AU2014100338A4 - Network Filtering System and Method - Google Patents

Network Filtering System and Method Download PDF

Info

Publication number
AU2014100338A4
AU2014100338A4 AU2014100338A AU2014100338A AU2014100338A4 AU 2014100338 A4 AU2014100338 A4 AU 2014100338A4 AU 2014100338 A AU2014100338 A AU 2014100338A AU 2014100338 A AU2014100338 A AU 2014100338A AU 2014100338 A4 AU2014100338 A4 AU 2014100338A4
Authority
AU
Australia
Prior art keywords
user device
policies
network
applicable
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
AU2014100338A
Inventor
Timothy David Levy
Paul Russell Robinson
Benjamin Shaun Dixon Trigger
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Family Zone Cyber Safety Ltd
Original Assignee
Family Zone Cyber Safety Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Family Zone Cyber Safety Ltd filed Critical Family Zone Cyber Safety Ltd
Priority to AU2014100338A priority Critical patent/AU2014100338A4/en
Application granted granted Critical
Publication of AU2014100338A4 publication Critical patent/AU2014100338A4/en
Priority to NZ724638A priority patent/NZ724638B2/en
Priority to SG11201607811QA priority patent/SG11201607811QA/en
Priority to EP21173083.3A priority patent/EP3941016A1/en
Priority to EP15777063.7A priority patent/EP3130112B1/en
Priority to PCT/AU2015/000212 priority patent/WO2015154133A1/en
Priority to NZ763096A priority patent/NZ763096A/en
Priority to AU2015245935A priority patent/AU2015245935B2/en
Priority to CA2944923A priority patent/CA2944923A1/en
Assigned to Family Zone Cyber Safety Ltd. reassignment Family Zone Cyber Safety Ltd. Request to Amend Deed and Register Assignors: BCOMMUNICATIONS PTY. LTD.
Priority to PH12016501848A priority patent/PH12016501848A1/en
Priority to US15/286,434 priority patent/US10462149B2/en
Priority to AU2019202203A priority patent/AU2019202203B2/en
Priority to US16/566,756 priority patent/US11271941B2/en
Anticipated expiration legal-status Critical
Expired legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system for filtering of network content, comprising: a network gateway; a remote or cloud content filter; a remote or cloud access controller including filter 5 policies; a user device database; and a user device authenticator; wherein the network gateway is configured to receive a request for network content from a user device, to identify a MAC or equivalent address of the user device in the request, to pass the address of the user device to the user device authenticator for authentication, to assign to the user device a network address 10 allocated to the user device received from the authenticator for use in giving effect to the request, and to transmit the network address and the content request to the content filter; the authenticator is configured to authenticate the user device, to allocate the network address to the user device if authenticated, and to transmit the network address to the network gateway; the access 15 controller is configured to maintain the user device database and control the user device authenticator; and the content filter is configured to receive the network address and the request from the network gateway, and to respond by identifying from the filtering policies any applicable policies that are applicable to the user device. 5280750_1 (GHMatters) P96784.AU Internet 1 Cloud User 14 12 filter devicess Controlled sCloud ----- gateway hosted access controller Figure 1 Controlled gateway 16-- Memory 22, .Filtering 32 -policies cache Processor |Traffic 26 24, inspectorP Messaging 28 LayerI Policy 30 manager Figure 2

Description

- 1 Network Filtering System and Method FIELD OF THE INVENTION The present invention relates to a network filtering system and method, of 5 particular but by no means exclusive application in internet filtering and, in particular, facilitating users of multi-device internet connection points to impose cloud hosted internet filters, including at the device level. BACKGROUND OF THE INVENTION 10 Access to information on the Internet has revolutionised the way households, educational institutions and businesses communicate, shop, and consume media & entertainment. This access has brought many benefits to consumers however it also presents situations where users can access material which is considered inappropriate by them or the provider of internet access to them. 15 For example, parents may want to restrict material available to their children or indeed any person accessing the internet from their home. A variety of methods are employed by the owners of internet connection points (e.g. home routers) and the owners of internet connected devices to control and 20 restrict access to the internet by end users. Content-control software, content filtering software, secure web gateways, censorware, web filtering software, content-censoring software, and content blocking software are terms describing software installed within computer 25 networks or within specific computing devices to restrict or control internet access. Generically such approaches can be described as "internet filtering". Internet filtering can be applied at various levels. For example it can be applied within a network eg through the internet service provider's carriage network or within an employer or school's computing network. This model can be 30 generically referred to as Network Filtering Restrictions can also be applied within a device through the installation of application software. This is called Client Filtering. As suggested by the above points there are a large range of approaches 35 individuals and organisations can use, seek out or be provided with to enable implementation of internet filtering. These approaches have various strengths, weaknesses and costs. 5280750_1 (GHMatters) P96784.AU -2 For individuals and small businesses internet filtering options are typically limited to Client Filtering software, because Network Filtering is not standard practice within internet and mobile service providers and such users typically do not have the capability to implement a private computing network and a 5 Network Filter. Whilst a large range of Client Filtering software is available typically individuals and small businesses do not use them or do not deploy them across all of their internet connected devices in a coherent fashion. This is due to the complexity 10 and limitations of Client Filtering solutions and include problems such as the difficulty non-technical users can have installing and maintaining software on all of their internet connected devices; the lack of standardised Client Filtering software that can apply across all device platforms; and the potential for skilled users to circumvent installed software. 15 Larger enterprises such as large employers and schools typically implement Network Filtering technology within their managed computing network. This typically suffices for their needs, but in some situations an enterprise's users may access the internet from networks that the enterprise does not control, 20 such as via mobile telephone networks, home access points and internet hotspots at cafes. This access may not suit the requirements of particular enterprises due to concerns around internet access and data fidelity risks. Some existing internet filters can be hosted in the cloud, but many users find it 25 difficult to have connected devices access and apply these filters. In fixed line internet situations, internet service providers typically do not provide network filtering but, even if they do, internet filtering is applied at the access point level and all users of that service will receive the same access 30 policies. Also, such environments may be expected to impose different filtering settings at different internet connection points. Additionally, mobile internet services typically provide no network filtering. One company, Kajeet, Inc., based in the United States of America, does provide a 35 service in which a network filter is applied. This enables customers to configure access restrictions on their mobile services. However, such restrictions are applied at a service level so do not always suit end users' needs. For example, if such a mobile device is used to provide a mobile hotspot, all users-including 5280750_1 (GHMatters) P96784.AU -3 of the hotspot-will receive the same internet access. SUMMARY OF THE INVENTION According to a first broad aspect of the invention, there is provided a system for 5 filtering of network content (such as internet content), comprising: a network gateway; a remote or cloud content filter; a remote or cloud access controller including filter policies; a user device database; and 10 a user device authenticator; wherein the network gateway is configured to receive a request for network content from a user device, to identify a MAC or equivalent address of the user device in the request, to pass the address of the user device to the user device authenticator for authentication, to assign to the user device a 15 network address allocated to the user device received from the authenticator for use in giving effect to the request, and to transmit the network address and the content request to the content filter; the authenticator is configured to authenticate the user device, to allocate the network address to the user device if authenticated, and to transmit 20 the network address to the network gateway; the access controller is configured to maintain the user device database and control the user device authenticator; and the content filter is configured to receive the network address and the request from the network gateway, and to respond by identifying from the 25 filtering policies any applicable policies that are applicable to the user device. Thus, the system enables owners of internet connection points to apply cloud managed internet access filters through potentially any internet connection point. The system, which may be in the form of an internet router with router 30 software or a remote server (acting as a cloud host) with access controller software, allows the creation of a virtual wide area network in which chosen internet filter policies can be sought and applied irrespective of device, device platform, access method or carriage provider. 35 Applications include where a parent or small business operator provides internet connectivity to others via WiFi hotspots (or routers) connected to the internet through either mobile or fixed internet services. 5280750_1 (GHMatters) P96784.AU -4 The filtering policies may be defined specifically for the user device, or for the network gateway (and hence by implication any user device attached to or attempting to communicate with the network via that network gateway), or both. 5 In one embodiment, the content filter is configured to enforce the applicable policies by permitting or denying the request. In another embodiment, the content filter is configured to transmit the applicable policies to the network gateway, and the network gateway is configured to 10 enforce the applicable policies by permitting or denying the request. In a certain embodiment, the network gateway includes a filter policy cache of previously enforced policies, and the network gateway is configured to enforce the previously enforced policies when applicable to the user device. 15 The filter policies may include default filter policies applicable when the access controller has no policy specific to the user device or to the network gateway. In one embodiment, the access controller includes the user device database 20 and the user device authenticator. The access controller may be configured or controllable to register the user device if the user device authenticator determines that the user device is unregistered. 25 In an embodiment, the access controller is controllable to create or modify filter policies applicable to the user device, applicable to the network gateway, or applicable to both the user device and the network gateway. 30 The system may comprise one or more further network gateways. According to a first broad aspect of the invention, there is provided a method of filtering of network content, comprising: a network gateway receiving a request for network content from a user 35 device; the network gateway identifying a MAC or equivalent address of the user device in the request; the network gateway passing the address of the user device to a user 5280750_1 (GHMatters) P96784.AU -5 device authenticator for authentication; the authenticator authenticating the user device; the authenticator authenticating the user device, allocating a network address to the user device if authenticated, and transmitting the network 5 address to the network gateway; the network gateway assigning the network address to the user device and transmitting the network address and the request to the content filter; the content filter receiving the network address and the request, and responding by identifying from the filtering policies any applicable policies that 10 are applicable to the user device. The method may comprise the content filter enforcing the applicable policies by permitting or denying the request. 15 In one embodiment, the method comprises the content filter transmitting the applicable policies to the network gateway, and the network gateway enforcing the applicable policies by permitting or denying the request. In an embodiment, the method comprises the network gateway storing 20 previously enforced policies, and enforcing the previously enforced policies when applicable to the user device. In a certain embodiment, the method comprises defining default filter policies applicable when the access controller has no policy specific to the user device 25 or to the network gateway. The method may comprise maintaining a user device database in the access controller. 30 In an embodiment, the method comprises the access controller registering the user device if the user device is unregistered. In another embodiment, the method includes creating or modifying filter policies applicable to the user device, applicable to the network gateway, or applicable 35 to both the user device and the network gateway. It should also be noted that any of the various features of each of the above aspects of the invention can be combined as suitable and desired. 5280750_1 (GHMatters) P96784.AU -6 BRIEF DESCRIPTION OF THE DRAWING In order that the present invention may be more clearly ascertained, embodiments will now be described, by way of example, with reference to the 5 accompanying drawing, in which: Figure 1 is a schematic diagram of an internet access control system according to an embodiment of the present invention, shown with the internet; Figure 2 is a schematic diagram of the controlled gateway of the system of figure 1; 10 Figure 3 is a schematic diagram of the access controller of the system of figure 1; and Figure 4A is a flow diagram of an internet session setup process according to an embodiment of the present invention; Figure 4B is a flow diagram of the method of filtering internet access in 15 which enforcement of filtering decisions is made in the cloud according to an embodiment of the present invention; and Figure 4C is a flow diagram of the method of filtering internet access in which enforcement of filtering decisions is made in a controlled gateway according to an embodiment of the present invention. 20 DETAILED DESCRIPTION OF THE EMBODIMENTS An internet access control system according to an embodiment of the present invention is shown schematically at 10 in figure 1, shown with a computer network in the form of the internet 12. System 10 includes one or more user 25 devices 14 (such as a computer, smartphone, tablet computer and gaming consoles, connectable to the internet via fixed or wireless network) of an end user, a controlled gateway 16, an access controller 18 that in this embodiment is hosted in the world wide web (also described as being hosted on the internet or 'cloud hosted'), and a cloud hosted internet filter in the form of cloud filter 20. 