US2008201344A1PendingUtilityA1
Internet server access control and monitoring systems
Est. expiryJan 12, 2018(expired)· nominal 20-yr term from priority
Inventors:Thomas Mark LevergoodLawrence C. StewartStephen Jeffrey MorrisAndrew C. PayneGeorge Winfield Treese
G06Q 30/02G06Q 20/102G06Q 20/401G06Q 30/0209H04L 63/0807G06Q 30/0601H04L 63/083G06Q 20/10G06Q 30/06
63
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the invention includes client-server sessions over the Internet. In this environment, when the user attempts to access an access-controlled file, the server subjects the request to a secondary server which determines whether the client has an authorization or valid account. Upon such verification, the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the present protection domain.
Claims
exact text as granted — not AI-modified1 . A method of controlling access to protected content within a content server, comprising:
exchanging session data between a user computer system and a content server associated with a content server domain using a transfer format suitable for communication over the Internet to a user computer system that is configured to store the session data; and receiving a request to access protected content from the user computer system at the content server, the request to access including at least a portion of the stored session data, the content server processing the request to access the protected content and using the portion of the stored session data to determine whether to allow the user computer system to access the protected content.
2 . The method of claim 1 , further comprising:
prompting the user computer system to provide credentials for accessing the protected content; and comparing the user supplied credentials to information stored in a user account associated with the user computer system in order to authorize access to the protected content.
3 . The method of claim 2 , wherein the prompting and comparing steps precede the step of exchanging session data between the user computer system and the content server.
4 . The method of claim 1 , wherein the protected content is selected from the group consisting of an electronic document, a multimedia data file, an audio data file and a video data file.
5 . The method of claim 1 , wherein the session data includes a user identification associated with the user of the computer system and a domain identification associated with the content server domain, the method further comprising processing the user identification and the domain identification in order to authorize access to the protected content.
6 . The method of claim 1 , wherein the session data includes a user identification associated with the user of the computer system, the method further comprising processing the user identification in order to authorize access to the protected content.
7 . The method of claim 1 , wherein the session data includes a domain identification associated with the content server domain, the method further comprising processing the domain identification in order to authorize access to the protected content.
8 . The method of claim 1 , further comprising:
determining if credentials are required to access the protected content; and if credentials are required to access the protected content, then prompting the user computer system to provide credentials for accessing the protected content.
9 . The method of claim 8 , wherein the determination of whether credentials are required to access the protected content is based upon an access level associated with the protected content.
10 . The method of claim 1 , further comprising:
determining an access level of the protected content; and accessing a user account associated with the user computer system in order to determine whether to authorize access to the protected content.
11 . The method of claim 1 , wherein at least a portion of the stored session data includes encrypted data.
12 . The method of claim 1 , wherein at least a portion of the stored session data is digitally signed.
13 . The method of claim 1 , further comprising:
receiving one or more requests from the user computer system to access protected content at the content server; in response to each request to access protected content, storing a content identifier in an access record associated with a user of the user computer system.
14 . The method of claim 13 , further comprising:
retrieving content identification data from the access record; and displaying the content identification data at the user computer system.
15 . The method of claim 1 , wherein the transfer format suitable for communication over the Internet is the hypertext transfer protocol.
16 . The method of claim 1 , further comprising:
maintaining a transaction log at the content server, the transaction log including session data associated with the access of protected content stored within the content server domain.
17 . The method of claim 1 , wherein the session data includes information from a user account profile stored in an account database, the method further comprising:
the content server using the information from the user account profile to customize communications to the user computer system.
18 . The method of claim 17 , wherein the customized communications include advertisements.
19 . The method of claim 1 , further comprising:
for each completed access to protected content by the user computer system from the content server, storing an access record in a transaction database.
20 . The method of claim 19 , further comprising:
transmitting an electronic access statement to the user computer system, the electronic access statement including links to the access records stored in the transaction database.
21 . The method of claim 20 , further comprising:
selecting one of the links on the electronic access statement at the user computer system; and in response thereto, obtaining the access record from the transaction server.
