Systems and methods for providing dynamic network authorization, authentication and accounting
DCFirst Claim
1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
- a database configured to be populated with configuration information;
a redirection-determination module in communication with the database, the redirection-determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;
a user-device-location-detection module that determines a network location of the user host device, the user-device-location-detection module configured to communicate information to the web-server about the network location, so that the web-server can provide network-location-specific information on the login portal; and
a network-packet-translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.
7 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods for selectably controlling and customizing source access to a network, where the source is associated with a source computer, and wherein the source computer has transparent access to the network via a gateway device and no configuration software need be installed on the source computer to access the network. A user may be prevented access from a particular destination or site based upon the user'"'"'s authorization while being permitted to access to other sites that the method and system deems accessible. The method and system can identify a source without that source'"'"'s knowledge, and can access customizable access rights corresponding to that source in a source profile database. The source profile database can be a remote authentication dial-in user service (RADIUS) or a lightweight directory access protocol (LDAP) database. The method and system use source profiles within the source profile database to dynamically authorize source access to networks and destinations via networks.
-
Citations
114 Claims
-
1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
-
a database configured to be populated with configuration information; a redirection-determination module in communication with the database, the redirection-determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database; a user-device-location-detection module that determines a network location of the user host device, the user-device-location-detection module configured to communicate information to the web-server about the network location, so that the web-server can provide network-location-specific information on the login portal; and a network-packet-translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A network system that provides network access to a user host device which sends network communications having a MAC address, the network system comprising:
-
a network connection configured to receive a network communication from the user host device, the network communication identifying at least an original source IP address, an original target IP address, and an original source MAC address, the communication including one or more packets; a database that contains configuration information comprising at least MAC addresses; a database lookup routine that determines whether the original source MAC address corresponds to configuration information in the database; a user-device-location-detection routine that determines a network location of the user host device, the user-device-location-detection routine configured to communicate information to a web-server about the network location, so that the web-server can provide network-location-specific information on a login portal; a user-communication-processing routine that receives and processes the network communication from the user host device to transmit a translated network communication, the network communication from the user host device including the original source MAC address of the user host device that is not authorized to access a network, the user-communication-processing routine configured to process the at least one network communication from the user host device so that the translated network communication has; a target IP address that is different from the original target IP address, that is associated with the network location of the user host device, and that corresponds to an IP address associated with a redirection server; and a second source IP address that is different from the an original source IP address and that corresponds to an IP address of the network device, the user-communication-processing routine communicating with the redirection server that is configured to generate browser redirection communication in response to the communication from the user-communication-processing routine; and a redirection-communication-processing routine that processes the browser redirect communication so that the browser redirect communication has; an IP source address that corresponds to the original target IP address of the processed user communication and a target IP address that corresponds to the IP address of the user host device, the redirection-communication-processing routing further configured to transmit the browser redirect communication to the host device. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
-
Specification