Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Redirect Gateway Patent for Hotspots

Posted by timothy on from the mmmm-submarine dept.

Glenn Fleishman writes "Over at WiFiNetNews.com, we just broke the story that Nomadix was issued a patent covering hotspot gateway page redirection. Nomadix makes hardware and software for the hotspot industry, and this patent would cover redirection used by community networking portals (like NoCat), sponsored free networks (like NewburyOpen.Net), and fee networks (like Wayport, T-Mobile HotSpot, and Cometa). It's unclear what terms Nomadix wants for a license, but this patent seems to take a standard way of doing business and put it under fee -- although Nomadix may have been the first firm to employ this method for proxy URL redirection."

24 of 172 comments (clear)

  1. It just takes a little bogus info over DHCP... by LostCluster · · Score: 5, Informative

    Most schools have a similar setup for incoming students on wired networks... and this company is claiming their patent is not specific to wireless.

    The trick is simple to explain... it's a conditional DHCP server. If the MAC address is recognized, the user is supplied valid DHCP information and is allowed to go about their way to the open Internet. If the MAC address is not on the guest list, then the user is supplied an IP address that's in a firewall-restricted range so they can't get out, and DNS server that will map any domain name to the same place, the internal "Please pay..." server. No matter what the user's homepage is, all requests on port 80 will lead to the "Please pay..." page, and all other requests will get dropped on the floor. The internal DHCP settings are set to renew very frequently, so once the user pays they just have to wait a few seconds for their current DHCP settings to expire, an the next lease comes with the proper info.

    Still, that setup could be complex to be patented...

    1. Re:It just takes a little bogus info over DHCP... by sammy+baby · · Score: 3, Insightful
      Most schools have a similar setup for incoming students on wired networks... and this company is claiming their patent is not specific to wireless.

      Funny you should mention that. I'm an employee of a state system of higher education (I leave figuring out which one as an exercise for the reader). Several of the schools that I deal with in the system are using Bluesocket boxes which would almost certainly be considered infringing devices. It will be interesting to see if Nomadix only approaches other vendors, or if they use the SCO tactic and go straight to consumers.
    2. Re:It just takes a little bogus info over DHCP... by jonabbey · · Score: 3, Insightful

      Yeah, we discussed doing exactly that here several years ago, for those users whose systems didn't have their MAC addresses properly registered in our systems database.

      If only I had realized we had a non-obvious, patentable idea that we could claim over everyone in the country, we'd be rich.

      --
      - jon

      Ganymede, a GPL'ed metadirectory for UNIX
    3. Re:It just takes a little bogus info over DHCP... by enosys · · Score: 3, Interesting

      What happens if someone just manually sets their own settings instead of using DHCP? Can they get on the net then without going through the redirection?

    4. Re:It just takes a little bogus info over DHCP... by KrispyKringle · · Score: 4, Informative
      Actually, the far better way (far more secure, that is) is to give everyone IPs in the same range and have a default rule on the outgoing firewall (REDIRECT would be the iptables target) to redirect the destination on outgoing TCP/80 packets to the local authentication http server and allow no outgoing connections. Only after authentication is a special passthrough allowed for that IP/MAC combo.

      Even this method is open to session hijacking, depending largely on the behavior of the victim who's session is hijacked, but it's better than what you suggest (which only requires ignoring the DHCP server to bypass).

      Incidentally, I've been wrapping up a slightly more complex system of this for my employer. I can't remember where I got the idea to redirect outgoing port 80, but it seems pretty obvious to me. I know a couple of companies, such as Reefedge and Bluesocket that do pretty much the same thing.

      Prior art, anyone?

  2. May be invalid for most purposes by Anonymous Coward · · Score: 5, Informative

    According to this article on the NoCatNet mailing list.

  3. Is it just me... by jhoffoss · · Score: 3, Interesting
    or would it not be all that difficult for a business to just put up a sign saying "Go to http://blah.com to begin" and deny everything else until a client does so?

    Sure URL redirection is neat, but is this that big a deal?

    As a standard prior art question, has anyone seen anything like this for wired networks or similar applications?

    --
    Linux: The world's best text-adventure game.
    1. Re:Is it just me... by KrispyKringle · · Score: 4, Insightful
      Yes. It is a big deal.

      If you provide wireless over a large area, you don't mind perhaps putting up small signs to advertise that it's available in this area, but you don't want to have to put all the instructions, terms of use, etc up there. That's a lot of text.

      We aren't talking about businesses who's employees all already know this stuff. We're talking about universities, hotspots in hotels and airports, etc. Public hotspots, where users have to read a terms of use agreement and instructions before continuing, and who may not be the least bit familiar with the necessary steps.

      A lot of these sorts of people do this now. I can't remember where I got the idea for this myself, but I doubt I read it off of their patent application.

  4. In all fairness by argoff · · Score: 3, Informative

    I hate (all) patents, but after working in technology companies awhile, I realized that many companies get patents because they half to - to keep someone else from getting one and screwing them over, and to get into cross-licensing agreements with other large companies - to keep them from being screwed over even more (with patent liability crap).

    Sadly, once a patent is gotten, it tends to take a life of it's own because of investor pressures. Patents do not help the honest littel inventor in the back yard (99% of the time) - I wish we could just get rid of them.

    1. Re:In all fairness by LostCluster · · Score: 4, Insightful

      Sadly, once a patent is gotten, it tends to take a life of it's own because of investor pressures. Patents do not help the honest littel inventor in the back yard (99% of the time) - I wish we could just get rid of them.

      Yet, patents are something we just can't get rid of. Think of the medicine industry. To get a new drug, they have to do lots of research and testing... and sometimes the tests end in a failure which means all the money spent on the project is lost, it's a dud. When a working pill is invented, it might take only pennies to make the actual pill, but the research company has got to be paid for its effort. That's where the patent protection comes in, it allows the company to charge an inflated price for a specified number of years in order to recoop that investment... after which time the buzzer sounds and the generics rush in and the price plumets to be in line with the cost of the pill itself and not the discovery of the pill.

      How long that protection lasts, and what's enough of an advance to qualify for protection are both points for debate, but we can't exactly throw out patents all together if we want research to go forward...

  5. Re:Damn... by Quirk · · Score: 3, Insightful

    The US Patent Office is just busy ensuring the future of America. When the rest of the world wakes up they'll face a bright new day of technological serfdom. Patents are the new chains of the third world.

    --
    "Academicians are more likely to share each other's toothbrush than each other's nomenclature."
    Cohen
  6. This isn't nearly as bad as it sounds... by poptix_work · · Score: 5, Informative

    They applied for a very specific patent:

    The basic claim (which is what
    matters, not the invention descriptions) has seven steps, ALL of which much
    happen for the patent to cover your activities:

    1. A method for redirecting an original destination address access request
    to a redirected destination address, the method comprising the steps of:

    receiving, at a gateway device, all original destination address access
    requests originating from a computer;

    determining, at the gateway device, which of the original destination
    address requests require redirection;

    storing the original destination address if redirection is required;

    modifying, at the gateway device, the original destination address access
    request and communicating the modified request to a redirection server if
    redirection is required;

    responding, at the redirection server, to the modified request with a
    browser redirect message that reassigns the modified request to an
    administrator-specified, redirected destination address;

    intercepting, at the gateway device, the browser redirect message and
    modifying it with the stored original destination address; and

    sending the modified browser redirect message to the computer, which
    automatically redirects the computer to the redirected destination address.

    --
    Just because you disagree doesn't make it offtopic or flamebait.
    1. Re:This isn't nearly as bad as it sounds... by zbaron · · Score: 5, Informative

      What has been described here sounds very similar to the SSG-SESM solution from Cisco Systems. This has been around for a very long time. I have been part of a project to implement an SSG solution for traffic accounting on a University network. We capture and redirect clients that have not logged in to a login page and once they have been authenticated, their browser continues to the originally requested location.

      In other projects this has been implemented as short DHCP leases and a bogus DNS that returns the same address for any hostname asked for. See NetReg2 for more details.

  7. It seems this patent is rather broken... by Qzukk · · Score: 4, Interesting

    The obvious workaround is to simply not redirect. Install a transparent proxy and serve up your desired page on the first request. This defeats

    "modifying, at the gateway device, the original destination address access request and communicating the modified request to a redirection server if redirection is required;"

    Better yet, claim 1 is fatally flawed. It includes the words "storing the original destination address if redirection is required". Claim 6 is likewise flawed: "stores the original destination address request if redirection is required". So the really obvious and easiest solution is to do exactly what you've been doing, except that you don't store where the user was trying to go, and they have to type the URL or back up and hit the link again.

    While this was a valiant attempt by Nomadix to patent a process that was in common usage (my university used something with this effect, though not necessarially this process when I first hooked up on its dorm network the second half of my sophomore year, in '98), it ultimately falls short of the goal, and Nomadix should fire whatever patent attourney they had file this one.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  8. We did something like this. by threedays · · Score: 4, Informative

    A company I worked for did this for wired networks, mostly hotels. Instead of DHCP, we actually had an arp spoofer, so we would pretend to be whatever gateway you wanted (if you had a static ip setup), or wed serve you dhcp, or whatever you asked for.

    No matter what webpage you requested, you got the sign up page to buy access. Pretty basic, and most hotel type places employ a system similar to this.

    this comment is probably not relevant.

  9. What do you expect? by craw · · Score: 5, Funny

    Patent this, patent that, stupid patents, obvious patents, blah, blah, blah.

    Geez, what do you expect? Do you really think that you are going to find an Einstein in the patent office?

    No, wait.

  10. Re:My Thoughts by Colonel+Panic · · Score: 4, Informative

    Patent laws in the United States are the way they are to create a fair and balanced capitalistic society.

    Yeah, raise your hand if you still believe that one...

    The idea of the patent is enshrined in our consititution and it was intended to promote innovation, but that's not all. The patent was also intended to allow the sharing of ideas so that all of society could benefit. However, a lot of patent law has been changed in the last decade-or-so in order to tilt the balance in the direction of the large corporations.
    Used to be you couldn't patent software or algorithms, for example.

    No, the way the patent system is setup now is sort of like the fox guarding the henhouse. The patent office relies on the submitter to determine prior art and the patent office tends to lean in the direction of granting patents and letting the lawyers sort it out later. It's a full employment program for lawyers and the little guy doesn't have the cash to survive a court battle, only the corporations can afford that.

  11. Re:no-auth? by ryanjensen · · Score: 4, Informative
    In this case, it took nearly four years to get the patent. United States Patent #6,636,894 was applied for on December 8, 1999 and was issued on October 21, 2003.

    Here's an easy way to tell if OSS came up with it first: when was the OSS project started, before or after December 8, 1999?

    --
    The Ezine Directory
  12. Similar product from 1998 by jpslacker · · Score: 5, Informative

    A company I used to work for(CAIS Internet/Ardent Communications) had a gateway system that did this over five years ago for wired networks. Here are some links to old press releases refering to the gatway system, the IPORT. http://www.kiosks.org/newsbits/2000/021500d.htm http://news.com.com/2100-1033-207372.html?legacy=c net Ardent sold the system to Cisco in 2001: http://newsroom.cisco.com/dlls/prod_022001.html A short description of the software can be found here: http://www.isp-planet.com/equipment/iport.html

  13. Re:How do I do this on my home WLAN? by eggboard · · Score: 3, Informative

    See Nocat and Austin's Less Networks.

    --
    Freelance tech journalist for the Economist, MIT Technology Review, Macworld, and others
  14. Re:Damn... by Phillup · · Score: 3, Insightful

    Well, for the last four years I've had a squid proxy set up that required the users to authenticate before they were allowed access to the internet... and it did it long before I ever needed it.

    From the article this looks to be what they patented.

    The only difference is how the authentication tokens get into the database... and any system architect worth a damn could solve that problem if faced with it.

    I'd say that there is prior art... and, that anyone versed in the art could come up with the solution...

    Either of these facts alone is supposed to be enough to reject a patent.

    --

    --Phillip

    Can you say BIRTH TAX
  15. Re:My Thoughts by pla · · Score: 3, Interesting

    This is news, but only in the sense that Nomadix was the first to patent this idea that will possibly become quite important in the future.

    Patents also theoretically require their subject to count as non-obvious (the single criterion the USPTO seems to conveniently overlook most often, IMO)... Nomadix may have done it first, and even filed for a patent first, but that doesn't make this any more "right". If truly an act of creation, then doing it first and filing first matters; In this case, they just beat the rush of literally hundreds of people who "discovered" the exact same solution to a particular problem, all within a very small timeframe. That strongly suggests this as an "obvious" solution, thus invalidating it for a patent.

    That doesn't mean the USPTO sees it that way, however. The same USPTO that doesn't consider "store a cookie with customer data in it" as obvious. The same USPTO that, although overturned just today, actually ISSUED a patent that Lemelson deliberately stalled in the pipeline for half-a-freakin'-century to pop up recently and start extorting with.

    So will this stand? It wouldn't surprise me. But to actually call it "fair" or in any way "non-obvious"? No way in hell. Using a butterknife to tighten a screw may sound like an admirable way to deal with the lack of a screwdriver, but any moron with a knife, a screw, and no screwdriver, will come up with the same solution, even in isolation.

  16. Re:no-auth? by ajagci · · Score: 3, Interesting

    Well, just within a few minutes, I found dynacc, which offered similar functionality in July 1999.

    But more importantly, the patent should be invalid simply because it's an obvious engineering solution. I'm sure we can find previous commercial or free implementations that go back to the early 1990's.

    As for why it took four years to get the patent--who knows. Maybe it was poorly written or maybe it was iffy to begin with. I also don't see what difference it would make even if this were a proper patent.

  17. What to do? by teamhasnoi · · Score: 3, Informative
    The way I understand it, the Patent office can't investigate many patents as the things discussed are beyond the ken of the Examiners. The Patent office accepts most everything applied for this reason, plus, every submission means money for the office.

    It is in the Patent Office's best interest to accept everything and let lawyers battle it out.

    So, why would someone smart enough to do a great job at an understaffed office work for government pay and crappy workload when they can work in the private sector for more $$$ and recognition?

    Why would the Patent Office examine patents thoroughly when they don't have to? When it is in their best interest to be a cash cow for the government? When the private sector does all the work, research, and 'enforcement'?

    How can we change the Patent office so that it's useful again? Here is a rather extensive history of the Patent Office. (When it was useful)

    Answer these questions that are clouded by money, and we could have patents that actually encourage innovation and invention rather than controlling the use of obvious technology for which prior art is bigger than life.