Method and system for managing data traffic in wireless networks
First Claim
1. A method for managing access control and security with a gateway server interposed between a wireless local area network and a protected network, the method comprising the steps of:
- (a) receiving, by a first gateway server from a user of a mobile device that is in communication with the gateway server via a wireless access point, a request to access the protected network;
(b) authenticating the user by the gateway server using an authentication server external to the gateway server;
(c) assigning a role to the authenticated user; and
(d) providing access to the protected network based on the assigned role.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention can be used to facilitate the integration of wireless capability provided by wireless access points into an enterprise computer network. A gateway server is interposed between wireless access points and protected networks to provide security and integration functions, for example, authentication, access control, link privacy, link integrity, and bandwidth metering in various embodiments. Use of such a gateway server allows substantial control to be gained over network access even with the use of relatively simple access points. In general, such a gateway server receives a request to access the protected network. An authentication subsystem of the gateway server authenticates the user, preferably by accessing an external authentication server and returns a role to the authenticated user. An access controller in the gateway server provides differential access to the protected network based on the user'"'"'s assigned role. A multiple gateway servers can be connected together to form a mesh network architecture.
-
Citations
48 Claims
-
1. A method for managing access control and security with a gateway server interposed between a wireless local area network and a protected network, the method comprising the steps of:
-
(a) receiving, by a first gateway server from a user of a mobile device that is in communication with the gateway server via a wireless access point, a request to access the protected network;
(b) authenticating the user by the gateway server using an authentication server external to the gateway server;
(c) assigning a role to the authenticated user; and
(d) providing access to the protected network based on the assigned role. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A gateway server for interposition between a wireless local area network and a protected network, the server comprising:
-
(a) a receiver for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network;
(b) an authentication subsystem for externally authenticating the user;
(c) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user; and
(d) an access controller in communication with the assignor for providing access to the protected network based on the assigned role. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. The gateway server of clam 22 further comprising a detector for detecting unauthorized access points by monitoring network traffic and signals.
-
43. A gateway server for interposition between a wireless network and a protected network, the server comprising:
-
(a) means for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network;
(b) means for externally authenticating the user;
(c) means for assigning a role to the authenticated user; and
(d) means for providing access to the protected network based on the assigned role.
-
-
44. A mesh network of gateway servers comprising:
-
a plurality of gateway servers each in communication with a wireless local area network and a protected network, each of the plurality of gateway servers in communication with each other to facilitate hand-off of a mobile device from one of the plurality of gateway servers to another of the plurality of gateway servers, and, wherein each of the plurality of gateway servers comprises;
(i) a receiver for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network;
(ii) an authentication subsystem for externally authenticating the user;
(iii) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user; and
(iv) an access controller in communication with the assignor for providing access to the protected network based on the assigned role. - View Dependent Claims (45, 46, 47, 48)
-
Specification