WO2002013025A1 - An access system for use with lans - Google Patents
An access system for use with lans Download PDFInfo
- Publication number
- WO2002013025A1 WO2002013025A1 PCT/AU2001/000962 AU0100962W WO0213025A1 WO 2002013025 A1 WO2002013025 A1 WO 2002013025A1 AU 0100962 W AU0100962 W AU 0100962W WO 0213025 A1 WO0213025 A1 WO 0213025A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- request
- identifier
- access system
- client
- key
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/35—Network arrangements, protocols or services for addressing or naming involving non-standard use of addresses for implementing network functionalities, e.g. coding subscription information within the address or functional addressing, i.e. assigning an address to a function
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/564—Enhancement of application control based on intercepted application data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/561—Adding application-functional data or data for application control, e.g. adding metadata
Definitions
- the present invention relates to an access system that can be used to provide access to a communications network, such as the Internet, for users of Local Area Networks (LANs).
- LANs Local Area Networks
- the present invention relates to a method of tracking a user's behaviour on the Internet when the user is accessing the Internet using a single IP address assigned to a LAN server.
- an access system as described in the specification of International Patent Application No. PCT/AU00/00418 ("the access system specification"), enables the connection state of users to be adjusted and their behaviour and accessed locations recorded, primarily on the basis of the IP address that is dynamically assigned to a user that connects to the access system. This is effective for users that connect to the access system individually.
- the users of local area networks generally use a network server to connect to an ISP's access system and the LAN's server will be allocated one IP address for all of the network users of the LAN. This makes it impossible to discriminate between different users on the basis of the assigned IP address. Accordingly, it is desired to provide a system and method which alleviates the above difficulty or at least provides a useful alternative.
- a method executed by an access system for enabling a client to access a communications network including: receiving an access request for a resource of the network; determining if the request includes a unique identifier for the client; removing the identifier and recording data related to the request using the identifier, when the request includes the identifier; and redirecting the request to instruct the client to store the identifier when the request omits the identifier.
- the present invention also provides an access system for enabling a client to access a communications network, including: means for receiving an access request for a resource and determining when the request includes a unique identifier for the client; means for removing the identifier and recording data related to the request based on the identifier; and means for redirecting the request to instruct the client to store the identifier when the request omits the identifier.
- the present invention also provides a network access system for executing:
- a TCP/IP request from a client includes an identifier associated with the access system, the identifier is removed from the request and the request is sent; (b) else if the request has a first key associated with the access system, the first key is removed, the request is sent, and data added to the response to the request to set an identifier in the client with a second key associated with the access system, for the domain of the request; and
- Figure 1 is a block diagram of a preferred embodiment of an access system comiected to the Internet and a telecommunications network;
- Figure 2 is a message flow diagram for a process executed by the system for initial authentication
- Figure 3 is a message flow diagram of a process executed by the system when accessing a new location
- Figure 4 is a message flow diagram of a process executed by the system when accessing a previously accessed location
- An access system 2 includes a plurality of remote access servers (RASs) 4, a traffic switch 6, a proxy server 16, a local web server 17, a database server 19, and a router 8 that connects to a public communications network, such as the Internet 14.
- RASs allow the computers 10 of remote users to dial into the system 2 using the lines provided by a standard telecommunications network 12 and connect to the input ports of the RASs 4, respectively.
- the RAS 4 and the user's computer 10 establish a unique session and IP traffic for that session is switched by the switch 6 so that it is controlled by the proxy server 16.
- a LAN server 20 which may comprise a Network Address Translation (NAT) server or a proxy server, is connected to a port of a RAS 4, and this may be a permanent connection over the network 12.
- the LAN server 20 is assigned a single IP address for all TCP/IP traffic handled by the system 2, and there may be several thousand individual computers 22 for respective users connected using the server 20. All the components of the access system 2 may be standard components used by an ISP. Alternatively, the access system 2 may be the access system described in the access system specification. The system however is configured, and in particular the proxy server 16, switch 6 and web server 17 are configured, to include logic to execute the messaging process described below to track individual clients 22 behind a LAN server 20.
- NAT Network Address Translation
- the logic may be provided by software code and/or hardware circuits to execute the messaging process, and as will be understood by those skilled in the art, the components of the logic may be distributed over a communications network.
- a client 22 When a client 22 initially enters a request for a particular location on the Internet 14, such as a Yahoo web server, the request including the Universal Resource Locator (URL) for the location is received by the proxy 16, at step 30, as shown in Figure 2.
- the proxy 16 will then send back, initially, to the client browser a 302 redirect URL for the web server 17, as shown in step 32, that includes the domain of the requested server, ie the URL of the requested page. This causes the browser at step 34 to issue a request including the URL for the web server 17 with the original requested domain.
- URL Universal Resource Locator
- the proxy 16 This is passed by the proxy 16 to the web server 17 of the access system, which issues, at step 35, a 302 redirect to initiate the access system authentication process because the request omits a recognised access system identifying key, as described below.
- the 302 redirect includes a URL to redirect the client 22 to a login page for the access system. This causes the client to issue a GET http request for the login page at step 36.
- This is passed by the proxy 16 to obtain the login page, which may be served from the access system web server 17, at step 37.
- the web server 17 returns a login display page via the proxy server 16, at step 36 for display on the client's browser. The user then completes a form on the login page which is posted at step 38 via the proxy 16 to the server 17.
- the server 17 then responds at step 40 with a 200 message, after validating the login of the user, with a set cookie message for the client's browser that refers to the domain of the server 17 and contains a unique key, being a unique ASCII character string, for the client machine 22.
- a set cookie message for the client's browser that refers to the domain of the server 17 and contains a unique key, being a unique ASCII character string, for the client machine 22.
- the cookie as described below, also only exists during the client's browser session on the access system.
- the client After authentication, when a user wishes to go to a new site, as shown in Figure 3, such as a Yahoo server on the Internet 14, the client will send a request with a URL for the site, at step 50.
- This request does not include any information from the cookie as it is a request for a different domain than the domain of the web server 17.
- the proxy 16 on receiving the request determines that the access system cookie information is not included, and therefore returns to the client 22 a 302 redirect URL for the web server 17 with the URL or domain of the requested site, at step 52. This again causes a redirect to the web server 17, but this time the cookie and unique key are returned to the server 17 with the URL for the server 17, at step 54.
- the server 17 in response returns a 302 redirect URL that includes the original http request, and a temporary key for the client machine 22, at step 56, as shown in Figure 3.
- a temporary key is used at this stage, instead of the unique key, as the key is visible on most browsers by virtue of the fact that it has been included in the URL for this part of the messaging process.
- the unique key is temporarily stored on the web server 17 and/or proxy 16 against the random temporary key that has been allocated for the client machine.
- the 302 redirect of step 56 is sent back to the client 22 via the proxy 16, and the client responds by forwarding a GET http request for the requested site that includes the temporary key in the URL identifying the client 22, at step 57.
- the GET request is received by the proxy 16, the key stripped from the URL and a record made of the location requested by the client. This is recorded in the database server 19 against the unique key for the client machine 22.
- the stripped request is then forwarded as a standard http GET request, at step 58 from the proxy 16 out onto the Internet 14 to the requested server, in this instance the requested Yahoo server.
- the Yahoo requested page is then returned from the Yahoo server, at step 60,and this is received via the proxy 16.
- the proxy 16 then adds a set cookie message, as shown in Figure 3 at step 62, to return to the client machine with the Yahoo page.
- the set cookie message includes the requested domain and the unique key for the client 22.
- the cookie message ensures that a cookie is established for the requested, ie Yahoo, domain with the unique key used by the access system 2.
- a client 22 requests a page from a previously accessed domain, as shown in Figure 4, the client will send a request at step 70 that includes the cookie for the domain with the unique key for the access system 2.
- the proxy 16 accesses the cookie and records the requested page in the database 19 against the unique key for the client 22.
- the cookie is stripped from the request by the proxy 16 and the request then forwarded onto the requested server on the Internet 14, at step 72.
- the server will then simply return the requested page, at step 74 via the proxy 16 to the client 22.
- the messaging process which is executed by the proxy 16 can be represented by the following if the web server 17 has the domain "fol.com”:
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001278305A AU2001278305A1 (en) | 2000-08-07 | 2001-08-07 | An access system for use with lans |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPQ9240A AUPQ924000A0 (en) | 2000-08-07 | 2000-08-07 | An access system for use with lans |
AUPQ9240 | 2000-08-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002013025A1 true WO2002013025A1 (en) | 2002-02-14 |
Family
ID=3823297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AU2001/000962 WO2002013025A1 (en) | 2000-08-07 | 2001-08-07 | An access system for use with lans |
Country Status (2)
Country | Link |
---|---|
AU (1) | AUPQ924000A0 (en) |
WO (1) | WO2002013025A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2394804A (en) * | 2002-10-31 | 2004-05-05 | Hewlett Packard Co | Method of Processing Data from a Submission Interface |
CN100466537C (en) * | 2005-09-12 | 2009-03-04 | 珠海金山软件股份有限公司 | Device for detecting computer access state in network and detecting method |
US8359289B1 (en) | 1999-05-12 | 2013-01-22 | Sydney Gordon Low | Message processing system |
US8560666B2 (en) | 2001-07-23 | 2013-10-15 | Hitwise Pty Ltd. | Link usage |
US9595051B2 (en) | 2009-05-11 | 2017-03-14 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
US9767309B1 (en) | 2015-11-23 | 2017-09-19 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
US10678894B2 (en) | 2016-08-24 | 2020-06-09 | Experian Information Solutions, Inc. | Disambiguation and authentication of device users |
US10810605B2 (en) | 2004-06-30 | 2020-10-20 | Experian Marketing Solutions, Llc | System, method, software and data structure for independent prediction of attitudinal and message responsiveness, and preferences for communication media, channel, timing, frequency, and sequences of communications, using an integrated data repository |
US11257117B1 (en) | 2014-06-25 | 2022-02-22 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
US11682041B1 (en) | 2020-01-13 | 2023-06-20 | Experian Marketing Solutions, Llc | Systems and methods of a tracking analytics platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0844767A1 (en) * | 1996-11-19 | 1998-05-27 | Ncr International Inc. | User controlled browser |
WO1998059481A1 (en) * | 1997-06-25 | 1998-12-30 | Inforonics, Inc. | Apparatus and method for identifying clients accessing network sites |
WO1999023568A1 (en) * | 1997-10-30 | 1999-05-14 | Juno Online Services, Inc. | Method and apparatus to determine user identity and limit access to a communications network |
US6088805A (en) * | 1998-02-13 | 2000-07-11 | International Business Machines Corporation | Systems, methods and computer program products for authenticating client requests with client certificate information |
-
2000
- 2000-08-07 AU AUPQ9240A patent/AUPQ924000A0/en not_active Abandoned
-
2001
- 2001-08-07 WO PCT/AU2001/000962 patent/WO2002013025A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0844767A1 (en) * | 1996-11-19 | 1998-05-27 | Ncr International Inc. | User controlled browser |
WO1998059481A1 (en) * | 1997-06-25 | 1998-12-30 | Inforonics, Inc. | Apparatus and method for identifying clients accessing network sites |
WO1999023568A1 (en) * | 1997-10-30 | 1999-05-14 | Juno Online Services, Inc. | Method and apparatus to determine user identity and limit access to a communications network |
US6088805A (en) * | 1998-02-13 | 2000-07-11 | International Business Machines Corporation | Systems, methods and computer program products for authenticating client requests with client certificate information |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8359289B1 (en) | 1999-05-12 | 2013-01-22 | Sydney Gordon Low | Message processing system |
US9407588B2 (en) | 1999-05-12 | 2016-08-02 | Iii Holdings 1, Llc | Message processing system |
US9124542B2 (en) | 1999-05-12 | 2015-09-01 | Iii Holdings 1, Llc | Message processing system |
US9331918B2 (en) | 2001-07-23 | 2016-05-03 | Connexity, Inc. | Link usage |
US8560666B2 (en) | 2001-07-23 | 2013-10-15 | Hitwise Pty Ltd. | Link usage |
US7424522B2 (en) | 2002-10-31 | 2008-09-09 | Hewlett-Packard Development Company, L.P. | Method of processing data from a submission interface |
GB2394804A (en) * | 2002-10-31 | 2004-05-05 | Hewlett Packard Co | Method of Processing Data from a Submission Interface |
US10810605B2 (en) | 2004-06-30 | 2020-10-20 | Experian Marketing Solutions, Llc | System, method, software and data structure for independent prediction of attitudinal and message responsiveness, and preferences for communication media, channel, timing, frequency, and sequences of communications, using an integrated data repository |
US11657411B1 (en) | 2004-06-30 | 2023-05-23 | Experian Marketing Solutions, Llc | System, method, software and data structure for independent prediction of attitudinal and message responsiveness, and preferences for communication media, channel, timing, frequency, and sequences of communications, using an integrated data repository |
CN100466537C (en) * | 2005-09-12 | 2009-03-04 | 珠海金山软件股份有限公司 | Device for detecting computer access state in network and detecting method |
US9595051B2 (en) | 2009-05-11 | 2017-03-14 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
US11620677B1 (en) | 2014-06-25 | 2023-04-04 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
US11257117B1 (en) | 2014-06-25 | 2022-02-22 | Experian Information Solutions, Inc. | Mobile device sighting location analytics and profiling system |
US10019593B1 (en) | 2015-11-23 | 2018-07-10 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
US10685133B1 (en) | 2015-11-23 | 2020-06-16 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
US9767309B1 (en) | 2015-11-23 | 2017-09-19 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
US11748503B1 (en) | 2015-11-23 | 2023-09-05 | Experian Information Solutions, Inc. | Access control system for implementing access restrictions of regulated database records while identifying and providing indicators of regulated database records matching validation criteria |
US11550886B2 (en) | 2016-08-24 | 2023-01-10 | Experian Information Solutions, Inc. | Disambiguation and authentication of device users |
US10678894B2 (en) | 2016-08-24 | 2020-06-09 | Experian Information Solutions, Inc. | Disambiguation and authentication of device users |
US11682041B1 (en) | 2020-01-13 | 2023-06-20 | Experian Marketing Solutions, Llc | Systems and methods of a tracking analytics platform |
Also Published As
Publication number | Publication date |
---|---|
AUPQ924000A0 (en) | 2000-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6460084B1 (en) | Forced network portal | |
US6401125B1 (en) | System and method for maintaining state information between a web proxy server and its clients | |
US6751654B2 (en) | Simulating web cookies for non-cookie capable browsers | |
US6366962B1 (en) | Method and apparatus for a buddy list | |
JP5047436B2 (en) | System and method for redirecting users attempting to access a network site | |
US7509428B2 (en) | Method and system for communicating between clients in a computer network | |
US20060168645A1 (en) | Apparatus and method for a personal cookie repository service for cookie management among multiple devices | |
US10356153B2 (en) | Transferring session data between network applications accessible via different DNS domains | |
US20070061462A1 (en) | Host migration system | |
US20070061465A1 (en) | Host migration system | |
US20070180090A1 (en) | Dns traffic switch | |
US20050022013A1 (en) | Method for customized data output on a web site | |
JPH10303977A (en) | Communication control method and device therefor | |
EP2338262A1 (en) | Service provider access | |
JP2000512049A (en) | Monitoring remote file access on public computer networks | |
JP2005502239A (en) | Method and apparatus for client side dynamic load balancing system | |
US20100125668A1 (en) | Methods, Systems, and Computer Program Products for Enhancing Internet Security for Network Subscribers | |
US20030061360A1 (en) | Identifying unique web visitors behind proxy servers | |
WO2002013025A1 (en) | An access system for use with lans | |
CN101378407B (en) | Method, system and equipment for pushing information | |
JP3437680B2 (en) | Dialogue management type information providing method and apparatus | |
JP3709558B2 (en) | Web server publishing method, system and program | |
WO2001044975A2 (en) | Identifying web users in a proxy server | |
KR20010091016A (en) | Method and system for domain-server management using a personal computer with dynamic IP | |
US20050144479A1 (en) | Method, medium, and apparatus for processing cookies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC (COMMUNICATION DATED 12-06-2003, EPO FORM 1205A) |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |