Method and apparatus for location-based white lists in a telecommunications network

US 20060069782A1
Filed: 09/16/2004
Published: 03/30/2006
Est. Priority Date: 09/16/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of determining whether access to a host requested by a client session connection is permitted, the method comprising the computer-implemented steps of:

determining attributes of the client session connection;

selecting a list of hosts based on the determined attributes of the client session connection;

using the list of hosts to determine whether access to the requested host is permitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for determining whether access to a host requested by a client session connection is permitted. After determining attributes of the client session connection, a list of hosts is selected based on the determined attributes of the client session connection. The list of hosts is then used to determine whether access to the requested host is permitted. The disclosed method can be used to allow for location-specific white lists of free URLs for a user at a wireless network hotspot that the user can access before being authenticated.

Citations

35 Claims

1. A method of determining whether access to a host requested by a client session connection is permitted, the method comprising the computer-implemented steps of:
- determining attributes of the client session connection;
  
  selecting a list of hosts based on the determined attributes of the client session connection;
  
  using the list of hosts to determine whether access to the requested host is permitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as recited in claim 1, wherein the list of hosts is a white list of permissible hosts, and the step of using the list of hosts to determine whether access to the requested host is permitted comprises determining whether the requested host is in the list of hosts, and if the requested host is in the list, allowing the client session connection to access the requested host.
  - 3. A method as recited in claim 2, wherein the list of hosts is a white list of free access URLs.
  - 4. A method as recited in claim 1, wherein the list of hosts is a black list of impermissible hosts, and the step of using the list of hosts to determine whether access to the requested host is permitted comprises determining whether the requested host is in the list of hosts, and if the requested host is not in the list, allowing the client session connection to access to the requested host.
  - 5. A method as recited in claim 1, additionally comprising the step of mapping the determined attributes of the client session to a location and selecting a list of hosts based on the location.
  - 6. A method as recited in claim 1, wherein the step of determining attributes of the client session connection comprises obtaining a Complete ID for the client session connection.
  - 7. A method as recited in claim 6, wherein the Complete ID includes at least one attribute selected from the group consisting of IP address, MAC address, VPI, VCI, Subnet address and MISIDN.
  - 8. A method as recited in claim 1, wherein the client session connection is originated by an authenticated user.
  - 9. A method as recited in claim 1, wherein the client session connection is originated by a user at a PwLAN hotspot.
  - 10. A method as recited in claim 9, wherein the user has not been authenticated.
  - 11. A method as recited in claim 1, wherein the list of hosts includes at least one partial domain name.
  - 12. A method as recited in claim 1, wherein the list of hosts includes at least one group list identifier, said group list identifier identifying a separate list of hosts, and the step of using the list of hosts to determine whether access to the requested host is permitted comprises determining whether the requested host is in the list of hosts or in the separate list of hosts identified by the group list identifier.
  - 13. A method as recited in claim 12, wherein the group list identifier identifies a group by a location.

14. A method of determining whether access to a host requested by a client session connection is permitted, the method comprising the computer-implemented steps of:
- determining attributes of the client session connection;
  
  resolving a location of the client session connection through attributes of the client session connection;
  
  selecting a list of hosts based on the location of the client session connection;
  
  using the list of hosts to determine whether access to the requested host is permitted.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein location is resolved by comparing attributes of the client session connection with stored configuration data.

16. A system for managing a white list service in a telecommunications network, said system comprising:
- a gateway server, and a edge services manager, wherein said edge services manager comprises a captive portal application;
  
  wherein said gateway server is configurable to redirect a request from a user to a particular port of the captive portal application, said particular port being determined through attributes of the user'"'"'s connection to the telecommunications network.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein if the user is authenticated, the particular port is determined by the user'"'"'s subscriber information, and when the captive portal receives the request redirected to the determined particular port, a white list specific to the user'"'"'s subscription is applied by the captive portal application.
  - 18. The system of claim 16, wherein if the user is not authenticated, the particular port is a port configured for unauthenticated users.
  - 19. The system of claim 18, wherein the Captive Portal determines a location for the unauthenticated user from attributes of the user'"'"'s connection and applies a white list configured for that location.
  - 20. The system of claim 16, wherein said edge services manager additionally comprises a web proxy server, and the gateway is configured to redirect all requests from authenticated users to the web proxy server.

