WO2000068862A1 - A communications network access method and system - Google Patents

A communications network access method and system Download PDF

Info

Publication number
WO2000068862A1
WO2000068862A1 PCT/AU2000/000418 AU0000418W WO0068862A1 WO 2000068862 A1 WO2000068862 A1 WO 2000068862A1 AU 0000418 W AU0000418 W AU 0000418W WO 0068862 A1 WO0068862 A1 WO 0068862A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
access
session
computer device
network
data
Prior art date
Application number
PCT/AU2000/000418
Other languages
French (fr)
Inventor
Sydney Gordon Low
Peter Yandell
Original Assignee
Sharinga Networks Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements or protocols for real-time communications
    • H04L65/10Signalling, control or architecture
    • H04L65/1066Session control
    • H04L65/1069Setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/02Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/06Network-specific arrangements or communication protocols supporting networked applications adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/14Network-specific arrangements or communication protocols supporting networked applications for session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/14Network-specific arrangements or communication protocols supporting networked applications for session management
    • H04L67/142Network-specific arrangements or communication protocols supporting networked applications for session management provided for managing session state for stateless protocols; Signalling a session state; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/30Network-specific arrangements or communication protocols supporting networked applications involving profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. local area networks [LAN], wide area networks [WAN]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/02Communication control; Communication processing contains provisionally no documents
    • H04L29/06Communication control; Communication processing contains provisionally no documents characterised by a protocol
    • H04L29/0602Protocols characterised by their application
    • H04L29/06027Protocols for multimedia communication

Abstract

An access system including a connection system for connecting a computer device and establishing a connection session for accessing a public communications network, such as the Internet, a switch system having a plurality of access states, one of the access states being assigned to the session for at least part of the session, each access state determining network traffic receivable by the computer device, and a session manager for managing the session and assigning at least one of the access states during the session based on connection data for the session and access requests from the computer device. The access requests include requests for TCP/IP data, such as web pages, streaming audio and video, interactive chat sessions, e-mail or FTP sites, and the access state determines whether the computer device can receive the requested TCP/IP data. The data available on the public communications network is partitioned based on the access states, and the session manager is adapted to allocate the access states to different sessions handled by the switch system simultaneously and dynamically during each session.

Description

A COMMUNICATIONS NETWORK ACCESS METHOD AND SYSTEM

The present invention relates to a method and system for accessing a communications network, such as the Internet.

Most Internet users currently connect to the Internet via the equipment of an Internet service provider (ISP). The ISP provides remote access servers (RASs) which are able to communicate with remote computers of the users using modems and standard telephone lines. The remote computers and the RASs use standard software that executes a protocol, such as the point to point protocol (PPP), to allow the users to dial into the RASs and connect to the Internet. To achieve this, the connection or PPP software on the user's computer requires the user to enter unique authentication data, such as the user's login name and password, and this is transmitted to the ISP when the software dials and connects to the ISP equipment. If the ISP equipment determines that the authentication data is valid, the user's computer is connected and the user is allowed uninhibited access to the Internet. The user is accordingly free to view any desired web pages using a web browser on the user's computer.

The success of web sites on the Internet, particularly from a commercial perspective, is almost solely dependent on a site's ability to attract traffic to it. For this reason, a number of well known sites, such as Netscape's home page and the home pages of ISPs have been reconfigured to operate as communication "portals" to the Internet in the hope that users will continually revert to the sites to determine where to direct their browsers next. A number of sites have proved to be extremely lucrative, in the same manner as television stations which are able to attract large numbers of viewers. The current market value of companies such as Yahoo and Excite, which maintain high traffic volume sites, indicates how lucrative. As ISPs constitute a first point of connection for most Internet users, any steps or method which an ISP can implement to direct users to particular pages, rather than the user's own default home page, would be highly desirable. The present invention seeks to provide such method or at least provide a useful alternative.

In accordance with the present invention there is provided an access system including: 9 .

connection means for connecting a computer device and establishing a connection session for accessing a public communications network; switch means having a plurality of access states, one of the access states being assigned to the session for at least part of the session, each access state determining network traffic receivable by the computer device; and session managing means for managing the session and assigning at least one of the access states during the session based on connection data for the session and access requests from the computer device.

