to a service gateway, specified as an alphanumeric field in American Standard Code for Information Interchange (ASCII) format. This value may be set to indicate which physical or logical access port through which the user attaches to the service gateway.
- a host may be specified as a text name or an IP address comprised of ASCII characters in the URL string comprising an AR-MSG.
- the host name or IP address specified is the name or address of the service gateway. If the service gateway is multihomed, meaning that it has more than one IP address, the IP address supplied in the host value must be an address reachable by the user.
- the "mac" field of the URL string comprising an AR-MSG refers to the Institute of Electrical and Electronics Engineers (IEEE) 802 media access control (“MAC") hardware address of the node of the user's network connection.
- IEEE 802 media access control
- JJEEE 802 is referred to as the Ethernet networking standard.
- other physical node addresses may be used.
- the "mac” address is unknown, it may be omitted from the message.
- the service gateway may provide a 64 bit non-repeating sequence number as a field in the URL string comprising an AR-MSG.
- the sequence number is set upon system initialization to a random value so as not to repeat sequences from earlier initializations and uses.
- the service gateway may provide a protocol version value in the URL.
- an AG-MSG is generated by the policy server to grant Internet access to the user, and is sent to the user to be ferried to the service gateway.
- the service gateway Upon receipt of an AG-MSG, the service gateway transitions the state of the port specified in the message to the authorized state.
- the policy server sends an AG-MSG to the service gateway via the user's web browser. In doing so, the policy server communicates a URL string to the user containing information that constitutes an AG- MSG. In this URL string, a destination service gateway is identified as the originator of a corresponding AR-MSG.
- the AG-MSG and the URL string which accomplishes the sending of an AG-MSG may include some or all of the following keywords/fields: a host identifier ("host”), a sequence number (“seq”), a digital signature ("sig”), a version number (“ver”), a time value (“time”), a user identifier (“id”), a maximum data rate parameter also referred to as bandwidth, and a destination URL (“url”).
- the service gateway receives the AG-MSG as a URL string from a user that was initiated by a policy server.
- the service gateway may verify the signature ("sig") field value of the URL string comprising an AR-MSG by, in one embodiment, computing an MD5 hash on the received message starting with the first keyword and appending the appropriate shared secret for the hostname specified in the host field ("host"). That is, MD5 (message+shared secret), where "+” denotes concatenation.
- the service gateway may also verify a sequence number ("seq") in the URL string comprising an AG-MSG to ensure that it matches the sequence number of an earlier sent AR-MSG.
- the service gateway sets the logical port parameters as described by the fields specified in the AG-MSG and sets the logical port through which the user connects to the service gateway to the authorized state. In one embodiment, fields of the AR-MSG that are not understood are silently ignored by the service gateway. If a destination "url" is specified in the AG-MSG, the service gateway may direct the user to this destination URL. In this way, the service gateway may provide an opening screen such as a hotel or real estate management company web site of the entity managing the property at which the user is located.
- a host may be specified in an AG-MSG as a text name or an IP address comprised of ASCII characters.
- the policy server may include its own hostname or IP address. The format is similar to the "host" field in the AR-MSG. In one embodiment, the policy server may echo back the 64 bit non-repeating sequence number ("seq") provided in the AR-MSG.
- the AG-MSG may include an MD5 signature field ("sig") that is computed as in the AR-MSG.
- the AG-MSG may include a protocol version value ("ver”) in ASCII decimal format.
- the AG-MSG may include a time parameter ("time").
- the time parameter may specify the maximum total number of hours and/or minutes for which the authorization to access the Internet is granted.
- the time parameter may specify the date and time when authorized access to the internet expires, such as on February 2, 2000 at 2:00 p.m.
- the AG-MSG may include a user identifier ("id").
- the user identifier may identify a logical port.
- the identifier may be a session identifier, a user name, an JP number of the user's connection, an account number for the user, a room number, etc.
- multiple user identifiers may be used to store similar information, such as "idl” for room number, "id2" for user name, "id3" for account number, etc. These identifiers may be ASCII and ASCII decimal in various embodiments.
- the AG-MSG may include a parameter to specify the maximum data rate or bandwidth for both sending and receiving communications from the user.
- the value may be specified in kilobits per second (Kbps) or megabits per second (Mbps) and may be an ASCII decimal value.
- the user's connection is described as having maximum transmit and receive speeds of 32 Kbps.
- the bandwidth keyword may be an ASCII string that identifies a traffic shaping profile that may exist on the service gateway.
- the shaping profile may contain, for example, transmit and/or receive queue depths, committed rates, discard rates, and other computer communications parameters and information.
- the AG-MSG may include a destination URL designation in a "url" field.
- the destination URL may be any domain name which provides a web site, such as the web site of a hotel or real estate management company of the entity managing the property at which the user is located. In other embodiments, any other web page may be specified.
- a user in a multi-occupant building may plug a computer into a wall socket which is connected to an access concentrator.
- the concentrator may be connected to a service gateway having IP address 35.42.42.42 with host name somehotel.com.
- the service gateway may be associated with a policy server having IP address 192.168.254.249 and host name hotelpolicyserver.com.
- the service gateway may intercept the web page specification. If the port at which the request was made is not in the authorized state, the user is denied access to the Internet. However, the service gateway prepares an AR-MSG which is sent to the user as an HTTP redirect message such as:
- the policy server provides a web page providing welcome information and requesting payment information and usage information.
- this payment information may be an agreement to charge a specific fee to the user's hotel room bill, may prompt the user to enter credit card information, etc.
- This may be achieved via a web page using popular user interface techniques such as graphics, text, text entry fields, pull down menus, buttons, sliders, and the like.
- common gateway interface (CGI) scripts JAVA® applets, and other web page techniques may be incorporated.
- CGI common gateway interface
- the user must then accept the terms of usage and submit the payment information and the usage information. This may be achieved by clicking on a button in the web page, or by other user interface techniques.
- a link or web site reference associated with the web page is activated that directs the user's web browser to send the payment information to the policy server.
- the policy server then processes the payment information and the usage information.
- the policy server then either decides to grant or deny Internet access to the user. If access is denied, the policy server communicates a connection refused web page to the user. If access is granted, the policy server generates an AG-MSG in the format of a URL containing an HTTP query and communicates the URL to the user's browser which redirects the user to the service gateway:
- the service gateway When the user receives this URL, the user's web browser will be directed to the service gateway.
- the service gateway In response to receiving the AG-MSG from the user, the service gateway changes the logical port state for the user to authorized, provides the specified "authok.html" web page, and provides the user access to the Internet.
- the service gateway may also retrieve the original URL specified by the user when initially attempting to access the Internet by accessing a local database by providing the sequence number, the port number or other unique identifier that may be used for indexing information.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2001552223A JP2003519871A (en) | 2000-01-13 | 2001-01-08 | System and method for managing network access |
EP01900982A EP1250650A1 (en) | 2000-01-13 | 2001-01-08 | System and method for managing network access |
AU2001226383A AU2001226383A1 (en) | 2000-01-13 | 2001-01-08 | System and method for managing network access |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17718700P | 2000-01-13 | 2000-01-13 | |
US71449700A | 2000-11-15 | 2000-11-15 | |
US09/714,497 | 2000-11-15 | ||
US60/177,187 | 2000-11-15 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001052071A1 true WO2001052071A1 (en) | 2001-07-19 |
WO2001052071A9 WO2001052071A9 (en) | 2002-12-19 |
Family
ID=26873017
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/000730 WO2001052071A1 (en) | 2000-01-13 | 2001-01-08 | System and method for managing network access |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1250650A1 (en) |
JP (1) | JP2003519871A (en) |
AU (1) | AU2001226383A1 (en) |
TW (1) | TWI223941B (en) |
WO (1) | WO2001052071A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100345410C (en) * | 2004-05-08 | 2007-10-24 | 国际商业机器公司 | Method and system for distribution of information |
CN100372303C (en) * | 2004-12-13 | 2008-02-27 | 华为技术有限公司 | Method for realizing pre-payment user internet policy dynamic change |
DE102006051652A1 (en) * | 2006-11-02 | 2008-05-08 | Deutsche Telekom Ag | Parameters changing method for use during connection e.g. analog telephone, of participant with Internet, involves converting instructions into other instructions according to protocol, and supplying instructions to computer |
WO2009059533A1 (en) * | 2007-10-29 | 2009-05-14 | Huawei Technologies Co., Ltd. | Strategy management control method, device and system |
EP2166701A1 (en) * | 2008-09-18 | 2010-03-24 | Thomson Telecom Belgium | Device and method for retrieving information from a device |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9338021B2 (en) * | 2005-05-03 | 2016-05-10 | Trend Micro Incorporated | Network traffic redirection in bi-planar networks |
US7826842B2 (en) | 2005-07-01 | 2010-11-02 | Research In Motion Limited | System and method for managing forbidden network lists on a wireless user equipment (UE) device |
US9112830B2 (en) * | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
CN108512808B (en) * | 2017-02-24 | 2019-05-31 | 北京数安鑫云信息技术有限公司 | A kind of malicious requests hold-up interception method and system improving access response speed |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5706427A (en) * | 1995-09-08 | 1998-01-06 | Cadix Inc. | Authentication method for networks |
US5802518A (en) * | 1996-06-04 | 1998-09-01 | Multex Systems, Inc. | Information delivery system and method |
US5819271A (en) * | 1996-06-04 | 1998-10-06 | Multex Systems, Inc. | Corporate information communication and delivery system and method including entitlable hypertext links |
US5864871A (en) * | 1996-06-04 | 1999-01-26 | Multex Systems | Information delivery system and method including on-line entitlements |
US5926624A (en) * | 1996-09-12 | 1999-07-20 | Audible, Inc. | Digital information library and delivery system with logic for generating files targeted to the playback device |
US5961590A (en) * | 1997-04-11 | 1999-10-05 | Roampage, Inc. | System and method for synchronizing electronic mail between a client site and a central site |
-
2001
- 2001-01-08 EP EP01900982A patent/EP1250650A1/en not_active Withdrawn
- 2001-01-08 WO PCT/US2001/000730 patent/WO2001052071A1/en not_active Application Discontinuation
- 2001-01-08 JP JP2001552223A patent/JP2003519871A/en active Pending
- 2001-01-08 AU AU2001226383A patent/AU2001226383A1/en not_active Abandoned
- 2001-02-20 TW TW90100748A patent/TWI223941B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5706427A (en) * | 1995-09-08 | 1998-01-06 | Cadix Inc. | Authentication method for networks |
US5802518A (en) * | 1996-06-04 | 1998-09-01 | Multex Systems, Inc. | Information delivery system and method |
US5819271A (en) * | 1996-06-04 | 1998-10-06 | Multex Systems, Inc. | Corporate information communication and delivery system and method including entitlable hypertext links |
US5864871A (en) * | 1996-06-04 | 1999-01-26 | Multex Systems | Information delivery system and method including on-line entitlements |
US5926624A (en) * | 1996-09-12 | 1999-07-20 | Audible, Inc. | Digital information library and delivery system with logic for generating files targeted to the playback device |
US5961590A (en) * | 1997-04-11 | 1999-10-05 | Roampage, Inc. | System and method for synchronizing electronic mail between a client site and a central site |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100345410C (en) * | 2004-05-08 | 2007-10-24 | 国际商业机器公司 | Method and system for distribution of information |
CN100372303C (en) * | 2004-12-13 | 2008-02-27 | 华为技术有限公司 | Method for realizing pre-payment user internet policy dynamic change |
DE102006051652A1 (en) * | 2006-11-02 | 2008-05-08 | Deutsche Telekom Ag | Parameters changing method for use during connection e.g. analog telephone, of participant with Internet, involves converting instructions into other instructions according to protocol, and supplying instructions to computer |
WO2009059533A1 (en) * | 2007-10-29 | 2009-05-14 | Huawei Technologies Co., Ltd. | Strategy management control method, device and system |
EP2166701A1 (en) * | 2008-09-18 | 2010-03-24 | Thomson Telecom Belgium | Device and method for retrieving information from a device |
WO2010031817A1 (en) * | 2008-09-18 | 2010-03-25 | Thomson Licensing | Device and method for retrieving information from a device |
KR20110056291A (en) * | 2008-09-18 | 2011-05-26 | 톰슨 라이센싱 | Device and method for retrieving information from a device |
US9032098B2 (en) | 2008-09-18 | 2015-05-12 | Thomson Licensing | Device and method for retrieving information from a device |
KR101579816B1 (en) | 2008-09-18 | 2015-12-24 | 톰슨 라이센싱 | Device and method for retrieving information from a device |
Also Published As
Publication number | Publication date |
---|---|
WO2001052071A9 (en) | 2002-12-19 |
EP1250650A1 (en) | 2002-10-23 |
AU2001226383A1 (en) | 2001-07-24 |
JP2003519871A (en) | 2003-06-24 |
TWI223941B (en) | 2004-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1530860B1 (en) | Method and system for user-determined authentication and single-sign-on in a federated environment | |
JP4639297B2 (en) | Single sign-on for network systems with multiple separately controlled limited access resources | |
US7774612B1 (en) | Method and system for single signon for multiple remote sites of a computer network | |
US6885388B2 (en) | Method for automatically generating list of meeting participants and delegation permission | |
EP1676418B1 (en) | Methods and devices for sharing content on a network | |
US7010600B1 (en) | Method and apparatus for managing network resources for externally authenticated users | |
US7512973B1 (en) | Wireless-access-provider intermediation to facilliate digital rights management for third party hosted content | |
US10116628B2 (en) | Server-paid internet access service | |
JP2003527672A (en) | Method and apparatus for providing secure authentication of a portable device via an internet host server | |
US20020162019A1 (en) | Method and system for managing access to services | |
US20020184507A1 (en) | Centralized single sign-on method and system for a client-server environment | |
US20030229786A1 (en) | System and Method for Application-Level Virtual Private Network | |
JPH11338799A (en) | Method and system for controlling network connection | |
US20030115341A1 (en) | Method and system for authenticating a user in a web-based environment | |
JP2002523973A (en) | System and method for enabling secure access to services in a computer network | |
US20180234396A1 (en) | System and method for creating private encrypted browser zones based on one or more parameters | |
WO2005027006A1 (en) | User position utilization system | |
US20020035686A1 (en) | Systems and methods for secured electronic transactions | |
EP1250650A1 (en) | System and method for managing network access | |
JP2003518820A (en) | Method and apparatus for a circular encryption and decryption process | |
US6611916B1 (en) | Method of authenticating membership for providing access to a secure environment by authenticating membership to an associated secure environment | |
US20020165783A1 (en) | Accounting in peer-to-peer data communication networks | |
US20030226037A1 (en) | Authorization negotiation in multi-domain environment | |
JP2003323409A (en) | Single sign-on system, and program and method therefor | |
US20020162002A1 (en) | Method and system for controlling access to services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 552223 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001900982 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001900982 Country of ref document: EP |
|
AK | Designated states |
Kind code of ref document: C2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
COP | Corrected version of pamphlet |
Free format text: PAGE 2, DESCRIPTION, REPLACED BY CORRECT PAGE 2 |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2001900982 Country of ref document: EP |