21. A computer-readable medium carrying one or more sequences of instructions for determining whether access to a host requested by a client session connection is permitted, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- determining attributes of the client session connection;
  
  selecting a list of hosts based on the determined attributes of the client session connection;
  
  using the list of hosts to determine whether access to the requested host is permitted.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. A computer-readable medium as recited in claim 21, wherein the list of hosts is a white list of permissible hosts, and the instructions for causing the one or more processors to use the list of hosts to determine whether access to the requested host is permitted further comprises instructions that cause the one or more processors to carry out the step of:
    - determining whether the requested host is in the list of hosts, and if the request host is in the list, allowing the client session connection to access the requested host.
  - 23. A computer-readable medium as recited in claim 22, wherein the list of hosts is a white list of free access URLs.
  - 24. A computer-readable medium as recited in claim 21, wherein the list of hosts is a black list of impermissible hosts, and the instructions for causing the one or more processors to use the list of hosts to determine whether access to the requested host is permitted further comprises instructions that cause the one or more processors to carry out the step of:
    - determining whether the requested host is in the list of hosts, and if the request host is not in the list, allowing the client session connection to access the requested host.
  - 25. A computer-readable medium as recited in claim 21, additionally comprising instructions that case the one or more processors to carry out the step of:
    - mapping the determined attributes of the client session to a location and selecting a list of hosts based on the location.
  - 26. A computer-readable medium as recited in claim 21, wherein instructions that cause the one or more processors to determine attributes of the client session comprise instructions for carrying the step of obtaining a Complete ID for the client session connection.
  - 27. A computer-readable medium as recited in claim 26, wherein the Complete ID includes at least one attribute selected from the group consisting of IP address, MAC address, VPI, VCI, Subnet address and MISIDN.
  - 28. A computer-readable medium as recited in claim 21, wherein the list of hosts includes at least one partial domain name.
  - 29. A computer-readable medium as recited in claim 21, wherein the list of hosts includes at least one group list identifier, said group list identifier identifying a separate list of hosts, and the instructions that cause the one or more processors to use the list of hosts to determine whether access to the requested host is permitted comprises instructions for determining whether the requested host is in the list of hosts or in the separate list of hosts identified by the group list identifier.
  - 30. A computer-readable medium as recited in claim 29, wherein the group list identifier identifies a group by a location.

31. A system for providing a dynamic white list service, comprising:
- a network management system comprising a Captive Portal and a Web Portal, said Captive Portal including a listener port configured to receive requests from unauthenticated users; and
  
  a gateway configured to redirect requests from unauthenticated users to the listener port of the Captive Portal configured to receive requests from unauthenticated users;
  
  wherein for each request redirected by the gateway to the listener port, the Captive Portal determines a location for a request, and selects a white list of hosts based on the determined location.
- View Dependent Claims (32, 33)
- - 32. The system of claim 31, wherein if a request is requesting access to a host in the selected white list of hosts, the Captive Portal proxies the request.
  - 33. The system of claim 31, wherein said Captive Portal additionally includes at least one listener port configured to receive requests for users authenticated for a service.

34. A method of managing a client session connection in a wireless network, the method comprising the computer-implemented steps of:
- receiving a request from a user'"'"'s client session for access to a host;
  
  determining attributes of the client session connection;
  
  if the determined attributes indicate that the user has been authenticated for a service, selecting a list of hosts that is associated with the authenticated service;
  
  if the determined attributes indicate that the user has not been authenticated, mapping the determined attributes to a location of the user, and selecting a list of hosts associated with the location; and
  
  using the selected list of hosts to determine whether access to the requested host is permitted.

35-36. -36. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Manning, Michael, Burshan, Chen Yehezkel, Wilkins, Gregory John, Kumar, Ritesh, Sowatskey, Nathan John

Application Number

US10/944,484
Publication Number

US 20060069782A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/52   specially adapted for the l...

H04L 9/40   Network security protocols

Method and apparatus for location-based white lists in a telecommunications network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for location-based white lists in a telecommunications network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links