US20190342231A1 - Method for managing computer network access - Google Patents
Method for managing computer network accessDownload PDFInfo
- Publication number
- US20190342231A1 US20190342231A1US16/449,005US201916449005AUS2019342231A1US 20190342231 A1US20190342231 A1US 20190342231A1US 201916449005 AUS201916449005 AUS 201916449005AUS 2019342231 A1US2019342231 A1US 2019342231A1
- Authority
- US
- United States
- Prior art keywords
- computer
- access configuration
- server computer
- configuration file
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription34
- 230000004044responseEffects0.000abstractdescription23
- 238000004891communicationMethods0.000description136
- 230000000694effectsEffects0.000description37
- 230000008569processEffects0.000description8
- 230000035945sensitivityEffects0.000description6
- 230000005540biological transmissionEffects0.000description3
- 235000014510cookyNutrition0.000description3
- 238000012544monitoring processMethods0.000description3
- 201000009032substance abuseDiseases0.000description3
- 230000004075alterationEffects0.000description2
- 238000004458analytical methodMethods0.000description2
- 230000000903blocking effectEffects0.000description2
- 230000000977initiatory effectEffects0.000description2
- 238000012986modificationMethods0.000description2
- 230000004048modificationEffects0.000description2
- 208000036758Postinfectious cerebellitisDiseases0.000description1
- 230000009471actionEffects0.000description1
- 230000008859changeEffects0.000description1
- 238000010586diagramMethods0.000description1
- 239000000284extractSubstances0.000description1
- 230000006870functionEffects0.000description1
- 230000008520organizationEffects0.000description1
- 230000008447perceptionEffects0.000description1
- 230000001568sexual effectEffects0.000description1
- 238000012546transferMethods0.000description1
- 230000002747voluntary effectEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/80—Actions related to the user profile or the type of traffic
- H04L47/803—Application aware
- H04L29/08—
- H04L29/12009—
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/20—Network management software packages
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/22—
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Definitions
- the present inventionrelates to monitoring and controlling of data associated with transactions occurring over a computer network, such as a local area network, a wide area network or the Internet.
- a computer networksuch as a local area network, a wide area network or the Internet.
- the methodincludes initiating at a client computer a first communication session at a first network address and receiving at the client computer via the first communication session a second network address.
- a second communication sessionis initiated at the client computer at the second network address.
- the client computerreceives via the second communication session an access configuration including a control setting for at least one communication protocol capable of being utilized during a third communication session.
- a processis instantiated on the client computer which initiates a third communication session at a third network address.
- the conveyance of data to and/or from the process instantiated on the client computeris controlled based on the control setting for the one communication protocol.
- the access configurationcan include a list related to the control setting for the one communication protocol.
- the conveyance of data via the third communication sessioncan be controlled based on the list.
- the communication protocols capable of being utilizedinclude World Wide Web (WWW or Web), File Transfer Protocol (FTP), E-mail, News, Chat, Instant Messaging, Telnet and Peer-to-Peer. These protocols represent generic classes of communication protocols. The specific listing of these protocols is not to be construed as limiting the scope of the invention since the present invention is capable of operating with other, unspecified, protocols or classes of protocol.
- the control settingcan include unrestricted computer network access (Allow All); no computer network access (Block All); limited computer network access to network addresses included in an allow list (Allow Listed); and unrestricted computer network access except to network addresses included in a block list (Block Listed).
- the access configurationcan further include at least one of the following global control settings: access prohibited to convey data having a predetermined word and/or phrase; access prohibited to data of at least one predetermined data type, e.g., cookies; access prohibited to data conveyed during at least one of a predetermined time and day-of-week; and access prohibited based on a rating for a category included with the conveyed data.
- the conveyance of data to and/or from the process instantiated on the client computercan also be based on the at least one global control setting.
- the methodcan further include the step of terminating the first communication session after the client computer receives the second network address.
- the second communication sessioncan also be terminated after the client computer receives the third network address.
- the client computercan transmit via the second communication session a request to receive another access configuration including a control setting for the one communication protocol.
- the client computerreceives via the second communication session the other access configuration.
- the conveyance of data to and/or from the process instantiated on the client computercan be controlled based on the control setting included in the other access configuration,
- the step of controlling the conveyance of datacan include the steps of determining the communication protocol from the conveyed data and determining from the thus determined communication protocol the control setting therefor.
- the methodcan also include the step of transferring at least part of the control data to the second network address via the second communication session. This transferred data can include a network address and/or a subject of the third communication session.
- the methodcan include the step of transferring with the data a login name received by the client computer during a login procedure by a user thereof.
- a method for controlling computer network accessincludes storing a first network address at a client computer.
- a first communication sessionis initiated between the client computer and a first server computer at the first network address.
- the client computerreceives a second network address from the first server computer via the first communication session.
- a second communication sessionis initiated between the client computer and a second server computer at the second network address.
- the client computerreceives from the second server computer an access configuration including a control setting for at least one communication protocol capable of being utilized during a third communication session.
- a processis instantiated on the client computer which initiates a third communication session between the client computer and a remote computer at a third network address. In connection with the third communication session, the conveyance of data to and/or from the instantiated process on the client computer is controlled based on the control setting for the one communication protocol.
- the first and second server computerscan be the same server computer.
- the methodcan further include the step of terminating the first communication session after the client computer receives the second network address.
- the second communication sessioncan also be terminated after the client computer receives the third network address.
- the access configurationcan also include at least one of the following global control settings: access prohibited to convey data having a predetermined word and/or phrase; access prohibited to data having at least one predetermined data type; access prohibited to data conveyed during at least one of a predetermined time and day-of-week; and access prohibited based on a rating for a category included with the conveyed data.
- the step of controlling the conveyance of data to and/or from the process instantiated on the client computercan also be based on the at least one global control setting.
- control setting for the one communication protocolPrior to receipt of the access configuration at the client computer, the control setting for the one communication protocol is selected from a plurality of different control settings therefor. Each global control setting is selected nonexclusively of any other global control settings.
- the methodcan also include the steps of initiating at the client computer via the second communication session a request to the second server computer to transmit another access configuration.
- the other access configurationcan be received at the client computer from the second server computer. Thereafter, the conveyance of data to and/or from the instantiated process on the client computer can be controlled based on a control setting included in the other access configuration for the one communication protocol.
- the control setting for the one communication protocolcan have a list associated therewith.
- the conveyance of data via the third communication sessioncan be controlled based upon an entry, e.g., a network address, included in the list.
- the methodcan include the step of determining the communication protocol from the conveyed data.
- FIG. 1is a block diagram of hardware utilized to implement a method in accordance with the present invention
- FIG. 2is a schematic drawing of a dialog box for selecting control settings utilized for controlling computer network access in accordance with the present invention
- FIGS. 3 a -3 eare schematic drawings of Allow Lists and Block Lists utilized for controlling various types of communication protocols in accordance with the present invention
- FIG. 4is a schematic drawing of a restricted word and phrase list for controlling computer network access in accordance with the present invention.
- FIG. 5is a schematic drawing of a dialog box for selecting whether to store text and/or encoded attachments associated with computer network transactions in accordance with the present invention
- FIG. 6is a schematic drawing of a dialog box for selecting the times and days a user is granted access to a computer network
- FIG. 7is a schematic drawing of a dialog box for displaying data regarding computer network activity of a user.
- FIG. 8is a schematic drawing of a dialog box for selecting one or more levels of control for contents of a computer network transaction based on a voluntary rating included with the data conveyed with the transaction.
- the present inventionis a software program which is configured to operate on a plurality of computers connected together via a computer network, such as a local area network, a wide area network or the Internet.
- a computer networksuch as a local area network, a wide area network or the Internet.
- the software programhas two major components, namely, a server control manager (SCM) and a client control manager (CCM).
- SCMserver control manager
- CCMclient control manager
- the SCMis installed on one of the computers which, in the context of the computer network, operates as a server computer.
- the SCMcan also be installed across two or more computers which co-act to perform the function of a server computer.
- the CCMis installed on one or more client computers connected to the server computer via the computer network.
- the SCM and the CCMco-act in a manner to be described hereinafter.
- the SCMincludes an access manager that an administrator of the server computer utilizes to establish an access configuration for each user or group of users of the client computers.
- This access configurationis stored at the server computer and, at an appropriate time, is supplied to a client computer to define for the user of the client computer computer network access rights and access restrictions of the user.
- the access manageralso enables the administrator of the server computer to view, sort and analyze data related to actual or attempted computer network transactions by the user of a client computer having the CCM installed thereon.
- a client computer 1 , a server computer 2 and a remote computer 3are connected to a computer network 4 .
- another server computer 5which co-acts with server computer 2 is connected to computer network 4 .
- Computers 1 , 2 , 3 , and 5are each assigned unique network addresses that enable each computer to communicate with the other computers via computer network 4 .
- Computer network 4can include one or more servers (not shown) and/or one or more routers (not shown) that facilitate communication between computer 1 , 2 , 3 and 5 based upon the network addresses assigned to each computer.
- Client computer 1includes a memory unit 6 for storing communication software 7 .
- Client computer 1also includes a mouse 8 , a keyboard 9 and a display 10 which collectively operate as a man-machine interface between client computer 1 and a user thereof.
- Server computer 2includes a memory unit 11 for storing a server control manager software (SCM) 12 .
- Server computer 2also includes a mouse 13 , a keyboard 14 and a display 15 which collectively operate as a man-machine interface between server computer 2 and the administrator thereof.
- Remote computer 3includes a memory unit 16 for storing communication software 17 , Remote computer 3 also includes a mouse 18 , keyboard 19 and display 20 which collectively act as a man-machine interface between remote computer 3 and a user thereof.
- server computer 5includes a memory unit 21 for storing an SCM 22 .
- Server computer 5also includes a mouse 23 , a keyboard 24 and a display 25 which collectively operate as a man-machine interface between server computer 5 and an administrator thereof.
- Communication software 7 and 17 , and SCM 12 and 22control the operation of client computer 1 , server computer 2 , remote computer 3 and server computer 5 , respectively, to communicate data therebetween in a manner known in the art.
- FIG. 1one client computer 1 is shown.
- the present inventionis scalable to operate on a plurality of client computers 1 connected to server computer(s) 2 and/or 5 via computer network 4 .
- SCM 12can display on display 15 a plurality of dialog boxes that the administrator of server computer 2 utilizes to select control settings of each user or user group of one or more of client computers 1 . More specifically, the control settings of each user or user group can be individually selected based on a login name assigned to each user or user group. . A generic set of control settings can also be selected for each user or user group not having unique control settings selected therefor based on a login name assigned to each user or user group. The selection of the control settings for a user or user group of client computer 1 will now be described with reference to FIGS. 2-6 and with continuing reference to FIG. 1 . For convenience of description, the present invention will be described in connection with a user of client computer 1 .
- the present inventionis also usable in connection with a plurality of users of one or more client computers 1 and/or one or more user groups of one or more client computers 1 , where each user and/or user group has a unique login name.
- control settings dialog box 28includes an activity control setting section 30 , a global control setting section 32 and a push button section 34 .
- Activity control setting section 30includes a plurality of columns 36 - 1 - 36 - 5 , each of which is related to a particular communication protocol, and a plurality of rows 38 - 1 - 38 - 5 each of which is related to a particular control setting for each communication protocol in columns 36 - 1 - 36 - 5 .
- the intersection of each row column 36 and each row 38includes a selection means, such as a radio button 40 , which the administrator of server computer 2 selects, in a manner known in the art in order to select the control setting desired for each communication protocol.
- the communication protocols shown in columns 36 - 1 - 36 - 5include Web, FTP, E-mail, News and Chat, respectively.
- other communication protocolssuch as Instant Messaging, Telnet and Peer-to-Peer can also be included in a column 36 of activity control setting section 30 .
- the control settings included in rows 38 - 1 - 38 - 5include Off, Allow All, Allow Listed, Block All and Block Listed, respectively.
- Activity control setting section 30is shown for purpose of illustration and is not to be construed as limiting the invention since the administrator of server computer 2 can change the number of columns 36 and/or rows 38 , the communication protocol assigned to each column 36 and/or the control setting assigned to each row 38 in any desired manner.
- the administrator of server computer 2selects a desired radio button 40 for each communication protocol in columns 36 - 1 - 36 - 5 in order to select the desired control setting therefor.
- the selection of one radio button 40 in a column 36is mutually exclusive of the selection of any other radio buttons 40 in the same column 36 .
- the access manageris also configured to highlight as a default selection the radio button 40 associated with the Allow All control setting, i.e., radio button 40 in row 38 - 2 , of each communication protocol. The selection of any other radio button 40 in each column 36 will override this default selection.
- Each Allow List 46includes a list of network addresses that the user having the login name associated with control settings dialog box 28 is permitted to access for the corresponding communication protocol.
- Each network addresscan include an alpha string, a numeric string, a symbol string or some combination thereof.
