Multiplex communications – Communication techniques for information carried in plural... – Adaptive
Reexamination Certificate
1999-04-30
2002-10-22
Ton, Dang (Department: 2661)
Multiplex communications
Communication techniques for information carried in plural...
Adaptive
C370S310000, C709S225000
Reexamination Certificate
active
06470027
ABSTRACT:
FIELD OF THE INVENTION
The invention relates to internet security and more particularly to software which provides, to a dial gateway, filtered router, or firewall, the ability to return a customizable text message or web page to a client user when an access violation occurs.
BACKGROUND OF THE INVENTION
Currently most security on the Internet, as well as along intranets, is provided by filtered routers or firewalls. These devices generally maintain a list of destinations with which a user is authorized to communicate, compare the addresses of user-generated packets to the addresses of the destinations of the list, and limit packets sent by the user based on the IP address and/or port to which the packets are addressed. If the user tries to access an IP address for which the user does not have authorization, the firewall or router typically either silently discards the packet or returns an ICMP “host unreachable” message to the client.
One problem is that many TCP stacks, including Microsoft win95*, winNT*, etc., do not look for the “host unreachable” message, and/or do not communicate the error messages to the user. In the best case scenario, where the stack does relay the message, it typically is a cryptic message which simply states that the host is unreachable. It does not give the user a reason why the host is unreachable. Since reasons why a “host unreachable” message may be generated include not only that the user is not authorized to access the host, but also that the host is down, or that there is not a route to the desired host, the user will not know whether to make another attempt at establishing the communication. In the case where the unreachable message is not processed properly, or where the router silently discards the offending packet, the user/client is forced to wait until the application times out, or until the client computer kills the application.
Another instance in which user-intended messages may be undeliverable, or undelivered, is when a user is conducting Internet searching on a “pay as you go” basis, wherein the user prepays an amount for a subscription representing a fixed amount of search time or a fixed number of search requests. When the user has exhausted his or her prepaid allotment, it is desirable that the user be informed, so that he or she may take immediate steps to resubscribe, without having to lose the benefit of their current search (i.e., without having to exit, resubscribe, and then search from the starting point, again).
What is desirable, therefore, and what is an object of the present invention, is to provide a system and method for appropriately directing network access messages for display to users.
Another object of the invention is to provide a user with instant knowledge when they have tried to access an improper host, with no need for waiting several minutes for the application to time out.
Yet another objective of the invention is to provide a returned message which can be customized to display helpful information, such as “You do not have access to host x.x.x.x. Please call Customer Support at 111-1111-1111 to have you access updated”.
Still another objective of the invention is to facilitate implementation of a ‘pay as you go’ Internet service, wherein, when the user's time has expired, the user is redirected to a web page that allows the user to buy more Internet time and to continue surfing.
SUMMARY OF THE INVENTION
These and other objects are realized by the present invention wherein packets are intercepted and a message returned to the user is redirected to a web page explaining why the user cannot access the host. This is currently implemented in TCP to redirect access violations from web browsers to hosts in the user's access list, which then display a message indicating why the user cannot access the desired host. This same model can also be used in support of the FTP and Telnet protocols.
REFERENCES:
patent: 5941954 (1999-08-01), Kalajan
patent: 6144671 (2000-11-01), Peripanathan
patent: 6219694 (2001-04-01), Lazaridis
patent: 6247054 (2001-06-01), Malkin
patent: 6343284 (2002-01-01), Ishikawa
AT&T Corp.
Pizarro Ricardo M.
Ton Dang
LandOfFree
System and method for providing message redirection in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for providing message redirection in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for providing message redirection in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2936491