`Case 1:19—cv-01181 Document 1-1 Filed 12/03/19 Page 1 of 26
`
`1:19-CV-1181
`
`1:19-CV-1181
`
`Exhibit 1
`
`Exhibit 1
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 2 of 26
`
`US007526538B2
`
`(12) Ulllted States Patent
`Wilson
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,526,538 B2
`*Apr. 28, 2009
`
`(54) SYSTEM USING SERVER TO PROVIDE
`MOBILE COMPUTER ACCESSING TO A
`DIFFERENT NETWORK WITHOUT
`
`RECONFIGURING THE MOBILE
`COMPUTER
`
`(75) Inventor: Tim Wilson, Halifax (CA)
`
`(73) Assignee; solutionlnc Limited’ Halifax’ Nova
`Scotia (CA)
`
`(
`
`) Not1ce.
`
`Subject' to any d1scla1mer, the term of this
`patent 15 extended or adjusted under 35
`U.S.C. 154(b) by 504 days.
`
`(56)
`
`References Cited
`
`U~S~ PATENT DOCUMENTS
`
`1/1997 Slaughter et a1. .......... .. 709/219
`5,598,536 A *
`8/1998 Sistanizadeh et a1. ..... .. 370/401
`5,790,548 A *
`5,835,725 A * 11/1998 Chiang et a1. ............. .. 709/228
`5,918,016 A *
`6/1999 Brewer et a1.
`709/220
`6,058,431 A *
`5/2000 Srisuresh et a1. ..
`709/245
`6,101,499 A *
`8/2000 Ford et a1. .................. .. 707/10
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`WO
`
`WO99/46890 A1
`
`9/1999
`
`This patent is subject to a terminal dis-
`cla1mer.
`
`Primary ExamineriLe Luu
`
`(21) App1.N0.: 11/176,387
`-
`_
`(22) Flled'
`(65)
`
`Jul‘ 8’ 2005
`Prior Publication Data
`
`Us 2005/0256958 A1
`
`NOV- 17, 2005
`_
`_
`Related U's' Apphcatlon Data
`(62) Division of application No_ 09/742,006’ ?led on Dec_
`22’ 2000, HOW pat NO_ 7,007,080
`_
`_
`_
`_
`(60) PrOVlslOnal aPPhCaUOn NO- 60/171544: ?led on Dec-
`27’ 1999-
`
`_
`_
`_
`_
`_
`Forelgn Apphcatlon Pnonty Data
`(30)
`Dec. 23, 1999
`(CA) ................................ .. 2,293,765
`
`(51) Int. Cl.
`(2006.01)
`G06F 15/1 77
`(52) us. Cl. ...................... .. 709/220; 709/221; 709/225
`(58) Field of Classi?cation Search ............... .. 709/220,
`709/221, 223, 245, 222, 227, 229, 224, 225;
`370/401; 379/8817
`See application ?le for complete search history.
`
`(57)
`
`ABSTRACT
`
`A server and method is provided that allows a computer
`con?gured for a different network to access a network with
`out hardware or software con?guration changes to the com
`puter. The invention allows users to plug into the network and
`access not only the network that their computer is connected
`to but also to the Internet, the Worldwide Web and the indi
`vidual’s email. This is particularly useful to visitors to mul
`tiple unit buildings such as hotels. Not only can the service be
`provided by the server and method of the invention connected
`to and carried out on the network but it does not require
`manual con?guration changes to the computer or new soft
`ware or hardware for the computer. In situations where access
`is to be controlled this is done through a registration driver
`and module. Only registered guests have access to the net
`Work and the services and access it provides' The invention
`determines and assigns addressing information to properly
`direct traf?c to and from the computer. The invention pro
`vides for the storage and maintenance of the addressing data.
`Registration status information and billing information is
`Collected and maintained to determine access to and billing
`for Services
`
`23 Claims, 8 Drawing Sheets
`
`SolutionlPTM Overview
`
`[E]
`
`309
`
`30s
`
`Interior
`
`4—
`
`308
`
`301
`
`KMIIGIIUM
`
`y
`
`_—T
`
`B 310
`lill?
`:lgktnu?fl
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 3 of 26
`
`US 7,526,538 B2
`Page 2
`
`US. PATENT DOCUMENTS
`_
`6,141,686 A * 10/2000 Jackowsk1 et a1. ........ .. 709/224
`6,233,318 131*
`5/2001 Picard etal- ---- --
`- 379/8817
`6345294 131*
`2/2002 O’T0O1e er al-
`709/222
`6,393,484 131*
`5/2002 Massmnl
`709/227
`6,466,981 B1* 10/2002 Levy ..... ..
`709/227
`6,510,153 B1 *
`1/2003 Inoue et a1. ............... .. 370/354
`
`7/2003 Redlich .................... .. 709/245
`6,591,306 B1 *
`6,614,774 B1* 9/2003 Wang .... ..
`370/338
`6,711,241 131*
`3/2004 White et a1‘ ________ “ 379/8817
`6,748,439 B1* 6/2004 Monachello e161. ...... .. 709/229
`7,007,080 B2* 2/2006 Wilson ........... ..
`.709/221
`2001/0055308 A1* 12/2001 Afrakhteh e161. ......... .. 370/401
`
`* cited by examiner
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 4 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 1 of8
`
`US 7,526,538 B2
`
`
`
`.wmu_Emm E61
`
`
`
`8525 23am
`
`mop
`
`EU
`
`
`
`52% 532258
`
`NE.
`
`For
`
`
`
`Eoom _2oI
`
`
`
`EuEcP-Ec? $35 5 5.3355 Siam 18E‘? ?uwm
`
`
`
`
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 5 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 2 of8
`
`US 7,526,538 B2
`
`j 209
`
`"hint-nine‘
`f\
`Billing Dam
`
`203
`
`I S I
`H t
`0 e EI'VICBS
`
`<E/N
`g9 SolutionlPTM
`
`Pom
`
`Guest
`
`___ 207_ ..........
`
`......... ._/
`
`IP (‘I’CP,UDP)
`
`201
`
`204
`IIIIIIIIIIIIIIIIIIIIIIIIIII_\
`1P rmPwP) ______________________________ __
`\~J\ Public Internet
`
`208
`
`"\7/
`
`Fig. 2 Functional Block
`Diagram
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 6 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 3 of8
`
`US 7,526,538 B2
`
`301
`
`302
`%H Interior
`
`lnll?lcl
`
`Hotel Guns!
`
`SolutionlPTM Overview
`
`309
`
`IPFW
`Fomudlng
`Rules
`
`Exterior
`L Int-men
`
`311
`
`Gun!
`Sorvicn
`
`Fig. 3 Server Components and
`Interactions
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 7 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 4 of8
`
`US 7,526,538 B2
`
`SolutionlP DHCP Startup
`
`_
`1) Chan! and:
`DHCP request
`
`5) NAT I: not perform“!
`on mm? mm:
`
`5) DHCP nspomo I:
`passed to ARP which
`ntriavls MAC from soln
`
`407
`
`401
`
`402
`4+ #12332.’
`‘é;
`
`\\
`
`403
`
`‘
`
`/
`
`(performed
`\ 3) NAT is
`an DHCP nqulst
`
`Hotel Guest
`
`T) Cllenl rncnivu
`DHCP ruponu
`
`2) NAT chock: far I? and
`lnigns on. if not
`alrndy lllocahd.
`
`Registration
`Device '
`Driver
`
`404
`
`4) Request is procund by DHCP,
`Soln dlvica respond: with IP
`lssignod in (2)
`
`405
`
`Fig. 4 DHCP Request
`Processing
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 8 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 5 0f 8
`
`US 7,526,538 B2
`
`SolutionlPTM Fixed IP Startup
`
`1) Client sends
`ARP request
`In: it's own \P
`
`3) Mar performing NAT padlat
`is passed tn the ARP code
`
`/
`
`505
`
`502
`Interior
`Interface
`
`Holul Guest
`
`\ 4) ARP code recognizes this as a
`check for con?icting IP and drops
`ruqulst
`
`2) NAT checks IPIMAC with the Soln
`Device which causes an IP
`
`/ assignment to occur
`
`Registra?onl
`Device
`Driver
`
`504
`
`USER
`
`Fig. 5 ARP Request Processing
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 9 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 6 of8
`
`US 7,526,538 B2
`
`605
`
`5} AR? ddsrminu
`\ :orrlcl MAC for
`lulqmd [P
`
`1) Client attempts to
`conned la wnhsih
`
`6) NA‘! is pnrlmmud
`il necessary
`
`603
`
`602
`Interior
`
`T] Client raclivus redirect
`message which causes it to
`connect with tho
`
`2; an n performed
`'rl necuury
`
`4} Plan] and: :
`rodinctmuugn back
`b the dim!
`
`SolutionlF’“M Unregistered HTTP Request
`@
`
`3) Baczuu
`client is
`un inn
`mm“ is "d
`"and" '0
`pm,“
`
`Fig.6 Unregistered HTTP Request Processing
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 10 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 7 of8
`
`US 7,526,538 B2
`
`ScdutionlPTM Registered HTTP Request
`
`708
`
`71 0
`
`7) Pro a _ “mum
`
`dnhmu'ued Int
`‘"iqmdlp
`
`[151E]
`
`4 E I n d'lnlla
`'lllnd
`tints-110;“ mrsilh
`
`“Clint
`nmpu m
`connec?a
`vabsih
`
`101
`
`‘£322’;
`
`Halal Guest
`
`9] Responsl il
`raolived hom
`""h’i"
`
`_
`“T ‘I 9mm“
`m“: "7
`
`Packet
`Driver
`/
`
`2) NAT Ii
`P‘Hom‘d 5|
`neeuury
`
`705 \ 122:.“
`
`1pm
`
`3) Nu
`Ieditectian
`accun
`
`' I‘Exteri? “bib
`lnumcn
`and
`ruponn
`is sent
`hl?k
`
`6) Ruponu is
`nllmd through to
`rlglshnd client
`
`m
`
`E
`E: 5%
`
`709
`
`Fig. 7 Registered HTTP Request Processing
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 11 of 26
`
`US. Patent
`
`Apr. 28, 2009
`
`Sheet 8 of8
`
`US 7,526,538 B2
`
`Admin Interface requests reports on
`usage from the database and in the
`future will Con?gure the ‘
`a
`Billing Tables (set rates, etc.)
`
`Admin Interface
`
`*"
`
`801
`Web server
`
`Database
`803
`‘r
`
`Registration Interface reports registrations
`and l
`‘
`mappings'ot Access and
`Authorization Codes
`
`Registration Interface
`
`Con?guration Tables from database,
`and writes them to ?at con?guration
`I ?les
`rver
`
`Admin Interface forces
`registrations and tie
`registrations, checks status of
`system and sets operationial
`parameters
`
`Registration Interface
`Requests Mappings from
`and reports successful
`registrations to the
`Command Line Daemon
`
`~ s‘
`‘
`
`/
`I
`
`‘ \s
`\\
`
`Synchronization
`Daemon Signals
`SNMP Daemon when
`.
`new °°""g“Ta"°"
`available
`
`Synchronization
`Daemon
`808
`
`Command Line
`Daemon Requests
`MAC/Physical Port-
`Mappings
`
`I
`
`I
`I
`
`Command Line
`Daemon
`807
`/
`/ L
`
`/’/
`//
`
`ggemrzg'inRsorz
`d l
`MAclpnysical P-cn
`.
`.
`asslgnmenttnfo,
`Registration Driver
`
`‘
`V
`
`SNMP Daemon
`
`809
`
`SolutionlP Server
`802
`
`requests MAC!
`.
`-
`Physical Port
`Mappings
`
`Registration
`Device
`Driver
`
`806
`
`Client requests
`,
`registration,
`provides access
`ends and
`.
`.
`posslblly
`.
`.
`Autl'ionzation
`
`code
`
`SNMP ‘\Nalks" switches
`looking for switch port
`that MAC is connected
`too
`
`Switch Leams MAC from
`Client and associates lt with
`the switch port the client is
`connected to
`
`‘
`
`Network Switch
`810
`
`Fig. 8 Billing Components and Interaction
`
`r
`
`Client
`
`811
`
`l
`i
`
`l
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 12 of 26
`
`US 7,526,538 B2
`
`1
`SYSTEM USING SERVER TO PROVIDE
`MOBILE COMPUTER ACCESSING TO A
`DIFFERENT NETWORK WITHOUT
`RECONFIGURING THE MOBILE
`COMPUTER
`
`This is a divisional of application Ser. No. 09/742,006 ?led
`Dec. 22, 2000, now US. Pat. No. 7,007,080 which claims
`priority based on US. provisional application Ser. No.
`60/171 ,644 ?led Dec. 27, 1999 and Canadian patent applica
`tion No. 2,293,765 ?led Dec. 23, 1999, which applications
`are incorporated herein by reference.
`
`FIELD OF THE INVENTION
`
`This invention relates generally to LANS, WANs and
`access to these and other networks by mobile users whose
`computers are not necessarily con?gured for the network to
`which they are being connected.
`
`BACKGROUND OF THE INVENTION
`
`In describing the invention different terms are sometimes
`used for the mobile user equipment being connected to a
`different network than the user’s computer has been con?g
`ured for. The equipment is typically a laptop computer but can
`be any similar processing unit or system. It may be referred to
`throughout this speci?cation as a computer, laptop computer,
`notebook, notebook computer, personal digital assistant, sys
`tem, client computer, client, and mobile. Currently, a user is
`not able to take a computer that has been con?gured to work
`on their personal ISP or employer’s of?ce LAN/WAN and
`plug it into another network and expect it to work. In a
`traditional TCP/IP (Transport Control PROTOCOL/INTER
`NET Protocol) environment, a user would typically have to
`manually re-con?gure a device such as a notebook computer
`to gain access to other TCP/IP networks. Current TCP/IP
`communications protocols in all operating systems, i. e. Unix,
`Linux, Windows, Mac, etc., have been designed to operate in
`a preset environment and not to be mobile. Mobile users can
`currently dial into an ISP with a modem to access the Internet.
`However, dial -up networking is slower than Ethernet and like
`networks and can be expensive if the user must dial long
`distance to access their ISP. Furthermore, dial-up networking
`can tie up telephone lines and PBX resources which may be
`undesirable in an environment such as a hotel. Presently there
`is no simple and effective way to authoriZe and control access
`to a network by mobile users other than manually. There is
`also no ability currently to collect and maintain information
`for billing for the services used by the mobile user.
`
`SUMMARY OF THE INVENTION
`
`It is an object of the present invention to overcome one or
`more of the problems cited above. he present invention is
`directed to a method and apparatus for allowing remote users
`to access TCP/IP services regardless of the TCP/IP con?gu
`rations of their remote computer. Users can simply plug their
`Network Interface Card (NIC) into a network data jack and
`instantly gain access to high-speed TCP/IP based services
`without any requirement to have an account with any ISP
`whatsoever.
`According to an embodiment of the invention, a server
`provides remote access to the World Wide Web without
`change to the remote mobile user’s computer. No additional
`software or hardware is added to, and no con?guration or
`hardware changes are required by, the remote computer.
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`Advantages of the present invention include: ease of use; no
`change required to the remote computer; and for a hotel or
`service industry member wishing to provide plug and go
`Internet access to its clients, revenue can be gained or a
`service to its clients can be offered while reducing demands
`upon its internal telephone system (PBX).
`One aspect of the invention is a method of providing a user
`access to a network for a computer con?gured for a different
`network without user initiated software or hardware con?gu
`ration changes comprising the steps of automatically deter
`mining and assigning addressing information for the com
`puter on the foreign network; registering the computer;
`permitting only registered computers to access the foreign
`network; storing and maintaining the addressing information;
`and accessing the foreign network by directing tra?ic to and
`from the computer utiliZing the addressing information.
`Another aspect of the invention is a computer readable
`medium containing the computer instructions that when
`executed on a computer will carry out the above method.
`Another aspect of the invention is a server for use with a
`network to provide access to a computer con?gured for a
`different network without recon?guring the computer
`through hardware or software comprising: a registration
`module to register the computer to access the network; a
`registration driver to maintain and access addressing infor
`mation; a packet driver module to perform NAT at the internal
`interface; a packet ?lter that permits transmission of packets
`to and from the external interface based on registration status;
`a DHCP module to service DHCP request based on assigned
`IP address; an ARP module that uses the registration driver to
`provide MAC address for an assigned IP address ;an internal
`interface to connect the server to the computer; and, an exter
`nal interface to connect the server to the network.
`Another aspect of the invention provides billing function
`ality. The server blocks any attempt by a user to access the
`Internet or e-mail without ?rst registering for the service. The
`server also keeps track of the time each user spends online for
`each session and sends this information to the hotel or con
`ference centre network for billing purposes.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a pictorial representation of a typical server con
`nection in a hotel environment.
`FIG. 2 shows a functional block diagram of an embodiment
`of the present invention.
`FIG. 3 shows an example of the core components and
`interactions of the server according to the present invention.
`FIG. 4 shows an example of DHCP request processing.
`FIG. 5 shows an example of ARP request processing.
`FIG. 6 shows an example of unregistered HTTP request
`processing.
`FIG. 7 shows an example of registered HTTP request pro
`cessing.
`FIG. 8 shows billing components and interactions.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`The detailed description of the invention is set out below,
`including description of the best mode of implementing the
`inventions. The description is carried out with reference to the
`drawings.
`An embodiment of the present invention involves its use in
`the hotel industry. The primary objective is to provide guests
`with the ability to log into the Internet from their hotel rooms
`without having to modify their personal mobile computer
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 13 of 26
`
`US 7,526,538 B2
`
`3
`network settings. The guests Will be able to transparently and
`seamlessly get their email, surf the Web, and carry out their
`normal Internet activities.
`
`Introduction
`The commercial embodiment of the server and method of
`the invention is identi?ed by the trade-mark SolutionIPTM.
`The invention is referred to from time to time by its trade
`mark and means the server and/ or other aspects of the inven
`tion as the context may dictate. This invention is useful in
`multi-unit buildings Whether used as of?ces, apartments and/
`or for hotels or similar accommodation buildings. The plug
`and go connectivity alloWs tenants (or guests) in a building to
`re-locate and re-connect to the Internet from any location
`Within the building in such a Way that the Internet access
`appears transparent and seamless. It is also advantageous to
`use the invention in seminar rooms, boardrooms, training
`rooms and like areas Where users Wish to access the LAN for
`the room With their oWn computer.
`A preferred implementation of SolutionIPTM is for the
`hotel industry. The primary objective is to provide guests With
`the ability to log into the Internet from their hotel rooms
`Without having to modify their personal computer netWork
`settings. The guests Will be able to transparently and seam
`lessly get their email, surf the Web, etc. as if they Were in their
`o?ices.
`Usage Scenario
`A typical usage scenario for the SolutionIPTM invention is
`shoWn in FIG. 1 and consists of a business traveler requiring
`access to her companies email server from their hotel room.
`After connecting her laptop 101 to the hotel room’s netWork
`jack 102 and registering for the SolutionIPTM service, the
`hotel guest can access the Internet, as Well as online hotel
`services 104 (eg. Virtual Concierge) using the high-speed
`Internet connection of the hotel. She can then connect to the
`company email server via the Internet at speeds much higher
`than possible using a dial-up netWork connection. The server
`invention 103 provides the seamless and transparent connec
`tivity.
`SolutionIPTM is a server-based solution designed to alloW
`users to connect a computer With a Working Ethernet NetWork
`Interface Card (N IC) and an IP-based netWork con?guration
`to the Internet. The guests physically connect to the Solu
`tionIPTM system via a netWork interface connection. Most
`users Will have seamless connectivity, hoWever there are limi
`tations, Which are described in detail beloW.
`Users are required to register With the system using a
`broWser application before Internet connectivity is estab
`lished. The server Will detect all attempts at gaining access to
`the Internet and continue to redirect users to a SolutionIPTM
`Web site until registration is completed. Once registered, they
`Will be able to use the high-speed Internet connection of the
`hotel to access corporate computing resources and email via
`the Internet, broWse the World Wide Web (WWW), etc.
`Guests attempting to pop (read or doWnload) their email
`before registration are issued an email message. The message
`simply asks them to register using their broWser before email
`can be doWnloaded.
`
`5
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`Functional OvervieW
`SolutionIPTM translates netWork tra?ic from client (hotel
`guest) computers in such a Way that it can be properly routed
`to and from the client via the hotel Internet connection. This
`is possible regardless of the current netWork settings (IP
`address, DNS servers, gateWay, etc.) on the client machine,
`provided that the existing con?guration is functional. (i.e.
`The client machine must have a Working netWork con?gura
`
`60
`
`65
`
`4
`tion, although the actual addresses used are not expected to be
`con?gured for the hotel’s netWork). SolutionIPTM transpar
`ently translates the settings of the client machine into
`addresses appropriate to the hotel’s netWork environment
`While routing data to the Internet. In addition, the server
`“reverse translates” return netWork traf?c to use addresses
`compatible With the client computer’s con?guration.
`More speci?cally, only IP-based protocols are currently
`supported. Other types of netWork tra?ic are ignored and not
`forWarded by SolutionIPTM. SolutionIPTM provides DHCP
`(Dynamic Host Con?guration Protocol) server functionality,
`Which is used to supply con?guration data to those clients
`con?gured to dynamically obtain their netWork settings. DNS
`(Domain Name Service) requests are intercepted by Solu
`tionIPTM (based on destination port number) and serviced
`locally by a DNS server running in the hotel. Outbound net
`Work tra?ic is intercepted by the SolutionIPTM server, Which
`acts as a gateWay to the Internet and forWards the data as
`appropriate. SolutionIPTM Will pretend it is the client’s gate
`Way, even if the client has speci?ed a different gateWay, such
`as the one normally used by the client in the o?ice.
`Unauthorized use of the netWork (i.e. netWork traf?c from
`clients Who have not registered for the netWork service) is
`blocked by SolutionIPTM until the client registers. Solu
`tionIPTM maintains a list of those client computers that have
`been registered and are authorized to use the netWork. Traf?c
`from authoriZed clients is routed, While other tra?ic is dis
`carded or redirected.
`FIG. 2 provides a functional block diagram of the invention
`in a typical hotel application.
`The guest 201 connects to the hotel netWork and the Solu
`tionIPTM server 202 carries out the appropriate functions to
`handle broWser tra?ic 205 (HTTP), email 206 (POP3), hotel
`services tra?ic (207) (IP(TCP, UDP)) and Internet tra?ic 208
`(IP(TCP,UDP)). The server 202 also provides a facility to
`handle maintenance tra?ic 209 from hotel services. Billing
`data 210 is collected and maintained in the server and sup
`plied to hotel services as required.
`A guest can communicate With the SolutionIPTM server via
`Hypertext Transfer Protocol (HTTP) requests 205 (the pro
`tocol used to access the WWW), or email requests 206
`(POP3). Once registered, IP-based tra?ic originating from the
`guest’s computer passes through the SolutionIPTM server to
`the Hotel Services Intranet 203 or to the Public Internet 204.
`In general, the SolutionIPTM solution is not directly
`involved With attempts to secure the hotel netWork from exter
`nal threats. Creating and enforcing a security policy for the
`Internet connection of the hotel is to be dealt With by other
`components of the overall solution. SolutionIPTM does not
`perform ?ltering of in-bound netWork tra?ic destined for
`registered clients.
`The SolutionIPTM server has unnecessary services disabled
`and ?le permissions checked to try to prevent malicious
`modi?cations. The only login access to a SolutionIPTM server
`is by secure shell (SSH), serial connection or from the con
`sole.
`Registration and Usage Component
`The registration component is a Web-based application,
`Which alloWs hotel guests to register for the netWork service,
`as Well as log off from it. It is accessible to all guests Who are
`connected to the netWork (i.e. access to the registration site is
`not blocked by SolutionIPTM). The Web server for the regis
`tration component can run on a separate machine from Solu
`tionIPTM minimiZing the load on SolutionIPTM.
`Prior to registration for the netWork service, any attempts to
`access WWW and POP3 (a type of email) servers are detected
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 14 of 26
`
`US 7,526,538 B2
`
`5
`by SolutionIPTM and intercepted. This is based on the TCP
`port number. These requests are answered by SolutionIPTM or
`forwarded to the web server where information is provided on
`how to register for the hotel network service. Although this
`embodiment is speci?cally POP3 other email protocols could
`be included.
`SolutionIPTM also has the ability to track registration infor
`mation, which can be used for billing purposes. Currently this
`information is available through an administration web site
`that displays who is connected to the network, who is regis
`tered, time and date of registration, etc. The server could
`implement a feature to track data volumes.
`Client Requirements
`Although the system is a server-only solution and transpar
`ent to registered clients, there are certain minimum require
`ments for client computers. SolutionIPTM is designed to oper
`ate without modi?cations to the client’s computer
`con?guration in the majority of cases, but certain components
`must be present and working. A utility could enable certain
`systems to access the network if the client does not meet the
`minimum requirements.
`Minimum client requirements are:
`Ethernet Network Interface Card installed and con?gured,
`with compatible interface to hotel network jacks;
`Installed TCP/IP stack, con?gured for DHCP or for static
`IP address, gateway, and DNS server(s); and
`Web browser con?gured for direct network access (i.e. not
`a dialup-only browser con?guration and without proxies
`enabled). (Only required for registration/ log-off process
`and
`The requirements described in this document are suf?cient
`to allow the majority of clients to connect easily to the Inter
`net via hotel networking facilities. However, some clients will
`have system con?gurations that will not allow connectivity
`through the SolutionIPTM server.
`High Level Design
`SolutionIPTM provides transparent network access via two
`mechanisms:
`Network Address Translation (NAT): Each internal system
`is given a unique IP address to communicate with the
`Internet. This allows external connections to clients and
`facilitates UDP based protocols as well, but will require
`that a suf?cient set of routable IP numbers be available
`for assignment at each installation.
`Masquerading: Each internal system appears to the outside
`world with the IP address of the server. This requires
`special protocol-aware handlers (proxies) for protocols
`like active-mode FTP which try to create independent
`return connections back to the client, and also modi?ca
`tions are made to support UDP “connections” (statefull
`packet inspection).
`SolutionIPTM utiliZes NAT as the primary mechanism for
`providing transparent network access. Despite the problems
`associated with IP number allocation this choice offers the
`best available mechanism to effectively deal with various
`unsupported network protocols. The preferred embodiment
`of the invention is based on a customiZed version of the Linux
`operating system.
`There are two main scenarios:
`The client is con?gured to use a particular, ?xed IP con
`?guration. The server captures Address Resolution Pro
`tocol (ARP) requests from the client and the server
`responds with its own Media Access Control (MAC)
`address. The client is assigned an IP address, which is
`mapped to the client’s con?gured IP address and its
`MAC address. If the client has not “registered” for the
`
`5
`
`10
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`service, then any attempts to communicate with a web
`server or a pop server will result in a redirection to the
`registration screen (web) or a mail message with direc
`tions to the registration screen. Once they have regis
`tered, the client logs off the registration system, their
`traf?c is allowed to proceed unimpeded. As the traf?c
`passes through the server, the IP address of the client is
`translated back and forth between the con?gured (?xed)
`IP address and the server-assigned IP address.
`The client uses DHCP. In this case SolutionIPTM’s DHCP
`server component assigns an IP address and then Solu
`tionIPTM acts simply as a router, except that normal IP
`traf?c is blocked or redirected until the client goes
`through the registration process.
`Core Server Components and Interactions
`FIG. 3 shows the breakdown of the core components of the
`invention and their interactions. These components are fur
`ther described below.
`
`ARP
`The ARP module 307 of the server uses ARP which is a
`standard networking protocol the behavior of which is
`described below.
`ARP (Address Resolution Protocol) (See RFC-826 (RFC
`stands for Request For Comment and is the standard way
`of asking for comments on standards and other aspects
`of internet operation via the internet. A website that is
`useful in accessing the various RFCs is www.faqs.com)
`for the protocol speci?cation) is intended to provide a
`method for one machine to obtain the MAC (Media
`Access Control) Address of a system for which they
`know the IP address. Typically, a machine will deter
`mine that the machine that they wish to communicate
`with is on the same local network by comparing the IP
`address of the target machine with their own IP address
`information. If the machine they want to communicate
`with is on the same network, currently there is no asso
`ciation between the IP address of the target system and a
`MAC address then the machine will make an ARP
`request for the target machine’s IP address. If the target
`machine is active, it should be watching for ARP
`requests and if the IP address speci?ed in the ARP
`request matches the IP address of the target machine it
`will respond to the ARP request.
`The address resolution protocol is a protocol used by the
`Internet Protocol (IP) network layer protocol to map
`IP network addresses to the hardware addresses used
`by a data link protocol. This protocol is usedbelow the
`network layer as a part of the OSI link layer, and is
`used when IP is used over Ethernet.
`The term address resolution refers to the process of
`?nding an address of a computer in a network. The
`address is “resolved” using a protocol in which a piece
`of information is sent by a client process executing on
`the local computer to a server process executing on a
`remote computer. The information received by the
`server allows the server to uniquely identify the net
`work system for which the address was required and
`therefore to provide the required address. The address
`resolution procedure is completed when the client
`receives a response from the server containing the
`required address.
`Proxy-ARP (See RFC-1009 for a description) is a variation
`on the ARP protocol where a router (a system with more
`than one interface that routes packets between networks
`on or through the networks on each interface) will
`respond to ARP requests for systems on one interface
`
`
`
`Case 1:19-cv-01181 Document 1-1 Filed 12/03/19 Page 15 of 26
`
`US 7,526,538 B2
`
`7
`made by systems on an other interface With it’s oWn
`MAC address. This is done to support situations Where it
`is necessary or expedient to split a network Without
`sub-netting or Where machines not capable of under
`standing sub -nets have to reside on sub -netted networks.
`SolutionIP modi?es the standard behaviors described
`above on an interface-by-interface basis by promiscuously
`responding to ARP requests. This is an extension to Proxy
`ARP. In general, any ARP request is responded to by the
`SolutionIP Server With the SolutionIP Server’ s MAC address
`regardless of the IP address being requested, With the folloW
`ing exceptions:
`1. Microsoft WindoWs and some other OSs, While booting,
`Will send an ARP request for the IP address that their
`interface is con?gured for, and if they receive a response
`they Will shut doWn that interface and not attempt any
`netWork activity. This is a test to ensure that the IP address
`to be used by the system is unique and avoid con?icts.
`These test packets have unique characteristics that alloW
`the SolutionIP server to recogniZe them and not respond to
`these requests.
`2. If the ARP request is for a system for Which the SolutionIP
`server has an entry in the registration driver, then it is left up
`to that system to respond rather than the SolutionIP Server.
`25
`3. In the case Where the SolutionIP Server needs the MAC
`address for an IP address it Will ?rst determine if an entry
`exists in the registration driver and if it does use that MAC
`address rather than sending an ARP request.
`This alloWs the SolutionIP server to pretend to be the
`gateWay (default router), DNS Server, etc. for clients using
`?xed IP con?gurations. In addition, the server avoids delays
`When communicating With systems on its client netWorks by
`using the registration driver rather than making ARP requests.
`
`20
`
`30
`
`35
`
`Registration Device Driver (Sometimes Referred to as Soln
`Device)
`The registration