System for distributed network authentication and access control
First Claim
1. A system for controlling Internet access on a network, said system comprising:
- at least one access device for connecting to said network and for originating out-going data packets, each of said at least one access device being characterized by a unique hardware address;
a redirection server accessible via the Internet;
a network monitoring device for monitoring out-going data packets sent from said network to the Internet and for verifying if an originator access device of an out-going data packet is authorized for Internet access, all out-going packets originated from authorized access devices being forwarded unimpeded to the Internet and all out-going data packets originated from unauthorized access devices being inspected for determination of their target destination Internet websites, and for checking if a determined target destination Internet website matches a predetermined authentication server website and in response to said checking forwarding a corresponding out-going data packet to said predetermined authentication server, said network monitoring device responding to a match not being found by disregarding the determined destination Internet website and forwarding the out-going data packet to said redirection server;
whereby all out-going data packets to the Internet gain access to the Internet irrespective of whether their respective originator access devices are authorized for Internet access.
2 Assignments
0 Petitions
Accused Products
Abstract
A user gains access to a private network by connecting to a network, either through a hardwired or wireless connection, and then initiates an Internet access request targeting any website. If the user is not already authorized for Internet access, then the user is sent to a first predetermined website that points the user to an authentication server accessible via the Internet. The authentication server sends the user an HTTP form pages requesting authentication information. When the user responds, a network monitoring device within the private network alters the form page to include the user'"'"'s hardware address and an encoded ID based on the network'"'"'s location. The authentication server forwards this data to a gate keeper server, which authenticates the new user and transmits an unblock message along with another encoded ID based on the network'"'"'s location and the user'"'"'s hardware address.
210 Citations
32 Claims
-
1. A system for controlling Internet access on a network, said system comprising:
-
at least one access device for connecting to said network and for originating out-going data packets, each of said at least one access device being characterized by a unique hardware address; a redirection server accessible via the Internet; a network monitoring device for monitoring out-going data packets sent from said network to the Internet and for verifying if an originator access device of an out-going data packet is authorized for Internet access, all out-going packets originated from authorized access devices being forwarded unimpeded to the Internet and all out-going data packets originated from unauthorized access devices being inspected for determination of their target destination Internet websites, and for checking if a determined target destination Internet website matches a predetermined authentication server website and in response to said checking forwarding a corresponding out-going data packet to said predetermined authentication server, said network monitoring device responding to a match not being found by disregarding the determined destination Internet website and forwarding the out-going data packet to said redirection server; whereby all out-going data packets to the Internet gain access to the Internet irrespective of whether their respective originator access devices are authorized for Internet access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for remotely authenticating a user on a private network via the Internet, the system comprising:
-
a network access device for permitting said user access to said private network, said access device being characterized by a unique hardware; an authentication server accessible via the Internet; a network monitoring device for monitoring the destination address of all out-going messages from said private network to the Internet and for scanning the content of any message whose destination is said authentication server to search for a first predetermined identification code in said message, said network monitoring device responding to the detection of said first predetermined identification code by determining the hardware address of the access device that originated the message and generating a second identification code based on said hardware address, said network monitoring device further inserting said second identification code in said message before forwarding said message to said authentication server; said authentication server responding to receipt of said forwarded message from said network monitoring device by decoding said hardware address from said second identification code;
a third identification code based on said hardware address being generated and transmitted along with an unblock message from said authentication server to said network monitoring device. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification