Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US20030046366A1
Filed: 2001-02-13
Issued: 2003-03-06
Patent Holder: (Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC
Inventor(s): Shishir Pardikar, Rohan Kumar, Yun Lin, Praerit Garg, Jianrong Gu

Title: System and method for providing transparent access to distributed authoring and versioning files including encrypted files
[FEATURE ID: 1] method, stepserver, device, system, process, medium, program, memory[FEATURE ID: 1] method, WebDAV server, computer, readable medium, local application programming interface layer, Uniform Resource Identifier
[TRANSITIVE ID: 2] controlling, transmitting, determining, selecting, useproviding, processing, monitoring, identifying, generating, establishing, performing[TRANSITIVE ID: 2] receiving
[FEATURE ID: 3] user terminal access, ongoing authentication processauthorization, connectivity, accessibility, service, api, initialization, synchronization[FEATURE ID: 3] access, HTTP OPTIONS, application request
[FEATURE ID: 4] wireless local area network, mechanism, browser, authentication protocol, module, access point, communicationnetwork, node, client, service, resource, host, agent[FEATURE ID: 4] computer network, file, local cache, filename, share, server, other local component, file system
[TRANSITIVE ID: 5] comprising, utilizingby, including, implementing, at, using, wherein, of[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] stepscommands, instructions, blocks[FEATURE ID: 6] data
[TRANSITIVE ID: 7] receivingtransmitting, providing, issuing, writing, sending, delivering, forwarding[TRANSITIVE ID: 7] communicating, downloading, returning, uploading
[FEATURE ID: 8] user terminalrequest, server, network, client, processor[FEATURE ID: 8] file handle, corresponding response
[FEATURE ID: 9] request, response, determination, authentication response, packet, second state indicative, third state indicativemessage, result, notification, command, query, call, reference[FEATURE ID: 9] request, Universal Resource Identifier, response, WebDAV PROPFIND request
[FEATURE ID: 10] identity request message, authenticating, authentication mechanism, authentication request, authentication server, fourth state indicative, noncompliant user terminaladdress, interface, application, identification, identity, operation, entry[FEATURE ID: 10] application program, handle, identifier, share property information, image
[FEATURE ID: 11] HTTP serverobject, address, area[FEATURE ID: 11] local image
[FEATURE ID: 12] claimparagraph, clause, preceding claim, figure, clair, the claim, claimed[FEATURE ID: 12] claim
[FEATURE ID: 13] state informationdata, information, metadata, information property, attribute information, attribute[FEATURE ID: 13] property information, file property information
[FEATURE ID: 14] first state indicativequeue, list, record[FEATURE ID: 14] local data structure
[FEATURE ID: 15] authenticationencryption, access, information[FEATURE ID: 15] file data
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 7]

from a user terminal [FEATURE ID: 8]

a request [FEATURE ID: 9]

to access the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 10]

; receiving from the user terminal a response [FEATURE ID: 9]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 10]

mechanism [FEATURE ID: 4]

utilizing [TRANSITIVE ID: 5]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 10]

, compatible with the user terminal , in response to a determination [FEATURE ID: 9]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 10]

to an HTTP server [FEATURE ID: 11]

for utilizing a browser [FEATURE ID: 4]

based authentication protocol [FEATURE ID: 4]

. 2 . The method according to claim [FEATURE ID: 12]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 10]

and receiving an authentication response [FEATURE ID: 9]

utilizing IEEE 802.1 x protocol , and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 1]

of configuring a packet [FEATURE ID: 9]

filtering module [FEATURE ID: 4]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 13]

in the wireless local area network for use [FEATURE ID: 2]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 14]

of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 9]

of authentication failure , a third state indicative [FEATURE ID: 9]

of authentication success , and a fourth state indicative [FEATURE ID: 10]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 10]

. 6 . An access point [FEATURE ID: 4]

in communication [FEATURE ID: 4]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 15]

1 . In a computer network [FEATURE ID: 4]

, a method [FEATURE ID: 1]

comprising [TRANSITIVE ID: 5]

: receiving [TRANSITIVE ID: 2]

an I / O request initiated from an application program [FEATURE ID: 10]

directed to a file [FEATURE ID: 4]

on a WebDAV server [FEATURE ID: 1]

; communicating [TRANSITIVE ID: 7]

with the WebDAV server to determine whether the request [FEATURE ID: 9]

can be handled , and if so , downloading [TRANSITIVE ID: 7]

the file to a local cache [FEATURE ID: 4]

and returning [TRANSITIVE ID: 7]

a file handle [TRANSITIVE ID: 10]

corresponding to the file in the local cache to the application program ; providing access [FEATURE ID: 3]

to the file in the local cache via the file handle [FEATURE ID: 8]

; and receiving a request to close the file via the file handle , and when received , uploading [FEATURE ID: 7]

the file from the local cache to the WebDAV server . 2 . The method of claim [FEATURE ID: 12]

1 wherein receiving an I / O request initiated from an application program comprises , receiving a Universal Resource Identifier [FEATURE ID: 9]

corresponding to a file on the WebDAV server . 3 . The method of claim 1 wherein receiving an I / O request initiated from an application program comprises , receiving a filename [FEATURE ID: 4]

and an identifier [FEATURE ID: 10]

previously mapped to a share [FEATURE ID: 4]

on the WebDAV server . 4 . The method of claim 1 wherein communicating with the WebDAV server to determine whether the request can be handled , comprises , issuing an HTTP OPTIONS [FEATURE ID: 3]

request , and evaluating a response [FEATURE ID: 9]

therefrom . 5 . The method of claim 1 wherein communicating with the WebDAV server to determine whether the request can be handled , comprises , issuing a WebDAV PROPFIND request [FEATURE ID: 9]

directed to a share on the WebDAV server , and evaluating a response therefrom . 6 . The method of claim 5 wherein the WebDAV server returns property information [FEATURE ID: 13]

in response to the WebDAV PROPFIND request directed to the share , and further comprising , maintaining the property information in a local data structure [FEATURE ID: 14]

. 7 . The method of claim 1 wherein communicating with the WebDAV server to determine whether the request can be handled , comprises , issuing a WebDAV PROPFIND request directed to the file on the WebDAV server , and evaluating a response therefrom . 8 . The method of claim 7 wherein the WebDAV server returns property information in response to the WebDAV PROPFIND request directed to the file , and further comprising , maintaining the property information in a local data structure . 9 . The method of claim 1 wherein communicating with the WebDAV server to determine whether the request can be handled , comprises : a ) issuing an HTTP OPTIONS request , evaluating a corresponding response [FEATURE ID: 8]

, and determining that the server [FEATURE ID: 4]

is a WebDAV server ; b ) issuing a WebDAV PROPFIND request directed to a share on the WebDAV server , evaluating a corresponding response , and determining that the share exists on the WebDAV server , the response including share property information [FEATURE ID: 10]

; and c ) issuing a WebDAV PROPFIND request directed to the file , evaluating a corresponding response , and determining that the file exists , the response including file property information [FEATURE ID: 13]

. 10 . The method of claim 9 further comprising , maintaining the share property information and the file property information in at least one local data structure . 11 . The method of claim 1 wherein communicating with the WebDAV server indicates that the request can be handled , and further comprising , communicating with at least one other local component [FEATURE ID: 4]

to indicate that at least this request can be handled . 12 . The method of claim 1 further comprising , determining that the file is encrypted on the WebDAV server , and wherein downloading the file to a local cache comprises , communicating with the file system [FEATURE ID: 4]

to create an image [FEATURE ID: 10]

of the file in the local cache that is also encrypted . 13 . The method of claim 12 further comprising , communicating with the file system to open the image of the file such that the file system will transparently decrypt file data [FEATURE ID: 15]

on read requests and will transparently encrypt file data on write requests to the file . 14 . The method of claim 12 wherein uploading the file from the local cache to the WebDAV server comprises , communicating with the file system to read data [FEATURE ID: 6]

from the local image [FEATURE ID: 11]

of the file such that the file will be uploaded as the encrypted image thereof . 15 . A computer [FEATURE ID: 1]

- readable medium [FEATURE ID: 1]

having computer - executable instructions for performing the method of claim 1 . 16 . A computer - implemented method , comprising : receiving at a local application programming interface layer [FEATURE ID: 1]

an application request [FEATURE ID: 3]

that relates to a Uniform Resource Identifier [FEATURE ID: 1]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6529955B1
Filed: 1999-05-06
Issued: 2003-03-04
Patent Holder: (Original Assignee) Cisco Technology Inc     (Current Assignee) Cisco Technology Inc
Inventor(s): Aravind Sitaraman, Craig Michael Alesso, Charles Troper Yager

Title: Proxy session count limitation
[FEATURE ID: 1] method, modulesystem, device, server, process, means, mechanism, system method[FEATURE ID: 1] method, network
[TRANSITIVE ID: 2] controlling, transmitting, selectingproviding, managing, determining, generating, implementing, enabling, allowing[TRANSITIVE ID: 2] limiting, maintaining, including
[FEATURE ID: 3] user terminal access, access, authenticating, authentication request, ongoing authentication process, authentication success, communication, authenticationauthorization, service, security, interface, connectivity, attachment, communications[FEATURE ID: 3] access, proxy sessions, wide proxy session counts, proxy users
[FEATURE ID: 4] wireless local area network, authentication server, packet, noncompliant user terminal, access pointnetwork, server, user, host, device, location, computer[FEATURE ID: 4] data communications network, particular group, central database, current network, proxy user, local database, particular PoP, database, PoP
[TRANSITIVE ID: 5] comprisingconsisting, wherein, by, implementing, involving, having, includes[TRANSITIVE ID: 5] comprising
[TRANSITIVE ID: 6] receivingtransmitting, issuing, providing[TRANSITIVE ID: 6] first publishing
[FEATURE ID: 7] user terminaluser, client, server, subscriber[FEATURE ID: 7] user ', proxy session log
[FEATURE ID: 8] request, third state indicativenotification, status, time, message, determination, password, record[FEATURE ID: 8] event, data communications network current proxy session count
[FEATURE ID: 9] identity request message, response, determination, authentication responserequest, message, result, answer, reply, signal, identity[FEATURE ID: 9] response
[FEATURE ID: 10] mechanism, authentication mechanismagent, approach, request, account, protocol, algorithm, interface[FEATURE ID: 10] attempt
[TRANSITIVE ID: 11] utilizingcompatible, to, supporting[TRANSITIVE ID: 11] corresponding
[FEATURE ID: 12] browser, second state indicative, fourth state indicativestate, time, status, determination, representation, token, log[FEATURE ID: 12] proxy session count
[FEATURE ID: 13] authentication protocolpassword, page, login, session, pin, tag, logs[FEATURE ID: 13] log, log
[FEATURE ID: 14] claimparagraph, requirement, the claim, preceding, item, clause, embodiment[FEATURE ID: 14] claim
[FEATURE ID: 15] state informationdata, information, entries, priorities, states, tables, messages[FEATURE ID: 15] group identifications, current proxy session counts, events
[FEATURE ID: 16] first state indicativelist, plurality, set, value, large number, range, count[FEATURE ID: 16] number, maximum number
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps of : receiving [TRANSITIVE ID: 6]

from a user terminal [FEATURE ID: 7]

a request [FEATURE ID: 8]

to access [TRANSITIVE ID: 3]

the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 9]

; receiving from the user terminal a response [FEATURE ID: 9]

to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 3]

mechanism [FEATURE ID: 10]

utilizing [TRANSITIVE ID: 11]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 10]

, compatible with the user terminal , in response to a determination [FEATURE ID: 9]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 3]

to an HTTP server for utilizing a browser [FEATURE ID: 12]

based authentication protocol [FEATURE ID: 13]

. 2 . The method according to claim [FEATURE ID: 14]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 4]

and receiving an authentication response [FEATURE ID: 9]

utilizing IEEE 802.1 x protocol , and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet [FEATURE ID: 4]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 15]

in the wireless local area network for use by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 16]

of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 12]

of authentication failure , a third state indicative [FEATURE ID: 8]

of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 12]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 4]

. 6 . An access point [FEATURE ID: 4]

in communication [FEATURE ID: 3]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 3]

1 . A method [FEATURE ID: 1]

for limiting [TRANSITIVE ID: 2]

access [FEATURE ID: 3]

to a data communications network [FEATURE ID: 4]

to a predetermined number [FEATURE ID: 16]

of proxy sessions [FEATURE ID: 3]

belonging to a particular group [FEATURE ID: 4]

, said method comprising [TRANSITIVE ID: 5]

: maintaining [TRANSITIVE ID: 2]

a central database [FEATURE ID: 4]

including [TRANSITIVE ID: 2]

group identifications [FEATURE ID: 15]

, corresponding [TRANSITIVE ID: 11]

maximum numbers of proxy sessions for each group , and corresponding current network [FEATURE ID: 4]

- wide proxy session counts [FEATURE ID: 3]

for each group ; and responding to a user ' [FEATURE ID: 7]

s attempt [FEATURE ID: 10]

to log [TRANSITIVE ID: 13]

in to the data communications network as a proxy user [FEATURE ID: 4]

of a particular group by checking the central database to determine if the user ' s log [FEATURE ID: 13]

in would exceed a predetermined number said corresponding maximum number [FEATURE ID: 16]

of proxy sessions associated with said particular group . 2 . A method according to claim [FEATURE ID: 14]

1 , further comprising : rejecting said user ' s attempt to log in if said user ' s log in would exceed a predetermined number said corresponding maximum number of proxy sessions associated with said particular group . 3 . A method according to claim 2 , wherein said predetermined number is zero . 4 . A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group , said method comprising : maintaining a local database [FEATURE ID: 4]

associated with a particular PoP [FEATURE ID: 4]

of the data communications network , said database [FEATURE ID: 4]

including group identifications , corresponding maximum numbers of proxy sessions for each group at the PoP [FEATURE ID: 4]

, and corresponding current proxy session counts [FEATURE ID: 15]

for each group at the PoP ; responding to a user ' s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user ' s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP . 5 . A method according to claim 4 , further comprising : rejecting said user ' s attempt to log in if said user ' s log in would exceed by a predetermined number said corresponding maximum number of proxy sessions associated with said particular group . 6 . A method according to claim 5 , wherein said predetermined number is zero . 7 . A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group , said method comprising : maintaining a central database including group identifications , corresponding network [FEATURE ID: 1]

- wide maximum numbers of proxy sessions for each group , and corresponding current network - wide proxy session counts for each group ; maintaining a local database associated with a particular PoP of the data communications network , said database including group identifications , corresponding maximum numbers of proxy sessions for each group at the PoP , and corresponding current proxy session counts for each group at the PoP ; responding to a user ' s attempt to log in to the data communications network as a proxy user of a particular group by checking the central database to determine if the user ' s log in would exceed by a first predetermined number said corresponding network - wide maximum number of proxy sessions associated with said particular group ; rejecting said user ' s attempt to log in if said user ' s log in would exceed by said first predetermined number said corresponding network - wide maximum number of proxy sessions associated with said particular group ; further responding to a user ' s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user ' s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP ; rejecting said user ' s attempt to log in if said user ' s log in would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group . 8 . A method according to claim 7 , wherein said first predetermined number is zero . 9 . A method according to claim 7 , wherein said second predetermined number is zero . 10 . A method according to claim 9 , wherein said first predetermined number is zero . 11 . A method according to claim 1 wherein said maintaining a central database includes publishing proxy session log in events [FEATURE ID: 15]

occurring at PoPs of the data communications network and subscribing to said events at said central database . 12 . A method according to claim 7 wherein said maintaining a central database includes publishing proxy session log in events occurring at PoPs of the data communications network and subscribing to said events at said central database . 13 . A method according to claim 1 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count [FEATURE ID: 12]

associated with the user ' s group at the local database in response [FEATURE ID: 9]

to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 14 . A method according to claim 2 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 15 . A method according to claim 3 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 16 . A method according to claim 4 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 17 . A method according to claim 5 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 18 . A method according to claim 7 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 19 . A method according to claim 11 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 20 . A method according to claim 12 , further comprising : allowing said user ' s attempt to log in if it would not exceed any maximum number of proxy sessions associated with the user ' s group ; incrementing a proxy session count associated with the user ' s group at the local database in response to allowing said user ' s log in ; and incrementing a proxy session count associated with the user ' s group at the central database in response to allowing said user ' s log in . 21 . A method for limiting access to a data communications network to a predetermined number of proxy sessions belonging to a particular group , said method comprising : maintaining a local database associated with a particular PoP of the data communications network , said database including group identifications , corresponding maximum numbers of proxy sessions for each group at the PoP , corresponding current proxy session counts for each group at the PoP , corresponding maximum numbers of proxy users [FEATURE ID: 3]

for each group on the data communications network , and corresponding current network - wide proxy session counts for each group on the data communications network ; responding to a user ' s attempt to log in to the data communications network as a proxy user of a particular group by checking the local database to determine if the user ' s log in would exceed by a first predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network . 22 . A method according to claim 21 , further comprising : rejecting said user ' s attempt to log in if said user ' s log in would exceed by a first predetermined number said corresponding maximum number of proxy sessions associated with said particular group at the PoP or would exceed by a second predetermined number said corresponding maximum number of proxy sessions associated with said particular group on the data communications network . 23 . A method according to claim 22 , further comprising : allowing said user ' s attempt to log in if it is not rejected ; incrementing a proxy session count associated the user ' s group at the local database in response to allowing said user ' s log in ; first publishing [FEATURE ID: 6]

a proxy session log [FEATURE ID: 7]

in event [FEATURE ID: 8]

corresponding to the user ' s group to other subscribing PoPs in response to allowing said user ' s log in ; and incrementing a data communications network current proxy session count [FEATURE ID: 8]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6529882B1
Filed: 1999-11-03
Issued: 2003-03-04
Patent Holder: (Original Assignee) Electronics and Telecommunications Research Institute ETRI     (Current Assignee) Uniloc 2017 LLC
Inventor(s): Jung Soo Park, Yong Woon Kim, Seok Joo Koh, Yong Jin Kim

Title: Method for managing group membership in internet multicast applications
[FEATURE ID: 1] method, steps, HTTP server, authentication protocol, authentication server, step, module, ongoing authentication process, access pointprocess, procedure, phase, device, node, access, application[FEATURE ID: 1] method, enrollment step, group management, group announcement step, group query step, group information acquisition step, group registration step, failure information response step, fragment message transmission step
[TRANSITIVE ID: 2] controllingobtaining, providing, determining[TRANSITIVE ID: 2] creating
[FEATURE ID: 3] user terminal access, authenticating, authentication mechanism, authentication request, use, authentication successentry, access, authentication, membership, authorization, subscription, login[FEATURE ID: 3] group membership, group registration, request, multicast group creation, query, enrollment
[FEATURE ID: 4] wireless local area network, identity request messagenode, group, client, network, router, host, terminal[FEATURE ID: 4] group management server, multicast group address, group management client, group ID, known group address, group address, participant, multicast application, same host
[TRANSITIVE ID: 5] comprising, selecting, utilizingwith, by, including, having, through, of, containing[TRANSITIVE ID: 5] comprising, using
[TRANSITIVE ID: 6] receiving, transmittingcommunicating, providing, issuing, initiating, supplying, sending, conveying[TRANSITIVE ID: 6] transmitting
[FEATURE ID: 7] user terminal, browser, first state indicative, fourth state indicativerequest, user, server, subscriber, client, presence, log[FEATURE ID: 7] group, group management client requests, response
[FEATURE ID: 8] request, access, response, determination, second state indicative, third state indicative, noncompliant user terminalmessage, notification, result, signal, group, command, registration[FEATURE ID: 8] group creation, information, reason, group creation process, group creation session description protocol
[FEATURE ID: 9] mechanismrequest, procedure, method, process[FEATURE ID: 9] step
[FEATURE ID: 10] compatibleestablished, corresponding, registered[FEATURE ID: 10] created
[FEATURE ID: 11] claimsection, requirement, previous claim, claim of, preceding, paragraph, item[FEATURE ID: 11] claim
[FEATURE ID: 12] authentication responseinformation, responses, data, result, message, request[FEATURE ID: 12] group information, fragment messages
[FEATURE ID: 13] packet, authenticationip, internet, packets, ethernet, network[FEATURE ID: 13] Internet multicast applications
[FEATURE ID: 14] state informationdata, sessions, resources, parameters, registration, information[FEATURE ID: 14] session description protocol information
[FEATURE ID: 15] authentication failurefailed, rejection, termination, unavailability, disconnection[FEATURE ID: 15] failure
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 1]

of : receiving [TRANSITIVE ID: 6]

from a user terminal [FEATURE ID: 7]

a request [FEATURE ID: 8]

to access [TRANSITIVE ID: 8]

the wireless local area network ; transmitting [TRANSITIVE ID: 6]

to the user terminal an identity request message [FEATURE ID: 4]

; receiving from the user terminal a response [FEATURE ID: 8]

to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 5]

an authenticating [TRANSITIVE ID: 3]

mechanism [FEATURE ID: 9]

utilizing [TRANSITIVE ID: 5]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 3]

, compatible [FEATURE ID: 10]

with the user terminal , in response to a determination [FEATURE ID: 8]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 3]

to an HTTP server [FEATURE ID: 1]

for utilizing a browser [FEATURE ID: 7]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 11]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 1]

and receiving an authentication response [FEATURE ID: 12]

utilizing IEEE 802.1 x protocol , and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 1]

of configuring a packet [FEATURE ID: 13]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 14]

in the wireless local area network for use [FEATURE ID: 3]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 7]

of ongoing authentication process [FEATURE ID: 1]

, a second state indicative [FEATURE ID: 8]

of authentication failure [FEATURE ID: 15]

, a third state indicative [FEATURE ID: 8]

of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 7]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 8]

. 6 . An access point [FEATURE ID: 1]

in communication with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 13]

1 . A method [FEATURE ID: 1]

for strictly managing group membership [FEATURE ID: 3]

in Internet multicast applications [FEATURE ID: 13]

, comprising [TRANSITIVE ID: 5]

: a group creation [FEATURE ID: 8]

and enrollment step [FEATURE ID: 1]

in which a group management server [FEATURE ID: 4]

creates a group [FEATURE ID: 7]

and performs group registration [FEATURE ID: 3]

as a group management client requests [FEATURE ID: 7]

a group registration by creating [TRANSITIVE ID: 2]

group information [FEATURE ID: 12]

and transmitting [TRANSITIVE ID: 6]

the information [FEATURE ID: 8]

to the group management [FEATURE ID: 1]

when request [FEATURE ID: 3]

for multicast group creation [FEATURE ID: 3]

occurs ; a group announcement step [FEATURE ID: 1]

in which the group management server announces the created [TRANSITIVE ID: 10]

group using [TRANSITIVE ID: 5]

a multicast group address [FEATURE ID: 4]

; a group query step [FEATURE ID: 1]

in which the group management client [FEATURE ID: 4]

which knows a group ID inquires the group information of the group management server and acquires a response [FEATURE ID: 7]

; a group information acquisition step [FEATURE ID: 1]

in which the group management client which does not know a group ID [FEATURE ID: 4]

joins a known group address [FEATURE ID: 4]

and acquires the group information that arrives at the known group address [FEATURE ID: 4]

; a group registration step [FEATURE ID: 1]

in which the group management client enrolls in the group management server as a participant [FEATURE ID: 4]

; a group leaving step [FEATURE ID: 9]

in which the group management client leaves the group by transmitting information for leaving the group to the group management server ; a failure information response step [FEATURE ID: 1]

in which the group management server transmits information on a reason [FEATURE ID: 8]

for failure [FEATURE ID: 15]

to the group management client when the group management server fails in processing a request for group creation , query [FEATURE ID: 3]

, enrollment [FEATURE ID: 3]

or leaving ; and a fragment message transmission step [FEATURE ID: 1]

in which the group management client divides the request and transmits the fragment messages [FEATURE ID: 12]

, while the group management server acquires the group information by assembling the fragment messages . 2 . The method according to claim [FEATURE ID: 11]

1 , wherein said group creation and enrollment step comprises : a step in which a multicast application [FEATURE ID: 4]

describes session description protocol information [FEATURE ID: 14]

by transmitting group information to the group management client ; a step in which the group management client performs a group creation process [FEATURE ID: 8]

by transmitting a group creation session description protocol [FEATURE ID: 8]

to the group management server when the group management client and the group management server exist in the same host [FEATURE ID: 4]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6529722B1
Filed: 1998-06-19
Issued: 2003-03-04
Patent Holder: (Original Assignee) Microdata     (Current Assignee) TeleCommunication Systems Inc
Inventor(s): Bruce Heinrich, Bruce Jason Heinrich

Title: System and method for enhanced 9-1-1 address development, maintenance and call routing using road access zones
[FEATURE ID: 1] method, wireless local area network, user terminal, authentication protocolprocess, means, server, computer, step, scheme, website[FEATURE ID: 1] method, steps, system, software program executable
[TRANSITIVE ID: 2] controlling, receiving, selectingestablishing, determining, obtaining, generating, providing, requesting, processing[TRANSITIVE ID: 2] creating
[TRANSITIVE ID: 3] comprising, utilizingwith, incorporating, containing, from, by, of, identifying[TRANSITIVE ID: 3] having, using, including, comprising, combining
[FEATURE ID: 4] stepscharacteristics, components, features, elements, inputs, indicia, segments[FEATURE ID: 4] attributes, attribute information
[TRANSITIVE ID: 5] transmittingassigning, routing, providing[TRANSITIVE ID: 5] linking
[FEATURE ID: 6] identity request message, authenticating, authentication request, HTTP server, authentication server, noncompliant user terminal, access pointaddress, interface, access, identifier, identity, endpoint, agent[FEATURE ID: 6] emergency service number, identity operation, associated emergency service number
[FEATURE ID: 7] mechanism, stepprocess, method, procedure, sub step, stage, the step, steps[FEATURE ID: 7] step
[FEATURE ID: 8] authentication mechanismattribute, address, identifier[FEATURE ID: 8] same emergency service number
[FEATURE ID: 9] browser, fourth state indicativelocation, number, time, type, radius, state, description[FEATURE ID: 9] road center line
[FEATURE ID: 10] claimsection, requirement, preceding claim, the claim, paragraph, preceding, clause[FEATURE ID: 10] claim
[FEATURE ID: 11] authentication response, authenticationoutput, information, identifier, input, authorization, identity, access[FEATURE ID: 11] ESZ data layer
[FEATURE ID: 12] modulesystem, controller, server[FEATURE ID: 12] computer
[FEATURE ID: 13] state informationentries, information, data, addresses, features, identities, coordinates[FEATURE ID: 13] emergency service numbers, road names, digital attributes, different spelling
[FEATURE ID: 14] first state indicative, second state indicative, third state indicative, communicationthird, first, second, number, plurality, status, notification[FEATURE ID: 14] first set, second set, second sets, side
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access to a wireless local area network [FEATURE ID: 1]

, comprising [TRANSITIVE ID: 3]

the steps [FEATURE ID: 4]

of : receiving [TRANSITIVE ID: 2]

from a user terminal [FEATURE ID: 1]

a request to access the wireless local area network ; transmitting [TRANSITIVE ID: 5]

to the user terminal an identity request message [FEATURE ID: 6]

; receiving from the user terminal a response to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 6]

mechanism [FEATURE ID: 7]

utilizing [TRANSITIVE ID: 3]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 8]

, compatible with the user terminal , in response to a determination that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 6]

to an HTTP server [FEATURE ID: 6]

for utilizing a browser [FEATURE ID: 9]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 10]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 6]

and receiving an authentication response [FEATURE ID: 11]

utilizing IEEE 802.1 x protocol , and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 7]

of configuring a packet filtering module [FEATURE ID: 12]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 13]

in the wireless local area network for use by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 14]

of ongoing authentication process , a second state indicative [FEATURE ID: 14]

of authentication failure , a third state indicative [FEATURE ID: 14]

of authentication success , and a fourth state indicative [FEATURE ID: 9]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 6]

. 6 . An access point [FEATURE ID: 6]

in communication [FEATURE ID: 14]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 11]

1 . A method [FEATURE ID: 1]

of creating [TRANSITIVE ID: 2]

an ESZ data layer [FEATURE ID: 11]

having [TRANSITIVE ID: 3]

emergency service numbers [FEATURE ID: 13]

, from an MSAG using [TRANSITIVE ID: 3]

road access zones each having associated attributes [FEATURE ID: 4]

including [TRANSITIVE ID: 3]

a road name , a road center line [FEATURE ID: 9]

and an emergency service number [FEATURE ID: 6]

, comprising [TRANSITIVE ID: 3]

the steps [FEATURE ID: 1]

of : a ) linking [TRANSITIVE ID: 5]

the road access zones to the MSAG through the road names [FEATURE ID: 13]

; and b ) creating a plurality of emergency service zones by combining [TRANSITIVE ID: 3]

the road access zones that have the same emergency service number [FEATURE ID: 8]

. 2 . A method according to claim [FEATURE ID: 10]

1 , wherein said step [FEATURE ID: 7]

a ) includes the step of electronically adding to the ESZ data layer one or more existing digital attributes [FEATURE ID: 13]

from one or more of said road access zones using an identity operation [FEATURE ID: 6]

. 3 . A method according to claim 1 , wherein said step a ) includes the step of manually adding to the ESZ data layer one or more existing attributes . 4 . A method according to claim 3 , further including the step , after said step b ) , of correcting errors in the ESZ data layer arising from errors in the MSAG . 5 . A system [FEATURE ID: 1]

for creating an ESZ data layer , the system comprising : a ) a computer [FEATURE ID: 12]

; and b ) a software program executable [FEATURE ID: 1]

by said computer for implementing the steps of claim 1 . 6 . A method of creating an ESZ data layer having emergency service numbers , from an MSAG having a first set [FEATURE ID: 14]

of road names , comprising the steps of : a ) creating road access zones , each of said road access zones having attribute information [FEATURE ID: 4]

including an associated emergency service number [FEATURE ID: 6]

and a second set [FEATURE ID: 14]

of road names ; b ) linking said road access zones to the MSAG through said first and second sets [FEATURE ID: 14]

of road names ; and c ) creating a plurality of emergency service zones by combining said road access zones that have the same emergency service number . 7 . A method according to claim 6 , wherein said step b ) further includes the step of matching road names having slightly different spelling [FEATURE ID: 13]

. 8 . A method according to claim 6 , wherein said step a ) further includes the step of adding attribute information to said road access zones . 9 . A method according to claim 8 , wherein said attribute information includes at least one of road name , side [FEATURE ID: 14]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6522876B1
Filed: 1999-10-04
Issued: 2003-02-18
Patent Holder: (Original Assignee) Sprint Spectrum LLC     (Current Assignee) Sprint Spectrum LLC ; Sprint Corp
Inventor(s): Dorene G. Weiland, Von K. McConnell

Title: System for managing telecommunications services through use of customized profile management codes
[FEATURE ID: 1] method, stepsystem, procedure, device, process, server, circuit, module[FEATURE ID: 1] method, second module, third module, logic module, suscriber
[TRANSITIVE ID: 2] controlling, transmitting, determining, selecting, utilizing, useproviding, establishing, implementing, processing, supporting, generating, maintaining[TRANSITIVE ID: 2] comprising, defining, receiving, identifying, executing
[FEATURE ID: 3] user terminal accessservice, communications, resources, users[FEATURE ID: 3] subscribers
[FEATURE ID: 4] wireless local area network, receiving, response, authentication mechanism, determination, HTTP server, browser, authentication protocol, authentication server, packet, state information, ongoing authentication process, noncompliant user terminal, access point, communicationnetwork, message, user, terminal, switch, service, device[FEATURE ID: 4] telecommunications network, type, serving, system, central control point, subscriber, service feature, first sub-network, second sub-network, network entity, profile management code, mobile station, landline station, subscriber mid-call, telecommunications service
[TRANSITIVE ID: 5] comprisingusing, includes, providing, with, having, involving, incorporating[TRANSITIVE ID: 5] including
[FEATURE ID: 6] steps, protocolfunctions, capabilities, functionality, information, tasks, policies, profiles[FEATURE ID: 6] service logic, service parameters
[FEATURE ID: 7] user terminaldevice, processor, node, terminal, transceiver[FEATURE ID: 7] first module
[FEATURE ID: 8] requestcommand, call, service, communication, notification, packet, parameter[FEATURE ID: 8] signaling message, second member indicative, message, routing number
[TRANSITIVE ID: 9] accessoperate, register, interconnect, connect[TRANSITIVE ID: 9] route call data
[FEATURE ID: 10] identity request message, authenticating, authentication requestaddress, identity, interface, application, event, identifier, order[FEATURE ID: 10] specific profile management code, action, SMTP message, digit sequence, advanced intelligent network
[FEATURE ID: 11] mechanismservice, network, entity, action[FEATURE ID: 11] action impacts service logic
[FEATURE ID: 12] compatibleestablished, registered, assigned, shared, stored, corresponding, defined[FEATURE ID: 12] provided, associated
[FEATURE ID: 13] claimpreceding claim, step, preceding, paragraph, item, clause, requirement[FEATURE ID: 13] claim
[FEATURE ID: 14] authentication response, first state indicative, third state indicative, fourth state indicative, authenticationidentifier, representation, record, identity, indication, identification, status[FEATURE ID: 14] first member indicative
[FEATURE ID: 15] modulefunction, block, unit, program[FEATURE ID: 15] set
[FEATURE ID: 16] second state indicativecause, result, step[FEATURE ID: 16] carry
[FEATURE ID: 17] protocol otherless, others, faster, more[FEATURE ID: 17] other
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 4]

from a user terminal [FEATURE ID: 7]

a request [FEATURE ID: 8]

to access [TRANSITIVE ID: 9]

the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 10]

; receiving from the user terminal a response [FEATURE ID: 4]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 10]

mechanism [FEATURE ID: 11]

utilizing [TRANSITIVE ID: 2]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 4]

, compatible [FEATURE ID: 12]

with the user terminal , in response to a determination [FEATURE ID: 4]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 10]

to an HTTP server [FEATURE ID: 4]

for utilizing a browser [FEATURE ID: 4]

based authentication protocol [FEATURE ID: 4]

. 2 . The method according to claim [FEATURE ID: 13]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 4]

and receiving an authentication response [FEATURE ID: 14]

utilizing IEEE 802.1 x protocol [FEATURE ID: 6]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 1]

of configuring a packet [FEATURE ID: 4]

filtering module [FEATURE ID: 15]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 4]

in the wireless local area network for use [FEATURE ID: 2]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 14]

of ongoing authentication process [FEATURE ID: 4]

, a second state indicative [FEATURE ID: 16]

of authentication failure , a third state indicative [FEATURE ID: 14]

of authentication success , and a fourth state indicative [FEATURE ID: 14]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 4]

. 6 . An access point [FEATURE ID: 4]

in communication [FEATURE ID: 4]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 14]

means compatible with the user terminal if the user terminal employs a protocol other [FEATURE ID: 17]

1 . In a telecommunications network [FEATURE ID: 4]

of the type [FEATURE ID: 4]

comprising [TRANSITIVE ID: 2]

a serving [TRANSITIVE ID: 4]

system [FEATURE ID: 4]

and a central control point [FEATURE ID: 4]

with service logic [FEATURE ID: 6]

defining [TRANSITIVE ID: 2]

service parameters [FEATURE ID: 6]

for one or more subscribers [FEATURE ID: 3]

, a method [FEATURE ID: 1]

comprising : the central control point receiving [TRANSITIVE ID: 2]

a signaling message [FEATURE ID: 8]

, the signaling message including [TRANSITIVE ID: 5]

a first member indicative [FEATURE ID: 14]

of a subscriber [FEATURE ID: 4]

and a second member indicative [FEATURE ID: 8]

of a subscriber - specific profile management code [FEATURE ID: 10]

provided [TRANSITIVE ID: 12]

by the subscriber ; the central control point identifying [TRANSITIVE ID: 2]

a set [FEATURE ID: 15]

of service logic associated [TRANSITIVE ID: 12]

with the subscriber , the set of service logic defining for the subscriber an action [FEATURE ID: 10]

associated with the subscriber - specific profile management code ; and the central control point executing [TRANSITIVE ID: 2]

the set of service logic to carry [TRANSITIVE ID: 16]

out the action . 2 . A method as claimed in claim [FEATURE ID: 13]

1 , wherein the central control point receives the signaling message from the serving system . 3 . A method as claimed in claim 1 , wherein the central control point receives the signaling message from another central control point . 4 . A method as claimed in claim 1 , wherein the action comprises modifying the service logic associated with the subscriber . 5 . A method as claimed in claim 1 , wherein the action comprises activating a service feature [FEATURE ID: 4]

for the subscriber . 6 . A method as claimed in claim 1 , wherein the action comprises deactivating a service feature for the subscriber . 7 . A method as claimed in claim 1 , wherein the action comprises sending a message [FEATURE ID: 8]

. 8 . A method as claimed in claim 7 , wherein the message comprises an SMTP message [FEATURE ID: 10]

. 9 . A method as claimed in claim 7 , wherein sending a message comprises sending a message from a first sub-network [FEATURE ID: 4]

into a second sub-network [FEATURE ID: 4]

. 10 . A method as claimed in claim 1 , wherein the action is other [FEATURE ID: 17]

than translating a dialed digit sequence [FEATURE ID: 10]

into a routing number [FEATURE ID: 8]

. 11 . A method as claimed in claim 1 , wherein identifying a set of service logic associated with the subscriber comprises querying another network entity [FEATURE ID: 4]

to determine the action associated with the profile management code [FEATURE ID: 4]

. 12 . A method as claimed in claim 1 , further comprising the subscriber providing the profile management code in a first sub-network , wherein the action impacts service logic [FEATURE ID: 11]

in a second sub-network . 13 . A method as claimed in claim 12 , wherein the subscriber comprises a mobile station [FEATURE ID: 4]

and the action comprises modifying , activating or deactivating a service feature for a landline station [FEATURE ID: 4]

. 14 . A method as claimed in claim 1 , wherein the profile management code is provided by the subscriber mid-call [FEATURE ID: 4]

. 15 . In a telecommunications network of the type comprising a serving system arranged to route call data [FEATURE ID: 9]

, a central control point comprising : a first module [FEATURE ID: 7]

arranged to receive a signaling message , the signaling message including a first member indicative of a subscriber and a second member indicative of a subscriber - specific profile management code provided by the subscriber ; a second module [FEATURE ID: 1]

arranged to identify a set of service logic associated with the subscriber , the service logic defining for the subscriber an action corresponding to the subscriber - specific profile management code ; and a third module [FEATURE ID: 1]

arranged to execute the set of service logic and to thereby carry out the action . 16 . A central control point as claimed in claim 15 , wherein the first module is arranged to receive the signaling message from the serving system . 17 . A central control point as claimed in claim 15 , wherein the first module is arranged to receive the signaling message from another central control point . 18 . A central control point as claimed in claim 15 , wherein the action comprises modifying the service logic associated with the subscriber . 19 . A central control point as claimed in claim 15 , wherein the action comprises activating a service feature for the subscriber . 20 . A central control point as claimed in claim 15 , wherein the action comprises deactivating a service feature for the subscriber . 21 . A central control point as claimed in claim 15 , wherein the action comprises sending a message . 22 . A central control point as claimed in claim 21 , wherein the message comprises an SMTP message . 23 . A central control point as claimed in claim 21 , wherein sending a message comprises sending a message from a first sub-network into a second sub-network . 24 . A central control point as claimed in claim 15 , where the action is other than translating a dialed digit sequence into a routing number . 25 . A central control point as claimed in claim 15 , wherein the second module is arranged to query another network entity to determine the action associated with the profile management code . 26 . A central control point as claimed in claim 15 , wherein the subscriber provided the profile management code in a first sub-network , and the action impacts service logic in a second sub-network . 27 . A central control point as claimed in claim 26 , wherein the subscriber comprises a mobile station and the action comprises modifying , activating or deactivating a service feature for a landline station . 28 . A central control point as claimed in claim 15 , wherein the profile management code is provided by the subscriber mid-call . 29 . A logic module [FEATURE ID: 1]

stored in a central control point in an advanced intelligent network [FEATURE ID: 10]

, the logic module defining , specifically for a given subscriber of telecommunications service [FEATURE ID: 4]

, one or more suscriber [FEATURE ID: 1]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6512754B2
Filed: 1997-10-14
Issued: 2003-01-28
Patent Holder: (Original Assignee) Lucent Technologies Inc     (Current Assignee) Nokia of America Corp
Inventor(s): Peretz Feder, Haim Ner, Girish Rai

Title: Point-to-point protocol encapsulation in ethernet frame
[FEATURE ID: 1] method, noncompliant user terminal, access point, communicationdevice, interface, network, system, node, wireless, address[FEATURE ID: 1] wireless data network
[TRANSITIVE ID: 2] controlling, selectingimplementing, supporting, establishing, maintaining, providing, determining, performing[TRANSITIVE ID: 2] including
[FEATURE ID: 3] wireless local area network, response, mechanism, determination, browser, authentication protocol, packetnetwork, wireless, gateway, request, connection, session, host[FEATURE ID: 3] home network, home mobile, wireless modem, home inter-working function, PPP server, erhermer link, message
[TRANSITIVE ID: 4] comprising, utilizingby, including, with, using, at, of, implementing[TRANSITIVE ID: 4] comprising
[FEATURE ID: 5] user terminalterminal, gateway, client, transceiver, server, handset, modem[FEATURE ID: 5] end system
[FEATURE ID: 6] request, protocol, state informationinformation, protocols, credentials, communications, parameters, message, signaling[FEATURE ID: 6] PPP information
[FEATURE ID: 7] claimparagraph, figure, clair, claimed, clause, item, the claim[FEATURE ID: 7] claim
[FEATURE ID: 8] authentication server, authenticationadapter, interface, internet, authenticator, application, identity, access[FEATURE ID: 8] ethernet link
[FEATURE ID: 9] moduleunit, system, network[FEATURE ID: 9] center
[FEATURE ID: 10] usecommunication, exchange, processing[FEATURE ID: 10] switching
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access to a wireless local area network [FEATURE ID: 3]

, comprising [TRANSITIVE ID: 4]

the steps of : receiving from a user terminal [FEATURE ID: 5]

a request [FEATURE ID: 6]

to access the wireless local area network ; transmitting to the user terminal an identity request message ; receiving from the user terminal a response [FEATURE ID: 3]

to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating mechanism [FEATURE ID: 3]

utilizing [TRANSITIVE ID: 4]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism , compatible with the user terminal , in response to a determination [FEATURE ID: 3]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request to an HTTP server for utilizing a browser [FEATURE ID: 3]

based authentication protocol [FEATURE ID: 3]

. 2 . The method according to claim [FEATURE ID: 7]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 8]

and receiving an authentication response utilizing IEEE 802.1 x protocol [FEATURE ID: 6]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet [FEATURE ID: 3]

filtering module [FEATURE ID: 9]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 6]

in the wireless local area network for use [FEATURE ID: 10]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative of ongoing authentication process , a second state indicative of authentication failure , a third state indicative of authentication success , and a fourth state indicative of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 1]

. 6 . An access point [FEATURE ID: 1]

in communication [FEATURE ID: 1]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 8]

1 . A wireless data network [FEATURE ID: 1]

, comprising [TRANSITIVE ID: 4]

: a home network [FEATURE ID: 3]

that includes a home mobile [FEATURE ID: 3]

switching [TRANSITIVE ID: 10]

center [FEATURE ID: 9]

, a wireless modem [FEATURE ID: 3]

, and at least one end system [FEATURE ID: 5]

, the home mobile switching center including [TRANSITIVE ID: 2]

a home inter-working function [FEATURE ID: 3]

; and a PPP server [FEATURE ID: 3]

, wherein the home mobile switching center connects to the wireless modem , wherein an ethernet link [FEATURE ID: 8]

connects the wireless modem and said at least one end system , and wherein the wireless modem encapsulates PPP information [FEATURE ID: 6]

sent from the PPP server for said at least one end system in an ethernet frame and sends the ethernet frame to said at least one end system via said erhermer link [FEATURE ID: 3]

. 2 . The wireless data network of claim [FEATURE ID: 7]

1 , wherein PPP information from said at least one end system is sent to the wireless modem via the ethernet list and then transmitted from the wireless modem to the PPP server . 3 . The wireless data network of claim 1 , wherein a message [FEATURE ID: 3]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US20030018721A1
Filed: 2001-06-29
Issued: 2003-01-23
Patent Holder: (Original Assignee) IP Unity     (Current Assignee) IP Unity
Inventor(s): Virad Gupta, Shital Mehta, David Israel

Title: Unified messaging with separate media component storage
[FEATURE ID: 1] method, mechanism, authentication protocol, module, noncompliant user terminal, communicationmeans, device, network, server, service, protocol, process[FEATURE ID: 1] method, first user, system, computer program product, computer useable medium, computer
[TRANSITIVE ID: 2] controlling, transmitting, selecting, utilizing, useprocessing, generating, implementing, establishing, sending, using, performing[TRANSITIVE ID: 2] providing, comprising, receiving, storing, retrieving
[FEATURE ID: 3] user terminal access, protocolresources, messages, authentication, communications, accessibility, functionality, credentials[FEATURE ID: 3] unified messaging
[FEATURE ID: 4] wireless local area network, determination, first state indicativecomputer, network, notification, mailbox, processor, device, system[FEATURE ID: 4] message, second user, mass storage device, voice mail server, message handler, computer control logic
[TRANSITIVE ID: 5] comprisingcomprised, including, includes, having[TRANSITIVE ID: 5] comprises
[FEATURE ID: 6] stepscharacteristics, functions, phases, sets, procedures, blocks, elements[FEATURE ID: 6] steps, step
[TRANSITIVE ID: 7] receivingrequesting, obtaining, receipt, processing, storage, receive, identifying[TRANSITIVE ID: 7] retrieving, first computer readable program code
[FEATURE ID: 8] user terminal, authenticating, authentication mechanism, authentication request, HTTP server, browser, authentication server, access point, authenticationaddress, interface, access, application, agent, entity, device[FEATURE ID: 8] email server, storage device
[FEATURE ID: 9] request, packet, fourth state indicativemessage, command, query, notification, call, requesting, first[FEATURE ID: 9] request, voice mail message, fourth computer readable program code
[FEATURE ID: 10] identity request message, authentication responseaddress, request, access, message, advertisement, application, identification[FEATURE ID: 10] reference, email message
[FEATURE ID: 11] responsemessage, reference, correspondence, notification, reply[FEATURE ID: 11] non-media component, corresponding
[TRANSITIVE ID: 12] saidthe, that, this[TRANSITIVE ID: 12] said
[FEATURE ID: 13] claimitem, requirement, claims claim, the claim, paragraph, preceding, clause[FEATURE ID: 13] claim
[FEATURE ID: 14] state informationinformation, data, firmware, contents, metadata, messages, media[FEATURE ID: 14] control logic, media components
[FEATURE ID: 15] second state indicativesecond, first, message[FEATURE ID: 15] stored
[FEATURE ID: 16] third state indicativesecond, fifth, program code, computer, code, display, data code[FEATURE ID: 16] third computer readable program code, fifth computer readable program code, sixth computer readable program code
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 7]

from a user terminal [FEATURE ID: 8]

a request [FEATURE ID: 9]

to access the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 10]

; receiving from the user terminal a response [FEATURE ID: 11]

to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 8]

mechanism [FEATURE ID: 1]

utilizing [TRANSITIVE ID: 2]

IEEE 802.1 x if said [TRANSITIVE ID: 12]

user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 8]

, compatible with the user terminal , in response to a determination [FEATURE ID: 4]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 8]

to an HTTP server [FEATURE ID: 8]

for utilizing a browser [FEATURE ID: 8]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 13]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 8]

and receiving an authentication response [FEATURE ID: 10]

utilizing IEEE 802.1 x protocol [FEATURE ID: 3]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet [FEATURE ID: 9]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 14]

in the wireless local area network for use [FEATURE ID: 2]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 4]

of ongoing authentication process , a second state indicative [FEATURE ID: 15]

of authentication failure , a third state indicative [FEATURE ID: 16]

of authentication success , and a fourth state indicative [FEATURE ID: 9]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 1]

. 6 . An access point [FEATURE ID: 8]

in communication [FEATURE ID: 1]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 8]

1 . A method [FEATURE ID: 1]

for providing [TRANSITIVE ID: 2]

unified messaging [FEATURE ID: 3]

to a first user [FEATURE ID: 1]

, comprising [TRANSITIVE ID: 2]

the steps [FEATURE ID: 6]

of : ( 1 ) receiving [TRANSITIVE ID: 2]

a message [FEATURE ID: 4]

from a second user [FEATURE ID: 4]

to the first user , wherein said [TRANSITIVE ID: 12]

message comprises [TRANSITIVE ID: 5]

a media component and a non-media component [FEATURE ID: 11]

; ( 2 ) storing [TRANSITIVE ID: 2]

on a mass storage device [FEATURE ID: 4]

said media component of said message ; and ( 3 ) storing on an email server [FEATURE ID: 8]

said non-media component of said message and a corresponding [TRANSITIVE ID: 11]

reference [FEATURE ID: 10]

to said stored [TRANSITIVE ID: 15]

media component of said message . 2 . The method of claim [FEATURE ID: 13]

1 , further comprising the steps of : ( 4 ) receiving from the first user a request [FEATURE ID: 9]

for said message ; ( 5 ) retrieving [TRANSITIVE ID: 2]

from said email server said non-media component of said message and said corresponding reference ; and ( 6 ) providing to the first user said non-media component of said message and said corresponding reference . 3 . The method of claim 2 , further comprising the step [FEATURE ID: 6]

of : ( 7 ) receiving from the first user a request for said stored media component of said message , wherein said request is received via said corresponding reference ; ( 8 ) retrieving from said mass storage device said stored media component ; and ( 9 ) providing to the first user said stored media component . 4 . The method of claim 3 , wherein said message is any one of : a voice mail message [FEATURE ID: 9]

, a fax message and an email message [FEATURE ID: 10]

. 5 . The method of claim 1 , further comprising the steps of : ( 4 ) receiving from the first user a request for said message ; ( 5 ) retrieving from said email server said non-media component of said message and said corresponding reference ; ( 6 ) retrieving from said mass storage device said stored media component , wherein said retrieving [FEATURE ID: 7]

is performed using said corresponding reference ; and ( 7 ) providing to the first user said stored media component of said message and said non-media component of said message . 6 . The method of claim 5 , wherein said message is any one of : a voice mail message , a fax message and an email message . 7 . A system [FEATURE ID: 1]

for providing unified messaging to a first user , comprising : a mass storage device for storing the media component of a message ; a storage device [FEATURE ID: 8]

, coupled to an email server , that stores the non-media component of said message and a corresponding reference to the media component of said message ; a voice mail server [FEATURE ID: 4]

that receives said message from a second user to the first user , wherein said message includes a media component and a non-media component ; and a message handler [FEATURE ID: 4]

, coupled to said voice mail server , that sends to said mass storage device the media component of said message for storage and that sends to said storage device the non-media component of said message for storage . 8 . The system of claim 7 , wherein said message is any one of : a voice mail message , a fax message and an email message . 9 . A computer program product [FEATURE ID: 1]

comprising a computer useable medium [FEATURE ID: 1]

having control logic [FEATURE ID: 14]

stored therein for causing a computer [FEATURE ID: 1]

to provide unified messaging to a first user , the computer control logic [FEATURE ID: 4]

comprising : first computer readable program code [FEATURE ID: 7]

means for causing the computer to receive a message from a second user to the first user , wherein said message comprises a media component and a non-media component ; second computer readable program code means for causing the computer to store on a mass storage device said media component of said message ; and third computer readable program code [FEATURE ID: 16]

means for causing the computer to store on an email server said non-media component of said message and a corresponding reference to said stored media component of said message . 10 . The computer program product of claim 9 , the computer control logic further comprising : fourth computer readable program code [FEATURE ID: 9]

means for causing the computer to receive from the first user a request for said message ; fifth computer readable program code [FEATURE ID: 16]

means for causing the computer to retrieve from said email server said non-media component of said message and said corresponding reference ; and sixth computer readable program code [FEATURE ID: 16]

means for causing the computer to provide to the first user said non-media component of said message and said corresponding reference . 11 . The computer program product of claim 10 , the computer control logic further comprising : seventh computer readable program code means for causing the computer to receive from the first user a request for said stored media component of said message , wherein said request is received via said corresponding reference ; eighth computer readable program code means for causing the computer to retrieve from said mass storage device said stored media component ; and ninth computer readable program code means for causing the computer to provide to the first user said stored media component . 12 . The method of claim 11 , wherein said message is any one of : a voice mail message , a fax message and an email message . 13 . The computer program product of claim 9 , the computer control logic further comprising : fourth computer readable program code means for causing the computer receive from the first user a request for said message ; fifth computer readable program code means for causing the computer to retrieve from said email server said non-media component of said message and said corresponding reference ; sixth computer readable program code means for causing the computer to retrieve from said mass storage device said stored media component , wherein said retrieving is performed using said corresponding reference ; and seventh computer readable program code means for causing the computer to provide to the first user said stored media component of said message and said non-media component of said message . 14 . The computer program product of claim 13 , wherein said message is any one of : a voice mail message , a fax message and an email message . 15 . A method for providing unified messaging for messages , comprising the step of : storing media components [FEATURE ID: 14]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6510464B1
Filed: 1999-12-14
Issued: 2003-01-21
Patent Holder: (Original Assignee) Verizon Corporate Services Group Inc     (Current Assignee) Intellectual Ventures II LLC
Inventor(s): David R. Grantges, Jr., Lawrence R. McGrath

Title: Secure gateway having routing feature
[FEATURE ID: 1] method, mechanism, authentication protocol, module, noncompliant user terminal, access point, protocol othersystem, network, protocol, server, means, device, process[FEATURE ID: 1] computer system, client computer, proxy server, respective application, standard
[TRANSITIVE ID: 2] controlling, transmitting, selecting, utilizingsupporting, implementing, performing, processing, maintaining, employing, handling[TRANSITIVE ID: 2] providing, executing
[FEATURE ID: 3] user terminal access, identity request message, authenticating, authentication response, protocol, packet, state information, ongoing authentication process, authentication success, communicationsecurity, interface, authorization, service, identity, connectivity, information[FEATURE ID: 3] access, identifier, firewall system, authorization server, client system
[FEATURE ID: 4] wireless local area networknetwork, firewall, client, host, connection, wan, system[FEATURE ID: 4] secure private network, corresponding, secure connection, insecure network, gateway, disposed, private network, destination server, hypertext transfer protocol, URL, insecure network side, digital certificate compliant, valid certificate authority
[TRANSITIVE ID: 5] comprisingcomposing, including, incorporating, containing, includes, having, involving[TRANSITIVE ID: 5] comprising
[TRANSITIVE ID: 6] receiving, usereception, processing, receipt, transmitting, analysis, reading, monitoring[TRANSITIVE ID: 6] routing
[FEATURE ID: 7] user terminal, authentication mechanism, authentication request, authentication serverserver, identifier, client, interface, applet, address, request[FEATURE ID: 7] application, uniform resource locator, user, digital certificate
[FEATURE ID: 8] request, responsecommand, signal, challenge, packet, notification, transaction, call[FEATURE ID: 8] message
[TRANSITIVE ID: 9] accessopen, secure, enable, initiate[TRANSITIVE ID: 9] establish
[FEATURE ID: 10] determination, second state indicativeresult, response, condition, notification, message, verification, representation[FEATURE ID: 10] function
[FEATURE ID: 11] HTTP server, authenticationinterface, access, identifier, ethernet, application, alternative, environment[FEATURE ID: 11] insecure public network
[FEATURE ID: 12] browser, fourth state indicativeflag, password, certificate, cookie, token, web, signature[FEATURE ID: 12] character string, HTTP, slash character prefix
[FEATURE ID: 13] claimparagraph, figure, clair, preceding claim, embodiment, clause, item[FEATURE ID: 13] claim
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps of : receiving [TRANSITIVE ID: 6]

from a user terminal [FEATURE ID: 7]

a request [FEATURE ID: 8]

to access [TRANSITIVE ID: 9]

the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 3]

; receiving from the user terminal a response [FEATURE ID: 8]

to the identity request message ; determining whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 3]

mechanism [FEATURE ID: 1]

utilizing [TRANSITIVE ID: 2]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 7]

, compatible with the user terminal , in response to a determination [FEATURE ID: 10]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 7]

to an HTTP server [FEATURE ID: 11]

for utilizing a browser [FEATURE ID: 12]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 13]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 7]

and receiving an authentication response [FEATURE ID: 3]

utilizing IEEE 802.1 x protocol [FEATURE ID: 3]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet [FEATURE ID: 3]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 3]

in the wireless local area network for use [FEATURE ID: 6]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 10]

of authentication failure , a third state indicative of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 12]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 1]

. 6 . An access point [FEATURE ID: 1]

in communication [FEATURE ID: 3]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 11]

means compatible with the user terminal if the user terminal employs a protocol other [FEATURE ID: 1]

1 . A computer system [FEATURE ID: 1]

for providing [TRANSITIVE ID: 2]

access [FEATURE ID: 3]

from a client computer [FEATURE ID: 1]

over an insecure public network [FEATURE ID: 11]

to a selected one of a plurality of destination servers on a secure private network [FEATURE ID: 4]

each executing [TRANSITIVE ID: 2]

a corresponding [TRANSITIVE ID: 4]

application [FEATURE ID: 7]

, said computer system comprising [TRANSITIVE ID: 5]

: a proxy server [FEATURE ID: 1]

configured to establish [TRANSITIVE ID: 9]

a secure connection [FEATURE ID: 4]

with said client computer over said insecure network [FEATURE ID: 4]

; and , a gateway [FEATURE ID: 4]

disposed [TRANSITIVE ID: 4]

between said proxy server and said private network [FEATURE ID: 4]

, wherein said gateway includes means for appending , prior to routing [FEATURE ID: 6]

, an identifier [FEATURE ID: 3]

to a message [FEATURE ID: 8]

received from said client computer destined for said selected destination server [FEATURE ID: 4]

, said identifier being associated with a respective application [FEATURE ID: 1]

with which said selected destination server is associated , and means for routing said message to said selected destination server as a function [FEATURE ID: 10]

of said identifier . 2 . The computer system of claim [FEATURE ID: 13]

1 wherein said identifier comprises a character string [FEATURE ID: 12]

. 3 . The computer system of claim 2 said message comprises a hypertext transfer protocol [FEATURE ID: 4]

( HTTP [FEATURE ID: 12]

) uniform resource locator [FEATURE ID: 7]

( URL [FEATURE ID: 4]

) , said identifier being appended to said message as a suffix . 4 . The computer system of claim 3 wherein said identifier further comprises a slash character prefix [FEATURE ID: 12]

. 5 . The computer system of claim 1 further comprising : a firewall system [FEATURE ID: 3]

between said insecure network and said private network ; and , an authorization server [FEATURE ID: 3]

for authenticating a user [FEATURE ID: 7]

of said client system [FEATURE ID: 3]

and indicating whether said user is authorized to access said selected destination server ; said proxy server being disposed on said insecure network side [FEATURE ID: 4]

of said firewall system , and said gateway , said authorization server and said destination servers are disposed on said private network side of said firewall system . 6 . The computer system of claim 1 wherein said client computer has a digital certificate compliant [FEATURE ID: 4]

with an X. 509 standard [FEATURE ID: 1]

associated therewith , said proxy server being configured to determine whether said digital certificate [FEATURE ID: 7]

was issued from a valid certificate authority [FEATURE ID: 4]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6510236B1
Filed: 1998-12-11
Issued: 2003-01-21
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp
Inventor(s): Michael A. Crane, Ivan Matthew Milman

Title: Authentication framework for managing authentication requests from multiple authentication devices
[FEATURE ID: 1] method, mechanism, HTTP server, authentication protocol, step, moduleprocess, system, means, procedure, server, device, protocol[FEATURE ID: 1] method, steps, data, new authentication device server, authentication device servers capable
[TRANSITIVE ID: 2] controlling, receiving, transmitting, determining, selectingproviding, processing, establishing, obtaining, issuing, communicating, identifying[TRANSITIVE ID: 2] authenticating, passing, returning
[FEATURE ID: 3] user terminal access, authenticating, authentication mechanism, authentication request, browser, authentication server, authentication response, state information, use, ongoing authentication process, authentication success, fourth state indicative, noncompliant user terminal, access point, authenticationaccess, address, interface, identity, identifier, application, registration[FEATURE ID: 3] clients, authentication device, authentication, application server, authentication data, authorization, verification, authentication device servers
[FEATURE ID: 4] wireless local area networknetwork, computer, user, customer, service, host, system[FEATURE ID: 4] client, authentication device type, authentication device server, new authentication device server register, new authentication device type
[TRANSITIVE ID: 5] comprisinginvolving, with, incorporating, containing, includes, having, by[TRANSITIVE ID: 5] comprising, including
[FEATURE ID: 6] stepsoperation, action, elements, instructions, characteristics, components, method[FEATURE ID: 6] information, authentication device server capable, step
[FEATURE ID: 7] user terminaldevice, pin, biometric, password, cookie, terminal, modem[FEATURE ID: 7] token card, biometric scanner, user password
[FEATURE ID: 8] request, determination, packet, second state indicative, third state indicativemessage, notification, query, response, result, decision, signal[FEATURE ID: 8] request, determination, positive authentication
[FEATURE ID: 9] identity request message, x. protocolinterface, application, exchange, identity, intermediary, authentication, authenticator[FEATURE ID: 9] application authentication server, authentication framework
[FEATURE ID: 10] response, communicationcorrespondence, reply, proximity, responds, subsequent response, reference, answer[FEATURE ID: 10] response, responsive
[FEATURE ID: 11] compliantacceptable, specific, supported[FEATURE ID: 11] permitted
[TRANSITIVE ID: 12] utilizingfor, comprising, from, of, including[TRANSITIVE ID: 12] identifying
[FEATURE ID: 13] compatibleconfigured, used, registered[FEATURE ID: 13] authentication device servers useful
[FEATURE ID: 14] claimparagraph, step, the claim, item, clause, embodiment, preceding claim[FEATURE ID: 14] claim
[FEATURE ID: 15] protocolmessages, credentials, communications, protocols, information, applications[FEATURE ID: 15] requests, cryptographic protocols
[FEATURE ID: 16] first state indicativenumber, plurality, list[FEATURE ID: 16] set
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 2]

from a user terminal [FEATURE ID: 7]

a request [FEATURE ID: 8]

to access the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 9]

; receiving from the user terminal a response [FEATURE ID: 10]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant [FEATURE ID: 11]

in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 3]

mechanism [FEATURE ID: 1]

utilizing [TRANSITIVE ID: 12]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 3]

, compatible [FEATURE ID: 13]

with the user terminal , in response to a determination [FEATURE ID: 8]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 3]

to an HTTP server [FEATURE ID: 1]

for utilizing a browser [FEATURE ID: 3]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 14]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 3]

and receiving an authentication response [FEATURE ID: 3]

utilizing IEEE 802.1 x protocol [FEATURE ID: 15]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 1]

of configuring a packet [FEATURE ID: 8]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 3]

in the wireless local area network for use [FEATURE ID: 3]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 16]

of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 8]

of authentication failure , a third state indicative [FEATURE ID: 8]

of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 3]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 3]

. 6 . An access point [FEATURE ID: 3]

in communication [FEATURE ID: 10]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol [FEATURE ID: 9]

in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 3]

1 . A method [FEATURE ID: 1]

for authenticating [TRANSITIVE ID: 2]

clients [FEATURE ID: 3]

, each of which is coupled to an authentication device [FEATURE ID: 3]

of one of a plurality of permitted [TRANSITIVE ID: 11]

authentication device types , comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 1]

of : passing [TRANSITIVE ID: 2]

requests [FEATURE ID: 15]

for authentication [FEATURE ID: 3]

to an application server [FEATURE ID: 3]

, each request [FEATURE ID: 8]

including [TRANSITIVE ID: 5]

information [FEATURE ID: 6]

identifying [TRANSITIVE ID: 12]

a client [FEATURE ID: 4]

, an authentication device coupled thereto , and authentication data [FEATURE ID: 3]

; in response [FEATURE ID: 10]

to a determination [FEATURE ID: 8]

at the application server that a request originates from a recognized authentication device type [FEATURE ID: 4]

, passing the authentication data from the application server to an authentication device server capable [FEATURE ID: 6]

of authenticating the data [FEATURE ID: 1]

; and responsive [FEATURE ID: 10]

to a positive authentication [FEATURE ID: 8]

by the authentication device server [FEATURE ID: 4]

, returning [TRANSITIVE ID: 2]

an authorization [FEATURE ID: 3]

from the application server back to the client . 2 . The method as described in claim [FEATURE ID: 14]

1 further including the step [FEATURE ID: 6]

of : having the application server obtain the authorization from an application authentication server [FEATURE ID: 9]

. 3 . The method as described in claim 1 further including the step of having a new authentication device server register [FEATURE ID: 4]

with the application server . 4 . The method as described in claim 3 wherein the new authentication device server [FEATURE ID: 1]

is used to authenticate data originated from a new authentication device type [FEATURE ID: 4]

. 5 . The method as described in claim 1 wherein the authentication device is a token card [FEATURE ID: 7]

. 6 . The method as described in claim 1 wherein the authentication device is a biometric scanner [FEATURE ID: 7]

. 7 . The method as described in claim 1 wherein the authentication device requires verification [FEATURE ID: 3]

of a user password [FEATURE ID: 7]

. 8 . The method as described in claim 1 wherein the requests are passed to and from the application server using one or more cryptographic protocols [FEATURE ID: 15]

. 9 . The method as described in claim 1 wherein the requests are passed to and from the application server over secure communication links . 10 . A method for authentication , comprising : registering a set [FEATURE ID: 16]

of authentication device servers [FEATURE ID: 3]

with an application server , each of the authentication device servers useful [FEATURE ID: 13]

for verifying authentication data from a given authentication device type ; passing requests for authentication to the application server , each request including information identifing a client , an authentication device coupled thereto , and authentication data ; passing the authentication data from the application server to a given one of the set of authentication device servers capable [FEATURE ID: 1]

of authenticating the data ; and responsive to a positive authentication by the authentication device server , returning an authorization from the application server to the client . 11 . The method as described in claim 10 further including the step of : having the application server obtain the authorization from an application authentication server . 12 . The method as described in claim 10 wherein the requests are passed to and from the application server over secure communication links . 13 . The method as described in claim 10 further including the step of registering a new authentication device server . 14 . The method as described in claim 13 wherein the new authentication device server is used to authenticate data originated from a new authentication device type . 15 . The method as described in claim 10 wherein the requests are passed to and from the application server using one or more cryptographic protocols . 16 . An authentication framework [FEATURE ID: 9]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6507589B1
Filed: 1998-04-30
Issued: 2003-01-14
Patent Holder: (Original Assignee) Openwave Systems Inc     (Current Assignee) Unwired Planet LLC ; Unwired Planet IP Manager LLC
Inventor(s): Seetharaman Ramasubramani, Stephen S. Boyle, Mark A. Fox

Title: Method and apparatus for routing between network gateways and service centers
[FEATURE ID: 1] method, user terminal, authentication protocol, module, access pointdevice, system, server, protocol, node, process, terminal[FEATURE ID: 1] method, gateway
[TRANSITIVE ID: 2] controlling, determining, selecting, useidentifying, establishing, processing, providing, acquiring, receipt, accepting[TRANSITIVE ID: 2] receiving, obtaining, routing, receiving
[FEATURE ID: 3] user terminal access, transmitting, ongoing authentication processcommunications, entry, connectivity, traffic, service, interface, directing[FEATURE ID: 3] routing messages, different networks, access, internal message router
[FEATURE ID: 4] wireless local area network, identity request message, authenticating, HTTP server, authentication server, first state indicative, noncompliant user terminal, communication, authenticationaddress, device, message, interface, gateway, host, node[FEATURE ID: 4] network, mobile device, port, destination port number, message service center, wireless manner, small message service center, communication channel, route table, central location, apparatus, particular message
[TRANSITIVE ID: 5] comprisinghaving, involving, incorporating, containing, includes, encompassing, executing[TRANSITIVE ID: 5] comprising, including
[FEATURE ID: 6] steps, stepcomponents, nodes, instructions, process, ports, procedures, hosts[FEATURE ID: 6] addressable processes, acts, protocol adapters, processes, communication channels
[TRANSITIVE ID: 7] receivingsignaling, communicating, identifying, processing, transmitting, providing[TRANSITIVE ID: 7] routing
[FEATURE ID: 8] request, response, determination, second state indicativenotification, command, result, signal, packet, decision, report[FEATURE ID: 8] message, data portion
[FEATURE ID: 9] mechanism, authentication mechanism, authentication request, authentication response, fourth state indicativeidentifier, request, address, agent, message, access, authentication[FEATURE ID: 9] destination port identifier
[TRANSITIVE ID: 10] utilizingfor, with, of, to[TRANSITIVE ID: 10] incoming messages
[TRANSITIVE ID: 11] saidthe, that, this[TRANSITIVE ID: 11] said
[FEATURE ID: 12] compatiblecoupled, configured, registered, provided, corresponding, operable, programmed[FEATURE ID: 12] associated, able
[FEATURE ID: 13] browsersip, standards, wap[FEATURE ID: 13] different protocols
[FEATURE ID: 14] claimpreceding claim, step, paragraph, item, clause, requirement, embodiment[FEATURE ID: 14] claim
[FEATURE ID: 15] protocolsignaling, information, messaging[FEATURE ID: 15] messages
[FEATURE ID: 16] packetpayload, message, data, data portion, port[FEATURE ID: 16] header portion, source port identifier
[FEATURE ID: 17] state informationdata, messages, entries, numbers, addresses, information, parameters[FEATURE ID: 17] destination port identifiers, ports
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 7]

from a user terminal [FEATURE ID: 1]

a request [FEATURE ID: 8]

to access the wireless local area network ; transmitting [TRANSITIVE ID: 3]

to the user terminal an identity request message [FEATURE ID: 4]

; receiving from the user terminal a response [FEATURE ID: 8]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 4]

mechanism [FEATURE ID: 9]

utilizing [TRANSITIVE ID: 10]

IEEE 802.1 x if said [TRANSITIVE ID: 11]

user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 9]

, compatible [FEATURE ID: 12]

with the user terminal , in response to a determination [FEATURE ID: 8]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 9]

to an HTTP server [FEATURE ID: 4]

for utilizing a browser [FEATURE ID: 13]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 14]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 4]

and receiving an authentication response [FEATURE ID: 9]

utilizing IEEE 802.1 x protocol [FEATURE ID: 15]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step [FEATURE ID: 6]

of configuring a packet [FEATURE ID: 16]

filtering module [FEATURE ID: 1]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 17]

in the wireless local area network for use [FEATURE ID: 2]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 4]

of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 8]

of authentication failure , a third state indicative of authentication success , and a fourth state indicative [FEATURE ID: 9]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 4]

. 6 . An access point [FEATURE ID: 1]

in communication [FEATURE ID: 4]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 4]

1 . A method [FEATURE ID: 1]

for routing messages [FEATURE ID: 3]

to one of a plurality of addressable processes [FEATURE ID: 6]

within a gateway [FEATURE ID: 1]

that couples to a network [FEATURE ID: 4]

, said [TRANSITIVE ID: 11]

method comprising [TRANSITIVE ID: 5]

the acts [FEATURE ID: 6]

of : ( a ) receiving [TRANSITIVE ID: 2]

, at the gateway , a message [FEATURE ID: 8]

from a mobile device [FEATURE ID: 4]

, the message including [TRANSITIVE ID: 5]

a header portion [FEATURE ID: 16]

and a data portion [FEATURE ID: 8]

, the header portion including a destination port identifier [FEATURE ID: 9]

and a source port identifier [FEATURE ID: 16]

, the source port identifier identifies a port [FEATURE ID: 4]

within the mobile device , and the destination port identifier identifies a port within the gateway ; ( b ) obtaining [TRANSITIVE ID: 2]

the destination port identifier from the message ; and ( c ) routing [TRANSITIVE ID: 7]

the message to a particular one of the addressable processes within the gateway that is associated [TRANSITIVE ID: 12]

with the port identified by the destination port number [FEATURE ID: 4]

. 2 . A method as recited in claim [FEATURE ID: 14]

1 , wherein the gateway links a plurality of mobile devices to the network . 3 . A method as recited in claim 1 , wherein the message from the mobile device is transmitted from the mobile device to a message service center [FEATURE ID: 4]

in a wireless manner [FEATURE ID: 4]

, the message service center forwards the message to the gateway . 4 . A method as recited in claim 3 , wherein the message service center is a small message service center [FEATURE ID: 4]

. 5 . A method as recited in claim 1 , wherein said routing [FEATURE ID: 2]

( c ) comprises : ( c1 ) identifying a communication channel [FEATURE ID: 4]

used within the gateway that corresponds to the destination port number ; and ( c2 ) thereafter routing the message to the particular one of the addressable processes within the gateway via the communication channel . 6 . A method as recited in claim 5 , wherein the gateway links a plurality of mobile devices to the network , and wherein the message from the mobile device is transmitted from the mobile device to a message service center in a wireless manner , the message service center forwards the message to the gateway . 7 . A method as recited in claim 6 , wherein the message service center is a small message service center . 8 . A method as recited in claim 1 , wherein said routing ( c ) comprises : ( c1 ) looking up a communication channel in a route table [FEATURE ID: 4]

that corresponds to the destination port number ; and ( c2 ) thereafter routing the message to the particular one of the addressable processes within the gateway via the communication channel . 9 . A method as recited in claim 1 , wherein mobile devices are able [FEATURE ID: 12]

to communicate with the gateway through a plurality of different networks [FEATURE ID: 3]

that use different protocols [FEATURE ID: 13]

, and wherein said receiving [FEATURE ID: 2]

( a ) of the message at the gateway comprises : providing a plurality of protocol adapters [FEATURE ID: 6]

at a central location [FEATURE ID: 4]

within the gateway for receiving and transmitting messages [FEATURE ID: 15]

over the plurality of different networks . 10 . An apparatus [FEATURE ID: 4]

that provides mobile devices with access [FEATURE ID: 3]

to a network , said apparatus comprising : a plurality of addressable processes that process messages directed to the network , each of the messages including a destination port identifier , a source port identifier and a data portion , and for a particular message [FEATURE ID: 4]

, the source port identifier identifies a port within a mobile device that sent the particular message to said apparatus and the destination port identifier identifies a port within said apparatus where the particular message is to be processed ; and an internal message router [FEATURE ID: 3]

for receiving incoming messages [FEATURE ID: 10]

and routing the messages to said processes [FEATURE ID: 6]

that are to process the messages , the routing being based on the destination port identifiers [FEATURE ID: 17]

within the messages that identify the ports [FEATURE ID: 17]

associated with said processes . 11 . An apparatus as recited in claim 10 , wherein said apparatus further comprises : a route table that associates communication channels [FEATURE ID: 6]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US20030008662A1
Filed: 2001-07-09
Issued: 2003-01-09
Patent Holder: (Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp
Inventor(s): Edith Stern, David Greene, Barry Willner, Philip Yu

Title: Systems and methods wherein a mobile user device operates in accordance with a location policy and user device information
[FEATURE ID: 1] method, mechanism, browser, authentication protocol, first state indicativesystem, protocol, server, client, step, solution, scheme[FEATURE ID: 1] method, mobile user device, user, policy
[TRANSITIVE ID: 2] controlling, receiving, transmitting, determining, selectingproviding, requesting, generating, identifying, establishing, processing, obtaining[TRANSITIVE ID: 2] facilitating, determining, arranging, retrieving, receiving
[FEATURE ID: 3] user terminal access, use, ongoing authentication process, authentication success, noncompliant user terminalaccess, location, service, registration, authorization, connectivity, authentication[FEATURE ID: 3] operation, user device information, payment information, proximity
[FEATURE ID: 4] wireless local area network, determination, second state indicative, third state indicative, access pointuser, time, message, service, network, result, response[FEATURE ID: 4] location, location device, third, location identifier, user device policy, notification, location boundary
[TRANSITIVE ID: 5] comprising, utilizingby, including, using, with, implementing, performing, through[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] user terminalmobile, computer, terminal, modem, server, device, workstation[FEATURE ID: 6] mobile computing device, personal digital assistant
[FEATURE ID: 7] requesttoken, user, price, value, preference, date, message[FEATURE ID: 7] policy identifier, user device identifier, user identifier, user category
[TRANSITIVE ID: 8] accessregister, use, engage, configure[TRANSITIVE ID: 8] operate
[FEATURE ID: 9] identity request message, authentication mechanism, HTTP server, authentication server, authenticationapplication, address, interface, access, identifier, element, adapter[FEATURE ID: 9] indication, event time
[FEATURE ID: 10] response, authentication responserequest, message, reference, reply, result, answer, key[FEATURE ID: 10] pre-stored location policy, pointer
[TRANSITIVE ID: 11] authenticatingidentification, authentication, identity[TRANSITIVE ID: 11] information
[FEATURE ID: 12] compatibleregistered, configured, corresponding, coupled, affiliated, commensurate, used[FEATURE ID: 12] associated
[FEATURE ID: 13] authentication requestaction, entity, event, occupation, emergency, appointment, intersection[FEATURE ID: 13] event area, education area
[FEATURE ID: 14] claimparagraph, step, claim of, the claim, item, clause, embodiment[FEATURE ID: 14] claim
[FEATURE ID: 15] protocolcredentials, messages, information[FEATURE ID: 15] pre-stored user device information
[FEATURE ID: 16] modulenetwork, system, server[FEATURE ID: 16] party service device
[FEATURE ID: 17] state information, fourth state indicativepolicies, location, data, configuration, context, parameters, profile[FEATURE ID: 17] location policy, potential location policies
[FEATURE ID: 18] communicationassociated, line, correspondence[FEATURE ID: 18] accordance
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps of : receiving [TRANSITIVE ID: 2]

from a user terminal [FEATURE ID: 6]

a request [FEATURE ID: 7]

to access [TRANSITIVE ID: 8]

the wireless local area network ; transmitting [TRANSITIVE ID: 2]

to the user terminal an identity request message [FEATURE ID: 9]

; receiving from the user terminal a response [FEATURE ID: 10]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 11]

mechanism [FEATURE ID: 1]

utilizing [TRANSITIVE ID: 5]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 9]

, compatible [FEATURE ID: 12]

with the user terminal , in response to a determination [FEATURE ID: 4]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 13]

to an HTTP server [FEATURE ID: 9]

for utilizing a browser [FEATURE ID: 1]

based authentication protocol [FEATURE ID: 1]

. 2 . The method according to claim [FEATURE ID: 14]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 9]

and receiving an authentication response [FEATURE ID: 10]

utilizing IEEE 802.1 x protocol [FEATURE ID: 15]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet filtering module [FEATURE ID: 16]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 17]

in the wireless local area network for use [FEATURE ID: 3]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative [FEATURE ID: 1]

of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 4]

of authentication failure , a third state indicative [FEATURE ID: 4]

of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 17]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 3]

. 6 . An access point [FEATURE ID: 4]

in communication [FEATURE ID: 18]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 9]

1 . A method [FEATURE ID: 1]

of facilitating [TRANSITIVE ID: 2]

operation [FEATURE ID: 3]

of a mobile user device [FEATURE ID: 1]

at a location [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

: determining [TRANSITIVE ID: 2]

a location policy [FEATURE ID: 17]

associated [TRANSITIVE ID: 12]

with the location ; determining user device information [FEATURE ID: 3]

associated with the mobile user device ; and arranging [TRANSITIVE ID: 2]

for the mobile user device to operate [TRANSITIVE ID: 8]

in accordance [FEATURE ID: 18]

with the location policy and the user device information . 2 . The method of claim [FEATURE ID: 14]

1 , wherein said determining the location policy comprises at least one of : ( i ) retrieving [TRANSITIVE ID: 2]

a pre-stored location policy [FEATURE ID: 10]

, ( ii ) receiving [TRANSITIVE ID: 2]

an indication [FEATURE ID: 9]

of the location policy from a location device [FEATURE ID: 4]

, ( iii ) evaluating a plurality of potential location policies [FEATURE ID: 17]

, and ( iv ) receiving an indication of the location policy via a third [FEATURE ID: 4]

- party service device [FEATURE ID: 16]

. 3 . The method of claim 2 , wherein the indication of the location policy comprises at least one of : ( i ) the location policy , ( ii ) a location identifier [FEATURE ID: 4]

, ( iii ) a policy identifier [FEATURE ID: 7]

, ( iv ) a pointer [FEATURE ID: 10]

to a location policy , and ( v ) payment information [FEATURE ID: 3]

. 4 . The method of claim 1 , wherein the user device information comprises at least one of : ( i ) information [FEATURE ID: 11]

associated with the mobile user device , ( ii ) information associated with a user [FEATURE ID: 1]

, ( iii ) a user device policy [FEATURE ID: 4]

, ( iv ) a policy identifier , ( v ) a user device identifier [FEATURE ID: 7]

, ( vi ) a user identifier [FEATURE ID: 7]

, ( vii ) a user category [FEATURE ID: 7]

, and ( viii ) payment information . 5 . The method of claim 1 , wherein said determining the user device information comprises at least one of : ( i ) retrieving pre-stored user device information [FEATURE ID: 15]

, ( ii ) receiving an indication of the user device information from the mobile user device , and ( iii ) receiving an indication of the user device information via a third - party service device . 6 . The method of claim 1 , wherein said arranging further comprises : comparing the location policy with the user device information . 7 . The method of claim 1 , wherein said arranging further comprises : determining whether to apply the location policy based on the user device information . 8 . The method of claim 1 , wherein said arranging further comprises : negotiating a policy [FEATURE ID: 1]

to be applied by the mobile user device . 9 . The method of claim 1 , further comprising : verifying that the mobile user device operates in accordance with the location policy and the user device information . 10 . The method of claim 1 , further comprising : arranging for a user to receive a notification [FEATURE ID: 4]

associated with operation of the mobile user device in accordance with the location policy and the user device information . 11 . The method of claim 1 , where in the location is associated with at least one of : ( i ) proximity [FEATURE ID: 3]

to a location device , ( ii ) a location boundary [FEATURE ID: 4]

, ( iii ) a mobile location , ( iv ) a plurality of locations , ( v ) an event time [FEATURE ID: 9]

, ( vi ) an event area [FEATURE ID: 13]

, ( vii ) an education area [FEATURE ID: 13]

, and ( viii ) a health care area . 12 . The method of claim 1 , wherein the mobile user device comprises at least one of : ( i ) a mobile computing device [FEATURE ID: 6]

, ( ii ) a personal digital assistant [FEATURE ID: 6]







Targeted Patent:

Patent: US8272037B2
Filed: 2003-03-14
Issued: 2012-09-18
Patent Holder: (Original Assignee) Thomson Licensing SAS     (Current Assignee) TRANQUILITY IP LLC
Inventor(s): Junbiao Zhang, Saurabh Mathur

Title: Flexible WLAN access point architecture capable of accommodating different user devices

 
Cross Reference / Shared Meaning between the Lines		 Charted Against:

Patent: US6505300B2
Filed: 1998-06-12
Issued: 2003-01-07
Patent Holder: (Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC
Inventor(s): Shannon Chan, Gregory Jensenworth, Mario C. Goertzel, Bharat Shah, Michael M. Swift, Richard B. Ward

Title: Method and system for secure running of untrusted content
[FEATURE ID: 1] methoddevice, process, server, medium, user, memory, network[FEATURE ID: 1] method, resource, computer, system
[TRANSITIVE ID: 2] controlling, determining, selecting, utilizingsupporting, establishing, using, implementing, providing, comprising, obtaining[TRANSITIVE ID: 2] having, provided, restricting, creating
[FEATURE ID: 3] user terminal access, identity request message, authenticating, authentication response, use, ongoing authentication process, authentication success, communicationauthorization, security, authentication, identification, parameters, entry, resources[FEATURE ID: 3] access, processes, information, access token, security information, content, restriction information, criteria available, data, unique information
[FEATURE ID: 4] wireless local area network, user terminal, authentication protocol, packet, module, state information, noncompliant user terminal, access pointnetwork, user, database, host, website, system, node[FEATURE ID: 4] computer system, process, parent token, readable medium, file, restricted security identifier, site identity, path, site, network site, Internet site, Uniform Resource Locator
[TRANSITIVE ID: 5] comprisingby, including, includes, involving, wherein[TRANSITIVE ID: 5] comprising
[FEATURE ID: 6] stepscomponents, elements, nodes[FEATURE ID: 6] resources
[TRANSITIVE ID: 7] receivingidentifying, acquiring, deriving, establishing, reading, detecting, requesting[TRANSITIVE ID: 7] determining
[FEATURE ID: 8] request, determination, second state indicative, third state indicativemessage, notification, decision, signal, result, query, user[FEATURE ID: 8] request, security identifier
[FEATURE ID: 9] responsesubsequent response, return, correspondence, reference, answer, reply[FEATURE ID: 9] response
[FEATURE ID: 10] mechanismagent, network, entity, interface[FEATURE ID: 10] untrusted source
[FEATURE ID: 11] authentication mechanism, authentication request, authentication server, authenticationapplication, access, address, interface, authorization, adapter, endpoint[FEATURE ID: 11] operating system
[FEATURE ID: 12] compatibleshared, registered, communicated, integrated, established, used, coupled[FEATURE ID: 12] associated
[FEATURE ID: 13] HTTP serverapplication, environment, mechanism[FEATURE ID: 13] security mechanism
[FEATURE ID: 14] browsercertificate, password, string, server[FEATURE ID: 14] cryptographic hash function
[FEATURE ID: 15] claimparagraph, preceding claim, item, clause, embodiment, requirement, step[FEATURE ID: 15] claim
[FEATURE ID: 16] protocolcredentials, messages, information[FEATURE ID: 16] network data
[FEATURE ID: 17] fourth state indicativedescription, type, certificate[FEATURE ID: 17] binary certificate identifier
1 . A method [FEATURE ID: 1]

for controlling [TRANSITIVE ID: 2]

user terminal access [FEATURE ID: 3]

to a wireless local area network [FEATURE ID: 4]

, comprising [TRANSITIVE ID: 5]

the steps [FEATURE ID: 6]

of : receiving [TRANSITIVE ID: 7]

from a user terminal [FEATURE ID: 4]

a request [FEATURE ID: 8]

to access the wireless local area network ; transmitting to the user terminal an identity request message [FEATURE ID: 3]

; receiving from the user terminal a response [FEATURE ID: 9]

to the identity request message ; determining [TRANSITIVE ID: 2]

whether the user terminal is IEEE 802.1 x compliant in response to the response to the identity request message ; selecting [TRANSITIVE ID: 2]

an authenticating [TRANSITIVE ID: 3]

mechanism [FEATURE ID: 10]

utilizing [TRANSITIVE ID: 2]

IEEE 802.1 x if said user terminal is IEEE 802.1 x compliant ; selecting an authentication mechanism [FEATURE ID: 11]

, compatible [FEATURE ID: 12]

with the user terminal , in response to a determination [FEATURE ID: 8]

that the user terminal is not IEEE 802.1 x compliant , for allowing user terminal access to the wireless local area network ; and if the user terminal is not IEEE 802.1 x compliant , redirecting an authentication request [FEATURE ID: 11]

to an HTTP server [FEATURE ID: 13]

for utilizing a browser [FEATURE ID: 14]

based authentication protocol [FEATURE ID: 4]

. 2 . The method according to claim [FEATURE ID: 15]

1 , further comprising the steps of , if the user terminal is IEEE 802.1 x compliant , transmitting an authentication request to an authentication server [FEATURE ID: 11]

and receiving an authentication response [FEATURE ID: 3]

utilizing IEEE 802.1 x protocol [FEATURE ID: 16]

, and controlling user terminal access to the wireless local area network in response to the authentication response . 3 . The method according to claim 1 , further comprising the step of configuring a packet [FEATURE ID: 4]

filtering module [FEATURE ID: 4]

to redirect the authentication request to the HTTP server . 4 . The method according to claim 3 , further comprising the step of maintaining state information [FEATURE ID: 4]

in the wireless local area network for use [FEATURE ID: 3]

by the packet filtering module and the HTTP server . 5 . The method according to claim 4 , wherein the state information includes one of a first state indicative of ongoing authentication process [FEATURE ID: 3]

, a second state indicative [FEATURE ID: 8]

of authentication failure , a third state indicative [FEATURE ID: 8]

of authentication success [FEATURE ID: 3]

, and a fourth state indicative [FEATURE ID: 17]

of a IEEE 802.1 x noncompliant user terminal [FEATURE ID: 4]

. 6 . An access point [FEATURE ID: 4]

in communication [FEATURE ID: 3]

with a user terminal in a wireless local area network , comprising : means to determine if the user terminal utilizes an IEEE 802.1 x protocol ; means for employing the IEEE 802.1 x. protocol in said access point , if said user terminal utilizes the IEEE 802.1 x. protocol ; and , means for employing an authentication [FEATURE ID: 11]

1 . In a computer system [FEATURE ID: 4]

having [TRANSITIVE ID: 2]

an operating system [FEATURE ID: 11]

provided [TRANSITIVE ID: 2]

security mechanism [FEATURE ID: 13]

that determines access [FEATURE ID: 3]

of processes [FEATURE ID: 3]

to resources [FEATURE ID: 6]

based on information [FEATURE ID: 3]

in an access token [FEATURE ID: 3]

associated [TRANSITIVE ID: 12]

with each of the processes against security information [FEATURE ID: 3]

associated with each of the resources , a method [FEATURE ID: 1]

of restricting [TRANSITIVE ID: 2]

access of content [FEATURE ID: 3]

to resources , comprising [TRANSITIVE ID: 5]

, setting up a process [FEATURE ID: 4]

for the content , determining [TRANSITIVE ID: 7]

restriction information [FEATURE ID: 3]

based on criteria available [FEATURE ID: 3]

to the computer system , automatically creating [TRANSITIVE ID: 2]

a restricted access token based on the restriction information , the restricted access token having reduced access relative to a parent token [FEATURE ID: 4]

, associating the restricted access token with the process , and in response [FEATURE ID: 9]

to a request [FEATURE ID: 8]

for access by the process to the resource [FEATURE ID: 1]

, the security mechanism determining access by evaluating data [FEATURE ID: 3]

in the restricted access token against separately maintained security information currently associated with the resource . 2 . The method of claim [FEATURE ID: 15]

1 wherein the content comprises data obtained from an untrusted source [FEATURE ID: 10]

. 3 . The method of claim 2 wherein the untrusted source comprises a computer [FEATURE ID: 1]

- readable medium [FEATURE ID: 4]

. 4 . The method of claim 2 wherein the content writes a file [FEATURE ID: 4]

to the system [FEATURE ID: 1]

, and further comprising generating a restricted security identifier [FEATURE ID: 4]

based on a site identity [FEATURE ID: 4]

, adding the security identifier [FEATURE ID: 8]

to security information of the file , and storing the file in the system . 5 . The method of claim 2 wherein the content writes a file to the system , and further comprising redirecting a path [FEATURE ID: 4]

provided by the content to a path associated with a site [FEATURE ID: 4]

. 6 . The method of claim 2 wherein the data comprises network data [FEATURE ID: 16]

and the untrusted source is a network site [FEATURE ID: 4]

. 7 . The method of claim 6 wherein the site is an Internet site [FEATURE ID: 4]

, and determining restriction information includes generating a security identifier from unique information [FEATURE ID: 3]

of the Internet site . 8 . The method of claim 7 wherein the unique information comprises a binary certificate identifier [FEATURE ID: 17]

of the Internet site . 9 . The method of claim 7 wherein the unique information comprises a Uniform Resource Locator [FEATURE ID: 4]

( URL ) of the Internet site , and wherein generating a security identifier includes converting the URL to the restricted security identifier . 10 . The method of claim 9 wherein converting the URL to the restricted security identifier includes hashing the URL with a cryptographic hash function [FEATURE ID: 14]