Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
1998-06-24
2001-07-03
Harrell, Robert B. (Department: 2152)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C709S229000, C709S249000, C713S152000
Reexamination Certificate
active
06256671
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention pertains to network access management. More particularly, this invention relates to controlling access to a network by manipulating a domain name system.
2. Background
Computer systems are increasingly becoming commonplace in homes and businesses throughout the world. As the number of computer systems has increased, more and more computer systems are becoming interconnected via networks. These networks include local area networks (LANs), such as are commonly found in businesses and educational facilities throughout the world, as well as some homes. Computer systems coupled to a LAN are also frequently coupled to other computer systems, such as a wide area network (WAN) or via the Internet.
Communication between two computer systems coupled together via one or more networks is typically performed using a client-server relationship wherein a software application running on one system, referred to as the client, requests information from a server application running on another system. The client and server systems communicate with one another over the network to satisfy the client's request. The computer system running the server application often runs several server applications and is typically referred to as a “server host” or simply as “the host system”.
One problem which arises in networked system is that of controlling access to the host systems. Network administrators frequently want to limit individuals' abilities to access various host systems. For example, a parent may want to prevent his or her children from accessing host systems storing content unsuitable for children. By way of another example, an employer may want to prevent employees from accessing particular host systems using the employer's equipment.
Typical access control programs perform access management at the client system. This can be a problem in that the data for inaccessible sites is also stored at the client system, and thus is more easily accessible to the client system users. Thus, it would be beneficial to provide a more secure way to control access to host systems on the network.
Additionally, typical access control programs indicate to the user that, due to the access management settings, the user is prevented from accessing the desired host system. This can be a problem in that it alerts the user to a particular site he or she is not supposed to access. Thus, it would be beneficial to provide a more subtle way to control access to host systems on the network.
Thus, a need exists for an improved way to control network accesses.
SUMMARY OF THE INVENTION
A method and apparatus for providing network access control by manipulating a domain name system is described herein. The method includes the steps of receiving, from a source, a request for an address which corresponds to a host name. A check is then made as to whether a requestor corresponding to the request is allowed to access a host system corresponding to the host name. If the requestor is not allowed to access the host system corresponding to the host name, then an indication is provided to the source of the request that the address which corresponds to the host name cannot be located.
According to one embodiment, the present invention also checks the address which corresponds to the host name, and then checks whether the requester is allowed to access the host system corresponding to the address. If the requester is not allowed to access the host system corresponding to the address, then an indication is provided to the source of the request that the address which corresponds to the identifier cannot be located.
REFERENCES:
patent: 5802053 (1998-09-01), Bollella et al.
patent: 5805820 (1998-09-01), Bellovin et al.
patent: 5815665 (1998-09-01), Teper et al.
patent: 5855020 (1998-12-01), Kirsch
patent: 5867665 (1999-02-01), Butman et al.
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 5958052 (1999-09-01), Bellovin et al.
patent: 5974453 (1999-10-01), Andersen et al.
patent: 5978568 (1999-11-01), Abraham et al.
patent: 6052788 (2000-04-01), Wesinger, Jr. et al.
patent: 6061346 (2000-05-01), Nordman
patent: 6061734 (2000-05-01), London
patent: 6081900 (2000-06-01), Subramaniam et al.
patent: 6134588 (2000-10-01), Guenthner et al.
Mockapetris, P., “Domain Names—Concepts and Facilities, Request for Comments:1034,” Nov. 1987, 55 pages.
Mockapetris, P., “Domain Names—Implementation and Specification, Request for Comments:1035,” Nov. 1987, 55 pages.
Donzis Lewis T.
Strentzsch Scott A.
Blakely , Sokoloff, Taylor & Zafman LLP
Harrell Robert B.
Nortel Networks Limited
Thompson Marc D.
LandOfFree
Method and apparatus for providing network access control... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing network access control..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing network access control... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2526101