Systems and methods for providing dynamic network authorization, authentication and accounting

US 7,689,716 B2
Filed: 06/28/2006
Issued: 03/30/2010
Est. Priority Date: 12/08/1998
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:

a database configured to be populated with configuration information;

a redirection-determination module in communication with the database, the redirection-determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;

a user-device-location-detection module that determines a network location of the user host device, the user-device-location-detection module configured to communicate information to the web-server about the network location, so that the web-server can provide network-location-specific information on the login portal; and

a network-packet-translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.

View all claims

7 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

Systems and methods for selectably controlling and customizing source access to a network, where the source is associated with a source computer, and wherein the source computer has transparent access to the network via a gateway device and no configuration software need be installed on the source computer to access the network. A user may be prevented access from a particular destination or site based upon the user'"'"'s authorization while being permitted to access to other sites that the method and system deems accessible. The method and system can identify a source without that source'"'"'s knowledge, and can access customizable access rights corresponding to that source in a source profile database. The source profile database can be a remote authentication dial-in user service (RADIUS) or a lightweight directory access protocol (LDAP) database. The method and system use source profiles within the source profile database to dynamically authorize source access to networks and destinations via networks.

Citations

114 Claims

1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
- a database configured to be populated with configuration information;
  
  a redirection-determination module in communication with the database, the redirection-determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;
  
  a user-device-location-detection module that determines a network location of the user host device, the user-device-location-detection module configured to communicate information to the web-server about the network location, so that the web-server can provide network-location-specific information on the login portal; and
  
  a network-packet-translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
- - 2. The network gateway of claim 1, wherein the web-server is internal to the network gateway.
  - 3. The network gateway of claim 1, wherein the configuration database is internal to the network gateway.
  - 4. The network gateway of claim 1, wherein the login portal presents billing information.
  - 5. The network gateway of claim 1, wherein the login portal presents network connection service options.
  - 6. The network gateway of claim 1, wherein the configuration information comprises authentication information.
  - 7. The network gateway of claim 1, wherein the database is searchable by MAC address.
  - 8. The network gateway of claim 1, wherein the web-server provides bandwidth information on the login portal.
  - 9. The network gateway of claim 1, wherein the web-server provides billing information on the login portal.
  - 10. The network gateway of claim 1, wherein the web-server provides service level information on the login portal.
  - 11. The network gateway of claim 1, wherein the configuration information in said database comprises one or more MAC addresses associated with one or more user host devices.
  - 12. The network gateway of claim 1, wherein the configuration information comprises a circuit ID.
  - 13. The network gateway of claim 1, wherein the configuration information comprises a MAC address.
  - 14. The network gateway of claim 1, wherein the configuration information comprises a user name.
  - 15. The network gateway of claim 1, wherein the configuration information comprises a user ID.
  - 16. The network gateway of claim 1, wherein the configuration information comprises a user password.
  - 17. The network gateway of claim 1, wherein the configuration information comprises a location of the user host device.
  - 18. The network gateway of claim 1, wherein the configuration information comprises a communications port.
  - 19. The network gateway of claim 1, wherein the database is in communication with a AAA server.
  - 20. The network gateway of claim 19, wherein the AAA server is in communication with a second network gateway.
  - 21. The network gateway of claim 1, wherein the redirection-determination module is located internal to the gateway device.
  - 22. The network gateway of claim 1, wherein the redirection-determination module is located external to the gateway device.
  - 23. The network gateway of claim 1, wherein the login portal is configured to be displayed in a web browser on the user host device.
  - 24. The network gateway of claim 1, wherein the login portal comprises an applet configured to be executed on the user host device.
  - 25. The network gateway of claim 1, wherein the network location is a hotel room.
  - 26. The network gateway of claim 1, wherein the network location is an apartment address.
  - 27. The network gateway of claim 1, wherein the network location is encoded using Virtual Local Area Network tagging.
  - 28. The network gateway of claim 1, wherein the network location is an individual unit in a multi-resident dwelling environment.
  - 29. The network gateway of claim 1, wherein the network location is a room in an apartment building.
  - 30. The network gateway of claim 1, wherein the network location is floor within a building.
  - 31. The network gateway of claim 1, wherein the network location is wing within a building.
  - 32. The network gateway of claim 1, wherein the network location is a building.
  - 33. The network gateway of claim 1, wherein the network location is one port of a plurality of ports in a single room.
  - 34. The network gateway of claim 1, wherein the network location is an airport kiosk.
  - 35. The network gateway of claim 1, wherein the network location is a retail outlet.
  - 36. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a circuit ID.
  - 37. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a MAC address.
  - 38. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a user name.
  - 39. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a user ID.
  - 40. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a user password.
  - 41. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a location of the user host device.
  - 42. The network gateway of claim 1, wherein the information communicated to the web-server about the network location comprises a communications port.
  - 43. The network gateway of claim 1, wherein the network-location-specific information includes a link to a corporate home page.
  - 44. The network gateway of claim 1, wherein the network-location-specific information includes a link to a travel site.
  - 45. The network gateway of claim 1, wherein the network-location-specific information includes a link to a search engine.
  - 46. The network gateway of claim 1, wherein the network-location-specific information includes a link to a network provider home page.
  - 47. The network gateway of claim 1, wherein the network-location-specific information includes advertising fields.
  - 48. The network gateway of claim 1, wherein the network-location-specific information includes billing and service plans.
  - 49. The network gateway of claim 1, wherein the network-location-specific information includes specific conventions or conferences in or near a hotel.
  - 50. The network gateway of claim 1, wherein the network-location-specific information includes flights scheduled to depart or arrive at an airport terminal.
  - 51. The network gateway of claim 1, wherein the network-location-specific information includes retail services at an airport terminal.
  - 52. The network gateway of claim 1, wherein the network-location-specific information includes locale restaurant ads.
  - 53. The network gateway of claim 1, wherein the network-location-specific information includes train schedules.
  - 54. The network gateway of claim 1, wherein the network-location-specific information includes information customized by a user of the user host device.
  - 55. The network gateway of claim 1, wherein modifying at least one user network packet transmitted from the user host device to an external network location comprises generating an outgoing packet based on the network packet transmitted from the user host device, the outgoing packet including at least one or more attributes that are different than the network packet transmitted from the user host device.
  - 56. The network gateway of claim 55, wherein the at least one or more attributes is a source address.
  - 57. The network gateway of claim 55, wherein the at least one or more attributes is a checksum.
  - 58. The network gateway of claim 55, wherein the at least one or more attributes is an application specific parameter.
  - 59. The network gateway of claim 1, wherein the login portal requests login information.
  - 60. The network gateway of claim 59, wherein the login information comprises a user name and password.
  - 61. The network gateway of claim 1, wherein the external network location is a publicly addressable location.

