WLAN Access Integration with Physical Access Control System

US 20090119762A1
Filed: 03/06/2008
Published: 05/07/2009
Est. Priority Date: 11/06/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client;

determining user credential information associated with a user of the client based on one or more messages of the authentication session;

accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter;

conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

Citations

20 Claims

1. A method comprising:
- monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client;
  
  determining user credential information associated with a user of the client based on one or more messages of the authentication session;
  
  accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter;
  
  conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the determining comprises applying one or more access rules, wherein at least one of the one or more access rules permits access to the network based on the location of the client and the location of the user.
  - 3. The method of claim 1 wherein the determining comprises applying one or more access rules, wherein at least one of the one or more access rules permits access to the network based on an identity of the user.
  - 4. The method of claim 1 wherein the determining comprises applying one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the client of the user is inside a predefined range of a wireless access point within the predefined secured area.
  - 5. The method of claim 1 wherein the determining comprises applying one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the user is inside the predefined secured area.
  - 6. The method of claim 1 wherein the physical entry information comprises one or more ingress and egress points of the secured area.
  - 7. The method of claim 1 further comprising terminating client access to the network if the user leaves the secured area.
  - 8. The method of claim 1 further comprising determining a proximity of clients to a given user to ensure that multiple devices of the given user in different secured areas are not affected by the user entering or leaving a given secured area.
  - 9. The method of claim 1 further comprising conditionally allowing the client access to the network before completing a successful authentication of the client.

10. Logic encoded in one or more tangible media for execution and when executed operable to:
- monitor, responsive to a network access request of a client, an authentication session between an authentication server and the client;
  
  determine user credential information associated with a user of the client based on one or more messages of the authentication session;
  
  access, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter;
  
  conditionally allow the client access to a network based on the physical entry information and a successful authentication of the client.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The logic of claim 10 wherein the logic is further operable to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network based on the location of the client and the location of the user.
  - 12. The logic of claim 10 wherein the logic is further operable to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the client of the user is inside a predefined range of a wireless access point within the predefined secured area.
  - 13. The logic of claim 10 wherein the logic is further operable to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the user is inside the predefined secured area.
  - 14. The logic of claim 10 wherein the physical entry information comprises one or more ingress and egress points of the secured area.

15. An apparatus comprising:
- one or more processors;
  
  a memory;
  
  one or more network interfaces; and
  
  logic encoded in one or more tangible media for execution and when executed operable to cause the one or more processors to;
  
  monitor, responsive to a network access request of a client, an authentication session between an authentication server and the client;
  
  determine user credential information associated with a user of the client based on one or more messages of the authentication session;
  
  access, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter;
  
  conditionally allow the client access to a network based on the physical entry information and a successful authentication of the client.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15 wherein the logic is further operable to cause the one or more processors to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network based on the location of the client and the location of the user.
  - 17. The apparatus of claim 15 wherein the logic is further operable to cause the one or more processors to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the client of the user is inside a predefined range of a wireless access point within the predefined secured area.
  - 18. The apparatus of claim 15 wherein the logic is further operable to cause the one or more processors to apply one or more access rules, wherein at least one of the one or more access rules permits access to the network only if the user is inside the predefined secured area.
  - 19. The apparatus of claim 15 wherein the physical entry information comprises one or more ingress and egress points of the secured area.
  - 20. The apparatus of claim 15 wherein the logic is further operable to cause the one or more processors to terminate client access to the network if the user leaves the secured area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Glenn, Matthew, Gopal, Prabandham Madan, Purandare, Neeraj, Thomson, Allan, Dashora, Vinod

Application Number

US12/043,701
Publication Number

US 20090119762A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G07C 9/22   in combination with an iden...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04W 12/088   using filters or firewalls

H04W 88/08   Access point devices

WLAN Access Integration with Physical Access Control System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

WLAN Access Integration with Physical Access Control System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links