1. Field of the Invention
The present invention relates to a method of and system for authenticating a user on a network.
2. Description of the Prior Art
Wireless devices have simplified and revolutionized communication. Confident access anytime, anywhere, through the increasing variety of wireless devices offering Internet connectivity, such as PDAs (Personal Digital Assistants), handhelds, and digital cellular phones, has freed people from their desktop computers.
However, some technical obstacles still exist notwithstanding the widespread use of wireless devices. Generally, the challenge for wireless service providers lies in providing wireless services that make the movement from one network to another transparent while providing high-speed data services.
Generally speaking, portable computing is characterized by intermittent, ad-hoc connectivity to the Internet. Much of the time a user's wireless device is powered off to conserve batteries or is otherwise off-line because no suitable wireless network is available. Even when a wireless network is available, a user may choose to not use it because of cost or other practical factors.
Every time the user disconnects from the network and reconnects thereafter, the wireless device generally must accept a dynamically assigned IP (Internet Protocol) address belonging to the local serving system. Even when dialing into his/her “home” company's network over the PSTN (Public Switched Telephone Network), the user must generally accept a temporary IP address assigned by the terminal server/router. Since the IP address is random every time, it is difficult for the wireless service provider to identify the user.
For these reasons, existing operating systems and applications have already implemented dynamic addressing support. For example, Microsoft Windows includes a TCP/IP stack with support for both DHCP (Dynamic Host Configuration Protocol) and PPP with automatic address assignment. Both schemes allow the serving system to assign a temporary IP address and related information to the wireless user for the duration of his. association with the serving network. Other popular operating systems such as Linux (UNIX based system) generally also support DHCP and/or dynamic PPP. However, user identification problem remains unsolved.
A fundamental obstacle associated with wireless communications is the manner by which the IP, the protocol that connects the networks of today's Internet, routes packets to their destinations according to IP addresses. IP addresses are associated with a fixed network location. When the packet's destination is a wireless node, each new point of attachment made by the node is associated with a new network number, and therefore, a new IP address, making transparent mobility impossible, since the user's IP address is constantly changing. Mobile IP, a standard proposed by a working group within the Internet Engineering Task Force, was designed to solve this problem.
The Mobile IP working group has developed routing support to permit IP nodes (hosts and routers) using either IPv4 or IPv6 to seamlessly “roam” among IP sub-networks and media types. The Mobile IP method supports transparency above the IP layer, including the maintenance of active TCP connections and UDP port bindings. Where this level of transparency is not required, solutions such as DHCP and dynamic DNS (Domain Name Server) updates may be adequate and techniques such as Mobile IP not needed. Normally, IP routes packets from a source to a destination by allowing routers to forward packets from incoming to outbound network interfaces in accordance with routing tables. The routing tables maintain the next-hop (outbound interface) information for each destination IP address.
A network number is derived from the IP address. To maintain existing transport-layer connections as the mobile node moves from place to place, the mobile node must keep its IP address the same. However, in TCP, the connection is indexed by a quadruplet IP address—with port numbers for both endpoints. Changing any of the four numbers will cause the connection to be lost. The ability to deliver packets to the mobile node's current point depends on the network number contained within the mobile node's IP address, which changes at new points of attachment. Mobile IP has been designed to solve this problem by allowing the mobile node to use two IP addresses. In Mobile IP, the home address is static to identify TCP connections. The care-of address changes at each new point of attachment and can be thought of as the mobile node's topologically significant address. This address shows the network number and identifies the mobile node's point of attachment.
Whenever the mobile node is not attached to its home network, the home agent receives all of the packets destined for the mobile node and arranges to deliver them to the mobile node's current point of attachment. Whenever the mobile node moves, it registers its new care-of address with its home agent. To transmit a packet to a mobile node from its home network, the home agent delivers the packet from the home network to the care-of address.
In addition to Mobile IP, another network protocol that allows a wireless device to remain connected to a data network while the device travels to different locations is CDPD (Cellular Digital Packet Data protocol). CDPD has been developed to address the issue of network layer mobility support for data networks. CDPD was developed by the CDPD Forum, an industry association consisting of cellular carriers and equipment vendors, to provide packet data services through the cellular telephony network. One attribute of CDPD is that it allows a network device to change its location within the network. This improves upon static network systems that employ network connectivity and routing that does not support mobile network devices. CDPD is designed to exploit unused capacity of the cellular telephone network for packetized data delivery. It employs the existing cellular infrastructure along with additional CDPD specific equipment. In particular, CDPD functions on AMPS (Advanced Mobile Phone Service), a circuit switched non-digital cellular phone network. As a hybrid, CDPD has the ability to switch between packet data and circuit-switched data transactions. In the event that the user cannot establish a CDPD connection, or the network cannot find the user's IP address on the network, the circuit-switched technology maps the end user's address against a modem's AMPS terminal telephone number and attempts to send the call transparently through a cellular modem bank to its destination.
GoAmerica's Go.Web™, one of the wireless services available on the market, can operate on various networks which implement multiple protocols including the above mentioned protocols. Go.Web™ enables mobile professionals to securely access and process corporate data, send and receive email and browse intranets and the Internet when away from the office. Go.Web™ intelligently compresses and encrypts data, optimizing it for viewing on all major wireless devices and data networks.
Traditionally, Go.Web™ has operated on wireless networks with fixed network addresses. A device would be provisioned for Go.Web™ service based on the device address (e.g. IP address), allowing Go.Web™ to authenticate the device and track usage based on that address. However, the higher speed wireless networks, such as CDMA (Code Division Multiple Access), GPRS (General Packet Radio Service), 1XRTT, IEEE 802.11, etc., that are being deployed today do not use fixed addresses, but instead assign a random network address every time a user logs on. This provides a challenge to wireless web providers, such as GoAmerica™ to identify users on a network. Generally, prior to the present invention, Go.Web™ customers were provisioned based on their network addresses, including MAN (Mobile Access Number) numbers for Cingular network devices, LLI (Logical Link Identifier) numbers for Motient or RAM mobile data network and IP addresses for CDPD and Mobile IP type networks. This allowed the Go.Web™ server to identify each user based on their network ID and:                1. Verify that the user is indeed a paying customer of GoAmerica;        2. Provide the user with the ability to have a specific home page (e.g. an enterprise could have a home page for their employees) and to customize the home page for their own use (e.g. add/delete links);        3. Optionally, redirect their traffic to a Go.Web™ “OnPrem” server for complete, end-to-end security. The GoWeb™ “OnPrem” is a server located behind a, corporate firewall that provides the functionality of the Go.Web™ server located in a network operations center.        
However, some of the newer wireless networks as discussed above have dynamic addresses, making it difficult for Go.Web™ to operate on those networks. Each time a user would connect to the network, they would be given a new IP address, making it impossible to identify the user and authenticate them for use of Go.Web™ and to handle their requests appropriately.
Accordingly, it is clear that there exists a need for a method of and a system for identifying and consequently authenticating a user having a dynamic address.