Systems and Methods for Providing Dynamic Network Authorization, Authentication and Accounting
First Claim
1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
- a database comprising configuration information;
a redirection determination module in communication with the database, the redirection determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;
a user-device location detection module that determines a network location of the user host device, the user device location detection module configured to communicate information to the web server about the network location, so that the web server may provide network-location-specific information on the login portal;
a network packet translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for selectably controlling and customizing source access to a network, where the source is associated with a source computer, and wherein the source computer has transparent access to the network via a gateway device and no configuration software need be installed on the source computer to access the network. A user may be prevented access from a particular destination or site based upon the user'"'"'s authorization while being permitted to access to other sites that the method and system deems accessible. The method and system can identify a source without that source'"'"'s knowledge, and can access customizable access rights corresponding to that source in a source profile database. The source profile database can be a remote authentication dial-in user service (RADIUS) or a lightweight directory access protocol (LDAP) database. The method and system use source profiles within the source profile database to dynamically authorize source access to networks and destinations via networks.
220 Citations
19 Claims
-
1. A network gateway having an IP address and a hardware address, configured to process packets communicated from a browser operating on a user host device, the user host device having configuration information specifying at least a MAC address of the user host device, the network gateway comprising:
-
a database comprising configuration information;
a redirection determination module in communication with the database, the redirection determination module responsive to packets communicated from the browser to determine whether to redirect the browser to a web-server configured to present a login portal, wherein the redirection determination is based on the MAC address of the user host device and configuration information in the database;
a user-device location detection module that determines a network location of the user host device, the user device location detection module configured to communicate information to the web server about the network location, so that the web server may provide network-location-specific information on the login portal;
a network packet translation module configured to modify at least one user network packet transmitted from the user host device to an external network location, the at least one user network packet being modified so that the source IP address corresponds to the network gateway, the network packet translation module further configured to modify at least one external network packet transmitted from the external network location to the network gateway, the external network packet being modified so that the destination IP address corresponds to the user host device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network device that provides internet access to a user host device which sends network packets having a sender MAC address, the network device comprising:
-
a network connection configured to receive a network packet from the user host device;
a database that contains configuration information comprising at least MAC addresses;
a database lookup routine that determines whether the sender MAC address corresponds to configuration information in the database;
a user packet intercept module that intercepts at least one user packet from a user host device MAC address that is not authorized to access the internet, the user packet intercept module configured to modify the at least one user packet by changing an original target IP address to correspond to a new target IP address, changing an original source IP address to correspond to an IP address of the network device, and changing an original source MAC address to a MAC address of the network device, wherein the new target IP address corresponds to an IP address associated with a redirection server, further wherein the redirection server is configured to respond to the modified user packet with a browser redirect message;
a redirection server packet intercept module that intercepts the browser redirect message, and modifies the intercepted browser redirect message by changing its source IP address to correspond to the original target IP address of the intercepted user packet, changing the target IP address of the intercepted browser redirect message to correspond to the IP address of the user host device, and changing the target MAC address of the intercepted browser redirect message to correspond to the MAC address of the user host device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of redirecting a session directed to an original destination HTTP server to a redirected destination HTTP server, the method comprising the steps of:
-
receiving, at a gateway device, a request from a computer to open a TCP connection with a server located external to the gateway;
responding, at the gateway device, to the request to open the TCP connection, thereby establishing the TCP connection between the computer and the gateway device without the necessity of communicating with the server located external to the gateway;
receiving, at the gateway device, at least one original destination HTTP server request originating from the computer;
using the MAC address of the computer in determining, at the gateway device, whether the original destination HTTP server request requires redirection; and
sending a browser redirect message to the computer using the TCP connection, thereby redirecting the computer. - View Dependent Claims (18, 19)
-
Specification