WO2013098840A2 - A system and a method to provide wireless data services ensuring a secure network platform - Google Patents

A system and a method to provide wireless data services ensuring a secure network platform Download PDF

Info

Publication number
WO2013098840A2
WO2013098840A2 PCT/IN2012/000700 IN2012000700W WO2013098840A2 WO 2013098840 A2 WO2013098840 A2 WO 2013098840A2 IN 2012000700 W IN2012000700 W IN 2012000700W WO 2013098840 A2 WO2013098840 A2 WO 2013098840A2
Authority
WO
WIPO (PCT)
Prior art keywords
unit
network
access
user
connection unit
Prior art date
Application number
PCT/IN2012/000700
Other languages
French (fr)
Other versions
WO2013098840A3 (en
Inventor
Srikrishnan D.V
Original Assignee
Tata Teleservices Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tata Teleservices Limited filed Critical Tata Teleservices Limited
Publication of WO2013098840A2 publication Critical patent/WO2013098840A2/en
Publication of WO2013098840A3 publication Critical patent/WO2013098840A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information

Definitions

  • the user may be prompted at provider selection time with a second (personalized) Web page with information on his or her account profile, promotions, and links to partners offering other fancy services.
  • Authentication is the process that allows communicating entities to verify such identities.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A portable connector apparatus, the apparatus comprising a connection unit configured to access any network, a configuration unit coupled to the connection unit, configured to access any machine and/or hardware component, a start up unit coupled to both the connection unit and the configuration unit, configured to build a custom landing page, and an information Unit coupled to the start up unit, configured to provide location and/or user specific information on the landing page.

Description

A SYSTEM AND A METHOD TO PROVIDE WIRELESS DATA SERVICES ENSURING A SECURE NETWORK PLATFORM FIELD OF DISLCOSURE
The present disclosure refers to a system and a method to provide wireless data services ensuring a secure net.
BACKGROUND
Wireless broadband penetration is set to overtake wire line broadband, especially in the SMB and Enterprise segments. The large volume 3G e-sticks indicate the potential for wireless broadband in all segments.
SUMMARY
A portable connector apparatus, the apparatus comprising a connection unit configured to access any network, a configuration unit coupled to the connection unit, configured to access any machine and/or hardware component, a start up unit coupled to both the connection unit and the configuration unit, configured to build a custom landing page, and an information Unit coupled to the start up unit, configured to provide location and/or user specific information on the landing page.
The custom landing page is an extension of the wireless data card promising user Level customization and abstraction. In the scenario of 3G services users have mix of either the EvDO / 3G dongles and still connect to the network with the same user ID and password.
The present invention also brings in its wake a promise to be used to post online information on the custom landing page. And such information can be customized as per the location and the user's profile. BRIEF DESCRIPTION OF DRAWINGS:
The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and components. Figure 1: illustrates a block diagrammatic representation for a secure net
DETAILED DESCRIPTION:
The following discussion provides a brief, general description of a suitable environment in which various embodiments of the present disclosure can be implemented. The aspects and embodiments are described in the general context of computer executable mechanisms such as routines executed by a general purpose computer e.g. a server or personal computer. The embodiments described herein can be practiced with other system configurations, including internet appliances, hand held devices, multi-processor systems, microprocessor based or programmable consumer electronics, network PCs, mini computers, mainframe computers and the like. The embodiments can be embodied in a special purpose computer or data processor that is specifically programmed configured or constructed to perform one or more of the computer executable mechanisms explained in detail below.
The Secure Net provides a custom landing page before providing the private / public network access to the user. The user is made to authenticate on this page with user name and password. Only authenticated users are allowed access to the network. This provides peace of mind to enterprise that even if the dongle is lost, it cannot be misused. Another application of this is to provide guest data cards. The admin can provide a data card to a visitor or hotel guest in rotation and the username/password will be different. This is very beneficial model for companies who often have visitors and who need. We used existing products available in market and created our own network routing configuration to enable this service. The user needs a regular Photon+/3G e-stick data card from Tata Teleservices. In order to deliver the branded login page, we have initiated discussion with few of the players in market who provide a portal authentication server. The tunneling protocol recommended in this case is L2TP. The L2TP Access Concentrator (LAC) functionality supported by the PDSN, encapsulates the mobile station's PPP session and carries it over an arbitrary IP network to a remote L2TP Network Server (LNS), which terminates the PPP link in the private network. The mobile user's PPP link is effectively relayed through the PDSN over an L2TP tunnel to a remote LNS, which terminates the PPP link and, in combination with the home AAA server, provides primary authentication and address assignment functions, enabling private network owners to retain a significant amount of control over MS authentication and address assignment. The PDSN and its associated AAA server complete only enough of CHAP negotiations to discover the address of the LNS.
The access control function is enforced at the point of termination of access protocols by admitting network access only after the access protocol authentication phase has completed successfully. It is possible to enforce network access control via a captive portal approach. This method is commonly used in Wireless LAN-based access networks and broadband access networks. It forces users to authenticate by filling in a form on a Web page, which is the only place they can access after gaining IP connectivity.
The TCP redirect functionality— implemented on a network device or a plain router placed at the edge of a VPN (or any IP network)— inspects all IP packets up to the transport layer. If the protocol is TCP and the port number is recognized to be HTTP, the network destination address and the HTTP header are modified to request the Web page that corresponds to the portal credential input page. Alternatively, when the network device is not built to operate at the application level, the portal itself may have the intelligence to always respond to incoming HTTP requests from not registered (admitted) IP addresses by sending via HTTP the sign-on Web page. Once user credentials are collected and the user is successfully authenticated, the network device, informed by the portal, lifts the TCP redirect functionality and lets user traffic flow freely, perhaps until some other event— such as user inactivity timer, usage time or volume limit overflow, an interval allowed before new authentication is required, or even redirection to some advertisement page— does not modify this state.
In addition, the user may be prompted at provider selection time with a second (personalized) Web page with information on his or her account profile, promotions, and links to partners offering other fancy services. Authentication is the process that allows communicating entities to verify such identities.
When site-to-site connectivity is set up, or when virtual dial-up networks are used and L2TP tunnel setup authentication is required between the L2TP Access Concentrator (LAC) and the L2TP Network Server (LNS), the RADIUS server applied on the Network gives out the response. This would be the network level authentication and accounting mechanism deployed. In the Secure Net the second level of Authentication is given in the form of the Captive Portal Customized Page. This provides the L2TP tunneling for the end User. Tunneling involves encapsulation of certain data packets within other packets according to a set of rules implemented at both ends of the tunnel. As a result, the contents of encapsulated packets become invisible to the public insecure network over which this packet is being transmitted. Figure 1 illustrates a simplistic view of an apparatus (100) with a connection unit (101), a configuration unit (102), a start up unit (103), and an information unit (104). The connection unit (101) is connected to and coupled to configuration unit (102) and start up unit (103). The startup unit (103) is coupled to connection unit (101) and configuration unit (102). The connection unit (101) is further configured to network (105) and the configuration unit (102) is configured to machine and/or hardware component (106). The custom landing page (107) resides inside start up unit (103). The information unit (104) provides unreserved information (108).
The connection unit (101) establishes a connection with the network and provides its services to the configuration unit (102). The configuration unit (102) coupled to the connection unit (101) uses the network services and sees that the machine and/or the hardware component it caters to and interfaces with is compatible and is configurable with the network services and with itself. Having established that, the configuration unit (102) configures and connects with the start up unit (103) which initiates a custom landing page (107). A custom landing page is the first page that opens in the browser window before the services of the network (105) can be availed. The startup unit (103) thus initiating the custom landing page provides the same quantum and quality of services irrespective of the change in location. The information unit (104) coupled and connected to the start up unit (103) provides unreserved information (108) that resides inside it. The unreserved information (108) is independent of the location and the user taking the services of the apparatus (100), provided the user's authorization rights match that of the user using the apparatus earlier. The implementation flow entails that the user uses his dongle with special APN to connect to network and requests for web services from the network ( 108). This leads to the establishing of a normal connection to the base station on wireless and the establishment of a base station controller (BSC) or a packet control function(PCF) for session creation. A base station controller (BSC) provides intelligence behind a base transceiver in the wireless and mobile computing. A BSC typically has tens or even hundreds of base transceivers under its control. A PCF is an entity in a radio access network that controls transmission of packets between base station and packet data serving node (PDSN). PDSN terminates session and requests the Authorization Authentication Accounting (AAA) for authentication of special Access point name (APN). An APN typically allows a user's computer to access the web services using mobile phone network, for a person ordinarily skilled in the art. For a person specifically skilled in the art it is a configurable network identifier uses by a mobile device when connecting to GSM carrier. AA authorizes the user and returns the special configuration parameters for delivering the service. The L2TP tunneling is performed at the network level. The Http request is forwarded to the server which returns the customized login page based on the special configuration assigned to the user. Having taken care of that, the user sees his custom landing page and input his username/password for accessing the internet. The server then authenticates the username/password and validates the rules set for the user. After validation, server routes the traffic to Internet or the intranet and user is able to access the web services that he had requested for.
The present invention is not to be limited in scope by the specific embodiments and examples which are intended as illustrations of a number of aspects of the invention and all embodiments which are functionally equivalent are within the scope of this invention. Those skilled in the art will know, or will be able to ascertain using no more than routine experimentation, many equivalents to the specific embodiments of the invention described herein. These and all other equivalents are intended to be encompassed by the following claims.

Claims

We claim: l.A portable connector apparatus, the apparatus comprising:
Connection unit configured to access any network;
Configuration unit coupled to the connection unit, configured to access any machine and/or hardware component;
Start up unit coupled to both the connection unit and the configuration unit, configured to build a custom landing page, and
Information Unit coupled to the start up unit, configured to provide location and/or user specific information on the landing page.
2. The apparatus as claimed in claim 1, wherein a network is a collection of computers and devices interconnected by communication channels that facilitate communications and allow sharing of resources and information among interconnected devices.
3. The apparatus as claimed in claim 1 and 2, wherein the connection unit is configured to provide access to such a network.
4. The apparatus as claimed in any of claims 1 to 3, wherein the connection unit is further configured to provide access to such a network based on the level of authorization and abstraction allowed to a user.
5. The apparatus as claimed in claim 1, wherein the configuration unit is configured to access any machine and/or hardware component which is compatible with the apparatus.
6. The apparatus as claimed in claim 1 and 5, wherein the configuration unit is compatible with the apparatus and exploits the characteristics of the apparatus to provide access to connection unit.
7. The apparatus as claimed in claim 1, wherein a custom landing page is a start up login page that opens in a browser window before accessing the network.
8. The apparatus as claimed in claim 7, wherein the start up unit is configured to the custom landing page involving providing the same quantum and quality of services irrespective of a change in location.
9. The apparatus as claimed in claim 1 and 7, wherein the start up unit comprises means to provide an interaction platform to it users involving page updates, creation of links and hyperlinks and communication with fellow users.
10. The apparatus as claimed in claim 1, wherein information unit configured to provide location and/or user specific information comprises information which is :
independent of the location and; independent of the user but with same authorization rights .
PCT/IN2012/000700 2011-10-24 2012-10-25 A system and a method to provide wireless data services ensuring a secure network platform WO2013098840A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2998MU2011 2011-10-24
IN2998/MUM/2011 2011-10-24

Publications (2)

Publication Number Publication Date
WO2013098840A2 true WO2013098840A2 (en) 2013-07-04
WO2013098840A3 WO2013098840A3 (en) 2013-10-03

Family

ID=48698739

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2012/000700 WO2013098840A2 (en) 2011-10-24 2012-10-25 A system and a method to provide wireless data services ensuring a secure network platform

Country Status (1)

Country Link
WO (1) WO2013098840A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2846552A1 (en) * 2013-09-10 2015-03-11 Alcatel Lucent Delivery of digital content to communication devices in a geographical location
CN108235315A (en) * 2016-12-15 2018-06-29 中国电信股份有限公司 Terminal exempts from the wireless VPDN cut-in methods and system of configuration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6718372B1 (en) * 2000-01-07 2004-04-06 Emc Corporation Methods and apparatus for providing access by a first computing system to data stored in a shared storage device managed by a second computing system
US7165117B1 (en) * 1998-11-12 2007-01-16 Cisco Technology, Inc. Dynamic IP addressing and quality of service assurance
US7506069B2 (en) * 2003-04-25 2009-03-17 Sap Ag Accessing data in a computer network
US20090327032A1 (en) * 2008-06-26 2009-12-31 Microsoft Corporation Quality based pricing and ranking for online ads
US20110218862A1 (en) * 2009-11-13 2011-09-08 Dreamwell, Ltd. Manufacturer-linked landing page for online advertising

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7165117B1 (en) * 1998-11-12 2007-01-16 Cisco Technology, Inc. Dynamic IP addressing and quality of service assurance
US6718372B1 (en) * 2000-01-07 2004-04-06 Emc Corporation Methods and apparatus for providing access by a first computing system to data stored in a shared storage device managed by a second computing system
US7506069B2 (en) * 2003-04-25 2009-03-17 Sap Ag Accessing data in a computer network
US20090327032A1 (en) * 2008-06-26 2009-12-31 Microsoft Corporation Quality based pricing and ranking for online ads
US20110218862A1 (en) * 2009-11-13 2011-09-08 Dreamwell, Ltd. Manufacturer-linked landing page for online advertising

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2846552A1 (en) * 2013-09-10 2015-03-11 Alcatel Lucent Delivery of digital content to communication devices in a geographical location
WO2015036247A1 (en) * 2013-09-10 2015-03-19 Alcatel Lucent Delivery of digital content to communication devices in a geographical location
CN108235315A (en) * 2016-12-15 2018-06-29 中国电信股份有限公司 Terminal exempts from the wireless VPDN cut-in methods and system of configuration
CN108235315B (en) * 2016-12-15 2021-04-23 中国电信股份有限公司 Wireless VPDN (virtual private network digital network) access method and system with configuration-free terminal

Also Published As

Publication number Publication date
WO2013098840A3 (en) 2013-10-03

Similar Documents

Publication Publication Date Title
JP6629928B2 (en) System for providing temporary internet access from a restricted local area network environment
US9015815B2 (en) Method and system for authenticating a network node in a UAM-based WLAN network
CN107404485B (en) Self-verification cloud connection method and system thereof
EP2403211B1 (en) Dual-mode multi-service vpn network client for mobile device
CN102316092B (en) VPN network client for mobile device having fast reconnect
CN102333075B (en) VPN network client for mobile device having fast reconnect
EP1575230B1 (en) Server for routing connection to client device
CN102333110B (en) VPN network client for mobile device having fast reconnect
US8533329B2 (en) Apparatus and method for integrating authentication protocols in the establishment of connections between computing devices
CN102316153B (en) VPN network client for mobile device having dynamically constructed display for native access to web mail
EP2403206A1 (en) Multi-service vpn network client for mobile device having integrated acceleration
US20110302643A1 (en) Mechanism for authentication and authorization for network and service access
EP2403212A1 (en) Multi-Service VPN Network Client for Mobile Device
US20060195893A1 (en) Apparatus and method for a single sign-on authentication through a non-trusted access network
CN106027565B (en) A kind of method and apparatus of the intranet and extranet unified certification based on PPPOE
JP2012533920A (en) Method and apparatus for registering with an external network in a wireless network environment
CA2413944A1 (en) A zero-configuration secure mobility networking technique with web-base authentication method for large wlan networks
WO2018191854A1 (en) Method for accessing fixed network and access gateway network element
EP2606663A1 (en) A system and method for wi-fi roaming
EP2355439A1 (en) Accessing restricted services
US20060183463A1 (en) Method for authenticated connection setup
CN107294831A (en) Address distribution method and device
CN105101337B (en) Method for sending information and system
CN104426735B (en) A kind of method and device for establishing Virtual Private Network connection
WO2013098840A2 (en) A system and a method to provide wireless data services ensuring a secure network platform

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12863637

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 12863637

Country of ref document: EP

Kind code of ref document: A2