US2006234678A1PendingUtilityA1

Method and system for managing data traffic in wireless networks

Assignee: BLUESOCKET INCPriority: Sep 28, 2001Filed: Mar 8, 2006Published: Oct 19, 2006
Est. expirySep 28, 2021(expired)· nominal 20-yr term from priority
H04W 84/12H04L 63/0272H04L 63/0861H04L 63/168H04W 88/16H04W 74/00H04W 92/02H04L 1/22H04L 63/105H04L 63/0823H04W 84/18H04L 63/102H04L 63/0209H04L 63/083H04L 63/08H04W 12/069H04W 12/088H04W 12/068
44
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention can be used to facilitate the integration of wireless capability provided by wireless access points into an enterprise computer network. A gateway server is interposed between wireless access points and protected networks to provide security and integration functions, for example, authentication, access control, link privacy, link integrity, and bandwidth metering in various embodiments. Use of such a gateway server allows substantial control to be gained over network access even with the use of relatively simple access points. In general, such a gateway server receives a request to access the protected network. An authentication subsystem of the gateway server authenticates the user, preferably by accessing an external authentication server and returns a role to the authenticated user. An access controller in the gateway server provides differential access to the protected network based on the user's assigned role. A multiple gateway servers can be connected together to form a mesh network architecture.

Claims

exact text as granted — not AI-modified
1 . A method for managing access control and security with a gateway server interposed between a wireless local area network and a protected network, the method comprising the steps of: 
 (a) receiving, by a first gateway server from a user of a mobile device that is in communication with the gateway server via a wireless access point, a request to access the protected network;    (b) authenticating the user by the gateway server using an authentication server external to the gateway server;    (c) assigning a role to the authenticated user; and    (d) providing access to the protected network based on the assigned role.    
     
     
         2 . The method of  claim 1  further comprising providing a second gateway server interposed between the wireless network and the protected network for a fail-over configuration, and wherein step (a) further comprises receiving the request by the second gateway server if the first gateway server fails.  
     
     
         3 . The method of  claim 1 , wherein the request to access the protected network received in step (a) comprises an identifier and authentication information.  
     
     
         4 . The method of  claim 3 , wherein the identifier comprises at least one of a username, an email address, and an unique name.  
     
     
         5 . The method of  claim 3 , wherein the authentication information comprises at least one of a PIN, password, digital certificate, encryption key, and digital code.  
     
     
         6 . The method of  claim 1 , wherein the request to access the protected network received in step (a) comprises a request to access network resources.  
     
     
         7 . The method of  claim 6 , wherein the authenticating step (b) comprises authenticating a previously authenticated user without requiring communication of authentication information.  
     
     
         8 . The method of  claim 1 , wherein the external authentication server comprises a RADIUS server.  
     
     
         9 . The method of  claim 1 , wherein the external authentication server comprises a LDAP server.  
     
     
         10 . The method of  claim 1 , wherein the external authentication server comprises a NTLM server.  
     
     
         11 . The method of  claim 10 , wherein the use of the external authentication server is transparent to the user.  
     
     
         12 . The method of  claim 11  further comprising the steps of: 
 (i) passively monitoring an authentication process, wherein the user makes a request to authenticate to a server; and    (ii) if the user successfully authenticates, assigning a role based on the server with which the user authenticated.    
     
     
         13 . The method of  claim 11 , wherein the server is a Windows 2000 or NT server.  
     
     
         14 . The method of  claim 1 , wherein the authenticating step (b) is performed substantially according to one of the Point-to-Point Tunneling Protocol (PPTP) or the IPSec protocol.  
     
     
         15 . The method of  claim 1  further comprising, prior to step (a), the step of defining the role for the user.  
     
     
         16 . The method of  claim 15 , wherein the step of defining a role further comprises: 
 (i) specifying network resources available;    (ii) specifying a degree of access to the protected network; and    (iii) specifying an available connection bandwidth.    
     
     
         17 . The method of  claim 16 , wherein-the defining step further comprises: 
 (iv) specifying a tunneling protocol.    
     
     
         18 . The method of  claim 16 , wherein the defining step further comprises: 
 (v) specifying an inherited role.    
     
     
         19 . The method of  claim 1  further comprising replicating a plurality of second gateway servers interposed between the wireless network and the protected network from the first gateway server.  
     
     
         20 . The method of  claim 1  further comprising protecting from illicit monitoring using a secure web browser page.  
     
     
         21 . The method of  claim 1  further comprising detecting unauthorized access points by monitoring network traffic.  
     
