[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2016183613A1 - Wifi user authentication - Google Patents

Wifi user authentication Download PDF

Info

Publication number
WO2016183613A1
WO2016183613A1 PCT/AU2016/000168 AU2016000168W WO2016183613A1 WO 2016183613 A1 WO2016183613 A1 WO 2016183613A1 AU 2016000168 W AU2016000168 W AU 2016000168W WO 2016183613 A1 WO2016183613 A1 WO 2016183613A1
Authority
WO
WIPO (PCT)
Prior art keywords
end user
party
wlan
authentication
user
Prior art date
Application number
PCT/AU2016/000168
Other languages
French (fr)
Inventor
Chun Yeh CHIN
Original Assignee
Genius Wifi Holdings International Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2015901781A external-priority patent/AU2015901781A0/en
Application filed by Genius Wifi Holdings International Pty Ltd filed Critical Genius Wifi Holdings International Pty Ltd
Publication of WO2016183613A1 publication Critical patent/WO2016183613A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • This invention relates to the authentication of users of a public Wl Fl system.
  • USA patent 8966592 discloses an authentication method for mobile computing devices which includes an access response.
  • USA patent 8782751 discloses an authentication method which utilises a user identity and a network access identity and an identity server.
  • USA patent 8844001 discloses a method of authentication for content delivery to a mobile device.
  • USA application 2014/0189808 discloses an authentication method that uses an authentication platform to challenge a request for authorisation and uses context information based on the user, the client computer and the request.
  • third party applications such as facebook, twitter, google+, or email
  • third party applications to authenticate users is a highly desirable function for public WLAN or WiFi networks. It allows network owners to connect with users, direct traffic to their social media pages, and to collect information about end users such as demographics and contact details.
  • WiFi management platforms offer authentication using third party web applications.
  • the method used involves allowing universal access to key resources from each application prior to authentication.
  • WLAN Wireless local area network
  • This invention provides a method of authenticating a user in a public WIFI or WLAN network which includes the steps of
  • RADIUS is the preferred authentication database. It is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is commonly used to manage internet access by ISPs(lnternet Service Providers) and is often the backend of choice for 802.1X network authentication.
  • the RADIUS Server may be hosted remotely as a web service or onsite.
  • this invention provides a public WLAN system which includes a WLAN gateway programmed to receive end user requests from an end user device to join a public WLAN network;
  • a captive portal server programmed to present the end user device with a third party authentication request
  • a captive portal is used to log the end user onto the internet temporarily.
  • the captive portal is a special web page that presents to end users of a WiFi network on connection. It enables authentication to the network on
  • the Captive Portal server hosts captive portal content, presents authentication methods to the end user and communicates with the RADIUS server, the local WiFi gateway and third party applications.
  • the WiFi Gateway controls local network access, defining resources to which end users have access, redirecting users to a captive portal page for authentication, and carrying out accounting on user sessions.
  • the WiFi Gateway may be a simple router or a full Network Access Server.
  • the WiFi Gateway receives access information for each network user (such as time, download limit, speed limit) from the RADIUS server and applies it to the relevant end user session.
  • End user devices may consist of any WiFi enabled device that is able to perform web authentication. These include laptops, smartphones, tablets and a variety of other devices.
  • the third party application may be any application capable of sending
  • authentication responses include social media platforms, email clients, messaging applications and payment systems.
  • Figure 1 illustrates a flow chart of a preferred embodiment of this invention.
  • the preferred embodiment illustrated in figure 1 depicts the improved authentication procedure of this invention.
  • the end user needing to access a public WI-FI is connected by the WiFi gateway to a captive portal server which in turn presents the end user device with a third party authentication option.
  • the third party may be any social media platform such as Facebook.
  • the end user responds and requests a login. This request is passed onto the captive portal by the WiFi gateway.
  • the captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name which WiFi gateway uses to obtain from the radius server attributes which are then forwarded to the third party application.
  • the third party application responds to the end user device requesting credentials. When the credentials are received an authorisation is confirmed to the captive portal server by the third party application.
  • the captive portal server the logs out of the radius server via the WiFi gateway which then initiates a log in request with the captive portal server.
  • the captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name.
  • the WiFi gateway then requests a login from the radius server and obtains the necessary attributes for the end user to be logged into the Public Wi-Fi.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

To overcome delays and difficulties with current user authentication methods for public WLAN or WIFI, it is proposed to elicit a logon action from the end user and then temporarily log the end user in to access the internet and redirect that user to a third party web application and use the third party application API to collect data and use it to check a WLAN authentication database and then log the end user in to the public WLAN.

Description

WIFI USER AUTHENTICATION
This invention relates to the authentication of users of a public Wl Fl system.
Background to the invention
There are many patents concerned with user authentication methods.
USA patent 8966592 discloses an authentication method for mobile computing devices which includes an access response.
USA patent 8782751 discloses an authentication method which utilises a user identity and a network access identity and an identity server.
USA patent 8844001 discloses a method of authentication for content delivery to a mobile device.
USA application 2014/0189808 discloses an authentication method that uses an authentication platform to challenge a request for authorisation and uses context information based on the user, the client computer and the request.
The use of third party applications (such as facebook, twitter, google+, or email) to authenticate users is a highly desirable function for public WLAN or WiFi networks. It allows network owners to connect with users, direct traffic to their social media pages, and to collect information about end users such as demographics and contact details.
Presently, several WiFi management platforms offer authentication using third party web applications. The method used involves allowing universal access to key resources from each application prior to authentication.
The problems with this approach are manifold and render it highly unstable and susceptible to failure. These can be summarized via the following three points:
· It requires separate approaches to each application that will be used as an authentication method.
• It involves maintaining extensive lists of the resources required to enable the login process for each application. These are subject to frequent change without notice from the application providers.
· It means that there are extensive online activities which the end user can carry out with no authentication at all (for example, enabling google + login via this method effectively renders all of google open to end users prior to authentication). Brief description of the invention
To overcome delays and difficulties with current user authentication methods it is proposed to elicit a logon action from the end user and then temporarily log the end user in to access the internet and redirect that user to a third party web application and use the third party application programming interface( API) to collect data and use it to check a Wireless local area network (WLAN) authentication database and then log the end user in to the public WLAN
This invention provides a method of authenticating a user in a public WIFI or WLAN network which includes the steps of
eliciting a logon action from the end user of a public WLAN;
logging the end user in to access the internet for a predetermined interval;
redirecting the user to a third party web application;
using the third party application API to collect data on the end user;
parsing commands from the third party application to a WLAN authentication database;
logging the end user in to the public WLAN.
RADIUS is the preferred authentication database. It is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is commonly used to manage internet access by ISPs(lnternet Service Providers) and is often the backend of choice for 802.1X network authentication. The RADIUS Server may be hosted remotely as a web service or onsite.
In another aspect this invention provides a public WLAN system which includes a WLAN gateway programmed to receive end user requests from an end user device to join a public WLAN network;
a captive portal server programmed to present the end user device with a third party authentication request;
the system being further programmed to collect data on the end user using the third party application API; parsing commands from the third party application to a WLAN authentication database and then logging the end user in to the public WLAN In this invention a captive portal is used to log the end user onto the internet temporarily. The captive portal is a special web page that presents to end users of a WiFi network on connection. It enables authentication to the network on
presentation of credentials including simple agreement to a set of terms and conditions, provision of a valid access code, or authentication via third party payment gateway. The Captive Portal server hosts captive portal content, presents authentication methods to the end user and communicates with the RADIUS server, the local WiFi gateway and third party applications.
The WiFi Gateway controls local network access, defining resources to which end users have access, redirecting users to a captive portal page for authentication, and carrying out accounting on user sessions. The WiFi Gateway may be a simple router or a full Network Access Server. The WiFi Gateway receives access information for each network user (such as time, download limit, speed limit) from the RADIUS server and applies it to the relevant end user session.
End user devices may consist of any WiFi enabled device that is able to perform web authentication. These include laptops, smartphones, tablets and a variety of other devices.
The third party application may be any application capable of sending
authentication responses. These include social media platforms, email clients, messaging applications and payment systems.
Detailed description of the invention.
Figure 1 illustrates a flow chart of a preferred embodiment of this invention. The preferred embodiment illustrated in figure 1 depicts the improved authentication procedure of this invention.
The end user needing to access a public WI-FI is connected by the WiFi gateway to a captive portal server which in turn presents the end user device with a third party authentication option. The third party may be any social media platform such as Facebook. The end user responds and requests a login. This request is passed onto the captive portal by the WiFi gateway. The captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name which WiFi gateway uses to obtain from the radius server attributes which are then forwarded to the third party application. The third party application responds to the end user device requesting credentials. When the credentials are received an authorisation is confirmed to the captive portal server by the third party application. The captive portal server the logs out of the radius server via the WiFi gateway which then initiates a log in request with the captive portal server. The captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name. The WiFi gateway then requests a login from the radius server and obtains the necessary attributes for the end user to be logged into the Public Wi-Fi.
From the above those skilled in the art will appreciate that this invention provides a robust and economical means of authenticating end users to a public WiFi network.
Those skilled in the art will also realise that this invention may be implemented in embodiments other than those described without departing from the core teachings of this invention

Claims

Claims
1. A public WLAN system which includes
a WLAN gateway programmed to receive end user requests from an end user device to join a public WLAN network;
a captive portal server programmed to present the end user device with a third party authentication request;
the system being further programmed to collect data on the end user using the third party application API; parsing commands from the third party application to a WLAN authentication database and then logging the end user in to the public WLAN
2. A system as claimed in claim 3 in which the third party is a social media
platform.
3. A method of authenticating a user in a public WLAN network which includes the steps of
eliciting a logon action from the end user of a public WLAN;
logging the end user in to access the internet for a predetermined interval; redirecting the user to a third party web application;
using the third party application API to collect data on the end user;
parsing commands from the third party application to a WLAN authentication database;
logging the end user in to the public WLAN
4. A method as claimed in claim 1 in which the third party is a social media
platform.
PCT/AU2016/000168 2015-05-18 2016-05-17 Wifi user authentication WO2016183613A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2015901781A AU2015901781A0 (en) 2015-05-18 Wifi user authentication
AU2015901781 2015-05-18

Publications (1)

Publication Number Publication Date
WO2016183613A1 true WO2016183613A1 (en) 2016-11-24

Family

ID=57319000

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2016/000168 WO2016183613A1 (en) 2015-05-18 2016-05-17 Wifi user authentication

Country Status (1)

Country Link
WO (1) WO2016183613A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474626A (en) * 2018-12-26 2019-03-15 成都西加云杉科技有限公司 A kind of method for network authorization and device based on SNS

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120192258A1 (en) * 2009-07-17 2012-07-26 Boldstreet Inc. Hotspot network access system and method
US20130198383A1 (en) * 2012-01-26 2013-08-01 Erick Tseng Network Access Based on Social-Networking Information
US20140130139A1 (en) * 2011-07-08 2014-05-08 Kwang-Min Lee Wireless Local Area Network Access Apparatus and Operating Method Thereof
AU2013245433A1 (en) * 2012-10-29 2014-05-29 Zhang Li Wireless internet access method and system
WO2014096954A2 (en) * 2012-12-21 2014-06-26 Orange A method and device to connect to a wireless network
WO2015050892A1 (en) * 2013-10-01 2015-04-09 Ruckus Wireless, Inc. Secure network access using credentials

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120192258A1 (en) * 2009-07-17 2012-07-26 Boldstreet Inc. Hotspot network access system and method
US20140130139A1 (en) * 2011-07-08 2014-05-08 Kwang-Min Lee Wireless Local Area Network Access Apparatus and Operating Method Thereof
US20130198383A1 (en) * 2012-01-26 2013-08-01 Erick Tseng Network Access Based on Social-Networking Information
AU2013245433A1 (en) * 2012-10-29 2014-05-29 Zhang Li Wireless internet access method and system
WO2014096954A2 (en) * 2012-12-21 2014-06-26 Orange A method and device to connect to a wireless network
WO2015050892A1 (en) * 2013-10-01 2015-04-09 Ruckus Wireless, Inc. Secure network access using credentials

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474626A (en) * 2018-12-26 2019-03-15 成都西加云杉科技有限公司 A kind of method for network authorization and device based on SNS
CN109474626B (en) * 2018-12-26 2021-06-22 成都西加云杉科技有限公司 Network authentication method and device based on SNS

Similar Documents

Publication Publication Date Title
CN110300117B (en) IOT device and user binding authentication method, device and medium
CN107493280B (en) User authentication method, intelligent gateway and authentication server
US9515888B2 (en) Wireless local area network gateway configuration
US9531835B2 (en) System and method for enabling wireless social networking
US9059958B2 (en) User registration method, interaction method and related devices
CN104158808A (en) Portal authentication method based on APP application and device
WO2016160457A1 (en) Secure transmission of a session identifier during service authentication
EP2924944B1 (en) Network authentication
KR102645768B1 (en) System for managing multiple identity and method thereof
WO2017177691A1 (en) Portal authentication method and system
CN103796278A (en) Mobile terminal wireless network access control method
WO2016078419A1 (en) Open authorization method, device and open platform
US9787678B2 (en) Multifactor authentication for mail server access
CN108092988B (en) Non-perception authentication and authorization network system and method based on dynamic temporary password creation
WO2015131524A1 (en) Remote access server method and web server
US8839396B1 (en) Providing single sign-on for wireless devices
CN104936177B (en) A kind of access authentication method and access authentication system
JP2013251835A (en) Information processing apparatus, information processing system, information processing method, and program
CN105635148B (en) Portal authentication method and device
KR101506594B1 (en) Method and system for subscriber to log in internet content provider(icp) website in identity/location separation network and login device thereof
KR20200010417A (en) Improved network communication
KR20090072687A (en) Network access authentication system and method for internet access service
WO2016183613A1 (en) Wifi user authentication
CN102946397B (en) User authen method and system
CN110856145A (en) IOT device and user binding method, device and medium based on near field authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16795537

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16795537

Country of ref document: EP

Kind code of ref document: A1