Method and apparatus for managing proxy and non-proxy requests in telecommunications network

US 20060056317A1
Filed: 04/19/2005
Published: 03/16/2006
Est. Priority Date: 09/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of determining a user-defined location that is associated with a client connection in a telecommunications network, comprising:

determining attributes of the client connection;

comparing determined attributes with location definition information stored in a configuration file; and

determining at least one user-defined location in the location definition information associated with the client connection based on the comparison.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for determining a location of a client session in a telecommunications network by comparing attributes of the client session connection to location definition information stored in a configuration file. A method of handling requests from proxy and non-proxy client connections in a telecommunications network by redirecting requests from unauthenticated proxy clients to a transparent proxy port on a captive portal such that the captive portal proxies the requests is also disclosed. The request may be directed to a service, such as a destination IP address and optional port number. A method for a proxy server to identify an edge session through an out-of-band request containing proxy metadata to a web portal for secure (HTTPS) requests is also disclosed. The edge session is identified for the web portal through a hostkey determined by the proxy server.

Citations

29 Claims

1. A method of determining a user-defined location that is associated with a client connection in a telecommunications network, comprising:
- determining attributes of the client connection;
  
  comparing determined attributes with location definition information stored in a configuration file; and
  
  determining at least one user-defined location in the location definition information associated with the client connection based on the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the step of comparing determined attributes with location definition information comprises comparing determined attributes with at least one Location object created from the location definition information stored in the configuration file.
  - 3. The method of claim 2, wherein a Location object comprises a MBean.
  - 4. The method of claim 1, wherein the location definition information comprises at least two hierarchically defined locations.
  - 5. The method of claim 1, wherein the location definition information comprises at least one location group definition, said defined location group comprising at least two defined locations.
  - 6. The method of claim 1, wherein a network management action selected from the group consisting of determining payment methods, determining rate information, setting quality of service parameters, determining whether access is allowed, and selecting a white list, is performed based at least in part on the at least one determined user-defined location.
  - 7. The method of claim 1, additionally comprising the step of determining a network management application for redirecting the client connection to based at least in part on the at least one determined user-defined location.
  - 8. The method of claim 1, wherein the step of determining attributes of the client connection comprises obtaining a Complete ID for the client session connection.
  - 9. The method of claim 8, wherein the Complete ID includes at least one attribute selected from the group consisting of IP address, MAC address, VPI, VCI, Subnet address and MSISDN.
  - 10. The method of claim 1, wherein said location definition information defines at least one location as a MAC address lookup, an IP address range, a VPI subnet range, or a combination of IP address range and VPI subnet range.
  - 11. The method of claim 1, wherein the client connection is originated by a user at a wireless access point.
  - 12. The method of claim 1, wherein the configuration file additionally includes white list definition information.
  - 13. The method of claim 1, wherein the client connection is initiated by an unauthenticated user.

14. A computer readable medium comprising one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to determine a user-defined location that is associated with a client connection by performing the steps of:
- determining attributes of the client connection;
  
  comparing determined attributes with location definition information stored in a configuration file; and
  
  determining at least one user-defined location in the location definition information associated with the client connection based on the comparison.

15. A method of processing requests from proxy and non-proxy client session connections in a telecommunications network, comprising the computer-implemented steps of:
- (a) receiving a request from a client session connection;
  
  (b) determining whether the request is from an authenticated user;
  
  (c) if the user is authenticated and the client session connection is a proxy connection, then redirecting the request to a web proxy server; and
  
  (d) if the user is unauthenticated, then redirecting the request to a transparent proxy port on an edge services manager captive portal, wherein the captive portal proxies requests received on the transparent proxy port through a transparent proxy.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the request is directed to a first service, step (c) additionally comprising the steps of:
    - determining whether the user is authorized to access the first service; and
      
      if the user is not authorized, then redirecting the request to the transparent proxy port on the edge services manager captive portal.
  - 17. The method of claim 15, wherein step (d) additionally comprises the computer-implemented steps of:
    - if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal of the edge services manager.
  - 18. The method of claim 15, wherein step (b) comprises the computer-implemented steps of:
    - determining attributes of the client session connection; and
      
      determining whether the user is authenticated from the determined attributes.

19. A system for processing requests from client connections in a telecommunications network, comprising:
- an edge device;
  
  a web proxy server; and
  
  a network management system comprising;
  
  a captive portal, and a web portal;
  
  wherein a request from a client connection associated with an unauthenticated user is redirected from the edge device to a transparent proxy port on the captive portal; and
  
  a request from a proxy client connection associated with authenticated user is redirected from the edge device to the web proxy server.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein the captive portal proxies a request received on the transparent proxy portal if the request is directed to a service authorized for unauthenticated users, and the captive portal redirects the request to the web portal if the request is directed to a service that is not authorized for unauthenticated users.
  - 21. The system of claim 19, wherein a request from a proxy client connection associated with an authenticated user is redirected from the edge device to a transparent proxy port on the captive portal if the request is directed to a service that the user is not authorized to access.

22. A method for web portal to identify an edge session, comprising the steps of:
- a proxy server receiving a secure request from the edge session;
  
  the proxy server opening a connection to a web portal;
  
  the proxy server making an out-of-band request to the web portal, said out-of-band request containing proxy meta-data; and
  
  the web portal using the proxy meta-data to determine a hostkey, said hostkey identifying the edge session.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, wherein the proxy meta-data comprises remote address information, remote port information, address and port that the proxy server received the request on, and source address and port of the connection from the proxy server to the web portal.
  - 24. The method of claim 22, wherein the step of the web portal using the proxy meta-data to determine a hostkey comprises using remote address and port of the connection from the proxy server to the web portal in the proxy meta-data to look up the hostkey.
  - 25. The method of claim 22, wherein the proxy server is a captive portal.
  - 26. The method of claim 22, wherein the secure request is a HTTPS request.

27. A system comprising:
- a web portal; and
  
  a proxy server;
  
  wherein if a secure request from an edge session is received by the proxy server;
  
  the proxy server opens a connection to the web portal and makes a request to the web portal, said request including proxy meta-data; and
  
  the web portal identifies the edge session from the proxy meta-data; and
  
  wherein if a non-secure request is received by the proxy server, the proxy server adds proxy meta-data to the non-secure request.
- View Dependent Claims (28, 29)
- - 28. The system of claim 27, wherein the proxy meta-data comprises remote address information, remote port information, address and port that the proxy server received the request on, and source address and port of the connection from the proxy server to the web portal.
  - 29. The system of claim 27, wherein the web portal uses the remote address and port of the connection from the proxy server to the web portal in the proxy meta-data to look up the hostkey.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chen Yehezkel Burshan, Gregory John Wilkins, Michael Manning, Nathan John Sowatskey, Ritesh Kumar
Original Assignee
Chen Yehezkel Burshan, Gregory John Wilkins, Michael Manning, Nathan John Sowatskey, Ritesh Kumar
Inventors
Manning, Michael, Burshan, Chen Yehezkel, Wilkins, Gregory John, Kumar, Ritesh, Sowatskey, Nathan John

Granted Patent

US 8,127,008 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/254
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/52   specially adapted for the l...

H04L 9/40   Network security protocols

Method and apparatus for managing proxy and non-proxy requests in telecommunications network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing proxy and non-proxy requests in telecommunications network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links