Location determined network access

US 9,112,879 B2
Filed: 05/12/2009
Issued: 08/18/2015
Est. Priority Date: 05/12/2009
Status: Active Grant

First Claim

Patent Images

1. A network authentication system, comprising:

a locationing server to interface with a network access device to establish communications between a client device and an internal network, to determine a location of the client device, to determine whether the client device is within an authorized physical location to communicate over the internal network, to determine a communications level to be granted to the client device based on the physical location of the client device and to grant the determined communications level to the client device in response to a determination that the client device is within the authorized physical location, to perform a time-out function in response to a determination that the client device is outside of the authorized physical location, to grant the determined communication level to the client device in response to the client device being within the authorized physical location prior to expiration of the time-out function, and to deny access to the internal network by the client device in response to a determination that the client device is outside of the authorized physical location following expiration of the time-out function;

wherein the locationing server comprises an independent and separate apparatus from the client device; and

a hardware processor to implement the locationing server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for network authentication is provided. A network access device is operable to establish a communications with an internal network. A client device is operable to request and establish the communications over the internal network by interfacing with the network access device. A processor is operable to interface with the network access device to establish the communications between the client device and the internal network. The processor is also operable to establish a communications level for the communications based on the location of the client device.

Citations

18 Claims

1. A network authentication system, comprising:
- a locationing server to interface with a network access device to establish communications between a client device and an internal network, to determine a location of the client device, to determine whether the client device is within an authorized physical location to communicate over the internal network, to determine a communications level to be granted to the client device based on the physical location of the client device and to grant the determined communications level to the client device in response to a determination that the client device is within the authorized physical location, to perform a time-out function in response to a determination that the client device is outside of the authorized physical location, to grant the determined communication level to the client device in response to the client device being within the authorized physical location prior to expiration of the time-out function, and to deny access to the internal network by the client device in response to a determination that the client device is outside of the authorized physical location following expiration of the time-out function;
  
  wherein the locationing server comprises an independent and separate apparatus from the client device; and
  
  a hardware processor to implement the locationing server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the communications level comprises any one of:
    - the communications being granted to a partial portion of the internal network;
      
      the communications being granted to a partial functionality of network resources.
  - 3. The system of claim 1, wherein the locationing server is further to determine the communications level based on the physical location of the client device and condition the network access device to establish the communications level with the client device.
  - 4. The system of claim 1, wherein the locationing server is to determine the physical location of the client device based on at least one of:
    - the port of the network access device on which the client device is connected;
      
      the length of a physical communications line connecting the client device to the network access device; and
      
      a triangulation method using signal strength data from one or more access points surrounding any one of the client device and a wireless device wirelessly connected to the client device.
  - 5. The system of claim 1, further comprising a security server to establish the communications as secured communications.
  - 6. The system of claim 5, wherein the security server is to execute at least one of:
    - a Wired Equivalency Privacy (WEP) authentication;
      
      a Message Authentication Code (MAC) authentication; and
      
      an IEEE 802.1X authentication.
  - 7. The system of claim 1, wherein the network access device is to inspect received data packets to determine the destination addresses thereof and to forward the data packets to the destination addresses.
  - 8. The system of claim 7, wherein the network access device comprises at least one of:
    - a router;
      
      a hub;
      
      a switch comprising at least one of;
      
      a LAN switch;
      
      a WAN switch;
      
      an Ethernet switch.
  - 9. The system of claim 1, wherein the client device comprises at least one of:
    - a personal computer;
      
      a notebook computer;
      
      a computing device;
      
      a communications device;
      
      a wireless handset;
      
      a telephone; and
      
      a personal digital assistant.
  - 10. The system of claim 1, wherein the communications comprises any one of:
    - a wireline communications; and
      
      a wireless communications.

11. A method for authenticating a client device to an internal network, comprising:
- receiving a network access request message to the internal network from the client device;
  
  determining whether the client device is within an authorized physical location to communicate over the internal network;
  
  determining, by a hardware processor, a communications level of access to be granted to the client device in response to a determination that the client device is within the authorized physical location;
  
  performing a time-out function in response to a determination that the client device is outside of the authorized physical location;
  
  granting the determined communications level of access to the client device in response to a determination that the client device is within the authorized physical location prior to expiration of the time-out function; and
  
  denying, by the processor, access to the internal network by the client device in response to a determination that the client device is outside of the authorized physical location following expiration of the time-out function.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein the communications level of access comprises any one of:
    - the communications access being granted to a partial portion of the internal network;
      
      the communications access being granted to a partial functionality of network resources.
  - 13. The method of claim 11, wherein a state of network access of the client device is placed in a hold state pending a determination as to whether the client device is within the authorized physical location and a determination of the communications level of access.
  - 14. The method of claim 11, wherein the communications level of access of the client device is based on the physical location of the client device being within one or more pre-designated facilities of an entity providing the internal network.

15. An apparatus comprising:
- a memory on which is stored machine readable instructions to,interface with a network access device to establish communications between a remote client device and an internal network, wherein the remote client device is to access the internal network through the network access device;
  
  determine whether the remote client device is within an authorized physical location to communicate over the internal network;
  
  determine a communications level for the communications between the remote client device and the internal network in response to a determination that the remote client device is within the authorized physical location;
  
  perform a time-out function in response to a determination that the client device is outside of the authorized physical location;
  
  grant the determined communications level of access to the client device in response to a determination that the client device is within the authorized physical location prior to expiration of the time-out function; and
  
  deny access to the internal network by the remote client device in response to a determination that the client device is outside of the authorized physical location following expiration of the time-out function; and
  
  a hardware processor to execute the machine readable instructions.
- View Dependent Claims (16, 17, 18)
- - 16. The apparatus according to claim 15, wherein the machine readable instructions are further to determine the communications level based on the physical location of the remote client device and a condition of the network access device to establish the communications level with the remote client device.
  - 17. The apparatus according to claim 15, wherein the machine readable instructions are further to determine the physical location of the remote client device based on at least one of:
    - the port of the network access device on which the remote client device is connected;
      
      the length of a physical communications line connecting the remote client device to the network access device; and
      
      a triangulation method using signal strength data from one or more access points surrounding any one of the remote client device and a wireless device wirelessly connected to the remote client device.
  - 18. The apparatus according to claim 15, wherein the machine readable instructions are further to establish the communications as secured communications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Dandabany, Sankarlingam
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
FABBRI, ANTHONY E

Application Number

US12/464,303
Publication Number

US 20100293590A1
Time in Patent Office

2,289 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

Location determined network access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Location determined network access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links