Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network

Abstract

A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.

Description

FIELD OF THE INVENTION[0001]The present invention relates generally to network access and, more particularly, to solutions that allow a provider of access to a data network to better regulate its customers' attempts to access the data network.BACKGROUND[0002]By equipping customers with a modem that operates over standard telephony lines, Internet service providers (ISPs, including most telephone companies—telcos) are able to offer residential Internet access to a large segment of the general population. Once a customer receives a modem and hooks it up to his or her computer, the customer typically undergoes a setup procedure, whereby the ISP's telephone number is dialed automatically or upon the click of a mouse button. Certain initial data (e.g., username and password) are then requested by the ISP and entered only once by the customer, for the purposes of configuring the modem for all subsequent attempts to remotely access the Internet.[0003]If the modem credentials are correct, i...

AI Technical Summary

Problems solved by technology

If, on the other hand, the ISP's authentication servers determine that the modem credentials are incorrect, then it is still possible for the customer to enter his or her personal account credentials in order to access the Internet, but this needs to be done each time the user attempts to access the Internet, since the modem's credentials will invariably fail.

Unfortunately, ISPs that implement the aforementioned conventional model for accessing the Internet face a number of problems, due in large part to inadequate control of remote access attempts.

For example, it has been observed by ISPs that there will inescapably be a certain percentage of modems in their networks that have been improperly configured, i.e., by entering incorrect credentials during the setup procedure.

This leads to repeated failed attempts (and retries) to access the Internet via the ISP's authentication servers, undesirably resulting in a tendency to slow down access to the Internet for a wider customer base.

Another problem arises from the manner in which so-called “management sessions” are initiated, namely through the use of shared “management credentials”.

Clearly, a malicious party who intercepts or otherwise learns the universal management credentials will be able to enjoy unfettered, unauthorized and anonymous access to the Internet and potentially to the ISP's authentication servers and other equipment.

Furthermore, due to the lack of integration between its accounting department and its network access control equipment, an ISP often finds itself in the position of allowing customers to access the Internet even during times where the customer has not paid for the service.

This clearly impacts revenues in a negative way.

In addition, ISPs are often powerless against the spread of viruses or worms over the Internet that its very own customers have released, whether maliciously or as defenseless victims of a hostile self-replicating program.

Images