Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Redirect Gateway Patent for Hotspots

Posted by timothy on from the mmmm-submarine dept.

Glenn Fleishman writes "Over at WiFiNetNews.com, we just broke the story that Nomadix was issued a patent covering hotspot gateway page redirection. Nomadix makes hardware and software for the hotspot industry, and this patent would cover redirection used by community networking portals (like NoCat), sponsored free networks (like NewburyOpen.Net), and fee networks (like Wayport, T-Mobile HotSpot, and Cometa). It's unclear what terms Nomadix wants for a license, but this patent seems to take a standard way of doing business and put it under fee -- although Nomadix may have been the first firm to employ this method for proxy URL redirection."

18 of 172 comments (clear)

  1. It just takes a little bogus info over DHCP... by LostCluster · · Score: 5, Informative

    Most schools have a similar setup for incoming students on wired networks... and this company is claiming their patent is not specific to wireless.

    The trick is simple to explain... it's a conditional DHCP server. If the MAC address is recognized, the user is supplied valid DHCP information and is allowed to go about their way to the open Internet. If the MAC address is not on the guest list, then the user is supplied an IP address that's in a firewall-restricted range so they can't get out, and DNS server that will map any domain name to the same place, the internal "Please pay..." server. No matter what the user's homepage is, all requests on port 80 will lead to the "Please pay..." page, and all other requests will get dropped on the floor. The internal DHCP settings are set to renew very frequently, so once the user pays they just have to wait a few seconds for their current DHCP settings to expire, an the next lease comes with the proper info.

    Still, that setup could be complex to be patented...

    1. Re:It just takes a little bogus info over DHCP... by KrispyKringle · · Score: 4, Informative
      Actually, the far better way (far more secure, that is) is to give everyone IPs in the same range and have a default rule on the outgoing firewall (REDIRECT would be the iptables target) to redirect the destination on outgoing TCP/80 packets to the local authentication http server and allow no outgoing connections. Only after authentication is a special passthrough allowed for that IP/MAC combo.

      Even this method is open to session hijacking, depending largely on the behavior of the victim who's session is hijacked, but it's better than what you suggest (which only requires ignoring the DHCP server to bypass).

      Incidentally, I've been wrapping up a slightly more complex system of this for my employer. I can't remember where I got the idea to redirect outgoing port 80, but it seems pretty obvious to me. I know a couple of companies, such as Reefedge and Bluesocket that do pretty much the same thing.

      Prior art, anyone?

    2. Re:It just takes a little bogus info over DHCP... by LostCluster · · Score: 2, Informative

      In most such setups, yes. However, somebody trying to guess their way in would eventually get noticed... IP traffic will start coming from an address the server hasn't leased to anybody, and there's a MAC that's not on the approved list trying to get out.

      MAC spoofing might be a possible hole, but it would eventually get caught when the same user appears to be in two places at the same time.

    3. Re:It just takes a little bogus info over DHCP... by ryanjensen · · Score: 2, Informative

      Because the patent text details a *novel* and *non-obvious* way to do it. Yes, you can say "Any network obviously needs to have users authenticate themselves." True, but that's not the point of the patent ... this patent protects the *specific* method of implementing user authentication outlined in its text.

      --
      The Ezine Directory
  2. May be invalid for most purposes by Anonymous Coward · · Score: 5, Informative

    According to this article on the NoCatNet mailing list.

  3. In all fairness by argoff · · Score: 3, Informative

    I hate (all) patents, but after working in technology companies awhile, I realized that many companies get patents because they half to - to keep someone else from getting one and screwing them over, and to get into cross-licensing agreements with other large companies - to keep them from being screwed over even more (with patent liability crap).

    Sadly, once a patent is gotten, it tends to take a life of it's own because of investor pressures. Patents do not help the honest littel inventor in the back yard (99% of the time) - I wish we could just get rid of them.

  4. This isn't nearly as bad as it sounds... by poptix_work · · Score: 5, Informative

    They applied for a very specific patent:

    The basic claim (which is what
    matters, not the invention descriptions) has seven steps, ALL of which much
    happen for the patent to cover your activities:

    1. A method for redirecting an original destination address access request
    to a redirected destination address, the method comprising the steps of:

    receiving, at a gateway device, all original destination address access
    requests originating from a computer;

    determining, at the gateway device, which of the original destination
    address requests require redirection;

    storing the original destination address if redirection is required;

    modifying, at the gateway device, the original destination address access
    request and communicating the modified request to a redirection server if
    redirection is required;

    responding, at the redirection server, to the modified request with a
    browser redirect message that reassigns the modified request to an
    administrator-specified, redirected destination address;

    intercepting, at the gateway device, the browser redirect message and
    modifying it with the stored original destination address; and

    sending the modified browser redirect message to the computer, which
    automatically redirects the computer to the redirected destination address.

    --
    Just because you disagree doesn't make it offtopic or flamebait.
    1. Re:This isn't nearly as bad as it sounds... by zbaron · · Score: 5, Informative

      What has been described here sounds very similar to the SSG-SESM solution from Cisco Systems. This has been around for a very long time. I have been part of a project to implement an SSG solution for traffic accounting on a University network. We capture and redirect clients that have not logged in to a login page and once they have been authenticated, their browser continues to the originally requested location.

      In other projects this has been implemented as short DHCP leases and a bogus DNS that returns the same address for any hostname asked for. See NetReg2 for more details.

  5. Re:Damn... by cleverhandle · · Score: 2, Informative
    Except that patents were created to protect inventions, and there's a good bit of difference between an idea and an invention. Specifically, an "invention" implies some novel kind of implementation, and it's not clear in this case that there's anything to the implementation beyond simply using networking tools and protocols already available.

    At least, that appears to be the issue here. I don't know enough about the technology here to say whether the implementation was actually novel or not. But the distinction is worth making regardless...

  6. Hotel networks have done this before WiFi by -tji · · Score: 2, Informative

    The link the the USPTO did not work for me, so I cannot see the dates on the patent. But, there were companies doing this exact same thing in hotel networks well before WiFi came around.

  7. We did something like this. by threedays · · Score: 4, Informative

    A company I worked for did this for wired networks, mostly hotels. Instead of DHCP, we actually had an arp spoofer, so we would pretend to be whatever gateway you wanted (if you had a static ip setup), or wed serve you dhcp, or whatever you asked for.

    No matter what webpage you requested, you got the sign up page to buy access. Pretty basic, and most hotel type places employ a system similar to this.

    this comment is probably not relevant.

  8. Re:My Thoughts by Colonel+Panic · · Score: 4, Informative

    Patent laws in the United States are the way they are to create a fair and balanced capitalistic society.

    Yeah, raise your hand if you still believe that one...

    The idea of the patent is enshrined in our consititution and it was intended to promote innovation, but that's not all. The patent was also intended to allow the sharing of ideas so that all of society could benefit. However, a lot of patent law has been changed in the last decade-or-so in order to tilt the balance in the direction of the large corporations.
    Used to be you couldn't patent software or algorithms, for example.

    No, the way the patent system is setup now is sort of like the fox guarding the henhouse. The patent office relies on the submitter to determine prior art and the patent office tends to lean in the direction of granting patents and letting the lawyers sort it out later. It's a full employment program for lawyers and the little guy doesn't have the cash to survive a court battle, only the corporations can afford that.

  9. Re:no-auth? by ryanjensen · · Score: 4, Informative
    In this case, it took nearly four years to get the patent. United States Patent #6,636,894 was applied for on December 8, 1999 and was issued on October 21, 2003.

    Here's an easy way to tell if OSS came up with it first: when was the OSS project started, before or after December 8, 1999?

    --
    The Ezine Directory
  10. Similar product from 1998 by jpslacker · · Score: 5, Informative

    A company I used to work for(CAIS Internet/Ardent Communications) had a gateway system that did this over five years ago for wired networks. Here are some links to old press releases refering to the gatway system, the IPORT. http://www.kiosks.org/newsbits/2000/021500d.htm http://news.com.com/2100-1033-207372.html?legacy=c net Ardent sold the system to Cisco in 2001: http://newsroom.cisco.com/dlls/prod_022001.html A short description of the software can be found here: http://www.isp-planet.com/equipment/iport.html

  11. Re:How do I do this on my home WLAN? by eggboard · · Score: 3, Informative

    See Nocat and Austin's Less Networks.

    --
    Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
  12. What to do? by teamhasnoi · · Score: 3, Informative
    The way I understand it, the Patent office can't investigate many patents as the things discussed are beyond the ken of the Examiners. The Patent office accepts most everything applied for this reason, plus, every submission means money for the office.

    It is in the Patent Office's best interest to accept everything and let lawyers battle it out.

    So, why would someone smart enough to do a great job at an understaffed office work for government pay and crappy workload when they can work in the private sector for more $$$ and recognition?

    Why would the Patent Office examine patents thoroughly when they don't have to? When it is in their best interest to be a cash cow for the government? When the private sector does all the work, research, and 'enforcement'?

    How can we change the Patent office so that it's useful again? Here is a rather extensive history of the Patent Office. (When it was useful)

    Answer these questions that are clouded by money, and we could have patents that actually encourage innovation and invention rather than controlling the use of obvious technology for which prior art is bigger than life.

  13. Re:My Thoughts by Dun+Malg · · Score: 2, Informative
    Using a butterknife to tighten a screw may sound like an admirable way to deal with the lack of a screwdriver, but any moron with a knife, a screw, and no screwdriver, will come up with the same solution, even in isolation.

    That moron better have a good lawyer, because if the butterknife is in any way ornamental, he's in big trouble.

    Seriously though, whatever did happen to the "non-obvious" thing with regard to patents?

    --
    If a job's not worth doing, it's not worth doing right.
  14. Re:Is it just me... by KrispyKringle · · Score: 2, Informative
    True, you did. My apologies.

    That said, I still think that a) some places signs aren't obvious or can't be placed everywhere (do you really want to plaster a library with signs about wifi? what about parks and open locations?) and b) it's just easier to do it in such a way that all someone has to do is connect to the network to find out how to use it.

    Not saying it's a big deal, but the redirection thing is pretty nice. Also, it has the benefit of only harassing people who aren't yet authenticated (so that if you're MAC is authenticated, you don't need to go to the page to find out if you can connect or if difficulties are your fault or the network's, you can just try and connect and see the page if necessary). All in all, it's a neater solution.

    More to the point, it's one used by at least two commercial hardware vendors (bluesocket and reefedge, as I mentioned in a previous post) and by a number of private network admins and projects (the NoCat Auth project uses this method, as do I in something I wrote for work). I can't remember where I first got the idea, but it's certainly one that's somewhere out there in the ether, floating about, free for the taking. I find it hard to believe that this company truly invented it first, or that it's particularly non-obvious even if they did.