30 Controlled gateway 16 is a point of connection to the internet 12 that is controlled by an Administrator, comprising a network router connected to an internet service; the network router may be in the form of an ADSL, cable and or network router. An Administrator is a user that wishes to implement access 35 restrictions on devices connecting to the internet through his or her controlled gateway 16 and on devices owned by him or her; these devices may be, for example, devices used by him or her and/or by his or her family members. 5280750_1 (GHMatters) P96784.AU -7 System 10 is shown with one such controlled gateway 16, but it should be noted that systems according to the present invention will typically include a plurality of (and indeed many) such controlled gateways. Typically, system 10 would include a plurality of controlled gateways 16 each corresponding to plural 5 user devices 14, though only one controlled gateway 16 is shown for the sake of simplicity. Typically Administrators are parents, owners of household or small business owners; each would typically control such a controlled gateway and thereby administer a plurality of user devices (of, for example, a household). 10 Cloud filter 20 may be provided by a third party. Figure 2 is a schematic view of controlled gateway 16, which includes memory 22 for storing software and other data, and a processor 22 that includes various 15 components for carrying out the functions described below. These components may be implemented as software, firmware, hardware, or a combination of these, as will be apparent to the skilled person. Thus, processor 24 includes a traffic inspector 26, which inspects internet 20 bound traffic and identifies, in an internet resource location request (i.e. a request for internet content) the requested location, a controlled gateway identifier and the unique media access control address (otherwise known as the MAC address) of user device 14. 25 Processor 24 includes a messaging layer 28 for passing the information described above to access controller 18, and for receiving from access controller 18 and cloud filter 20 configuration settings including internet filter policies set by the Administrator for a particular user device 14 and controlled gateway 16. 30 Processor 24 also includes policy manager 30 for improving system performance, which can store local copies of the access and filtering policies stored in access controller 18 and cloud filter 20. Policy manager 30 may be updated from time to time when controlled gateway 16 connects to access 35 controller 16 or cloud filter 20. Such policies that may be updated include 5280750_1 (GHMatters) P96784.AU -8 obtaining a new access permission policy for a particular internet location for a particular user device 14 (from cloud filter 20) or obtaining an updated time limit on the caching of an access permission policy (from controlled gateway 16). 5 Figure 3 is a schematic view of access controller 18, which includes its own memory 36 for storing software and other data, and a processor 38 that includes various components for carrying out the functions described below. These components may also be implemented as software, firmware, hardware, or a combination of these, as will be apparent to the skilled person. 10 Memory 36 of access controller 18 has a user device database 40 of user devices 14 that have accessed the internet through any controlled gateway 16 of system 10. The user device database 40 registers each user device 14, and what controlled gateways 16 each user device 14 has been connected to. 15 Processor 38 of access controller 18 includes a database manager 42 that maintains user device database 40, including automatically populating user device database with new entries as new user devices are identified. Processor 38 also includes a user device registrar 44 that is operable by 20 Administrators to register user devices 14 and to associate these with subscriptions to cloud filter(s) 20. Processor 38 includes a gateway filter manager 46 operable by Administrators to set a default internet filter subscription for unknown (i.e. unregistered) user 25 devices 14 connecting through the particular controlled gateway 16. Administrators may also, through default filter enforcer 48 set the interaction between the user filter subscription settings 56 and default filter settings set in gateway filter manager 46. Administrators may choose to apply the gateway 30 default subscription to all user devices 14 connecting via that controlled gateway 16 or to apply the subscription set by the owner of a particular user device 14 (which may be another party) or to apply both the filter subscription 5280750_1 (GHMatters) P96784.AU -9 settings of user device 14 and the default gateway filter subscription (in effect applying the harshest of both policy sets). Additionally, processor 38 includes a caching manager 50 that is operable by 5 Administrators to set internet filter policy caching rules for particular controlled gateway(s) 16, and enforcement selector 52 operable by Administrators to set the enforcement level for internet filtering to be either Cloud Enforcement (discussed below by reference to figure 4B) or Local Enforcement (discussed below by reference to figure 4C). 10 Processor 38 also includes an authenticator 54 that authenticates requests from controlled gateway 16 and allocates an IP address for the internet session. Figures 4A, 4B and 4C are flow diagrams of various aspects of the use of 15 system 10, specifically, an internet session setup process, enforcement of filtering decisions in the cloud, and local enforcement of filtering decisions in a controlled gateway, respectively. Cloud enforcement and local enforcement are alternative processes for enforcing filtering policies. 20 Figure 4A is a flow diagram 60 of the session setup process that occurs the first time a user device 14 connects to the internet within an internet session. (An internet session is a period of continual connection to the internet for a specific user device 14.) 