CA2196867C - System and method for database access control - Google Patents
System and method for database access control Download PDFInfo
- Publication number
- CA2196867C CA2196867C CA002196867A CA2196867A CA2196867C CA 2196867 C CA2196867 C CA 2196867C CA 002196867 A CA002196867 A CA 002196867A CA 2196867 A CA2196867 A CA 2196867A CA 2196867 C CA2196867 C CA 2196867C
- Authority
- CA
- Canada
- Prior art keywords
- access
- resources
- network
- user identification
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Abstract
A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific users (107,108,109) from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet) The invention employs a relational database (114) to determine access rights, and this databas e (114) may be readily updated and modified by an administrator. Within this relational database (114) specific resource identifiers (i.e, URLs) are classifi ed as being in a particular access group. The relational database (114) is arranged so that for each user (107,108,109) of the system a request for a particular resour ce (102,103,104,105) will only be passed on from the local network (110) to a serve r providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user (101,108,109) has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as a part of a proxy server within the user's local network. (110)
Description
Z 19 6~~7 SYSTEM AND METHOD FOR DATABASE ACCESS CONTROL
The invention relates to controlling database access and, more particularly, to selectively providing such control with respect to otherwise public databases .
Background Of The Invention Files or other resources on computers around the world may be made publicly available to users of other computers through the collection of networks to known as the Internet. The collection of all such publicly available resources, linked together using files written in Hypertext Mark-up Language ("HTML"), is known as the World Wide Web ("WWW").
A user of a computer that is connected to the Internet may cause a program known as a client to request resources that are part of the WWW.
Server programs then process the requests to return the specified resources (assuming they are currently available). A standard naming convention has been adopted, known as a Uniform Resource Locator ("URL"). This convention encompasses several types of location names, presently including subclasses such as Hypertext Transport Protocol ("http"), File Transport Protocol ("ftp"), gopher, and Wide Area 2o Information Service ("WAIS"). When a resource is downloaded, it may include the URLs of additional resources. Thus, the user of the client can easily learn of the existence of new resources that he or she had not specifically requested.
The various resources accessible via the WWW are created and maintained by many different people on computers around the world, with no 2s centralized control of content. As particular types of information or images contained in this uncontrolled information collection may not be suitable for certain users, it may be desirable to selectively restrict access to WWW resources.
For example, parents or school teachers might wish to have children access useful information, but not obscene material (which the children may be exposed to as a 3o result of innocent exploration of the WWW, or through the incidental downloading of a URL). Another example is the case of school teachers who would like their students to access just a particular group of resources during a class meeting. A
The invention relates to controlling database access and, more particularly, to selectively providing such control with respect to otherwise public databases .
Background Of The Invention Files or other resources on computers around the world may be made publicly available to users of other computers through the collection of networks to known as the Internet. The collection of all such publicly available resources, linked together using files written in Hypertext Mark-up Language ("HTML"), is known as the World Wide Web ("WWW").
A user of a computer that is connected to the Internet may cause a program known as a client to request resources that are part of the WWW.
Server programs then process the requests to return the specified resources (assuming they are currently available). A standard naming convention has been adopted, known as a Uniform Resource Locator ("URL"). This convention encompasses several types of location names, presently including subclasses such as Hypertext Transport Protocol ("http"), File Transport Protocol ("ftp"), gopher, and Wide Area 2o Information Service ("WAIS"). When a resource is downloaded, it may include the URLs of additional resources. Thus, the user of the client can easily learn of the existence of new resources that he or she had not specifically requested.
The various resources accessible via the WWW are created and maintained by many different people on computers around the world, with no 2s centralized control of content. As particular types of information or images contained in this uncontrolled information collection may not be suitable for certain users, it may be desirable to selectively restrict access to WWW resources.
For example, parents or school teachers might wish to have children access useful information, but not obscene material (which the children may be exposed to as a 3o result of innocent exploration of the WWW, or through the incidental downloading of a URL). Another example is the case of school teachers who would like their students to access just a particular group of resources during a class meeting. A
2 2i'~686~
third example is businesses that would like their employees to access only work-related resources, but not to spend their time on other WWW explorations. In general, a particular user might need to be restricted to different resources at different times, as in the case of a student restricted to different sets of resources during classes on different subjects.
Some authorities such as schools ask the users to abide by a policy statement by which they agree to restrict their exploration of the WWW, for example, by agreeing not to download obscene material. However, voluntary compliance with such a policy will not prevent the accidental downloading of 1o resources that are not readily identifiable as forbidden or inappropriate prior to downloading and viewing.
Naturally, technical solutions such as "firewalls" are also available to limit or impede access to the WWW and Internet. These firewalls are software-based gateways that are commonly installed to protect computers on a local area is network ("LAN") from being attacked by outsiders. One effect of installing a firewall is that WWW clients can no longer directly contact WWW servers.
typically, this proves too restrictive, and users resort to "proxy servers"
that are directly contacted by WWW clients. These proxy servers have special abilities to forward requests through the firewall, and thereby provide communication to and 2o from servers on the Internet. For efficiency, a proxy server may also cache some resources locally. Current clients and proxy servers yield access to every public resource in the WWW. -- They are not configured to allow a particular user to request some resources, while preventing access by that user to other resources.
Some "filtering" of the available WWW resources may be effected 25 within systems that offer indirect access. In these systems an information provider would download resources from the WWW and maintain copies of the resources.
Users would access these copies. The information provider can review the resources as they are obtained from the WWW, and edit out any inappropriate or obscene material prior to making the resource available to users. A
disadvantage of 3o this scheme is that the material provided by the information provider may be out-of date compared to the original resource on the WWW.
~i95861 In an alternate scheme of "filtered" access to WWW resources, a proxy server provides a user with a menu of allowed resources that may be accessed, and users can obtain any resources that can be reached by a series of links from the menu resources. The user is only permitted to request URLs via this menu. This particular method has two disadvantages. First, many resources must be excluded from the menu because they contain links to inappropriate material, even though they themselves might be acceptable. Second, a resource may change over time to include new links that might lead to inappropriate material, and thereby provide a user with an unintended pathway of access to such.
to In still another method of "filtered" access to WWW resources, the client or proxy server checks each resource for a list of disallowed words (i.e.;
obscenities; sexual terms, etc.) and shows the user only those resources that are free of these words. However, this method does not permit filtering of images and does not prohibit resources that might be inappropriate due to content other than specific words.
Yet another means of protecting users from inappropriate or obscene materials has been established by the computer and video game manufacturers.
The games are voluntarily rated on the dimensions of violence, nudity/sex, and language. Although such conventions have not yet been adopted in the WWW, the 2o analog would be to add such ratings to WWW resources, presumably with digital signatures to prevent forgery. A WWW client could then, if so programmed, choose not to save or display any resource that is unrated or has an unacceptable rating for the given audience. The disadvantage of this scheme is the need to convince the many people who provide useful servers (often on a non-professional or pro bono basis) to coordinate with a rating panel.
All of the present systems for limiting user access to an uncontrolled public database resources, such as those available on the WWW, have obvious shortcomings. Presently, there exists no simple means for an authority (i.e.;
teacher, supervisor, system administrator, etc.) to selectively control WWW
access 3o by one or more users, without significantly impairing the users' ability to communicate with the Internet.
Summary of the Invention The present invention overcomes the deficiencies of prior schemes for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the W W W and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URL,s) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as part of a proxy server within the user's local network.
In accordance with one aspect of the present invention there is provided a system for selectively controlling network access to one or more resources through a firewall server, the system comprising: a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers; a processor contained within a network proxy server and adapted to receive a request for network access to one or more particular network resources through the firewall server, said request including a user identification code, said processor being further adapted to query said relational database, and execute said request for network access to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources, said relational database and said proxy server being operable at a location remote from the firewall server.
4a In accordance with another aspect of the present invention there is provided a method for selectively controlling network access to one or more particular resources through a firewall server, the method comprising the steps of:
receiving at a network proxy server a request for access to one or more particular network resources, wherein said request includes a user identification code and at least one resource identifier, said network proxy server being operable at a location remote from the firewall server; comparing at said network proxy server said received request for access to a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers, said relational database being operable at a location remote from the firewall server; executing, via said network proxy server, said request for network access through the firewall server to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources.
Brief Description of the Drawings FIG. 1 is a simplified diagram of an exemplary system embodying the invention; and FIG. 2 is a simplified diagram depicting an alternate arrangement of the system of FIG. 1 facilitating the recognition of user/user terminal classes.
Detailed Description of the Invention FIG. 1 is a simplified diagram of an exemplary system embodying the invention. As shown, the system includes public network 100, network resources 101-105, and user site 106. Particular users at user site 106 gain access to public network 100 via user terminals 107, 108 and 109. Each of these user terminals is linked by local area network ("LAN") 110 to processor 111 within proxy server 112. Finally, proxy server 112 provides a connection from processor 111 to public network 100 via firewall 113.
Requests from user terminals 107-109 for access to network resources (101-105) through public network 100 are submitted to processor 111 within proxy server 112. In this particular embodiment of the invention, the submitted requests are assumed to be in the form of URLs. As is well known in the 5 art, when URLs are submitted to a proxy server, the particular requesting user terminal is identified to the proxy server by an identification header attached to the URL. For the system shown in FIG. 1, the identification code for user terminal 107 is IDIOM, the identification code for user terminal 108 is IDIOB, and the identification code for user terminal 109 is IDlog. In addition, within the system of to FIG. 1, URLs designated as URLIOn URLIO2, URLlo3, URLlo4 and URLIOS~
represent requests for information from network resources 101, 102, 103, 104 and 105, respectively.
Upon receipt of an incoming URL, processor 111 is programmed to determine the identity of the requesting user terminal from the URL header.
This ~ s identification information is then utilized by processor 111 to cross-reference the received URL with information stored in relational database 114. Relational database 114 contains a listing of user terminal identification codes (IDIOM, IDlos IDlog), each of which is associated with one or more URL designations. This relational listing specifies the particular URLs that may be transmitted from a given 2o user terminal to access network resources. As shown, the allowable URLs for user terminal 107 are URLIOU URLlo2 and URLIOS; the allowable URLs for user terminal 108 are URLlo2 and URLlo4; and the allowable URLs for user terminal are URLIOi, URLio2, URLio3, URLio4 and URLIOS. The information stored in relational database 114 would be under the control of some resident authority at 25 user site 106 (i.e.; a system administrator, or site supervisor empowered to make determinations as to the various URLs that can be accessed from a given user terminal).
Within the system of FIG. l, when a requesting user terminal transmits a URL associated with that particular terminal's identification code within 3o relational database 114 to processor 111, the request for information represented by that URL is sent to public network 100. For example, upon receipt of a URL
from user terminal 107 requesting information from network resource 102, processor 219b861 would access relational database 114, and thereby determine that URLI~ was indeed an allowable request. Following this determination, processor 111 would forward URLI~, to public network 100 via firewall 113. Contrastingly, if a URL
that is not associated with the requesting terminal identification code within relational database 114 is received by processor 111, that request for information is denied. For instance, if URLI~ is received by processor 111 from user terminal 107, relational database 114 is accessed. Since URLI~ is not one of the URLs associated with user terminal identification code ID1~ within relational database 114, processor 111 denies the request for information, and no URL is sent to public 1 o network 100.
In the particular embodiment described above, relational database 114 stores a list of user terminal identification codes and the various URLs that each user terminal should be allowed to transmit to public network 100. It will be understood that the invention could be modified so that the list of associated URLs t 5 associated with a given user terminal identification code serves as a list of URLs that that particular user terminal is not permitted to contact. This restrictive listing functionality could be readily facilitated by reprogramming processor 111. In addition, the invention could be modified so that the identification codes recognized by processor 111 and stored in relational database 114 are user specific, as opposed 2o to user terminal specific. In other words, the system of FIG. 1 could be modified so that a particular individual using a terminal is identified to the system by a personal password or other identifying code. Access or denial of the transmission of particular URLs is effected by the system as a function of that person's identity, regardless of the particular user terminal they may be utilizing.
25 The processor and relational database within the proxy server of the invention could also be modified to recognize classes of users and/or user terminals.
There could be any number of user terminals or users with a given class accessing the proxy server at a particular user site. When any of the user terminals or users within a given class transmits a URL to the proxy server, the processor within the 3o proxy server accesses the relational database and determine if the specific URL
represents an allowable request for a user/user terminal in the identified class. FIG.
2 shows an alternate embodiment of the invention, which is similar to the system illustrated in FIG. I, that facilitates the recognition of users/user terminal classes.
As shown, the system of FIG. 2 includes public network 200, network resources 201-205, user terminals 207-210, LAN 211, processor 212, proxy server 213, and firewall 214. The operation of the system of FIG. 2 is substantially similar to that of FIG. I, however, two of the user terminals, 207 and 208, are grouped in a single class. This grouping is reflected in the configuration of relational database 215.
Within relational database 215 the identification code IDZO."zo8 relates to both user terminal 207 and user terminal 208. When a URL from either user terminal 207 or 208 is received at processor 212, the same listing of associated URLs is accessed.
--Both of these terminals are granted or denied access to the same group of URLs (URL~o,, URL,o, and URL,os)~
The relational database utilized in systems facilitating the invention could also be configured so that information indicative of allowable resource access is arranged to conform to resources that are configured in a tree structure format.
The relational database would include a listing of directory and/or subdirectory identifiers that a particular user or user group would be granted or denied access to.
For example, such a system could be implemented for requests formulated as a set of strings by means of grouping conventions such as parentheses together with special symbols for operations such as repetition and union; regular expressions are well known to people skilled in the art. A regular expression rule consists of a regular expression together with a specification of inclusion or exclusion for one or more users/user terminals. Standard techniques for determining whether a string of symbols matches a regular expression can be applied to determine whether a particular URL matches a regular expression; such techniques are familiar to those skilled in the art.
More generally, the URL http://ourschool.edu/history/* is a regular expression that specifies all resources within the directory http://ourschool.edu/history or its tree of subdirectories (a resource containing information relevant to a particular school's history course). In this case, a notation for regular expressions is employed that is typical of UNIX shell languages, ~1~63b?
g wherein "*" represents any string of symbols, including the empty string. The URL http://ourschool.edu/subject/*answer* specifies any resources within the directory http://ourschool.edu/subject (or its tree of subdirectories) that contain "answer" in their names. Access to the "answer" resources would most likely be restricted to instructors (i.e., students would not be able to view the answers). In order to specify that students be allowed to view "history" resources, but excluded from "history answer" resources, the relational database would store the following with expression rules that would be associated with student identification codes:
+ http://ourschool.edu/history/*
to - http://ourschool.edu/history/*answer*
The notation "+" indicates a grant of access to a resource, and the "-"
indicates a restriction.
Yet another modification of the invention would permit the system to accept requests from users/user terminals that are in a format other than a URL.
The relational database would merely have to be modified to store sets of information indicative of the particular type of request format being employed, and associated with a particular user class.
It will be understood that the particular system and method described above is only illustrative of the principles of the present invention, and that various 2o modifications could be made by those skilled in the art without departing from the scope and spirit of the present invention, which is limited only by the claims that follow.
third example is businesses that would like their employees to access only work-related resources, but not to spend their time on other WWW explorations. In general, a particular user might need to be restricted to different resources at different times, as in the case of a student restricted to different sets of resources during classes on different subjects.
Some authorities such as schools ask the users to abide by a policy statement by which they agree to restrict their exploration of the WWW, for example, by agreeing not to download obscene material. However, voluntary compliance with such a policy will not prevent the accidental downloading of 1o resources that are not readily identifiable as forbidden or inappropriate prior to downloading and viewing.
Naturally, technical solutions such as "firewalls" are also available to limit or impede access to the WWW and Internet. These firewalls are software-based gateways that are commonly installed to protect computers on a local area is network ("LAN") from being attacked by outsiders. One effect of installing a firewall is that WWW clients can no longer directly contact WWW servers.
typically, this proves too restrictive, and users resort to "proxy servers"
that are directly contacted by WWW clients. These proxy servers have special abilities to forward requests through the firewall, and thereby provide communication to and 2o from servers on the Internet. For efficiency, a proxy server may also cache some resources locally. Current clients and proxy servers yield access to every public resource in the WWW. -- They are not configured to allow a particular user to request some resources, while preventing access by that user to other resources.
Some "filtering" of the available WWW resources may be effected 25 within systems that offer indirect access. In these systems an information provider would download resources from the WWW and maintain copies of the resources.
Users would access these copies. The information provider can review the resources as they are obtained from the WWW, and edit out any inappropriate or obscene material prior to making the resource available to users. A
disadvantage of 3o this scheme is that the material provided by the information provider may be out-of date compared to the original resource on the WWW.
~i95861 In an alternate scheme of "filtered" access to WWW resources, a proxy server provides a user with a menu of allowed resources that may be accessed, and users can obtain any resources that can be reached by a series of links from the menu resources. The user is only permitted to request URLs via this menu. This particular method has two disadvantages. First, many resources must be excluded from the menu because they contain links to inappropriate material, even though they themselves might be acceptable. Second, a resource may change over time to include new links that might lead to inappropriate material, and thereby provide a user with an unintended pathway of access to such.
to In still another method of "filtered" access to WWW resources, the client or proxy server checks each resource for a list of disallowed words (i.e.;
obscenities; sexual terms, etc.) and shows the user only those resources that are free of these words. However, this method does not permit filtering of images and does not prohibit resources that might be inappropriate due to content other than specific words.
Yet another means of protecting users from inappropriate or obscene materials has been established by the computer and video game manufacturers.
The games are voluntarily rated on the dimensions of violence, nudity/sex, and language. Although such conventions have not yet been adopted in the WWW, the 2o analog would be to add such ratings to WWW resources, presumably with digital signatures to prevent forgery. A WWW client could then, if so programmed, choose not to save or display any resource that is unrated or has an unacceptable rating for the given audience. The disadvantage of this scheme is the need to convince the many people who provide useful servers (often on a non-professional or pro bono basis) to coordinate with a rating panel.
All of the present systems for limiting user access to an uncontrolled public database resources, such as those available on the WWW, have obvious shortcomings. Presently, there exists no simple means for an authority (i.e.;
teacher, supervisor, system administrator, etc.) to selectively control WWW
access 3o by one or more users, without significantly impairing the users' ability to communicate with the Internet.
Summary of the Invention The present invention overcomes the deficiencies of prior schemes for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the W W W and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URL,s) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as part of a proxy server within the user's local network.
In accordance with one aspect of the present invention there is provided a system for selectively controlling network access to one or more resources through a firewall server, the system comprising: a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers; a processor contained within a network proxy server and adapted to receive a request for network access to one or more particular network resources through the firewall server, said request including a user identification code, said processor being further adapted to query said relational database, and execute said request for network access to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources, said relational database and said proxy server being operable at a location remote from the firewall server.
4a In accordance with another aspect of the present invention there is provided a method for selectively controlling network access to one or more particular resources through a firewall server, the method comprising the steps of:
receiving at a network proxy server a request for access to one or more particular network resources, wherein said request includes a user identification code and at least one resource identifier, said network proxy server being operable at a location remote from the firewall server; comparing at said network proxy server said received request for access to a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers, said relational database being operable at a location remote from the firewall server; executing, via said network proxy server, said request for network access through the firewall server to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources.
Brief Description of the Drawings FIG. 1 is a simplified diagram of an exemplary system embodying the invention; and FIG. 2 is a simplified diagram depicting an alternate arrangement of the system of FIG. 1 facilitating the recognition of user/user terminal classes.
Detailed Description of the Invention FIG. 1 is a simplified diagram of an exemplary system embodying the invention. As shown, the system includes public network 100, network resources 101-105, and user site 106. Particular users at user site 106 gain access to public network 100 via user terminals 107, 108 and 109. Each of these user terminals is linked by local area network ("LAN") 110 to processor 111 within proxy server 112. Finally, proxy server 112 provides a connection from processor 111 to public network 100 via firewall 113.
Requests from user terminals 107-109 for access to network resources (101-105) through public network 100 are submitted to processor 111 within proxy server 112. In this particular embodiment of the invention, the submitted requests are assumed to be in the form of URLs. As is well known in the 5 art, when URLs are submitted to a proxy server, the particular requesting user terminal is identified to the proxy server by an identification header attached to the URL. For the system shown in FIG. 1, the identification code for user terminal 107 is IDIOM, the identification code for user terminal 108 is IDIOB, and the identification code for user terminal 109 is IDlog. In addition, within the system of to FIG. 1, URLs designated as URLIOn URLIO2, URLlo3, URLlo4 and URLIOS~
represent requests for information from network resources 101, 102, 103, 104 and 105, respectively.
Upon receipt of an incoming URL, processor 111 is programmed to determine the identity of the requesting user terminal from the URL header.
This ~ s identification information is then utilized by processor 111 to cross-reference the received URL with information stored in relational database 114. Relational database 114 contains a listing of user terminal identification codes (IDIOM, IDlos IDlog), each of which is associated with one or more URL designations. This relational listing specifies the particular URLs that may be transmitted from a given 2o user terminal to access network resources. As shown, the allowable URLs for user terminal 107 are URLIOU URLlo2 and URLIOS; the allowable URLs for user terminal 108 are URLlo2 and URLlo4; and the allowable URLs for user terminal are URLIOi, URLio2, URLio3, URLio4 and URLIOS. The information stored in relational database 114 would be under the control of some resident authority at 25 user site 106 (i.e.; a system administrator, or site supervisor empowered to make determinations as to the various URLs that can be accessed from a given user terminal).
Within the system of FIG. l, when a requesting user terminal transmits a URL associated with that particular terminal's identification code within 3o relational database 114 to processor 111, the request for information represented by that URL is sent to public network 100. For example, upon receipt of a URL
from user terminal 107 requesting information from network resource 102, processor 219b861 would access relational database 114, and thereby determine that URLI~ was indeed an allowable request. Following this determination, processor 111 would forward URLI~, to public network 100 via firewall 113. Contrastingly, if a URL
that is not associated with the requesting terminal identification code within relational database 114 is received by processor 111, that request for information is denied. For instance, if URLI~ is received by processor 111 from user terminal 107, relational database 114 is accessed. Since URLI~ is not one of the URLs associated with user terminal identification code ID1~ within relational database 114, processor 111 denies the request for information, and no URL is sent to public 1 o network 100.
In the particular embodiment described above, relational database 114 stores a list of user terminal identification codes and the various URLs that each user terminal should be allowed to transmit to public network 100. It will be understood that the invention could be modified so that the list of associated URLs t 5 associated with a given user terminal identification code serves as a list of URLs that that particular user terminal is not permitted to contact. This restrictive listing functionality could be readily facilitated by reprogramming processor 111. In addition, the invention could be modified so that the identification codes recognized by processor 111 and stored in relational database 114 are user specific, as opposed 2o to user terminal specific. In other words, the system of FIG. 1 could be modified so that a particular individual using a terminal is identified to the system by a personal password or other identifying code. Access or denial of the transmission of particular URLs is effected by the system as a function of that person's identity, regardless of the particular user terminal they may be utilizing.
25 The processor and relational database within the proxy server of the invention could also be modified to recognize classes of users and/or user terminals.
There could be any number of user terminals or users with a given class accessing the proxy server at a particular user site. When any of the user terminals or users within a given class transmits a URL to the proxy server, the processor within the 3o proxy server accesses the relational database and determine if the specific URL
represents an allowable request for a user/user terminal in the identified class. FIG.
2 shows an alternate embodiment of the invention, which is similar to the system illustrated in FIG. I, that facilitates the recognition of users/user terminal classes.
As shown, the system of FIG. 2 includes public network 200, network resources 201-205, user terminals 207-210, LAN 211, processor 212, proxy server 213, and firewall 214. The operation of the system of FIG. 2 is substantially similar to that of FIG. I, however, two of the user terminals, 207 and 208, are grouped in a single class. This grouping is reflected in the configuration of relational database 215.
Within relational database 215 the identification code IDZO."zo8 relates to both user terminal 207 and user terminal 208. When a URL from either user terminal 207 or 208 is received at processor 212, the same listing of associated URLs is accessed.
--Both of these terminals are granted or denied access to the same group of URLs (URL~o,, URL,o, and URL,os)~
The relational database utilized in systems facilitating the invention could also be configured so that information indicative of allowable resource access is arranged to conform to resources that are configured in a tree structure format.
The relational database would include a listing of directory and/or subdirectory identifiers that a particular user or user group would be granted or denied access to.
For example, such a system could be implemented for requests formulated as a set of strings by means of grouping conventions such as parentheses together with special symbols for operations such as repetition and union; regular expressions are well known to people skilled in the art. A regular expression rule consists of a regular expression together with a specification of inclusion or exclusion for one or more users/user terminals. Standard techniques for determining whether a string of symbols matches a regular expression can be applied to determine whether a particular URL matches a regular expression; such techniques are familiar to those skilled in the art.
More generally, the URL http://ourschool.edu/history/* is a regular expression that specifies all resources within the directory http://ourschool.edu/history or its tree of subdirectories (a resource containing information relevant to a particular school's history course). In this case, a notation for regular expressions is employed that is typical of UNIX shell languages, ~1~63b?
g wherein "*" represents any string of symbols, including the empty string. The URL http://ourschool.edu/subject/*answer* specifies any resources within the directory http://ourschool.edu/subject (or its tree of subdirectories) that contain "answer" in their names. Access to the "answer" resources would most likely be restricted to instructors (i.e., students would not be able to view the answers). In order to specify that students be allowed to view "history" resources, but excluded from "history answer" resources, the relational database would store the following with expression rules that would be associated with student identification codes:
+ http://ourschool.edu/history/*
to - http://ourschool.edu/history/*answer*
The notation "+" indicates a grant of access to a resource, and the "-"
indicates a restriction.
Yet another modification of the invention would permit the system to accept requests from users/user terminals that are in a format other than a URL.
The relational database would merely have to be modified to store sets of information indicative of the particular type of request format being employed, and associated with a particular user class.
It will be understood that the particular system and method described above is only illustrative of the principles of the present invention, and that various 2o modifications could be made by those skilled in the art without departing from the scope and spirit of the present invention, which is limited only by the claims that follow.
Claims (14)
1. A system for selectively controlling network access to one or more resources through a firewall server, the system comprising:
a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers;
a processor contained within a network proxy server and adapted to receive a request for network access to one or more particular network resources through the firewall server, said request including a user identification code, said processor being further adapted to query said relational database, and execute said request for network access to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources, said relational database and said proxy server being operable at a location remote from the firewall server.
a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers;
a processor contained within a network proxy server and adapted to receive a request for network access to one or more particular network resources through the firewall server, said request including a user identification code, said processor being further adapted to query said relational database, and execute said request for network access to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources, said relational database and said proxy server being operable at a location remote from the firewall server.
2. The invention of claim 1 wherein said processor is programmed to execute said request for access if said stored listing shows said received user identification code to be associated with at least one resource identifier corresponding to said one or more particular network resources.
3. The invention of claim 1 wherein said processor is programmed to deny execution of said request for access if said stored listing shows said received user identification code to be associated with at least one resource identifier corresponding to said one or more particular network resources.
4. The invention of claim 1 wherein access to said one or more particular network resources is effected via a public network.
5. The invention of claim 1 wherein each of said user identification codes identifies one or more terminals configured for facilitating network access to one or more particular network resources.
6. The invention of claim 1 wherein each of said user identification codes identifies one or more individuals authorized to access one or more particular network resources.
7. The invention of claim 1 wherein each of said resource identifiers corresponds to one or more uniform resource locators for accessing one or more particular network resources.
8. A method for selectively controlling network access to one or more particular resources through a firewall server, the method comprising the steps of:
receiving at a network proxy server a request for access to one or more particular network resources, wherein said request includes a user identification code and at least one resource identifier, said network proxy serving being operable at a location remote from the firewall server;
comparing at said network proxy server said received request for access to a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers, said relational database being operable at a location remote from the firewall server;
executing, via said network proxy server, said request for network access through the firewall server to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources.
receiving at a network proxy server a request for access to one or more particular network resources, wherein said request includes a user identification code and at least one resource identifier, said network proxy serving being operable at a location remote from the firewall server;
comparing at said network proxy server said received request for access to a relational database containing a stored listing of user identification codes and resource identifiers, wherein each of said resource identifiers corresponds to one or more resources accessible via a network, and said stored listing associates each of said user identification codes with one or more of said resource identifiers, said relational database being operable at a location remote from the firewall server;
executing, via said network proxy server, said request for network access through the firewall server to said one or more particular network resources as a function of said stored listing being indicative of an association between said received user identification code and at least one resource identifier corresponding to said one or more particular network resources.
9. The method of claim 8 wherein the execution of said request for access is performed if said stored listing shows said received user identification code to be associated with at least one resource identifier corresponding to said one or more particular network resources.
10. The method of claim 8 wherein the execution of said request for access is denied if said stored listing shows said received user identification code to be associated with at least one resource identifier corresponding to said one or more particular network resources.
11. The method of claim 8 wherein said network access to said one or more particular resources is effected via public network.
12. The method of claim 8 wherein each of said user identification codes identifies one or more terminals configured for facilitating network access to one or more particular network resources.
13. The method of claim 8 wherein each of said user identification codes identifies one or more individuals authorized to access one or more particular network resources.
14. The method of claim 8 wherein each of said resource identifiers corresponds to one or more uniform resource locators for accessing said one or more particular network resources.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US08/469,342 US5696898A (en) | 1995-06-06 | 1995-06-06 | System and method for database access control |
US469,342 | 1995-06-06 | ||
PCT/US1996/009510 WO1997015008A1 (en) | 1995-06-06 | 1996-06-06 | System and method for database access control |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2196867A1 CA2196867A1 (en) | 1996-12-07 |
CA2196867C true CA2196867C (en) | 2000-08-08 |
Family
ID=23863416
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002196867A Expired - Fee Related CA2196867C (en) | 1995-06-06 | 1996-06-06 | System and method for database access control |
Country Status (6)
Country | Link |
---|---|
US (1) | US5696898A (en) |
EP (1) | EP0793826A1 (en) |
JP (1) | JP2001526804A (en) |
CN (1) | CN1159234A (en) |
CA (1) | CA2196867C (en) |
WO (1) | WO1997015008A1 (en) |
Families Citing this family (379)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5841978A (en) | 1993-11-18 | 1998-11-24 | Digimarc Corporation | Network linking method using steganographically embedded data objects |
US7805500B2 (en) | 1995-05-08 | 2010-09-28 | Digimarc Corporation | Network linking methods and apparatus |
US6408331B1 (en) * | 1995-07-27 | 2002-06-18 | Digimarc Corporation | Computer linking methods using encoded graphics |
US6411725B1 (en) | 1995-07-27 | 2002-06-25 | Digimarc Corporation | Watermark enabled video objects |
US6584568B1 (en) | 1995-07-31 | 2003-06-24 | Pinnacle Technology, Inc. | Network provider loop security system and method |
US6061795A (en) * | 1995-07-31 | 2000-05-09 | Pinnacle Technology Inc. | Network desktop management security system and method |
US5978817A (en) * | 1995-08-15 | 1999-11-02 | Netscape Communications Corp. | Browser having automatic URL generation |
US20050075964A1 (en) * | 1995-08-15 | 2005-04-07 | Michael F. Quinn | Trade records information management system |
JP2977476B2 (en) * | 1995-11-29 | 1999-11-15 | 株式会社日立製作所 | Security method |
DE19547108A1 (en) * | 1995-12-16 | 1997-06-19 | Sel Alcatel Ag | Method for integrating additional function modules into a control device of a switching system and switching system |
US20050033659A1 (en) * | 1996-01-17 | 2005-02-10 | Privacy Infrastructure, Inc. | Third party privacy system |
US7028049B1 (en) | 1996-02-17 | 2006-04-11 | Allcare Health Management System, Inc. | Standing order database search system and method for internet and internet application |
US6189030B1 (en) | 1996-02-21 | 2001-02-13 | Infoseek Corporation | Method and apparatus for redirection of server external hyper-link references |
US5855020A (en) | 1996-02-21 | 1998-12-29 | Infoseek Corporation | Web scan process |
US6076109A (en) * | 1996-04-10 | 2000-06-13 | Lextron, Systems, Inc. | Simplified-file hyper text protocol |
US6553410B2 (en) | 1996-02-27 | 2003-04-22 | Inpro Licensing Sarl | Tailoring data and transmission protocol for efficient interactive data transactions over wide-area networks |
US5826267A (en) * | 1996-03-20 | 1998-10-20 | Mcmillan; James Michael | Web information kiosk |
US5864852A (en) * | 1996-04-26 | 1999-01-26 | Netscape Communications Corporation | Proxy server caching mechanism that provides a file directory structure and a mapping mechanism within the file directory structure |
US5857188A (en) * | 1996-04-29 | 1999-01-05 | Ncr Corporation | Management of client requests in a client-server environment |
US5784564A (en) * | 1996-05-03 | 1998-07-21 | High Technology Solutions, Inc. | Closed browser for computer and computer network |
US20030195848A1 (en) | 1996-06-05 | 2003-10-16 | David Felger | Method of billing a purchase made over a computer network |
US8229844B2 (en) | 1996-06-05 | 2012-07-24 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
US7555458B1 (en) | 1996-06-05 | 2009-06-30 | Fraud Control System.Com Corporation | Method of billing a purchase made over a computer network |
EP0944873B1 (en) * | 1996-06-07 | 2007-08-22 | AT&T Corp. | Internet file system |
US5835722A (en) * | 1996-06-27 | 1998-11-10 | Logon Data Corporation | System to control content and prohibit certain interactive attempts by a person using a personal computer |
US5905979A (en) * | 1996-07-02 | 1999-05-18 | Electronic Data Systems Corporation | Abstract manager system and method for managing an abstract database |
US6381632B1 (en) * | 1996-09-10 | 2002-04-30 | Youpowered, Inc. | Method and apparatus for tracking network usage |
US5911043A (en) * | 1996-10-01 | 1999-06-08 | Baker & Botts, L.L.P. | System and method for computer-based rating of information retrieved from a computer network |
US6092204A (en) * | 1996-10-01 | 2000-07-18 | At&T Corp | Filtering for public databases with naming ambiguities |
US5944823A (en) * | 1996-10-21 | 1999-08-31 | International Business Machines Corporations | Outside access to computer resources through a firewall |
US6758755B2 (en) | 1996-11-14 | 2004-07-06 | Arcade Planet, Inc. | Prize redemption system for games executed over a wide area network |
US6006228A (en) * | 1996-12-11 | 1999-12-21 | Ncr Corporation | Assigning security levels to particular documents on a document by document basis in a database |
US5845070A (en) * | 1996-12-18 | 1998-12-01 | Auric Web Systems, Inc. | Security system for internet provider transaction |
US6122740A (en) * | 1996-12-19 | 2000-09-19 | Intel Corporation | Method and apparatus for remote network access logging and reporting |
US5889958A (en) * | 1996-12-20 | 1999-03-30 | Livingston Enterprises, Inc. | Network access control system and process |
US6049821A (en) * | 1997-01-24 | 2000-04-11 | Motorola, Inc. | Proxy host computer and method for accessing and retrieving information between a browser and a proxy |
US6049892C1 (en) * | 1997-02-24 | 2002-06-04 | Ethos Software Corp | Process and apparatus for downloading data from a server computer to a client computer |
US5930801A (en) * | 1997-03-07 | 1999-07-27 | Xerox Corporation | Shared-data environment in which each file has independent security properties |
US7821926B2 (en) | 1997-03-10 | 2010-10-26 | Sonicwall, Inc. | Generalized policy server |
US6408336B1 (en) | 1997-03-10 | 2002-06-18 | David S. Schneider | Distributed administration of access to information |
US7912856B2 (en) * | 1998-06-29 | 2011-03-22 | Sonicwall, Inc. | Adaptive encryption |
US6105027A (en) * | 1997-03-10 | 2000-08-15 | Internet Dynamics, Inc. | Techniques for eliminating redundant access checking by access filters |
US8914410B2 (en) | 1999-02-16 | 2014-12-16 | Sonicwall, Inc. | Query interface to policy server |
US7580919B1 (en) | 1997-03-10 | 2009-08-25 | Sonicwall, Inc. | Query interface to policy server |
US7272625B1 (en) | 1997-03-10 | 2007-09-18 | Sonicwall, Inc. | Generalized policy server |
EP0968596B1 (en) | 1997-03-12 | 2007-07-18 | Nomadix, Inc. | Nomadic translator or router |
US6345300B1 (en) * | 1997-03-25 | 2002-02-05 | Intel Corporation | Method and apparatus for detecting a user-controlled parameter from a client device behind a proxy |
US5937404A (en) * | 1997-04-23 | 1999-08-10 | Appaloosa Interactive Corporation | Apparatus for bleaching a de-activated link in a web page of any distinguishing color or feature representing an active link |
US6356934B1 (en) * | 1997-04-28 | 2002-03-12 | Sabre Inc. | Intermediate server having control program for storing content accessed during browsing sessions and playback program for asynchronously replaying browsing sessions |
US6199104B1 (en) | 1997-04-28 | 2001-03-06 | Sabre Inc. | Server-based host monitor |
US6286029B1 (en) | 1997-04-28 | 2001-09-04 | Sabre Inc. | Kiosk controller that retrieves content from servers and then pushes the retrieved content to a kiosk in the order specified in a run list |
AU3123597A (en) * | 1997-05-08 | 1998-11-27 | Pinnacle Technology, Inc. | Network desktop management security system and method |
US5861883A (en) * | 1997-05-13 | 1999-01-19 | International Business Machines Corp. | Method and system for portably enabling awareness, touring, and conferencing over the world-wide web using proxies and shared-state servers |
US6480486B2 (en) * | 1997-05-21 | 2002-11-12 | Lextron Systems, Inc. | Micro-localized internet service center |
US7290288B2 (en) | 1997-06-11 | 2007-10-30 | Prism Technologies, L.L.C. | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
US6070243A (en) * | 1997-06-13 | 2000-05-30 | Xylan Corporation | Deterministic user authentication service for communication network |
JP3564262B2 (en) * | 1997-06-24 | 2004-09-08 | 富士通株式会社 | Information management system and device |
US5966705A (en) * | 1997-06-30 | 1999-10-12 | Microsoft Corporation | Tracking a user across both secure and non-secure areas on the Internet, wherein the users is initially tracked using a globally unique identifier |
JP4020466B2 (en) * | 1997-09-22 | 2007-12-12 | 富士通株式会社 | Information service system, information service providing apparatus, and recording medium |
EP0907275A1 (en) * | 1997-09-25 | 1999-04-07 | Alcatel | Terminal with card reader |
US6266664B1 (en) | 1997-10-01 | 2001-07-24 | Rulespace, Inc. | Method for scanning, analyzing and rating digital information content |
US6076168A (en) * | 1997-10-03 | 2000-06-13 | International Business Machines Corporation | Simplified method of configuring internet protocol security tunnels |
US6158008A (en) * | 1997-10-23 | 2000-12-05 | At&T Wireless Svcs. Inc. | Method and apparatus for updating address lists for a packet filter processor |
US5991879A (en) * | 1997-10-23 | 1999-11-23 | Bull Hn Information Systems Inc. | Method for gradual deployment of user-access security within a data processing system |
US5999978A (en) * | 1997-10-31 | 1999-12-07 | Sun Microsystems, Inc. | Distributed system and method for controlling access to network resources and event notifications |
US6272492B1 (en) * | 1997-11-21 | 2001-08-07 | Ibm Corporation | Front-end proxy for transparently increasing web server functionality |
US6801911B1 (en) * | 1997-11-21 | 2004-10-05 | International Business Machines Corporation | Data processing system and method for accessing files |
US6000033A (en) * | 1997-11-26 | 1999-12-07 | International Business Machines Corporation | Password control via the web |
US6055566A (en) | 1998-01-12 | 2000-04-25 | Lextron Systems, Inc. | Customizable media player with online/offline capabilities |
US6226750B1 (en) * | 1998-01-20 | 2001-05-01 | Proact Technologies Corp. | Secure session tracking method and system for client-server environment |
US6038597A (en) * | 1998-01-20 | 2000-03-14 | Dell U.S.A., L.P. | Method and apparatus for providing and accessing data at an internet site |
US6782510B1 (en) * | 1998-01-27 | 2004-08-24 | John N. Gross | Word checking tool for controlling the language content in documents using dictionaries with modifyable status fields |
JPH11224288A (en) * | 1998-02-06 | 1999-08-17 | Hitachi Ltd | Use condition sale type digital contents sale electronic mall system |
JPH11259423A (en) * | 1998-03-10 | 1999-09-24 | Fujitsu Ltd | Security system for transmitting device |
US6233618B1 (en) * | 1998-03-31 | 2001-05-15 | Content Advisor, Inc. | Access control of networked data |
US6366912B1 (en) * | 1998-04-06 | 2002-04-02 | Microsoft Corporation | Network security zones |
US6065055A (en) * | 1998-04-20 | 2000-05-16 | Hughes; Patrick Alan | Inappropriate site management software |
US6779118B1 (en) | 1998-05-04 | 2004-08-17 | Auriq Systems, Inc. | User specific automatic data redirection system |
US6505300B2 (en) | 1998-06-12 | 2003-01-07 | Microsoft Corporation | Method and system for secure running of untrusted content |
US6279111B1 (en) | 1998-06-12 | 2001-08-21 | Microsoft Corporation | Security model using restricted tokens |
US6308273B1 (en) | 1998-06-12 | 2001-10-23 | Microsoft Corporation | Method and system of security location discrimination |
US6308274B1 (en) | 1998-06-12 | 2001-10-23 | Microsoft Corporation | Least privilege via restricted tokens |
US6292833B1 (en) * | 1998-07-17 | 2001-09-18 | Openwave Systems Inc. | Method and apparatus for providing access control to local services of mobile devices |
GB2340704A (en) * | 1998-07-28 | 2000-02-23 | Blackcoat Limited | Network communication |
US6195696B1 (en) * | 1998-10-01 | 2001-02-27 | International Business Machines Corporation | Systems, methods and computer program products for assigning, generating and delivering content to intranet users |
US6385642B1 (en) | 1998-11-03 | 2002-05-07 | Youdecide.Com, Inc. | Internet web server cache storage and session management system |
US6189036B1 (en) * | 1998-11-05 | 2001-02-13 | International Business Machines Corporation | User access to objects in group based access control based on result of greatest common divisor of assigned unique prime numbers of user and object |
US6553375B1 (en) | 1998-11-25 | 2003-04-22 | International Business Machines Corporation | Method and apparatus for server based handheld application and database management |
US8713641B1 (en) | 1998-12-08 | 2014-04-29 | Nomadix, Inc. | Systems and methods for authorizing, authenticating and accounting users having transparent computer access to a network using a gateway device |
US6266774B1 (en) * | 1998-12-08 | 2001-07-24 | Mcafee.Com Corporation | Method and system for securing, managing or optimizing a personal computer |
US6636894B1 (en) * | 1998-12-08 | 2003-10-21 | Nomadix, Inc. | Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability |
US7194554B1 (en) | 1998-12-08 | 2007-03-20 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization authentication and accounting |
US8266266B2 (en) | 1998-12-08 | 2012-09-11 | Nomadix, Inc. | Systems and methods for providing dynamic network authorization, authentication and accounting |
US7328405B1 (en) | 1998-12-09 | 2008-02-05 | Netscape Communications Corporation | Smart browsing providers |
US7353234B2 (en) | 1998-12-30 | 2008-04-01 | Aol Llc, A Delaware Limited Liability Company | Customized user interface based on user record information |
US7555721B2 (en) * | 1998-12-30 | 2009-06-30 | Aol Llc, A Delaware Limited Liability Company | Customized user interface |
US6654787B1 (en) | 1998-12-31 | 2003-11-25 | Brightmail, Incorporated | Method and apparatus for filtering e-mail |
US20030069966A1 (en) * | 2001-10-10 | 2003-04-10 | Ritz Peter B. | Method and system for directing users to information specific to network applications |
US6993580B2 (en) | 1999-01-25 | 2006-01-31 | Airclic Inc. | Method and system for sharing end user information on network |
US6448979B1 (en) * | 1999-01-25 | 2002-09-10 | Airclic, Inc. | Printed medium activated interactive communication of multimedia information, including advertising |
US20020032749A1 (en) * | 1999-01-25 | 2002-03-14 | David Isherwood | Method and system for identifying provider network locations based on user-provided codes |
US6154741A (en) * | 1999-01-29 | 2000-11-28 | Feldman; Daniel J. | Entitlement management and access control system |
US6976070B1 (en) * | 1999-02-16 | 2005-12-13 | Kdd Corporation | Method and apparatus for automatic information filtering using URL hierarchical structure and automatic word weight learning |
US6957330B1 (en) | 1999-03-01 | 2005-10-18 | Storage Technology Corporation | Method and system for secure information handling |
JP2003524815A (en) | 1999-03-02 | 2003-08-19 | クイックスター インヴェストメンツ,インコーポレイテッド | E-commerce in marketing systems, including membership purchase opportunities |
US7353194B1 (en) | 1999-03-02 | 2008-04-01 | Alticor Investments, Inc. | System and method for managing recurring orders in a computer network |
US7359871B1 (en) | 1999-03-02 | 2008-04-15 | Alticor Investments Inc. | System and method for managing recurring orders in a computer network |
US6829610B1 (en) * | 1999-03-11 | 2004-12-07 | Microsoft Corporation | Scalable storage system supporting multi-level query resolution |
US6363434B1 (en) | 1999-03-30 | 2002-03-26 | Sony Corporation Of Japan | Method of managing resources within a network of consumer electronic devices |
US6476833B1 (en) | 1999-03-30 | 2002-11-05 | Koninklijke Philips Electronics N.V. | Method and apparatus for controlling browser functionality in the context of an application |
US6400272B1 (en) | 1999-04-01 | 2002-06-04 | Presto Technologies, Inc. | Wireless transceiver for communicating with tags |
US6542994B1 (en) | 1999-04-12 | 2003-04-01 | Pinnacle Technologies, Inc. | Logon authentication and security system and method |
AU4239700A (en) * | 1999-04-13 | 2000-11-14 | Conjoin, Inc. | Group targeted content personalization |
US7458091B1 (en) | 2000-01-20 | 2008-11-25 | Sonic Solutions, A California Corporation | System, method and article of manufacture for a business layer component in a multimedia synchronization framework |
US7346920B2 (en) | 2000-07-07 | 2008-03-18 | Sonic Solutions, A California Corporation | System, method and article of manufacture for a common cross platform framework for development of DVD-Video content integrated with ROM content |
WO2000063916A1 (en) | 1999-04-21 | 2000-10-26 | Interactual Technologies, Inc. | System, method and article of manufacture for updating content stored on a portable storage medium |
US20050198574A1 (en) * | 1999-04-21 | 2005-09-08 | Interactual Technologies, Inc. | Storyboard |
US6665489B2 (en) | 1999-04-21 | 2003-12-16 | Research Investment Network, Inc. | System, method and article of manufacturing for authorizing the use of electronic content utilizing a laser-centric medium and a network server |
US6529949B1 (en) * | 2000-02-07 | 2003-03-04 | Interactual Technologies, Inc. | System, method and article of manufacture for remote unlocking of local content located on a client device |
US7188193B1 (en) | 2000-01-20 | 2007-03-06 | Sonic Solutions, A California Corporation | System, method and article of manufacture for a synchronizer component in a multimedia synchronization framework |
US6453420B1 (en) | 1999-04-21 | 2002-09-17 | Research Investment Network, Inc. | System, method and article of manufacture for authorizing the use of electronic content utilizing a laser-centric medium |
US6769130B1 (en) * | 2000-01-20 | 2004-07-27 | Interactual Technologies, Inc. | System, method and article of manufacture for late synchronization during the execution of a multimedia event on a plurality of client computers |
US20050182828A1 (en) * | 1999-04-21 | 2005-08-18 | Interactual Technologies, Inc. | Platform specific execution |
US7178106B2 (en) * | 1999-04-21 | 2007-02-13 | Sonic Solutions, A California Corporation | Presentation of media content from multiple media sources |
US20060041639A1 (en) * | 1999-04-21 | 2006-02-23 | Interactual Technologies, Inc. | Platform detection |
US7448021B1 (en) | 2000-07-24 | 2008-11-04 | Sonic Solutions, A California Corporation | Software engine for combining video or audio content with programmatic content |
US6405203B1 (en) * | 1999-04-21 | 2002-06-11 | Research Investment Network, Inc. | Method and program product for preventing unauthorized users from using the content of an electronic storage medium |
US6941383B1 (en) | 2000-01-20 | 2005-09-06 | Interactual Technologies, Inc. | System, method and article of manufacture for java/javascript component in a multimedia synchronization framework |
US20060193606A1 (en) * | 1999-04-21 | 2006-08-31 | Interactual Technologies, Inc. | Two navigation |
GB2349244A (en) * | 1999-04-22 | 2000-10-25 | Visage Developments Limited | Providing network access to restricted resources |
AU4981700A (en) * | 1999-05-03 | 2000-11-17 | Eleanor Calamari-Lindquist | Internetworking system for providing safe and secure access for private groups |
BR0007041A (en) * | 1999-05-06 | 2002-10-29 | Sharinga Networks Inc | Access system, method of accessing a communications network, and computer software |
AUPQ030299A0 (en) | 1999-05-12 | 1999-06-03 | Sharinga Networks Inc. | A message processing system |
US6996627B1 (en) | 1999-05-25 | 2006-02-07 | Realnetworks, Inc. | System and method for providing update information |
US7062765B1 (en) | 1999-05-25 | 2006-06-13 | Realnetworks, Inc. | System and method for updating information via a network |
US7197144B1 (en) | 1999-06-08 | 2007-03-27 | Ethos Technologies, Inc. | Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users |
US7099914B1 (en) | 1999-06-24 | 2006-08-29 | International Business Machines Corporation | System and method for variable size retrieval of webpage data |
US20010027439A1 (en) * | 1999-07-16 | 2001-10-04 | Holtzman Henry N. | Method and system for computerized form completion |
US9300921B2 (en) | 1999-07-20 | 2016-03-29 | Comcast Cable Communications, Llc | Video security systems and methods |
US7015806B2 (en) * | 1999-07-20 | 2006-03-21 | @Security Broadband Corporation | Distributed monitoring for a video security system |
US6690411B2 (en) * | 1999-07-20 | 2004-02-10 | @Security Broadband Corp. | Security system |
US8520068B2 (en) * | 1999-07-20 | 2013-08-27 | Comcast Cable Communications, Llc | Video security system |
US7093286B1 (en) * | 1999-07-23 | 2006-08-15 | Openwave Systems Inc. | Method and system for exchanging sensitive information in a wireless communication system |
US6725380B1 (en) | 1999-08-12 | 2004-04-20 | International Business Machines Corporation | Selective and multiple programmed settings and passwords for web browser content labels |
US6339423B1 (en) * | 1999-08-23 | 2002-01-15 | Entrust, Inc. | Multi-domain access control |
US7162477B1 (en) | 1999-09-03 | 2007-01-09 | International Business Machines Corporation | System and method for web or file system asset management |
US6308276B1 (en) | 1999-09-07 | 2001-10-23 | Icom Technologies | SS7 firewall system |
GB2355905B (en) * | 1999-10-05 | 2002-03-20 | Authoriszor Ltd | System and method for providing security for a network site |
GB2355904B (en) * | 1999-10-05 | 2002-03-20 | Authoriszor Ltd | System and method for managing pseudo uniform resource locators in a security system |
US6950819B1 (en) * | 1999-11-22 | 2005-09-27 | Netscape Communication Corporation | Simplified LDAP access control language system |
US6658400B2 (en) * | 1999-12-04 | 2003-12-02 | William S. Perell | Data certification and verification system having a multiple-user-controlled data interface |
US6738901B1 (en) * | 1999-12-15 | 2004-05-18 | 3M Innovative Properties Company | Smart card controlled internet access |
AU2238901A (en) * | 1999-12-17 | 2001-06-25 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for monitoring network access |
WO2001050290A1 (en) * | 1999-12-30 | 2001-07-12 | Sony Electronics, Inc. | A resource manager for providing user-dependent access control |
US6584454B1 (en) * | 1999-12-31 | 2003-06-24 | Ge Medical Technology Services, Inc. | Method and apparatus for community management in remote system servicing |
US6957220B2 (en) | 2000-11-07 | 2005-10-18 | Research Investment Networks, Inc. | System, method and article of manufacture for tracking and supporting the distribution of content electronically |
US7392481B2 (en) * | 2001-07-02 | 2008-06-24 | Sonic Solutions, A California Corporation | Method and apparatus for providing content-owner control in a networked device |
US7000007B1 (en) * | 2000-01-13 | 2006-02-14 | Valenti Mark E | System and method for internet broadcast searching |
US7089588B2 (en) * | 2000-01-19 | 2006-08-08 | Reynolds And Reynolds Holdings, Inc. | Performance path method and apparatus for exchanging data among systems using different data formats |
US20050251732A1 (en) * | 2000-01-20 | 2005-11-10 | Interactual Technologies, Inc. | System, method and article of manufacture for executing a multimedia event on a plurality of client computers using a synchronization host engine |
US6606659B1 (en) | 2000-01-28 | 2003-08-12 | Websense, Inc. | System and method for controlling access to internet sites |
US20020091907A1 (en) * | 2000-02-07 | 2002-07-11 | Yannick Pouliot | Method and apparatus for simplified research of multiple dynamic databases |
JP2001222513A (en) * | 2000-02-08 | 2001-08-17 | Nec Corp | Device and method for managing connection request in information communication network system and recording medium recorded with connection request management processing program in information communication network system |
US6535879B1 (en) * | 2000-02-18 | 2003-03-18 | Netscape Communications Corporation | Access control via properties system |
US6912571B1 (en) * | 2000-02-22 | 2005-06-28 | Frank David Serena | Method of replacing content |
KR20010085438A (en) * | 2000-02-23 | 2001-09-07 | 이데이 노부유끼 | Information processing apparatus, method thereof, network system, record medium, and program |
CA2299824C (en) * | 2000-03-01 | 2012-02-21 | Spicer Corporation | Network resource control system |
US8843617B2 (en) * | 2000-03-01 | 2014-09-23 | Printeron Inc. | Multi-stage polling mechanism and system for the transmission and processing control of network resource data |
CA2301996A1 (en) * | 2000-03-13 | 2001-09-13 | Spicer Corporation | Wireless attachment enabling |
CA2403716A1 (en) * | 2000-03-22 | 2001-09-27 | Arac Management Services, Inc. | Apparatus and methods for interactive rental information retrieval and management |
US6631417B1 (en) * | 2000-03-29 | 2003-10-07 | Iona Technologies Plc | Methods and apparatus for securing access to a computer |
US6820082B1 (en) * | 2000-04-03 | 2004-11-16 | Allegis Corporation | Rule based database security system and method |
US7136821B1 (en) | 2000-04-18 | 2006-11-14 | Neat Group Corporation | Method and apparatus for the composition and sale of travel-oriented packages |
US6931599B1 (en) * | 2000-04-20 | 2005-08-16 | E★Trade | Page sub-component prerequisite control mechanism |
US6922813B1 (en) * | 2000-04-20 | 2005-07-26 | E*Trade | Page prerequisite control mechanism |
US6658415B1 (en) * | 2000-04-28 | 2003-12-02 | International Business Machines Corporation | Monitoring and managing user access to content via a universally accessible database |
DE10024733A1 (en) * | 2000-05-19 | 2001-11-22 | Clemente Spehr | Blocking data for request from network involves requesting data via Clean Surf Server using predetermined filter criterion and acting as filter to distinguish unwanted data from tolerated data |
TW482968B (en) * | 2000-06-14 | 2002-04-11 | Inventec Corp | Administration using method for testing system |
AU2001268579A1 (en) * | 2000-06-20 | 2002-01-02 | Privo, Inc. | Method and apparatus for granting access to internet content |
US20050119980A1 (en) * | 2000-06-29 | 2005-06-02 | Neat Group Corporation | Electronic negotiation systems |
US6942162B2 (en) * | 2000-08-03 | 2005-09-13 | Nordson Corporation | Apparatus and method for remote monitoring and servicing material application systems |
US7363100B2 (en) * | 2000-08-03 | 2008-04-22 | Nordson Corporation | Material application system with remote access |
US7004402B2 (en) * | 2000-08-22 | 2006-02-28 | Nordson Corporation | Apparatus and method for configuring, installing and monitoring spray coating application systems |
US7689510B2 (en) | 2000-09-07 | 2010-03-30 | Sonic Solutions | Methods and system for use in network management of content |
US20020062788A1 (en) * | 2000-09-07 | 2002-05-30 | Czech David M. | Apparatus and method for configuring, installing and monitoring spray coating application systems |
US20020032870A1 (en) * | 2000-09-13 | 2002-03-14 | Martin Spusta | Web browser for limiting access to content on the internet |
US7587499B1 (en) | 2000-09-14 | 2009-09-08 | Joshua Haghpassand | Web-based security and filtering system with proxy chaining |
US8972590B2 (en) | 2000-09-14 | 2015-03-03 | Kirsten Aldrich | Highly accurate security and filtering software |
US7191442B2 (en) * | 2000-10-30 | 2007-03-13 | Research Investment Network, Inc. | BCA writer serialization management |
US20020146129A1 (en) * | 2000-11-09 | 2002-10-10 | Kaplan Ari D. | Method and system for secure wireless database management |
US6871780B2 (en) * | 2000-11-27 | 2005-03-29 | Airclic, Inc. | Scalable distributed database system and method for linking codes to internet information |
US7284264B1 (en) * | 2000-12-08 | 2007-10-16 | Hewlett-Packard Development Company, L.P. | Discovery of an advertising service in e-speak |
US7296292B2 (en) * | 2000-12-15 | 2007-11-13 | International Business Machines Corporation | Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications |
JP4291570B2 (en) * | 2001-01-17 | 2009-07-08 | コンテントガード ホールディングズ インコーポレイテッド | System and method for digital rights management using a standard rendering engine |
US8812666B2 (en) * | 2001-01-29 | 2014-08-19 | Da Capital Fund Limited Liability Company | Remote proxy server agent |
US20020129285A1 (en) * | 2001-03-08 | 2002-09-12 | Masateru Kuwata | Biometric authenticated VLAN |
JP2002342279A (en) * | 2001-03-13 | 2002-11-29 | Fujitsu Ltd | Filtering device, filtering method and program for making computer execute the method |
US7039700B2 (en) * | 2001-04-04 | 2006-05-02 | Chatguard.Com | System and method for monitoring and analyzing communications |
GB2370136B (en) * | 2001-05-17 | 2002-11-06 | Uzee Ltd | Server based document distribution |
US20020184507A1 (en) * | 2001-05-31 | 2002-12-05 | Proact Technologies Corp. | Centralized single sign-on method and system for a client-server environment |
WO2002103578A1 (en) * | 2001-06-19 | 2002-12-27 | Biozak, Inc. | Dynamic search engine and database |
US20020198609A1 (en) * | 2001-06-21 | 2002-12-26 | Baron Carl N. | Method and apparatus for regulating network access to functions of a controller |
SE523112C2 (en) * | 2001-07-05 | 2004-03-30 | Anoto Ab | Procedures for communication between a user device that has the ability to read information from a surface, and servers that execute services that support the user device |
US8560666B2 (en) * | 2001-07-23 | 2013-10-15 | Hitwise Pty Ltd. | Link usage |
GB0127416D0 (en) * | 2001-11-15 | 2002-01-09 | Serendipity Interactive Ltd | Internet access system and method |
JP2003223363A (en) * | 2001-11-21 | 2003-08-08 | Ricoh Co Ltd | Document processor |
US6947985B2 (en) * | 2001-12-05 | 2005-09-20 | Websense, Inc. | Filtering techniques for managing access to internet sites or other software applications |
US7194464B2 (en) | 2001-12-07 | 2007-03-20 | Websense, Inc. | System and method for adapting an internet filter |
US7149219B2 (en) * | 2001-12-28 | 2006-12-12 | The Directtv Group, Inc. | System and method for content filtering using static source routes |
US7953087B1 (en) | 2001-12-28 | 2011-05-31 | The Directv Group, Inc. | Content filtering using static source routes |
US6658091B1 (en) * | 2002-02-01 | 2003-12-02 | @Security Broadband Corp. | LIfestyle multimedia security system |
US7152066B2 (en) * | 2002-02-07 | 2006-12-19 | Seiko Epson Corporation | Internet based system for creating presentations |
GB2386710A (en) * | 2002-03-18 | 2003-09-24 | Hewlett Packard Co | Controlling access to data or documents |
US7430667B2 (en) * | 2002-04-04 | 2008-09-30 | Activcard Ireland Limited | Media router |
AU2003237096A1 (en) * | 2002-04-22 | 2003-11-03 | Mfc Networks, Inc. | Process for monitoring, filtering and caching internet connections |
US7248563B2 (en) * | 2002-07-31 | 2007-07-24 | International Business Machines Corporation | Method, system, and computer program product for restricting access to a network using a network communications device |
CN100429654C (en) * | 2002-11-06 | 2008-10-29 | 甲骨文国际公司 | Techniques for managing multiple hierarchies of data from a single interface |
US20040124255A1 (en) * | 2002-12-06 | 2004-07-01 | Dieter Heerdt | Hot-melt equipment having internet connectivity and method of servicing and/or monitoring the same via the internet |
EP1586054A4 (en) * | 2002-12-13 | 2010-12-08 | Symantec Corp | Method, system, and computer program product for security within a global computer network |
US7392246B2 (en) * | 2003-02-14 | 2008-06-24 | International Business Machines Corporation | Method for implementing access control for queries to a content management system |
CN100433750C (en) * | 2003-03-06 | 2008-11-12 | 华为技术有限公司 | Network access control method based onuser's account number |
US7185015B2 (en) | 2003-03-14 | 2007-02-27 | Websense, Inc. | System and method of monitoring and controlling application files |
US7529754B2 (en) | 2003-03-14 | 2009-05-05 | Websense, Inc. | System and method of monitoring and controlling application files |
US7490348B1 (en) | 2003-03-17 | 2009-02-10 | Harris Technology, Llc | Wireless network having multiple communication allowances |
JPWO2004084075A1 (en) * | 2003-03-18 | 2006-06-22 | 富士通株式会社 | Information access control method, access control program, and external recording medium |
US20050108340A1 (en) * | 2003-05-15 | 2005-05-19 | Matt Gleeson | Method and apparatus for filtering email spam based on similarity measures |
TW200426619A (en) * | 2003-05-28 | 2004-12-01 | Hon Hai Prec Ind Co Ltd | System and method for controlling database authorization |
US8145710B2 (en) * | 2003-06-18 | 2012-03-27 | Symantec Corporation | System and method for filtering spam messages utilizing URL filtering module |
US8181022B2 (en) * | 2003-06-24 | 2012-05-15 | Realnetworks, Inc. | Method and apparatus for controlling access restrictions for media playback |
JP4186987B2 (en) | 2003-07-11 | 2008-11-26 | 日本電信電話株式会社 | Database access control method, database access control device, database access control program, and recording medium storing the program |
CN100449539C (en) * | 2003-08-01 | 2009-01-07 | 甲骨文国际公司 | Ownership reassignment in a shared-nothing database system |
US20050055424A1 (en) * | 2003-09-10 | 2005-03-10 | Government Of The United States Of America As Represented By The Secretary Of The Navy. | Read-only baseline web site to which changes are made via mirror copy thereof in cut-and-paste manner |
US20050091342A1 (en) * | 2003-09-30 | 2005-04-28 | International Business Machines Corporation | Method, system, and storage medium governing management of object persistence |
US20050080909A1 (en) * | 2003-10-10 | 2005-04-14 | Anatoliy Panasyuk | Methods and apparatus for scalable secure remote desktop access |
GB2441451A (en) * | 2003-10-10 | 2008-03-05 | Nav Canada | Firewall arrangement for database server system |
US8988221B2 (en) | 2005-03-16 | 2015-03-24 | Icontrol Networks, Inc. | Integrated security system with parallel processing architecture |
US10156959B2 (en) | 2005-03-16 | 2018-12-18 | Icontrol Networks, Inc. | Cross-client sensor user interface in an integrated security network |
US11159484B2 (en) | 2004-03-16 | 2021-10-26 | Icontrol Networks, Inc. | Forming a security network including integrated security system components and network devices |
US10237237B2 (en) | 2007-06-12 | 2019-03-19 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11316958B2 (en) | 2008-08-11 | 2022-04-26 | Icontrol Networks, Inc. | Virtual device systems and methods |
US10200504B2 (en) | 2007-06-12 | 2019-02-05 | Icontrol Networks, Inc. | Communication protocols over internet protocol (IP) networks |
US10375253B2 (en) | 2008-08-25 | 2019-08-06 | Icontrol Networks, Inc. | Security system with networked touchscreen and gateway |
US20160065414A1 (en) | 2013-06-27 | 2016-03-03 | Ken Sundermeyer | Control system user interface |
US10721087B2 (en) | 2005-03-16 | 2020-07-21 | Icontrol Networks, Inc. | Method for networked touchscreen with integrated interfaces |
AU2005223267B2 (en) | 2004-03-16 | 2010-12-09 | Icontrol Networks, Inc. | Premises management system |
US9191228B2 (en) | 2005-03-16 | 2015-11-17 | Icontrol Networks, Inc. | Cross-client sensor user interface in an integrated security network |
US9531593B2 (en) | 2007-06-12 | 2016-12-27 | Icontrol Networks, Inc. | Takeover processes in security network integrated with premise security system |
US11277465B2 (en) | 2004-03-16 | 2022-03-15 | Icontrol Networks, Inc. | Generating risk profile using data of home monitoring and security system |
US11201755B2 (en) | 2004-03-16 | 2021-12-14 | Icontrol Networks, Inc. | Premises system management using status signal |
US11368429B2 (en) | 2004-03-16 | 2022-06-21 | Icontrol Networks, Inc. | Premises management configuration and control |
US10339791B2 (en) | 2007-06-12 | 2019-07-02 | Icontrol Networks, Inc. | Security network integrated with premise security system |
US20090077623A1 (en) | 2005-03-16 | 2009-03-19 | Marc Baum | Security Network Integrating Security System and Network Devices |
US11244545B2 (en) | 2004-03-16 | 2022-02-08 | Icontrol Networks, Inc. | Cross-client sensor user interface in an integrated security network |
US8635350B2 (en) | 2006-06-12 | 2014-01-21 | Icontrol Networks, Inc. | IP device discovery systems and methods |
US11811845B2 (en) | 2004-03-16 | 2023-11-07 | Icontrol Networks, Inc. | Communication protocols over internet protocol (IP) networks |
US11582065B2 (en) | 2007-06-12 | 2023-02-14 | Icontrol Networks, Inc. | Systems and methods for device communication |
US8963713B2 (en) | 2005-03-16 | 2015-02-24 | Icontrol Networks, Inc. | Integrated security network with security alarm signaling system |
US11113950B2 (en) | 2005-03-16 | 2021-09-07 | Icontrol Networks, Inc. | Gateway integrated with premises security system |
US10382452B1 (en) | 2007-06-12 | 2019-08-13 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11916870B2 (en) | 2004-03-16 | 2024-02-27 | Icontrol Networks, Inc. | Gateway registry methods and systems |
US7711796B2 (en) | 2006-06-12 | 2010-05-04 | Icontrol Networks, Inc. | Gateway registry methods and systems |
US9609003B1 (en) | 2007-06-12 | 2017-03-28 | Icontrol Networks, Inc. | Generating risk profile using data of home monitoring and security system |
US9729342B2 (en) | 2010-12-20 | 2017-08-08 | Icontrol Networks, Inc. | Defining and implementing sensor triggered response rules |
US9141276B2 (en) | 2005-03-16 | 2015-09-22 | Icontrol Networks, Inc. | Integrated interface for mobile device |
US11343380B2 (en) | 2004-03-16 | 2022-05-24 | Icontrol Networks, Inc. | Premises system automation |
US11368327B2 (en) | 2008-08-11 | 2022-06-21 | Icontrol Networks, Inc. | Integrated cloud system for premises automation |
US11677577B2 (en) | 2004-03-16 | 2023-06-13 | Icontrol Networks, Inc. | Premises system management using status signal |
US10444964B2 (en) | 2007-06-12 | 2019-10-15 | Icontrol Networks, Inc. | Control system user interface |
US10142392B2 (en) | 2007-01-24 | 2018-11-27 | Icontrol Networks, Inc. | Methods and systems for improved system performance |
US11489812B2 (en) | 2004-03-16 | 2022-11-01 | Icontrol Networks, Inc. | Forming a security network including integrated security system components and network devices |
US10313303B2 (en) | 2007-06-12 | 2019-06-04 | Icontrol Networks, Inc. | Forming a security network including integrated security system components and network devices |
US10522026B2 (en) | 2008-08-11 | 2019-12-31 | Icontrol Networks, Inc. | Automation system user interface with three-dimensional display |
US10127802B2 (en) | 2010-09-28 | 2018-11-13 | Icontrol Networks, Inc. | Integrated security system with parallel processing architecture |
JP4296111B2 (en) * | 2004-03-23 | 2009-07-15 | 株式会社エヌ・ティ・ティ・ドコモ | Access control system and access control method |
US7415521B2 (en) * | 2004-03-31 | 2008-08-19 | International Business Machines Corporation | Method for controlling client access |
US7373505B2 (en) * | 2004-04-15 | 2008-05-13 | Microsoft Corporation | Displaying a security element with a browser window |
EP1745301A4 (en) * | 2004-05-05 | 2011-09-28 | Fluor Tech Corp | Integrated acceptance testing |
US7941490B1 (en) | 2004-05-11 | 2011-05-10 | Symantec Corporation | Method and apparatus for detecting spam in email messages and email attachments |
US20050261970A1 (en) | 2004-05-21 | 2005-11-24 | Wayport, Inc. | Method for providing wireless services |
US8346593B2 (en) | 2004-06-30 | 2013-01-01 | Experian Marketing Solutions, Inc. | System, method, and software for prediction of attitudinal and message responsiveness |
GB2416879B (en) | 2004-08-07 | 2007-04-04 | Surfcontrol Plc | Device resource access filtering system and method |
CN100361443C (en) * | 2004-08-17 | 2008-01-09 | 迈普(四川)通信技术有限公司 | Access control method and safety proxy server |
GB2418999A (en) | 2004-09-09 | 2006-04-12 | Surfcontrol Plc | Categorizing uniform resource locators |
GB2418108B (en) | 2004-09-09 | 2007-06-27 | Surfcontrol Plc | System, method and apparatus for use in monitoring or controlling internet access |
GB2418037B (en) | 2004-09-09 | 2007-02-28 | Surfcontrol Plc | System, method and apparatus for use in monitoring or controlling internet access |
US7788282B2 (en) * | 2004-09-16 | 2010-08-31 | International Business Machines Corporation | Methods and computer programs for database structure comparison |
WO2006066052A2 (en) | 2004-12-16 | 2006-06-22 | Sonic Solutions | Methods and systems for use in network management of content |
US20060167871A1 (en) * | 2004-12-17 | 2006-07-27 | James Lee Sorenson | Method and system for blocking specific network resources |
US11700142B2 (en) | 2005-03-16 | 2023-07-11 | Icontrol Networks, Inc. | Security network integrating security system and network devices |
US11615697B2 (en) | 2005-03-16 | 2023-03-28 | Icontrol Networks, Inc. | Premise management systems and methods |
US9306809B2 (en) | 2007-06-12 | 2016-04-05 | Icontrol Networks, Inc. | Security system with networked touchscreen |
US20120324566A1 (en) | 2005-03-16 | 2012-12-20 | Marc Baum | Takeover Processes In Security Network Integrated With Premise Security System |
US20170180198A1 (en) | 2008-08-11 | 2017-06-22 | Marc Baum | Forming a security network including integrated security system components |
US10999254B2 (en) | 2005-03-16 | 2021-05-04 | Icontrol Networks, Inc. | System for data routing in networks |
US20110128378A1 (en) | 2005-03-16 | 2011-06-02 | Reza Raji | Modular Electronic Display Platform |
US11496568B2 (en) | 2005-03-16 | 2022-11-08 | Icontrol Networks, Inc. | Security system with networked touchscreen |
US20060253336A1 (en) * | 2005-03-31 | 2006-11-09 | Lin Duncan T | Data collection system and method |
US9438683B2 (en) | 2005-04-04 | 2016-09-06 | Aol Inc. | Router-host logging |
US8135778B1 (en) | 2005-04-27 | 2012-03-13 | Symantec Corporation | Method and apparatus for certifying mass emailings |
US7739337B1 (en) | 2005-06-20 | 2010-06-15 | Symantec Corporation | Method and apparatus for grouping spam email messages |
US8010609B2 (en) * | 2005-06-20 | 2011-08-30 | Symantec Corporation | Method and apparatus for maintaining reputation lists of IP addresses to detect email spam |
US9137227B2 (en) * | 2005-08-24 | 2015-09-15 | International Business Machines Corporation | Matching entitlement information for multiple sources |
US7693857B2 (en) * | 2005-11-17 | 2010-04-06 | International Business Machines Corporation | Clinical genomics merged repository and partial episode support with support abstract and semantic meaning preserving data sniffers |
US7685297B2 (en) * | 2005-12-06 | 2010-03-23 | Nokia Corporation | Resource control |
US10079839B1 (en) | 2007-06-12 | 2018-09-18 | Icontrol Networks, Inc. | Activation of gateway device |
US8020206B2 (en) | 2006-07-10 | 2011-09-13 | Websense, Inc. | System and method of analyzing web content |
US8615800B2 (en) | 2006-07-10 | 2013-12-24 | Websense, Inc. | System and method for analyzing web content |
JP2008026943A (en) * | 2006-07-18 | 2008-02-07 | Ricoh Co Ltd | Editing processor, control method of editing processor, program, and recording medium |
WO2008034841A2 (en) * | 2006-09-20 | 2008-03-27 | SIEMENS AKTIENGESELLSCHAFT öSTERREICH | Method for controlling access and access control system for digital contents |
US9654495B2 (en) | 2006-12-01 | 2017-05-16 | Websense, Llc | System and method of analyzing web addresses |
GB2445764A (en) | 2007-01-22 | 2008-07-23 | Surfcontrol Plc | Resource access filtering system and database structure for use therewith |
US11706279B2 (en) | 2007-01-24 | 2023-07-18 | Icontrol Networks, Inc. | Methods and systems for data communication |
US7885976B2 (en) * | 2007-02-23 | 2011-02-08 | International Business Machines Corporation | Identification, notification, and control of data access quantity and patterns |
US7633385B2 (en) | 2007-02-28 | 2009-12-15 | Ucontrol, Inc. | Method and system for communicating with and controlling an alarm system from a remote server |
US8015174B2 (en) | 2007-02-28 | 2011-09-06 | Websense, Inc. | System and method of controlling access to the internet |
US8451986B2 (en) | 2007-04-23 | 2013-05-28 | Icontrol Networks, Inc. | Method and system for automatically providing alternate network access for telecommunications |
CN101299694B (en) * | 2007-04-30 | 2012-04-25 | 华为技术有限公司 | Method and system for managing caller in household network, household gateway |
GB0709527D0 (en) | 2007-05-18 | 2007-06-27 | Surfcontrol Plc | Electronic messaging system, message processing apparatus and message processing method |
US11212192B2 (en) | 2007-06-12 | 2021-12-28 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11646907B2 (en) | 2007-06-12 | 2023-05-09 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11423756B2 (en) | 2007-06-12 | 2022-08-23 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11237714B2 (en) | 2007-06-12 | 2022-02-01 | Control Networks, Inc. | Control system user interface |
US10523689B2 (en) | 2007-06-12 | 2019-12-31 | Icontrol Networks, Inc. | Communication protocols over internet protocol (IP) networks |
US10666523B2 (en) | 2007-06-12 | 2020-05-26 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11089122B2 (en) | 2007-06-12 | 2021-08-10 | Icontrol Networks, Inc. | Controlling data routing among networks |
US10423309B2 (en) | 2007-06-12 | 2019-09-24 | Icontrol Networks, Inc. | Device integration framework |
US10498830B2 (en) | 2007-06-12 | 2019-12-03 | Icontrol Networks, Inc. | Wi-Fi-to-serial encapsulation in systems |
US11601810B2 (en) | 2007-06-12 | 2023-03-07 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11316753B2 (en) | 2007-06-12 | 2022-04-26 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US10616075B2 (en) | 2007-06-12 | 2020-04-07 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US11218878B2 (en) | 2007-06-12 | 2022-01-04 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
US10051078B2 (en) | 2007-06-12 | 2018-08-14 | Icontrol Networks, Inc. | WiFi-to-serial encapsulation in systems |
US10389736B2 (en) | 2007-06-12 | 2019-08-20 | Icontrol Networks, Inc. | Communication protocols in integrated systems |
EP2026529A1 (en) | 2007-07-12 | 2009-02-18 | Wayport, Inc. | Device-specific authorization at distributed locations |
EP2186255A4 (en) * | 2007-08-08 | 2011-08-31 | Memory Experts Int Inc | Embedded self-contained security commands |
US11831462B2 (en) | 2007-08-24 | 2023-11-28 | Icontrol Networks, Inc. | Controlling data routing in premises management systems |
US11916928B2 (en) | 2008-01-24 | 2024-02-27 | Icontrol Networks, Inc. | Communication protocols over internet protocol (IP) networks |
TWM338509U (en) * | 2008-03-05 | 2008-08-11 | Quan-Ming Shi | Apparatus for expanding the amount of applied computers with electrical power lines of |
US20090300019A1 (en) * | 2008-05-30 | 2009-12-03 | Schumberger Technology Corporation | Hierarchical item level entitlement |
US20170185278A1 (en) | 2008-08-11 | 2017-06-29 | Icontrol Networks, Inc. | Automation system user interface |
CA2729158A1 (en) | 2008-06-30 | 2010-01-07 | Websense, Inc. | System and method for dynamic and real-time categorization of webpages |
US11729255B2 (en) | 2008-08-11 | 2023-08-15 | Icontrol Networks, Inc. | Integrated cloud system with lightweight gateway for premises automation |
US10530839B2 (en) | 2008-08-11 | 2020-01-07 | Icontrol Networks, Inc. | Integrated cloud system with lightweight gateway for premises automation |
US11258625B2 (en) | 2008-08-11 | 2022-02-22 | Icontrol Networks, Inc. | Mobile premises automation platform |
US11792036B2 (en) | 2008-08-11 | 2023-10-17 | Icontrol Networks, Inc. | Mobile premises automation platform |
US11758026B2 (en) | 2008-08-11 | 2023-09-12 | Icontrol Networks, Inc. | Virtual device systems and methods |
US9003474B1 (en) | 2008-08-22 | 2015-04-07 | Taser International, Inc. | Systems and methods for managing disclosure of protectable information |
US8638211B2 (en) | 2009-04-30 | 2014-01-28 | Icontrol Networks, Inc. | Configurable controller and interface for home SMA, phone and multimedia |
WO2010132492A2 (en) | 2009-05-11 | 2010-11-18 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
US9130972B2 (en) | 2009-05-26 | 2015-09-08 | Websense, Inc. | Systems and methods for efficient detection of fingerprinted data and information |
AU2011250886A1 (en) | 2010-05-10 | 2013-01-10 | Icontrol Networks, Inc | Control system user interface |
US11308490B2 (en) * | 2010-07-28 | 2022-04-19 | Cox Communications, Inc. | Security system and method that allows users to securely setup and maintain system security for all business systems |
US8970873B2 (en) | 2010-09-17 | 2015-03-03 | Printeron Inc. | System and method for managing printer resources on an internal network |
US8570566B2 (en) | 2010-09-17 | 2013-10-29 | Printeron Inc. | System and method that provides user interface on mobile network terminal for releasing print jobs based on location information |
US8836467B1 (en) | 2010-09-28 | 2014-09-16 | Icontrol Networks, Inc. | Method, system and apparatus for automated reporting of account and sensor zone information to a central station |
EP2447871A1 (en) * | 2010-10-18 | 2012-05-02 | Alcatel Lucent | Challenge-based hosted parental control system for controlling access to internet contents |
EP2646899B1 (en) | 2010-11-30 | 2020-02-26 | Hewlett-Packard Development Company, L.P. | System for internet enabled printing |
US11750414B2 (en) | 2010-12-16 | 2023-09-05 | Icontrol Networks, Inc. | Bidirectional security sensor communication for a premises security system |
US9147337B2 (en) | 2010-12-17 | 2015-09-29 | Icontrol Networks, Inc. | Method and system for logging security event data |
US8862938B2 (en) | 2011-04-18 | 2014-10-14 | General Electric Company | System, method, and apparatus for resolving errors in a system |
US9350644B2 (en) * | 2012-04-13 | 2016-05-24 | Zscaler. Inc. | Secure and lightweight traffic forwarding systems and methods to cloud based network security systems |
US9405821B1 (en) * | 2012-08-03 | 2016-08-02 | tinyclues SAS | Systems and methods for data mining automation |
US9117054B2 (en) | 2012-12-21 | 2015-08-25 | Websense, Inc. | Method and aparatus for presence based resource management |
IN2013CH06148A (en) * | 2013-12-30 | 2015-07-03 | Samsung Electronics Co Ltd | |
US9356882B2 (en) | 2014-02-04 | 2016-05-31 | Printeron Inc. | Streamlined system for the transmission of network resource data |
US11146637B2 (en) | 2014-03-03 | 2021-10-12 | Icontrol Networks, Inc. | Media content management |
US11405463B2 (en) | 2014-03-03 | 2022-08-02 | Icontrol Networks, Inc. | Media content management |
US11257117B1 (en) | 2014-06-25 | 2022-02-22 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
US9919212B2 (en) * | 2014-12-22 | 2018-03-20 | Gree, Inc. | Server apparatus, control method for server apparatus, and program |
US9767309B1 (en) | 2015-11-23 | 2017-09-19 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
GB2604540B (en) | 2016-02-03 | 2023-01-11 | Luther Systems | System and method for secure management of digital contracts |
US10678894B2 (en) | 2016-08-24 | 2020-06-09 | Experian Information Solutions, Inc. | Disambiguation and authentication of device users |
US20180063128A1 (en) * | 2016-08-31 | 2018-03-01 | Motorola Solutions, Inc | Method for automatically deleting a user password upon successful use of a multi-factor authentication modality |
US11775479B2 (en) | 2018-05-24 | 2023-10-03 | Luther Systems Us Incorporated | System and method for efficient and secure private similarity detection for large private document repositories |
US10708230B2 (en) * | 2018-06-14 | 2020-07-07 | Servicenow, Inc. | Systems and methods for firewall configuration using block lists |
US11860822B2 (en) | 2018-11-19 | 2024-01-02 | Luther Systems Us Incorporated | Immutable ledger with efficient and secure data destruction, system and method |
US11682041B1 (en) | 2020-01-13 | 2023-06-20 | Experian Marketing Solutions, Llc | Systems and methods of a tracking analytics platform |
US11874827B2 (en) | 2020-12-30 | 2024-01-16 | Luther Systems Us Incorporated | System and method for automatic, rapid, and auditable updates of digital contracts |
CN112511569B (en) * | 2021-02-07 | 2021-05-11 | 杭州筋斗腾云科技有限公司 | Method and system for processing network resource access request and computer equipment |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4652990A (en) * | 1983-10-27 | 1987-03-24 | Remote Systems, Inc. | Protected software access control apparatus and method |
US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
CA2053261A1 (en) * | 1989-04-28 | 1990-10-29 | Gary D. Hornbuckle | Method and apparatus for remotely controlling and monitoring the use of computer software |
GB9010603D0 (en) * | 1990-05-11 | 1990-07-04 | Int Computers Ltd | Access control in a distributed computer system |
US5448731A (en) * | 1990-11-20 | 1995-09-05 | International Business Machines Corporation | Method and apparatus for controlling the deferred execution of user requests in a data processing system |
US5375244A (en) * | 1992-05-29 | 1994-12-20 | At&T Corp. | System and method for granting access to a resource |
US5483658A (en) * | 1993-02-26 | 1996-01-09 | Grube; Gary W. | Detection of unauthorized use of software applications in processing devices |
US5469576A (en) * | 1993-03-22 | 1995-11-21 | International Business Machines Corporation | Front end for file access controller |
US5479612A (en) * | 1994-04-13 | 1995-12-26 | Unisys Corporation | Automated system and method to discourage access of unlicensed peripheral devices by a computer system |
US5550984A (en) * | 1994-12-07 | 1996-08-27 | Matsushita Electric Corporation Of America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information |
-
1995
- 1995-06-06 US US08/469,342 patent/US5696898A/en not_active Expired - Lifetime
-
1996
- 1996-06-06 EP EP96921380A patent/EP0793826A1/en not_active Withdrawn
- 1996-06-06 WO PCT/US1996/009510 patent/WO1997015008A1/en not_active Application Discontinuation
- 1996-06-06 JP JP50666397A patent/JP2001526804A/en active Pending
- 1996-06-06 CA CA002196867A patent/CA2196867C/en not_active Expired - Fee Related
- 1996-06-06 CN CN96190606A patent/CN1159234A/en active Pending
Also Published As
Publication number | Publication date |
---|---|
JP2001526804A (en) | 2001-12-18 |
WO1997015008A1 (en) | 1997-04-24 |
EP0793826A1 (en) | 1997-09-10 |
US5696898A (en) | 1997-12-09 |
CN1159234A (en) | 1997-09-10 |
CA2196867A1 (en) | 1996-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2196867C (en) | System and method for database access control | |
US5678041A (en) | System and method for restricting user access rights on the internet based on rating information stored in a relational database | |
EP0748095B1 (en) | System and method for database access administration | |
Barkley et al. | Role based access control for the world wide web | |
US20020049806A1 (en) | Parental control system for use in connection with account-based internet access server | |
US7089246B1 (en) | Overriding content ratings and restricting access to requested resources | |
US6564327B1 (en) | Method of and system for controlling internet access | |
US5889958A (en) | Network access control system and process | |
US7636777B1 (en) | Restricting access to requested resources | |
EP0853279B1 (en) | Method and apparatus for controlling software access to system resources | |
US9565235B2 (en) | System and method for controlling access to internet sites | |
Karjoth | Access control with IBM Tivoli access manager | |
US6959420B1 (en) | Method and system for protecting internet users' privacy by evaluating web site platform for privacy preferences policy | |
KR100598666B1 (en) | System and method for implementing robot proof web site | |
WO1998028690A9 (en) | Network access control system and process | |
US20080244711A1 (en) | System and Method for Specifying Access to Resources in a Mobile Code System | |
IL133660A (en) | Method and apparatus to permit automated server determination for foreign system login | |
US7743425B2 (en) | Security restrictions on binary behaviors | |
US20090254977A1 (en) | Method and Apparatus for Communicating Information Between Devices | |
US7124132B1 (en) | Domain specification system for an LDAP ACI entry | |
US7430600B2 (en) | Method and device for making a portal in a computer system secure | |
CN115618378A (en) | Column-level hive access control system and method | |
US11868421B1 (en) | System and method for evaluating hyperdocuments using a trained artificial neural network | |
JP2002149475A (en) | Network server and transmission control method for hyper text and recording medium with hyper text recorded thereon | |
Kasten et al. | Ontology-based information flow control of network-level internet communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |