Gatespace software is deployed in CPE (gateway) devices from multiple gateway manufacturers based on reference designs from several silcon manufacturers. The underlying software library is available for integration with new devices, as complete applications or as component parts in of a larger solution. Access Control is one of these software components.
The function of Access Control, in the context of residentail and small business network gateways, is to associate LAN-side connections with users and then control user access with userid's, passwords and time filters.
Access Control can be integrated with major CPE reference designs without compromising existing functions or consuming significant memory. Existing local (to the CPE) user interfaces can ce extended to manage userid's, passwords, timefilters etc. and/or a network-resident user interface can also be used.
The feature can be designed as a factory-installed option or for downloading into already deployed TR-069 managed CPE. In both cases the feature can be enabled/disabled using standard TR-069 facilities.
Users registerted at each CPE device are either privileged or unprivileged (administrators and normal users). The privileged user is responsible for user registration and managing user profiles. In the simplest cases, registration and management only requires the maintenance of a userid/password list. In more sophisticated networks it may be desirable to control hours of access (time filtering) and there may be unattended devices that require access. The sophistication of time filtering is limited only by the limits of the user interface. A typical compromise between sophistication and usability is to maintain a seven day schedule defined with 15 minute intervals. With this level of granularity it is possible to comfortably collect and display the filter settings in graphical form within a single screen image.
Access Control operates by blocking traffic from each LAN-side device until a known user is logged on. While the end result controls user access the mechanism blocks traffic at the device level. Some devices, such as network printers and cameras, operate autonomously. In these cases the device is assigned to an arbitrary user and automatically logged on. If the user is sunject to time filtering, the auto login device will be subject to the same filter.
New devices, particularly new wireless devices may pose a security threat to the network. Access Control can be configured to maintain a record of approved devices and block any new device until explicitely approved by the system administrator. This feature is particularly useful in addressing the trustworthiness of UPnP devices.
