Systems and methods for providing dynamic network authorization authentication and accounting

US 7,194,554 B1
Filed: 10/20/2000
Issued: 03/20/2007
Est. Priority Date: 12/08/1998
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for selectably controlling and customizing source access to a network, wherein the source is associated with a source computer, comprising:

receiving at the gateway device a request from the source computer for access to the network wherein the gateway device enables the source computer to access any network regardless of network configurations via a packet translation learned during a self configuration and no configuration software need be installed on the source computer to access the network;

identifying an attribute associated with the source based upon a packet transmitted from the source computer and received by the gateway device;

accessing a source profile corresponding to the source and stored in a source profile database, wherein the source profile is accessed based upon the attribute, and wherein the source profile database is located external to the gateway device and in communication with the gateway device, anddetermining the access rights of the source based upon the source profile, wherein access rights define the rights of the source to access the network.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Systems and methods for selectably controlling and customizing source access to a network, where the source is associated with a source computer, and wherein the source computer has transparent access to the network via a gateway device and no configuration software need be installed on the source computer to access the network. A user may be prevented access from a particular destination or site based upon the user'"'"'s authorization while being permitted to access to other sites that the method and system deems accessible. The method and system can identify a source without that source'"'"'s knowledge, and can access customizable access rights corresponding to that source in a source profile database. The source profile database can be a remote authentication dial-in user service (RADIUS) or a lightweight directory access protocol (LDAP) database. The method and system use source profiles within the source profile database to dynamically authorize source access to networks and destinations via networks.

334 Citations

24 Claims

1. A method for selectably controlling and customizing source access to a network, wherein the source is associated with a source computer, comprising:
- receiving at the gateway device a request from the source computer for access to the network wherein the gateway device enables the source computer to access any network regardless of network configurations via a packet translation learned during a self configuration and no configuration software need be installed on the source computer to access the network;
  
  identifying an attribute associated with the source based upon a packet transmitted from the source computer and received by the gateway device;
  
  accessing a source profile corresponding to the source and stored in a source profile database, wherein the source profile is accessed based upon the attribute, and wherein the source profile database is located external to the gateway device and in communication with the gateway device, anddetermining the access rights of the source based upon the source profile, wherein access rights define the rights of the source to access the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining the access rights of the source based upon the source profile comprises determining the access rights of the source based upon the source profile, wherein access rights define the rights of the source to access a requested network destination.
  - 3. The method of claim 1, further comprising assigning a location identifier to the location from which requests for access to the network are transmitted, and wherein the location identifier is the attribute associated with the source.
  - 4. The method of claim 1, wherein accessing a source profile corresponding to the source comprises accessing a source profile stored in a source profile database, wherein the source profile database comprises a remote authentication dial-in user service (RADIUS).
  - 5. The method of claim 1, wherein accessing a source profile corresponding to the source comprises accessing a source profile stored in a source profile database, wherein the source profile database comprises a lightweight directory access protocol (LDAP) database.
  - 6. The method of claim 1, further comprising updating the source profile database when a new source accesses the network.
  - 7. The method of claim 1, further comprising maintaining in the source profile database a historical log of the source'"'"'s access to the network.
  - 8. The method of claim 1, wherein the attribute associated with the source is based upon one of a MAC address, User ID or VLAN ID associated with the source computer from which the request for access to the network was transmitted.
  - 9. The method of claim 1, wherein receiving at the gateway device a request from a source for access comprises the step of receiving a destination address from the source.

10. A system for selectably controlling and customizing access, to a network, by a source, where the source is associated with a source computer, and wherein no configuration software need be installed on the source computer to access the network, comprising:
- a gateway device, wherein the gateway device receives a request from the source for access to the network and provides the source computer with access to the network regardless of network configurations via a packet translation learned during a self configuration;
  
  a source profile database in communication with the gateway device and located external to the gateway device, wherein the source profile database stores access information identifiable by an attribute associated with the source, and wherein the attribute is identified based upon a data packet transmitted from the source computer and received by the gateway device, andan Authentication, Authorization and Accounting (AAA) server in communication with the gateway device and source profile database, wherein the AAA server determines if the source is entitled to access the network based upon the access information stored within the source profile database, and wherein the AAA server determines the access rights of the source, wherein access rights define the rights of the source to access destination sites via the network.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the packet received by the gateway device include at least one of VLAN ID, a circuit ID, and a MAC address.
  - 12. The system of claim 10, wherein the source profile database comprises a remote authentication dial-in user service (RADIUS).
  - 13. The system of claim 10, wherein the source profile database comprises a lightweight directory access protocol (LDAP) database.
  - 14. The system of claim 10, wherein the source profile database includes a plurality of source profiles, wherein each respective source profile of the plurality of source profiles contains access information.
  - 15. The system of claim 14, wherein each respective source profile contains historical data relating to the duration of network access for use in determining the charges due for the network access.
  - 16. The system of claim 10, wherein the source profile database is located within the AAA server.

17. A method for redirecting a source attempting to access a destination through a gateway device, wherein source is associated with a source computer, and wherein the gateway device enables the source to communicate with a network, comprising:
- receiving at the gateway device a request from the source to access the network regardless of network configurations via a packet translation learned during a self configuration and without requiring the source computer to include network software configured for the network;
  
  identifying the source based upon an attribute associated with the source;
  
  accessing a source profile database located external to the gateway device, the source profile database storing access rights of the source;
  
  determining the access rights of the source based upon the identification of the source, wherein the access rights define the rights of the source to access destination sites via the network; and
  
  directing the source to a redirection site when the source profile is not located within the source profile database.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, wherein accessing a source profile database comprises accessing a source profile database comprising a remote authentication dial-in user service (RADIUS).
  - 19. The method of claim 17, wherein accessing a source profile database comprises accessing a source profile database comprising a lightweight directory access protocol (LDAP) database.
  - 20. The method of claim 17, further comprising assigning a location identifier to the location from which requests for access to the network are transmitted, and wherein the location identifier is the attribute associated with the source.
  - 21. The method of claim 17, further comprising updating the source profile database when a new source accesses the network.
  - 22. The method of claim 17, further comprising maintaining in an accounting database a historical log of the source'"'"'s access to the network, wherein the accounting database is in communication with the source profile database.
  - 23. The method of claim 17, wherein receiving at the gateway device a request from a source for access comprises the step of receiving a destination address from the source.
  - 24. The method of claim 19, wherein determining if the source computer is entitled to access the destination address further comprises denying the source computer access where the source profile indicates that the source computer is denied access.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Original Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Inventors
Short, Joel E., Pagan, Florence C. I., Goldstein, Josh J.
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
WON, MICHAEL YOUNG

Application Number

US09/693,060
Time in Patent Office

2,342 Days
Field of Search

709/229, 709/227, 709/225, 709/230, 709/217, 709/220, 709/246
US Class Current

709/246
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

H04W 36/12   Reselecting a serving backb...

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 88/16   Gateway arrangements

Systems and methods for providing dynamic network authorization authentication and accounting

First Claim

8 Assignments

Litigations

0 Petitions

Accused Products

Abstract

334 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for providing dynamic network authorization authentication and accounting

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

334 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others