Method and system for restricting access to user resources
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
G06F-015/173
H04N-007/173
G06F-015/177
출원번호
US-0836544
(2004-04-30)
등록번호
US-7406530
(2008-07-29)
발명자
/ 주소
Brown,Ralph W.
Keller,Robert
Medin,Milo S.
Temkin,David
출원인 / 주소
At Home Corporation
대리인 / 주소
Fenwick & West LLP
인용정보
피인용 횟수 :
32인용 특허 :
13
초록▼
A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to a walled garden. The walled garden
A user's set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to a walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client's API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function.
대표청구항▼
We claim: 1. A computer program product comprising: a computer-readable storage medium having computer-executable code stored therein for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of wall
We claim: 1. A computer program product comprising: a computer-readable storage medium having computer-executable code stored therein for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, the computer-executable code comprising: a module configured to receive a message from the service intended for the client; a module configured to examine a header of the message to determine whether the header represents a potential security violation; a module configured to strip the header from the message responsive to a determination that the header represents a potential security violation; a module configured to determine permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; a module configured to include the determined permissions with the message; and a module configured to pass the message and the determined permissions to the client. 2. The computer program product of claim 1, wherein the module configured to determine permissions of the service with respect to the client comprises: a module configured to determine an identity of the server providing the service; a module configured to determine a user agent of the client; and a module configured to retrieve the permissions of the service from a permissions table using the determined identity of the server, the determined user agent, and the affiliation value of the first walled garden. 3. The computer program product of claim 2, wherein the permissions table is stored in a database and the module for retrieving the permissions of the server comprises: a module configured to interface with the database to access the permissions table. 4. The computer program product of claim 1, wherein the module for including the determined permissions with the message comprises: a module configured to add a hypertext transport protocol (HTTP) header specifying the determined permissions to the message. 5. The computer program product of claim 1, wherein an affiliation value further identifies a multiple systems operator (MSO) that controls the walled garden identified by the affiliation value. 6. A proxy server for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, the proxy server comprising: a computer-readable storage medium having computer-executable code stored therein, the computer-executable code comprising: a module configured to receive a message from the service intended for the client; a module configured to examine a header of the message to determine whether the header represents a potential security violation; a module configured to strip the header from the message responsive to a determination that the header represents a potential security violation; a module configured to determine permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; a module configured to include the determined permissions with the message; and a module configured to pass the message and the determined permissions to the client. 7. The proxy server of claim 6, wherein the module configured to determine permissions of the service with respect to the client comprises: a module configured to determine an identity of the server providing the service; a module configured to determine a user agent of the client; and a module configured to retrieve the permissions of the service from a permissions table using the determined identity of the server, the determined user agent, and the affiliation value of the first walled garden. 8. The proxy server of claim 7, wherein the permissions table is stored in a database and the module for retrieving the permissions of the server comprises: a module configured to interface with the database to access the permissions table. 9. The proxy server of claim 6, wherein the module for including the determined permissions with the message comprises: a module configured to add a hypertext transport protocol (HTTP) header specifying the determined permissions to the message. 10. The proxy server of claim 6, wherein an affiliation value further identifies a multiple systems operator (MSO) that controls the walled garden identified by the affiliation value. 11. A method of passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, comprising: receiving a message from the service intended for the client; examining a header of the message to determine whether the header represents a potential security violation; stripping the header from the message responsive to a determination that the header represents a potential security violation; determining permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; including the determined permissions with the message; and passing the message and the determined permissions to the client. 12. The method of claim 11, wherein determining permissions of the service with respect to the client comprises: determining an identity of the server providing the service; determining a user agent of the client; and retrieving the permissions of the service from a permissions table using the determined identity of the server, the determined user agent, and the affiliation value of the first walled garden. 13. The method of claim 12, wherein the permissions table is stored in a database and retrieving the permissions of the server comprises: interfacing with the database to access the permissions table. 14. The method of claim 11, wherein including the determined permissions with the message comprises: adding a hypertext transport protocol (HTTP) header specifying the determined permissions to the message. 15. The method of claim 11, wherein an affiliation further identifies a multiple systems operator (MSO) that controls the walled garden identified by the affiliation.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (13)
Fuhrmann Amir Michael, Apparatus and method for digital data transmission over a CATV system using an ATM transport protocol and SCDMA.
Patrick Michael W. ; Picker Dennis J. ; Perreault John A., Apparatus, method, system and system method for distributed routing in a multipoint communication system.
Allen Philip M. ; Davis Joseph W. ; Maslaney Michael J. ; Mai Khanh ; Paulk Howard L. ; Thompson Ken, Flexible, configurable, hierarchical system for distributing programming.
Donahue Paul W. ; Dankworth Jeffrey A. ; Hinderks Larry W. ; Fish Laurence A. ; Lerner Ian A. ; Ballister Thomas C. ; Roberts ; III Roswell R., High bandwidth broadcast system having localized multicast access to broadcast content.
LaJoie, Mike L.; Buehl, Joseph G.; Krakirian, Haig H.; Johnson, Stephen M.; Brown, Ralph W., Interactive program guide for designating information on an interactive program guide display.
Blahut Donald E. (Holmdel NJ) Schell William M. (Watchung NJ) Story Guy A. (New York NY) Szurkowski Edward S. (Maplewood NJ), Method of advertisement selection for interactive service.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James, Methods, systems and computer program products for providing internet protocol television communication services.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James H., Methods, systems and computer program products for providing internet protocol television communication services.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James H., Methods, systems and computer program products for providing internet protocol television communication services.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James, Methods, systems and computer program products for providing internet protocol television diagnostics.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James, Methods, systems and computer program products for providing internet protocol television diagnostics.
Mickle, Jacklyn A.; Smith, Michael W.; Chilton, James, Methods, systems and computer program products for providing internet protocol television set up.
Mantere, III, Jussi-Pekka; Maluta, Alexander Tony; Scalo, John William; Tyacke, Eugene Ray; Gaya, Bruce; Smith, Michael John; Kiehtreiber, Peter; Cooper, Simon P., Resource restriction systems and methods.
Mantere, III, Jussi-Pekka; Maluta, Alexander Tony; Scalo, John William; Tyacke, Eugene Ray; Gaya, Bruce; Smith, Michael John; Kiehtreiber, Peter; Cooper, Simon P., Resource restriction systems and methods.
Mantere, III, Jussi-Pekka; Maluta, Alexander Tony; Scalo, John William; Tyacke, Eugene Ray; Gaya, Bruce; Smith, Michael John; Kiehtreiber, Peter; Cooper, Simon P., Resource restriction systems and methods.
Mantere, Jussi-Pekka; Maluta, Alexander Tony; Scalo, John William; Tyacke, Eugene Ray; Gaya, Bruce; Smith, Michael John; Kiehtreiber, Peter; Cooper, Simon P., Resource restriction systems and methods.
Ludvig, Edward A.; Logue, Jay D.; Sandke, Steven R.; Feinberg, Brian K., Systems and methods for dynamic conversion of web content to an interactive walled garden program.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.