Method and system for managing data traffic in wireless networks
First Claim
1. A method for managing access control and security with a gateway server interposed between a wireless local area network and a protected network, the method comprising the steps of:
- (a) receiving, by a first gateway server from a user of a mobile device that is in communication with the gateway server via a wireless access point, an indication of a request to access another server on the protected network;
(b) passively monitoring, at the gateway server, an authentication process between the user and the another server in which the user makes a request to authenticate to the another server and the another server authenticates the user;
(c) assigning a role to the authenticated user based on the another server with which the user authenticated; and
(d) providing access to the protected network based on the assigned role.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention can be used to facilitate the integration of wireless capability provided by wireless access points into an enterprise computer network. A gateway server is interposed between wireless access points and protected networks to provide security and integration functions, for example, authentication, access control, link privacy, link integrity, and bandwidth metering in various embodiments. Use of such a gateway server allows substantial control to be gained over network access even with the use of relatively simple access points. In general, such a gateway server receives a request to access the protected network. An authentication subsystem of the gateway server authenticates the user, preferably by accessing an external authentication server and returns a role to the authenticated user. An access controller in the gateway server provides differential access to the protected network based on the user'"'"'s assigned role. A multiple gateway servers can be connected together to form a mesh network architecture.
-
Citations
52 Claims
-
1. A method for managing access control and security with a gateway server interposed between a wireless local area network and a protected network, the method comprising the steps of:
-
(a) receiving, by a first gateway server from a user of a mobile device that is in communication with the gateway server via a wireless access point, an indication of a request to access another server on the protected network; (b) passively monitoring, at the gateway server, an authentication process between the user and the another server in which the user makes a request to authenticate to the another server and the another server authenticates the user; (c) assigning a role to the authenticated user based on the another server with which the user authenticated; and (d) providing access to the protected network based on the assigned role. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21, 22)
-
-
20. The method of clam 1 further comprising detecting unauthorized access points by monitoring network traffic.
-
23. A gateway server for interposition between a wireless local area network and a protected network, the server comprising:
-
(a) a receiver for receiving, from a user of a mobile device via a wireless access point, an indication of a request to access another server on the protected network; (b) an authentication subsystem for passively monitoring an authentication process in which the user makes a request to authenticate to the another server and the another server authenticates the user; (c) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user based on the another server with which the user authenticated; and (d) an access controller in communication with the assignor for providing access to the protected network based on the assigned role. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 36, 37, 38, 39, 40, 41, 43, 44)
-
- 32. The gateway server of claim 32, wherein the external authentication server used comprises a NTLM server.
-
42. The gateway server of clam 23 further comprising a detector for detecting unauthorized access points by monitoring network traffic and signals.
-
45. A gateway server for interposition between a wireless network and a protected network, the server comprising:
-
(a) means for receiving, from a user of a mobile device via a wireless access point, an indication of a request to access another server on the protected network; (b) means for passively monitoring an authentication process between the user and the another server in which the user makes a request to authenticate to another server and the another server authenticates the user; (c) means for assigning a role to the authenticated user based on the another server with which the user authenticated without authenticating the user to the gateway server; and (d) means for providing access to the protected network based on the assigned role.
-
-
46. A mesh network of gateway servers comprising:
- a plurality of gateway servers each in communication with a wireless local area network and a protected network, each of the plurality of gateway servers in communication with each other to facilitate hand-off of a mobile device from one of the plurality of gateway servers to another of the plurality of gateway servers, and, wherein each of the plurality of gateway servers comprises;
(i) a receiver for receiving, from a user of a mobile device via a wireless access point, an indication of a request to access another server on the protected network; (ii) an authentication subsystem for passively monitoring an authentication process in which the user makes a request to authenticate to the another server and the another server authenticates the user; (iii) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user based on the another server with which the user authenticated; and (iv) an access controller in communication with the assignor for providing access to the protected network based on the assigned role. - View Dependent Claims (47, 48, 49, 50, 51, 52)
- a plurality of gateway servers each in communication with a wireless local area network and a protected network, each of the plurality of gateway servers in communication with each other to facilitate hand-off of a mobile device from one of the plurality of gateway servers to another of the plurality of gateway servers, and, wherein each of the plurality of gateway servers comprises;
Specification