US20030191971A1 - Method of and system for controlling internet access - Google Patents
Method of and system for controlling internet access Download PDFInfo
- Publication number
- US20030191971A1 US20030191971A1 US10/413,971 US41397103A US2003191971A1 US 20030191971 A1 US20030191971 A1 US 20030191971A1 US 41397103 A US41397103 A US 41397103A US 2003191971 A1 US2003191971 A1 US 2003191971A1
- Authority
- US
- United States
- Prior art keywords
- organization
- access
- session identifier
- internet
- block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Definitions
- the present invention relates generally to computer networks, and more particularly to a method of and system for controlling access to the Internet or the world wide web by providing a filtering proxy server that accesses a policy provider for judgments as to the suitability of a particular resource for a particular user.
- the on-line services market is divided into quite separate camps.
- On one side are the on-line environments such as American Online, CompuServe, and Prodigy. Initially, these services provided their own content. Accordingly, on-line environments had virtually complete control over what was available.
- the other side of the on-line market is occupied by access providers, which provide little more than access to the Internet without an appreciable amount of their own content.
- Recently, on-line environments have begun to move toward the access provider side by providing gateways to the Internet.
- customers of on-line environments are using their service to access the public Internet rather than to obtain content created by the on-line environment provider.
- the platform for content selection provides an infrastructure for controlling access to the Internet.
- PICS allows Internet sites, pages, or other resources to be classified with PICS labels.
- Each PICS label associated with an Internet site or page classifies the site or page according to the rating specified in the label.
- a rating provider assigns objective values to the PICS label for a resource.
- PICS products filter web content according to the PICS labels.
- the multi-dimensional systems provide great flexibility by which parents can tailor their filtering based upon their values and their children's maturity and sensitivity.
- the multi-dimensional systems tend to be too complex for the average parent to use.
- multi-dimensional systems measure content against several categories but they do not necessarily evaluate the resource as a whole.
- the present invention provides a method of and system for controlling access to the Internet by members of an organization that includes at least one supervisor and at least one non-supervisor for which limited Internet access is desired.
- the organization may be any commercial or non-commercial organization. In one of its aspects, the organization may be a family, with the supervisor being a parent and the non-supervisor being a child. In another of its aspects the organization may be a school, with the supervisor being a teacher and the non-supervisor being a student. The organization may also be a business, with the supervisor being a manager or a system administrator and the non-supervisor being a regular employee.
- the system maintains a user session identifier for each member of the organization.
- Each user session identifier includes an access level field, which contains an access level set for the organization member, and a supervisor field, which indicates whether or not the organization member is a supervisor.
- the user session identifier may also include a field that specifies whether not unrated sites or resources are to be blocked. Where the non-supervisor members of the organization are children, the access level is preferably an age level.
- the system When the system establishes an Internet session between a member of the organization and the Internet, the system initially sets a user session identifier for the session to a default user session identifier.
- the default user session identifier is the session identifier for the lowest access level member of the organization.
- the system determines if the requested resource is suitable for an individual with the access level of the current user session identifier.
- the access level is an age rating. The system determines if the access level rating for requested resource is greater than the value of the access level field of the user session identifier. If so, the system blocks the resource and presents the member with choices of logging on to the system as a specific member of the organization with a higher access level, or appealing the blocking to a supervisor.
- the locator for the blocked resource is placed in a list of sites awaiting supervisor review. If the member chooses to logon as a specific member of the organization, the system authenticates the logon and sets an updated user session identifier to the session identifier for the specific member of the organization. If the updated user session identifier indicates that the member is a supervisor, the system presents the supervisor with the list of sites awaiting supervisor review. If the supervisor believes that a blocked site is appropriate for access by the non-supervisor, the supervisor can place the blocked site on a exception list. The next time the non-supervisor logs on, the system advises the non-supervisor of the previously blocked sites placed on the exception list.
- the system associates the current user session identifier with the request.
- a supervisor or parent has access to any site or resource. Accordingly, if the supervisor field identifies the requestor as a supervisor, the system forwards the requested resource to the requestor. If the requestor is not a supervisor, then the system determines if the requested resource is on the exception list for the requester, and if so, the system forwards the requested resource to the requestor.
- the system determines if the requested resource is appropriate for the user.
- the present invention introduces the concept of a policy provider.
- a policy provider provides a subjective judgment as to whether a particular resource is suitable for a particular user.
- a policy provider is thus different from a rating provider, which provides either (i) an objective binary suitable/not-suitable judgment for a particular resource regardless of the requester, or (ii) a set of ratings that a parent or supervisor may use in determining whether the resource is suitable for the user.
- the system queries the designated policy provider for a determination of the suitability of the requested resource for the user.
- the policy provider returns an age value, which the system compares to the age set for the user in the access level in the session identifier.
- the system may also determine if the requested resource has a ratings label. Since many publishers and rating providers use rating systems based upon criteria other than age, the system of the present invention includes a policy interpreter or reifier that converts multi-variate and non-age-based ratings into an age rating. If the highest or most stringent rating is greater than the level access specified in the user session identifier, the system blocks the resource. Additionally, if the resource is unrated and the user session identifier indicates that unrated resources are to be blocked, the system blocks the resource. Otherwise, the system forwards the resource to the requestor.
- the access level of a child is specified by an age value.
- the age value of the child's session identifier may be the child's actual chronological age, or it may be a “virtual age” selected by the parent based upon the maturity level of the child and the parent's experience with ratings provided by the policy provider.
- FIG. 1 is a high level block diagram of a system according to the present invention.
- FIG. 2 is a block diagram of a preferred embodiment of a controlled access web service according to the present invention.
- FIG. 3 is a high level flowchart of processing performed by the controlled access web service of the present invention.
- FIG. 4 is a flowchart of policy evaluation according to the present invention.
- FIG. 5 is a flowchart of block processing according to the present invention.
- FIG. 6 is a flowchart of appeal processing according to the present invention.
- the Internet is designated generally by the numeral 11 .
- the Internet comprises a plurality of web sites 13 and communications facilities, as is well known to those skilled in the art. Web sites 13 provide Internet content in response to requests from users.
- Policy providers 15 are services that make subject judgments as to the suitability of the content of particular Internet sites, pages, or other resources for particular individuals. Policy providers are different from the ratings providers 16 of the prior art, which give objective ratings to resources without regard to who is requesting the resource. In the preferred embodiment, in which the non-supervisory members are children, the policy provider gives each resource an age rating based upon the content of the resource as a whole. Internet users can use the services of a policy provider that appears to share the values and sensibilities of the user and in whose judgment the user trusts.
- a controlled access web service 17 provides access between a plurality of customers 19 and the Internet 11 .
- customers 19 represent families using home personal computers
- customers 19 use dial-up connections through a public switch telephone network 21 to establish Internet sessions through controlled access web service 17 .
- each customer 19 includes several users.
- one or two of the users are parents and the other users are children.
- a parent can use controlled access web service 17 to filter Internet content to each child individually.
- a user's path through the system includes several phases.
- a user dials up controlled access web service 17 through PSTN 21 and provides to controlled access web service a customer account identifier and password, as is well known.
- Controlled access web service 17 authenticates the customer account identifier and the password and establishes the Internet session.
- each web request is filtered through a proxy in controlled access web service 17 according to the policies set for the particular customer. If the access policy is violated, controlled access web service 17 manages an exception cycle, which includes blocking the violating web page, reporting the reason for the blocking and prompting the user either to upgrade to a higher access level or to appeal the blocking for later parental review.
- controlled access web service 17 includes a filtering proxy 23 and an authentication server 25 .
- authentication server 25 accesses an authenticator database 27 , which contains authentication information.
- Authenticator database 27 also includes for each user associated with the customer, a session identifier.
- each session identifier contains a parent field, which contains a bit that indicates whether or not the user is a parent, a block unrated field, which contains a bit that indicates whether or not to block unrated sites, and an access level field, which in the preferred embodiment contains the age of the user.
- the age may be either the actual chronological age of a child or a virtual age that may be greater than or less than the actual age of the child, depending upon the maturity level of the child and the parent's experience with the rating system.
- Authenticator database 27 also identifies the third party policy provider that the customer has selected.
- authentication server 25 Upon authentication of the initial logon, authentication server 25 passes to filtering proxy 23 session parameters and the Internet session is established.
- the session parameters include the identity of the third party policy provider and the session identifier for the user.
- the user session identifier is a default session identifier, which is the session identifier for the youngest member of the family.
- filtering proxy 23 tags each request for a page or resource with the current user session identifier. Filtering proxy 23 fetches the requested resource and then forwards the resource to a policy evaluator 29 for an evaluation. In the preferred embodiment, a parent is entitled to view anything on the web. Accordingly, if the parent bit of the user session identifier is set to parent, the requested page is returned to filtering proxy 23 and forwarded to the customer. Initially, however, since the default user session identifier is the session identifier for the youngest child of the family, the parent bit is not set to parent.
- Policy evaluator 29 accesses a database 31 of per household exception lists.
- An exception list contains, for each user, a list of pages or sites that would otherwise be blocked for the user but, upon parental review, have been determined to be appropriate for access by the user. If the requested page is not in the per household exception list, then the policy evaluator 29 accesses the appropriate third party policy provider 15 .
- the policy provider returns a judgment as to the suitability of the requested resource for the user. In the preferred embodiment, the policy provider returns an age value, which policy evaluator 29 compares to the user session identifier. Policy evaluator 29 may cache the judgment received from policy provider 15 in a ratings database 33 for later reuse.
- controlled access web service 17 includes a PICS policy interpreter or reifier 35 , which contains transfer functions that convert the rating received from ratings provider 16 to an age based rating. If the rating received by policy evaluator 29 is greater than the age of the user set forth in the user session identifier, policy evaluator 29 returns a “block” to filtering proxy 23 . If policy evaluator 29 does not receive a rating, then policy evaluator 29 checks whether or not the current session identifier indicates that unrated sites should be blocked. If so, policy evaluator 29 returns a block to filtering proxy 23 .
