Systems and Methods for Providing Dynamic Network Authorization, Authentication and Accounting

US 20060239254A1
Filed: 06/28/2006
Published: 10/26/2006
Est. Priority Date: 12/08/1998
Status: Active Grant

First Claim

Patent Images

1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:

a database comprising configuration information;

a redirection determination module in communication with the database, the redirection determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;

a user-device location detection module that determines a network location of the user host device, the user device location detection module configured to communicate information to the web server about the network location, so that the web server may provide network-location-specific information on the login portal;

a network packet translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for selectably controlling and customizing source access to a network, where the source is associated with a source computer, and wherein the source computer has transparent access to the network via a gateway device and no configuration software need be installed on the source computer to access the network. A user may be prevented access from a particular destination or site based upon the user'"'"'s authorization while being permitted to access to other sites that the method and system deems accessible. The method and system can identify a source without that source'"'"'s knowledge, and can access customizable access rights corresponding to that source in a source profile database. The source profile database can be a remote authentication dial-in user service (RADIUS) or a lightweight directory access protocol (LDAP) database. The method and system use source profiles within the source profile database to dynamically authorize source access to networks and destinations via networks.

220 Citations

19 Claims

1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
- a database comprising configuration information;
  
  a redirection determination module in communication with the database, the redirection determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;
  
  a user-device location detection module that determines a network location of the user host device, the user device location detection module configured to communicate information to the web server about the network location, so that the web server may provide network-location-specific information on the login portal;
  
  a network packet translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network gateway of claim 1, wherein the web-server is internal to the network gateway.
  - 3. The network gateway of claim 1, wherein the configuration database is internal to the network gateway.
  - 4. The network gateway of claim 1, wherein the login portal presents billing information.
  - 5. The network gateway of claim 1, wherein the login portal presents network connection service options.
  - 6. The network gateway of claim 1, wherein the configuration information comprises authentication information.
  - 7. The network gateway of claim 1, wherein the database is searchable by MAC address.
  - 8. The network gateway of claim 1, wherein the web server provides bandwidth information on the login portal.
  - 9. The network gateway of claim 1, wherein the web server provides billing information on the login portal.
  - 10. The network gateway of claim 1, wherein the web server provides service level information on the login portal.

11. A network device that provides internet access to a user host device which sends network packets having a sender MAC address, the network device comprising:
- a network connection configured to receive a network packet from the user host device;
  
  a database that contains configuration information comprising at least MAC addresses;
  
  a database lookup routine that determines whether the sender MAC address corresponds to configuration information in the database;
  
  a user packet intercept module that intercepts at least one user packet from a user host device MAC address that is not authorized to access the internet, the user packet intercept module configured to modify the at least one user packet by changing an original target IP address to correspond to a new target IP address, changing an original source IP address to correspond to an IP address of the network device, and changing an original source MAC address to a MAC address of the network device, wherein the new target IP address corresponds to an IP address associated with a redirection server, further wherein the redirection server is configured to respond to the modified user packet with a browser redirect message;
  
  a redirection server packet intercept module that intercepts the browser redirect message, and modifies the intercepted browser redirect message by changing its source IP address to correspond to the original target IP address of the intercepted user packet, changing the target IP address of the intercepted browser redirect message to correspond to the IP address of the user host device, and changing the target MAC address of the intercepted browser redirect message to correspond to the MAC address of the user host device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The network device of claim 11, wherein the browser redirect message comprises a login page location.
  - 13. The network device of claim 12, wherein the login page location comprises network location information corresponding to the user host device.
  - 14. The network device of claim 12, further comprising:
    - an authorization module that receives login information from a login server associated with the login page location, wherein the login information is used to update the database.
  - 15. The network device of claim 11, wherein the user packet intercept module also intercepts at least one user packet from a user host device MAC address that is authorized to access the internet, the user packet intercept module configured to modify the at least one authorized user packet by changing an original source IP address to correspond to an IP address of the network device, and changing an original source MAC address to a MAC address of the network device, but leaving the original target IP address unchanged.
  - 16. The network device of claim 11, wherein the browser redirect message comprises network location information corresponding to the user host device.

17. A method of redirecting a session directed to an original destination HTTP server to a redirected destination HTTP server, the method comprising the steps of:
- receiving, at a gateway device, a request from a computer to open a TCP connection with a server located external to the gateway;
  
  responding, at the gateway device, to the request to open the TCP connection, thereby establishing the TCP connection between the computer and the gateway device without the necessity of communicating with the server located external to the gateway;
  
  receiving, at the gateway device, at least one original destination HTTP server request originating from the computer;
  
  using the MAC address of the computer in determining, at the gateway device, whether the original destination HTTP server request requires redirection; and
  
  sending a browser redirect message to the computer using the TCP connection, thereby redirecting the computer.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, further comprising receiving, at the gateway device, a redirected destination HTTP server request originating from the computer, wherein the redirected destination HTTP server request corresponds to a login page.
  - 19. The method of claim 18, further comprising obtaining login information corresponding to the MAC address of the computer for use in determining whether future HTTP server requests from the computer require redirection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Original Assignee
Nomadix, Inc. (Nippon Telegraph and Telephone Corporation)
Inventors
Short, Joel E., Goldstein, Josh J., Pagan, Florence C.I.

Granted Patent

US 7,689,716 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

H04W 12/086   using security domains

H04W 12/088   using filters or firewalls

H04W 36/12   Reselecting a serving backb...

H04W 76/10   Connection setup

H04W 8/26   Network addressing or numbe...

H04W 88/16   Gateway arrangements

Systems and Methods for Providing Dynamic Network Authorization, Authentication and Accounting

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

220 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Systems and Methods for Providing Dynamic Network Authorization, Authentication and Accounting

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

220 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others