     
         22 . A gateway server for interposition between a wireless local area network and a protected network, the server comprising: 
 (a) a receiver for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network;    (b) an authentication subsystem for externally authenticating the user;    (c) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user; and    (d) an access controller in communication with the assignor for providing access to the protected network based on the assigned role.    
     
     
         23 . The gateway server of  claim 22  further comprising a second gateway server for interposition between the wireless network and the protected network to provide a fail-over configuration, and wherein the second gateway server receives the request if the first gateway server fails.  
     
     
         24 . The gateway server of  claim 22 , wherein the request to access the protected network received by the receiver comprises an identifier and authentication information.  
     
     
         25 . The gateway server of  claim 24 , wherein the identifier comprises at least one of a username, an email address, and an unique name.  
     
     
         26 . The gateway server of  claim 24 , wherein the authentication information comprises at least one of a PIN, password, digital certificate, encryption key, and digital code.  
     
     
         27 . The gateway server of  claim 22 , wherein the request to access the protected network received by the receiver comprises a request to access network resources.  
     
     
         28 . The gateway server of  claim 27 , wherein the external authentication server authenticates the user as a user that previously authenticated without requiting communication of authentication information.  
     
     
         29 . The gateway server of  claim 22 , wherein the external authentication server used comprises a RADIUS server.  
     
     
         30 . The gateway server of  claim 22 , wherein the external authentication server used comprises a LDAP server.  
     
     
         31 . The gateway server of  claim 22 , wherein the external authentication server used comprises a NTLM server.  
     
     
         32 . The gateway server of  claim 31 , wherein the use of the external authentication server is transparent to the user.  
     
     
         33 . The gateway server of  claim 32 , the server further comprising: 
 a passive monitor for monitoring an authentication process, wherein the user makes a request to authenticate to a server and    if the user authenticates successfully, assigning a role based on which server the user successfully authenticated.    
     
     
         34 . The gateway server of  claim 22 , wherein user authenticates with a Windows 2000 or NT server.  
     
     
         35 . The gateway server of  claim 22 , wherein the communication between the mobile device and the gateway server substantially is according to one of the Point-to-Point Protocol (PPTP) or the IPSec protocol.  
     
     
         36 . The gateway server of  claim 22  further comprising a role definer for defining the role for the user.  
     
     
         37 . The gateway server of  claim 36 , wherein the role definer further comprises: 
 (i) specifying network resources available;    (ii) specifying a degree of access to the protected network; and    (iii) specifying an available connection bandwidth.    
     
     
         38 . The gateway server of  claim 37 , wherein the role definer further comprises: 
 (iv) specifying a tunneling protocol.    
     
     
         39 . The gateway server of  claim 37 , wherein the role definer further comprises: 
 (v) specifying an inherited role.    
     
     
         40 . The gateway server of  claim 22  further comprising a replicator for replicating a plurality of second gateway servers for interposition between the wireless network and the protected network from the gateway server.  
     
     
         41 . The gateway server of  claim 22  further comprising a secure web browser page.  
     
     
         42 . The gateway server of clam  22  further comprising a detector for detecting unauthorized access points by monitoring network traffic and signals.  
     
     
         43 . A gateway server for interposition between a wireless network and a protected network, the server comprising: 
 (a) means for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network;    (b) means for externally authenticating the user;    (c) means for assigning a role to the authenticated user; and    (d) means for providing access to the protected network based on the assigned role.    
     
     
         44 . A mesh network of gateway servers comprising: 
 a plurality of gateway servers each in communication with a wireless local area network and a protected network, each of the plurality of gateway servers in communication with each other to facilitate hand-off of a mobile device from one of the plurality of gateway servers to another of the plurality of gateway servers, and,    wherein each of the plurality of gateway servers comprises: (i) a receiver for receiving, from a user of a mobile device via a wireless access point, a request to access the protected network; (ii) an authentication subsystem for externally authenticating the user; (iii) a role assignor in communication with the receiver and the authentication subsystem for assigning a role to the authenticated user; and (iv) an access controller in communication with the assignor for providing access to the protected network based on the assigned role.    
     
     
         45 . The network of  claim 44 , wherein each of the plurality of gateway servers provides a fail-over configuration and configuration replication.  
     
     
         46 . The system of  claim 44 , wherein at least two of the plurality of gateway are in communication with substantially different types networks.  
     
     
         47 . The system of  claim 46 , wherein at least one of the plurality of gateway servers supports a cellular network.  
     
     
         48 . The system of  claim 46 , wherein at least one of the plurality of gateway servers are in communication with radio-frequency based network.

Join the waitlist — get patent alerts

Track US2006234678A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.