System and Method for Distributed Network Authentication and Access Control
First Claim
1. A computer method for controlling Internet access on a network, said method comprising:
- connecting at least one access device to said network, said at least one access device originating out-going data packets, each of said at least one access device being characterized by a unique hardware address;
accessing a redirection server via the Internet;
monitoring out-going data packets sent from said network to the Internet via a network monitoring device and verifying if an originator access device of an out-going data packet is authorized for Internet access, forwarding unimpededly all out-going packets originated from authorized access devices to the Internet and inspecting all out-going data packets originated from unauthorized access devices for determination of their target destination Internet websites, and checking if a determined target destination Internet website matches a predetermined authentication server website and in response to said checking forwarding a corresponding out-going data packet to said predetermined authentication server for a match found, said network monitoring device responding to a match not being found by disregarding the determined destination Internet website and forwarding the out-going data packet to said redirection server;
whereby all out-going data packets to the Internet gain access to the Internet irrespective of whether their respective originator access devices are authorized for Internet access.
0 Assignments
0 Petitions
Accused Products
Abstract
A user gains access to a private network by connecting to a network, either through a hardwired or wireless connection, and then initiates an Internet access request targeting any website. If the user is not already authorized for Internet access, then the user is sent to a first predetermined website that points the user to an authentication server accessible via the Internet. The authentication server sends the user an HTTP form pages requesting authentication information. When the user responds, a network monitoring device within the private network alters the form page to include the user'"'"'s hardware address and an encoded ID based on the network'"'"'s location. The authentication server forwards this data to a gate keeper server, which authenticates the new user and transmits an unblock message along with another encoded ID based on the network'"'"'s location and the user'"'"'s hardware address.
-
Citations
32 Claims
-
1. A computer method for controlling Internet access on a network, said method comprising:
-
connecting at least one access device to said network, said at least one access device originating out-going data packets, each of said at least one access device being characterized by a unique hardware address;
accessing a redirection server via the Internet;
monitoring out-going data packets sent from said network to the Internet via a network monitoring device and verifying if an originator access device of an out-going data packet is authorized for Internet access, forwarding unimpededly all out-going packets originated from authorized access devices to the Internet and inspecting all out-going data packets originated from unauthorized access devices for determination of their target destination Internet websites, and checking if a determined target destination Internet website matches a predetermined authentication server website and in response to said checking forwarding a corresponding out-going data packet to said predetermined authentication server for a match found, said network monitoring device responding to a match not being found by disregarding the determined destination Internet website and forwarding the out-going data packet to said redirection server;
whereby all out-going data packets to the Internet gain access to the Internet irrespective of whether their respective originator access devices are authorized for Internet access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for remotely authenticating a user on a private network via the Internet, the method comprising:
-
permitting said user access to said private network via a network access device, said access device being characterized by a unique hardware;
accessing an authentication server via the Internet;
monitoring the destination address of all out-going messages from said private network to the Internet via a network monitoring device and scanning the content of any message whose destination is said authentication server to search for a first predetermined identification code in said message, said network monitoring device responding to the detection of said first predetermined identification code by determining the hardware address of the access device that originated the message and generating a second identification code based on said hardware address, said network monitoring device further inserting said second identification code in said message before forwarding said message to said authentication server;
said authentication server responding to receipt of said forwarded message from said network monitoring device by decoding said hardware address from said second identification code;
generating and transmitting a third identification code based on said hardware address along with an unblock message to said network monitoring device. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification