Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wi-Fi Redirect Gateway Patent for Hotspots

Posted by timothy on from the mmmm-submarine dept.

Glenn Fleishman writes "Over at WiFiNetNews.com, we just broke the story that Nomadix was issued a patent covering hotspot gateway page redirection. Nomadix makes hardware and software for the hotspot industry, and this patent would cover redirection used by community networking portals (like NoCat), sponsored free networks (like NewburyOpen.Net), and fee networks (like Wayport, T-Mobile HotSpot, and Cometa). It's unclear what terms Nomadix wants for a license, but this patent seems to take a standard way of doing business and put it under fee -- although Nomadix may have been the first firm to employ this method for proxy URL redirection."

13 of 172 comments (clear)

  1. It just takes a little bogus info over DHCP... by LostCluster · · Score: 5, Informative

    Most schools have a similar setup for incoming students on wired networks... and this company is claiming their patent is not specific to wireless.

    The trick is simple to explain... it's a conditional DHCP server. If the MAC address is recognized, the user is supplied valid DHCP information and is allowed to go about their way to the open Internet. If the MAC address is not on the guest list, then the user is supplied an IP address that's in a firewall-restricted range so they can't get out, and DNS server that will map any domain name to the same place, the internal "Please pay..." server. No matter what the user's homepage is, all requests on port 80 will lead to the "Please pay..." page, and all other requests will get dropped on the floor. The internal DHCP settings are set to renew very frequently, so once the user pays they just have to wait a few seconds for their current DHCP settings to expire, an the next lease comes with the proper info.

    Still, that setup could be complex to be patented...

    1. Re:It just takes a little bogus info over DHCP... by KrispyKringle · · Score: 4, Informative
      Actually, the far better way (far more secure, that is) is to give everyone IPs in the same range and have a default rule on the outgoing firewall (REDIRECT would be the iptables target) to redirect the destination on outgoing TCP/80 packets to the local authentication http server and allow no outgoing connections. Only after authentication is a special passthrough allowed for that IP/MAC combo.

      Even this method is open to session hijacking, depending largely on the behavior of the victim who's session is hijacked, but it's better than what you suggest (which only requires ignoring the DHCP server to bypass).

      Incidentally, I've been wrapping up a slightly more complex system of this for my employer. I can't remember where I got the idea to redirect outgoing port 80, but it seems pretty obvious to me. I know a couple of companies, such as Reefedge and Bluesocket that do pretty much the same thing.

      Prior art, anyone?

  2. May be invalid for most purposes by Anonymous Coward · · Score: 5, Informative

    According to this article on the NoCatNet mailing list.

  3. This isn't nearly as bad as it sounds... by poptix_work · · Score: 5, Informative

    They applied for a very specific patent:

    The basic claim (which is what
    matters, not the invention descriptions) has seven steps, ALL of which much
    happen for the patent to cover your activities:

    1. A method for redirecting an original destination address access request
    to a redirected destination address, the method comprising the steps of:

    receiving, at a gateway device, all original destination address access
    requests originating from a computer;

    determining, at the gateway device, which of the original destination
    address requests require redirection;

    storing the original destination address if redirection is required;

    modifying, at the gateway device, the original destination address access
    request and communicating the modified request to a redirection server if
    redirection is required;

    responding, at the redirection server, to the modified request with a
    browser redirect message that reassigns the modified request to an
    administrator-specified, redirected destination address;

    intercepting, at the gateway device, the browser redirect message and
    modifying it with the stored original destination address; and

    sending the modified browser redirect message to the computer, which
    automatically redirects the computer to the redirected destination address.

    --
    Just because you disagree doesn't make it offtopic or flamebait.
    1. Re:This isn't nearly as bad as it sounds... by zbaron · · Score: 5, Informative

      What has been described here sounds very similar to the SSG-SESM solution from Cisco Systems. This has been around for a very long time. I have been part of a project to implement an SSG solution for traffic accounting on a University network. We capture and redirect clients that have not logged in to a login page and once they have been authenticated, their browser continues to the originally requested location.

      In other projects this has been implemented as short DHCP leases and a bogus DNS that returns the same address for any hostname asked for. See NetReg2 for more details.

  4. It seems this patent is rather broken... by Qzukk · · Score: 4, Interesting

    The obvious workaround is to simply not redirect. Install a transparent proxy and serve up your desired page on the first request. This defeats

    "modifying, at the gateway device, the original destination address access request and communicating the modified request to a redirection server if redirection is required;"

    Better yet, claim 1 is fatally flawed. It includes the words "storing the original destination address if redirection is required". Claim 6 is likewise flawed: "stores the original destination address request if redirection is required". So the really obvious and easiest solution is to do exactly what you've been doing, except that you don't store where the user was trying to go, and they have to type the URL or back up and hit the link again.

    While this was a valiant attempt by Nomadix to patent a process that was in common usage (my university used something with this effect, though not necessarially this process when I first hooked up on its dorm network the second half of my sophomore year, in '98), it ultimately falls short of the goal, and Nomadix should fire whatever patent attourney they had file this one.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  5. Re:Is it just me... by KrispyKringle · · Score: 4, Insightful
    Yes. It is a big deal.

    If you provide wireless over a large area, you don't mind perhaps putting up small signs to advertise that it's available in this area, but you don't want to have to put all the instructions, terms of use, etc up there. That's a lot of text.

    We aren't talking about businesses who's employees all already know this stuff. We're talking about universities, hotspots in hotels and airports, etc. Public hotspots, where users have to read a terms of use agreement and instructions before continuing, and who may not be the least bit familiar with the necessary steps.

    A lot of these sorts of people do this now. I can't remember where I got the idea for this myself, but I doubt I read it off of their patent application.

  6. We did something like this. by threedays · · Score: 4, Informative

    A company I worked for did this for wired networks, mostly hotels. Instead of DHCP, we actually had an arp spoofer, so we would pretend to be whatever gateway you wanted (if you had a static ip setup), or wed serve you dhcp, or whatever you asked for.

    No matter what webpage you requested, you got the sign up page to buy access. Pretty basic, and most hotel type places employ a system similar to this.

    this comment is probably not relevant.

  7. What do you expect? by craw · · Score: 5, Funny

    Patent this, patent that, stupid patents, obvious patents, blah, blah, blah.

    Geez, what do you expect? Do you really think that you are going to find an Einstein in the patent office?

    No, wait.

  8. Re:My Thoughts by Colonel+Panic · · Score: 4, Informative

    Patent laws in the United States are the way they are to create a fair and balanced capitalistic society.

    Yeah, raise your hand if you still believe that one...

    The idea of the patent is enshrined in our consititution and it was intended to promote innovation, but that's not all. The patent was also intended to allow the sharing of ideas so that all of society could benefit. However, a lot of patent law has been changed in the last decade-or-so in order to tilt the balance in the direction of the large corporations.
    Used to be you couldn't patent software or algorithms, for example.

    No, the way the patent system is setup now is sort of like the fox guarding the henhouse. The patent office relies on the submitter to determine prior art and the patent office tends to lean in the direction of granting patents and letting the lawyers sort it out later. It's a full employment program for lawyers and the little guy doesn't have the cash to survive a court battle, only the corporations can afford that.

  9. Re:no-auth? by ryanjensen · · Score: 4, Informative
    In this case, it took nearly four years to get the patent. United States Patent #6,636,894 was applied for on December 8, 1999 and was issued on October 21, 2003.

    Here's an easy way to tell if OSS came up with it first: when was the OSS project started, before or after December 8, 1999?

    --
    The Ezine Directory
  10. Similar product from 1998 by jpslacker · · Score: 5, Informative

    A company I used to work for(CAIS Internet/Ardent Communications) had a gateway system that did this over five years ago for wired networks. Here are some links to old press releases refering to the gatway system, the IPORT. http://www.kiosks.org/newsbits/2000/021500d.htm http://news.com.com/2100-1033-207372.html?legacy=c net Ardent sold the system to Cisco in 2001: http://newsroom.cisco.com/dlls/prod_022001.html A short description of the software can be found here: http://www.isp-planet.com/equipment/iport.html

  11. Re:In all fairness by LostCluster · · Score: 4, Insightful

    Sadly, once a patent is gotten, it tends to take a life of it's own because of investor pressures. Patents do not help the honest littel inventor in the back yard (99% of the time) - I wish we could just get rid of them.

    Yet, patents are something we just can't get rid of. Think of the medicine industry. To get a new drug, they have to do lots of research and testing... and sometimes the tests end in a failure which means all the money spent on the project is lost, it's a dud. When a working pill is invented, it might take only pennies to make the actual pill, but the research company has got to be paid for its effort. That's where the patent protection comes in, it allows the company to charge an inflated price for a specified number of years in order to recoop that investment... after which time the buzzer sounds and the generics rush in and the price plumets to be in line with the cost of the pill itself and not the discovery of the pill.

    How long that protection lasts, and what's enough of an advance to qualify for protection are both points for debate, but we can't exactly throw out patents all together if we want research to go forward...