Secure and seamless wireless public domain wide area network and method of using the same

US 8,195,950 B2
Filed: 08/15/2002
Issued: 06/05/2012
Est. Priority Date: 08/15/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing secure, authenticated, mobile client access to a wireless public domain wide area network, using the 802.11 spectrum, without resort to a client side driver, comprising the steps of:

receiving from a client a start session message containing user identity information, the start session message being received by the route controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and

sending to the client a control message to control the clients access to use the communications network, the control message being sent from the route controller using the communications network in accordance with the client control protocol and in response to the start session message;

wherein the receiving and/or sending step is performed by a wireless provisioning device having a chassis;

at least one processor;

an operating system, the operating system operably configured in the chassis to control the at least one processor, which are operatively coupled with the chassis;

a packet-switched interface capable of receiving a multiplicity of inbound framed packet-data to provide inbound packets and transmitting a multiplicity of outbound framed packet-data comprising outbound packets;

a channel controller coupled to the packet-switched interface that channels the inbound packets based on the inbound address information and constructs the outbound packets and channels the outbound packets with the outbound address information, the channel controller capable of being effectively connected to at least one network via the operating system; and

an authenticator in operative communication with the operating system to allow authentication at the wireless provisioning device;

whereby a user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet;

wherein said step of sending controls determines whether the client is authorized or denied access to use the communications network, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless public domain Wide Area Network (WPDWAN) is a system and method of providing high throughput data services to public domain customers through the use of encoded 2.4 Ghz microwave transmissions. Connecting computers to multi-point wireless bridges USi11g the 2.4 Ghz spectrum has been available for many years. However, the concept of opening the service to public domain has long been limited due to authentication, security and inevitable routing concerns. With the incorporation of a wireless router, methods of authentication through the use LDAP MAC authentication with route control and logical segmentation to preclude sniffing actions. This problem has been addressed with WPDWAN. The WPDWAN provides high data throughput connection rates to residential, commercial and mobile customers. The WPDWAN allows users to connect to the Internet backbone using a 2.4 Ghz 802.IIb standard PCMCIA card. These cards function at rates of at least 2 Mbps. The wireless card connects the computer to the Internet backbone and allows the customer to remain either stationary or be mobile within the area of coverage.

52 Citations

View as Search Results

41 Claims

1. A method of providing secure, authenticated, mobile client access to a wireless public domain wide area network, using the 802.11 spectrum, without resort to a client side driver, comprising the steps of:
- receiving from a client a start session message containing user identity information, the start session message being received by the route controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
  
  sending to the client a control message to control the clients access to use the communications network, the control message being sent from the route controller using the communications network in accordance with the client control protocol and in response to the start session message;
  
  wherein the receiving and/or sending step is performed by a wireless provisioning device having a chassis;
  
  at least one processor;
  
  an operating system, the operating system operably configured in the chassis to control the at least one processor, which are operatively coupled with the chassis;
  
  a packet-switched interface capable of receiving a multiplicity of inbound framed packet-data to provide inbound packets and transmitting a multiplicity of outbound framed packet-data comprising outbound packets;
  
  a channel controller coupled to the packet-switched interface that channels the inbound packets based on the inbound address information and constructs the outbound packets and channels the outbound packets with the outbound address information, the channel controller capable of being effectively connected to at least one network via the operating system; and
  
  an authenticator in operative communication with the operating system to allow authentication at the wireless provisioning device;
  
  whereby a user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet;
  
  wherein said step of sending controls determines whether the client is authorized or denied access to use the communications network, wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising the step of:
    - routing or bridging the user identity information through a wireless provisioning routing device.
  - 3. The method of claim 2, wherein the user identity information is the DHCP allocation.
  - 4. The method of claim 1, wherein the control message is a session authorization message authorizing the client to use the communications network at a predetermined bandwidth level.
  - 5. The method of claim 4, further comprising the step of:
    - determining if the client is authorized to use the communications network based on the user identity information, and wherein said step of sending a session authorization message is only performed if the client is authorized to use the communications network.
  - 6. The method of claim 4, further comprising the steps of:
    - receiving from the client a session continuation message containing the user identity information; and
      
      sending to the client a continuation authorization message, based on the user identity information, authorizing the client to use the communications network for an additional predetermined period of time.
  - 7. The method of claim 6, wherein the continuation authorization message is an additional session authorization message.
  - 8. The method of claim 6, further comprising the step of determining if the client is authorized to continue to use the communications network based on the user identity information, and wherein said step of sending a continuation authorization message is only performed if the client is authorized to continue using the communications network.
  - 9. The method of claim 1, further comprising the step of:
    - determining if the client is authorized to use the communications network based on the user identity information; and
      
      wherein the control message is a deny session message if the client is not authorized to use the communications network.
  - 10. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 11. The method of claim 1, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 12. The method of claim 1, further comprising the steps of:
    - recording information about a client session in a communications network usage log.
  - 13. The method of claim 12, wherein the recorded information includes information associated with the user identity information and information associated with the time that the client session started.
  - 14. The method of claim 12, further comprising the steps of:
    - receiving from the client an end session message containing the user identity information; and
      
      recording information about the end of the client session in the usage log.
  - 15. The method of claim 12, further comprising the step of:
    - recording information about an end of the client session in the usage log if no session continuation message has been received from the client during the predetermined period of time.
  - 16. The method of claim 12, further comprising the steps of:
    - receiving from the service provider a communications network usage report; and
      
      comparing the communications network usage report with the communications network usage log to determine discrepancies.
  - 17. The method of claim 1, further comprising the steps of:
    - sending to the client a session termination message instructing the client to end the client session; and
      
      recording information about the end of the client session in a usage log.
  - 18. The method of claim 1, wherein the communications network is a packet network.
  - 19. The method of claim 18, wherein the packet network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.
  - 20. The method of claim 9, wherein said step of determining is also based on information stored in a user database.

21. An apparatus for providing secure, authenticated, mobile wireless client access to use a wireless public domain wide area communications network, utilizing the 802.11 spectrum, comprising:
- a receiver operatively configured to receive from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller;
  
  a gateway operatively configured to determine if the client is authorized to access the communications network; and
  
  a route controller notifyer operatively configured to send to the client a session authorization message, the session authorization message to control the client'"'"'s access to use the communications network being sent from the client controller using the communications network in accordance with the client control protocol and in response to the start session message, wherein the session authorization message controls whether the client is authorized or denied access to use the communications network, wherein the session authorization network authorizes the client to use the communications network for a predetermined period of time;
  
  wherein the receiving apparatus is a wireless provisioning device having a microprocessor and the components operatively configured within a chassis thereof to control the microprocessor;
  
  a packet-switched interface configured to receive a multiplicity of inbound framed packet-data and to provide inbound packets and to transmit a multiplicity of outbound framed packet-data comprising outbound packets;
  
  a channel controller coupled to the packet-switched interface that is configured to channel the inbound packets based on the inbound address information and configured to construct the outbound packets and channels with the outbound address information, the channel controller capable of being effectively connected to at least one network, whereby a user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

23. An article of manufacture comprising a non-transitory computer readable storage medium having stored thereon instructions adapted to be executed by a processor, the instructions which, when executed, define a series of steps to control a client'"'"'s access to use a secure, authenticated, mobile wireless public domain wide area communications network, using the 802.11 spectrum, said steps comprising:
- receiving from the client a start session message containing user identity information, the start session message being received by the client controller using the communications network in accordance with a client control protocol, the start session message being sent automatically upon the client being logged on to the service provider independent of the client controller; and
  
  sending to the client a control message to control the clients access to use the communications network, the control message being sent from the client controller, using the communications network in accordance with the client control protocol and in response to the start session message, wherein the control message control message is a session authorization message that determine whether the client is granted or denied access to use the communications network for a predetermined period of time;
  
  wherein the article of manufacture is a wireless provisioning device configured within a chassis thereof to control the processor;
  
  a packet-switched interface configured to receive a multiplicity of inbound framed packet-data and to provide inbound packets and to transmit a multiplicity of outbound framed packet-data comprising outbound packets;
  
  a channel controller coupled to the packet-switched interface that is configured to channel the inbound packets based on the inbound address information and configured to construct the outbound packets and channels with the outbound address information, the channel controller capable of being effectively connected to at least one network;
  
  whereby a user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The article of manufacture of claim 23, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 25. The article of manufacture of claim 23, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 26. The article of manufacture of claim 23, further comprising the steps of:
    - recording information about a client session in a communications network usage log.
  - 27. The article of manufacture of claim 23, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

