52 results about "Captive portal" patented technology

A captive portal technology for registering and authenticating attendees, and for collecting the personal-preferences and social-profile details of individuals participating in a live-event in real-time, is disclosed. Wi-Fi connections within the live-event location are used to register and authenticate the individuals onto a proxy server. Once registered and authenticated, the proxy-server enables a monitoring main server to collect and store the preferences, activities and social profile of the individual in a dedicated database. The authentication provides the individual access to the web for social networking, blogging and other activities at the live-event site. Authorities of live-events are thereby able can identify the individual participants and their habits to provide real time information to improve ticket sales methods, provide incentives, on-site purchase capability and focused advertisements relating to the live-event to improve the live event experience of each individual.

The captive portal environment exists where there is only a single available communication service that is available to the user. An example of a captive portal environment is on board an aircraft in flight, where the passengers have no access to any communication services, other than the aircraft resident wireless Local Area Network. The Restricted LAN Internet Access System functions in the aircraft to grant the user a temporary Internet session so they can download a prerequisite application from the Internet to make use of an application/service resident on the Restricted LAN in the aircraft.

The Ethernet confirming access method is a wideband access method for computer network. The present invention adopts unique double web page server technology, and performs the access control and bandwidth limitation via the user access list operation. The unique forced entrance guard technology can re-orient the unauthorized user request imperatively. The present invention realizes the conformation, authorization, charge and bandwidth limitation of users via web page confirming process without needing any client end software, and this simplifies the user's operation, is independent with the user's operation platform and can operate simple and practically.

A method and system for detecting captive portals includes a two phase captive portal detection process whereby an initial HTTP ping request is sent from the endpoint captive portal detection application on an end user computing system to an Internet accessible web server. The Internet accessible web server is expected to return an initial response token to the endpoint captive portal detection application in response to the initial HTTP ping request and if the expected initial response token is received, an initial HTTPS query request is then sent together with the returned initial response token that requires server/client mutual authentication. If mutual authentication is accomplished, then it is determined that the user is not in a captive portal. Follow up HTTP ping requests are then periodically generated by the endpoint captive portal detection application and if the responses to the follow up HTTP ping requests do not change, i.e., the token does not change, no new HTTPS query request is sent.

A system (100) and method (200) are disclosed for scalable captive portal and re-direct. A system that incorporates teachings of the present disclosure may include, for example, an authenticating server (114) having a controller (302) that manages operations of network application server (104) and a plurality of network routers (106). The controller can be programmed to receive a request for authenticating or authorizing a user (108, 110) via one of the plurality of network routers, authenticate or authorize the user when received authentication or authorization information matches stored information (120), and instruct the network application server to route traffic via one among the plurality of network routers to a captured portal at a webserver (112). The controller can be further programmed to capture (204) a portal during the authenticating or authorizing step and to load balance (208) traffic to the plurality of network routers. Additional embodiments are disclosed.

Authorizing remote access points for use in a network: A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate which can be used to establish a secure connection between networked entities. After the remote access point is provisioned to communicate securely to a controller using its TCP/IP address provided by a user, the remote access point is put into an un-authorized state by the controller pending further authorization. The user is presented with a secure captive portal page authenticating the end-user. This authorization may be through entering a user name and password, through presenting a certificate, through two-factor methods, or other methods known to the art. User's authentication credentials are verified by the controller. Optionally this verification can be performed using a per-user certificate. After the remote access point has been authorized, the controller marks it verified as a fully functional node, and saves this state. The user performing the authorization is associated with the remote access point, and may be used to monitor the usage and potentially revoke the authorization. The remote access point is provisioned with the current provisioning parameters for the remote access point as configured by the IT administrator for the end user, so that each remote access point can have unique per-user configuration applied.

A network device may include a supplicant framework to generate a first 802.1x packet using a MAC address, associated with a first device as a first username and password in the first 802.1x packet; and generate a second 802.1x packet using a second username and password received from a second device via a captive-portal web page. The network device may further include an authenticator state machine to authenticate the first device with a Remote Authentication Dial In User Service (RADIUS) server using a first Extensible Authentication Protocol (EAP) packet that includes the first 802.1x packet; authenticate the second device with the RADIUS server using a second EAP packet that includes the second 802.1x packet; receive a third EAP packet from a third device; and authenticate the third device with the RADIUS server using the third EAP packet.

A capture device obtains customer data and electronic signatures via a captive portal. The capture device analyzes a digital form provided by a user and automatically configures a digital version of the form for signing. When a client device associated with a customer connects to the capture device, the capture device triggers a captive portal to appear on the client device. The capture device renders the digital form within the captive portal. The customer can then fill out, electronically sign, and submit the form. The capture device generates an audit trail for the electronically signed form based on identifying data captured transparently from the client device. The capture device establishes a secure connection with the client device for enhanced security and to prevent the client device from displaying security warnings.

The invention provides a method of forcing door attestation on user access in 802.1X accessing mode. The method firstly extends the existing EAP (extendable attestation protocol), thus increasing message types of EAP URL (united resource locator). On this basis, it includes the steps: receiving user connection establishing requirement message by accessing controller, attesting user validity: if the authentication succeeds, notify the user to log on and send EAP-URL message to the user. It provides an effective extension for the existing 802.1X service, thus realizing more effective service supporting.

The present disclosure relates to a technique based on Machine-learning to fingerprint and classify Access Points (AP), using HyperText Transfer Protocol (HTTP) information. Fingerprint and classify Access Points are useful to detect if the AP is benign or malicious, to assess the potential trustworthiness of an AP to the user, to detect AP type, to detect AP infrastructure, to infer an AP web-service software type and version, to detect if AP is software-based or hardware-based, to detect AP running services, to detect AP network configuration, to detect specific malicious tools that are used by attackers to emulate an AP, to detect Fake AP attack, Phishing attacks, Evil Twin Attacks, and any other threats that modify or implement an AP HTTP server or webpage. The proposed technique makes advantage of the captive portal detection packet exchange between a station and an Access Point to passively classify the AP.

An unregistered cable modem is in a cable operator network having a computer, a dynamic host configuration protocol (DHCP) server, a spoofing domain name system (DNS) server and a good DNS server, a captive portal application, and a trivial file transfer protocol (TFTP) server. The cable modem is provisioned by the cable modem obtaining a configuration, rebooting, and activating the configuration. The computer obtains a plurality of computer configuration parameters including an IP address of the spoofing DNS. The spoofing DNS server answers an HTTP request from the computer with an IP address associated with the captive portal application. The captive portal obtains an activation code from the computer, verifies the activation code is correct, and forces the cable modem to reboot.

A captive portal service offering system includes an advertising server hosting at least one captive portal service offering page, a registration server configured to provide user account information associated with a user account, and an interface device associated with the user account. The interface device is configured to retrieve, from the registration server, user account information. Based on the user account information, the interface device determines whether to present the at least one captive portal service offering page to the at least one client device. In response to the determination, the interface device directs at least one client device to the at least one captive portal service offering page. The interface device receives a user selection of the network service offered by the at least one captive portal service offering page and transmits the user selection to the registration server.

The invention discloses an ADSL wireless router and a method and a system for using the router to realize a captive portal under a bridge pattern. A captive portal unit is arranged in a Linux kernel of the router. The captive portal unit comprises a storage module for storing network address of the captive portal; an intercepting and capturing module for intercepting and capturing a data message transmitted by a client; a judging module for judging whether the data message is a Get request message in a Http message; a processing module for generating a replying message comprising redirected network address according to the portal network address stored by the storing module; and a replying module for returning the replying message back to the browser of the client, wherein the browser of the client will initiate a new request to require the redirected network address so as to achieve the function of the captive portal.

The invention discloses a method of realizing compulsory door in WEB authentication. It applies in concourse equipment under which many users is accessed. Its steps are as follows: user sends message to BAS; BAS judges transmitting rights, if not permitting, BAS judges whether the message is DNS request message, if false, then discarding, or BAS judges whether it needs WEB authentication, if false, then discarding, or BAS gives DNS response to the user; after user gets the DNS response, authentication web pages appointed by BAS is downloaded. Authentication can be done by user inputting any domain name, so it is convenient for both operation company and user.

The invention presented personalized biofeedback computerized system, an End-to-End eHealth smart platform for analysis, diagnosis and therapy of types of behavioral disorders. The system comprises a Captive Portal (CP) data input for initial input data and for continuous input data, a database comprising data, a Computer Processing Manager (CPM) for processing the patient data and the database, a Graphical User Interface (GUI) for interfacing with a user, and an Electroencephalography (EEG) or hemoencephalography (HEG) cap for stimulating predetermined areas in the brain, wherein the CPM is interconnected to the CPP, the database and the GUI, the CPM provides instructions for cranial electrode mediated stimulation to the areas in the brain according to a predetermined patient data dependent protocol, and the database provides external data. A preferred embodiment of the invention is a multilayered bio-feedbacking system.