62. A network system that provides network access to a user host device which sends network communications having a MAC address, the network system comprising:
- a network connection configured to receive a network communication from the user host device, the network communication identifying at least an original source IP address, an original target IP address, and an original source MAC address, the communication including one or more packets;
  
  a database that contains configuration information comprising at least MAC addresses;
  
  a database lookup routine that determines whether the original source MAC address corresponds to configuration information in the database;
  
  a user-device-location-detection routine that determines a network location of the user host device, the user-device-location-detection routine configured to communicate information to a web-server about the network location, so that the web-server can provide network-location-specific information on a login portal;
  
  a user-communication-processing routine that receives and processes the network communication from the user host device to transmit a translated network communication, the network communication from the user host device including the original source MAC address of the user host device that is not authorized to access a network, the user-communication-processing routine configured to process the at least one network communication from the user host device so that the translated network communication has;
  
  a target IP address that is different from the original target IP address, that is associated with the network location of the user host device, and that corresponds to an IP address associated with a redirection server; and
  
  a second source IP address that is different from the an original source IP address and that corresponds to an IP address of the network device, the user-communication-processing routine communicating with the redirection server that is configured to generate browser redirection communication in response to the communication from the user-communication-processing routine; and
  
  a redirection-communication-processing routine that processes the browser redirect communication so that the browser redirect communication has;
  
