(12) United States Patent
`Short et al.
`
`USOO6636894B1
`(10) Patent No.:
`US 6,636,894 B1
`(45) Date of Patent:
`Oct. 21, 2003
`
`(54) SYSTEMS AND METHODS FOR
`REDIRECTING USERS HAVING
`TRANSPARENT COMPUTER ACCESS TO A
`NETWORK USING A GATEWAY DEVICE
`HAVING REDIRECTION CAPABILITY
`
`(75) Inventors: E. SR EC (US).
`s S.
`C y R
`sA 2. ar,
`g
`E. o
`A (
`Fles
`. . Pagan, LOS
`ngeles, CA (US)
`(73) ASSignee: Nyadh, Inc., Westlake Village, CA
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/458,569
`(22) Filed:
`Dec. 8, 1999
`Related U.S. Application Data
`(60) Provisional application No. 60/111,497, filed on Dec. 8,
`1998.
`(51) Int. Cl."
`
`G06F 15/173
`
`O
`
`-1 - O
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`(52) U.S. C. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 709/225; 709/249
`
`(58) Field of Search ................................. 709/225, 226,
`709/227, 229, 249; 707/1; 713/200, 201
`References Cited
`U.S. PATENT DOCUMENTS
`
`(56)
`
`5,696,898 A * 12/1997 Baker et al. ................ 713/201
`5,761,683 A : 6/1998 Logan et al.
`E. A 12/1998 Ikudome ir 713/201
`968,176. A 10/1999 Nessett et al.
`5.991.292 A * 11/1999 Focsaneanu et al. ........ 370/352
`6,219,694 B1
`4/2001 Lazaridis et al. ........... 709/206
`6,317,790 B1 * 11/2001 Bowker et al. ......
`... 709/225
`6,317.837 B1 * 11/2001 Kenworthy .......
`713,200
`6,393,468 B1 * 5/2002 McGee .............
`... 709/218
`6,490,620 B1 * 12/2002 Ditmer et al. .............. 709/224
`
`FOREIGN PATENT DOCUMENTS
`O848338 A1
`6/1998
`(List continued on next page.)
`OTHER PUBLICATIONS
`Cisco; Single-User Network Access Security TACACS+;
`Mar. 30, 1995; 9 pages; Cisco White Paper; XP002124521.
`D. Brent Chapman, Elizabeth D. Zwicky; Building Internet
`Firewalls,
`Nov.
`1995;
`pp.
`131-188;
`O'Reilly;
`XPOO2202789.
`(List continued on next page.)
`Primary Examiner Mehmet B. Geckil
`(74) Attorney, Agent, or Firm-Alston & Bird LLP
`(57)
`ABSTRACT
`Systems and methods for dynamically creating new users
`having transparent computer access to a destination
`network, wherein the users otherwise have access to a home
`network through home network Settings resident on the
`users computers, and wherein the users can access the
`destination network without altering the home network
`Settings. The System includes a gateway device for receiving
`a request from a user for access to the destination network,
`and in communication with the gateway device, and an
`Server in communication with the gateway device and user
`profile database. The AAA server determines if user is
`entitled to access the destination network based upon the
`acceSS information Stored within the user profile database,
`and wherein the AAA Server redirects the user to a login
`page where the access information does not indicate the
`user's right to access the destination network. The Systems
`and methods of the present invention can also redirect users
`having transparent computer access to a destination
`network, wherein the users otherwise have access to a home
`network through home network Settings resident on the
`s
`users computers, and wherein the users can access the
`destination network without altering the home network
`tti
`9.
`sellings.
`
`a user profile database comprising Stored access information
`
`Authentication, Authorization and Accounting (AAA)
`
`11 Claims, 1 Drawing Sheet
`
`10
`A
`
`24
`DHCP
`SERVER
`
`16-y
`ACCESS
`CONTROLLER
`
`12-y
`GATEWAY
`DEWCE
`
`18,
`
`ROUTER
`
`14\COMPUTER
`
`14N
`COMPUTER
`
`
`
`14-COMPUTER
`14 computer
`
`22
`
`22
`
`20
`
`(C)
`
`20
`
`EXHIBIT 1005
`Guest-Tek v. Nomadix, IPR2018-00376
`
`

`

`US 6,636,894 B1
`Page 2
`
`FOREIGN PATENT DOCUMENTS
`
`OTHER PUBLICATIONS
`
`EP
`EP
`EP
`WO
`WO
`WO
`WO
`WO
`
`O8894.18 A2
`O 909 O73 A2
`O986230 A2
`WO 96/39668
`WO 98/12643
`WO 99/57865
`WO 99/57866
`WO 99/66400
`
`1/1999
`4/1999
`3/2000
`12/1996
`3/1998
`11/1999
`11/1999
`12/1999
`
`Susan Hinrichs; Policy-Based Management Bridiging the
`Gap; Dec. 6, 1999, pp. 209-218; Computer Security Appli
`cations Conference, 1999 (ACSAC 1999), Proceedings, 15'
`Annual Phoenix, Arizona, USA Dec. 6-10, 1999, Los
`Alamitos, California, IEEE Comput. Soc.; XP010368586.
`* cited by examiner
`
`

`

`Oct. 21, 2003
`
`ANNOa
`
`U.S. Patent
`U.S. Patent
`
`acc
`
`
`
`YALNdWNOOKpT
`
`YaANaS44OHaYALNdWOOHpTa"
`
`0zJOIAICYITIOWLNOD
`
`
`4aLNOUAVMGLW9SSq00V°
`
`
`
`US 6,636,894 B1
`US 6,636,894 B1
`
`L
`
`02tTOld
`
`e
`
`YALNdNOOKpT
`
`YALNdWODKpy
`
`
`

`

`1
`SYSTEMS AND METHODS FOR
`REDIRECTING USERS HAVING
`TRANSPARENT COMPUTER ACCESS TO A
`NETWORK USING A GATEWAY DEVICE
`HAVING REDIRECTION CAPABILITY
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`The present application claim priority from U.S. Provi
`sional Patent Application Ser. No. 60/111,497, filed Dec. 8,
`1988 the contents of which are incorporated by reference.
`FIELD OF THE INVENTION
`The present invention relates generally to a gateway
`device and, more particularly, to a universal network gate
`way for redirecting to a portal page a computer transparently
`accessing a Service provider network.
`BACKGROUND OF THE INVENTION
`In order for a computer to function properly in a network
`environment, the computer must be appropriately config
`ured. Among other things, this configuration proceSS estab
`lishes the protocol and other parameters by which the
`computer transmits and receives data. In one common
`example, a plurality of computers are networked to create a
`local area network (LAN). In the LAN, each computer must
`be appropriately configured in order to exchange data over
`the network. Since most networks are customized to meet a
`unique set of requirements, computers that are part of
`different networks are generally configured in different
`manners in order to appropriately communicate with their
`respective networks.
`While desktop computers generally remain a part of the
`Same network for a Substantial period of time, laptops,
`handhelds, personal digital assistants (PDAS), cellphones or
`other portable computers (collectively “portable
`computers”) are specifically designed to be transportable. AS
`Such, portable computers are connected to different net
`WorkSat different times depending upon the location of the
`computer. In a common example in which the portable
`computer Serves as an employee's desktop computer, the
`portable computer is configured to communicate with their
`employer's network, i.e., the enterprise network. When the
`employee travels, however, the portable computer may be
`connected to different networks that communicate in differ
`ent manners. In this regard, the employee may connect the
`portable computer to the network maintained by an airport,
`a hotel, a cellular telephone network operator or any other
`locale in order to access the enterprise network, the Internet
`or Some other on-line Service. The portable computer is also
`commonly brought to the employee's residence where it is
`used to access various networks, Such as, the enterprise
`network, a home network, the Internet and the like. Since
`these other networks are configured Somewhat differently,
`however, the portable computer must also be reconfigured in
`order to properly communicate with these other networkS.
`Typically, this configuration is performed by the user each
`time the portable computer is connected to a different
`network. AS will be apparent, this repeated reconfiguration
`of the portable computer is not only quite time consuming,
`but is also prone to errors. The reconfiguration procedure
`may even be beyond the capabilities of many users or in
`Violation of their employer's IT policy. Importantly, Special
`Software must also typically be loaded onto the user's
`computer to Support reconfiguration.
`As described by U.S. patent application Ser. No. 08/816,
`174 and U.S. Provisional Patent Application Nos. 60/111,
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,636,894 B1
`
`2
`497, 60/160,973, 60/161,189, 60/161,139, 60/160,890 and
`60/161,182, a universal subscriber gateway device has been
`developed by Nomadix, Inc. of Westlake Village, Calif. The
`contents of these applications are incorporated herein by
`reference. The gateway device Serves as an interface con
`necting the user to a number of networks or other online
`Services. For example, the gateway device can Serve as a
`gateway to the Internet, the enterprise network, or other
`networks and/or on-line Services. In addition to Serving as a
`gateway, the gateway device automatically adapts to a
`computer, in order that it may communicate with the new
`network in a manner that is transparent both to the user and
`the new network. Once the gateway device has appropriately
`adapted to the user's computer, the computer can appropri
`ately communicate via the new network, Such as the network
`at a hotel, at home, at an airport, or any other location, in
`order to access other networks, Such as the enterprise
`network, or other online Services, Such as the Internet.
`The portable computer user, and more Specifically the
`remote or laptop user, benefits from being able to access a
`myriad of computer networks without having to undergo the
`time-consuming and all-too-often daunting task of reconfig
`uring their host computer in accordance with network Spe
`cific configurations. In addition, no additional Software need
`be loaded onto the computer prior to connection to the other
`network. From another perspective, the network Service
`provider benefits from avoiding “on-site” visits and/or tech
`nical Support calls from the user who is unable to properly
`re-configure the portable computer. In this fashion, the
`gateway device is capable of providing more efficient net
`work access and network maintenance to the user and the
`network operator.
`Gateway devices are typically used to provide network
`access to the remote portable computer user, Such as users in
`hotels, airports and other location where the remote portable
`computer user may reside. Additionally, gateway devices
`have found wide-spread use in multi-resident dwellings as a
`means of providing the residents an intranet that networks
`the residents, broadband Internet access and the capability to
`adapt to the variances of the residents individual enterprise
`network needs. With the advent of even smaller portable
`computing devices, Such as handhelds, PDAS, and the like,
`the locations where these users may reside become almost
`limitleSS.
`Through gateway devices Internet Service Providers
`(ISPs) or enterprise network (such as a LAN established by
`an entity Such as a hotel) providers can permit a wide variety
`of users Simple and transparent access to their networks and
`to other online Services. To take advantage of transparent
`user access to their computer networks and online Services
`enterprise networks or ISPs should be able to redirect users
`to portal pages that the enterprise or internet Service pro
`viders wish the user to acceSS or view. For instance, where
`users are located at an airport, the enterprise network admin
`istrator may wish to direct users to a portal page containing
`arrival and departure information, or to a portal page having
`the users itinerary thereon to provide the user an incentive
`to access the network. ISPs, for example, may wish users to
`access the ISPS portal page for up to the date news and
`weather, information regarding the user's Internet Service,
`and paid advertisements.
`Homepage redirection has been accomplished in the prior
`art. For example, America Online (AOL) users, upon access
`ing the internet, are directed to an AOL homepage from
`which the users can Select a variety of AOL Services, and
`which includes advertising from various companies.
`Typically, direction of users to such a page benefits the ISP
`
`

`

`US 6,636,894 B1
`
`15
`
`3
`because advertisers pay money to the ISP each time a user
`accesses the Internet, as Subscribers are a captive audience
`to advertising. Advertisers pay for Such advertising not only
`because of the captive audience, but because advertisers can
`tailor advertisements based upon the typical audience
`accessing the internet. Furthermore, AOL may market its
`Services through its homepage, and its homepage may be
`attractive to potential Subscribers. Directing users to a par
`ticular. page may serve an additional function. Users may be
`directed to a particular page, Such as a login page, So that the
`user may enter login information to be authenticated and
`authorized access on the network. Furthermore, users may
`wish to establish their own specialized portal page, Such as
`a page including favorite links, a page linking the user to the
`user's business, or a page including any other items relevant
`to the user.
`However, Such redirection of users to homepages has
`been traditionally based upon Software installed on a user's
`computer and/or configurations of user computers in com
`munication with a home network. For example, where a
`user's computer is appropriately configured for access to a
`home network, the user's computer can be configured to
`access a particular homepage on that network. This can be
`the case, for example, in businesses where users computers
`are configured to access an intranet homepage or an internet
`page specific to that company and located on the internet.
`Therefore, a method and system would be desirable which
`enables a user transparent access to a computer network
`employing a gateway device where the computer network
`can provide access to users and direct the users to portal
`pages established by the user, network administrator or
`another entity, where the direction is preferably based upon
`attributes associated with a user, Such as the user's location,
`identity, computer, or a combination thereof. Furthermore,
`Such redirection should be able to redirect users to a login
`page when the user does not otherwise have access to online
`Services or networks So that the user may login to be
`authenticated and authorized access on the network.
`
`4
`determining if the user is entitled access to the destination
`network based upon a user profile corresponding to the user
`and Stored within a user profile database in communication
`with the gateway device, and redirecting the user to a login
`page when the user profile does not include rights to acceSS
`the destination network. Furthermore, the method of the
`present invention can include the Step of forwarding the user
`to the destination network when the user profile includes
`rights to access the destination network. The method can
`also include the Step of automatically redirecting the user to
`a portal page following receipt of a request for access to the
`destination network prior to determining if the user is
`entitled access to the destination network
`According to one aspect of the invention, the method can
`include the Step of establishing a login page on a webserver
`local to the gateway device prior to redirecting the user to
`the login page. The method can also include accepting user
`information at the login page which is thereafter utilized by
`the gateway device to authorize the user access to the
`destination network. The user profile database can be
`updated with the user information.
`According to another aspect of the invention, the user may
`be forwarded from the login page and returned to a portal
`page or directed to a destination address which can be an
`Internet destination address. Redirecting the user to a login
`page can include redirecting a browser located on the user's
`computer to the login page. Furthermore, redirecting the
`browser located on the user's computer can include receiv
`ing a Hyper-Text Transfer Protocol (HTTP) request for the
`destination address and responding with an HTTP response
`corresponding to the login page.
`According to another embodiment of the invention, a
`System for dynamically creating new users having transpar
`ent computer access to a destination network is disclosed,
`wherein the users otherwise have access to a home network
`through home network Settings resident on the users
`computers, and wherein the users can access the destination
`network without altering the home network Settings. The
`System includes a gateway device for receiving a request
`from a user for access to the destination network, and a user
`profile database comprising Stored acceSS information and in
`communication with the gateway device. The System further
`includes an Authentication, Authorization and Accounting
`(AAA) Server in communication with the gateway device
`and user profile database, where the AAA Server determines
`if a user is entitled to access the destination network based
`upon the access information Stored within the user profile
`database, and wherein the AAA Server redirects the user to
`a login page where the access information does not indicate
`the user's right to access the destination network. The
`System can also direct the user to a portal page upon the
`user's access to the network, prior to determining the acceSS
`rights of the user.
`According to one aspect of the invention, the login page
`is maintained local to the gateway device. The user profile
`database and AAA Server can also be located within the
`gateway device. Furthermore, the user profile database can
`be located within the AAA server.
`According to another embodiment of the invention, the
`user profile database includes a plurality of user profiles,
`wherein each respective user profile of the plurality of user
`profiles contains acceSS information. In addition, each
`respective user profile may contain historical data relating to
`the duration of destination network acceSS for use in deter
`mining the charges due for the destination network access.
`According to another embodiment of the invention, a
`method for redirecting users having transparent computer
`
`25
`
`35
`
`SUMMARY OF THE INVENTION
`The present invention comprises a method and System for
`redirecting users to a portal page where users have trans
`parent access to a computer network utilizing a gateway
`device. The method and System advantageously operates in
`a manner transparent to the user Since the user need not
`reconfigure their computer and no additional Software need
`be added to the computer for reconfiguration purposes.
`According to the invention, users accessing the gateway
`device are redirected to a portal page. Where Stored user
`profiles permit the users access to the destination network,
`the users can be forwarded to the destination network or a
`portal page established by the network, user, or another
`entity. Otherwise, users are directed to a login page in which
`the users must input user information So that the users can
`obtain access to networks and online Services. The redirec
`tion function according to the present invention can be
`utilized to direct new or existing users to customized home
`pages established by the gateway device or individual users.
`A method for dynamically creating new users having
`transparent computer access to a destination network is
`disclosed, wherein the users otherwise have access to a
`home network through home network Settings resident on
`the users computers, and wherein the users can access the
`destination network without altering the home network
`Settings. The method includes receiving at a gateway device
`a request from a user for access to a destination network,
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`

`

`US 6,636,894 B1
`
`15
`
`S
`access to a destination network is disclosed, wherein the
`users otherwise have access to a home network through
`home network Settings resident on the users computers, and
`wherein the users can access the destination network without
`altering the home network Settings. The method includes
`receiving at a gateway device a request from a user for
`access to a destination address, Such as an Internet address,
`and redirecting the user to a portal page, wherein the user
`computer remains configured for accessing the home
`network, and wherein no additional configuration Software
`need be installed on the user's computer. Furthermore,
`redirecting the user to a portal page can comprise redirecting
`the user to a portal page created by an administrator asso
`ciated with the portal page, or redirecting the user to a portal
`page customized by the user.
`According to another embodiment of the invention, a
`System for redirecting users having transparent computer
`access to a destination network is disclosed, where the users
`otherwise have access to a home network through home
`network Settings resident on the users computers, and
`wherein the users can access the destination network without
`altering the home network Settings. The System includes a
`gateway device for receiving a request from a user for acceSS
`to the destination network, and an AAA Server in commu
`nication with the gateway device, where the AAA Server
`25
`intercepts the request from the user for access to the desti
`nation network and redirects the user to a portal page,
`wherein the user's computer remains configured for access
`ing the home network, and wherein no additional configu
`ration Software need be installed on the user's computer.
`According to one aspect of the invention, the AAA Server is
`located entirely within the gateway device. The portal page
`of the system can also be maintained on a server local to the
`gateway device.
`A unique advantage of the transparent redirection of users
`to a portal page, and, in certain circumstances from the
`portal page, to a login page where users Subscribe for
`network acceSS is that a user can obtain access to networks
`or online Services without installing any Software onto the
`user's computer. On the contrary, the entire proceSS is
`completely transparent to the user. AS Such, the method and
`apparatus of the present invention facilitates transparent
`access to destination networks without requiring a user to
`reconfigure the home network Settings resident on the user
`computer and without having to install reconfiguration Soft
`WC.
`The method and system of the various embodiments
`facilitate transparent access to a destination network.
`According to one embodiment, the method and System
`facilitate the addition of new Subscribers to the network.
`According to another embodiment, all users can be redi
`rected to a portal page, which can include advertising,
`without requiring reconfiguration of the users computers, or
`new Software to be added on the users computers.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of a computer System that
`includes a gateway device for automatically configuring one
`or more computers to communicate via the gateway device
`with other networks or other online Services, according to
`one embodiment of the present invention.
`DETAILED DESCRIPTION OF ONE
`EMBODIMENT OF THE INVENTION
`The present invention now will be described more fully
`hereinafter with reference to the accompanying drawings, in
`
`35
`
`6
`which preferred embodiments of the invention are shown.
`This invention may, however, be embodied in many different
`forms and should not be construed as limited to the embodi
`ments Set forth herein; rather, these embodiments are pro
`Vided So that this disclosure will be thorough and complete,
`and will fully convey the scope of the invention to those
`skilled in the art. Like numbers refer to like elements
`throughout.
`Referring now to FIG. 1, a computer system 10 including
`a gateway device 12 is depicted in block diagram form. The
`computer System 10 typically includes a plurality of com
`puters 14 that access a computer network in order to gain
`access to networks 20 or other online services 22. For
`example, the computerS 14 can be plugged into ports that are
`located in different rooms of a hotel, business, or a multi
`dwelling unit. Alternatively, the computers 14 can be
`plugged into ports in an airport, an arena, or the like. The
`gateway device 12 provides an interface between the plu
`rality of computers 14 and the various networks 20 or other
`online Services 22. One embodiment of a gateway device has
`been described by the aforementioned U.S. patent applica
`tion Ser. No. 08/816,174.
`Most commonly, the gateway device 12 is located near the
`computerS 14 at a relatively low position in the overall
`network (i.e., the gateway device 12 will be located within
`the hotel, multi-unit residence, airport, etc.). However, the
`gateway device 12 can be located at a higher position in the
`system by being located closer to the various networks 20 or
`other online Services 22, if So desired. For example, the
`gateway device 12 could be located at a network operating
`center or could be located before or after a router 18 in the
`computer network. Although the gateway device 12 can be
`physically embodied in many different fashions, the gateway
`device 12 typically includes a controller and a memory
`device in which Software is Stored that defines the opera
`tional characteristics of the gate way device 12.
`Alternatively, the gateway device 12 can be embedded
`within another network device, Such as an access concen
`trator 16 or a router 18. Moreover, the Software that defines
`the functioning of the gateway device 12 can be Stored on a
`PCMCIA card that can be inserted into a computer of the
`plurality of computers 14 in order to automatically recon
`figure the computer to communicate with a different com
`puter System, Such as the networks 20 and online Services
`22.
`The computer System 10 typically includes an access
`concentrator 16 positioned between the computers 14 and
`the gateway device 12 for multiplexing the Signals received
`from the plurality of computers onto a link to the gateway
`device 12. Depending upon the medium by which the
`computerS 14 are connected to the access concentrator, the
`acceSS concentrator 16 can be configured in different man
`ners. For example, the access concentrator can be a digital
`subscriber line access multiplexer (DSLAM) for signals
`transmitted via regular telephone lines, a cable head end for
`Signals transmitted via coaxial cables, a wireleSS access
`point (WAP) for signals transmitted via a wireless network,
`a cable modem termination shelf (CMTS), a switch or the
`like. As also shown in FIG. 1, the computer system 10
`typically includes one or more routers 18 and/or servers (not
`shown in FIG. 1) to control or direct traffic to and from a
`plurality of computer networks 20 or other online services
`22. While the computer system 10 is depicted to have a
`Single router, the computer System 10 can have a plurality of
`routers, Switches, bridges, or the like that are arranged in
`Some hierarchical fashion in order to appropriately traffic to
`and from the various networks 20 or online services 22. In
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`

`

`US 6,636,894 B1
`
`15
`
`25
`
`7
`this regard, the gateway device 12 typically establishes a
`link with one or more routers. The routers, in turn, establish
`links with the servers of other networks or other online
`Service providers, Such as internet Service providers, based
`upon the user's Selection. It will be appreciated by one of
`ordinary skill in the art that one or more devices illustrated
`in FIG. 1 may be combinable. For example, although not
`shown, the router 18 may be located entirely within the
`gateway device 12.
`The gateway device 12 of the present invention is spe
`cifically designed to adapt to the configuration of each of the
`computerS 14 that log onto the computer System 10 in a
`manner that is transparent to the user and the computer
`networks 20 or online services 22. In the embodiment shown
`in FIG. 1, the computer system 10 employs dynamic host
`configuration protocol (DHCP) service, which is a protocol
`well known to those of skill in the art and currently imple
`mented in many computer networks. In DHCP networks an
`IP address is assigned to an individual computer of the
`plurality of computers 14 when the computer logs onto the
`computer network through communication with the gateway
`device 12. The DHCP service can be provided by an external
`DHCP server 24 or it can be provided by an internal DHCP
`Server located within the gateway device.
`In order to allow a user of the computer to communicate
`transparently with computer networks 20 or online Services
`22, the gateway device must be able to communicate with
`the user computer, as well as the various online Services 22
`or networks 20. In order to Support this communication, the
`gateway device 12 generally performs a packet translation
`function that is transparent to both the user and the network.
`In this regard, for outbound traffic from a computer to a
`network or on-line Service, the gateway device 12 changes
`attributes within the packet coming from the user, Such as
`the Source address, checksum, and application specific
`parameters, to meet the criteria of the network to which the
`user has accessed. In addition, the outgoing packet includes
`an attribute that will direct all incoming packets from the
`accessed network to be routed through the gateway device.
`In contrast, the inbound traffic from the computer network or
`other online Service that is routed through the gateway
`device undergoes a translation function at the gateway
`device So that the packets are properly formatted for the
`user's host computer. In this manner, the packet translation
`process that takes place at the gateway device 12 is trans
`parent to the host, which appears to Send and receive data
`directly from the accessed computer network. By imple
`menting the gateway device as an interface between the user
`and the computer network or other online Service, however,
`the user will eliminate the need to re-configure their com
`50
`puter 12 upon accessing Subsequent networks as well as the
`need to load Special configuration Software on their com
`puter to Support the reconfiguration.
`Communication between users and networks or online
`Services may be effectuated through ports, for example,
`located within hotel rooms or multi-dwelling units, or
`through conventional dial-up communications, Such as
`through the use of telephone or cable modems. According to
`one aspect of the invention, users can be are redirected to a
`portal page, as described below. After being redirected to the
`portal page, the user is Subjected to a AAA process. Based
`upon the AAA process, the user may be permitted transpar
`ent access to the destination network or may be redirected to
`a login page in order to gather additional information to
`identify the user.
`Identifying the user is crucial in authorizing access to
`networks or online Services, as Such Services are typically
`
`8
`provided for a fee and may be customized based upon the
`user, user's location, or user's computer. AS discussed
`below, the user's identification may be used to direct the user
`to a specific portal page, which can be a particular webpage.
`AS Such, the System of the present invention includes means
`for identifying a user based upon an attribute associated with
`the user that is contained within the packet transmitted from
`the user's computer. Attributes can include any data well
`known in the art for identifying the user, the user's location,
`and/or the user's computer. In general, identifying a user's
`computer that accesses a network can be done by a media
`access control (MAC) associated with the computer. Iden
`tifying a computer based upon a MAC address is well known
`to those of skill in the art, and will not be discussed in detail
`herein. Additionally, the attribute can be based upon a user
`name, ID, or according to one advantageous embodiment
`described below, a particular location, Such as from a
`communications port in a hotel room. AS Such, the location
`of the user can be the identifiable attribute.
`According to one embodiment of the present invention,
`after a user accesses the computer network using a computer
`in communication with the gateway device 12, as described
`above, the user is directed to a portal page. The portal page
`may be maintained by an ISP or an enterprise network, or by
`any entry maintaining a webpage on the Internet. According
`to one aspect of the invention, the portal page can be a
`webpage containing any information whatsoever, and can be
`created by the ISP, enterprise network administrator or user.
`The portal page can contain information Specific to the user
`accessing the network, as discussed in detail below.
`Regardless of whether a user accessing the computer
`