DNS-based captive portal with integrated transparent proxy to protect against user device caching incorrect IP address

US 10,498,702 B2
Filed: 07/12/2018
Issued: 12/03/2019
Est. Priority Date: 05/16/2013
Status: Active Grant

First Claim

Patent Images

1. A server in a captive portal system, the server comprising:

a first network interface coupled to a local computer network;

a second network interface coupled to an external computer network;

a memory device storing a plurality of software instructions; and

one or more processors coupled to the memory device, the first network interface, and the second network interface;

wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to;

accept a connection requested from a user device on the local computer network to an IP address of the server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to the captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name;

determine whether the user device is logged according to a source address of the user device;

act as a transparent proxy between the user device and a remote destination on the external computer network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and

send alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.

66 Citations

View as Search Results

20 Claims

1. A server in a captive portal system, the server comprising:
- a first network interface coupled to a local computer network;
  
  a second network interface coupled to an external computer network;
  
  a memory device storing a plurality of software instructions; and
  
  one or more processors coupled to the memory device, the first network interface, and the second network interface;
  
  wherein, by the one or more processors executing the software instructions loaded from the memory device, the one or more processors are configured to;
  
  accept a connection requested from a user device on the local computer network to an IP address of the server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to the captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name;
  
  determine whether the user device is logged according to a source address of the user device;
  
  act as a transparent proxy between the user device and a remote destination on the external computer network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and
  
  send alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The server of claim 1, further comprising:
    - a storage device storing a list of cleared sites;
      
      wherein the one or more processors are further configured to check whether the remote destination is a cleared site and to further act as the transparent proxy between the user device and the remote destination further in response to determining the remote destination is included on the list of cleared sites.
  - 3. The server of claim 1, wherein the one or more processors are further configured to:
    - retrieve secondary content from a web server; and
      
      generate the alternate content by modifying the secondary content retrieved from the web server.
  - 4. The server of claim 1, wherein the user device specifies the remote destination in an HTTP request sent to the server via the connection.
  - 5. The server of claim 1, wherein the user device specifies the remote destination in an HTTPS request sent to the server via the connection.
  - 6. The server of claim 1, wherein the alternate content is a browser redirection message causing a web browser running on the user device to automatically redirect to a login portal.
  - 7. The server of claim 1, wherein the alternate content is a first page of content from a login portal.
  - 8. The server of claim 1, wherein the alternate content is a splash page with a user-clickable link or button to a login portal.
  - 9. The server of claim 1, wherein the memory device further stores a login database, and the one or more processors are further configured to query the login database to determine whether the user device is currently logged in.
  - 10. The server of claim 1, wherein the one or more processors are further configured to redirect all DNS queries received from the user device to the name server.

11. A method of controlling access from user devices to an external network, the method comprising:
- accepting a connection requested from a user device on a local computer network to an IP address of a server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to a captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name;
  
  determining whether the user device is logged in according to a source address of the user device;
  
  acting as a transparent proxy between the user device and a remote destination on the external network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and
  
  sending alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising:
    - checking whether the target domain name is included on a list of cleared sites; and
      
      acting as the transparent proxy between the user device and the remote destination further in response to determining the remote destination is included on the list of cleared sites.
  - 13. The method of claim 11, further comprising:
    - retrieving secondary content from a web server; and
      
      generating the alternate content by modifying the secondary content retrieved from the web server.
  - 14. The method of claim 11, wherein the user device specifies the remote destination in an HTTP request sent to the server via the connection.
  - 15. The method of claim 11, wherein the user device specifies the remote destination in an HTTPS request sent to the server via the connection.
  - 16. The method of claim 11, wherein the alternate content is a browser redirection message causing a web browser running on the user device to automatically redirect to a login portal.
  - 17. The method of claim 11, wherein the alternate content is a first page of content from a login portal.
  - 18. The method of claim 11, wherein the alternate content is a splash page with a user-clickable link or button to a login portal.
  - 19. The method of claim 11, further comprising redirecting all DNS queries received from the user device to the name server.

20. A non-transitory computer-readable medium comprising computer executable instructions that when executed by one or more computers cause the one or more computers to perform steps of:
- accepting a connection requested from a user device on a local computer network to an IP address of a server, the connection to the IP address of the server occurring as a result of a name server previously determining the user device to not be logged in to a captive portal system and providing the user device the IP address of the server as a resolved IP address of a target domain name, the user device thereafter caching the IP address of the server provided by the name server as the resolved IP address of the target domain name;
  
  determining whether the user device is logged in according to a source address of the user device;
  
  acting as a transparent proxy between the user device and a remote destination on an external network to thereby allow the user device to receive content from the remote destination via the connection in response to determining that the user device is logged in; and
  
  sending alternate content different than that provided by the remote destination to the user device via the connection when the user device is not logged in.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guest-tek Interactive Entertainment Ltd.
Original Assignee
Guest-tek Interactive Entertainment Ltd.
Inventors
Warrick, Peter S., Ong, David T.
Primary Examiner(s)
Pyzocha, Michael

Application Number

US16/033,331
Publication Number

US 20190007375A1
Time in Patent Office

509 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 61/4511   using domain name system [DNS]

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

DNS-based captive portal with integrated transparent proxy to protect against user device caching incorrect IP address

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DNS-based captive portal with integrated transparent proxy to protect against user device caching incorrect IP address

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links