- filtering proxy 23 When filtering proxy 23 receives a block from policy evaluator 29 , filtering proxy 23 forwards to the customer a page that indicates that the requested resource has been blocked.
- the page forwarded to the customer contains controls that enable the customer to logon at a higher access level, appeal the block, or accept the block.
- the processes of logging on at a higher access level or appealing are handled by authentication server 25 .
- authentication server 25 passes the appeal to an appeals administrator 37 , which adds the locator for the blocked site to a per household list of sites for parental review contained in a database 39 . If the user chooses to logon as a specific user, then authentication server 25 invokes second level authentication and accesses authenticator database 27 . Second level authentication may be by means of a specific user ID and password or, in the case of younger children with a smartcard or token system. If second level authentication is valid, then authentication server 25 passes the user session identifier for the authenticated user to filtering proxy server 23 . If the specific user is a parent, then appeals administrator 37 fetches the pending list of sites for parental review from database 39 and forwards that list to the parent.
- the parent may review the list and the sites.
- the parent may either overrule the blocking, in which case the locator for the blocked site is placed in the appropriate per household exception list in database 31 , or affirm the blocking.
- the next time the customer initially logs on to controlled access web service 17 the customer is presented with a list of sites added to the per household exception list. If the parent finds that he or she consistently overrules the blocking of pages or sites, the parent may raise the age for the child or choose another policy provider.
- FIG. 3 there is shown a high level flow chart of the processing that occurs in controlled access web service 17 .
- the system sets the user session identifier to the default values. Then, the system sends to the customer a list of sites added to the exception list in the prior session, at block 43 , and waits for a request at block 45 .
- the system appends the user session identifier to the request and sends the request, at block 47 . Then, the system waits for a response, at block 49 .
- the system performs policy evaluation, indicated generally at block 51 , and shown in detail with respect to FIG. 4.
- Policy evaluation returns either a “block” or “not block.” If, at decision block 53 , policy evaluation returns a block, then the system performs block processing, indicated generally at block 55 , and shown in detail with respect to FIG. 5. If, at decision block 53 , policy evaluation returns not blocked, then the system sends the requested page to the customer, at block 57 , and returns to block 45 to wait for another request.
- the system tests, at decision block 59 , if the user session identifier indicates that the user is a parent. If so, the system returns not block, at terminator 60 . If, on the other hand, the user session identifier indicates that the user is not a parent, then the system tests, at decision block 61 if the resource is in the exception list. If so, the system returns not block at terminator 62 . If the requested resource is not in the exception list, then the system tests, at decision block 63 , whether or not the requested resource is in the rating database. If so, the system tests, at decision block 64 if the rating in the database is greater than the user session identifier. If so, the system returns block at terminator 65 . If, at decision block 63 the rating is not greater than the user session identifier, then the system returns not block at terminator 66 .
- the system determines if the customer has designated a policy provider, at decision block 67 . If so, the system queries the designated policy provider and implicitly waits at block 68 . If, at decision block 69 , the system receives a rating from the policy provider, then the system determines, at block 71 , if the rating receive from the policy provider is greater than the user session identifier. If so, the system returns block at terminator 72 . If, at decision block 71 the rating is not greater than the user session identifier, then the system returns not block at terminator 73 .
- the system determines, at decision block 74 , if there is a label in the resource. If so, the system tests, at decision block 75 , if the label is an age. If so, the system inserts the rating in the rating database, at block 76 . If the rating is not an age, then the system reifies label to an age rating, at block 77 , and inserts the rating into the rating database, at block 76 . Then, the system tests, at decision block 78 if the rating produced by the reifier is greater than the user session identifier. If so, the system returns block at terminator 79 . If, the rating is not greater than the user session identifier, then the system returns not block at terminator 80 .
- the system determines, at decision block 81 , it the customer has designated a ratings provider. If so, the system If so, the system queries the designated ratings provider and implicitly waits at block 82 . If, at decision block 83 , the system receives a label from the ratings provider, the system tests, at decision block 85 , if the label is an age. If so, the system inserts the rating in the rating database, at block 86 . If the rating is not an age, then the system reifies label to an age rating, at block 87 , and inserts the rating into the rating database, at block 86 .
- the system tests, at decision block 88 if the rating produced by the reifier is greater than the user session identifier. If so, the system returns block at terminator 89 . If, the rating is not greater than the user session identifier, then the system returns not block at terminator 90 .
- the system tests, at decision block 91 , if the current user session identifier indicates that unrated pages should be blocked. If not, the system returns not block at terminator 93 . If, on the other hand, the current user session identifier is set to block unrated sites or resources, then the system returns block at terminator 95 .
- FIG. 5 there is shown a flow chart of block processing.
- the system sends a “sorry” page, at block 101 , and waits for a response, at block 103 .
- the sorry page notifies the user that the requested resource has been blocked and includes controls that enable the user to logon at a higher level, appeal the block, or accept the block.
- the system authenticates the higher level logon and updates the user session identifier, at block 107 .
- the system tests, at decision block 109 , if the new user is a parent. If not, processing returns to block 45 of FIG. 3. If, at decision block 109 , the new user is a parent, then the system performs appeal processing as indicated generally at block 111 and shown in detail with respect to FIG. 6.
- FIG. 6 there is shown a flow chart of appeal processing according to the present invention.
- the system Upon determining that the new user is a parent, the system sends a list of sites for parental review, at block 119 , and waits for a response, at block 121 .
- the parent can review each site on the list if the parent so chooses. If the parent determines that he or she has no objection to the child viewing an appealed site, then the parent can select an unblock control on the list of sites, at decision block 123 . If the parent does select the unblock control, then the system adds the site to the exception list and removes the site from the list of sites for parental review, at block 125 . When the parent is finished with the list of sites for parental review, the parent can select an OK control at decision block 127 . Selection of the OK control clears the list of sites for parental review, at block 129 and the system returns to block 45 of FIG. 3.
- the present invention provides a method and system that includes authentication components that identify individual end users and filtering tools that manage policy enforcement according to policy evaluations by third parties.
- Internet access providers can address not only the current objectionable content debate, but future debates over consumer privacy, intellectual property rights, and mobile code safety.
- the present invention provides a flexible, secure, and easy to configure system that allows Internet access providers to provide content filtering to their customers without becoming censors.
Abstract
Description
- The present invention relates generally to computer networks, and more particularly to a method of and system for controlling access to the Internet or the world wide web by providing a filtering proxy server that accesses a policy provider for judgments as to the suitability of a particular resource for a particular user.
- The Internet and the world wide web have experienced explosive growth. Everyday, more content is added to the Internet and more users gain access to the Internet. The Internet enables more people to gain access to more information more quickly than ever before.
- Almost everyone sees the tremendous educational, research, and entertainment value of the Internet. Children and other inquisitive people can explore new areas in ways that was never possible before. Similarly, employees and business professionals can explore industry trends, obtain information on competitors and their products, and generally expand their knowledge base. Accordingly, a substantially number of parents, educators, and business leaders provide Internet access to their children, students and employees and encourage them to use the Internet.
- For all the information on the Internet that most people consider to be good and valuable, there is a substantial amount of information that some people find to be objectionable or inappropriate. Many sites contain adult material such as nudity, violence, and intolerance in various degrees of explicitness. While it is unlikely that anyone would want to prevent entirely their child or student from accessing information on the Internet, it is equally unlikely that anyone would want a young child to access scenes of explicit vulgarity or sites advocating violent or hateful action toward members of various groups. Less controversially, while there is nothing objectionable about Internet versions of mainstream newspapers and magazines, most businesses would prefer their employees not to spend their working time reading sports reports and comics.
- Presently, the on-line services market is divided into quite separate camps. On one side are the on-line environments such as American Online, CompuServe, and Prodigy. Initially, these services provided their own content. Accordingly, on-line environments had virtually complete control over what was available. The other side of the on-line market is occupied by access providers, which provide little more than access to the Internet without an appreciable amount of their own content. Recently, on-line environments have begun to move toward the access provider side by providing gateways to the Internet. Increasingly, customers of on-line environments are using their service to access the public Internet rather than to obtain content created by the on-line environment provider.
- The controversy about limiting access to objectionable material on the Internet, and particularly the world wide web, has put the spotlight squarely on the vacuum between these two service models. On-line environments claim to be “kid-safe”, but they cannot guarantee it, especially insofar as they provide gateways to the whole Internet. Access providers try to avoid any perception that they can control the content or applications their services deliver. Instead, access providers place the burden on parents to install and configure content filtering software, which may be complex or simplistic, on their own.
- The platform for content selection (PICS) provides an infrastructure for controlling access to the Internet. PICS allows Internet sites, pages, or other resources to be classified with PICS labels. Each PICS label associated with an Internet site or page classifies the site or page according to the rating specified in the label. A rating provider assigns objective values to the PICS label for a resource. PICS products filter web content according to the PICS labels.
- There are a number of shortcomings in presently available PICS products and services. Primarily, current products and services fail to personalize their filtering. Today's firewalls and proxy servers filter everyone's request against a single set of criteria. Thus, currently existing products and services do not recognize for the differences in maturity level and sensitivities of different members of an organization such as a family. Furthermore, the filtering criteria are either simplistic black lists or overly complex multi-dimensional content ratings. In the black list schemes, a binary approach is used to block or not block access by everyone to a particular resource based upon a rater's judgment. Examples of multi-dimensional systems are RSACi, which describes various levels of sex, nudity, violence, and harsh language, and SafeSurf, which provides twelve themes and nine levels within each theme.
- The multi-dimensional systems provide great flexibility by which parents can tailor their filtering based upon their values and their children's maturity and sensitivity. However, the multi-dimensional systems tend to be too complex for the average parent to use. Moreover, multi-dimensional systems measure content against several categories but they do not necessarily evaluate the resource as a whole.
- The present invention provides a method of and system for controlling access to the Internet by members of an organization that includes at least one supervisor and at least one non-supervisor for which limited Internet access is desired. The organization may be any commercial or non-commercial organization. In one of its aspects, the organization may be a family, with the supervisor being a parent and the non-supervisor being a child. In another of its aspects the organization may be a school, with the supervisor being a teacher and the non-supervisor being a student. The organization may also be a business, with the supervisor being a manager or a system administrator and the non-supervisor being a regular employee.
- The system maintains a user session identifier for each member of the organization. Each user session identifier includes an access level field, which contains an access level set for the organization member, and a supervisor field, which indicates whether or not the organization member is a supervisor. The user session identifier may also include a field that specifies whether not unrated sites or resources are to be blocked. Where the non-supervisor members of the organization are children, the access level is preferably an age level.
- When the system establishes an Internet session between a member of the organization and the Internet, the system initially sets a user session identifier for the session to a default user session identifier. The default user session identifier is the session identifier for the lowest access level member of the organization. When the member requests a resource, the system determines if the requested resource is suitable for an individual with the access level of the current user session identifier. Preferably, in the embodiment in which non-supervisory members are children, the access level is an age rating. The system determines if the access level rating for requested resource is greater than the value of the access level field of the user session identifier. If so, the system blocks the resource and presents the member with choices of logging on to the system as a specific member of the organization with a higher access level, or appealing the blocking to a supervisor.
- If the member chooses to appeal the blocking, the locator for the blocked resource is placed in a list of sites awaiting supervisor review. If the member chooses to logon as a specific member of the organization, the system authenticates the logon and sets an updated user session identifier to the session identifier for the specific member of the organization. If the updated user session identifier indicates that the member is a supervisor, the system presents the supervisor with the list of sites awaiting supervisor review. If the supervisor believes that a blocked site is appropriate for access by the non-supervisor, the supervisor can place the blocked site on a exception list. The next time the non-supervisor logs on, the system advises the non-supervisor of the previously blocked sites placed on the exception list.
- Whenever a member of the organization requests a resource, the system associates the current user session identifier with the request. In the preferred embodiment, a supervisor or parent has access to any site or resource. Accordingly, if the supervisor field identifies the requestor as a supervisor, the system forwards the requested resource to the requestor. If the requestor is not a supervisor, then the system determines if the requested resource is on the exception list for the requester, and if so, the system forwards the requested resource to the requestor.
- If the requested resource is not on the exception list, then the system determines if the requested resource is appropriate for the user. The present invention introduces the concept of a policy provider. A policy provider provides a subjective judgment as to whether a particular resource is suitable for a particular user. A policy provider is thus different from a rating provider, which provides either (i) an objective binary suitable/not-suitable judgment for a particular resource regardless of the requester, or (ii) a set of ratings that a parent or supervisor may use in determining whether the resource is suitable for the user.
- If the organization has designated a policy provider, the system queries the designated policy provider for a determination of the suitability of the requested resource for the user. In the embodiment in which the organization is a family the policy provider returns an age value, which the system compares to the age set for the user in the access level in the session identifier.
- The system may also determine if the requested resource has a ratings label. Since many publishers and rating providers use rating systems based upon criteria other than age, the system of the present invention includes a policy interpreter or reifier that converts multi-variate and non-age-based ratings into an age rating. If the highest or most stringent rating is greater than the level access specified in the user session identifier, the system blocks the resource. Additionally, if the resource is unrated and the user session identifier indicates that unrated resources are to be blocked, the system blocks the resource. Otherwise, the system forwards the resource to the requestor.
- In the preferred embodiment of the invention in which the non-supervisor members of the organization are children, the access level of a child is specified by an age value. The age value of the child's session identifier may be the child's actual chronological age, or it may be a “virtual age” selected by the parent based upon the maturity level of the child and the parent's experience with ratings provided by the policy provider.
- FIG. 1 is a high level block diagram of a system according to the present invention.
- FIG. 2 is a block diagram of a preferred embodiment of a controlled access web service according to the present invention.
- FIG. 3 is a high level flowchart of processing performed by the controlled access web service of the present invention.
- FIG. 4 is a flowchart of policy evaluation according to the present invention.
- FIG. 5 is a flowchart of block processing according to the present invention.
- FIG. 6 is a flowchart of appeal processing according to the present invention.
- Referring now to the drawings, and first to FIG. 1, the Internet is designated generally by the numeral11. The Internet comprises a plurality of web sites 13 and communications facilities, as is well known to those skilled in the art. Web sites 13 provide Internet content in response to requests from users.
- In the system of the present invention, users access a plurality of
policy providers 15.Policy providers 15 are services that make subject judgments as to the suitability of the content of particular Internet sites, pages, or other resources for particular individuals. Policy providers are different from theratings providers 16 of the prior art, which give objective ratings to resources without regard to who is requesting the resource. In the preferred embodiment, in which the non-supervisory members are children, the policy provider gives each resource an age rating based upon the content of the resource as a whole. Internet users can use the services of a policy provider that appears to share the values and sensibilities of the user and in whose judgment the user trusts. - According to the present invention, a controlled
access web service 17 provides access between a plurality of customers 19 and theInternet 11. In the preferred embodiment of the present invention, in which customers 19 represent families using home personal computers, customers 19 use dial-up connections through a publicswitch telephone network 21 to establish Internet sessions through controlledaccess web service 17. - Typically, each customer19 includes several users. In the family context, one or two of the users are parents and the other users are children. According to the present invention, a parent can use controlled
access web service 17 to filter Internet content to each child individually. - Generally, and as will be explained in detail hereinafter, a user's path through the system according to the present invention includes several phases. First, a user dials up controlled
access web service 17 throughPSTN 21 and provides to controlled access web service a customer account identifier and password, as is well known. Controlledaccess web service 17 authenticates the customer account identifier and the password and establishes the Internet session. Thereafter, each web request is filtered through a proxy in controlledaccess web service 17 according to the policies set for the particular customer. If the access policy is violated, controlledaccess web service 17 manages an exception cycle, which includes blocking the violating web page, reporting the reason for the blocking and prompting the user either to upgrade to a higher access level or to appeal the blocking for later parental review. - Referring now to FIG. 2, controlled
access web service 17 includes afiltering proxy 23 and anauthentication server 25. When a customer or family initially establishes a dial-up connection,authentication server 25 accesses anauthenticator database 27, which contains authentication information.Authenticator database 27 also includes for each user associated with the customer, a session identifier. In the preferred family oriented embodiment of the present invention, each session identifier contains a parent field, which contains a bit that indicates whether or not the user is a parent, a block unrated field, which contains a bit that indicates whether or not to block unrated sites, and an access level field, which in the preferred embodiment contains the age of the user. The age may be either the actual chronological age of a child or a virtual age that may be greater than or less than the actual age of the child, depending upon the maturity level of the child and the parent's experience with the rating system.Authenticator database 27 also identifies the third party policy provider that the customer has selected. - Upon authentication of the initial logon,
authentication server 25 passes tofiltering proxy 23 session parameters and the Internet session is established. The session parameters include the identity of the third party policy provider and the session identifier for the user. Initially, the user session identifier is a default session identifier, which is the session identifier for the youngest member of the family. - During the session, filtering