22 . The method of claim 21 , further comprising:
transmitting the protected content to the user computer system.
23 . The method of claim 20 , wherein the electronic access statement includes links to access records that have occurred in a current month.
24 . The method of claim 23 , wherein the electronic access statement includes at least one link to access records that have occurred in a prior month.
25 . The method of claim 20 , wherein the electronic access statement is a web page.
26 . The method of claim 20 , wherein the electronic access statement is transmitted to the user computer system by e-mail.
27 . The method of claim 1 , further comprising:
transmitting an electronic access statement to the user computer system, the electronic access statement including information regarding protected content that has been accessed by the user computer system.
28 . The method of claim 27 , wherein the information included in the electronic access statement includes an identification of the protected content.
29 . The method of claim 27 , wherein the information included in the electronic access statement includes the date on which the protected content was accessed by the user computer system.
30 . The method of claim 28 , wherein the identification of the protected content on the electronic access statement includes information usable to access the protected content.
31 . The method of claim 30 , wherein the information usable to access the protected content is a Uniform Resource Locator (URL) link to the protected content.
32 . The method of claim 31 , further comprising:
receiving an URL link at the content server corresponding to the protected content identified on the electronic access statement; and transmitting additional data regarding the protected content to the user computer system.
33 . The method of claim 32 , wherein the additional data includes a description of the protected content.
34 . The method of claim 32 , further comprising:
transmitting the protected content associated with the URL link to the user computer system.
35 . The method of claim 27 , wherein the electronic access statement includes a customer service Uniform Resource Locator (URL) link.
36 . The method of claim 35 , further comprising:
receiving an URL link at the content server corresponding to the customer service URL link included in the electronic access statement; and transmitting a customer service document to the user computer system.
37 . The method of claim 2 , further comprising:
storing user demographic information in the user account; and determining whether to authorize access to the protected content based upon the user demographic information stored in the user account.
38 . The method of claim 37 , wherein the user demographic information includes an indication of the user's age.
39 . The method of claim 1 , further comprising:
determining whether to allow the user computer system to access the protected content according to a subscription with the content server.
40 . The method of claim 39 , wherein the subscription is a pre-paid subscription enabling the user computer system to access protected content within the content server.
41 . The method of claim 1 , further comprising:
charging the user computer system for accessing the protected content.
42 . The method of claim 41 , wherein the user computer system is charged each time protected content is accessed at the content server.
43 . A system for providing controlled access to protected content, comprising:
a content server that exchanges session data with a user computer system using a transfer format suitable for communication over the Internet; the content server transmitting the session data to the user computer system, which is configured to store the session data; and the content server receiving a request to access protected content from the user computer system, the request to access including at least a portion of the stored session data, and processing the request to access the protected content using the portion of the stored session data to determine whether to allow the user computer system to access the protected content.
44 . The system of claim 43 , wherein the content server prompts the user computer system to provide credentials for accessing the protected content, and compares the user supplied credentials to information stored in a user account associated with the user computer system in order to authorize access to the protected content.
45 . The system of claim 44 , wherein the content server prompts the user computer system to provide credentials prior to transmitting the session data to the user computer system.
46 . The system of claim 43 , wherein the protected content is selected from the group consisting of an electronic document, a multimedia data file, an audio data file and a video data file.
47 . The system of claim 43 , wherein the session data includes a user identification associated with the user computer system and a domain identification associated with the content server domain, and wherein the content server is programmed to process the user identification and the domain identification in order to authorize access to the protected content.
48 . The system of claim 43 , wherein the session data includes a user identification associated with the user computer system, and wherein the content server is programmed to process the user identification in order to authorize access to the protected content.
49 . The system of claim 43 , wherein the session data includes a domain identification associated with the content server domain, and wherein the content server is programmed to process the domain identification in order to authorize access to the protected content.
50 . The system of claim 43 , wherein the content server determines if credentials are required to access the protected content, and if so, the content server prompts the user computer system to provide credentials for accessing the protected content.
51 . The system of claim 43 , wherein the content server determines if credentials are required based on an access level associated with the protected content.
52 . The system of claim 43 , wherein the content server determines an access level of the protected content and accesses a user account associated with the user computer system in order to determine whether to authorize access to the protected content.
53 . The system of claim 43 , wherein at least a portion of the stored session data includes encrypted data.
54 . The system of claim 43 , wherein at least a portion of the stored session data is digitally signed.
55 . The system of claim 43 , wherein the content server receives one or more requests to access protected content from the user computer system, and in response to each request to access protected content, stores a content identifier in an access record associated with a user of the user computer system.
56 . The system of claim 55 , wherein the content server retrieves content identification data from the access record and causes the content identification data to be displayed at the user computer system.
57 . The system of claim 43 , wherein the transfer format suitable for communication over the Internet is the hypertext transfer protocol.
58 . The system of claim 43 , wherein the content server maintains a transaction log including session data associated with the access of protected content stored within the content server domain.
59 . The system of claim 43 , wherein the session data includes information from a user account profile stored in an account database, the content server using the information from the user account profile to customize communications to the user computer system.
60 . The system of claim 59 , wherein the customized communications include advertisements.
61 . The system of claim 43 , wherein for each completed access to protected content by the user computer system from the content server, the content server stores an access record in a transaction database.
62 . The system of claim 61 , wherein the content server transmits an electronic access statement to the user computer system, the electronic access statement including links to the access records stored in the transaction database.
63 . The system of claim 62 , wherein the content server receives a selection of one of the links on the electronic access statement from the user computer system and, in response thereto, obtains the access record from the transaction server.
64 . The system of claim 63 , wherein the content server transmits the protected content to the user computer system.
65 . The system of claim 64 , wherein the electronic access statement includes links to access records that have occurred in a current month.
66 . The system of claim 65 , wherein the electronic access statement includes at least one link to access records that have occurred in a prior month.
67 . The system of claim 64 , wherein the electronic access statement is a web page.
68 . The system of claim 64 , wherein the electronic access statement is transmitted to the user computer system by e-mail.
69 . The system of claim 43 , wherein the content server transmits an electronic access statement to the user computer system, the electronic access statement including information regarding protected content that has been accessed by the user computer system.
70 . The system of claim 69 , wherein the information included in the electronic access statement includes an identification of the protected content.
71 . The system of claim 69 , wherein the information included in the electronic access statement includes the date on which the protected content was accessed by the user computer system.
72 . The system of claim 70 , wherein the identification of the protected content on the electronic access statement includes information usable to access the protected content.
73 . The system of claim 72 , wherein the information usable to access the protected content is a Uniform Resource Locator (URL) link to the protected content.
74 . The system of claim 73 , wherein the content server receives an URL link corresponding to the protected content identified on the electronic access statement and transmits additional data regarding the protected content to the user computer system.
75 . The system of claim 74 , wherein the additional data includes a description of the protected content.
76 . The system of claim 74 , wherein the content server transmits the protected content associated with the URL link to the user computer system.
77 . The system of claim 64 , wherein the electronic access statement includes a customer service Uniform Resource Locator (URL) link.
78 . The system of claim 69 , wherein the content server receives an URL link corresponding to the customer service URL link included in the electronic access statement and transmits a customer service document to the user computer system.
79 . The system of claim 43 , wherein the user account includes demographic information and the content server determines whether to authorize access to the protected content based upon the user demographic information stored in the user account.
80 . The system of claim 79 , wherein the user demographic information includes an indication of the user's age.
81 . The system of claim 43 , wherein the content server determines whether to allow the user computer system to access the protected content according to a subscription with the content server.
82 . The system of claim 81 , wherein the subscription is a pre-paid subscription enabling the user computer system to access protected content within the content server.
83 . The system of claim 43 , wherein the user computer system is charged for accessing the protected content.
84 . The system of claim 83 , wherein the use computer system is charged each time protected content is accessed at the content server.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.