OFF-SITE USER ACCESS CONTROL
First Claim
1. A method for off-site access control in a communications system, the method comprising:
- receiving, by a router, a communication request from a user device for communications over the Internet, the user device being communicatively coupled with a site-based communications network;
determining, by the router, whether the user device is authorized to communicate as requested over the Internet; and
when the user device is not authorized to communicate as requested over the Internet according to the determining step;
forwarding the communication request by the router to a off-site authentication system over the Internet;
receiving a portal response from the off-site authentication system comprising a captive authentication portal for becoming authorized to communicate as requested over the Internet;
receiving an authentication request from the user device according to the captive authentication portal; and
authenticating the user device to communicate as requested over the Internet according to the authentication request.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices.
38 Citations
27 Claims
-
1. A method for off-site access control in a communications system, the method comprising:
-
receiving, by a router, a communication request from a user device for communications over the Internet, the user device being communicatively coupled with a site-based communications network; determining, by the router, whether the user device is authorized to communicate as requested over the Internet; and when the user device is not authorized to communicate as requested over the Internet according to the determining step; forwarding the communication request by the router to a off-site authentication system over the Internet; receiving a portal response from the off-site authentication system comprising a captive authentication portal for becoming authorized to communicate as requested over the Internet; receiving an authentication request from the user device according to the captive authentication portal; and authenticating the user device to communicate as requested over the Internet according to the authentication request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12)
-
-
10. (canceled)
-
13. A router disposed in a site-based communications network, the router comprising:
-
a route map indicating a plurality of authorized user devices, operable to designate traffic originating from any of the plurality of authorized devices for routing to a destination address of the traffic, and operable to designate traffic originating from any user device that is not one of the plurality of authorized devices for forwarding to an off-site authentication system; and a communications subsystem operable to; receive a communication request from a user device communicatively coupled with the site-based communications network, the communication request being for communications external to the site-based network; route the communication request to a destination address of the communication request when designated as originating from one of the plurality of authorized devices according to the route map; forward the communication request to the off-site authentication system when designated as originating from other than one of the plurality of authorized devices according to the route map; receive an indication from the off-site authentication system to authorize the user device; and update the route map to include the user device as one of the plurality of authorized user devices according to the indication. - View Dependent Claims (14, 15, 16)
-
-
17-22. -22. (canceled)
-
23. An off-site authentication system in communication with a plurality of on-site routers, each disposed within a site-based network, the off-site authentication system comprising:
-
a router controller operable to; receive, from an on-site router, a communication request originating from a user device, the user device being communicatively coupled with a site-based communications network of the on-site router, the communication request being for communications external to the site-based network, and the on-site router being configured so that traffic originating from any of a plurality of authorized user devices is automatically routed to a destination address of the traffic, and traffic originating from any user device that is not one of the plurality of authorized devices is automatically forwarded to the off-site authentication system; and an authentication subsystem in communication with the router controller, and operable to; communicate a portal response to the on-site router comprising a captive authentication portal for becoming authorized to communicate as requested external to the site-based network; receive an authentication request from the user device via the on-site router according to the captive authentication portal; and determine that the user device is authorized to communicate as requested external to the site-based network according to the authentication request, wherein the router controller is operable to communicate an instruction to the on-site router directing the on-site router to update a route map to indicate that the user device is authorized to communicate at least as requested external to the site-based network according to the determination of the authentication subsystem. - View Dependent Claims (24, 25, 26, 27)
-
Specification