- radio button 40 for the Allow Listed control setting for the Web protocol(column 36 - 1 ) is selected, access by the user having the login name associated with dialog box 28 will be permitted only to the network addresses included in allow list 46 - 1 . Similar comments apply in respect of the selection of radio buttons 40 for the Allow Listed control settings associated with the FTP protocol (column 36 - 2 ), the E-mail protocol (column 36 - 3 ), the News protocol (column 36 - 4 ) and the Chat protocol (column 36 - 5 ) for network addresses included in allow lists 46 - 2 - 46 - 5 , respectively.
- the Block Listed control setting in row 38 - 5 for each communication protocol in columns 36 - 1 - 36 - 5has associated therewith a block list 48 - 1 - 48 - 5 , respectively.
- Each block list 48includes a list of network addresses that the user having the login name associated with control settings dialog box 28 is not permitted to access for the corresponding communication protocol. For example, if radio button 40 for the Block Listed control setting for the Web protocol (column 36 - 1 ) is selected, access by the user having the login name associated with dialog box 28 will not be permitted to network addresses included in block list 48 - 1 .
- radio button 40 for the Allow All control setting for the Web protocol(column 36 - 1 ) is selected, the user having the login name associated with dialog box 28 is granted unlimited access to any network addresses utilizing this communication protocol. Similar comments apply in respect of the selection of radio buttons 40 for the Allow All control settings associated with the FTP protocol ( 36 - 2 ), the E-mail protocol (column 36 - 3 ), the News protocol (column 36 - 4 ) and the Chat protocol (column 36 - 5 ) for granting the user unlimited access to all network addresses that utilize the corresponding communication protocol.
- radio button 40 for the Block All control setting for the Web protocol(column 36 - 1 ) is selected, the user having the login name associated with dialog box 28 is denied access to all network addresses utilizing this communication protocol. Similar comments apply in respect of the selection of radio buttons 40 for the Block All control settings associated with the FTP protocol (column 36 - 2 ), the E-mail protocol (column 36 - 3 ), the News protocol (column 36 - 4 ) and the Chat protocol (column 36 - 5 ) for denying access to network addresses that utilize the corresponding communication protocol.
- Allow All, Allow Listed, Block All or Block Listed control settingis selected for a particular communication protocol, each time the user of client computer 1 attempts a network transaction utilizing this communication protocol, a record of the transaction is stored in memory unit 11 of server computer 2 in a manner to be described hereinafter.
- radio button 40 for the Off control setting for the Web protocol(column 36 - 1 ) is selected, the user having the login name associated with dialog box 28 is granted unlimited access to any network addresses utilizing this communication protocol. However, no record of each transaction that uses the Web protocol is stored in memory unit 11 of server computer 2 . Similar comments apply in respect of the selection of radio buttons 40 for the Off control settings associated with the FTP protocol (column 36 - 2 ), the E-mail protocol (column 36 - 3 ), the News protocol (column 36 - 4 ) and the Chat protocol (column 36 - 5 ) for granting unlimited access to any network addresses that utilize the corresponding communication protocol and not storing a record of each transaction in memory unit 11 of server computer 2 .
- global control settings section 32includes boxes 39 - 1 - 39 - 3 .
- a transactionconveys data having at least one word and/or phrase included in a restricted word and phrase list 50
- transmission of the data to or from communication software 7will be blocked.
- the transmission to or from communication software 7 of “behind-the-scenes” datai.e., data that is not directly presented to the user, such as cookies, is blocked.
- Push button section 34includes an Ok push button 42 and a Cancel push button 44 .
- server computer 2stores in the access configuration for the login name associated with dialog box 28 (i) an indication of the radio buttons 40 selected for each type of communication protocol, (ii) an indication of the boxes 39 - 1 and 39 - 2 selected, and (iii) the Allow Lists 46 - 1 - 46 - 5 , the Block Lists 48 - 1 - 48 - 5 and the restricted word and phrase list 50 .
- This access configurationis stored in memory unit 11 of server computer 2 for download to client computer 1 for use by the user thereof entering into client computer 1 during a login procedure the login name which is stored in the access configuration.
- the administrator of server computer 2can cause the access manager to display on display 15 a cache control dialog box 60 associated with the login name of the user.
- Dialog box 60includes a selection section 62 including three radio buttons 64 - 1 - 64 - 3 .
- server computer 2will store in a cache memory (not shown) of memory unit 11 a complete or partial copy of any transaction for which a record is stored in memory unit 11 of server computer 2 , More specifically, if radio button 64 - 1 is selected, each time a record of a transaction on client computer 1 is stored in memory unit 11 of server computer 2 , a complete or partial copy of the transaction is stored in the cache memory.
- radio button 64 - 2each time a record of a transaction on client computer 1 is stored in memory unit 11 of server computer 2 , a complete or partial copy of the transaction and any encoded attachments conveyed with this transaction are stored in the cache memory. Lastly, if radio button 64 - 3 is selected, no copy of any transaction or encoded attachments are stored in the cache memory.
- Dialog box 60can also include a Clear Cache Now push button 68 . In response to selecting push button 68 , server computer 2 erases the contents stored in the cache memory.
- dialog box 60includes an Ok push button 70 and a Cancel push button 72 . In response to selecting Cancel push button 72 , the display of dialog box 60 on display 15 is terminated and any selections made in dialog box 60 are not saved in the access configuration for the login name associated with dialog box 60 .
- the administrator of server computer 2can cause the access manager to display a Logon Hours dialog box 80 on display 15 .
- Dialog box 80includes a time-day array 82 that includes a plurality of time columns 86 and a plurality of day rows 88 .
- the administrator of server computer 2can select each box 84 formed by the intersection of columns 86 and rows 88 of time-day array 82 .
- Dialog box 80also includes an Allow push button 90 , a Disallow push button 92 , a Cancel push button 94 and an Ok push button 96 .
- any selected boxes 84will be marked with a suitable Allow indicia.
- any selected boxes 84will be marked with a suitable Disallow indicia.
- a user of client computer 1 having the login name associated with dialog box 80will be allowed or disallowed network access at the corresponding time and day of week. As a default selection, in the absence of disallowing computer network access at certain times and certain days, the user of client computer 1 having the login name associated with dialog box 80 will have network access at these certain times and certain days.
- each access configurationincludes all of the allow lists 46 and block lists 48 .
- a client control manager software (CCM) 98is stored in memory unit 6 of client computer 1 and operates as a buffer between communication software 7 and the computer network 4 .
- CCM 98initiates a first communication session 100 at a first network address of server computer 2 .
- This first network addressis stored in Memory Unit 6 for use by CCM 98 to communicate with server computer 2 .
- CCM 98causes SCM 12 of server computer 2 to transmit to client computer 1 via first communication session 100 a second network address.
- This second network addresscan be another network address hosted by server computer 2 or a network address hosted by server computer 5 .
- server computer 2hosts the second network address
- client computer 1initiates a second communication session 102 with server computer 2 at the second network address.
- server computer 5in response to receiving the second network address, client computer 1 initiates a second communication session 102 ′ with server computer 5 .
- server computer 2 or 5hosts the second network address, the access configuration file for the login name of the user of client computer 1 is stored thereat.
- server computer 2will be described as hosting the second network address. However, this is not to be construed as limiting the invention.
- CCM 98causes communication software 7 to terminate first communication session 100 and causes SCM 12 to download to client computer 1 a copy of the access configuration stored in memory unit 11 for the login name entered into client computer 1 by the user thereof during a login procedure.
- CCM 98transmits to server computer 2 via second communication session 102 the login name entered by the user of client computer 1 during the login procedure.
- SCM 12searches memory unit 11 for the access configuration including this login name.
- SCM 12transmits a copy of this access configuration to client computer 1 via second communication session 102 .
- SCM 12can transmit a copy of a generic access configuration to client computer 1 via second communication session 102 e.
- This generic access configurationcan be established by the administrator of server computer 2 for each user of client computer 1 not having a login name included in an access configuration stored in memory unit 11 .
- CCM 98stores the access configuration in memory unit 6 .
- CCM 98commences monitoring and controlling transactions between communication software 7 and computer network 4 based thereon
- the radio buttons and boxes shown selected in dialog boxes 28 , 60 and 80have been selected.
- CCM 98commences monitoring data associated with actual or attempted transactions via third communication session 104 . More specifically, CCM 98 determines from the data associated with each transaction the communication protocol being utilized. This data can include control data and content data. Control data is typically a header and/or a footer appended to the content data, but is not necessarily limited thereto. Content data contains the essence of any information, e.g., text, being conveyed via third communication session 104 .
- CCM 98determines from the access configuration received by client computer 1 the control setting that was selected for this communication protocol. For example, if CCM 98 determines that the transaction utilizes the Web protocol common to communications on the World Wide Web, i.e., HTTP, CCM 98 can then determine from the access configuration that the Block Listed control setting was selected for the Web protocol. Based on the selection of this control setting, CCM 98 will utilize block list 48 - 1 . Next, CCM 98 extracts from the control data of the transaction the network address included therein and compares this network address to the network addresses included in block list 48 - 1 .
- CCM 98blocks the conveyance of data comprising the transaction to or from communication software 7 of client computer 1 . In contrast, in the absence of a match, CCM 98 permits the data comprising this transaction to be conveyed to or from communication software 7 .
- SCM 12creates in memory unit 11 for each login name an activity list 122 of transactions occurring via third communication session 104 in connection with this login name. Except for communication protocols where the Off control setting was selected in control setting dialog box 28 , activity list 122 for each login name will include a record of each actual or attempted transaction occurring via third communication session 104 . Alternatively, activity list 122 for each user can include only records of actual or attempted transactions that were blocked by CCM 98 . For purpose of describing the invention, it will be assumed that a record is entered in activity list 122 for the login name of the user of client computer 1 for each actual or attempted transaction occurring via third communication session 104 .
- CCM 98transmits to server computer 2 via second communication session 102 certain data regarding the transaction.
- SCM 12forms from this data a record of the transaction which is stored in activity list 122 associated with the login name of the user of client computer 1 .
- the administrator of server computer 2can cause SCM 12 to display on display 15 an Activity Log dialog box 120 which includes activity list 122 associated with the login name of the user of client computer 1 that initiated third communication session 104 .
- Activity Log dialog box 120includes columns 124 - 1 - 124 - 6 entitled Protocol, Network Address (NA), Subject, Date/Time, Control and User, respectively, for each record stored in activity list 122 .
- Columns 124 - 1 - 124 - 6 in activity log dialog box 120are shown for purpose of illustration and are not to be construed as limiting the invention since activity log dialog box 120 can include more or less columns 124 , each of which can be entitled with one of the titles shown in activity log dialog box 120 or with a different title. Exemplary entries of records into activity list 122 for transactions utilizing the communication protocols shown in FIG. 2 will now be described.
- CCM 98transmits to server computer 2 via second communication session 102 certain data regarding the transaction to be included in a record 126 formed by SCM 12 in activity list 122 for the login name of the user of client computer 1 .
- record 126includes in column 124 - 1 an entry that the Web protocol was utilized, the Network Address of the transaction which is entered in column 124 - 2 , the Subject of the transaction which is entered in column 124 - 3 , a Date/Time of the transaction which is entered in column 124 - 4 and the Login name of the user of client computer 1 which is entered in column 124 - 6 .
- the Date/Time entry in column 124 - 4 of record 126can be supplied either by CCM 98 when transmitting the data comprising record 126 to server computer 2 or by the SCM 12 upon receipt of the data comprising record 126 from client computer 1 .
- record 126does not include any data in Control column 124 - 5 .
- record 128 of activity list 122includes in column 124 - 1 an entry that the Web protocol was utilized and includes in control column 124 - 5 the entry “Block List”. This later entry is included in record 128 in response to CCM 98 blocking the conveyance of data during a transaction to or from communication software 7 based upon CCM 98 determining that the conveyed data included a network address that is also included in block list 48 - 1 .
- Activity list 122also includes a record 130 which includes in column 124 - 1 an entry that the Web protocol was utilized and includes in Control column 124 - 5 the entry “Allow List”. This later entry is included in record 130 when CCM 98 permits the conveyance of data during a transaction to or from communication software 7 based upon CCM 98 determining that the conveyed data included a network address that is also included in allow list 46 - 1 .
- the access configurationwill cause CCM 98 to permit all data having this communication protocol to be conveyed to or from communication software 7 , but will not cause CCM 98 to transmit to server computer 2 via second communication session 102 any data regarding transactions utilizing this communication protocol. Therefore, no record of transactions utilizing this communication protocol are included in activity list 122 .
- the access configurationwill cause CCM 98 to permit all data having this communication protocol to be conveyed to or from communication software 7 and will cause CCM 98 to transmit to server computer 2 via second communication session 102 data to be included in a record of this transaction in activity list 122 ,
- the Allow All control setting for the FTP protocolis selected, when CCM 98 determines that a transaction occurring via a third communication session 104 utilizes the FTP protocol, data regarding this transaction is transmitted via second communication session 102 to server computer 2 whereupon the SCM forms a record 132 of this transaction which is included in activity list 122 . Since the Allow All control setting is selected, CCM 98 permits all data having the FTP protocol to be conveyed to or from communication software 7 .
