Controlling access to a network using redirection
First Claim
1. A method for controlling access to a network, said method comprising:
- receiving, by an access point (AP) of said network, a request to access said network, said request transmitted by a client;
re-directing, by said AP, said access request to a local server;
associating unique data with an identifier of said client and storing a mapping of said association in said AP;
generating a Web page by said local server requesting that said client select an authentication server (AS) and including said unique data and forwarding said generated Web page to said client;
transmitting an authentication request to said selected authentication server; and
receiving a response to said authentication request from said selected authentication server.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism to improve the security and access control over a network, such as a wireless local area network (“WLAN”), that takes advantage of web browser interactions without requiring explicit separate communication session between a hot spot network and a service provider network. The method comprises receiving a request to access the WLAN from a mobile terminal (MT)/client disposed within a coverage area of the WLAN. The access point (AP) of the network associates a session ID and randomized number with an identifier associated with the MT and stores data mapping the session ID to the identifier of the MT and randomized number. The local server transmits an authentication request in the form of a web page, which includes the session ID and randomized number, to the MT. The AP receives from the MT a digitally signed authentication message, a parameter list containing user credential information, session ID, and randomized number concerning the MT, the authentication message being digitally signed using the session ID and randomized number together with the parameter list. The AP correlates the session ID and parameter list received from the MT and, using the stored mapping data, generates a local digital signature for comparison with the received digitally signed authentication message for controlling access of the MT to the WLAN.
-
Citations
57 Claims
-
1. A method for controlling access to a network, said method comprising:
-
receiving, by an access point (AP) of said network, a request to access said network, said request transmitted by a client;
re-directing, by said AP, said access request to a local server;
associating unique data with an identifier of said client and storing a mapping of said association in said AP;
generating a Web page by said local server requesting that said client select an authentication server (AS) and including said unique data and forwarding said generated Web page to said client;
transmitting an authentication request to said selected authentication server; and
receiving a response to said authentication request from said selected authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 34, 36, 41, 52)
-
-
14. (canceled)
-
15. (canceled)
-
16. (canceled)
-
17. (canceled)
-
18. (canceled)
-
19. (canceled)
-
20. (canceled)
-
21. (canceled)
-
22. (canceled)
-
23. (canceled)
-
24. (canceled)
-
25. A system for controlling access to a network comprising:
-
a client;
an access point (AP) coupled to a local server (LS) for relaying network communications to and from the client; and
an authentication server for performing an authentication process in response to a request from the client;
whereinthe AP, in response to a re-directed request to access the network from the client, associates unique data with an identifier of the client and stores a mapping of the association;
the LS transmits the unique data to the client;
the authentication server, upon authenticating the client using the unique data, is operative to provide a re-direct header for access to the client including a digitally signed authentication message and authentication parameters corresponding to the unique data, the AP receiving the digitally signed retrieved re-directed URL and authentication parameters from the client and the AP further correlating the authentication parameters with the mapped association data for determining access to the network based on the results of the correlation. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
-
-
35. (canceled)
-
37. (canceled)
-
38. (canceled)
-
39. (canceled)
-
40. (canceled)
-
42. A method for controlling network access, said method comprising:
-
receiving a request for network access;
re-directing said request via a message;
receiving a client identifier and unique data;
associating said unique data and said client identifier;
receiving a re-directed universal resource locator included embedded information;
generating a local digital signature using said embedded information and said association between said unique data and said client identifier;
comparing said local digital signature with a digital signature received in said embedded information;
granting network access if said local digital signature matches said digital signature received in said embedded information; and
deny network access if said local digital signature does not match said digital signature received in said embedded information. - View Dependent Claims (43, 44)
-
-
45. A system for controlling network access, comprising:
-
means for receiving a request for network access;
means for re-directing said request via a message;
means for receiving a client identifier and unique data;
means for associating said unique data and said client identifier;
means for receiving a re-directed universal resource locator included embedded information;
means for generating a local digital signature using said embedded information and said association between said unique data and said client identifier;
means for comparing said local digital signature with a digital signature received in said embedded information;
means for granting network access if said local digital signature matches said digital signature received in said embedded information; and
means for deny network access if said local digital signature does not match said digital signature received in said embedded information. - View Dependent Claims (46, 47)
-
-
48. A method for controlling network access, said method comprising:
-
receiving a re-directed request for network access via a message;
transmitting a client identifier and unique data; and
generating a web page including embedded data. - View Dependent Claims (49, 50)
-
-
51. A system for controlling network access, comprising:
-
means for receiving a re-directed request for network access via a message;
means for transmitting a client identifier and unique data; and
means for generating a web page including embedded data. - View Dependent Claims (53)
-
-
54. A method for controlling network access, said method comprising:
-
receiving an authentication user input message;
transmitting authentication input page requesting authentication information;
receiving authentication credentials; and
transmitting an authentication message indicating one of success and failure of an authentication process. - View Dependent Claims (55)
-
-
56. A system for controlling network access, comprising:
-
means for receiving an authentication user input message;
means for transmitting authentication input page requesting authentication information;
means for receiving authentication credentials; and
means for transmitting an authentication message indicating one of success and failure of an authentication process. - View Dependent Claims (57)
-
Specification