25 Referring to figure 4A, at 62 a user controls user device 14 to request an internet address. At 64, user device 14 connects to controlled gateway 16 and requests access to an internet resource. At 66, controlled gateway 16 receives this request and at 68 identifies request information including requested location, internet protocol and MAC address for the user device 14. At 70, 30 controlled gateway 16 opens a session with authenticator 54 within the access controller 18 and transmits this information to authenticator 54. At 72, authenticator 54 checks user device database 40 to determine if the user device 14 is known to controlled gateway 16, that is, whether this user device 14 has connected to this controlled gateway 16 previously. If at 74 user device 5280750_1 (GHMatters) P96784.AU -10 14 is determined to be unknown, processing continues at 76 where user device registrar 44 registers user device 14 in user device database 40, applying the default gateway subscription policy set in gateway filter manager 46, and sends an alert notification to the Administrator of controlled gateway 18 advising that 5 the default subscription has been applied and offering the Administrator the option of modifying the policy subscription. Processing then continues at 78. If, at step 74 user device 14 was determined to be known, processing continues at 78. 10 Thus, whether user device 14 is known or unknown, at 78 authenticator 54 identifies the appropriate policy subscription(s) to apply for this user device 14 at this controlled gateway 16 from the filter subscription settings 56. At 80, authenticator 54 sends to a network address (in the form of, in this example, an 15 IP address) for the internet session to the cloud filter 20 and a RADIUS Access Accept with IP address to controlled gateway 16. At 82, controlled gateway 16 assigns the IP address to the user device's internet session and thus the session is setup. Processing of this phase then 20 ends. System 10 proceeds to filtering via either the cloud enforcement model or local enforcement model as configured by Administrator in enforcement selector 52 and which is updated to the policy manager 30 when the controlled gateway 16 25 connects to access controller 18. Figure 4B is a flow diagram 90 of a 'cloud enforcement' filtering process, which is implemented for each new internet location request by a user device 14 connected to a controlled gateway 16 configured for cloud enforcement (in 30 enforcement selector 52). Referring to figure 4B, at 92 a user controls user device 14 to request an internet resource. At 94, user device 14 connects to controlled gateway 16 and 5280750_1 (GHMatters) P96784.AU - 11 requests access to the internet resource. At 96, controlled gateway 16 receives this request and at 98 identifies request information including requested location, internet protocol and MAC address for the user device 14. At 100, controlled gateway 16 checks filtering policies in filtering policies cache 32. If, 5 at 102, a cached policy is found to exist, processing continues at 104 where controlled gateway 16 applies that policy and either permits or denying the request (and in the latter case and if configured to do so by the Administrator, directs the user to a specific deny page). Processing then ends. 10 If, at step 102, a cached policy is not found to exist, processing continues at 106 where controlled gateway 16 sends the request with the IP address and related session information to the cloud filter 20 for enforcement. At 108, cloud filter 20 receives the request and, at 110, identifies the policies to apply for this user device 14 at this controlled gateway 16. At 112, cloud filter 20 enforces 15 the identified policies, so either accepts the request and transmits the request to the internet, or denies the request and-if configured to do so by the Administrator-directs user to a specific deny page. Processing then ends. Figure 4C is a flow diagram 120 of a 'local enforcement' filtering process, which 20 occurs for each new internet location request by a user device 14 connected to a controlled gateway 16 configured for local enforcement (in enforcement selector 52). Referring to figure 4C, at 122 a user controls user device 14 to request an 25 internet resource. At 124, user device 14 connects to controlled gateway 16 and requests access to the internet resource. At 126, controlled gateway 16 receives this request and, at 128, identifies request information including requested location, internet protocol and MAC address for the user device 14. At 130, controlled gateway 16 checks filtering policies in filtering policies cache 30 32. If, at 132, a cached policy is found to exist, processing continues at 134 where controlled gateway 16 applies the policy and hence either permits or denies the request (and, in the latter case and if configured to do so by the Administrator, directs user to a specific deny page). Processing then ends. 5280750_1 (GHMatters) P96784.AU -12 If, at step 132, a cached policy is not found to exist, processing continues at 136 where controlled gateway 16 sends the request with the IP address and related session information to the cloud filter 20 for a decision. At 138, cloud 5 filter 20 receives the request and, at 140, identifies the policies to apply and transmits these to controlled gateway 16 along with any applicable caching policies, such as time limits on caching. At 142, controlled gateway 16 updates the filtering policies in filtering policies cache 32 and, at 144, controlled gateway 16 enforces the decision, hence either accepting the request and transmitting 10 the request to the internet, or denying the request and-if configured to do so by the Administrator-directing the user to a specific deny page. In the preceding description of the invention and in the claims that follow, except where the context requires otherwise owing to express language or 15 necessary implication, the word "comprise" or variations such as "comprises" or "comprising" is used in an inclusive sense, that is, to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention. 20 Further, any reference herein to prior art is not intended to imply that such prior art forms or formed a part of the common general knowledge. 5280750_1 (GHMatters) P96784.AU