proxy 23 tags each request for a page or resource with the current user session identifier.Filtering proxy 23 fetches the requested resource and then forwards the resource to apolicy evaluator 29 for an evaluation. In the preferred embodiment, a parent is entitled to view anything on the web. Accordingly, if the parent bit of the user session identifier is set to parent, the requested page is returned tofiltering proxy 23 and forwarded to the customer. Initially, however, since the default user session identifier is the session identifier for the youngest child of the family, the parent bit is not set to parent. -
Policy evaluator 29 accesses adatabase 31 of per household exception lists. An exception list contains, for each user, a list of pages or sites that would otherwise be blocked for the user but, upon parental review, have been determined to be appropriate for access by the user. If the requested page is not in the per household exception list, then thepolicy evaluator 29 accesses the appropriate thirdparty policy provider 15. The policy provider returns a judgment as to the suitability of the requested resource for the user. In the preferred embodiment, the policy provider returns an age value, which policy evaluator 29 compares to the user session identifier.Policy evaluator 29 may cache the judgment received frompolicy provider 15 in aratings database 33 for later reuse. - Optionally, the system may consult a
ratings provider 16 for a conventional PICS label. Accordingly, controlledaccess web service 17 includes a PICS policy interpreter orreifier 35, which contains transfer functions that convert the rating received fromratings provider 16 to an age based rating. If the rating received bypolicy evaluator 29 is greater than the age of the user set forth in the user session identifier, policy evaluator 29 returns a “block” tofiltering proxy 23. Ifpolicy evaluator 29 does not receive a rating, thenpolicy evaluator 29 checks whether or not the current session identifier indicates that unrated sites should be blocked. If so, policy evaluator 29 returns a block tofiltering proxy 23. - When filtering
proxy 23 receives a block frompolicy evaluator 29, filteringproxy 23 forwards to the customer a page that indicates that the requested resource has been blocked. The page forwarded to the customer contains controls that enable the customer to logon at a higher access level, appeal the block, or accept the block. The processes of logging on at a higher access level or appealing are handled byauthentication server 25. - If the user chooses to appeal the block,
authentication server 25 passes the appeal to anappeals administrator 37, which adds the locator for the blocked site to a per household list of sites for parental review contained in adatabase 39. If the user chooses to logon as a specific user, thenauthentication server 25 invokes second level authentication and accessesauthenticator database 27. Second level authentication may be by means of a specific user ID and password or, in the case of younger children with a smartcard or token system. If second level authentication is valid, thenauthentication server 25 passes the user session identifier for the authenticated user tofiltering proxy server 23. If the specific user is a parent, then appealsadministrator 37 fetches the pending list of sites for parental review fromdatabase 39 and forwards that list to the parent. The parent may review the list and the sites. The parent may either overrule the blocking, in which case the locator for the blocked site is placed in the appropriate per household exception list indatabase 31, or affirm the blocking. According to the present invention, the next time the customer initially logs on to controlledaccess web service 17, the customer is presented with a list of sites added to the per household exception list. If the parent finds that he or she consistently overrules the blocking of pages or sites, the parent may raise the age for the child or choose another policy provider. - Referring now to FIG. 3, there is shown a high level flow chart of the processing that occurs in controlled
access web service 17. First, atblock 41, upon initial logon to the account, the system sets the user session identifier to the default values. Then, the system sends to the customer a list of sites added to the exception list in the prior session, atblock 43, and waits for a request atblock 45. When the system receives the request, the system appends the user session identifier to the request and sends the request, atblock 47. Then, the system waits for a response, atblock 49. When the system receives the response, the system performs policy evaluation, indicated generally atblock 51, and shown in detail with respect to FIG. 4. Policy evaluation returns either a “block” or “not block.” If, atdecision block 53, policy evaluation returns a block, then the system performs block processing, indicated generally atblock 55, and shown in detail with respect to FIG. 5. If, atdecision block 53, policy evaluation returns not blocked, then the system sends the requested page to the customer, atblock 57, and returns to block 45 to wait for another request. - Referring now to FIG. 4, there is shown details of policy evaluation processing. The system tests, at
decision block 59, if the user session identifier indicates that the user is a parent. If so, the system returns not block, atterminator 60. If, on the other hand, the user session identifier indicates that the user is not a parent, then the system tests, atdecision block 61 if the resource is in the exception list. If so, the system returns not block atterminator 62. If the requested resource is not in the exception list, then the system tests, atdecision block 63, whether or not the requested resource is in the rating database. If so, the system tests, atdecision block 64 if the rating in the database is greater than the user session identifier. If so, the system returns block atterminator 65. If, atdecision block 63 the rating is not greater than the user session identifier, then the system returns not block atterminator 66. - If, at
decision block 63, the resource is not in the rating database, then the system determines if the customer has designated a policy provider, atdecision block 67. If so, the system queries the designated policy provider and implicitly waits atblock 68. If, atdecision block 69, the system receives a rating from the policy provider, then the system determines, atblock 71, if the rating receive from the policy provider is greater than the user session identifier. If so, the system returns block atterminator 72. If, atdecision block 71 the rating is not greater than the user session identifier, then the system returns not block atterminator 73. - If, at
decision block 69, the customer has not designated a policy provider, then the system determines, atdecision block 74, if there is a label in the resource. If so, the system tests, atdecision block 75, if the label is an age. If so, the system inserts the rating in the rating database, atblock 76. If the rating is not an age, then the system reifies label to an age rating, atblock 77, and inserts the rating into the rating database, atblock 76. Then, the system tests, atdecision block 78 if the rating produced by the reifier is greater than the user session identifier. If so, the system returns block atterminator 79. If, the rating is not greater than the user session identifier, then the system returns not block atterminator 80. - If, at
decision block 74, there is not label in the document, the system determines, atdecision block 81, it the customer has designated a ratings provider. If so, the system If so, the system queries the designated ratings provider and implicitly waits atblock 82. If, atdecision block 83, the system receives a label from the ratings provider, the system tests, atdecision block 85, if the label is an age. If so, the system inserts the rating in the rating database, atblock 86. If the rating is not an age, then the system reifies label to an age rating, atblock 87, and inserts the rating into the rating database, atblock 86. Then, the system tests, atdecision block 88 if the rating produced by the reifier is greater than the user session identifier. If so, the system returns block atterminator 89. If, the rating is not greater than the user session identifier, then the system returns not block atterminator 90. - If, at
decision block 81, the customer has not designated a ratings provider, then the system tests, atdecision block 91, if the current user session identifier indicates that unrated pages should be blocked. If not, the system returns not block atterminator 93. If, on the other hand, the current user session identifier is set to block unrated sites or resources, then the system returns block atterminator 95. - Referring now to FIG. 5, there is shown a flow chart of block processing. First, the system sends a “sorry” page, at
block 101, and waits for a response, atblock 103. The sorry page notifies the user that the requested resource has been blocked and includes controls that enable the user to logon at a higher level, appeal the block, or accept the block. If, atdecision block 105, the user selects logon at a higher level, the system authenticates the higher level logon and updates the user session identifier, atblock 107. Then, the system tests, atdecision block 109, if the new user is a parent. If not, processing returns to block 45 of FIG. 3. If, atdecision block 109, the new user is a parent, then the system performs appeal processing as indicated generally atblock 111 and shown in detail with respect to FIG. 6. - If, at
decision block 113 the user selects the appeal control from the sorry page, the system appends the request to the list of sites for parental review, atblock 115 and returns. If, atdecision block 117, the user accepts the block, by selecting an “OK” control, processing returns to block 45 of FIG. 3. - Referring now to FIG. 6, there is shown a flow chart of appeal processing according to the present invention. Upon determining that the new user is a parent, the system sends a list of sites for parental review, at
block 119, and waits for a response, atblock 121. The parent can review each site on the list if the parent so chooses. If the parent determines that he or she has no objection to the child viewing an appealed site, then the parent can select an unblock control on the list of sites, atdecision block 123. If the parent does select the unblock control, then the system adds the site to the exception list and removes the site from the list of sites for parental review, atblock 125. When the parent is finished with the list of sites for parental review, the parent can select an OK control atdecision block 127. Selection of the OK control clears the list of sites for parental review, atblock 129 and the system returns to block 45 of FIG. 3. - From the foregoing, it may be seen that the present invention provides a method and system that includes authentication components that identify individual end users and filtering tools that manage policy enforcement according to policy evaluations by third parties. With the present invention, Internet access providers can address not only the current objectionable content debate, but future debates over consumer privacy, intellectual property rights, and mobile code safety. Moreover, the present invention provides a flexible, secure, and easy to configure system that allows Internet access providers to provide content filtering to their customers without becoming censors.
Claims (16)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/413,971 US20030191971A1 (en) | 1998-12-23 | 2003-04-15 | Method of and system for controlling internet access |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/219,411 US6564327B1 (en) | 1998-12-23 | 1998-12-23 | Method of and system for controlling internet access |
US10/413,971 US20030191971A1 (en) | 1998-12-23 | 2003-04-15 | Method of and system for controlling internet access |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/219,411 Continuation US6564327B1 (en) | 1998-12-23 | 1998-12-23 | Method of and system for controlling internet access |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030191971A1 true US20030191971A1 (en) | 2003-10-09 |
Family
ID=22819167
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/219,411 Expired - Lifetime US6564327B1 (en) | 1998-12-23 | 1998-12-23 | Method of and system for controlling internet access |
US10/413,971 Abandoned US20030191971A1 (en) | 1998-12-23 | 2003-04-15 | Method of and system for controlling internet access |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/219,411 Expired - Lifetime US6564327B1 (en) | 1998-12-23 | 1998-12-23 | Method of and system for controlling internet access |
Country Status (1)
Country | Link |
---|---|
US (2) | US6564327B1 (en) |
Cited By (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020194079A1 (en) * | 2001-06-19 | 2002-12-19 | International Business Machines Corporation | Method for monitoring and restricting online purchases |
US20050044181A1 (en) * | 2003-08-20 | 2005-02-24 | Lg Electronics Inc. | System and method for monitoring internet connections |
US20050060566A1 (en) * | 2003-09-16 | 2005-03-17 | Chebolu Anil Kumar | Online user-access reports with authorization features |
US20050066290A1 (en) * | 2003-09-16 | 2005-03-24 | Chebolu Anil Kumar | Pop-up capture |
US20050114514A1 (en) * | 2003-11-21 | 2005-05-26 | Bostrom Kevin L. | Advising a network component for control of communication session connection through employment of one or more communication session restrictions |
US20050216467A1 (en) * | 2004-03-23 | 2005-09-29 | Yasutaka Urakawa | Access control system and access control method |
US20060069683A1 (en) * | 2004-09-30 | 2006-03-30 | Braddy Ricky G | Method and apparatus for assigning access control levels in providing access to networked content files |
WO2006038987A2 (en) * | 2004-09-30 | 2006-04-13 | Citrix Systems, Inc. | A method and apparatus for assigning access control levels in providing access to networked content files |
EP1657616A1 (en) * | 2004-11-13 | 2006-05-17 | International Business Machines Corporation | A method for determining access rights to it resources |
US7181513B1 (en) * | 2002-02-28 | 2007-02-20 | America Online, Inc. | Restricting access to requested resources |
US20070061459A1 (en) * | 2005-09-12 | 2007-03-15 | Microsoft Corporation | Internet content filtering |
US20070073888A1 (en) * | 2005-09-26 | 2007-03-29 | Ajay Madhok | System and method to control transactions on communication channels based on universal identifiers |
FR2893731A1 (en) * | 2005-11-24 | 2007-05-25 | Bertrand Issard | Multimedia e.g. text, content access controlling and solicitation message filtering system, has database comprising age of user, access level of user to type of contents and/or desire or non desire of user to be solicited by messages |
US20070220154A1 (en) * | 2006-03-17 | 2007-09-20 | Microsoft Corporation | Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology |
US20080148340A1 (en) * | 2006-10-31 | 2008-06-19 | Mci, Llc. | Method and system for providing network enforced access control |
US20080217402A1 (en) * | 2005-09-30 | 2008-09-11 | Koninklijke Philips Electronics, N.V. | Maturity Rating Enforcement Via Rf-Tags |
US7575163B2 (en) | 2006-07-18 | 2009-08-18 | At&T Intellectual Property I, L.P. | Interactive management of storefront purchases |
US20090278654A1 (en) * | 2008-05-07 | 2009-11-12 | International Business Machines Corporation | Method of and System for Controlling Access to an Automated Media Library |
US7779034B2 (en) | 2005-10-07 | 2010-08-17 | Citrix Systems, Inc. | Method and system for accessing a remote file in a directory structure associated with an application program executing locally |
US20100229228A1 (en) * | 2004-09-30 | 2010-09-09 | Timothy Ernest Simmons | Method and apparatus for associating tickets in a ticket hierarchy |
US20100262624A1 (en) * | 2009-04-14 | 2010-10-14 | Microsoft Corporation | Discovery of inaccessible computer resources |
US7870153B2 (en) | 2006-01-24 | 2011-01-11 | Citrix Systems, Inc. | Methods and systems for executing, by a virtual machine, an application program requested by a client machine |
US7900240B2 (en) | 2003-05-28 | 2011-03-01 | Citrix Systems, Inc. | Multilayer access control security system |
US20110145825A1 (en) * | 2009-12-15 | 2011-06-16 | Fujitsu Limited | Information processing apparatus, computer-readable recording medium configured to store command execution determination program, and command execution determination method |
US8024568B2 (en) | 2005-01-28 | 2011-09-20 | Citrix Systems, Inc. | Method and system for verification of an endpoint security scan |
US20110247073A1 (en) * | 2008-12-08 | 2011-10-06 | FnF Group Pty Ltd | System and method for adapting an internet and intranet filtering system |
US8042120B2 (en) | 2004-09-30 | 2011-10-18 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US8090797B2 (en) | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8095940B2 (en) | 2005-09-19 | 2012-01-10 | Citrix Systems, Inc. | Method and system for locating and accessing resources |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US8171479B2 (en) | 2004-09-30 | 2012-05-01 | Citrix Systems, Inc. | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US20130031191A1 (en) * | 2011-07-27 | 2013-01-31 | Ross Bott | Mobile device usage control in a mobile network by a distributed proxy system |
US8533846B2 (en) | 2006-11-08 | 2013-09-10 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
US9015199B1 (en) * | 2004-05-24 | 2015-04-21 | Sonicwall, Inc. | Method and an apparatus to request web pages and content rating information thereof |
US9199152B2 (en) | 2013-02-26 | 2015-12-01 | Landon K. Phillips | Golf swing trainer |
US9239800B2 (en) | 2011-07-27 | 2016-01-19 | Seven Networks, Llc | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
US9247019B2 (en) | 2010-07-26 | 2016-01-26 | Seven Networks, Llc | Mobile application traffic optimization |
US9369539B2 (en) | 2010-07-26 | 2016-06-14 | Seven Networks, Llc | Method and device for power saving for downloading files |
US9401906B2 (en) | 2004-09-30 | 2016-07-26 | Citrix Systems, Inc. | Method and apparatus for providing authorized remote access to application sessions |
US9602539B1 (en) * | 2012-09-28 | 2017-03-21 | Palo Alto Networks, Inc. | Externally defined objects in security policy |
US9712986B2 (en) | 2008-01-11 | 2017-07-18 | Seven Networks, Llc | Mobile device configured for communicating with another mobile device associated with an associated user |
US9830191B2 (en) | 2013-04-15 | 2017-11-28 | Seven Networks, Llc | Temporary or partial offloading of mobile application functions to a cloud-based environment |
US10154041B2 (en) | 2015-01-13 | 2018-12-11 | Microsoft Technology Licensing, Llc | Website access control |
US10225152B1 (en) | 2013-09-30 | 2019-03-05 | Amazon Technologies, Inc. | Access control policy evaluation and remediation |
US10320624B1 (en) * | 2013-09-30 | 2019-06-11 | Amazon Technologies, Inc. | Access control policy simulation and testing |
Families Citing this family (102)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6564327B1 (en) * | 1998-12-23 | 2003-05-13 | Worldcom, Inc. | Method of and system for controlling internet access |
US6286001B1 (en) * | 1999-02-24 | 2001-09-04 | Doodlebug Online, Inc. | System and method for authorizing access to data on content servers in a distributed network |
US6606659B1 (en) * | 2000-01-28 | 2003-08-12 | Websense, Inc. | System and method for controlling access to internet sites |
AU2001245481A1 (en) * | 2000-03-07 | 2001-09-17 | Hotlens.Com Inc. | Server-side web browsing and multiple lens system, method and apparatus |
CA2403709C (en) * | 2000-03-17 | 2007-11-20 | America Online, Inc. | Home-networking |
AU2001247591A1 (en) * | 2000-03-20 | 2001-10-03 | Hotlens.Com Inc. | Transparent user and session management for web applications |
US7200863B2 (en) * | 2000-05-16 | 2007-04-03 | Hoshiko Llc | System and method for serving content over a wide area network |
US20050120113A1 (en) * | 2000-06-28 | 2005-06-02 | Accountability International, Inc. | System and method for monitoring application utilization |
US7380007B1 (en) * | 2000-06-30 | 2008-05-27 | Aol Llc, A Delaware Limited Liability Company | Automatic user session |
US9107030B2 (en) | 2000-12-13 | 2015-08-11 | Thomas E. Coverstone | Communication system for sending advertisements based on location determination and previously specified user selections |
US20060288212A1 (en) * | 2001-03-20 | 2006-12-21 | Gutenberg Printing Llc | Transparent user and session management for web applications |
US20020178365A1 (en) * | 2001-05-24 | 2002-11-28 | Shingo Yamaguchi | Method and system for controlling access to network resources based on connection security |
US7194464B2 (en) | 2001-12-07 | 2007-03-20 | Websense, Inc. | System and method for adapting an internet filter |
US7149219B2 (en) * | 2001-12-28 | 2006-12-12 | The Directtv Group, Inc. | System and method for content filtering using static source routes |
US8590013B2 (en) | 2002-02-25 | 2013-11-19 | C. S. Lee Crawford | Method of managing and communicating data pertaining to software applications for processor-based devices comprising wireless communication circuitry |
US20030217287A1 (en) * | 2002-05-16 | 2003-11-20 | Ilya Kruglenko | Secure desktop environment for unsophisticated computer users |
US20030233580A1 (en) * | 2002-05-29 | 2003-12-18 | Keeler James D. | Authorization and authentication of user access to a distributed network communication system with roaming features |
US7302488B2 (en) * | 2002-06-28 | 2007-11-27 | Microsoft Corporation | Parental controls customization and notification |
US7454508B2 (en) * | 2002-06-28 | 2008-11-18 | Microsoft Corporation | Consent mechanism for online entities |
US7383339B1 (en) | 2002-07-31 | 2008-06-03 | Aol Llc, A Delaware Limited Liability Company | Local proxy server for establishing device controls |
US7418663B2 (en) * | 2002-12-19 | 2008-08-26 | Microsoft Corporation | Contact picker interface |
US7313760B2 (en) * | 2002-12-19 | 2007-12-25 | Microsoft Corporation | Contact picker |
US8468578B1 (en) * | 2002-12-30 | 2013-06-18 | Aol Inc. | Establishing access controls in a premise-based environment |
US7428413B2 (en) * | 2003-03-11 | 2008-09-23 | Wayport, Inc. | Method and system for providing network access and services using access codes |
US7529754B2 (en) | 2003-03-14 | 2009-05-05 | Websense, Inc. | System and method of monitoring and controlling application files |
US7185015B2 (en) * | 2003-03-14 | 2007-02-27 | Websense, Inc. | System and method of monitoring and controlling application files |
US7966400B2 (en) * | 2003-04-03 | 2011-06-21 | International Business Machines Corporation | Apparatus, system and method of delivering alternate web pages based on browsers' content filter settings |
US20040210532A1 (en) * | 2003-04-16 | 2004-10-21 | Tomoyoshi Nagawa | Access control apparatus |
US8108916B2 (en) * | 2003-05-21 | 2012-01-31 | Wayport, Inc. | User fraud detection and prevention of access to a distributed network communication system |
US20050015442A1 (en) * | 2003-06-02 | 2005-01-20 | O'laughlen Eric | Page views for proxy servers |
US8028059B1 (en) * | 2003-06-02 | 2011-09-27 | Aol Inc. | Page views for proxy servers |
AU2003903104A0 (en) * | 2003-06-19 | 2003-07-03 | James Freeman | Method and system for barring access to selected internet resources |
US20040267929A1 (en) * | 2003-06-27 | 2004-12-30 | Servgate Technologies, Inc | Method, system and computer program products for adaptive web-site access blocking |
US7549125B2 (en) * | 2003-10-23 | 2009-06-16 | Microsoft Corporation | Information picker |
US7257973B2 (en) * | 2004-02-17 | 2007-08-21 | Newfrey, Llc | Chassis for a lock set |
US7953759B2 (en) * | 2004-02-17 | 2011-05-31 | Microsoft Corporation | Simplifying application access to schematized contact data |
US20050261970A1 (en) * | 2004-05-21 | 2005-11-24 | Wayport, Inc. | Method for providing wireless services |
US7430719B2 (en) | 2004-07-07 | 2008-09-30 | Microsoft Corporation | Contact text box |
GB2418037B (en) * | 2004-09-09 | 2007-02-28 | Surfcontrol Plc | System, method and apparatus for use in monitoring or controlling internet access |
US20060150240A1 (en) * | 2005-01-03 | 2006-07-06 | Jason Robinson | Application-specific network access management system |
US8601475B2 (en) | 2005-08-02 | 2013-12-03 | Aol Inc. | Download and upload of email messages using control commands in a client/server web application |
US8503995B2 (en) | 2005-09-14 | 2013-08-06 | Jumptap, Inc. | Mobile dynamic advertisement creation and placement |
US9058406B2 (en) | 2005-09-14 | 2015-06-16 | Millennial Media, Inc. | Management of multiple advertising inventories using a monetization platform |
US20070061198A1 (en) * | 2005-09-14 | 2007-03-15 | Jorey Ramer | Mobile pay-per-call campaign creation |
US8229914B2 (en) | 2005-09-14 | 2012-07-24 | Jumptap, Inc. | Mobile content spidering and compatibility determination |
US8103545B2 (en) | 2005-09-14 | 2012-01-24 | Jumptap, Inc. | Managing payment for sponsored content presented to mobile communication facilities |
US8195133B2 (en) | 2005-09-14 | 2012-06-05 | Jumptap, Inc. | Mobile dynamic advertisement creation and placement |
US8290810B2 (en) | 2005-09-14 | 2012-10-16 | Jumptap, Inc. | Realtime surveying within mobile sponsored content |
US10038756B2 (en) | 2005-09-14 | 2018-07-31 | Millenial Media LLC | Managing sponsored content based on device characteristics |
US20110313853A1 (en) | 2005-09-14 | 2011-12-22 | Jorey Ramer | System for targeting advertising content to a plurality of mobile communication facilities |
US8364521B2 (en) | 2005-09-14 | 2013-01-29 | Jumptap, Inc. | Rendering targeted advertisement on mobile communication facilities |
US8660891B2 (en) | 2005-11-01 | 2014-02-25 | Millennial Media | Interactive mobile advertisement banners |
US7752209B2 (en) | 2005-09-14 | 2010-07-06 | Jumptap, Inc. | Presenting sponsored content on a mobile communication facility |
US8688671B2 (en) | 2005-09-14 | 2014-04-01 | Millennial Media | Managing sponsored content based on geographic region |
US20070118533A1 (en) * | 2005-09-14 | 2007-05-24 | Jorey Ramer | On-off handset search box |
US8156128B2 (en) | 2005-09-14 | 2012-04-10 | Jumptap, Inc. | Contextual mobile content placement on a mobile communication facility |
US8819659B2 (en) | 2005-09-14 | 2014-08-26 | Millennial Media, Inc. | Mobile search service instant activation |
US9703892B2 (en) | 2005-09-14 | 2017-07-11 | Millennial Media Llc | Predictive text completion for a mobile communication facility |
US8131271B2 (en) | 2005-11-05 | 2012-03-06 | Jumptap, Inc. | Categorization of a mobile user profile based on browse behavior |
US8364540B2 (en) * | 2005-09-14 | 2013-01-29 | Jumptap, Inc. | Contextual targeting of content using a monetization platform |
US10911894B2 (en) | 2005-09-14 | 2021-02-02 | Verizon Media Inc. | Use of dynamic content generation parameters based on previous performance of those parameters |
US7660581B2 (en) | 2005-09-14 | 2010-02-09 | Jumptap, Inc. | Managing sponsored content based on usage history |
US20070060114A1 (en) * | 2005-09-14 | 2007-03-15 | Jorey Ramer | Predictive text completion for a mobile communication facility |
US8615719B2 (en) | 2005-09-14 | 2013-12-24 | Jumptap, Inc. | Managing sponsored content for delivery to mobile communication facilities |
US8027879B2 (en) | 2005-11-05 | 2011-09-27 | Jumptap, Inc. | Exclusivity bidding for mobile sponsored content |
US8302030B2 (en) | 2005-09-14 | 2012-10-30 | Jumptap, Inc. | Management of multiple advertising inventories using a monetization platform |
US20070288427A1 (en) * | 2005-09-14 | 2007-12-13 | Jorey Ramer | Mobile pay-per-call campaign creation |
US8515401B2 (en) | 2005-09-14 | 2013-08-20 | Jumptap, Inc. | System for targeting advertising content to a plurality of mobile communication facilities |
US8238888B2 (en) | 2006-09-13 | 2012-08-07 | Jumptap, Inc. | Methods and systems for mobile coupon placement |
US8989718B2 (en) | 2005-09-14 | 2015-03-24 | Millennial Media, Inc. | Idle screen advertising |
US7702318B2 (en) | 2005-09-14 | 2010-04-20 | Jumptap, Inc. | Presentation of sponsored content based on mobile transaction event |
US7769764B2 (en) | 2005-09-14 | 2010-08-03 | Jumptap, Inc. | Mobile advertisement syndication |
US9201979B2 (en) | 2005-09-14 | 2015-12-01 | Millennial Media, Inc. | Syndication of a behavioral profile associated with an availability condition using a monetization platform |
US8805339B2 (en) | 2005-09-14 | 2014-08-12 | Millennial Media, Inc. | Categorization of a mobile user profile based on browse and viewing behavior |
US8832100B2 (en) | 2005-09-14 | 2014-09-09 | Millennial Media, Inc. | User transaction history influenced search results |
US8311888B2 (en) | 2005-09-14 | 2012-11-13 | Jumptap, Inc. | Revenue models associated with syndication of a behavioral profile using a monetization platform |
US8666376B2 (en) | 2005-09-14 | 2014-03-04 | Millennial Media | Location based mobile shopping affinity program |
US8812526B2 (en) | 2005-09-14 | 2014-08-19 | Millennial Media, Inc. | Mobile content cross-inventory yield optimization |
US9076175B2 (en) | 2005-09-14 | 2015-07-07 | Millennial Media, Inc. | Mobile comparison shopping |
US7676394B2 (en) | 2005-09-14 | 2010-03-09 | Jumptap, Inc. | Dynamic bidding and expected value |
US10592930B2 (en) | 2005-09-14 | 2020-03-17 | Millenial Media, LLC | Syndication of a behavioral profile using a monetization platform |
US8209344B2 (en) | 2005-09-14 | 2012-06-26 | Jumptap, Inc. | Embedding sponsored content in mobile applications |
US7912458B2 (en) | 2005-09-14 | 2011-03-22 | Jumptap, Inc. | Interaction analysis and prioritization of mobile content |
US7577665B2 (en) | 2005-09-14 | 2009-08-18 | Jumptap, Inc. | User characteristic influenced search results |
US9471925B2 (en) | 2005-09-14 | 2016-10-18 | Millennial Media Llc | Increasing mobile interactivity |
US7860871B2 (en) | 2005-09-14 | 2010-12-28 | Jumptap, Inc. | User history influenced search results |
US8175585B2 (en) | 2005-11-05 | 2012-05-08 | Jumptap, Inc. | System for targeting advertising content to a plurality of mobile communication facilities |
US8571999B2 (en) | 2005-11-14 | 2013-10-29 | C. S. Lee Crawford | Method of conducting operations for a social network application including activity list generation |
US8453243B2 (en) | 2005-12-28 | 2013-05-28 | Websense, Inc. | Real time lockdown |
US8615800B2 (en) | 2006-07-10 | 2013-12-24 | Websense, Inc. | System and method for analyzing web content |
US8020206B2 (en) | 2006-07-10 | 2011-09-13 | Websense, Inc. | System and method of analyzing web content |
US20080082960A1 (en) * | 2006-09-29 | 2008-04-03 | Mcdougal Monty D | Method and System For Controlling The Release of Data For Multiple-Level Security Systems |
US20080082832A1 (en) * | 2006-09-29 | 2008-04-03 | Mcdougal Monty D | Configurable Data Access Application For Highly Secure Systems |
US9654495B2 (en) | 2006-12-01 | 2017-05-16 | Websense, Llc | System and method of analyzing web addresses |
FR2915337B1 (en) * | 2007-04-19 | 2009-06-05 | Bouygues Telecom Sa | METHOD AND SYSTEM FOR SECURING INTERNAL ACCESS TO MOBILE TELEPHONE, MOBILE PHONE AND CORRESPONDING TERMINAL. |
EP2026530A1 (en) | 2007-07-12 | 2009-02-18 | Wayport, Inc. | Device-specific authorization at distributed locations |
US8443106B2 (en) * | 2007-12-21 | 2013-05-14 | Gary Stephen Shuster | Content restriction compliance using reverse DNS lookup |
CN102077201A (en) | 2008-06-30 | 2011-05-25 | 网圣公司 | System and method for dynamic and real-time categorization of webpages |
CA3010378C (en) * | 2009-07-07 | 2020-12-29 | Netsweeper (Barbados) Inc. | System and method for providing customized response messages based on requested website |
US9270760B2 (en) * | 2012-10-15 | 2016-02-23 | Google Inc. | Cross-platform child mode for applications |
GB2546304B (en) * | 2016-01-14 | 2020-04-08 | Avecto Ltd | Computer device and method for controlling access to a web resource |
CN108737327B (en) | 2017-04-14 | 2021-11-16 | 阿里巴巴集团控股有限公司 | Method, device and system for intercepting malicious website and memory |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6052688A (en) * | 1995-01-26 | 2000-04-18 | Hans Verner Thorsen | Computer-implemented control of access to atomic data items |
US20010001863A1 (en) * | 1998-10-30 | 2001-05-24 | Brian Shuster | Method, apparatus and system for directing access to content on a computer network |
US6282542B1 (en) * | 1997-08-06 | 2001-08-28 | Tachyon, Inc. | Distributed system and method for prefetching objects |
US6286034B1 (en) * | 1995-08-25 | 2001-09-04 | Canon Kabushiki Kaisha | Communication apparatus, a communication system and a communication method |
US6564327B1 (en) * | 1998-12-23 | 2003-05-13 | Worldcom, Inc. | Method of and system for controlling internet access |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5825283A (en) * | 1996-07-03 | 1998-10-20 | Camhi; Elie | System for the security and auditing of persons and property |
US6052730A (en) * | 1997-01-10 | 2000-04-18 | The Board Of Trustees Of The Leland Stanford Junior University | Method for monitoring and/or modifying web browsing sessions |
US6161107A (en) * | 1997-10-31 | 2000-12-12 | Iota Industries Ltd. | Server for serving stored information to client web browser using text and raster images |
US6192403B1 (en) * | 1997-12-23 | 2001-02-20 | At&T Corp | Method and apparatus for adaptive monitor and support system |
-
1998
- 1998-12-23 US US09/219,411 patent/US6564327B1/en not_active Expired - Lifetime
-
2003
- 2003-04-15 US US10/413,971 patent/US20030191971A1/en not_active Abandoned
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6052688A (en) * | 1995-01-26 | 2000-04-18 | Hans Verner Thorsen | Computer-implemented control of access to atomic data items |
US6286034B1 (en) * | 1995-08-25 | 2001-09-04 | Canon Kabushiki Kaisha | Communication apparatus, a communication system and a communication method |
US6282542B1 (en) * | 1997-08-06 | 2001-08-28 | Tachyon, Inc. | Distributed system and method for prefetching objects |
US20030120658A1 (en) * | 1997-08-06 | 2003-06-26 | Carneal Bruce L. | Satellite-based internet access system with remote prefetching of inline objects of web pages |
US20010001863A1 (en) * | 1998-10-30 | 2001-05-24 | Brian Shuster | Method, apparatus and system for directing access to content on a computer network |
US6389458B2 (en) * | 1998-10-30 | 2002-05-14 | Ideaflood, Inc. | Method, apparatus and system for directing access to content on a computer network |
US6564327B1 (en) * | 1998-12-23 | 2003-05-13 | Worldcom, Inc. | Method of and system for controlling internet access |
Cited By (106)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020194079A1 (en) * | 2001-06-19 | 2002-12-19 | International Business Machines Corporation | Method for monitoring and restricting online purchases |
US7636777B1 (en) * | 2002-02-28 | 2009-12-22 | Aol Llc | Restricting access to requested resources |
US7181513B1 (en) * | 2002-02-28 | 2007-02-20 | America Online, Inc. | Restricting access to requested resources |
US8528047B2 (en) | 2003-05-28 | 2013-09-03 | Citrix Systems, Inc. | Multilayer access control security system |
US7900240B2 (en) | 2003-05-28 | 2011-03-01 | Citrix Systems, Inc. | Multilayer access control security system |
US20050044181A1 (en) * | 2003-08-20 | 2005-02-24 | Lg Electronics Inc. | System and method for monitoring internet connections |
US20050065935A1 (en) * | 2003-09-16 | 2005-03-24 | Chebolu Anil Kumar | Client comparison of network content with server-based categorization |
US20050060565A1 (en) * | 2003-09-16 | 2005-03-17 | Chebolu Anil Kumar | Controlling user-access to computer applications |
US20050060566A1 (en) * | 2003-09-16 | 2005-03-17 | Chebolu Anil Kumar | Online user-access reports with authorization features |
US8166560B2 (en) | 2003-09-16 | 2012-04-24 | At&T Intellectual Property I, L.P. | Remote administration of computer access settings |
US20050066290A1 (en) * | 2003-09-16 | 2005-03-24 | Chebolu Anil Kumar | Pop-up capture |
US20050060412A1 (en) * | 2003-09-16 | 2005-03-17 | Chebolu Anil Kumar | Synchronizing automatic updating of client |
US7577995B2 (en) | 2003-09-16 | 2009-08-18 | At&T Intellectual Property I, L.P. | Controlling user-access to computer applications |
US20050114514A1 (en) * | 2003-11-21 | 2005-05-26 | Bostrom Kevin L. | Advising a network component for control of communication session connection through employment of one or more communication session restrictions |
US8161068B2 (en) | 2004-03-23 | 2012-04-17 | Ntt Docomo, Inc. | Access control system |
US7725458B2 (en) * | 2004-03-23 | 2010-05-25 | Ntt Docomo, Inc. | Access control system and access control method |
US20090293105A1 (en) * | 2004-03-23 | 2009-11-26 | Yasutaka Urakawa | Access control system and access control method |
US20050216467A1 (en) * | 2004-03-23 | 2005-09-29 | Yasutaka Urakawa | Access control system and access control method |
US20150178398A1 (en) * | 2004-05-24 | 2015-06-25 | Sonicwall, Inc. | Requesting web pages and content rating information |
US9015199B1 (en) * | 2004-05-24 | 2015-04-21 | Sonicwall, Inc. | Method and an apparatus to request web pages and content rating information thereof |
US9405839B2 (en) * | 2004-05-24 | 2016-08-02 | Dell Software Inc. | Requesting web pages and content rating information |
US10033830B2 (en) * | 2004-05-24 | 2018-07-24 | Sonicwall Inc. | Requesting web pages and content rating information |
US8065423B2 (en) | 2004-09-30 | 2011-11-22 | Citrix Systems, Inc. | Method and system for assigning access control levels in providing access to networked content files |
US8286230B2 (en) * | 2004-09-30 | 2012-10-09 | Citrix Systems, Inc. | Method and apparatus for associating tickets in a ticket hierarchy |
WO2006038987A2 (en) * | 2004-09-30 | 2006-04-13 | Citrix Systems, Inc. | A method and apparatus for assigning access control levels in providing access to networked content files |
US8042120B2 (en) | 2004-09-30 | 2011-10-18 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
WO2006038987A3 (en) * | 2004-09-30 | 2006-07-20 | Citrix Systems Inc | A method and apparatus for assigning access control levels in providing access to networked content files |
JP2008515085A (en) * | 2004-09-30 | 2008-05-08 | サイトリックス システムズ, インコーポレイテッド | Method and apparatus for assigning access control levels in providing access to network content files |
US9401906B2 (en) | 2004-09-30 | 2016-07-26 | Citrix Systems, Inc. | Method and apparatus for providing authorized remote access to application sessions |
US20060069683A1 (en) * | 2004-09-30 | 2006-03-30 | Braddy Ricky G | Method and apparatus for assigning access control levels in providing access to networked content files |
US8352606B2 (en) | 2004-09-30 | 2013-01-08 | Citrix Systems, Inc. | Method and system for assigning access control levels in providing access to networked content files |
US7711835B2 (en) | 2004-09-30 | 2010-05-04 | Citrix Systems, Inc. | Method and apparatus for reducing disclosure of proprietary data in a networked environment |
US8171479B2 (en) | 2004-09-30 | 2012-05-01 | Citrix Systems, Inc. | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US8302101B2 (en) | 2004-09-30 | 2012-10-30 | Citrix Systems, Inc. | Methods and systems for accessing, by application programs, resources provided by an operating system |
US20100229228A1 (en) * | 2004-09-30 | 2010-09-09 | Timothy Ernest Simmons | Method and apparatus for associating tickets in a ticket hierarchy |
US9311502B2 (en) | 2004-09-30 | 2016-04-12 | Citrix Systems, Inc. | Method and system for assigning access control levels in providing access to networked content files |
US7865603B2 (en) | 2004-09-30 | 2011-01-04 | Citrix Systems, Inc. | Method and apparatus for assigning access control levels in providing access to networked content files |
US8132176B2 (en) | 2004-09-30 | 2012-03-06 | Citrix Systems, Inc. | Method for accessing, by application programs, resources residing inside an application isolation scope |
US7870294B2 (en) | 2004-09-30 | 2011-01-11 | Citrix Systems, Inc. | Method and apparatus for providing policy-based document control |
US8352964B2 (en) | 2004-09-30 | 2013-01-08 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US7366812B2 (en) | 2004-11-13 | 2008-04-29 | International Business Machines Corporation | Determination of access rights to information technology resources |
US20080155687A1 (en) * | 2004-11-13 | 2008-06-26 | Simon Keith Lambourn | Dtermination of access rights to information technology resources |
US7529873B2 (en) | 2004-11-13 | 2009-05-05 | International Business Machines Corporation | Determination of access rights to information technology resources |
CN100428690C (en) * | 2004-11-13 | 2008-10-22 | 国际商业机器公司 | A method for determining access rights to IT resources |
EP1657616A1 (en) * | 2004-11-13 | 2006-05-17 | International Business Machines Corporation | A method for determining access rights to it resources |
US8312261B2 (en) | 2005-01-28 | 2012-11-13 | Citrix Systems, Inc. | Method and system for verification of an endpoint security scan |
US8024568B2 (en) | 2005-01-28 | 2011-09-20 | Citrix Systems, Inc. | Method and system for verification of an endpoint security scan |
US20070061459A1 (en) * | 2005-09-12 | 2007-03-15 | Microsoft Corporation | Internet content filtering |
US8095940B2 (en) | 2005-09-19 | 2012-01-10 | Citrix Systems, Inc. | Method and system for locating and accessing resources |
US20070073888A1 (en) * | 2005-09-26 | 2007-03-29 | Ajay Madhok | System and method to control transactions on communication channels based on universal identifiers |
US20080217402A1 (en) * | 2005-09-30 | 2008-09-11 | Koninklijke Philips Electronics, N.V. | Maturity Rating Enforcement Via Rf-Tags |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US7779034B2 (en) | 2005-10-07 | 2010-08-17 | Citrix Systems, Inc. | Method and system for accessing a remote file in a directory structure associated with an application program executing locally |
FR2893731A1 (en) * | 2005-11-24 | 2007-05-25 | Bertrand Issard | Multimedia e.g. text, content access controlling and solicitation message filtering system, has database comprising age of user, access level of user to type of contents and/or desire or non desire of user to be solicited by messages |
US8010679B2 (en) | 2006-01-24 | 2011-08-30 | Citrix Systems, Inc. | Methods and systems for providing access to a computing environment provided by a virtual machine executing in a hypervisor executing in a terminal services session |
US8117314B2 (en) | 2006-01-24 | 2012-02-14 | Citrix Systems, Inc. | Methods and systems for providing remote access to a computing environment provided by a virtual machine |
US7954150B2 (en) | 2006-01-24 | 2011-05-31 | Citrix Systems, Inc. | Methods and systems for assigning access control levels in providing access to resources via virtual machines |
US8355407B2 (en) | 2006-01-24 | 2013-01-15 | Citrix Systems, Inc. | Methods and systems for interacting, via a hypermedium page, with a virtual machine executing in a terminal services session |
US7949677B2 (en) | 2006-01-24 | 2011-05-24 | Citrix Systems, Inc. | Methods and systems for providing authorized remote access to a computing environment provided by a virtual machine |
US7870153B2 (en) | 2006-01-24 | 2011-01-11 | Citrix Systems, Inc. | Methods and systems for executing, by a virtual machine, an application program requested by a client machine |
US8051180B2 (en) | 2006-01-24 | 2011-11-01 | Citrix Systems, Inc. | Methods and servers for establishing a connection between a client system and a virtual machine executing in a terminal services session and hosting a requested computing environment |
US8341732B2 (en) | 2006-01-24 | 2012-12-25 | Citrix Systems, Inc. | Methods and systems for selecting a method for execution, by a virtual machine, of an application program |
US8341270B2 (en) | 2006-01-24 | 2012-12-25 | Citrix Systems, Inc. | Methods and systems for providing access to a computing environment |
US8171538B2 (en) * | 2006-03-17 | 2012-05-01 | Microsoft Corporation | Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology |
US20070220154A1 (en) * | 2006-03-17 | 2007-09-20 | Microsoft Corporation | Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology |
US7575163B2 (en) | 2006-07-18 | 2009-08-18 | At&T Intellectual Property I, L.P. | Interactive management of storefront purchases |
US8794519B2 (en) | 2006-07-18 | 2014-08-05 | At&T Intellectual Property I, L.P. | Methods, systems, and products for ordering items |
US9619791B2 (en) | 2006-07-18 | 2017-04-11 | At&T Intellectual Property I, L.P. | Methods, systems, and products for ordering items |
US9342847B2 (en) | 2006-07-18 | 2016-05-17 | At&T Intellectual Property I, L.P. | Methods, systems, and products for ordering items |
US11455673B2 (en) | 2006-07-18 | 2022-09-27 | Shopify, Inc. | Methods, systems, and products for ordering items |
US11068956B2 (en) | 2006-07-18 | 2021-07-20 | Shopify Inc. | Methods, systems, and products for ordering items |
US10269053B2 (en) | 2006-07-18 | 2019-04-23 | At&T Intellectual Property I, L.P. | Methods, systems, and products for ordering items |
US10664886B2 (en) | 2006-07-18 | 2020-05-26 | Shopify Inc. | Methods, systems, and products for ordering items |
US20080148340A1 (en) * | 2006-10-31 | 2008-06-19 | Mci, Llc. | Method and system for providing network enforced access control |
US8533846B2 (en) | 2006-11-08 | 2013-09-10 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
US9401931B2 (en) | 2006-11-08 | 2016-07-26 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
US9009720B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9009721B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9021494B2 (en) | 2007-10-20 | 2015-04-28 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9712986B2 (en) | 2008-01-11 | 2017-07-18 | Seven Networks, Llc | Mobile device configured for communicating with another mobile device associated with an associated user |
US8230501B2 (en) | 2008-05-07 | 2012-07-24 | International Business Machines Corporation | Controlling access to an automated media library |
US20090278654A1 (en) * | 2008-05-07 | 2009-11-12 | International Business Machines Corporation | Method of and System for Controlling Access to an Automated Media Library |
US20090282461A1 (en) * | 2008-05-07 | 2009-11-12 | Nils Haustein | Method of and system for controlling access to an automated media library |
US20110247073A1 (en) * | 2008-12-08 | 2011-10-06 | FnF Group Pty Ltd | System and method for adapting an internet and intranet filtering system |
US9049227B2 (en) * | 2008-12-08 | 2015-06-02 | Janet Surasathian | System and method for adapting an internet and intranet filtering system |
US20100262624A1 (en) * | 2009-04-14 | 2010-10-14 | Microsoft Corporation | Discovery of inaccessible computer resources |
US8326943B2 (en) | 2009-05-02 | 2012-12-04 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8090797B2 (en) | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US20110145825A1 (en) * | 2009-12-15 | 2011-06-16 | Fujitsu Limited | Information processing apparatus, computer-readable recording medium configured to store command execution determination program, and command execution determination method |
US8578158B2 (en) * | 2009-12-15 | 2013-11-05 | Fujitsu Limited | Information processing apparatus, computer-readable recording medium configured to store command execution determination program, and command execution determination method |
US9247019B2 (en) | 2010-07-26 | 2016-01-26 | Seven Networks, Llc | Mobile application traffic optimization |
US9516129B2 (en) | 2010-07-26 | 2016-12-06 | Seven Networks, Llc | Mobile application traffic optimization |
US9369539B2 (en) | 2010-07-26 | 2016-06-14 | Seven Networks, Llc | Method and device for power saving for downloading files |
US9239800B2 (en) | 2011-07-27 | 2016-01-19 | Seven Networks, Llc | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
US20130031191A1 (en) * | 2011-07-27 | 2013-01-31 | Ross Bott | Mobile device usage control in a mobile network by a distributed proxy system |
US9602539B1 (en) * | 2012-09-28 | 2017-03-21 | Palo Alto Networks, Inc. | Externally defined objects in security policy |
US10404750B2 (en) * | 2012-09-28 | 2019-09-03 | Palo Alto Networks, Inc. | Externally defined objects in security policy |
US20170195369A1 (en) * | 2012-09-28 | 2017-07-06 | Palo Alto Networks, Inc. | Externally defined objects in security policy |
US9199152B2 (en) | 2013-02-26 | 2015-12-01 | Landon K. Phillips | Golf swing trainer |
US9830191B2 (en) | 2013-04-15 | 2017-11-28 | Seven Networks, Llc | Temporary or partial offloading of mobile application functions to a cloud-based environment |
US10225152B1 (en) | 2013-09-30 | 2019-03-05 | Amazon Technologies, Inc. | Access control policy evaluation and remediation |
US10320624B1 (en) * | 2013-09-30 | 2019-06-11 | Amazon Technologies, Inc. | Access control policy simulation and testing |
US11361063B2 (en) | 2013-09-30 | 2022-06-14 | Amazon Technologies, Inc. | Access control policy simulation and testing |
US11924247B1 (en) | 2013-09-30 | 2024-03-05 | Amazon Technologies, Inc. | Access control policy simulation and testing |
US10154041B2 (en) | 2015-01-13 | 2018-12-11 | Microsoft Technology Licensing, Llc | Website access control |
Also Published As
Publication number | Publication date |
---|---|
US6564327B1 (en) | 2003-05-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6564327B1 (en) | Method of and system for controlling internet access | |
US7146404B2 (en) | Method for performing authenticated access to a service on behalf of a user | |
US6591265B1 (en) | Dynamic behavior-based access control system and method | |
US7594019B2 (en) | System and method for adult approval URL pre-screening | |
US10673985B2 (en) | Router-host logging | |
US7076558B1 (en) | User-centric consent management system and method | |
US7912971B1 (en) | System and method for user-centric authorization to access user-specific information | |
US5678041A (en) | System and method for restricting user access rights on the internet based on rating information stored in a relational database | |
US20050144297A1 (en) | Method and apparatus for providing content access controls to access the internet | |
US20020049806A1 (en) | Parental control system for use in connection with account-based internet access server | |
US9355184B2 (en) | Community-based parental controls | |
US8028325B2 (en) | Invocation of a third party's service | |
US6374290B1 (en) | Self moderated virtual communities | |
US8346953B1 (en) | Methods and systems for restricting electronic content access based on guardian control decisions | |
JP2001526804A (en) | Database access control system and method | |
US20100058446A1 (en) | Internet monitoring system | |
EP1381199A1 (en) | Firewall for dynamically granting and denying network resources | |
US20030154180A1 (en) | Profile management system | |
JPH0926975A (en) | System and method for database access control | |
WO1998028690A1 (en) | Network access control system and process | |
EP1204911A1 (en) | Single sign-on framework with trust-level mapping to authentication requirements | |
MXPA03005450A (en) | Parental controls customization and notification. | |
US20060026692A1 (en) | Network resource access authentication apparatus and method | |
WO1998028690A9 (en) | Network access control system and process | |
US20040098386A1 (en) | Profile management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: WORLDCOM, INC., MISSISSIPPI Free format text: CHANGE OF NAME;ASSIGNOR:MCI WORLDCOM, INC.;REEL/FRAME:028030/0615 Effective date: 20000501 Owner name: VERIZON BUSINESS GLOBAL LLC, NEW JERSEY Free format text: CHANGE OF NAME;ASSIGNOR:MCI, LLC;REEL/FRAME:028030/0673 Effective date: 20061120 Owner name: MCI WORLDCOM, INC., MISSISSIPPI Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KLENSIN, JOHN;KHARE, ROHIT;REEL/FRAME:028028/0876 Effective date: 19991110 Owner name: MCI, INC., VIRGINIA Free format text: MERGER;ASSIGNOR:WORLDCOM, INC.;REEL/FRAME:028029/0084 Effective date: 20040419 Owner name: MCI, LLC, VIRGINIA Free format text: MERGER;ASSIGNOR:MCI, INC.;REEL/FRAME:028029/0165 Effective date: 20060106 |
|
AS | Assignment |
Owner name: VERIZON PATENT AND LICENSING INC., NEW JERSEY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VERZIZON BUSINESS GLOBAL LLC;REEL/FRAME:031538/0972 Effective date: 20131104 |
|
AS | Assignment |
Owner name: VERIZON PATENT AND LICENSING INC., NEW JERSEY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VERIZON BUSINESS GLOBAL LLC;REEL/FRAME:032734/0502 Effective date: 20140409 |
|
AS | Assignment |
Owner name: VERIZON PATENT AND LICENSING INC., NEW JERSEY Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 032734 FRAME: 0502. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:VERIZON BUSINESS GLOBAL LLC;REEL/FRAME:044626/0088 Effective date: 20140409 |