 Method and system for enhancing communications efficiency in data communications networks |
| It is therefore one object of the present invention to provide a method and system to be utilized ... |
|
| Self-tuning statistical resource allocation for multipoint network events |
| The present invention solves the above problem by providing a method for dynamically allocating MCU ... |
|
| Digital advertisement insertion system |
| What is claimed is: 1. Digital advertisement insertion system comprising: an analog source of ... |
|
| Proxy player machine |
| Consequently, there is a need for an efficient way to empower a proxy player at a gaming hall so ... |
|
| System for merchandize transactions |
| An improved method and system are provided for selling merchandize like groceries. In accordance ... |
|
| System, method, and computer program product for generating documents using pagination information |
| The present invention provides a method and apparatus for extracting, synchronizing, displaying, ... |
|
| Apparatus for calculating a repair cost of a damaged car |
| The object of the invention is to provide an apparatus for calculating a repair cost of a damaged ... |
|
|
Network access control system and process
| Details |
Inventors: Willens, Steven M.;
Assignee: Livingston Enterprises, Inc. (Pleasanton, CA)
Primary Examiner: Barry; Lance Leonard
Assistant Examiner:
Attorney, Agent or Firm: Sterne, Kessler, Goldstein & Fox, P.L.L.C
An Internet access system (10) incorporates an access control subsystem (12), implemented with a communications server (14), one or more Remote Authentication Dial In User Service (RADIUS) servers (16), and a remote access server (18) in network 21. Users are connected to the network by dial-up connections (22) through the communications server (14). When user (22) logs in through the communications server (14), RADIUS client software (45) first determines if user (22) is authorized by checking his password utilizing user profiles (46). The user profiles (46) also identify a filter "F(Timmy)". The RADIUS server (16) supplies the filter identification through the RADIUS client (45) for use by client software (44) for controlling access by the user (22) to Internet sites. The client software (44) then checks to see if the filter "F(Timmy)" is stored locally in cache (50). If it is, the client software (44) uses it for controlling access. If not, the client software (44) sends a lookup request to the network access server (18), which stores the centralized permitted site list and the filters to be used as masks for checking access classifications of requested sites, to download the filter "F(Timmy)", which is maintained in the server (14) memory for the rest of the user (22)'s session. The client (44) also keeps the local cache (50 of recently requested sites and recently used user filters for efficiency. When access to a site is requested, the client first checks the local cache (50) to see if the site is on the list stored there. In practice, the client software (44) and permit-based filtering technology is integrated in the communications operating system software that runs on the server (14) or routers (24), (32) or (34). |
|
DETAILED DESCRIPTION Accordingly, it is an object of this invention to provide a system and process for network access control that allows customized Internet content monitoring based on a centralized permit model.
It is another object of the invention to provide such a system and process which is readily implemented using hardware that is typically present in most installations for Internet access.
It is a further object of the invention to provide such a system and process that utilizes an extension of firewall filtering to implement the content monitoring.
The attainment of these and related objects may be achieved through use of the novel network access control system and process herein disclosed.
A network access control system in accordance with this invention has a local access server with a local cache for storage of recently used user filters and sites accessible from the system for which access has been requested.
A network access server is coupled to the local access server and has storage for user filters.
Access client software resident in the local access server uses the user filters and sites for which access has been requested in the local cache for making an access determination for a site to which a user requests access and communicates with the network access server to obtain an access determination from the user filters and site lists stored at the network access server if an access determination cannot be made from the user filters and sites stored in the local cache.
In another aspect of the invention, a process controls network access in a system of interconnected networks by defining user access filters for determining if a request by a user for access to a desired site in the system should be permitted.
Recently used user access filters and sites accessible from the system for which access has been requested are stored in a local cache of a local access server.
User filters and site lists are stored at a network access server coupled to the local access server.
An attempt is made to use the user filters and sites for which access has been requested in the local cache for making an access determination for a site to which a user requests access
|
| Related patents |
|
|
Bi-directional information exchange mechanism for collaborative network navigation among a group of user terminals
In one aspect, the invention provides a method for exchanging information retrieved from a plurality of information repositories among a group of terminals. The method ...
|
|
|
Automated banking machine and system
What is claimed is: 1. Apparatus comprising: an automated transaction machine located at a first location, wherein the machine includes: at least one transaction ...
|
|
|
Policy-based multivariate application-level QoS negotiation for multimedia services
It is an object of the invention to provide an extensible, distributed, policy-based, object-oriented framework for managing multimedia resources and providing resource ...
|
|
|
Copyright information management system
The invention claimed is: 1. A copyright information management system comprising: A first subsystem having a copyright information management program unit that manages ...
|
|
|
Print drum for a postage meter
According to the present invention, there is provided a print drum for a postage meter, comprising: a drum structure defining a drum longitudinal axis, an outwardly ...
|
|
|
Insertion machine with postage categorization and selective merchandising
OF THE DRAWINGS FIG. 1 shows two parallel feed tracks or conveyors 20 and 22 which run parallel to one another in the direction of respective arrows 24 and 26. The ...
|
|
|
Electronic data interchange postage evidencing system
OF THE PREFERRED EMBODIMENT Reference is now made to FIG. 1. A mailer unit shown generally at 112 is utilized to generate mailpieces including suitable postage revenue ...
|
|
|
Method of checking daily consumption of postal charges by a postage meter and a postage meter enabling such monitoring to be performed
This example includes a protected enclosure EN containing electronic circuits that must be kept out of reach of the user in order to avoid fraud. These electronic ...
|
|
|
Interactive process for applying or printing information on letters or parcels
In accordance with the above objects, the present inventor provides an interactive process for applying or printing information on letters and parcels. Using Optical C...
|
|
|
Cardless method for reducing fraud in healthcare programs
OF THE PREFERRED EMBODIMENTS Before explaining the present embodiments in detail, it is to be understood that the embodiments are not limited to the particular ...
|
|
|
Finance 