The present invention also provides an access system for a public communications network, such as the Internet, including: means for connecting a computer device and establishing a TCP IP session for access to the network; switch means having a plurality of access states, the access states determining the sites and pages which can be accessed by the computer device during the session; and means for managing the session to allocate at least one of the access states during the session.

The present invention also provides a communications network access system, including:

connection means for receiving a request from a computer device to connect to the network and for connecting the computer device to the network in response to the request; sending means for sending login data to the computer device after it is connected to the network, the login data being adapted to generate a login display on the computer device which allows entry of unique authentication data by a user of the device; and login means for receiving the unique authentication data entered by the user and for allowing the user to access the network using the computer device on determining that the authentication data is valid.

The present invention also provides a communications network access method, including: establishing a TCP/IP session with a computer device; and assigning access states during the session, the access states determining TCP/IP data received by the computer device.

The present invention also provides a communications network access method. including: connecting a computer device to a communications network; accessing data from affiliate locations on the network without an access charge: and accessing data from other locations on the network with an access charge.

The present invention also provides a communications network access method, including: receiving a request from a computer device to connect to the network; connecting the computer device to the network in response to the request; sending login data to the computer device after the connecting step, the login data being adapted to generate a login display on the computer device allowing entry of unique authentication data by a user of the device; receiving the unique authentication data entered on the computer; and allowing the user to access the network using the computer device when the authentication data is validated.

The present invention also provides a communications network access method, including: sending a request from a computer device to connect to a communications network, and being connected to the network in response to the request; receiving login data after being connected; generating a login display on the computer device, based on the login data, the display allowing entry of unique authentication data; sending unique authentication data entered on the computer device to the network; and obtaining access to the network after the authentication data is validated. A preferred embodiment of the present invention is hereinafter described, by way of example only with reference to the accompanying drawings, wherein:

Figure 1 is a block diagram of a preferred embodiment of a communications network access system;

Figure 2 is a block diagram of a server system of the access system;

Figure 3 is a flow diagram of a communications network access method of the access system;

Figure 4 is a diagram of a login page of the system and method; and

Figure 5 is a diagram of a customised home page of the system and method.

A communications access system, as shown in Figure 1, includes a plurality of remote access servers (RASs) 4, a layer four or higher switch 6, a database server 8, a web server system 10 and a router 12. The RASs 4 are provided to allow the computers 14 of remote users to dial into the system using standard telecommunication lines and modems and connect to the input ports of the RASs 4, respectively. On connection to a port of a RAS 4, the RAS 4 and the user's computer 14 establish a unique TCP IP session and the IP traffic for that session is switched by the switch 6. Once the user is authenticated or approved, as described below, the user's computer 14 is allowed to access requested data on the Internet 16. The web server system 10 is used to control pages presented to a user 14 connected to the RAS 4 and handle authentication using a member profile database maintained on the database server 8, as described below. A RADIUS (Remote Authentication Dial In User Service) authentication server 1 1 is also provided for use in authentication. As far as the user 14 is concerned, the equipment 4, 6, 8, 10, 1 1 and 12 of the access system is part of the Internet.

The equipment 4 to 12 preferably includes standard commercially available hardware and basic database, web server and Internet access software which is known to those skilled in the art and is used in the access systems of most ISPs. The equipment 4 to 12 then also includes unique program code to manage and control each session, as discussed below. The layer four or higher switch 6 is another exception. The switch 6 is normally used by ISPs to balance the traffic handled by the RASs 4. An example of a suitable layer four switch is the AceDirector AD3™ produced by Alteon WebSystems Inc. The access system differs from that offered by ISPs, as described belo , in that the layer four switch 6 is used to connect users to the web server system 10 and control access to the Internet 16 for the users 14 on the basis of a limited number of access states encoded in the switch 6. Alternatively the unique program code and the equipment 4 to 12 could be substituted, entirely or in part, by unique integrated circuits, such as ASICs, to execute the same functions.

The switch 6 controls access to the Internet 16 by assigning an access state to each TCP session, as identified by a respective IP address. The states are each defined by one or more access rules which are encoded in the switch 6. The rules define how the switch 6 is to direct IP traffic by executing pattern matching on the received traffic. For example, the states may include a login state, a portal state, a general state, an affiliate state, a registration state, and an allow state, as described below. A rule, for example, may be receive a first URL and redirect to a second URL or the rules may allow or deny access to a predetermined set or list of URLs. The state assigned to a given IP address is controlled by a control system 20, as shown in Figure 2. The web server system 10 includes the control system 20 and a web server 22, running Apache™, which maintains web pages for the access system.

When the user 14 wishes to connect to the Internet using the access system, the user 14 dials into the system using standard PPP software and is allocated a port at the RAS 4 which answers the call. On connecting to a RAS 4, the user 14 is assigned an IP address for the IP session. The IP address is allocated from an IP address pool which depends on the number which the user dialled to connect to the RAS 4. For example, the user may have a dial- in number which provides the user with free access to Internet web sites as part of a promotion, and the user 14 is assigned an IP address and port which signifies to the switch 6 that all traffic from that IP address is to be switched directly to the router 12 and out to the Internet 16. This would occur with all IP addresses within this pool being allocated to the allow state of the switch 6, described below. Other IP addresses assigned by the RASs 4 are initially allocated to a login state of the switch until the state is changed by the control system 20. Traffic with IP addresses assigned to the login state is all redirected to the control system 20 by switch 6. The control system 20. as shown in Figure 2. includes a RADIUS accounting server 30. a login server 32. a session coordinator 34, individual session managers 36, an authentication client 38, a redirector server 42 and a plan manager 44. The components 30 to 44 are all software components, but can if desired be partly or entirely replaced by application specific integrated circuits (ASICs). The control system 20 is configured to handle three different authentication scenarios:

(i) Legacy authentication using the RADIUS authentication server 11.

(ii) Authentication using a login display, e.g. browser based authentication.

(iii) No authentication required.

For the first scenario, the user 14 dials into the RASs 4 using standard PPP software and provides a username and password. Based on the dial in number used and the configuration of the PPP software, the RAS port assigned to handle the call will direct the data provided to the RADIUS authentication server 11 to authenticate the user based on the PPP username and the password. Once authenticated, the RADIUS authentication server 11 returns a connect status message to the RAS 4 and an IP address is assigned to the user. Based on the IP address, the switch 6 forwards from the RAS 4 the connect status message, the username, calling line identification (CLI) and the IP address to the control system 20. This data is processed by the RADIUS accounting server 30 which acknowledges the new connection for the IP address and accesses the database server 8 to record the connection time for the user. The RADIUS accounting server 30 acknowledges and monitors all connections and disconnections for IP addresses, and issues connection and disconnection messages to other components in the access system. The session coordinator 34 uses the connection data, together with profile data accessed from the member profile database for the user 14, to create an instance of a session manager 36 for the connection. The connection data passed to the session coordination 34 in the connect message includes the IP address, the usemame and the CLI. Session managers 36 are created for each connection or session, respectively, and provide instructions to the redirector server 42 to control the state at the switch 6 for the session.

A session manager 36 controls the traffic which the user can receive during the session by controlling the state of the switch for the user's IP address. The state control is executed on the basis of the user's member profile held in the member profile database of the server 8. The profile specifies which one of a limited number of access profiles the user belongs to. The access profiles each contain data which defines the access states that the user is able to enter. The different access states are encoded in the switch 6. On authentication of a TCP/IP session the session manager 36 for the session instructs the redirection server 42 to store data in the switch 6 indicating which one of the access states apply to the session. For example, during authentication the session is in a login state and can change to a general state or affiliate state once authentication has been completed.

In the second authentication scenario, the access system executes browser based authentication using the access procedure shown in Figure 3. The user is able to connect to the Internet by simply dialling into the access system using standard PPP software, at step 62, and the RASs 4 will automatically connect the user 14 without requiring the entry of any username or password. The user is automatically connected, an IP address assigned and a TCP session established, when the user dials into a port of a RAS 4 using predetermined call numbers. The system informs the user's computer 14 of the connection and the PPP software will display for the user the fact that the connection has been established and any other details associated with the connection, such as the data rate. The IP address is assigned from an address pool for immediate connection.

- Once the user is connected to the access system the switch 6 determines whether the user's machine 14 is requesting connection to another computer on the Internet 16, at step 64. The request for example, may be simply to the user's default home page when the user opens a web browser of the computer 14. The switch 6 then determines, at step 66 by checking a stored flag representing the switch state for the IP address, whether the user has been authenticated and that the state is not the login state. If the connection session is in the login state, the switch 6 connects the user 14 to a login page on the web server 22, and the control system 20 executes a login process 68. The login process 68 is similar to that for legacy authentication, in that the RAS accounting server 30 acknowledges that connection has occurred and a new session has been established for the IP address. Data for the session is passed to the session coordinator 34 to create an instance of a session manager 36 for the session. Based on the IP address, however, the session manager 36 determines that the user needs to be authenticated using browser based authentication and accordingly waits for the login server 32 to receive from the web server 22 details submitted on the login page shown in Figure 4. The login page presents the user with a number of options, which includes executing a registration process to become a new registered user, entering a username and password if already registered, or accessing help pages stored on the server 22. The page also includes a number of banner advertisements which may include links to other pages or web sites. To gain general access to the Internet 16, however, the user must enter a valid username and password combination which is authenticated by the control system 20. The login page allows the user to enter a username and password combination and then send the combination for authentication by clicking on the "sign in" button. Alternatively the combination may already be stored on the computer 14 by the user. The username and password combination is received by the session manager 36 for the session and the combination is forwarded to the authentication client 38. The authentication client 38 passes the combination to an authentication daemon 40 running on the database server 8. The authentication daemon checks the combination against stored combinations for users to determine if it is valid, identify the user and access the unique member profile for the user from the database server 8.

In the third authentication scenario, no authentication is required. In this scenario the user is allocated a telephone number to dial in on which corresponds to no authentication. The user is automatically connected, as for browser based authentication, and assigned an IP address from a pool for no authentication. Operation proceeds as described above for browser based authentication, except that the session manager 36 does not revert to the authentication client 38 to authenticate the user based on a username and password combination. The user is simply authenticated automatically by the session manager 36.

Once the user has been authenticated, either by the login process 28 or using the

RADIUS server 11. an individual session manager 36 uses the member profile data for the user to compile and send a customised home page, as shown in Figure 5 to the user 14. The customised home page may also include banner advertisements, in the same manner as for the login page. The session manager 36 instructs the redirector server 42 to change the state of the switch 6 to a portal state, after authentication, which directs the switch to connect to the URL for the customised home page or portal shown in Figure 5. Details concerning the user and customised home page data from the member profile are passed by the session manager 36 to the login server 32 for access by the Apache server 22 which controls compilation of the customised home page. Subsequently, the session manager 36 instructs the redirector server so as to divert the switch to one of the browsing states, either an affiliate state or a general state. For browser based authentication, as shown in Figure 3, the login authentication process is managed using the web browser of the user's machine 14. rather than the PPP software, and operation returns after the login process 68 to step 64. Accordingly, once the user reverts to step 64 and is determined at step 66 as having been authenticated, the switch 6 determines at step 70, on the basis of the access state for the session, whether the user is allowed to access a requested computer or service. If so, the user is granted access to the computer or service on the Internet 16 at step 62. If not, the user 14 is advised at step 64 of the access denial. The access denial can be communicated by connecting the user to a denial page of the Apache server 22.

A user 14 having a session which is in the affiliate state is allowed access, at no charge, to sites maintained by affiliates of the provider of the access system. The affiliate sites may be maintained on the Apache server 22 or on other servers of the Internet 16. The affiliate sites are all identified by URLs in the rules of the affiliate state. The affiliate sites can also be accessed using the links provided in the web pages of Figures 4 and 5. The rules for the affiliate state specify that access is denied to any URLs which do not belong to the affiliate sites. If however a user has a member profile that allows access to other sites on the Internet, the user is able to move to the general state. For these users, when a request is made to access a site other than an affiliate site, the user's browser is redirected by the switch 6 to an interim blank page on the Apache server 22 while the session manager 36 determines whether to instruct the redirector server 42 to change the state of the switch to the general state. The interim blank page contains code to trap the requested URL and pass the URL and a message to the login server 32 advising that the user is attempting to move from the affiliate state to the general state. This message is passed to the session manager 36, on the basis of the IP address, and the session manager 36 accesses the member's profile. If the session manager 36 determines on the basis of the profile that the user 14 is allowed to move the general state, a message is sent to the redirector server 42 to change the state of the switch to the general state for the session. A message is also sent from the manager 36 to the login server 32 advising that the user 14 is allowed to move to the trapped URL. The login server 32 sends a message to the Apache server 22 to forward the user 14 from the interim page to the page of the requested trapped URL. If access is denied, the URL of a denied page is used to substitute the trapped URL at the login server 32, and the user 14 is forwarded to the denial page.

Other access states are the registration state and the allow state. A session manager 36 will instruct the redirector server 42 to enter the switch into the registration state for a session when a user sends a message indicating they wish to register with the access system. This may be done when, for example, the user selects the registration option on the login page of Figure 4. In the registration state the switch 6 redirects the user 14 to registration pages on the Apache server 22 and the control system 20 collects the requested details on the pages from the user 14 for the user file in the database server 8. The user file normally includes the member profile data for the user which is initially established on the basis of the requested details. A session manager 36 will instruct the redirector server to cause the switch 6 to enter the allow state when the IP address indicates that the user 14 is to be provided with unrestricted access to the Internet 16 without any monitoring or charge.

- When the session is disconnected, the RAS 4 communicates disconnection to the RADIUS accounting server 30, which in turn advises the session manager 36. The manager 36 instructs the redirector server 42 to change the state of the switch to the login state for the IP address of the disconnected session.

The manner in which the user is charged is controlled by a plan manager 44 that is accessed by the session manager 36. The plan manager 44 maintains different charging plans which can be applied to users. For example, all users would not be charged for access to affiliate sites, but the rate of charge may differ for accesses when in the general state. For instance, users may be allocated a predetermined period of free access for pages to the general state and then charged at a set rate thereafter. The plan manager specifies the times and rates for the different plans, and this is accessed by the session managers 36 which monitor the time a user spends in different access states. The ultimate charge for a session is compiled by the session managers 36 and then stored against the user's file in the database server 8.

In addition to the hardware and software configuration variations for the access system discussed above, the operations executed by the switch 6 can be implemented by the following different system configurations. Firstly, the switch 6 can be replaced by a layer four switch and a proxy server. The layer four switch redirects all traffic from the RASs 4 to the proxy server which is connected to the router 12. The proxy server is also connected to the control system 20. The proxy server 10 is used to establish the different access states for each connection session, with the states being dynamically adjusted under the control of the control system 20. The proxy server also stores the rules defining each of the access states which it can provide for different sessions. Another alternative, instead of encoding the access states in the switch 6, is to provide software control logic with the switch 6 to define the different access states and store the associated rules for the states, and thereby handle redirection of traffic to the web server 22 or a proxy server, as required, depending on the access state and access requests made. The control logic communicates with the control system 20, as discussed above, to dynamically adjust the access states for different sessions.

The access method and system are particularly advantageous as they allow ISPs, at least initially, to dynamically control the pages viewed by a user. As a minimum, the user must, and cannot avoid, viewing the login or customised home page, as these are an integral part of the login process. This allows the ISP to present advertising information, and in particular present targeted advertising information based on the user's profile, which the ISP can guarantee that all of its users will not be able to avoid. The login and customised home pages therefore act as an entry portal for all users.

By also allowing all users to connect to the system, including users who are not registered, the ISP is able to present and provide free access to selected and predetermined Internet content and services. For example, the login page may include links to certain web pages that provide banking, stock trading or home shopping, and the user will not have to pay any fees to the ISP to access these pages. This allows the ISP to act as a free content provider for certain content, whilst charging a user to access other data on the Internet. To provide information to advertisers associated with the free content, the ISP can, if desired, still require and obtain certain information on and from users before providing the free content, and monitor their access.

Encoding the access states in the switch 6 also allows the ISP to restrict or allow access to selected content or services on the Internet, such as sports betting, adult orientated content or children's content.

Many modifications will be apparent for those skilled in the art without departing from the scope of the present invention as herein described with reference to the accompanying drawings.

Claims

CLAIMS:
1. An access system including: connection means for connecting a computer device and establishing a connection session for accessing a public communications network: switch means having a plurality of access states, one of the access states being assigned to the session for at least part of the session, each access state determining network traffic receivable by the computer device; and session managing means for managing the session and assigning at least one of the access states during the session based on connection data for the session and access requests from the computer device.
2. An access system as claimed in claim 1, wherein the session managing means is adapted to dynamically assign and adjust the access states during the session.
3. An access system as claimed in claim 1 , wherein the access states are defined by rules which determine locations of the network accessible by the computer device.
4. An access system as claimed in claim 3, wherein the switch means is adapted to redirect the computer to a predetermined network location based on the access state for the session.
5. An access system as claimed in claim 1, wherein the session is a TCP/IP session and the connection data includes an IP address for the session and/or profile data stored in the system for a user of the computer device.
6. An access system as claimed in claim 5, wherein the access requests include requests for TCP/IP data, such as web pages, streaming audio and video, interactive chat sessions, e- mail or FTP sites, and the access state determines whether the computer device can receive the requested TCP/IP data.
7. An access system as claimed in claim 1. wherein data available on the public communications network is partitioned based on the access states, and the session managing means is adapted to allocate the access states to different sessions handled by the switch means simultaneously and dynamically during each session.
8. An access system as claimed in claim 7, wherein the session managing means includes a connection manager to manage connection and disconnection of each session, a session coordinator to establish a session manager for each session, and session managers for each session to process the access requests collected by the access system and assign access states for the sessions.
9. An access system as claimed in claim 1 , wherein the access states include an affiliate access state that restricts access to locations on the network affiliated to a provider of the access system.
10. An access system as claimed in claim 1 , wherein the access states include a portal state that connects the computer device to a predetermined portal page.
11. An access system as claimed in claim 1 , wherein the access states include a login state, a registration state, a general browsing state which allows access to all locations on the network, and an allow state which allows access to all locations on the network without the user of the computer device providing authentication data.
12. An access system as claimed in claim 1, wherein the session managing means is adapted to allocate a number of the access states at respective times during the session.
13. An access system as claimed in claim 1 1 , wherein on disconnection of the session, the switch means reverts to the login access state.
14. An access system for a public communications network, such as the Internet, including: means for connecting a computer device and establishing a TCP/IP session for access to the network; switch means having a plurality of access states, the access states determining the sites and pages which can be accessed by the computer device during the session; and means for managing the session to allocate at least one of the access states during the session.
15. A communications network access system, including: connection means for receiving a request from a computer device to connect to the network and for connecting the computer device to the network in response to the request; sending means for sending login data to the computer device after it is connected to the network, the login data being adapted to generate a login display on the computer device which allows entry of unique authentication data by a user of the device; and login means for receiving the unique authentication data entered by the user and for allowing the user to access the network using the computer device on determining that the authentication data is valid.
16. A communications network access system as claimed in claim 15, wherein the connection means includes a switch having a set of access states encoded therein and the login means accesses profile data for the user to control access to the network using the switch and the profile data to determine one of the access states for the switch.
17. A communications network access system as claimed in claim 16, wherein the connection means includes a RAS.
18. A communications network access svstem as claimed in claim 17, wherein the sending means and login means includes a web server and a user database.
19. A communications network access method, including: establishing a TCP/IP session with a computer device; and assigning access stated' during the session, the access states determining TCP/IP data received by the computer device.
20. A communications network access method, including: connecting a computer device to a communications network; accessing data from affiliate locations on the network without an access charge; and accessing data from other locations on the network with an access charge.
21. A communications network access method, including: receiving a request from a computer device to connect to the network; connecting the computer device to the network in response to the request; sending login data to the computer device after the connecting step, the login data being adapted to generate a login display on the computer device allowing entry of unique authentication data by a user of the device; receiving the unique authentication data entered on the computer; and allowing the user to access the network using the computer device when the authentication data is validated.
22. A communications network access method as claimed in claim 21 , including accessing profile data for the user and controlling access to the network using the profile data.
23. A communications network access method as claimed in claim 22, wherein the profile data determines one of a set of access states encoded in a switch connecting the computer device to the network.
24. A communications network access method as claimed in claim 23, wherein the login display includes links to locations on the communications network for which entry of the authentication data is not required.
25. A communications network access method, including: sending a request from a computer device to connect to a communications network, and being connected to the network in response to the request; receiving login data after being connected; generating a login display on the computer device, based on the login data, the display allowing entry of unique authentication data; sending unique authentication data entered on the computer device to the network: and obtaining access to the network after the authentication data is validated.
26. Computer software including code for executing the steps of the method as claimed in any one of claims 19 to 25.
PCT/AU2000/000418 1999-05-06 2000-05-05 A communications network access method and system WO2000068862A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AUPQ0213 1999-05-06
AUPQ021399 1999-05-06
AUPQ3682 1999-10-27
AUPQ368299 1999-10-27