28. A method of using secure, authenticated, mobile client access to a wireless public domain communications network using the 802.11 spectrum having a route controller, comprising the steps of:
- accessing the route controller though a service provider independent of the client controller;
  
  sending to the route controller a start session message containing user identity information, the start session message being sent automatically upon a client being logged on to the service provider; and
  
  receiving from the route controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol and in response to the start session message, wherein the control message is a session authorization message that determine whether the client is granted or denied access to use the communications network for a predetermined period of time;
  
  wherein the receiving and/or sending step is performed by a wireless provisioning device having a chassis;
  
  at least one processor;
  
  an operating system, the operating system operably configured in the chassis to control the at least one processor, which are operatively coupled with the chassis;
  
  a packet-switched interface capable of receiving a multiplicity of inbound framed packet-data to provide inbound packets and transmitting a multiplicity of outbound framed packet-data comprising outbound packets;
  
  a channel controller coupled to the packet-switched interface that channels the inbound packets based on the inbound address information and constructs the outbound packets and channels the outbound packets with the outbound address information, the channel controller capable of being effectively connected to at least one network via the operating system; and
  
  an authenticator in operative communication with the operating system to allow authentication at the wireless provisioning device;
  
  whereby a user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The method of claim 28, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 30. The method of claim 28, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 31. The method of claim 28, wherein said step of accessing comprises complying with a first authentication procedure performed by the service provider and said step of sending comprises complying with a second authentication procedure performed by the client controller, the second authentication procedure being independent of the first authentication procedure.
  - 32. The method of claim 28, further comprising the step of:
    - sending a session continuation message to the client controller prior to the end of the predetermined period of time.
  - 33. The method of claim 28, further comprising the step of:
    - sending an end session message to the client controller.
  - 34. The method of claim 28, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

35. An article of manufacture comprising a non-transitory computer readable storage medium having stored thereon instructions adapted to be executed by a processor, the instructions which, when executed, define a series of steps to use a wireless public domain communications network using the 802.11 spectrum having a route controller, said steps comprising:
- accessing the route controller through a wireless communication entry point;
  
  sending to the route controller a start session message containing user identity information, the start session message being sent automatically upon a client being logged on to the service provider andreceiving from the route controller a control message to control whether the client is authorized or denied access to use the communications network, the control message being received by the client using the communications network in accordance with a client control protocol in response to the start session message;
  
  wherein the control message is a session authorization message authorizing the client to use the communications network for a predetermined period of time;
  
  wherein the article of manufacture is a wireless provisioning device within a chassis thereof to control the processor;
  
  a packet-switched interface configured to receive a multiplicity of inbound framed packet-data, to provide inbound packets and to transmit a multiplicity of outbound framed packet-data comprising outbound packets;
  
  a channel controller coupled to the packet-switched interface that is configured to channel the inbound packets based on the inbound address information and configured to construct the outbound packets and channels with the outbound address information, the channel controller capable of being effectively connected to at least one network;
  
  whereby the user of a mobile computing device connects to the wireless provisioning device without having to first access the Internet.
- View Dependent Claims (36, 37, 38, 39, 40, 41)
- - 36. The article of manufacture of claim 35, further comprising the step of sending to the client an additional control message that instructs the client to display a message to a user.
  - 37. The article of manufacture of claim 35, further comprising the step of sending to the client an additional control message that instructs the client to receive data.
  - 38. The article of manufacture of claim 35, wherein said step of accessing comprises complying with a first authentication procedure performed by the service provider and said step of sending comprises complying with a second authentication procedure performed by the client controller, the second authentication procedure being independent of the first authentication procedure.
  - 39. The article of manufacture of claim 35, further comprising the step of:
    - sending a session continuation message to the client controller prior to the end of the predetermined period of time.
  - 40. The article of manufacture of claim 35, further comprising the step of:
    - sending an end session message to the client controller.
  - 41. The article of manufacture of claim 35, wherein the communications network is the Internet and the client control protocol is an in-band protocol transmitted using transmission control protocol/Internet protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WeCom Systems, LLC
Original Assignee
Optimumpath LLC
Inventors
Spearman, Anthony C.
Primary Examiner(s)
BROWN, CHRISTOPHER J

Application Number

US10/223,255
Publication Number

US 20030051170A1
Time in Patent Office

3,582 Days
Field of Search

713/154, 713/162, 713/182, 726/15, 726/12, 726/14, 726/27, 380/249, 370/901
US Class Current

713/182
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 67/14   Session management for real...

H04L 67/535   Tracking the activity of th...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

H04W 12/086   using security domains

H04W 40/00   Communication routing or co...

H04W 84/18   Self-organising networks, e...

Secure and seamless wireless public domain wide area network and method of using the same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and seamless wireless public domain wide area network and method of using the same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links