- the Allow All control setting for the E-mail protocolis selected, when CCM 98 determines that a transaction occurring via third communication session 104 utilizes the E-mail protocol, data regarding this transaction is transmitted to server computer 2 via second communication session 102 whereupon the SCM forms a record 134 of this transaction which is included in activity list 122 . In this case, since the Allow All control setting was selected, no entry would ordinarily be included in Control column 124 - 5 of record 134 . However, in FIG. 2 , if box 39 - 1 is selected, CCM 98 compares words and/or phrases included in the data conveyed with each transaction, regardless of the type of communication protocol, to words and phrases included in the restricted words and phrases list 50 .
- CCM 98blocks conveyance of this data to or from communication software 7 and causes SCM 12 to include an appropriate entry, e.g., Word or Phrase, in Control column 124 - 5 of record 134 .
- CCM 98utilizes a real time time-date clock (not shown) of client computer 1 or a time and date included in the received access configuration to monitor the time and date associated with each transaction. If a transaction is attempted at a time and/or date that is disallowed in the Login Hours dialog box 80 shown in FIG. 6 , CCM 98 blocks conveyance of the data to or from communication software 7 and transmits data regarding this transaction to server computer 2 via second communication session 102 whereupon SCM 12 forms a record 136 of the transaction which is included in activity list 122 . Because the user of client computer 1 attempted a transaction at a disallowed time and/or date, an appropriate entry, e.g., Time or Date, is included in Control column 124 - 5 of record 136 .
- an appropriate entrye.g., Time or Date
- CCM 98determines that a transaction occurring via third communication session 104 utilizes the News protocol
- CCM 98compares the network address included with the conveyed data for this transaction to the network addresses listed in allow list 46 - 4 .
- CCM 98permits the data to be conveyed to or from communication software 7 .
- CCM 98blocks the conveyance of the data to or from communication software 7 .
- CCM 98transmits to server computer 2 via second communication session 102 data regarding this transaction.
- SCM 12forms a record 138 of this transaction which is included in activity list 122 .
- Control column 124 - 5 of record 138If CCM 98 permitted the data to be conveyed to or from communication software 7 , no entry is included in Control column 124 - 5 of record 138 . However, if CCM 98 blocks the conveyance of the data to or from communication software 7 , an appropriate entry, e.g., Allow List, is included in Control column 124 - 5 of record 138 .
- CCM 98determines that a transaction occurring via third communication session 104 utilizes the Chat protocol
- CCM 98blocks the conveyance of any data for this transaction to or from communication software 7 and transmits to server computer 2 via second communication session 102 data regarding this transaction.
- SCM 12forms a record 140 of this transaction which is included in activity list 122 .
- Record 140includes an appropriate entry, e.g., Block All, in Control column 124 - 5 of record 140 to indicate that the conveyance of data to or from communication software 7 was blocked based upon the Block All control setting.
- control settings dialog box 28results in a record being created in activity list 122 for each transaction that utilizes one of these communication protocols.
- the selection of the Off control setting for each communication protocol shown in Control settings dialog box 28result in no record being included in activity list 122 for transactions that utilizes one of these corresponding communication protocols.
- CCM 98will block behind-the-scenes data, transmission, i.e., data that is not directly presented to the user, such as Internet cookies. Furthermore, if radio button 64 - 1 in FIG. 5 is selected, CCM 98 will transmit to server computer 2 via second communication session 102 a copy of each transaction.
- the data comprising the record for the transaction which is included by SCM 12 in activity list 122can be copied from the copy of the transaction transmitted to server computer 2 via second communication session 102 .
- the copy of each transactionis stored in the cache memory of memory unit 11 in connection with the corresponding record included in activity list 122 .
- the administrator of server computer 2can utilize the point and click method to select a desired record in activity list 122 whereupon the cached copy of the transaction for the select record is retrieved from the cache memory and displayed on display 15 .
- CCM 98will transmit to server computer 2 via second communication session 102 copies of each transaction and any encoded attachments along with the data comprising the record for the transaction which is included by SCM 12 in activity list 122 .
- the copies of the transaction and any encoded attachmentsare included in cache memory in connection with the record of the transaction included in activity list 122 .
- radio button 64 - 3 in FIG. 5is selected, CCM 98 will not transmit to server computer 2 copies of any transactions or any encoded attachments of any transactions, and will only transmit to server computer 2 for each transaction the data comprising the record for the transaction which is included by SCM 12 in activity list 122 .
- Another global control settingincludes a control setting based upon a standardized category rating included in conveyed data by the provider thereof.
- the administrator of server computer 2causes SCM 12 to display on display 15 a PICs Configuration dialog box 150 .
- Dialog box 150includes a category menu section 152 where a selection can be made of the category of data to be controlled. These categories can include, without limitation, violence, sex, nudity, language, etc.
- a sensitivity selection means 154is provided in dialog box 150 to set the sensitivity of the control setting for each category.
- the administrator of server computer 2utilizes the point and click method to select an Ok push button 156 in dialog box 150 .
- the selection of Ok push button 156causes the sensitivity selection for the selected category to be stored in the access configuration for the login name associated with dialog box 150 .
- CCM 98compares the standardized category rating included in the conveyed data with the sensitivity for the same category stored in the access configuration for the login name of the user of client computer 1 . If the standardized category rating included in the conveyed data equals or exceeds the sensitivity selected for the same category stored in the access configuration, CCM 98 blocks the conveyance of data associated with this transaction from being conveyed to or from communication software 7 .
- CCM 98issues a request to SCM 12 via second communication session 102 for SCM 12 to transmit to client computer 1 another copy of the access configuration for the login name of the user of client computer 1 . This is done to ensure that client computer 1 is utilizing the most current access configuration for the login name of the user of client computer 1 . Thus, if any changes to the access configuration are made by the administrator of server computer 2 , client computer 1 will receive a copy of the current access configuration at the suitable times, e.g., periodically, every few minutes.
- the present inventionprovides a method for controlling computer network access where each user's access to the computer network can be selectively monitored and controlled and records of transactions for each user can be stored for subsequent retrieval and analysis.
- server computer 2can be configured to simultaneously host a plurality of client computers 1 up to the number of second network addresses that server computer 2 is configured to host.
- server computer 2can be configured to simultaneously host a plurality of client computers 1 up to the number of second network addresses that server computer 2 is configured to host.
- server computer 2can be configured to simultaneously host a plurality of client computers 1 up to the number of second network addresses that server computer 2 is configured to host.
- the present inventionwas described in connection with a single, third communication session 104 , it is to be appreciated that each user of a client computer 1 can initiate a plurality of third communication sessions with different remote computers 3 at different network addresses whereupon each of these third communication sessions would be considered a standalone, third communication session.
- the software of the present inventionis preferably configured so that each instantiation of communication software 7 has its own instantiation of CCM 98 .
- thisis not to be construed as limiting the invention since a single instantiation of CCM 98 can be configured to control access to two or more instantiations of communication software 7 on the same client computer 1 .
- SCM 12can be configured so that if a login name of a user of client computer 1 does not match a login name included in an access configuration stored in memory unit 11 , SCM 12 transmits a copy of a generic access configuration to each client computer 1 having a user not having a login name included in an access configuration stored in memory unit 11 .
- Each client computer 1 receiving this generic access configurationoperates in the foregoing manner for the control setting and boxes selected in control settings dialog box 28 therefor.
- Each list 46 and/or 48can be customized as desired by the administrator of server computer 2 prior to download to a client computer 1 .
- the access configuration downloaded to client computer 1preferably included all of lists 46 and/or 48 associated therewith.
- SCM 12can be configured to download to client computer 2 only the lists 46 and/or 48 related to the selection of the corresponding Allow Listed or Block Listed control settings for one or more communication protocols. In this manner, lists 46 and 48 that would not be used by CCM 98 are not stored in the access configuration downloaded to client computer 1 .
- each access configuration stored in memory unit 11 of server computer 2can include only the lists 46 and/or 48 related to the selection of the corresponding Allow Listed or Block Listed control settings for one or more communication protocols. In this manner, lists 46 and/or 48 that would not be used are not stored in the access configuration stored in memory unit 11 .
- third communication session 104was established concurrent with second communication session 102 .
- CCM 98can terminate second communication session 102 after receiving the access configuration for the user of client computer 1 in memory unit 6 .
- CCM 98can reestablish second communication session 102 with server computer 2 and use this reestablished second communication session 102 to transmit data regarding transactions to server computer 2 .
- CCM 98can store data related to a number of transactions in memory unit 6 and, at suitable times, can transmit this stored data to server computer 2 .
- CCM 98can use the access configuration downloaded to client computer 1 and can defer transmitting data regarding transactions to server computer 2 until second communication session 102 can be reestablished.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
- The present application is a divisional of U.S. patent application Ser. No. 13/153,931, filed Jun. 6, 2011, which is a continuation of U.S. patent application Ser. No. 10/055,407, filed Jan. 23, 2002, now U.S. Pat. No. 7,958,237, which claims priority from U.S. Provisional Patent Application No. 60/263,536, filed Jan. 23, 2001, all of which are incorporated herein by reference in their entirety.
- The present invention relates to monitoring and controlling of data associated with transactions occurring over a computer network, such as a local area network, a wide area network or the Internet.
- Recent studies indicate that more than 50% of all computer network, e.g., Internet, transactions taking place within an organization are not business related. To this end, 79% of all organizations have detected employee abuses of Internet access privileges. Moreover, 64% of organizations participating in a survey acknowledge financial loses from abuses of Internet access privileges. In addition, because of its ease of use and the misguided perception that the Internet is a secure communication medium, the Internet has engendered an increase in sexual harassment and other hostile workplace issues.
- As a result, there is an increasing need to control computer network access to prevent abuses and/or to provide evidence to support employee disciplinary action. In addition, there is a need to reduce or eliminate misuse of a computer network within organizations in order to preserve the network bandwidth for work related purposes. Lastly, there is a need for an enforcement tool to back computer network acceptable use policies. However, at the present time, no means exists that fulfills all of these needs.
- It is, therefore, an object of the present invention to overcome the above problems and others by providing a method for controlling computer network access where each user's access to the computer network can be selectively controlled and records of each user's computer network transactions, especially prohibited transactions, can be stored for subsequent retrieval and analyses. Still other objects of the invention will become apparent to those of ordinary skill in the art upon reading and understanding the following detailed description.
- Accordingly, we have invented a method for controlling computer network access. The method includes initiating at a client computer a first communication session at a first network address and receiving at the client computer via the first communication session a second network address. A second communication session is initiated at the client computer at the second network address. The client computer receives via the second communication session an access configuration including a control setting for at least one communication protocol capable of being utilized during a third communication session. A process is instantiated on the client computer which initiates a third communication session at a third network address. Lastly, in connection with the third communication session, the conveyance of data to and/or from the process instantiated on the client computer is controlled based on the control setting for the one communication protocol.
- The access configuration can include a list related to the control setting for the one communication protocol. The conveyance of data via the third communication session can be controlled based on the list.
- The communication protocols capable of being utilized include World Wide Web (WWW or Web), File Transfer Protocol (FTP), E-mail, News, Chat, Instant Messaging, Telnet and Peer-to-Peer. These protocols represent generic classes of communication protocols. The specific listing of these protocols is not to be construed as limiting the scope of the invention since the present invention is capable of operating with other, unspecified, protocols or classes of protocol.
- The control setting can include unrestricted computer network access (Allow All); no computer network access (Block All); limited computer network access to network addresses included in an allow list (Allow Listed); and unrestricted computer network access except to network addresses included in a block list (Block Listed). The access configuration can further include at least one of the following global control settings: access prohibited to convey data having a predetermined word and/or phrase; access prohibited to data of at least one predetermined data type, e.g., cookies; access prohibited to data conveyed during at least one of a predetermined time and day-of-week; and access prohibited based on a rating for a category included with the conveyed data. The conveyance of data to and/or from the process instantiated on the client computer can also be based on the at least one global control setting.
- The method can further include the step of terminating the first communication session after the client computer receives the second network address. The second communication session can also be terminated after the client computer receives the third network address.
- At suitable times, the client computer can transmit via the second communication session a request to receive another access configuration including a control setting for the one communication protocol. In response to this request, the client computer receives via the second communication session the other access configuration. The conveyance of data to and/or from the process instantiated on the client computer can be controlled based on the control setting included in the other access configuration,
- The step of controlling the conveyance of data can include the steps of determining the communication protocol from the conveyed data and determining from the thus determined communication protocol the control setting therefor. The method can also include the step of transferring at least part of the control data to the second network address via the second communication session. This transferred data can include a network address and/or a subject of the third communication session. Lastly, the method can include the step of transferring with the data a login name received by the client computer during a login procedure by a user thereof.
- We have also invented a method for controlling computer network access that includes storing a first network address at a client computer. A first communication session is initiated between the client computer and a first server computer at the first network address. The client computer receives a second network address from the first server computer via the first communication session. A second communication session is initiated between the client computer and a second server computer at the second network address. The client computer receives from the second server computer an access configuration including a control setting for at least one communication protocol capable of being utilized during a third communication session. A process is instantiated on the client computer which initiates a third communication session between the client computer and a remote computer at a third network address. In connection with the third communication session, the conveyance of data to and/or from the instantiated process on the client computer is controlled based on the control setting for the one communication protocol.