  an IP source address that corresponds to the original target IP address of the processed user communication anda target IP address that corresponds to the IP address of the user host device, the redirection-communication-processing routing further configured to transmit the browser redirect communication to the host device.
- View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
- - 63. The network system of claim 62, wherein the browser redirect message comprises a login page location.
  - 64. The network system of claim 63, wherein the login page location comprises network location information corresponding to the user host device.
  - 65. The network system of claim 63, further comprising:
    - an authorization routine that receives login information from a login server associated with the login page location, wherein the login information is used to update the database.
  - 66. The network system of claim 62, wherein the user communication-processing routine also processes at least one user communication from a user host device with a MAC address that is authorized to access the network, the user communication-processing routine configured to process the at least one authorized user communication so that the communication has an IP address of the network devices.
  - 67. The network system of claim 62, wherein the browser redirect message comprises network location information corresponding to the user host device.
  - 68. The network system of claim 62, wherein the network is the Internet.
  - 69. The network system of claim 62, wherein the configuration information comprises a circuit ID.
  - 70. The network system of claim 62, wherein the configuration information comprises a MAC address.
  - 71. The network system of claim 62, wherein the configuration information comprises a user name.
  - 72. The network system of claim 62, wherein the configuration information comprises a user ID.
  - 73. The network system of claim 62, wherein the configuration information comprises a user password.
  - 74. The network system of claim 62, wherein the configuration information comprises a location of the user host device.
  - 75. The network system of claim 62, wherein the configuration information comprises a communications port.
  - 76. The network system of claim 62, wherein the database is in communication with a AAA server.
  - 77. The network system of claim 76, wherein the AAA server is in communication with a second network system.
  - 78. The network system of claim 62, wherein the login portal is configured to be displayed in a web browser on the user host device.
  - 79. The network system of claim 62, wherein the login portal comprises an applet configured to be executed on the user host device.
  - 80. The network system of claim 62, wherein the network location is a hotel room.
  - 81. The network system of claim 62, wherein the network location is an apartment address.
  - 82. The network system of claim 62, wherein the network location is encoded using Virtual Local Area Network tagging.
  - 83. The network system of claim 62, wherein the network location is an individual unit in a multi-resident dwelling environment.
  - 84. The network system of claim 62, wherein the network location is a room in an apartment building.
  - 85. The network system of claim 62, wherein the network location is floor within a building.
  - 86. The network system of claim 62, wherein the network location is wing within a building.
  - 87. The network system of claim 62, wherein the network location is a building.
  - 88. The network system of claim 62, wherein the network location is one port of a plurality of ports in a single room.
  - 89. The network system of claim 62, wherein the network location is an airport kiosk.
  - 90. The network system of claim 62, wherein the network location is a retail outlet.
  - 91. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a circuit ID.
  - 92. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a MAC address.
  - 93. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a user name.
  - 94. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a user ID.
  - 95. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a user password.
  - 96. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a location of the user host device.
  - 97. The network system of claim 62, wherein the information communicated to the web-server about the network location comprises a communications port.
  - 98. The network system of claim 62, wherein the network-location-specific information includes a link to a corporate home page.
  - 99. The network system of claim 62, wherein the network-location-specific information includes a link to a travel site.
  - 100. The network system of claim 62, wherein the network-location-specific information includes a link to a search engine.
  - 101. The network system of claim 62, wherein the network-location-specific information includes a link to a network provider home page.
  - 102. The network system of claim 62, wherein the network-location-specific information includes advertising fields.
  - 103. The network system of claim 62, wherein the network-location-specific information includes billing and service plans.
  - 104. The network system of claim 62, wherein the network-location-specific information includes specific conventions or conferences in or near a hotel.
  - 105. The network system of claim 62, wherein the network-location-specific information includes flights scheduled to depart or arrive at an airport terminal.
  - 106. The network system of claim 62, wherein the network-location-specific information includes retail services at an airport terminal.
  - 107. The network system of claim 62, wherein the network-location-specific information includes locale restaurant ads.
  - 108. The network system of claim 62, wherein the network-location-specific information includes train schedules.
  - 109. The network system of claim 62, wherein the network-location-specific information includes information customized by a user of the user host device.
  - 110. The network system of claim 62, wherein the translated network communication includes at least one or more additional attributes that are different than the network communication transmitted from the user host device.
  - 111. The network system of claim 110, wherein the at least one or more attributes is a checksum.
  - 112. The network system of claim 110, wherein the at least one or more attributes is an application specific parameter.
  - 113. The network system of claim 62, wherein the login portal requests login information.
  - 114. The network system of claim 62, wherein the login information comprises a user name and password.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Original Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Inventors
Pagan, Florence C. I., Goldstein, Josh J., Short, Joel E.
Primary Examiner(s)
Won; Michael

Application Number

US11/427,143
Publication Number

US 20060239254A1
Time in Patent Office

1,371 Days
Field of Search

709/225, 709/227, 709/230, 709/217, 709/220
US Class Current

709/246
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

H04W 36/12   Reselecting a serving backb...

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 88/16   Gateway arrangements

Systems and methods for providing dynamic network authorization, authentication and accounting

First Claim

7 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

114 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing dynamic network authorization, authentication and accounting

First Claim

7 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

114 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links