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP20000922334 EP1188138A1 (en) 1999-05-06 2000-05-05 A communications network access method and system
CA 2346855 CA2346855A1 (en) 1999-05-06 2000-05-05 A communications network access method and system
JP2000616570A JP2002544688A (en) 1999-05-06 2000-05-05 Communication network access method and system

Publications (1)

Publication Number Publication Date
WO2000068862A1 true true WO2000068862A1 (en) 2000-11-16

Family

ID=25646048

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/000418 WO2000068862A1 (en) 1999-05-06 2000-05-05 A communications network access method and system

Country Status (5)

Country Link
EP (1) EP1188138A1 (en)
JP (1) JP2002544688A (en)
CN (1) CN1346475A (en)
CA (1) CA2346855A1 (en)
WO (1) WO2000068862A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1288800A2 (en) 2001-08-31 2003-03-05 Mitel Knowledge Corporation Split browser
WO2003034691A1 (en) * 2001-10-15 2003-04-24 Kapsch Aktiengesellschaft Internet access system for taxing the downloading of contents of an internet server to a client computer
US8359289B1 (en) 1999-05-12 2013-01-22 Sydney Gordon Low Message processing system
US8560666B2 (en) 2001-07-23 2013-10-15 Hitwise Pty Ltd. Link usage
EP2577581A4 (en) * 2010-05-27 2016-01-06 Smith Micro Software Inc System and method for subsidized internet access through preferred partners
US9595051B2 (en) 2009-05-11 2017-03-14 Experian Marketing Solutions, Inc. Systems and methods for providing anonymized user profile data
US9767309B1 (en) 2015-11-23 2017-09-19 Experian Information Solutions, Inc. Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8266266B2 (en) 1998-12-08 2012-09-11 Nomadix, Inc. Systems and methods for providing dynamic network authorization, authentication and accounting
EP1222791B1 (en) * 1999-10-22 2005-06-01 Nomadix, Inc. System und method for redirecting users attempting to access a network site
JP4875154B2 (en) 2006-06-07 2012-02-15 クゥアルコム・インコーポレイテッドQualcomm Incorporated In the access network, maintenance of the global session state and local session state

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5560008A (en) * 1989-05-15 1996-09-24 International Business Machines Corporation Remote authentication and authorization in a distributed data processing system
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
US5696898A (en) * 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
WO1998041913A2 (en) * 1997-03-19 1998-09-24 Bascom Global Internet Services, Inc. Method and system for content filtering information retrieved from an internet computer network
US5889958A (en) * 1996-12-20 1999-03-30 Livingston Enterprises, Inc. Network access control system and process
WO1999059375A2 (en) * 1998-05-08 1999-11-18 Telefonaktiebolaget Lm Ericsson (Publ) Service provider access method and apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5560008A (en) * 1989-05-15 1996-09-24 International Business Machines Corporation Remote authentication and authorization in a distributed data processing system
US5696898A (en) * 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
US5889958A (en) * 1996-12-20 1999-03-30 Livingston Enterprises, Inc. Network access control system and process
WO1998041913A2 (en) * 1997-03-19 1998-09-24 Bascom Global Internet Services, Inc. Method and system for content filtering information retrieved from an internet computer network
WO1999059375A2 (en) * 1998-05-08 1999-11-18 Telefonaktiebolaget Lm Ericsson (Publ) Service provider access method and apparatus

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9407588B2 (en) 1999-05-12 2016-08-02 Iii Holdings 1, Llc Message processing system
US8359289B1 (en) 1999-05-12 2013-01-22 Sydney Gordon Low Message processing system
US9124542B2 (en) 1999-05-12 2015-09-01 Iii Holdings 1, Llc Message processing system
US9331918B2 (en) 2001-07-23 2016-05-03 Connexity, Inc. Link usage
US8560666B2 (en) 2001-07-23 2013-10-15 Hitwise Pty Ltd. Link usage
EP1288800A2 (en) 2001-08-31 2003-03-05 Mitel Knowledge Corporation Split browser
EP1288800A3 (en) * 2001-08-31 2009-02-18 Mitel Networks Corporation Split browser
WO2003034691A1 (en) * 2001-10-15 2003-04-24 Kapsch Aktiengesellschaft Internet access system for taxing the downloading of contents of an internet server to a client computer
US9595051B2 (en) 2009-05-11 2017-03-14 Experian Marketing Solutions, Inc. Systems and methods for providing anonymized user profile data
EP2577581A4 (en) * 2010-05-27 2016-01-06 Smith Micro Software Inc System and method for subsidized internet access through preferred partners
US9767309B1 (en) 2015-11-23 2017-09-19 Experian Information Solutions, Inc. Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria
US10019593B1 (en) 2015-11-23 2018-07-10 Experian Information Solutions, Inc. Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria

Also Published As

Publication number Publication date Type
JP2002544688A (en) 2002-12-24 application
CA2346855A1 (en) 2000-11-16 application
CN1346475A (en) 2002-04-24 application
EP1188138A1 (en) 2002-03-20 application

Similar Documents

Publication Publication Date Title
US7082532B1 (en) Method and system for providing distributed web server authentication
US5991796A (en) Technique for obtaining and exchanging information on world wide web
US7426530B1 (en) System and method for providing customers with seamless entry to a remote server
US6157636A (en) Network session management with gateway-directory services and authorization control
US6865680B1 (en) Method and apparatus enabling automatic login for wireless internet-capable devices
US6564327B1 (en) Method of and system for controlling internet access
US5845267A (en) System and method for billing for transactions conducted over the internet from within an intranet
US6466977B1 (en) Proxy on demand
US7146404B2 (en) Method for performing authenticated access to a service on behalf of a user
US6157648A (en) Network session management
US20020073182A1 (en) Method and apparatus for a smart DHCP relay
US6161128A (en) Internet based service control system allows telecommunications subscriber modifies telecommunications services through an internet gateway
US6412007B1 (en) Mechanism for authorizing a data communication session between a client and a server
US20030212887A1 (en) Maintaining authentication states for resources accessed in a stateless environment
US6356533B1 (en) Apparatus and method for selecting communication modes
US20060218629A1 (en) System and method of tracking single sign-on sessions
US20050015429A1 (en) Method and system for providing user control over receipt of cookies from e-commerce applications
US20060069782A1 (en) Method and apparatus for location-based white lists in a telecommunications network
US7069344B2 (en) Method and apparatus for coordinating a change in service provider between a client and a server
US7356694B2 (en) Security session authentication system and method
US7665130B2 (en) System and method for double-capture/double-redirect to a different location
US6753887B2 (en) Method and apparatus for dynamically displaying brand information in a user interface
US20010047414A1 (en) Dedicated private network service method having backup and loads-balancing functions
US20010012299A1 (en) Method and apparatus for continuous narrowcast of individualized information over a data network
US6442608B1 (en) Distributed database system with authoritative node

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 142473

Country of ref document: IL

WWE Wipo information: entry into national phase

Ref document number: 2000922334

Country of ref document: EP

ENP Entry into the national phase in:

Ref country code: CA

Ref document number: 2346855

Kind code of ref document: A

Format of ref document f/p: F

Ref document number: 2346855

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 511007

Country of ref document: NZ

WWE Wipo information: entry into national phase

Ref document number: 1020017004912

Country of ref document: KR

ENP Entry into the national phase in:

Ref country code: JP

Ref document number: 2000 616570

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 09890002

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1020017004912

Country of ref document: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 2000922334

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1020017004912

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 2000922334

Country of ref document: EP