- The first and second server computers can be the same server computer.
- The method can further include the step of terminating the first communication session after the client computer receives the second network address. The second communication session can also be terminated after the client computer receives the third network address.
- The access configuration can also include at least one of the following global control settings: access prohibited to convey data having a predetermined word and/or phrase; access prohibited to data having at least one predetermined data type; access prohibited to data conveyed during at least one of a predetermined time and day-of-week; and access prohibited based on a rating for a category included with the conveyed data. The step of controlling the conveyance of data to and/or from the process instantiated on the client computer can also be based on the at least one global control setting.
- Prior to receipt of the access configuration at the client computer, the control setting for the one communication protocol is selected from a plurality of different control settings therefor. Each global control setting is selected nonexclusively of any other global control settings.
- The method can also include the steps of initiating at the client computer via the second communication session a request to the second server computer to transmit another access configuration. The other access configuration can be received at the client computer from the second server computer. Thereafter, the conveyance of data to and/or from the instantiated process on the client computer can be controlled based on a control setting included in the other access configuration for the one communication protocol.
- The control setting for the one communication protocol can have a list associated therewith. The conveyance of data via the third communication session can be controlled based upon an entry, e.g., a network address, included in the list.
- Lastly, the method can include the step of determining the communication protocol from the conveyed data.
FIG. 1 is a block diagram of hardware utilized to implement a method in accordance with the present invention;FIG. 2 is a schematic drawing of a dialog box for selecting control settings utilized for controlling computer network access in accordance with the present invention;FIGS. 3a-3e are schematic drawings of Allow Lists and Block Lists utilized for controlling various types of communication protocols in accordance with the present invention;FIG. 4 is a schematic drawing of a restricted word and phrase list for controlling computer network access in accordance with the present invention;FIG. 5 is a schematic drawing of a dialog box for selecting whether to store text and/or encoded attachments associated with computer network transactions in accordance with the present invention;FIG. 6 is a schematic drawing of a dialog box for selecting the times and days a user is granted access to a computer network;FIG. 7 is a schematic drawing of a dialog box for displaying data regarding computer network activity of a user; andFIG. 8 is a schematic drawing of a dialog box for selecting one or more levels of control for contents of a computer network transaction based on a voluntary rating included with the data conveyed with the transaction.- The present invention is a software program which is configured to operate on a plurality of computers connected together via a computer network, such as a local area network, a wide area network or the Internet.
- The software program has two major components, namely, a server control manager (SCM) and a client control manager (CCM). The SCM is installed on one of the computers which, in the context of the computer network, operates as a server computer. The SCM can also be installed across two or more computers which co-act to perform the function of a server computer. The CCM is installed on one or more client computers connected to the server computer via the computer network. The SCM and the CCM co-act in a manner to be described hereinafter.
- The SCM includes an access manager that an administrator of the server computer utilizes to establish an access configuration for each user or group of users of the client computers. This access configuration is stored at the server computer and, at an appropriate time, is supplied to a client computer to define for the user of the client computer computer network access rights and access restrictions of the user. Lastly, the access manager also enables the administrator of the server computer to view, sort and analyze data related to actual or attempted computer network transactions by the user of a client computer having the CCM installed thereon.
- With reference to
FIG. 1 , a client computer1, a server computer2 and a remote computer3 are connected to a computer network4. Optionally, anotherserver computer 5 which co-acts with server computer2 is connected to computer network4.Computers 1,2,3, and5 are each assigned unique network addresses that enable each computer to communicate with the other computers via computer network4. Computer network4 can include one or more servers (not shown) and/or one or more routers (not shown) that facilitate communication betweencomputer 1,2,3 and5 based upon the network addresses assigned to each computer. - Client computer1 includes a
memory unit 6 for storing communication software7. Client computer1 also includes a mouse8, a keyboard9 and adisplay 10 which collectively operate as a man-machine interface between client computer1 and a user thereof. Server computer2 includes a memory unit11 for storing a server control manager software (SCM)12. Server computer2 also includes amouse 13, akeyboard 14 and adisplay 15 which collectively operate as a man-machine interface between server computer2 and the administrator thereof. Remote computer3 includes amemory unit 16 for storingcommunication software 17, Remote computer3 also includes amouse 18,keyboard 19 anddisplay 20 which collectively act as a man-machine interface between remote computer3 and a user thereof. Lastly,server computer 5 includes amemory unit 21 for storing anSCM 22.Server computer 5 also includes amouse 23, akeyboard 24 and adisplay 25 which collectively operate as a man-machine interface betweenserver computer 5 and an administrator thereof.Communication software 7 and17, andSCM server computer 5, respectively, to communicate data therebetween in a manner known in the art. InFIG. 1 , one client computer1 is shown. However, the present invention is scalable to operate on a plurality of client computers1 connected to server computer(s)2 and/or5 via computer network4. SCM 12 can display on display15 a plurality of dialog boxes that the administrator of server computer2 utilizes to select control settings of each user or user group of one or more of client computers1. More specifically, the control settings of each user or user group can be individually selected based on a login name assigned to each user or user group. . A generic set of control settings can also be selected for each user or user group not having unique control settings selected therefor based on a login name assigned to each user or user group. The selection of the control settings for a user or user group of client computer1 will now be described with reference toFIGS. 2-6 and with continuing reference toFIG. 1 . For convenience of description, the present invention will be described in connection with a user of client computer1. However, it is to be appreciated, that the present invention is also usable in connection with a plurality of users of one or more client computers1 and/or one or more user groups of one or more client computers1, where each user and/or user group has a unique login name.- Initially, the administrator of server computer2 utilizes the access manager to assign a login name to a user of client computer1. This login name is stored in an access configuration, to be described hereinafter, and is utilized as the basis for associating the control settings selected by the administrator of server computer2 for the user associated with the login name. Next, the administrator of server computer2 causes the access manager to display on display15 a control
settings dialog box 28, shown inFIG. 2 , associated with the login name of the user. Controlsettings dialog box 28 includes an activitycontrol setting section 30, a globalcontrol setting section 32 and apush button section 34. Activitycontrol setting section 30 includes a plurality of columns36-1-36-5, each of which is related to a particular communication protocol, and a plurality of rows38-1-38-5 each of which is related to a particular control setting for each communication protocol in columns36-1-36-5. The intersection of each row column36 and each row38 includes a selection means, such as aradio button 40, which the administrator of server computer2 selects, in a manner known in the art in order to select the control setting desired for each communication protocol. - The communication protocols shown in columns36-1-36-5 include Web, FTP, E-mail, News and Chat, respectively. In addition, other communication protocols, such as Instant Messaging, Telnet and Peer-to-Peer can also be included in a column36 of activity
control setting section 30. It is to be understood that the foregoing communication protocols are generic examples of communication protocols. Accordingly, the following description of the present invention in connection with any of the foregoing communication protocols is not to be construed as limiting the invention since the present invention can be adapted to work with any known or hereinafter developed communication protocol. The control settings included in rows38-1-38-5 include Off, Allow All, Allow Listed, Block All and Block Listed, respectively. Activitycontrol setting section 30 is shown for purpose of illustration and is not to be construed as limiting the invention since the administrator of server computer2 can change the number of columns36 and/or rows38, the communication protocol assigned to each column36 and/or the control setting assigned to each row38 in any desired manner. - In operation, the administrator of server computer2 selects a desired
radio button 40 for each communication protocol in columns36-1-36-5 in order to select the desired control setting therefor. In order to avoid the selection of conflicting control settings for each communication protocol, the selection of oneradio button 40 in a column36 is mutually exclusive of the selection of anyother radio buttons 40 in the same column36. The access manager is also configured to highlight as a default selection theradio button 40 associated with the Allow All control setting, i.e.,radio button 40 in row38-2, of each communication protocol. The selection of anyother radio button 40 in each column36 will override this default selection. - With reference to
FIGS. 3a -3e,and with continuing reference to all previous Figs., the Allow Listed control setting in row38-3 for each communication protocol in columns36-1-36-5 has associated therewith an allow list46-1-46-5, respectively. Each Allow List46 includes a list of network addresses that the user having the login name associated with controlsettings dialog box 28 is permitted to access for the corresponding communication protocol. Each network address can include an alpha string, a numeric string, a symbol string or some combination thereof. Ifradio button 40 for the Allow Listed control setting for the Web protocol (column36-1) is selected, access by the user having the login name associated withdialog box 28 will be permitted only to the network addresses included in allow list46-1. Similar comments apply in respect of the selection ofradio buttons 40 for the Allow Listed control settings associated with the FTP protocol (column36-2), the E-mail protocol (column36-3), the News protocol (column36-4) and the Chat protocol (column36-5) for network addresses included in allow lists46-2-46-5, respectively. - The Block Listed control setting in row38-5 for each communication protocol in columns36-1-36-5 has associated therewith a block list48-1-48-5, respectively. Each block list48 includes a list of network addresses that the user having the login name associated with control
settings dialog box 28 is not permitted to access for the corresponding communication protocol. For example, ifradio button 40 for the Block Listed control setting for the Web protocol (column36-1) is selected, access by the user having the login name associated withdialog box 28 will not be permitted to network addresses included in block list48-1. Similar comments apply in respect of the selection ofradio buttons 40 for the Block Listed control settings associated with the FTP protocol (column36-2), the E-mail protocol (column36-3), the News protocol (column36-4) and the Chat protocol (column36-5) for network addresses included in block lists48-2-48-5, respectively. - If
radio button 40 for the Allow All control setting for the Web protocol (column36-1) is selected, the user having the login name associated withdialog box 28 is granted unlimited access to any network addresses utilizing this communication protocol. Similar comments apply in respect of the selection ofradio buttons 40 for the Allow All control settings associated with the FTP protocol (36-2), the E-mail protocol (column36-3), the News protocol (column36-4) and the Chat protocol (column36-5) for granting the user unlimited access to all network addresses that utilize the corresponding communication protocol. - If
radio button 40 for the Block All control setting for the Web protocol (column36-1) is selected, the user having the login name associated withdialog box 28 is denied access to all network addresses utilizing this communication protocol. Similar comments apply in respect of the selection ofradio buttons 40 for the Block All control settings associated with the FTP protocol (column36-2), the E-mail protocol (column36-3), the News protocol (column36-4) and the Chat protocol (column36-5) for denying access to network addresses that utilize the corresponding communication protocol. - If the Allow All, Allow Listed, Block All or Block Listed control setting is selected for a particular communication protocol, each time the user of client computer1 attempts a network transaction utilizing this communication protocol, a record of the transaction is stored in memory unit11 of server computer2 in a manner to be described hereinafter.
- If
radio button 40 for the Off control setting for the Web protocol (column36-1) is selected, the user having the login name associated withdialog box 28 is granted unlimited access to any network addresses utilizing this communication protocol. However, no record of each transaction that uses the Web protocol is stored in memory unit11 of server computer2. Similar comments apply in respect of the selection ofradio buttons 40 for the Off control settings associated with the FTP protocol (column36-2), the E-mail protocol (column36-3), the News protocol (column36-4) and the Chat protocol (column36-5) for granting unlimited access to any network addresses that utilize the corresponding communication protocol and not storing a record of each transaction in memory unit11 of server computer2. - With reference to
FIG. 4 , and with continuing reference to all previous Figs., globalcontrol settings section 32 includes boxes39-1-39-3. In response to selecting box39-1, if a transaction conveys data having at least one word and/or phrase included in a restricted word andphrase list 50, transmission of the data to or from communication software7 will be blocked. In response to selecting box39-2, the transmission to or from communication software7 of “behind-the-scenes” data, i.e., data that is not directly presented to the user, such as cookies, is blocked. Push button section 34 includes anOk push button 42 and a Cancelpush button 44. In response to selectingOk push button 42, server computer2 stores in the access configuration for the login name associated with dialog box28 (i) an indication of theradio buttons 40 selected for each type of communication protocol, (ii) an indication of the boxes39-1 and39-2 selected, and (iii) the Allow Lists46-1-46-5, the Block Lists48-1-48-5 and the restricted word andphrase list 50. This access configuration is stored in memory unit11 of server computer2 for download to client computer1 for use by the user thereof entering into client computer1 during a login procedure the login name which is stored in the access configuration. Since thelists 46,48 and50 for each user are stored at server computer2, the administrator of server computer2 can update each list as desired. Selecting Cancel push button54, however, terminatesdialog box 28 without storing in the access configuration any selections made indialog box 28 or any of thelists 46,48 and50.- With reference to
FIG. 5 , and with continuing reference to all previous Figs., the administrator of server computer2 can cause the access manager to display on display15 a cachecontrol dialog box 60 associated with the login name of the user.Dialog box 60 includes aselection section 62 including three radio buttons64-1-64-3. In response to selecting radio button64-1, server computer2 will store in a cache memory (not shown) of memory unit11 a complete or partial copy of any transaction for which a record is stored in memory unit11 of server computer2, More specifically, if radio button64-1 is selected, each time a record of a transaction on client computer1 is stored in memory unit11 of server computer2, a complete or partial copy of the transaction is stored in the cache memory. If radio button64-2 is selected, each time a record of a transaction on client computer1 is stored in memory unit11 of server computer2, a complete or partial copy of the transaction and any encoded attachments conveyed with this transaction are stored in the cache memory. Lastly, if radio button64-3 is selected, no copy of any transaction or encoded attachments are stored in the cache memory. - The amount of space allocated for cache memory can be selected by entering a desired amount of cache memory in a cache memory size
select field 66 ofdialog box 60.Dialog box 60 can also include a Clear CacheNow push button 68. In response to selectingpush button 68, server computer2 erases the contents stored in the cache memory. Lastly,dialog box 60 includes anOk push button 70 and a Cancelpush button 72. In response to selecting Cancelpush button 72, the display ofdialog box 60 ondisplay 15 is terminated and any selections made indialog box 60 are not saved in the access configuration for the login name associated withdialog box 60. In contrast, in response to selectingOk push button 70, the display ofdialog box 60 ondisplay 15 is terminated and the selection of one of the radio buttons64 and the amount of cache memory in cache memory sizeselect field 66 are stored in the access configuration for the login name associated withdialog box 60. - With reference to
FIG. 6 , and with continuing reference to all previous Figs., the administrator of server computer2 can cause the access manager to display a LogonHours dialog box 80 ondisplay 15.Dialog box 80 includes a time-day array 82 that includes a plurality oftime columns 86 and a plurality ofday rows 88. Utilizing the point and click method, the administrator of server computer2 can select eachbox 84 formed by the intersection ofcolumns 86 androws 88 of time-day array 82. Dialog box 80 also includes an Allowpush button 90, a Disallowpush button 92, a Cancelpush button 94 and anOk push button 96. In response to selecting Allowpush button 90, any selectedboxes 84 will be marked with a suitable Allow indicia. Similarly, in response to selecting Disallowpush button 92, any selectedboxes 84 will be marked with a suitable Disallow indicia. Based on the Allow or Disallow indicia included in thevarious boxes 84, a user of client computer1 having the login name associated withdialog box 80 will be allowed or disallowed network access at the corresponding time and day of week. As a default selection, in the absence of disallowing computer network access at certain times and certain days, the user of client computer1 having the login name associated withdialog box 80 will have network access at these certain times and certain days.- In response to selecting Cancel
push button 94, the display ofdialog box 80 ondisplay 15 is terminated and any selection ofboxes 84 is not saved in the access configuration for the login name associated with thedialog box 80. In contrast, in response to selectingOk push button 96, the display ofdialog box 80 ondisplay 15 is terminated and the allowed and disallowed times selected inboxes 84 of time-day array 82 are stored as another global control setting in the access configuration for the login name associated withdialog box 80. - When each
Ok push buttons dialog boxes - Once the access configuration has been prepared for a login name of a user of client computer1, the computer network access of the user logging into client computer1 utilizing this login name is controlled as follows. With reference back to
FIG. 1 , a client control manager software (CCM)98 is stored inmemory unit 6 of client computer1 and operates as a buffer between communication software7 and the computer network4. In response to instantiation of communication software7,CCM 98 initiates afirst communication session 100 at a first network address of server computer2. This first network address is stored inMemory Unit 6 for use byCCM 98 to communicate with server computer2. Oncefirst communication session 100 has been established,CCM 98causes SCM 12 of server computer2 to transmit to client computer1 via first communication session100 a second network address. This second network address can be another network address hosted by server computer2 or a network address hosted byserver computer 5. When server computer2 hosts the second network address, in response to receiving the second network address, client computer1 initiates asecond communication session 102 with server computer2 at the second network address. When the second network address is hosted byserver computer 5, in response to receiving the second network address, client computer1 initiates asecond communication session 102′ withserver computer 5. Whicheverserver computer 2 or5 hosts the second network address, the access configuration file for the login name of the user of client computer1 is stored thereat. For convenience of describing the present invention, server computer2 will be described as hosting the second network address. However, this is not to be construed as limiting the invention. - Once
second communication session 102 has been established,CCM 98 causes communication software7 to terminatefirst communication session 100 and causesSCM 12 to download to client computer1 a copy of the access configuration stored in memory unit11 for the login name entered into client computer1 by the user thereof during a login procedure. To enableSCM 12 to download the appropriate access configuration,CCM 98 transmits to server computer2 viasecond communication session 102 the login name entered by the user of client computer1 during the login procedure. In response to receiving this login name,SCM 12 searches memory unit11 for the access configuration including this login name. In response to locating this access configuration,SCM 12 transmits a copy of this access configuration to client computer1 viasecond communication session 102. IfSCM 12 does not locate an access configuration including the login name entered into client computer1 during the login procedure,SCM 12 can transmit a copy of a generic access configuration to client computer1 via second communication session102e.This generic access configuration can be established by the administrator of server computer2 for each user of client computer1 not having a login name included in an access configuration stored in memory unit11. Upon receiving the access configuration,CCM 98 stores the access configuration inmemory unit 6. - Once the access configuration is stored in
memory unit 6,CCM 98 commences monitoring and controlling transactions between communication software7 and computer network4 based thereon For purpose of describing the operation ofCCM 98, it will be assumed that the radio buttons and boxes shown selected indialog boxes - Next, the user of client computer1 initiates concurrent with second communication session102 a
third communication session 104 at a third network address of remote computer3. Oncethird communication session 104 is established,CCM 98 commences monitoring data associated with actual or attempted transactions viathird communication session 104. More specifically,CCM 98 determines from the data associated with each transaction the communication protocol being utilized. This data can include control data and content data. Control data is typically a header and/or a footer appended to the content data, but is not necessarily limited thereto. Content data contains the essence of any information, e.g., text, being conveyed viathird communication session 104. OnceCCM 98 determines the communication protocol of the transaction,CCM 98 determines from the access configuration received by client computer1 the control setting that was selected for this communication protocol. For example, ifCCM 98 determines that the transaction utilizes the Web protocol common to communications on the World Wide Web, i.e., HTTP,CCM 98 can then determine from the access configuration that the Block Listed control setting was selected for the Web protocol. Based on the selection of this control setting,CCM 98 will utilize block list48-1. Next,CCM 98 extracts from the control data of the transaction the network address included therein and compares this network address to the network addresses included in block list48-1. In the event of a match,CCM 98 blocks the conveyance of data comprising the transaction to or from communication software7 of client computer1. In contrast, in the absence of a match,CCM 98 permits the data comprising this transaction to be conveyed to or from communication software7. - With reference to
FIG. 7 , and with continuing reference to all previous Figs., at a suitable time,SCM 12 creates in memory unit11 for each login name anactivity list 122 of transactions occurring viathird communication session 104 in connection with this login name. Except for communication protocols where the Off control setting was selected in control settingdialog box 28,activity list 122 for each login name will include a record of each actual or attempted transaction occurring viathird communication session 104. Alternatively,activity list 122 for each user can include only records of actual or attempted transactions that were blocked byCCM 98. For purpose of describing the invention, it will be assumed that a record is entered inactivity list 122 for the login name of the user of client computer1 for each actual or attempted transaction occurring viathird communication session 104. - Except for transactions that utilize a communication protocol where the Off control setting was selected in
FIG. 2 , when an actual or attempted transaction viathird communication session 104 occurs,CCM 98 transmits to server computer2 viasecond communication session 102 certain data regarding the transaction. In response to receiving this data,SCM 12 forms from this data a record of the transaction which is stored inactivity list 122 associated with the login name of the user of client computer1. At a suitable time, the administrator of server computer2 can causeSCM 12 to display ondisplay 15 an ActivityLog dialog box 120 which includesactivity list 122 associated with the login name of the user of client computer1 that initiatedthird communication session 104. ActivityLog dialog box 120 includes columns124-1-124-6 entitled Protocol, Network Address (NA), Subject, Date/Time, Control and User, respectively, for each record stored inactivity list 122. Columns124-1-124-6 in activitylog dialog box 120 are shown for purpose of illustration and are not to be construed as limiting the invention since activitylog dialog box 120 can include more or less columns124, each of which can be entitled with one of the titles shown in activitylog dialog box 120 or with a different title. Exemplary entries of records intoactivity list 122 for transactions utilizing the communication protocols shown inFIG. 2 will now be described. - If an actual or attempted transaction utilizing the Web protocol occurred via
third communication session 104 withoutCCM 98 blocking the conveyance of data to or from communication software7,CCM 98 transmits to server computer2 viasecond communication session 102 certain data regarding the transaction to be included in arecord 126 formed bySCM 12 inactivity list 122 for the login name of the user of client computer1. As can be seen,record 126 includes in column124-1 an entry that the Web protocol was utilized, the Network Address of the transaction which is entered in column124-2, the Subject of the transaction which is entered in column124-3, a Date/Time of the transaction which is entered in column124-4 and the Login name of the user of client computer1 which is entered in column124-6. The Date/Time entry in column124-4 ofrecord 126 can be supplied either byCCM 98 when transmitting thedata comprising record 126 to server computer2 or by theSCM 12 upon receipt of thedata comprising record 126 from client computer1. - Since
CCM 98 permitted the data to be conveyed to or from communication software7,record 126 does not include any data in Control column124-5. In contrast,record 128 ofactivity list 122 includes in column124-1 an entry that the Web protocol was utilized and includes in control column124-5 the entry “Block List”. This later entry is included inrecord 128 in response toCCM 98 blocking the conveyance of data during a transaction to or from communication software7 based uponCCM 98 determining that the conveyed data included a network address that is also included in block list48-1. Activity list 122 also includes arecord 130 which includes in column124-1 an entry that the Web protocol was utilized and includes in Control column124-5 the entry “Allow List”. This later entry is included inrecord 130 whenCCM 98 permits the conveyance of data during a transaction to or from communication software7 based uponCCM 98 determining that the conveyed data included a network address that is also included in allow list46-1.- If a communication protocol in a column36 of activity
control setting section 30 has its Off control setting selected, the access configuration will causeCCM 98 to permit all data having this communication protocol to be conveyed to or from communication software7, but will not causeCCM 98 to transmit to server computer2 viasecond communication session 102 any data regarding transactions utilizing this communication protocol. Therefore, no record of transactions utilizing this communication protocol are included inactivity list 122. In contrast, if the Allow All control setting is selected for a communication protocol listed in a column36, the access configuration will causeCCM 98 to permit all data having this communication protocol to be conveyed to or from communication software7 and will causeCCM 98 to transmit to server computer2 viasecond communication session 102 data to be included in a record of this transaction inactivity list 122, - If, in
FIG. 2 , the Allow All control setting for the FTP protocol is selected, whenCCM 98 determines that a transaction occurring via athird communication session 104 utilizes the FTP protocol, data regarding this transaction is transmitted viasecond communication session 102 to server computer2 whereupon the SCM forms arecord 132 of this transaction which is included inactivity list 122. Since the Allow All control setting is selected,CCM 98 permits all data having the FTP protocol to be conveyed to or from communication software7. - If, in
FIG. 2 , the Allow All control setting for the E-mail protocol is selected, whenCCM 98 determines that a transaction occurring viathird communication session 104 utilizes the E-mail protocol, data regarding this transaction is transmitted to server computer2 viasecond communication session 102 whereupon the SCM forms arecord 134 of this transaction which is included inactivity list 122. In this case, since the Allow All control setting was selected, no entry would ordinarily be included in Control column124-5 ofrecord 134. However, inFIG. 2 , if box39-1 is selected,CCM 98 compares words and/or phrases included in the data conveyed with each transaction, regardless of the type of communication protocol, to words and phrases included in the restricted words and phrases list50. If the conveyed data includes one or more words and/or phrases included in the restricted words and phrases list50,CCM 98 blocks conveyance of this data to or from communication software7 and causesSCM 12 to include an appropriate entry, e.g., Word or Phrase, in Control column124-5 ofrecord 134. CCM 98 utilizes a real time time-date clock (not shown) of client computer1 or a time and date included in the received access configuration to monitor the time and date associated with each transaction. If a transaction is attempted at a time and/or date that is disallowed in the LoginHours dialog box 80 shown inFIG. 6 ,CCM 98 blocks conveyance of the data to or from communication software7 and transmits data regarding this transaction to server computer2 viasecond communication session 102 whereuponSCM 12 forms arecord 136 of the transaction which is included inactivity list 122. Because the user of client computer1 attempted a transaction at a disallowed time and/or date, an appropriate entry, e.g., Time or Date, is included in Control column124-5 ofrecord 136.- If, in
FIG. 2 , the Allow Listed control setting for the News protocol is selected, whenCCM 98 determines that a transaction occurring viathird communication session 104 utilizes the News protocol,CCM 98 compares the network address included with the conveyed data for this transaction to the network addresses listed in allow list46-4. In the event of a match,CCM 98 permits the data to be conveyed to or from communication software7. However, in the absence of a match,CCM 98 blocks the conveyance of the data to or from communication software7. In either event,CCM 98 transmits to server computer2 viasecond communication session 102 data regarding this transaction. In response to receiving this data,SCM 12 forms arecord 138 of this transaction which is included inactivity list 122. IfCCM 98 permitted the data to be conveyed to or from communication software7, no entry is included in Control column124-5 ofrecord 138. However, ifCCM 98 blocks the conveyance of the data to or from communication software7, an appropriate entry, e.g., Allow List, is included in Control column124-5 ofrecord 138. - If, in
FIG. 2 , the Block All control setting for the Chat protocol is selected, whenCCM 98 determines that a transaction occurring viathird communication session 104 utilizes the Chat protocol,CCM 98 blocks the conveyance of any data for this transaction to or from communication software7 and transmits to server computer2 viasecond communication session 102 data regarding this transaction. In response to receiving this data,SCM 12 forms arecord 140 of this transaction which is included inactivity list 122.Record 140 includes an appropriate entry, e.g., Block All, in Control column124-5 ofrecord 140 to indicate that the conveyance of data to or from communication software7 was blocked based upon the Block All control setting. - As can be seen, the selection of the Allow All, Allow Listed, Block All, or Block Listed control settings for each communication protocol shown in control
settings dialog box 28 results in a record being created inactivity list 122 for each transaction that utilizes one of these communication protocols. In contrast, the selection of the Off control setting for each communication protocol shown in Controlsettings dialog box 28 result in no record being included inactivity list 122 for transactions that utilizes one of these corresponding communication protocols. - If, in
FIG. 2 , box39-2 is selected,CCM 98 will block behind-the-scenes data, transmission, i.e., data that is not directly presented to the user, such as Internet cookies. Furthermore, if radio button64-1 inFIG. 5 is selected,CCM 98 will transmit to server computer2 via second communication session102 a copy of each transaction. The data comprising the record for the transaction which is included bySCM 12 inactivity list 122 can be copied from the copy of the transaction transmitted to server computer2 viasecond communication session 102. The copy of each transaction is stored in the cache memory of memory unit11 in connection with the corresponding record included inactivity list 122. In order to view the copy of the transaction, the administrator of server computer2 can utilize the point and click method to select a desired record inactivity list 122 whereupon the cached copy of the transaction for the select record is retrieved from the cache memory and displayed ondisplay 15. In a similar manner, if radio button64-2 inFIG. 5 is selected,CCM 98 will transmit to server computer2 viasecond communication session 102 copies of each transaction and any encoded attachments along with the data comprising the record for the transaction which is included bySCM 12 inactivity list 122. The copies of the transaction and any encoded attachments are included in cache memory in connection with the record of the transaction included inactivity list 122. Lastly, if radio button64-3 inFIG. 5 is selected,CCM 98 will not transmit to server computer2 copies of any transactions or any encoded attachments of any transactions, and will only transmit to server computer2 for each transaction the data comprising the record for the transaction which is included bySCM 12 inactivity list 122. - With reference to
FIG. 8 , in addition to the control settings discussed above, other global control settings can be included in the access configuration for the login name of each user of a client computer1 and utilized to control access to or from communication software7. One example of another global control setting includes a control setting based upon a standardized category rating included in conveyed data by the provider thereof. In order to set the response ofCCM 98 to a control setting for the standardized rating, the administrator of server computer2 causesSCM 12 to display on display15 a PICsConfiguration dialog box 150.Dialog box 150 includes acategory menu section 152 where a selection can be made of the category of data to be controlled. These categories can include, without limitation, violence, sex, nudity, language, etc. For each category of data for which control is desired, a sensitivity selection means154 is provided indialog box 150 to set the sensitivity of the control setting for each category. Once the sensitivity has been selected for the category, the administrator of server computer2 utilizes the point and click method to select anOk push button 156 indialog box 150. The selection ofOk push button 156 causes the sensitivity selection for the selected category to be stored in the access configuration for the login name associated withdialog box 150. Thereafter, when the copy of this access configuration is transferred to client computer1,CCM 98 compares the standardized category rating included in the conveyed data with the sensitivity for the same category stored in the access configuration for the login name of the user of client computer1. If the standardized category rating included in the conveyed data equals or exceeds the sensitivity selected for the same category stored in the access configuration,CCM 98 blocks the conveyance of data associated with this transaction from being conveyed to or from communication software7. - At suitable times,
CCM 98 issues a request toSCM 12 viasecond communication session 102 forSCM 12 to transmit to client computer1 another copy of the access configuration for the login name of the user of client computer1. This is done to ensure that client computer1 is utilizing the most current access configuration for the login name of the user of client computer1. Thus, if any changes to the access configuration are made by the administrator of server computer2, client computer1 will receive a copy of the current access configuration at the suitable times, e.g., periodically, every few minutes. - As can be seen, the present invention provides a method for controlling computer network access where each user's access to the computer network can be selectively monitored and controlled and records of transactions for each user can be stored for subsequent retrieval and analysis. In the foregoing description, one client computer1 and one server computer2 were utilized to describe the invention. However, server computer2 can be configured to simultaneously host a plurality of client computers1 up to the number of second network addresses that server computer2 is configured to host. Furthermore, while the present invention was described in connection with a single,
third communication session 104, it is to be appreciated that each user of a client computer1 can initiate a plurality of third communication sessions with different remote computers3 at different network addresses whereupon each of these third communication sessions would be considered a standalone, third communication session. - The software of the present invention is preferably configured so that each instantiation of communication software7 has its own instantiation of
CCM 98. However, this is not to be construed as limiting the invention since a single instantiation ofCCM 98 can be configured to control access to two or more instantiations of communication software7 on the same client computer1. - In the foregoing description, a unique access configuration was created and utilized in connection with each user of a client computer1. However, additionally or alternatively,
SCM 12 can be configured so that if a login name of a user of client computer1 does not match a login name included in an access configuration stored in memory unit11,SCM 12 transmits a copy of a generic access configuration to each client computer1 having a user not having a login name included in an access configuration stored in memory unit11. Each client computer1 receiving this generic access configuration operates in the foregoing manner for the control setting and boxes selected in controlsettings dialog box 28 therefor. - Each list46 and/or48 can be customized as desired by the administrator of server computer2 prior to download to a client computer1. In the foregoing description, the access configuration downloaded to client computer1 preferably included all of lists46 and/or48 associated therewith. However,
SCM 12 can be configured to download to client computer2 only the lists46 and/or48 related to the selection of the corresponding Allow Listed or Block Listed control settings for one or more communication protocols. In this manner, lists46 and48 that would not be used byCCM 98 are not stored in the access configuration downloaded to client computer1. Still further, each access configuration stored in memory unit11 of server computer2 can include only the lists46 and/or48 related to the selection of the corresponding Allow Listed or Block Listed control settings for one or more communication protocols. In this manner, lists46 and/or48 that would not be used are not stored in the access configuration stored in memory unit11. - Lastly, in the foregoing description,
third communication session 104 was established concurrent withsecond communication session 102. However, this is not to be construed as limiting the invention sinceCCM 98 can terminatesecond communication session 102 after receiving the access configuration for the user of client computer1 inmemory unit 6. At appropriate times thereafter,CCM 98 can reestablishsecond communication session 102 with server computer2 and use this reestablishedsecond communication session 102 to transmit data regarding transactions to server computer2. It is to be appreciated, that while the present invention has been described as transmitting data regarding each transaction to server computer2,CCM 98 can store data related to a number of transactions inmemory unit 6 and, at suitable times, can transmit this stored data to server computer2. In addition, in the eventsecond communication session 102 is terminated and cannot be reestablished,CCM 98 can use the access configuration downloaded to client computer1 and can defer transmitting data regarding transactions to server computer2 untilsecond communication session 102 can be reestablished. - The invention has been described with reference to the preferred embodiment. Obvious modifications and alterations will occur to others upon reading and understanding the preceding detailed description. It is intended that the invention be construed as including all such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (4)
1. A method of controlling computer network access comprising:
(a) a server computer receiving via a computer network from an endpoint computer of the computer network a request for an access configuration file;
(b) the server computer dispatching to said endpoint computer an access configuration file; and
(c) following step (b), the server computer dispatching to said endpoint computer an update to the access configuration file dispatched in step (b) or another access configuration file.
2. The method ofclaim 2 , further including:
(d) the server computer storing data received from said endpoint computer regarding a violation of at least one policy included in the access configuration file, the updated access configuration file, or the other access configuration file.
3. A method of controlling computer network access comprising:
(a) a server computer receiving via a computer network from endpoint computers of the computer network requests for access configuration files;
(b) the server computer dispatching a unique access configuration file to each endpoint computer for which a unique access configuration file was prepared; and
(c) the server computer dispatching a generic access configuration file to each endpoint computer for which a unique access configuration file was not prepared.
4. The method ofclaim 3 , further including:
(d) the server computer controlling storage of data received from one or more endpoint computers regarding violations of policies included in the dispatched access configuration files.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/449,005US20190342231A1 (en) | 2001-01-23 | 2019-06-21 | Method for managing computer network access |
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US26353601P | 2001-01-23 | 2001-01-23 | |
| US10/055,407US7958237B2 (en) | 2001-01-23 | 2002-01-23 | Method for managing computer network access |
| US13/153,931US8930535B2 (en) | 2001-01-23 | 2011-06-06 | Method for managing computer network access |
| US13/900,856US10374973B2 (en) | 2001-01-23 | 2013-05-23 | Method for managing computer network access |
| US16/449,005US20190342231A1 (en) | 2001-01-23 | 2019-06-21 | Method for managing computer network access |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/900,856ContinuationUS10374973B2 (en) | 2001-01-23 | 2013-05-23 | Method for managing computer network access |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20190342231A1true US20190342231A1 (en) | 2019-11-07 |
Family
ID=26734183
Family Applications (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US10/055,407Expired - Fee RelatedUS7958237B2 (en) | 2001-01-23 | 2002-01-23 | Method for managing computer network access |
| US13/153,931Expired - Fee RelatedUS8930535B2 (en) | 2001-01-23 | 2011-06-06 | Method for managing computer network access |
| US13/900,856Expired - LifetimeUS10374973B2 (en) | 2001-01-23 | 2013-05-23 | Method for managing computer network access |
| US13/974,482AbandonedUS20130346609A1 (en) | 2001-01-23 | 2013-08-23 | Method for Managing Computer Network Access |
| US14/502,238AbandonedUS20150019730A1 (en) | 2001-01-23 | 2014-09-30 | Method for Managing Computer Network Access |
| US16/449,005AbandonedUS20190342231A1 (en) | 2001-01-23 | 2019-06-21 | Method for managing computer network access |
Family Applications Before (5)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US10/055,407Expired - Fee RelatedUS7958237B2 (en) | 2001-01-23 | 2002-01-23 | Method for managing computer network access |
| US13/153,931Expired - Fee RelatedUS8930535B2 (en) | 2001-01-23 | 2011-06-06 | Method for managing computer network access |
| US13/900,856Expired - LifetimeUS10374973B2 (en) | 2001-01-23 | 2013-05-23 | Method for managing computer network access |
| US13/974,482AbandonedUS20130346609A1 (en) | 2001-01-23 | 2013-08-23 | Method for Managing Computer Network Access |
| US14/502,238AbandonedUS20150019730A1 (en) | 2001-01-23 | 2014-09-30 | Method for Managing Computer Network Access |
Country Status (1)
| Country | Link |
|---|---|
| US (6) | US7958237B2 (en) |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7958237B2 (en)* | 2001-01-23 | 2011-06-07 | Pearl Software, Inc. | Method for managing computer network access |
| CA2410118C (en)* | 2001-10-26 | 2007-12-18 | Research In Motion Limited | System and method for controlling configuration settings for mobile communication devices and services |
| US8028077B1 (en)* | 2002-07-12 | 2011-09-27 | Apple Inc. | Managing distributed computers |
| US20080028073A1 (en)* | 2004-07-09 | 2008-01-31 | France Telecom | Method, a Device, and a System for Protecting a Server Against Denial of DNS Service Attacks |
| US7206845B2 (en)* | 2004-12-21 | 2007-04-17 | International Business Machines Corporation | Method, system and program product for monitoring and controlling access to a computer system resource |
| US20060195889A1 (en)* | 2005-02-28 | 2006-08-31 | Pfleging Gerald W | Method for configuring and controlling access of a computing device based on location |
| US7966654B2 (en) | 2005-11-22 | 2011-06-21 | Fortinet, Inc. | Computerized system and method for policy-based content filtering |
| US8468589B2 (en) | 2006-01-13 | 2013-06-18 | Fortinet, Inc. | Computerized system and method for advanced network content processing |
| US9092380B1 (en)* | 2007-10-11 | 2015-07-28 | Norberto Menendez | System and method of communications with supervised interaction |
| CN101562784B (en)* | 2008-04-14 | 2012-06-06 | 华为技术有限公司 | Method, device and system for distributing messages |
| US9729467B2 (en)* | 2009-05-12 | 2017-08-08 | Qualcomm Incorporated | Method and apparatus for managing congestion in a wireless system |
| GB2484467B (en)* | 2010-10-11 | 2015-07-22 | Penny & Giles Controls Ltd | A controller and control method for a motorised vehicle |
| CO6430045A1 (en)* | 2011-04-26 | 2012-04-30 | Azuan Technologies S A | MECHANISM FOR THE ASSURANCE OF ELECTRONIC TRANSACTIONS |
| US20140164544A1 (en)* | 2011-07-29 | 2014-06-12 | Eric Gagneraud | Enabling a computing device to utilize another computing device |
| US9189644B2 (en) | 2012-12-20 | 2015-11-17 | Bank Of America Corporation | Access requests at IAM system implementing IAM data model |
| US9477838B2 (en) | 2012-12-20 | 2016-10-25 | Bank Of America Corporation | Reconciliation of access rights in a computing system |
| US9529629B2 (en)* | 2012-12-20 | 2016-12-27 | Bank Of America Corporation | Computing resource inventory system |
| US9639594B2 (en) | 2012-12-20 | 2017-05-02 | Bank Of America Corporation | Common data model for identity access management data |
| US9495380B2 (en) | 2012-12-20 | 2016-11-15 | Bank Of America Corporation | Access reviews at IAM system implementing IAM data model |
| US9542433B2 (en) | 2012-12-20 | 2017-01-10 | Bank Of America Corporation | Quality assurance checks of access rights in a computing system |
| US9537892B2 (en) | 2012-12-20 | 2017-01-03 | Bank Of America Corporation | Facilitating separation-of-duties when provisioning access rights in a computing system |
| US9489390B2 (en) | 2012-12-20 | 2016-11-08 | Bank Of America Corporation | Reconciling access rights at IAM system implementing IAM data model |
| US9483488B2 (en) | 2012-12-20 | 2016-11-01 | Bank Of America Corporation | Verifying separation-of-duties at IAM system implementing IAM data model |
| US10630642B2 (en) | 2017-10-06 | 2020-04-21 | Stealthpath, Inc. | Methods for internet communication security |
| US10361859B2 (en) | 2017-10-06 | 2019-07-23 | Stealthpath, Inc. | Methods for internet communication security |
| US10375019B2 (en) | 2017-10-06 | 2019-08-06 | Stealthpath, Inc. | Methods for internet communication security |
| US10397186B2 (en) | 2017-10-06 | 2019-08-27 | Stealthpath, Inc. | Methods for internet communication security |
| US10367811B2 (en) | 2017-10-06 | 2019-07-30 | Stealthpath, Inc. | Methods for internet communication security |
| US10374803B2 (en) | 2017-10-06 | 2019-08-06 | Stealthpath, Inc. | Methods for internet communication security |
| US11558423B2 (en) | 2019-09-27 | 2023-01-17 | Stealthpath, Inc. | Methods for zero trust security with high quality of service |
| JP6813110B1 (en)* | 2020-03-02 | 2021-01-13 | ダイキン工業株式会社 | Communication devices, programs, communication methods, and communication systems |
Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4638356A (en)* | 1985-03-27 | 1987-01-20 | General Instrument Corporation | Apparatus and method for restricting access to a communication network |
| US5991810A (en)* | 1997-08-01 | 1999-11-23 | Novell, Inc. | User name authentication for gateway clients accessing a proxy cache server |
| US6029196A (en)* | 1997-06-18 | 2000-02-22 | Netscape Communications Corporation | Automatic client configuration system |
| US6073172A (en)* | 1997-07-14 | 2000-06-06 | Freegate Corporation | Initializing and reconfiguring a secure network interface |
| US6105063A (en)* | 1998-05-05 | 2000-08-15 | International Business Machines Corp. | Client-server system for maintaining application preferences in a hierarchical data structure according to user and user group or terminal and terminal group contexts |
| US6119165A (en)* | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
| US6205476B1 (en)* | 1998-05-05 | 2001-03-20 | International Business Machines Corporation | Client—server system with central application management allowing an administrator to configure end user applications by executing them in the context of users and groups |
| US6237092B1 (en)* | 1998-05-05 | 2001-05-22 | International Business Machines Corp. | Client-server system with central application management allowing an administrator to configure user and group contexts during application configuration without relaunching the application |
| US20010011341A1 (en)* | 1998-05-05 | 2001-08-02 | Kent Fillmore Hayes Jr. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
| US20010016872A1 (en)* | 1999-11-30 | 2001-08-23 | Rika Kusuda | Information control system, information processing support server, information processing terminal, information processing method, storage storing information processing program, and program transmission apparatus |
| US20020162008A1 (en)* | 2000-01-28 | 2002-10-31 | Vincent Hill | Method and system for controlling access to a telecommunication or internet system |
| US6636894B1 (en)* | 1998-12-08 | 2003-10-21 | Nomadix, Inc. | Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability |
| US6735701B1 (en)* | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
| US6854009B1 (en)* | 1999-12-22 | 2005-02-08 | Tacit Networks, Inc. | Networked computer system |
| US7031954B1 (en)* | 1997-09-10 | 2006-04-18 | Google, Inc. | Document retrieval system with access control |
| US7103650B1 (en)* | 2000-09-26 | 2006-09-05 | Microsoft Corporation | Client computer configuration based on server computer update |
| US7231360B2 (en)* | 2000-11-22 | 2007-06-12 | Sy Bon K | Time-based software licensing approach |
| US7383569B1 (en)* | 1998-03-02 | 2008-06-03 | Computer Associates Think, Inc. | Method and agent for the protection against the unauthorized use of computer resources |
| US7523191B1 (en)* | 2000-06-02 | 2009-04-21 | Yahoo! Inc. | System and method for monitoring user interaction with web pages |
| US7580996B1 (en)* | 2000-05-31 | 2009-08-25 | International Business Machines Corporation | Method and system for dynamic update of an application monitoring agent using a non-polling mechanism |
| US8930535B2 (en)* | 2001-01-23 | 2015-01-06 | Helios Software, Llc | Method for managing computer network access |
Family Cites Families (93)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6134324A (en)* | 1991-07-31 | 2000-10-17 | Lsi Logic Corporation | Method and system for distributing a plurality of software products, and limiting access thereto |
| US5577254A (en)* | 1993-06-29 | 1996-11-19 | Bull Hn Information Systems Inc. | Method and apparatus for capturing the presentation of an interactive user session, monitoring, replaying and joining sessions |
| US5689641A (en)* | 1993-10-01 | 1997-11-18 | Vicor, Inc. | Multimedia collaboration system arrangement for routing compressed AV signal through a participant site without decompressing the AV signal |
| US5408408A (en)* | 1994-02-22 | 1995-04-18 | Marsico, Jr.; Michael | Apparatus and method for electronically tracking and duplicating user input to an interactive electronic device |
| EP0774186A4 (en)* | 1994-05-05 | 2005-07-20 | Catapult Entertainment Inc | NETWORK ARCHITECTURE FOR REAL-TIME VIDEO GAMES |
| US5590171A (en)* | 1994-07-07 | 1996-12-31 | Bellsouth Corporation | Method and apparatus for communications monitoring |
| US5706507A (en) | 1995-07-05 | 1998-01-06 | International Business Machines Corporation | System and method for controlling access to data located on a content server |
| US5862329A (en)* | 1996-04-18 | 1999-01-19 | International Business Machines Corporation | Method system and article of manufacture for multi-casting audio visual material |
| US5884033A (en)* | 1996-05-15 | 1999-03-16 | Spyglass, Inc. | Internet filtering system for filtering data transferred over the internet utilizing immediate and deferred filtering actions |
| US5991807A (en)* | 1996-06-24 | 1999-11-23 | Nortel Networks Corporation | System for controlling users access to a distributive network in accordance with constraints present in common access distributive network interface separate from a server |
| US6381632B1 (en)* | 1996-09-10 | 2002-04-30 | Youpowered, Inc. | Method and apparatus for tracking network usage |
| US5950195A (en)* | 1996-09-18 | 1999-09-07 | Secure Computing Corporation | Generalized security policy management system and method |
| US6658466B1 (en)* | 1996-10-16 | 2003-12-02 | Ncr Corporation | Method and apparatus for integrating remote human interactive assistance function into software systems |
| US5809250A (en)* | 1996-10-23 | 1998-09-15 | Intel Corporation | Methods for creating and sharing replayable modules representive of Web browsing session |
| US5907547A (en)* | 1996-10-24 | 1999-05-25 | At&T Corp | System and method for establishing internet communications links |
| CA2218218A1 (en)* | 1996-11-08 | 1998-05-08 | At&T Corp. | Promiscuous network monitoring utilizing multicasting within a switch |
| US5987611A (en)* | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
| US6011909A (en)* | 1997-01-06 | 2000-01-04 | Motorola, Inc. | Alerting user engaged in a first communications session on a first network to a request to establish a second communications session on a second network |
| US6052730A (en)* | 1997-01-10 | 2000-04-18 | The Board Of Trustees Of The Leland Stanford Junior University | Method for monitoring and/or modifying web browsing sessions |
| US5923756A (en)* | 1997-02-12 | 1999-07-13 | Gte Laboratories Incorporated | Method for providing secure remote command execution over an insecure computer network |
| US6199096B1 (en)* | 1997-03-14 | 2001-03-06 | Efusion, Inc. | Method and apparatus for synchronizing information browsing among multiple systems |
| US6023507A (en)* | 1997-03-17 | 2000-02-08 | Sun Microsystems, Inc. | Automatic remote computer monitoring system |
| US5987606A (en) | 1997-03-19 | 1999-11-16 | Bascom Global Internet Services, Inc. | Method and system for content filtering information retrieved from an internet computer network |
| US6643696B2 (en)* | 1997-03-21 | 2003-11-04 | Owen Davis | Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database |
| US5796952A (en)* | 1997-03-21 | 1998-08-18 | Dot Com Development, Inc. | Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database |
| US6539430B1 (en) | 1997-03-25 | 2003-03-25 | Symantec Corporation | System and method for filtering data received by a computer system |
| US5996011A (en) | 1997-03-25 | 1999-11-30 | Unified Research Laboratories, Inc. | System and method for filtering data received by a computer system |
| US6339784B1 (en)* | 1997-05-20 | 2002-01-15 | America Online, Inc. | Self-policing, rate limiting online forums |
| US6044465A (en)* | 1997-07-07 | 2000-03-28 | International Business Machines Corporation | User profile storage on and retrieval from a non-native server domain for use in a client running a native operating system |
| US6453352B1 (en)* | 1997-07-14 | 2002-09-17 | Electronic Data Systems Corporation | Integrated electronic commerce system and method |
| US6122741A (en)* | 1997-09-19 | 2000-09-19 | Patterson; David M. | Distributed method of and system for maintaining application program security |
| US6076100A (en)* | 1997-11-17 | 2000-06-13 | Microsoft Corporation | Server-side chat monitor |
| US6037934A (en) | 1997-11-21 | 2000-03-14 | International Business Machines Corporation | Named bookmark sets |
| US6052758A (en)* | 1997-12-22 | 2000-04-18 | International Business Machines Corporation | Interface error detection and isolation in a direct access storage device DASD system |
| US6195679B1 (en)* | 1998-01-06 | 2001-02-27 | Netscape Communications Corporation | Browsing session recording playback and editing system for generating user defined paths and allowing users to mark the priority of items in the paths |
| US6167395A (en)* | 1998-09-11 | 2000-12-26 | Genesys Telecommunications Laboratories, Inc | Method and apparatus for creating specialized multimedia threads in a multimedia communication center |
| US6101607A (en)* | 1998-04-24 | 2000-08-08 | International Business Machines Corporation | Limit access to program function |
| US6229887B1 (en)* | 1998-07-09 | 2001-05-08 | Bell Atlantic Network Services, Inc. | Advanced intelligent network (AIN) functionality for electronic surveillance |
| US6182142B1 (en)* | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
| US6286030B1 (en)* | 1998-07-10 | 2001-09-04 | Sap Aktiengesellschaft | Systems and methods for recording and visually recreating sessions in a client-server environment |
| US6321334B1 (en)* | 1998-07-15 | 2001-11-20 | Microsoft Corporation | Administering permissions associated with a security zone in a computer system security model |
| US6473800B1 (en)* | 1998-07-15 | 2002-10-29 | Microsoft Corporation | Declarative permission requests in a computer system |
| US6212548B1 (en)* | 1998-07-30 | 2001-04-03 | At & T Corp | System and method for multiple asynchronous text chat conversations |
| US6438695B1 (en)* | 1998-10-30 | 2002-08-20 | 3Com Corporation | Secure wiretap support for internet protocol security |
| US6577865B2 (en)* | 1998-11-05 | 2003-06-10 | Ulysses Holdings, Llc | System for intercept of wireless communications |
| DE59911762D1 (en)* | 1998-12-03 | 2005-04-21 | Siemens Ag | Method for listening to a subscriber of an intelligent network |
| US6412007B1 (en)* | 1999-01-14 | 2002-06-25 | Cisco Technology, Inc. | Mechanism for authorizing a data communication session between a client and a server |
| US6442608B1 (en)* | 1999-01-14 | 2002-08-27 | Cisco Technology, Inc. | Distributed database system with authoritative node |
| US6397256B1 (en)* | 1999-01-27 | 2002-05-28 | International Business Machines Corporation | Monitoring system for computers and internet browsers |
| US6976070B1 (en) | 1999-02-16 | 2005-12-13 | Kdd Corporation | Method and apparatus for automatic information filtering using URL hierarchical structure and automatic word weight learning |
| US6366298B1 (en)* | 1999-06-03 | 2002-04-02 | Netzero, Inc. | Monitoring of individual internet usage |
| US6381631B1 (en)* | 1999-06-03 | 2002-04-30 | Marimba, Inc. | Method and apparatus for controlling client computer systems |
| US6470075B1 (en)* | 1999-06-08 | 2002-10-22 | Telefonaktiebolaget L M Ericsson (Publ) | Automatic monitoring service for telecommunications networks |
| WO2000079733A2 (en)* | 1999-06-23 | 2000-12-28 | At & T Wireless Services, Inc. | Methods and apparatus for reducing traffic over a communication link in a computer network |
| US6470390B1 (en)* | 1999-06-29 | 2002-10-22 | Cisco Technology, Inc. | Method and apparatus for a dual connection communication session |
| US6519639B1 (en)* | 1999-07-21 | 2003-02-11 | Microsoft Corporation | System and method for activity monitoring and reporting in a computer network |
| US6563797B1 (en)* | 1999-08-18 | 2003-05-13 | At&T Corp. | IP voice call surveillance through use of non-dedicated IP phone with signal alert provided to indicate content of incoming call prior to an answer as being a monitored call |
| US6771766B1 (en)* | 1999-08-31 | 2004-08-03 | Verizon Services Corp. | Methods and apparatus for providing live agent assistance |
| US6745367B1 (en) | 1999-09-27 | 2004-06-01 | International Business Machines Corporation | Method and computer program product for implementing parental supervision for internet browsing |
| US6535909B1 (en)* | 1999-11-18 | 2003-03-18 | Contigo Software, Inc. | System and method for record and playback of collaborative Web browsing session |
| US20020069368A1 (en) | 1999-12-07 | 2002-06-06 | Keith Hines | Data farming of network access |
| US6970941B1 (en)* | 1999-12-10 | 2005-11-29 | Sun Microsystems, Inc. | System and method for separating addresses from the delivery scheme in a virtual private network |
| US20020054601A1 (en)* | 1999-12-17 | 2002-05-09 | Keith Barraclough | Network interface unit control system and method therefor |
| US6633855B1 (en) | 2000-01-06 | 2003-10-14 | International Business Machines Corporation | Method, system, and program for filtering content using neural networks |
| US7113994B1 (en)* | 2000-01-24 | 2006-09-26 | Microsoft Corporation | System and method of proxy authentication in a secured network |
| US6606659B1 (en) | 2000-01-28 | 2003-08-12 | Websense, Inc. | System and method for controlling access to internet sites |
| US6606644B1 (en)* | 2000-02-24 | 2003-08-12 | International Business Machines Corporation | System and technique for dynamic information gathering and targeted advertising in a web based model using a live information selection and analysis tool |
| US6880089B1 (en)* | 2000-03-31 | 2005-04-12 | Avaya Technology Corp. | Firewall clustering for multiple network servers |
| US20020009973A1 (en)* | 2000-04-07 | 2002-01-24 | Bondy William Michael | Communication network and method for providing surveillance services |
| US7006508B2 (en)* | 2000-04-07 | 2006-02-28 | Motorola, Inc. | Communication network with a collection gateway and method for providing surveillance services |
| AU2001253613A1 (en)* | 2000-04-17 | 2001-10-30 | Circadence Corporation | System and method for shifting functionality between multiple web servers |
| US7219304B1 (en)* | 2000-06-19 | 2007-05-15 | International Business Machines Corporation | System and method for developing and administering web applications and services from a workflow, enterprise, and mail-enabled web application server and platform |
| US7360082B1 (en)* | 2000-06-19 | 2008-04-15 | International Business Machines Corporation | System and method for downloading security context elements governing execution of downloadable and distributable agents |
| US6823185B1 (en)* | 2000-06-19 | 2004-11-23 | Motorola, Inc. | Systems and methods for performing authorized intercept in a satellite-based communications system |
| US6996599B1 (en)* | 2000-06-21 | 2006-02-07 | Microsoft Corporation | System and method providing multi-tier applications architecture |
| US6694008B1 (en)* | 2000-06-23 | 2004-02-17 | Cisco Technology, Inc. | Monitored suspension of communications sessions |
| US6795856B1 (en)* | 2000-06-28 | 2004-09-21 | Accountability International, Inc. | System and method for monitoring the internet access of a computer |
| US7093020B1 (en)* | 2000-06-29 | 2006-08-15 | Sungard Sct Inc. | Methods and systems for coordinating sessions on one or more systems |
| US7032110B1 (en)* | 2000-06-30 | 2006-04-18 | Landesk Software Limited | PKI-based client/server authentication |
| JP4250859B2 (en)* | 2000-07-04 | 2009-04-08 | 沖電気工業株式会社 | Communication terminal device and communication interception device |
| US7197480B1 (en)* | 2000-09-07 | 2007-03-27 | International Business Machines Corporation | System and method for front end business logic and validation |
| US7133868B1 (en)* | 2000-09-07 | 2006-11-07 | International Business Machines Corporation | System and method for catalog administration using supplier provided flat files |
| US7287071B2 (en)* | 2000-09-28 | 2007-10-23 | Vignette Corporation | Transaction management system |
| US7181492B2 (en)* | 2000-10-17 | 2007-02-20 | Concerto Software, Inc. | Transfer of an internet chat session between servers |
| US7093288B1 (en)* | 2000-10-24 | 2006-08-15 | Microsoft Corporation | Using packet filters and network virtualization to restrict network communications |
| KR100443013B1 (en)* | 2000-12-04 | 2004-08-04 | 엘지전자 주식회사 | A method and a device of processing malicious call for exchange |
| US20020116661A1 (en)* | 2000-12-05 | 2002-08-22 | Bill Thomas | Method and system for reporting events stored in non-volatile memory within an electronic device |
| US7174453B2 (en)* | 2000-12-29 | 2007-02-06 | America Online, Inc. | Message screening system |
| US20020138605A1 (en) | 2001-01-19 | 2002-09-26 | Steve Hole | Message tracking system and method |
| US7194536B2 (en)* | 2001-12-05 | 2007-03-20 | International Business Machines Corporation | Apparatus and method for monitoring and analyzing instant messaging account transcripts |
| US7032007B2 (en)* | 2001-12-05 | 2006-04-18 | International Business Machines Corporation | Apparatus and method for monitoring instant messaging accounts |
| US7535993B2 (en)* | 2003-04-21 | 2009-05-19 | Alcatel-Lucent Usa Inc. | Call control component employment of one or more criteria for internet protocol call selection for eavesdrop component monitoring |
| US7155207B2 (en)* | 2004-09-09 | 2006-12-26 | Nextel Communications Inc. | System and method of analyzing communications between a calling party and a called party |
- 2002
- 2002-01-23USUS10/055,407patent/US7958237B2/ennot_activeExpired - Fee Related
- 2011
- 2011-06-06USUS13/153,931patent/US8930535B2/ennot_activeExpired - Fee Related
- 2013
- 2013-05-23USUS13/900,856patent/US10374973B2/ennot_activeExpired - Lifetime
- 2013-08-23USUS13/974,482patent/US20130346609A1/ennot_activeAbandoned
- 2014
- 2014-09-30USUS14/502,238patent/US20150019730A1/ennot_activeAbandoned
- 2019
- 2019-06-21USUS16/449,005patent/US20190342231A1/ennot_activeAbandoned
Patent Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4638356A (en)* | 1985-03-27 | 1987-01-20 | General Instrument Corporation | Apparatus and method for restricting access to a communication network |
| US6029196A (en)* | 1997-06-18 | 2000-02-22 | Netscape Communications Corporation | Automatic client configuration system |
| US6073172A (en)* | 1997-07-14 | 2000-06-06 | Freegate Corporation | Initializing and reconfiguring a secure network interface |
| US5991810A (en)* | 1997-08-01 | 1999-11-23 | Novell, Inc. | User name authentication for gateway clients accessing a proxy cache server |
| US7031954B1 (en)* | 1997-09-10 | 2006-04-18 | Google, Inc. | Document retrieval system with access control |
| US6119165A (en)* | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
| US7383569B1 (en)* | 1998-03-02 | 2008-06-03 | Computer Associates Think, Inc. | Method and agent for the protection against the unauthorized use of computer resources |
| US6339826B2 (en)* | 1998-05-05 | 2002-01-15 | International Business Machines Corp. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
| US6205476B1 (en)* | 1998-05-05 | 2001-03-20 | International Business Machines Corporation | Client—server system with central application management allowing an administrator to configure end user applications by executing them in the context of users and groups |
| US20010011341A1 (en)* | 1998-05-05 | 2001-08-02 | Kent Fillmore Hayes Jr. | Client-server system for maintaining a user desktop consistent with server application user access permissions |
| US6105063A (en)* | 1998-05-05 | 2000-08-15 | International Business Machines Corp. | Client-server system for maintaining application preferences in a hierarchical data structure according to user and user group or terminal and terminal group contexts |
| US6237092B1 (en)* | 1998-05-05 | 2001-05-22 | International Business Machines Corp. | Client-server system with central application management allowing an administrator to configure user and group contexts during application configuration without relaunching the application |
| US6735701B1 (en)* | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
| US6636894B1 (en)* | 1998-12-08 | 2003-10-21 | Nomadix, Inc. | Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability |
| US20010016872A1 (en)* | 1999-11-30 | 2001-08-23 | Rika Kusuda | Information control system, information processing support server, information processing terminal, information processing method, storage storing information processing program, and program transmission apparatus |
| US6854009B1 (en)* | 1999-12-22 | 2005-02-08 | Tacit Networks, Inc. | Networked computer system |
| US20020162008A1 (en)* | 2000-01-28 | 2002-10-31 | Vincent Hill | Method and system for controlling access to a telecommunication or internet system |
| US7580996B1 (en)* | 2000-05-31 | 2009-08-25 | International Business Machines Corporation | Method and system for dynamic update of an application monitoring agent using a non-polling mechanism |
| US7523191B1 (en)* | 2000-06-02 | 2009-04-21 | Yahoo! Inc. | System and method for monitoring user interaction with web pages |
| US7103650B1 (en)* | 2000-09-26 | 2006-09-05 | Microsoft Corporation | Client computer configuration based on server computer update |
| US7231360B2 (en)* | 2000-11-22 | 2007-06-12 | Sy Bon K | Time-based software licensing approach |
| US8930535B2 (en)* | 2001-01-23 | 2015-01-06 | Helios Software, Llc | Method for managing computer network access |
| US10374973B2 (en)* | 2001-01-23 | 2019-08-06 | Weserve Access, Llc | Method for managing computer network access |
Also Published As
| Publication number | Publication date |
|---|---|
| US10374973B2 (en) | 2019-08-06 |
| US8930535B2 (en) | 2015-01-06 |
| US20020099825A1 (en) | 2002-07-25 |
| US20150019730A1 (en) | 2015-01-15 |
| US7958237B2 (en) | 2011-06-07 |
| US20110239277A1 (en) | 2011-09-29 |
| US20130254352A1 (en) | 2013-09-26 |
| US20130346609A1 (en) | 2013-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190342231A1 (en) | Method for managing computer network access | |
| US8566907B2 (en) | Multiple user login detection and response system | |
| US8127222B2 (en) | Latches-links as virtual attachments in documents | |
| US9154493B2 (en) | Managing multiple logins from a single browser | |
| US8370848B2 (en) | Method and system for providing a client access to an external service via an application services platform | |
| US8370849B2 (en) | API method and system for providing access to an external service via an application services platform | |
| US10025948B1 (en) | Correcting access rights of files in electronic communications | |
| US9336213B2 (en) | Active file system | |
| US7143143B1 (en) | System and method for distributed caching using multicast replication | |
| US20180218169A1 (en) | Security and data isolation for tenants in a business data system | |
| US20050038874A1 (en) | System and method for downloading data using a proxy | |
| US20060174327A1 (en) | Apparatus and method for a personal cookie repository service for cookie management among multiple devices | |
| US6697811B2 (en) | Method and system for information management and distribution | |
| US20020194295A1 (en) | Scalable data-sharing architecture | |
| US11836241B1 (en) | Automatic update of user information | |
| JP4653618B2 (en) | Access management apparatus, method and program | |
| JP7688876B1 (en) | System for managing tracking of users browsing a website | |
| JP2017182122A (en) | Data provision system, access right management device, data provision method, and computer program | |
| Ahmadzai | UN Special Representative's Briefing to Security Council on Afghanistan (Pashto) | |
| JP2001154934A (en) | Information transmission support system and information transmission support method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:WESERVE ACCESS, LLC, TEXAS Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FERTELL, DAVID A.;FIELD, JOSEPH I.;REEL/FRAME:049644/0796 Effective date:20190628 | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:DOCKETED NEW CASE - READY FOR EXAMINATION | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:NON FINAL ACTION MAILED | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:NON FINAL ACTION MAILED | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER | |
| STPP | Information on status: patent application and granting procedure in general | Free format text:FINAL REJECTION MAILED | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |