Network access server

Abstract: A method and apparatus for providing prepaid billing on a data network for wireless prepaid services, which includes a network-access device, such as a network access server or PDSN, that requests from a network-access-control device, such as a AAA server, network access for one or more wireless communication sessions. In response to the request for network access, the network-access device receives from the network-access-control device a block of credits and at least one measurement-method parameter. After being granted network access, the network-access device establishes session activity for the wireless communication sessions. The network-access device periodically measures usage of the session activity for the wireless communication session and then debits the usage of the session activity from the block of credits. When the remain credits in the block of credits reach a predetermined threshold, the network-access device requests from the network-access-control device an additional block of credits. In responsive to this request, the network-access device receives from the network-access-control device the additional block of credits, if available credits remain in a cache of available credits from which the blocks are withdrawn. The network-access-control device may also receive the measurement-method parameters. The network-access device then debits the usage of the session activity for the wireless communication session from the additional block of credits. At some predetermined threshold and responsive to an authorization to purchase credits, credits may be added to the cache of available credits. During this process, the ongoing wireless communication session may be redirected to a redirect device.

Abstract: An Internet access system (10) incorporates an access control subsystem (12), implemented with a communications server (14), one or more Remote Authentication Dial In User Service (RADIUS) servers (16), and a remote access server (18) in network 21. Users are connected to the network by dial-up connections (22) through the communications server (14). When user (22) logs in through the communications server (14), RADIUS client software (45) first determines if user (22) is authorized by checking his password utilizing user profiles (46). The user profiles (46) also identify a filter "F(Timmy)". The RADIUS server (16) supplies the filter identification through the RADIUS client (45) for use by client software (44) for controlling access by the user (22) to Internet sites. The client software (44) then checks to see if the filter "F(Timmy)" is stored locally in cache (50). If it is, the client software (44) uses it for controlling access. If not, the client software (44) sends a lookup request to the network access server (18), which stores the centralized permitted site list and the filters to be used as masks for checking access classifications of requested sites, to download the filter "F(Timmy)", which is maintained in the server (14) memory for the rest of the user (22)'s session. The client (44) also keeps the local cache (50 of recently requested sites and recently used user filters for efficiency. When access to a site is requested, the client first checks the local cache (50) to see if the site is on the list stored there. In practice, the client software (44) and permit-based filtering technology is integrated in the communications operating system software that runs on the server (14) or routers (24), (32) or (34).

Abstract: A method is provided for connecting a source of digital data to a computer network. The source of digital data transmits data over a wireless transmission medium to a wireless service carrier, the wireless service carrier multiplexing the digital data onto a high speed digital telephone line. The method comprises the steps of receiving the digital data at a communications chassis such as a network access server, extracting, from the digital data, network access authentication data comprising at least one of the following: (a) a telephone number called by the source of digital data, or (b) a telephone number associated with the source of digital data; transmitting the authentication data over a local area or wide area computer network connected to a network authentication server for the computer network; determining, in the network authentication server, from the transmitted authentication data whether the remote user is permitted to access the computer network; and the authentication server responsively notifying the network access server the results of the step of determining; and authorizing the source of data to access the computer network if the step of determining results in a positive response.

Abstract: This document describes a protocol for carrying accounting information between a Network Access Server and a shared Accounting Server.