Claims (21)

1. A system for filtering of network content, comprising: a network gateway; 5 a remote or cloud content filter; a remote or cloud access controller including filter policies; a user device database; and a user device authenticator; wherein the network gateway is configured to receive a request for 10 network content from a user device, to identify a MAC or equivalent address of the user device in the request, to pass the address of the user device to the user device authenticator for authentication, to assign to the user device a network address allocated to the user device received from the authenticator for use in giving effect to the request, and to transmit the network address and the 15 content request to the content filter; the authenticator is configured to authenticate the user device, to allocate the network address to the user device if authenticated, and to transmit the network address to the network gateway; the access controller is configured to maintain the user device database 20 and control the user device authenticator; and the content filter is configured to receive the network address and the request from the network gateway, and to respond by identifying from the filtering policies any applicable policies that are applicable to the user device. 25
2. A system as claimed in claim 1, wherein the filtering policies are defined specifically for the user device.
3. A system as claimed in claim 1, wherein the filtering policies are defined for the network gateway. 30
4. A system as claimed in claim 1, wherein the content filter is configured to enforce the applicable policies by permitting or denying the request.
5. A system as claimed in claim 1, wherein the content filter is configured to 35 transmit the applicable policies to the network gateway, and the network gateway is configured to enforce the applicable policies by permitting or denying the request. 5280750_1 (GHMatters) P96784.AU -14
6. A system as claimed in claim 1, wherein the network gateway includes a filter policy cache of previously enforced policies, and the network gateway is configured to enforce the previously enforced policies when applicable to the user device. 5
7. A system as claimed in claim 1, wherein the filter policies include default filter policies applicable when the access controller has no policy specific to the user device or to the network gateway. 10
8. A system as claimed in claim 1, wherein the access controller includes the user device database and the user device authenticator.
9. A system as claimed in claim 1, wherein the access controller is configured or controllable to register the user device if the user device authenticator 15 determines that the user device is unregistered.
10. A system as claimed in claim 1, wherein the access controller is controllable to create or modify filter policies applicable to the user device, applicable to the network gateway, or applicable to both the user device and the 20 network gateway.
11. A system as claimed in claim 1, comprising one or more further network gateways. 25
12. A method of filtering of network content, comprising: a network gateway receiving a request for network content from a user device; the network gateway identifying a MAC or equivalent address of the user device in the request; 30 the network gateway passing the address of the user device to a user device authenticator for authentication; the authenticator authenticating the user device; the authenticator authenticating the user device, allocating a network address to the user device if authenticated, and transmitting the network 35 address to the network gateway; the network gateway assigning the network address to the user device and transmitting the network address and the request to the content filter; the content filter receiving the network address and the request, and 5280750_1 (GHMatters) P96784.AU -15 responding by identifying from the filtering policies any applicable policies that are applicable to the user device.
13. A method as claimed in claim 12, wherein the filtering policies are defined 5 specifically for the user device.
14. A method as claimed in claim 12, wherein the filtering policies are defined for the network gateway. 10
15. A method as claimed in claim 12, comprising the content filter enforcing the applicable policies by permitting or denying the request.
16. A method as claimed in claim 12, comprising the content filter transmitting the applicable policies to the network gateway, and the network gateway 15 enforcing the applicable policies by permitting or denying the request.
17. A method as claimed in claim 12, comprising the network gateway storing previously enforced policies, and enforcing the previously enforced policies when applicable to the user device. 20
18. A method as claimed in claim 12, comprising defining default filter policies applicable when the access controller has no policy specific to the user device or to the network gateway. 25
19. A method as claimed in claim 12, comprising maintaining a user device database in the access controller.
20. A method as claimed in claim 12, comprising the access controller registering the user device if the user device is unregistered. 30
21. A method as claimed in claim 12, including creating or modifying filter policies applicable to the user device, applicable to the network gateway, or applicable to both the user device and the network gateway. 5280750_1 (GHMatters) P96784.AU
AU2014100338A 2014-04-08 2014-04-08 Network Filtering System and Method Expired AU2014100338A4 (en)

Priority Applications (13)

Application Number Priority Date Filing Date Title
AU2014100338A AU2014100338A4 (en) 2014-04-08 2014-04-08 Network Filtering System and Method
SG11201607811QA SG11201607811QA (en) 2014-04-08 2015-04-08 A device management system
PCT/AU2015/000212 WO2015154133A1 (en) 2014-04-08 2015-04-08 A device management system
CA2944923A CA2944923A1 (en) 2014-04-08 2015-04-08 A device management system
EP21173083.3A EP3941016A1 (en) 2014-04-08 2015-04-08 A device management system
EP15777063.7A EP3130112B1 (en) 2014-04-08 2015-04-08 A device management system
NZ724638A NZ724638B2 (en) 2014-04-08 2015-04-08 A device management system
NZ763096A NZ763096A (en) 2014-04-08 2015-04-08 A device management system
AU2015245935A AU2015245935B2 (en) 2014-04-08 2015-04-08 A device management system
PH12016501848A PH12016501848A1 (en) 2014-04-08 2016-09-21 A device management system
US15/286,434 US10462149B2 (en) 2014-04-08 2016-10-05 Device management system
AU2019202203A AU2019202203B2 (en) 2014-04-08 2019-03-29 A device management system
US16/566,756 US11271941B2 (en) 2014-04-08 2019-09-10 Device management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2014100338A AU2014100338A4 (en) 2014-04-08 2014-04-08 Network Filtering System and Method

Publications (1)

Publication Number Publication Date
AU2014100338A4 true AU2014100338A4 (en) 2014-05-08

Family

ID=50628564

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2014100338A Expired AU2014100338A4 (en) 2014-04-08 2014-04-08 Network Filtering System and Method

Country Status (1)

Country Link
AU (1) AU2014100338A4 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016067165A1 (en) * 2014-10-27 2016-05-06 Telefonaktiebolaget L M Ericsson (Publ) Content filtering for information centric networks
US10397066B2 (en) 2014-10-27 2019-08-27 Telefonaktiebolaget Lm Ericsson (Publ) Content filtering for information centric networks

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016067165A1 (en) * 2014-10-27 2016-05-06 Telefonaktiebolaget L M Ericsson (Publ) Content filtering for information centric networks
US9762490B2 (en) 2014-10-27 2017-09-12 Telefonaktiebolaget L M Ericsson (Publ) Content filtering for information centric networks
US10397066B2 (en) 2014-10-27 2019-08-27 Telefonaktiebolaget Lm Ericsson (Publ) Content filtering for information centric networks

Similar Documents

Publication Publication Date Title
AU2019202203B2 (en) A device management system
US11263305B2 (en) Multilayered approach to protecting cloud credentials
US11363067B2 (en) Distribution and management of services in virtual environments
US20210360399A1 (en) Mobile authentication in mobile virtual network
US20190356634A1 (en) Cloud-based virtual private access systems and methods
US11129021B2 (en) Network access control
EP1942629B1 (en) Method and system for object-based multi-level security in a service oriented architecture
US20180115611A1 (en) Control of network connected devices
EP3750096B1 (en) Method and apparatus for managing service access authorization using smart contracts
US9690925B1 (en) Consumption control of protected cloud resources by open authentication-based applications in end user devices
WO2015121617A1 (en) Methods, apparatus and systems for processing service requests
US20140181895A1 (en) Off campus wireless mobile browser and web filtering system
CN109413080B (en) Cross-domain dynamic authority control method and system
US11588819B1 (en) System and methods for controlling accessing and storing objects between on-prem data center and cloud
US20240171576A1 (en) Identity proxy and access gateway
US20220021675A1 (en) Method of using dhcp host name to identify a unique device in absense of unique mac address in order to apply network firewall or access control rules
AU2014100338A4 (en) Network Filtering System and Method
US20240107294A1 (en) Identity-Based Policy Enforcement for SIM Devices
NZ724638B2 (en) A device management system

Legal Events

Date Code Title Description
FGI Letters patent sealed or granted (innovation patent)
MK22 Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry