Method and apparatus for managing proxy and non-proxy requests in telecommunications network

US 8,127,008 B2
Filed: 04/19/2005
Issued: 02/28/2012
Est. Priority Date: 09/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of processing requests from proxy and non-proxy client session connections in a telecommunications network, comprising the steps of:

receiving a request from a client session connection, wherein the request is directed to a first service;

determining whether the request is a proxy request from an authenticated user;

in response to determining that the request is a proxy request from an authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server;

in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal;

in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user;

wherein said redirecting the request further comprises the steps of;

if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal; and

wherein the method is performed by one or more computing devices comprising a router.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for determining a location of a client session in a telecommunications network by comparing attributes of the client session connection to location definition information stored in a configuration file. A method of handling requests from proxy and non-proxy client connections in a telecommunications network by redirecting requests from unauthenticated proxy clients to a transparent proxy port on a captive portal such that the captive portal proxies the requests is also disclosed. The request may be directed to a service, such as a destination IP address and optional port number. A method for a proxy server to identify an edge session through an out-of-band request containing proxy metadata to a web portal for secure (HTTPS) requests is also disclosed. The edge session is identified for the web portal through a hostkey determined by the proxy server.

Citations

17 Claims

1. A method of processing requests from proxy and non-proxy client session connections in a telecommunications network, comprising the steps of:
- receiving a request from a client session connection, wherein the request is directed to a first service;
  
  determining whether the request is a proxy request from an authenticated user;
  
  in response to determining that the request is a proxy request from an authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server;
  
  in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal;
  
  in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user;
  
  wherein said redirecting the request further comprises the steps of;
  
  if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal; and
  
  wherein the method is performed by one or more computing devices comprising a router.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of determining whether the request is a proxy request from the authenticated user comprises the steps of:
    - determining attributes of the client session connection; and
      
      determining whether the request is a proxy request from the authenticated user based on the attributes of the client session connection.
  - 3. The method of claim 1, further comprising the steps of:
    - determining attributes of the client session connection; and
      
      determining at least one user-defined location in location definition information associated with the client session connection based on the attributes of the client session connection.
  - 4. The method of claim 3, wherein the location definition information comprises at least one location group definition, said at least one location group comprising at least two defined locations.
  - 5. The method of claim 3, wherein a network management action selected from the group consisting of determining payment methods, determining rate information, setting quality of service parameters, determining whether access is allowed, and selecting a white list, is performed based at least in part on the at least one determined user-defined location.
  - 6. The method of claim 1, wherein the client session connection is originated by the authenticated user at a wireless access point.

7. A computer readable non-transitory storage medium comprising one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
- receiving a request from a client session connection, wherein the request is directed to a first service;
  
  determining whether the request is a proxy request from an authenticated user;
  
  in response to determining that the request is a proxy request from the authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server;
  
  in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal;
  
  in response to determining that the request is not a proxy request from an authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user; and
  
  wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform;
  
  if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The medium of claim 7, wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
    - determining attributes of the client session connection; and
      
      determining whether the request is a proxy request from an authenticated user based on the attributes of the client session connection.
  - 9. The medium of claim 7, wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
    - determining attributes of the client session connection; and
      
      determining at least one user-defined location in location definition information associated with the client session connection based on the attributes of the client session connection.
  - 10. The medium of claim 9, wherein the location definition information comprises at least one location group definition, said at least one location group comprising at least two defined locations.
  - 11. The medium of claim 9, wherein a network management action selected from the group consisting of determining payment methods, determining rate information, setting quality of service parameters, determining whether access is allowed, and selecting a white list, is performed based at least in part on the at least one determined user-defined location.

12. An apparatus, comprising:
- a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
  
  one or more processors;
  
  one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of;
  
  receiving a request from a client session connection, wherein the request is directed to a first service;
  
  determining whether the request is a proxy request from an authenticated user;
  
  in response to determining that the request is a proxy request from the authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server;
  
  in response to determining that the request is a proxy request from the authenticated user and the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal;
  
  in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user; and
  
  wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform;
  
  if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The apparatus of claim 12, wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
    - determining attributes of the client session connection; and
      
      determining at least one user-defined location in location definition information associated with the client session connection based on the attributes of the client session connection.
  - 14. The apparatus of claim 13, wherein a network management action selected from the group consisting of determining payment methods, determining rate information, setting quality of service parameters, determining whether access is allowed, and selecting a white list, is performed based at least in part on the at least one determined user-defined location.
  - 15. The apparatus of claim 12, wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
    - determining attributes of the client session connection; and
      
      determining whether the request is a proxy request from an authenticated user based on the attributes of the client session connection.
  - 16. The apparatus of claim 12, wherein the location definition information comprises at least one location group definition, said at least one location group comprising at least two defined locations.
  - 17. The apparatus of claim 12, wherein the client session connection is originated by the authenticated user at a wireless access point.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Manning, Michael, Burshan, Chen Yehezkel, Sowatskey, Nathan John, Kumar, Ritesh, Wilkins, Gregory John
Primary Examiner(s)
Dalencourt, Yves

Application Number

US11/110,340
Publication Number

US 20060056317A1
Time in Patent Office

2,506 Days
Field of Search

709/219, 709/225
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/52   specially adapted for the l...

H04L 9/40   Network security protocols

Method and apparatus for managing proxy and non-proxy requests in telecommunications network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing proxy and non-proxy requests in telecommunications network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links