Off-site user access control
First Claim
1. A method for off-site access control in a communications system, the method comprising:
- receiving, by a router, a communication request from a user device for communications over an external network;
wherein the user device is communicatively coupled with a site-based communications network, and the router controls access between the site-based communications network and the external network;
determining, by the router, whether the user device is one of a plurality of authorized devices included on an access control list;
when the user device is one of the authorized devices included on the access control list, automatically routing, by the router, outgoing network traffic originating from the user device to the external network; and
when the user device is not one of the authorized devices included on the access control list;
forwarding one or more packets forming the communication request from the user device to an off-site authentication system over the external network without modifying the one or more packets;
after forwarding the one or more packets forming the communication request to the off-site authentication system, receiving an authentication response from the off-site authentication system, the authentication response directing the router to add the user device to the access control list;
adding the user device to the access control list in response to the authentication response; and
after adding the user device to the access control list, automatically routing, by the router, outgoing network traffic originating from the user device to the external network.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices.
-
Citations
20 Claims
-
1. A method for off-site access control in a communications system, the method comprising:
-
receiving, by a router, a communication request from a user device for communications over an external network;
wherein the user device is communicatively coupled with a site-based communications network, and the router controls access between the site-based communications network and the external network;determining, by the router, whether the user device is one of a plurality of authorized devices included on an access control list; when the user device is one of the authorized devices included on the access control list, automatically routing, by the router, outgoing network traffic originating from the user device to the external network; and when the user device is not one of the authorized devices included on the access control list; forwarding one or more packets forming the communication request from the user device to an off-site authentication system over the external network without modifying the one or more packets; after forwarding the one or more packets forming the communication request to the off-site authentication system, receiving an authentication response from the off-site authentication system, the authentication response directing the router to add the user device to the access control list; adding the user device to the access control list in response to the authentication response; and after adding the user device to the access control list, automatically routing, by the router, outgoing network traffic originating from the user device to the external network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A router disposed in a site-based communications network for controlling access between the site-based communication network and an external network, the router comprising:
-
a storage device storing therein a route map indicating a plurality of authorized user devices, the route map operable to designate traffic originating from any of the plurality of authorized devices for routing to the external network, and operable to designate traffic originating from any user device that is not one of the plurality of authorized devices for forwarding to an off-site authentication system; and a communications subsystem operable to; receive a communication request from a user device communicatively coupled with the site-based communications network, the communication request being for communications to the external network; route outgoing network traffic originating from the user device to the external network when the communication request is designated as originating from one of the plurality of authorized devices according to the route map; and when the communication request is designated as originating from other than one of the plurality of authorized devices according to the route map; forward one or more packets forming the communication request to the off-site authentication system over the external network without modifying the one or more packets; after forwarding the one or more packets forming the communication request to the off-site authentication system, receive an authentication response from the off-site authentication system, the authentication response directing the router to add the user device to the plurality of authorized devices; update the route map to include the user device as one of the plurality of authorized user devices in response to the authentication response; and route outgoing network traffic originating from the user device to the external network after updating the route map according to the authentication response. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification