WO2013184433A1 - Wireless session configuration persistence - Google Patents

Wireless session configuration persistence Download PDF

Info

Publication number
WO2013184433A1
WO2013184433A1 PCT/US2013/042839 US2013042839W WO2013184433A1 WO 2013184433 A1 WO2013184433 A1 WO 2013184433A1 US 2013042839 W US2013042839 W US 2013042839W WO 2013184433 A1 WO2013184433 A1 WO 2013184433A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless
access point
public
user
profile
Prior art date
Application number
PCT/US2013/042839
Other languages
French (fr)
Inventor
Brian Coughlin
John A. CHEN
Original Assignee
Time Warner Cable Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Time Warner Cable Inc. filed Critical Time Warner Cable Inc.
Priority to CA2875653A priority Critical patent/CA2875653C/en
Priority to EP13800421.3A priority patent/EP2865219B1/en
Publication of WO2013184433A1 publication Critical patent/WO2013184433A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • WiFi Hotspots Internet access for wireless devices from public and/or common locations, most notable from beverage and snack vendors, hotels, mass transit, and other retail and/or service vendors that offer such access as an incentive to frequent the vendor. Further, Internet browser capability is becoming increasingly common in smaller and more portable device, such as laptops,
  • WiFi hotspots available.
  • Such capability is enabled by the IETF 802.1 la/b/g/n wireless LAN standard, which standardizes the consumer and home wireless networking capabilities (e.g. WiFi) among the various devices and allows for Internet connectivity at remote locations using consumer level devices.
  • a wireless access point employs a wireless configuration database for retrieving a stored wireless profiles, with each profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from that user's home wireless profile.
  • the network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user.
  • the wireless configuration also denotes authentication and security (passphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement.
  • a home customer (“User” or “Subscriber”) of a broadband Internet Service Provider (“ISP"), often implements a home WiFi network to provide Internet service to one or more of their devices (subscriber devices) in a home (i.e. residence) environment.
  • Configurations herein disclose a wireless access point whereby the ISP is entrusted with the user's home WiFi configuration credentials (credentials, or wireless profile) configured on their home WiFi Access Point (“AP”) device, i.e. the user's SSID, security method, and passphrase.
  • AP home WiFi Access Point
  • this approach defines a method to utilize each user' s home
  • Each roaming profile may be unique to each user depending on what service plan(s) or subscribed feature(s) they may have with their ISP. As such, the roaming profiles can then be used to tailor the public WiFi service to each user independently and examples of such wireless profiles are described in more detail below.
  • the subscriber devices employing wireless network capabilities typically broadcast a probe to WiFi conversant devices, and receive a reply from wireless access points (APs) within range.
  • the reply indicates the SSIDs available for connection, and conventional approaches employ the SSID set by the establishment.
  • probes identify the subscriber device by MAC ID (Media Access Control Identifier), and are instead employed as an index to access the home or personal wireless profile in the wireless configuration data base so that the subscriber device will render the same SSID known to the user from their home configuration when attempting to connect from the remote location.
  • MAC ID Media Access Control Identifier
  • Configurations herein are based, in part, on the observation that various WiFi establishments employ differing sign-on procedures and typically assign each user to a standard default session profile that has settings and characteristics of the establishment, not the user.
  • An authentication procedure is often employed, possibly with a passphrase or other token, to prevent unauthorized usage of the WiFi signal from the establishment or business.
  • the authentication defines a particular type of encryption and/or authentication underlying the session, and assigns the user to a default session, which may have other properties and attributes set by the establishment.
  • wireless access point within the dwelling using a wireless profile often saved from previous sessions.
  • a user knows the identity of their wireless access point - labeled with an SSID - so they may attempt to connect to their wireless access point, rather than a neighbor's which may be within range and be recognized by the wireless device as a potential connection source.
  • passphrase required, typically by inquiring or registering with the vendor or proprietor.
  • configuration herein substantially overcome the above describe shortcomings of conventional common-area WiFi arrangements by providing a wireless access point having an interface to a wireless configuration database that stores wireless profiles of subscribers according to MAC IDs or other identifiers that are employed to recognize the subscriber device and perform a lookup in the database from the remote wireless access point.
  • a wireless configuration database that stores wireless profiles of subscribers according to MAC IDs or other identifiers that are employed to recognize the subscriber device and perform a lookup in the database from the remote wireless access point.
  • the subscriber enjoys the same user experience in establishing an Internet connection from a remote WiFi hotspot that they are
  • the disclosed approach differs because the ISP Public Access point emulates the User's Home Access Point (via the "User WiFi Credentials") such that the User's device(s) will automatically connect via the retrieved wireless profile. Furthermore, this automatic connection is also a trusted one to the ISP, and facilitates the distribution of a public WiFi profile that the user can install for ongoing connections to the ISP public access point on a more permanent basis. While the most streamlined implementation is afforded when the home ISP and the ISP supporting the remote wireless access point are the same entity, various database security and authentication mechanisms may be employed to provide a more global database of user credentials across multiple vendors.
  • Configurations herein therefore provide more streamlined, trusted customer access to ISP's public WiFi service outside of the home.
  • the approach is facilitated by greater trust established between user and ISP because user's home WiFi configuration parameters are under each user's own control.
  • the ISP is only applying those same parameters without modification to facilitate a better user experience for public WiFi service outside the home.
  • Additional configurations may provide for implementation of per-user profiles for public WiFi service to enable a more granular range of services specific to each User
  • configurations herein provide a method of providing services to a wireless device by receiving an identity of a subscriber device by a public access point, and retrieving, based on the received identity, a wireless profile corresponding to a home access point, such that the wireless profile is stored in a remote database common to the public access point and the home access point.
  • the public (i.e. remote) access point establishes a wireless connection to a service network based on
  • Alternate configurations of the invention include a multiprogramming or multiprocessing computerized device such as a multiprocessor, controller or dedicated computing device or the like configured with software and/or circuitry (e.g., a processor as summarized above) to process any or all of the method operations disclosed herein as embodiments of the invention.
  • Still other embodiments of the invention include software programs such as a Java Virtual Machine and/or an operating system that can operate alone or in conjunction with each other with a multiprocessing computerized device to perform the method embodiment steps and operations summarized above and disclosed in detail below.
  • One such embodiment comprises a computer program product that has a non-transitory computer-readable storage medium including computer program logic encoded as instructions thereon that, when performed in a
  • multiprocessing computerized device having a coupling of a memory and a processor, programs the processor to perform the operations disclosed herein as embodiments of the invention to carry out data access requests.
  • Such arrangements of the invention are typically provided as software, code and/or other data (e.g., data structures) arranged or encoded on a computer readable medium such as an optical medium (e.g., CD-ROM), floppy or hard disk or other medium such as firmware or microcode in one or more ROM, RAM or PROM chips, field programmable gate arrays (FPGAs) or as an optical medium (e.g., CD-ROM), floppy or hard disk or other medium such as firmware or microcode in one or more ROM, RAM or PROM chips, field programmable gate arrays (FPGAs) or as an optical medium (e.g., CD-ROM), floppy or hard disk or other medium such as firmware or microcode in one or more ROM, RAM or PROM chips, field programmable gate arrays (FPGAs) or as an optical medium (
  • ASIC Application Specific Integrated Circuit
  • Fig. 1 is a context diagram of a wireless network suitable for use with configurations herein;
  • Fig. 2 is a flowchart of connection establishment in the network of Fig. 1;
  • Fig. 3 is a block diagram of access points in the network of Fig. 1;
  • Fig. 4 shows an example of remote connection establishment as in Fig. 2;
  • FIG. 5 shows an established connection as in Fig. 4
  • Fig. 6 shows a messaging sequence for the connection establishment of Fig. 4
  • Figs. 7-9 are a flowchart based on the messaging sequence of Fig. 6.
  • a personal, or home, wireless access point is depicted along with a remote, or public wireless access point disposed in a commercial and/or shared location. Both are access points modeled according to the 802.11 capability outlined above, however the concepts illustrated may also applicable to other wireless mediums.
  • Fig. 1 is a context diagram of a wireless network suitable for use with configurations herein.
  • users, or subscribers 112 employ a wireless device 120-1 via an access point 130-1 within the user's home or residence 132.
  • the wireless device 120-1 receives wireless services 140, such as documents, audio, and/or video from a public or private access network 142 such as the Internet and/or local LANs (Local Area Networks) that directly or indirectly connect to the Internet.
  • a public or private access network 142 such as the Internet and/or local LANs (Local Area Networks) that directly or indirectly connect to the Internet.
  • local LANs Local Area Networks
  • Wireless devices within range of the access point 130-1 may establish a connection with the access point 130-1 for Internet access. More specifically, the wireless device 120-1 establishes a connection 144 to the access point 130-1 by sending a probe 134 indicative of the device 120-1 identity, such as a MAC (Media Access Control) ID to the access point 130-1 and any other access points within range.
  • a probe 134 indicative of the device 120-1 identity, such as a MAC (Media Access Control) ID
  • Each access point 130-1 has an antenna 133 for receipt of the probe 134, and responds with an SSID indicative of a wireless profile 136 of the access point 130-1 (an initial exchange may offer just the SSID and generate the wireless profile for future connections).
  • the wireless profile 136 includes a security setting and a passphrase for allowing the user full access to the services 140 (i.e.
  • the access point 130-1 each time the subscriber 112 employs the subscriber device 120-1 to establish a connection 144 via the access point 130-1, they receive an invitation labeled with the SSID recognized as their "home" network with which to connect, and including any settings and/or defaults associated with the corresponding wireless profile. Since any access points 130 within range (i.e. neighbors, etc.) will respond to the probe 134 with an SSID, it is beneficial to be able to recognize the home SSID.
  • a remote location 146 such as a coffee shop, hotel, or mass transit facility, for example.
  • a remote location 146 such as a coffee shop, hotel, or mass transit facility, for example.
  • Conventional approaches to so-called wireless "hot spots" typically require the user to first identify the SSID of the remote location 146, and invoke a sign-on procedure, which may involve obtaining a password, paying a fee, and/or accepting a user agreement.
  • a sign-on procedure which may involve obtaining a password, paying a fee, and/or accepting a user agreement.
  • such an arrangement leaves the subscriber 112 with the default profile of the remote location 146, which may differ from the settings and/or defaults that the subscriber 112 is accustomed to.
  • configurations herein provide a repository 150 of wireless profiles 136' for storing wireless profiles of a plurality of users based on MAC ID or other identifier, such that a remote access point 130-2 (130 generally) retrieves the wireless profile 136' corresponding to the "home" profile of the (now remote) subscriber device 120- (120 generally) and offers a sign-on using the same SSID label that the user is accustomed to from the remote location 146.
  • the repository 150 such as a wireless profile database, stores the wireless profile 136' employed by the subscriber device 120-1 for invoking the access point 130- 1 in the residence 132.
  • the remote (public) access point 130-2 Upon proximity to a remote location 146, the remote (public) access point 130-2 receives the probe 135 of the remote subscriber device 120- , and retrieves the stored wireless profile 136" using the MAC ID (or other device identifier) from the database 150.
  • the subscriber device 120- is offered the SSID of the home profile for use at the remote location, and once selected, the retrieved wireless profile 136" is employed by the remote wireless access point 130-2 for providing wireless services 148 at the remote location 146.
  • Fig. 2 is a flowchart of connection establishment in the network of Fig. 1.
  • the method of providing services to a wireless device 120 as disclosed herein includes, at step 200, receiving an identity of a subscriber device 120 by a public access point 130-2, and retrieving, based on the received identity (via probe 135), a wireless profile 136" corresponding to the personal access point 130-1, in which the wireless profile 136' is stored in a remote database 150 common to the public access point 130-2 and the personal access point 130-1, as depicted at step 201.
  • the subscriber device 120- establishes a wireless connection 145 via the public access point 130-2 to the service network 142 based on authentication of the subscriber device 120- using the retrieved wireless profile 136".
  • Fig. 3 is a block diagram of access points in the network of Fig. 1.
  • a plurality of subscriber devices 120-11, 120-12, 120-13 are shown at residences 132-1, 132-2 (132 generally).
  • Each residence 132 has a wireless access point 130-11, 130-12 including a wireless profile 136-11, 136-12 (136 generally)
  • An Internet service provider (ISP) 152 provides the wireless services 140 to each of the residences 132 via a home Internet router/modem 138 such as a cable modem or similar device (certain configurations may package the modem, routing and wireless access capabilities in a single device).
  • ISP Internet service provider
  • the access point 130-11,130-12 broadcasts its SSID, and the user devices 120-11, 120-12, 120-13 can connect to that SSID successfully if it has the connect security parameters matching the parameters configured within the Home WiFi Access Point 130-11- SSID:
  • the ISP 152 maintains the repository 150 including a table 154 of wireless profiles 136, including entries 136-1 ⁇ , corresponding to access point 130-11, and entry 136-12', corresponding to access point 130-12.
  • the table 154 indexes the entries 136' by MAC IDs 156-11..156-13 of the respective devices, as shown by the devices served in the residences 132.
  • a provisioned field 170 indicates if this is the initial invocation of the SSID for the device 120 corresponding to this MAC ID 156 from a remote access point 130-2, discussed further below.
  • Fig. 4 shows an example of remote connection establishment as in Fig. 2.
  • a subscriber 112 employs the subscriber device 120-11 with MAC ID 156-11 of O12345ABCD01' while attempting to access the Internet 142 at the remote location 146.
  • the subscriber device 120-11 sends a probe 401 to the remote (public) wireless access point 130-2 bearing the MAC ID O12345ABCD01.'
  • the remote wireless access point 130-2 configured for performing methods as disclosed herein, invokes an ISP WiFi application server 158 with a message 402 for a lookup in the profile table 154 for the MAC ID ⁇ 12345 ABCD01.
  • the WiFi application server 158 in the example arrangement, is operable as a wireless profile server for establishing, using the retrieved wireless profile 136", a wireless connection from the public access point 130-2 to the device 120, authenticating an identity of the device 120 using the wireless profile, and establishing a limited access connection via the public access point.
  • the repository database 150 lookup finds a match on entry 136- 11', and retrieves, via a credential device interface 151 the corresponding wireless profile 136-11 for returning to the remote access point 130-2, as shown by message 403.
  • the remote wireless access point 130-2 Upon receiving the wireless profile 136-11, the remote wireless access point 130-2 creates a virtual home WiFi access point 404 that emulates the SSID label normally encountered by the subscriber 112 from their home access point 130-11. Therefore, the subscriber device 120-11 will display an entry for the SSID heSmiths" when displaying available SSIDs for connection from the remote location, in addition to the native SSID normally available such as "ISPWIFI" 137.
  • the SSID corresponding to the wireless profile 136-11 is selected on the subscriber device 120-11, as shown by message 405, and an authentication exchange occurs according to the wireless profile 136-11, including the security (encryption) mechanism and passphrase normally used by the subscriber 112 at home. Additional authentication and/or MAC ID or other device validation may occur to ensure that other patrons in the remote location 146 are not also offered the 136-11 profile SSID and/or are not permitted to connect via the virtual home WiFi Access point 404.
  • the provisioned field 170 is marked 172 for each MAC ID 156 upon successful connection of the subscriber device with MAC ID 156 to the full Internet 147, as triggered by a successful outcome of 524 in Figure 6. Subsequent instances of the MAC ID 156 being within range of a remote access point 132 that recognizes the MAC ID 156 upon lookup will facilitate the exchange and avoid the virtual Home SSID 404 being broadcast by public access point 132-2. The recognized device 120 will automatically employ the SSID of the public access point 132-2 and be afforded a full Internet connection 147, as disclosed in Fig. 5 below.
  • the remote wireless access point 130-2 may automatically establish a connection to the subscriber device 120-11 upon detection and authentication using the Public WiFi SSID ("ISPWiFi" in Fig 5) without yet again broadcasting the Virtual Home SSID 404 receivable by other wireless devices within range. Typically this may follow an initial exchange of credentials (i.e. passphrase) after which the subscriber device 120 would be automatically recognized.
  • the connection between the remote wireless access device 130-2 and the subscriber device 120-11 is broadened from the ISP to allow general Internet access, previously blocked by the ISP pending validation, as shown by the 'X' 143.
  • all WiFi devices send out probe 134, 135 requests to collect the SSIDs of all access points 130 that respond, and those probe requests include the MAC ID of the User's WiFi Device.
  • Each user device such as 120-11, 120-12, and 120-13 has a corresponding MAC ID that uniquely identifies the device, respectively 156-11, 156-12 and 156-13 in the example shown in Fig. 4.
  • the MAC ID 401 of this probe 135 acts as a trigger to create a virtual instance 404 of the user's home WiFi Access point alongside the public WiFi access point 130-2.
  • This virtual home WiFi 404 will then cause the user's device 120 to automatically connect just the same as if the user 112 was in their home 132, creating a trusted connection over WiFi between the User's device and the ISP 152.
  • the fact that this connection is trusted and specific to the user immediately upon its establishment is a significant improvement over traditional methods where WiFi Access Points typically broadcast an open SSID allowing any user's device to connect, and then must establish any trust later with each user using other means.
  • Fig. 5 shows an established connection as in Fig. 4.
  • the ISP WiFi network ceases broadcasting the home AP profile 136-11 of this newly provisioned user's device every time it comes back onto the network.
  • a provisioned flag 170 (field) is set 172 in the DB 150 for each device MAC ID 156 for whether is has already successfully connected to the Public SSID ("ISPWiFi" in this example).
  • Fig. 6 shows a messaging sequence for discovery and provisioning of the Public WiFi profile 522 after the Virtual Home SSID connection establishment of Fig. 4.
  • the subscriber device 120-11 attempts to connect to the remote wireless access point 130-2, as shown by segment 510, commencing a first phase 502 during which the subscriber device 120 does not have full Internet access.
  • An Internet connect request 512 from the subscriber device 120-11 triggers the relevant DNS server 520 to resolve the requested name, and reverts to the ISP application server 158, as shown at arrow 514.
  • the subscriber device 120 executes an HTTP GET 516 with respect to the application server 158, and receives a captive page indicating redirection to a web server shown by arrow 518 that hosts the Public (e.g. "ISPWiFi") SSID wireless profile, which is provisioned via download to the subscriber device as shown by arrow 520.
  • the user 112 completes any required authentication (i.e.
  • the first phase connection 502 is then terminated in favor of a second phase connection 504 affording full Internet connectivity, which authenticates the new Public SSID
  • Figs. 7-9 are a flowchart based on the messaging sequence of Fig. 6.
  • the public access point 130-2 identifies a device 120 corresponding to a subscriber 112 of a predetermined service provider 152. This includes scanning for wireless devices 120 within range of the public access point 130- 2, as depicted at step 301.
  • the subscriber device 120- broadcasts a MAC ID of the subscriber device 120- to the public access point 130-2, as depicted at step 302, and the remote access point 130-2 receives the probe 135 from the subscriber device 120- , as shown at step 303.
  • the probe 135 includes a MAC ID designating the subscriber device 130-2, however alternative device identifiers may be employed.
  • the remote access point 130-2 receives an SSID based on the personal access point, in which the SSID is obtained via an exchange with a remote credential database 150 for storing credentials 136 for remote access, as depicted at step 304.
  • the remote database 150 is built from an aggregation of residential subscribers and commercial public access points 130 supported by a common Internet service provider 152 for mapping the residential subscribers from the public access points via a MAC ID of the device of the user 112, as depicted at step 306.
  • the personal access point is a home access point 130-1 previously employed by the subscriber device 120-1 for establishing a wireless connection to the service network 142, as shown at step 307.
  • the ISP application server 158 retrieves, via a device identifier 401 of the device
  • a wireless profile 136 corresponding to the subscriber 112 from a remote database 150 in which the remote database 150 has subscriber information 136-1 ⁇ of the predetermined service provider 152, as shown at step 308.
  • the security specifier indicates an encryption type to be employed and the security token is a password, such that the SSID matches an SSID employed by the home (personal) wireless access device 130-1 and obtained via the remote database 150, as disclosed at step 311.
  • a check is performed, at step 312, to see if this device (MAC ID 156) has previously connected to the Public SSID - specifically if the provisioned field 170 is set 172, then the device has already been authenticated and control passes to step 319 to provide a full Internet connection to the user.
  • the remote access point 130-2 inserts the received SSID in a rendered list of SSIDs available for connection, as shown at step 313, for selection by a user.
  • Typical subscriber devices render a list of available SSIDs detected within range of the subscriber device 120, along with an indication of signal strength. Without affirmative knowledge of the intended SSID for usage, users often need to employ signal strength as the SSID likely to correspond to the current location, and pursue trial and error methods to determine the proper SSID.
  • the access point 130-2 then establishes, using the retrieved wireless profile
  • the virtual access point 404 authenticates an identity of the subscriber device 120-11 using the retrieved wireless profile 136-11 corresponding to the home wireless access point 130-1, and a check is performed at step 317 to determine if the
  • the provisioned flag 170 is set 172 so that subsequent connections from this device or another device associated with the profile 136-1 ⁇ will be automatic.
  • the ISP application servers 520 and 158 then complete steps 512 to 520 to enable the user to install the Public WiFI Profile supporting the full access connection providing wireless services 148 from the service network 142 via the public access point 130-2, corresponding to phase 2 504, as depicted at step 319.
  • the established wireless connection with a full access connection via the public access point 130-2 corresponding to removal of the 'X' 143 in Fig. 4, as shown at step 320.
  • the previously advertised SSID associated with the personal access point is turned off on the remote access point 130-2 such that it is no longer available for the subscriber device 120-1 that is now connected with full Internet access via the Public SSID now provisioned for that device in Phase 2 504.
  • programs and methods defined herein are deliverable to a user processing and rendering device in many forms, including but not limited to a) information permanently stored on non-writeable storage media such as ROM devices, b) information alterably stored on writeable non-transitory storage media such as floppy disks, magnetic tapes, CDs, RAM devices, and other magnetic and optical media, or c) information conveyed to a computer through communication media, as in an electronic network such as the Internet or telephone modem lines.
  • the operations and methods may be implemented in a software executable object or as a set of encoded instructions for execution by a processor responsive to the instructions.
  • ASICs Application Specific Integrated Circuits
  • FPGAs Field Programmable Gate Arrays
  • state machines controllers or other hardware components or devices, or a combination of hardware, software, and firmware components.

Abstract

A wireless access point employs a wireless configuration database for retrieving a stored wireless profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from the home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (passphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement. Subsequent attempts automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range.

Description

WIRELESS SESSION CONFIGURATION PERSISTENCE
BACKGROUND
The recent proliferation of personal wireless devices has resulted in a corresponding influx of so-called "WiFi Hotspots" - Internet access for wireless devices from public and/or common locations, most notable from beverage and snack vendors, hotels, mass transit, and other retail and/or service vendors that offer such access as an incentive to frequent the vendor. Further, Internet browser capability is becoming increasingly common in smaller and more portable device, such as laptops,
smartphones, and tablet devices that permit the user to invoke a browser and access Internet resources from the plethora of WiFi hotspots available. Such capability is enabled by the IETF 802.1 la/b/g/n wireless LAN standard, which standardizes the consumer and home wireless networking capabilities (e.g. WiFi) among the various devices and allows for Internet connectivity at remote locations using consumer level devices.
SUMMARY
A wireless access point employs a wireless configuration database for retrieving a stored wireless profiles, with each profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from that user's home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (passphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement.
In a wireless services environment, a home customer ("User" or "Subscriber") of a broadband Internet Service Provider ("ISP"), often implements a home WiFi network to provide Internet service to one or more of their devices (subscriber devices) in a home (i.e. residence) environment. Configurations herein disclose a wireless access point whereby the ISP is entrusted with the user's home WiFi configuration credentials (credentials, or wireless profile) configured on their home WiFi Access Point ("AP") device, i.e. the user's SSID, security method, and passphrase.
Specifically, this approach defines a method to utilize each user' s home
(personal) parameters such that they are emulated on ISP-operated WiFi APs outside the user's home, in order to support just-in-time discovery, selection and provisioning of public WiFi Internet service via distribution of WiFi roaming profile(s). Each roaming profile may be unique to each user depending on what service plan(s) or subscribed feature(s) they may have with their ISP. As such, the roaming profiles can then be used to tailor the public WiFi service to each user independently and examples of such wireless profiles are described in more detail below.
The subscriber devices employing wireless network capabilities, commonly referred to as "WiFi," typically broadcast a probe to WiFi conversant devices, and receive a reply from wireless access points (APs) within range. The reply indicates the SSIDs available for connection, and conventional approaches employ the SSID set by the establishment. Such probes identify the subscriber device by MAC ID (Media Access Control Identifier), and are instead employed as an index to access the home or personal wireless profile in the wireless configuration data base so that the subscriber device will render the same SSID known to the user from their home configuration when attempting to connect from the remote location.
Configurations herein are based, in part, on the observation that various WiFi establishments employ differing sign-on procedures and typically assign each user to a standard default session profile that has settings and characteristics of the establishment, not the user. An authentication procedure is often employed, possibly with a passphrase or other token, to prevent unauthorized usage of the WiFi signal from the establishment or business. The authentication defines a particular type of encryption and/or authentication underlying the session, and assigns the user to a default session, which may have other properties and attributes set by the establishment.
In contrast, home WiFi usage is supported by a wireless access point within the dwelling using a wireless profile often saved from previous sessions. A user knows the identity of their wireless access point - labeled with an SSID - so they may attempt to connect to their wireless access point, rather than a neighbor's which may be within range and be recognized by the wireless device as a potential connection source.
Unfortunately, conventional approaches to public or common area WiFi establishments suffer from the shortcoming that wireless session establishment with a remote wireless access point at a remote location is presented with an unfamiliar list of SSIDs corresponding to wireless profiles established by the vendor or proprietor of the remote location. Users must manually identify the SSID and any credentials (e.g.
passphrase) required, typically by inquiring or registering with the vendor or proprietor.
Accordingly, configuration herein substantially overcome the above describe shortcomings of conventional common-area WiFi arrangements by providing a wireless access point having an interface to a wireless configuration database that stores wireless profiles of subscribers according to MAC IDs or other identifiers that are employed to recognize the subscriber device and perform a lookup in the database from the remote wireless access point. In this manner, the subscriber enjoys the same user experience in establishing an Internet connection from a remote WiFi hotspot that they are
accustomed to from their home wireless configuration.
In contrast to conventional approaches for WiFi Profile definition and distribution, the disclosed approach differs because the ISP Public Access point emulates the User's Home Access Point (via the "User WiFi Credentials") such that the User's device(s) will automatically connect via the retrieved wireless profile. Furthermore, this automatic connection is also a trusted one to the ISP, and facilitates the distribution of a public WiFi profile that the user can install for ongoing connections to the ISP public access point on a more permanent basis. While the most streamlined implementation is afforded when the home ISP and the ISP supporting the remote wireless access point are the same entity, various database security and authentication mechanisms may be employed to provide a more global database of user credentials across multiple vendors.
Configurations herein therefore provide more streamlined, trusted customer access to ISP's public WiFi service outside of the home. The approach is facilitated by greater trust established between user and ISP because user's home WiFi configuration parameters are under each user's own control. The ISP is only applying those same parameters without modification to facilitate a better user experience for public WiFi service outside the home. Additional configurations may provide for implementation of per-user profiles for public WiFi service to enable a more granular range of services specific to each User
In further detail, configurations herein provide a method of providing services to a wireless device by receiving an identity of a subscriber device by a public access point, and retrieving, based on the received identity, a wireless profile corresponding to a home access point, such that the wireless profile is stored in a remote database common to the public access point and the home access point. The public (i.e. remote) access point establishes a wireless connection to a service network based on
authentication of the subscriber device using the retrieved wireless profile.
Alternate configurations of the invention include a multiprogramming or multiprocessing computerized device such as a multiprocessor, controller or dedicated computing device or the like configured with software and/or circuitry (e.g., a processor as summarized above) to process any or all of the method operations disclosed herein as embodiments of the invention. Still other embodiments of the invention include software programs such as a Java Virtual Machine and/or an operating system that can operate alone or in conjunction with each other with a multiprocessing computerized device to perform the method embodiment steps and operations summarized above and disclosed in detail below. One such embodiment comprises a computer program product that has a non-transitory computer-readable storage medium including computer program logic encoded as instructions thereon that, when performed in a
multiprocessing computerized device having a coupling of a memory and a processor, programs the processor to perform the operations disclosed herein as embodiments of the invention to carry out data access requests. Such arrangements of the invention are typically provided as software, code and/or other data (e.g., data structures) arranged or encoded on a computer readable medium such as an optical medium (e.g., CD-ROM), floppy or hard disk or other medium such as firmware or microcode in one or more ROM, RAM or PROM chips, field programmable gate arrays (FPGAs) or as an
Application Specific Integrated Circuit (ASIC). The software or firmware or other such configurations can be installed onto the computerized device (e.g., during operating system execution or during environment installation) to cause the computerized device to perform the techniques explained herein as embodiments of the invention.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of particular embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the invention.
Fig. 1 is a context diagram of a wireless network suitable for use with configurations herein;
Fig. 2 is a flowchart of connection establishment in the network of Fig. 1;
Fig. 3 is a block diagram of access points in the network of Fig. 1;
Fig. 4 shows an example of remote connection establishment as in Fig. 2;
Fig. 5 shows an established connection as in Fig. 4; Fig. 6 shows a messaging sequence for the connection establishment of Fig. 4; and
Figs. 7-9 are a flowchart based on the messaging sequence of Fig. 6. DETAILED DESCRIPTION
Depicted below is an example configuration of a wireless device environment. The methods and apparatus depicted herein are presented in particular configurations for illustrating these methods and the apparatus on which they operate. A personal, or home, wireless access point is depicted along with a remote, or public wireless access point disposed in a commercial and/or shared location. Both are access points modeled according to the 802.11 capability outlined above, however the concepts illustrated may also applicable to other wireless mediums.
Fig. 1 is a context diagram of a wireless network suitable for use with configurations herein. Referring to Fig. 1, in a wireless device environment 100, users, or subscribers 112, employ a wireless device 120-1 via an access point 130-1 within the user's home or residence 132. The wireless device 120-1 receives wireless services 140, such as documents, audio, and/or video from a public or private access network 142 such as the Internet and/or local LANs (Local Area Networks) that directly or indirectly connect to the Internet.
Wireless devices within range of the access point 130-1, typically those within the residence 132, may establish a connection with the access point 130-1 for Internet access. More specifically, the wireless device 120-1 establishes a connection 144 to the access point 130-1 by sending a probe 134 indicative of the device 120-1 identity, such as a MAC (Media Access Control) ID to the access point 130-1 and any other access points within range. Each access point 130-1 has an antenna 133 for receipt of the probe 134, and responds with an SSID indicative of a wireless profile 136 of the access point 130-1 (an initial exchange may offer just the SSID and generate the wireless profile for future connections). The wireless profile 136 includes a security setting and a passphrase for allowing the user full access to the services 140 (i.e. Internet) via the access point 130-1. Accordingly, each time the subscriber 112 employs the subscriber device 120-1 to establish a connection 144 via the access point 130-1, they receive an invitation labeled with the SSID recognized as their "home" network with which to connect, and including any settings and/or defaults associated with the corresponding wireless profile. Since any access points 130 within range (i.e. neighbors, etc.) will respond to the probe 134 with an SSID, it is beneficial to be able to recognize the home SSID.
In the wireless device environment 100, however, subscribers frequently wish to invoke the wireless services 148 from a remote location 146 such as a coffee shop, hotel, or mass transit facility, for example. Conventional approaches to so-called wireless "hot spots" typically require the user to first identify the SSID of the remote location 146, and invoke a sign-on procedure, which may involve obtaining a password, paying a fee, and/or accepting a user agreement. Further, such an arrangement leaves the subscriber 112 with the default profile of the remote location 146, which may differ from the settings and/or defaults that the subscriber 112 is accustomed to.
In redress, configurations herein provide a repository 150 of wireless profiles 136' for storing wireless profiles of a plurality of users based on MAC ID or other identifier, such that a remote access point 130-2 (130 generally) retrieves the wireless profile 136' corresponding to the "home" profile of the (now remote) subscriber device 120- (120 generally) and offers a sign-on using the same SSID label that the user is accustomed to from the remote location 146.
The repository 150, such as a wireless profile database, stores the wireless profile 136' employed by the subscriber device 120-1 for invoking the access point 130- 1 in the residence 132. Upon proximity to a remote location 146, the remote (public) access point 130-2 receives the probe 135 of the remote subscriber device 120- , and retrieves the stored wireless profile 136" using the MAC ID (or other device identifier) from the database 150. The subscriber device 120- is offered the SSID of the home profile for use at the remote location, and once selected, the retrieved wireless profile 136" is employed by the remote wireless access point 130-2 for providing wireless services 148 at the remote location 146.
Fig. 2 is a flowchart of connection establishment in the network of Fig. 1. In the wireless device environment 100, the method of providing services to a wireless device 120 as disclosed herein includes, at step 200, receiving an identity of a subscriber device 120 by a public access point 130-2, and retrieving, based on the received identity (via probe 135), a wireless profile 136" corresponding to the personal access point 130-1, in which the wireless profile 136' is stored in a remote database 150 common to the public access point 130-2 and the personal access point 130-1, as depicted at step 201. The subscriber device 120- establishes a wireless connection 145 via the public access point 130-2 to the service network 142 based on authentication of the subscriber device 120- using the retrieved wireless profile 136".
Fig. 3 is a block diagram of access points in the network of Fig. 1. Referring to Figs. 1 and 3, a plurality of subscriber devices 120-11, 120-12, 120-13 are shown at residences 132-1, 132-2 (132 generally). Each residence 132 has a wireless access point 130-11, 130-12 including a wireless profile 136-11, 136-12 (136 generally)
corresponding to the subscriber devices 120 served by the respective access points 130. An Internet service provider (ISP) 152 provides the wireless services 140 to each of the residences 132 via a home Internet router/modem 138 such as a cable modem or similar device (certain configurations may package the modem, routing and wireless access capabilities in a single device).
In the typical home WiFi network of Fig. 3, it should be noted that the access point 130-11,130-12 broadcasts its SSID, and the user devices 120-11, 120-12, 120-13 can connect to that SSID successfully if it has the connect security parameters matching the parameters configured within the Home WiFi Access Point 130-11- SSID:
TheSmiths, Security: WPA-PSK and Passphrase: SmithsSecretPW. These parameters are defined and configured by the home user and in conventional approaches are only stored locally within the access point 130. The ISP 152 maintains the repository 150 including a table 154 of wireless profiles 136, including entries 136-1 Γ, corresponding to access point 130-11, and entry 136-12', corresponding to access point 130-12. The table 154 indexes the entries 136' by MAC IDs 156-11..156-13 of the respective devices, as shown by the devices served in the residences 132. A provisioned field 170 indicates if this is the initial invocation of the SSID for the device 120 corresponding to this MAC ID 156 from a remote access point 130-2, discussed further below.
Fig. 4 shows an example of remote connection establishment as in Fig. 2.
Referring to Figs. 1, 3 and 4, a subscriber 112 employs the subscriber device 120-11 with MAC ID 156-11 of O12345ABCD01' while attempting to access the Internet 142 at the remote location 146. The subscriber device 120-11 sends a probe 401 to the remote (public) wireless access point 130-2 bearing the MAC ID O12345ABCD01.' The remote wireless access point 130-2, configured for performing methods as disclosed herein, invokes an ISP WiFi application server 158 with a message 402 for a lookup in the profile table 154 for the MAC ID Ό 12345 ABCD01.' The WiFi application server 158, in the example arrangement, is operable as a wireless profile server for establishing, using the retrieved wireless profile 136", a wireless connection from the public access point 130-2 to the device 120, authenticating an identity of the device 120 using the wireless profile, and establishing a limited access connection via the public access point. The repository database 150 lookup finds a match on entry 136- 11', and retrieves, via a credential device interface 151 the corresponding wireless profile 136-11 for returning to the remote access point 130-2, as shown by message 403. Upon receiving the wireless profile 136-11, the remote wireless access point 130-2 creates a virtual home WiFi access point 404 that emulates the SSID label normally encountered by the subscriber 112 from their home access point 130-11. Therefore, the subscriber device 120-11 will display an entry for the SSID heSmiths" when displaying available SSIDs for connection from the remote location, in addition to the native SSID normally available such as "ISPWIFI" 137. The SSID corresponding to the wireless profile 136-11 is selected on the subscriber device 120-11, as shown by message 405, and an authentication exchange occurs according to the wireless profile 136-11, including the security (encryption) mechanism and passphrase normally used by the subscriber 112 at home. Additional authentication and/or MAC ID or other device validation may occur to ensure that other patrons in the remote location 146 are not also offered the 136-11 profile SSID and/or are not permitted to connect via the virtual home WiFi Access point 404.
The provisioned field 170 is marked 172 for each MAC ID 156 upon successful connection of the subscriber device with MAC ID 156 to the full Internet 147, as triggered by a successful outcome of 524 in Figure 6. Subsequent instances of the MAC ID 156 being within range of a remote access point 132 that recognizes the MAC ID 156 upon lookup will facilitate the exchange and avoid the virtual Home SSID 404 being broadcast by public access point 132-2. The recognized device 120 will automatically employ the SSID of the public access point 132-2 and be afforded a full Internet connection 147, as disclosed in Fig. 5 below.
Therefore, upon the second and subsequent remote wireless access point 130-2 invocations, the remote wireless access point 130-2 may automatically establish a connection to the subscriber device 120-11 upon detection and authentication using the Public WiFi SSID ("ISPWiFi" in Fig 5) without yet again broadcasting the Virtual Home SSID 404 receivable by other wireless devices within range. Typically this may follow an initial exchange of credentials (i.e. passphrase) after which the subscriber device 120 would be automatically recognized. Once the authentication is established, the connection between the remote wireless access device 130-2 and the subscriber device 120-11 is broadened from the ISP to allow general Internet access, previously blocked by the ISP pending validation, as shown by the 'X' 143.
As shown in Figs. 1 and 4, all WiFi devices send out probe 134, 135 requests to collect the SSIDs of all access points 130 that respond, and those probe requests include the MAC ID of the User's WiFi Device. Each user device, such as 120-11, 120-12, and 120-13 has a corresponding MAC ID that uniquely identifies the device, respectively 156-11, 156-12 and 156-13 in the example shown in Fig. 4. Continuing to refer to Fig. 4, the MAC ID 401 of this probe 135 (remote probe; 134 is a home access point 130-1 probe, however both contain similar information) acts as a trigger to create a virtual instance 404 of the user's home WiFi Access point alongside the public WiFi access point 130-2. This virtual home WiFi 404 will then cause the user's device 120 to automatically connect just the same as if the user 112 was in their home 132, creating a trusted connection over WiFi between the User's device and the ISP 152. The fact that this connection is trusted and specific to the user immediately upon its establishment is a significant improvement over traditional methods where WiFi Access Points typically broadcast an open SSID allowing any user's device to connect, and then must establish any trust later with each user using other means.
Fig. 5 shows an established connection as in Fig. 4. Once the user 112 is happily connected from at least one remote access point, as in Fig. 4, the ISP WiFi network ceases broadcasting the home AP profile 136-11 of this newly provisioned user's device every time it comes back onto the network. Accordingly, a provisioned flag 170 (field) is set 172 in the DB 150 for each device MAC ID 156 for whether is has already successfully connected to the Public SSID ("ISPWiFi" in this example).
For example, for a given user 112, they could invoke this feature one day with their iPhone® as documented and get connected. But then if they come back to the same Public AP with their iPhone the next day, their home SSID should never appear and they simply connect to the Public SSID ISPWiFi with the profile newly installed the day before. Yet if they come back with their iPad® on the third day, they should get the same experience they got with their iPhone on the first day assuming they used their iPad at home at least once already to get its MAC ID 156 counted in the ISP WiFi database, since both MAC IDs (devices 120) are associated with the same profile entry 136. This is beneficial because otherwise, the public access point 130-2 will be turning on the home SSIDs for users indefinitely even after they are fully provisioned.
Fig. 6 shows a messaging sequence for discovery and provisioning of the Public WiFi profile 522 after the Virtual Home SSID connection establishment of Fig. 4. Referring to Figs. 4 and 5, the subscriber device 120-11 attempts to connect to the remote wireless access point 130-2, as shown by segment 510, commencing a first phase 502 during which the subscriber device 120 does not have full Internet access. An Internet connect request 512 from the subscriber device 120-11 triggers the relevant DNS server 520 to resolve the requested name, and reverts to the ISP application server 158, as shown at arrow 514. The subscriber device 120 executes an HTTP GET 516 with respect to the application server 158, and receives a captive page indicating redirection to a web server shown by arrow 518 that hosts the Public (e.g. "ISPWiFi") SSID wireless profile, which is provisioned via download to the subscriber device as shown by arrow 520. The user 112 completes any required authentication (i.e.
passphrase entry) if required with the Public WiFi profile, and changes the connection to invoke the public wireless access point 130-2 for Internet access based on authentication and connection of their downloaded Public wireless profile as shown by arrow 522. The first phase connection 502 is then terminated in favor of a second phase connection 504 affording full Internet connectivity, which authenticates the new Public SSID
connection by arrow 524.
Figs. 7-9 are a flowchart based on the messaging sequence of Fig. 6. Referring to Figs. 1 and 4-8, at step 300, the public access point 130-2 identifies a device 120 corresponding to a subscriber 112 of a predetermined service provider 152. This includes scanning for wireless devices 120 within range of the public access point 130- 2, as depicted at step 301. As is typical with wireless devices within range of an access point, the subscriber device 120- broadcasts a MAC ID of the subscriber device 120- to the public access point 130-2, as depicted at step 302, and the remote access point 130-2 receives the probe 135 from the subscriber device 120- , as shown at step 303. In the example configuration, the probe 135 includes a MAC ID designating the subscriber device 130-2, however alternative device identifiers may be employed.
In response to the probe 135 (Fig 1), the remote access point 130-2 receives an SSID based on the personal access point, in which the SSID is obtained via an exchange with a remote credential database 150 for storing credentials 136 for remote access, as depicted at step 304. This includes establishing the remote database 150 by aggregating the user wireless profile 136, the device identifier, and the identity of a plurality of public access points 130 through which the user may connect using the user wireless profile 136, as shown at step 305. In this manner, the remote database 150 is built from an aggregation of residential subscribers and commercial public access points 130 supported by a common Internet service provider 152 for mapping the residential subscribers from the public access points via a MAC ID of the device of the user 112, as depicted at step 306. In the example arrangement, the personal access point is a home access point 130-1 previously employed by the subscriber device 120-1 for establishing a wireless connection to the service network 142, as shown at step 307.
The ISP application server 158 retrieves, via a device identifier 401 of the device
120- , a wireless profile 136 corresponding to the subscriber 112 from a remote database 150, in which the remote database 150 has subscriber information 136-1 Γ of the predetermined service provider 152, as shown at step 308. This includes, at step 309 indexing a corresponding entry 136 in the remote database 150 using the MAC ID 401, in which the user profile 136-11 includes an SSID, a security specifier, and a security token, as depicted at step 310. In the example arrangement, the security specifier indicates an encryption type to be employed and the security token is a password, such that the SSID matches an SSID employed by the home (personal) wireless access device 130-1 and obtained via the remote database 150, as disclosed at step 311.
A check is performed, at step 312, to see if this device (MAC ID 156) has previously connected to the Public SSID - specifically if the provisioned field 170 is set 172, then the device has already been authenticated and control passes to step 319 to provide a full Internet connection to the user.
The remote access point 130-2 inserts the received SSID in a rendered list of SSIDs available for connection, as shown at step 313, for selection by a user. Typical subscriber devices render a list of available SSIDs detected within range of the subscriber device 120, along with an indication of signal strength. Without affirmative knowledge of the intended SSID for usage, users often need to employ signal strength as the SSID likely to correspond to the current location, and pursue trial and error methods to determine the proper SSID. This includes the remote access point 130-2 receiving the SSID of the user from the remote database 150, and broadcasting the SSID from the public access point upon detection of the device identifier from a device 120 of the user, as depicted at step 314.
The access point 130-2 then establishes, using the retrieved wireless profile
136", a wireless connection 145 from the public access point 130-2 to the subscriber device 120-11, as depicted at step 315 corresponding to Step 510 at the beginning of the first phase 502 of connectivity with only the ISP 152.
The virtual access point 404 authenticates an identity of the subscriber device 120-11 using the retrieved wireless profile 136-11 corresponding to the home wireless access point 130-1, and a check is performed at step 317 to determine if the
authentication was successful. If the check was successful, then on the first connection from a particular device 120 (MAC ID 136), the provisioned flag 170 is set 172 so that subsequent connections from this device or another device associated with the profile 136-1 Γ will be automatic.
The ISP application servers 520 and 158 then complete steps 512 to 520 to enable the user to install the Public WiFI Profile supporting the full access connection providing wireless services 148 from the service network 142 via the public access point 130-2, corresponding to phase 2 504, as depicted at step 319. This includes
superceding, based on the authentication, the established wireless connection with a full access connection via the public access point 130-2, corresponding to removal of the 'X' 143 in Fig. 4, as shown at step 320. Further, the previously advertised SSID associated with the personal access point is turned off on the remote access point 130-2 such that it is no longer available for the subscriber device 120-1 that is now connected with full Internet access via the Public SSID now provisioned for that device in Phase 2 504.
Those skilled in the art should readily appreciate that the programs and methods defined herein are deliverable to a user processing and rendering device in many forms, including but not limited to a) information permanently stored on non-writeable storage media such as ROM devices, b) information alterably stored on writeable non-transitory storage media such as floppy disks, magnetic tapes, CDs, RAM devices, and other magnetic and optical media, or c) information conveyed to a computer through communication media, as in an electronic network such as the Internet or telephone modem lines. The operations and methods may be implemented in a software executable object or as a set of encoded instructions for execution by a processor responsive to the instructions. Alternatively, the operations and methods disclosed herein may be embodied in whole or in part using hardware components, such as Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), state machines, controllers or other hardware components or devices, or a combination of hardware, software, and firmware components.
While the system and methods defined herein have been particularly shown and described with references to embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.

Claims

CLAIMS What is claimed is:
1. A method of providing services to a wireless device comprising:
receiving an identity of a subscriber device by a public access point;
retrieving, based on the received identity, a wireless profile corresponding to a personal access point, the wireless profile stored in a remote database common to the public access point and the personal access point; and
establishing a wireless connection via the public access point to a service network based on authentication of the subscriber device using the retrieved wireless profile.
2. The method of claim 1 wherein the personal access point is a home access point previously employed by the subscriber device for establishing a wireless connection to the service network.
3. The method of claim 2 further comprising establishing the remote database by aggregating the wireless profile, the device identifier, and the identity of a plurality of public access points through which the user may connect using the user wireless profile.
4. The method of claim 2 wherein the remote database is an aggregation of residential subscribers and commercial public access points supported by a common Internet service provider for mapping the residential subscribers from the public access points via a MAC ID of the device of the user.
5. The method of claim 1 wherein the wireless profile includes an SSID, a security specifier, and a security token.
6. The method of claim 5 wherein the security specifier indicates an encryption type to be employed and the security token is a password, the SSID matching an SSID employed by the personal access point and obtained via the remote database.
7 The method of claim 1 further comprising:
broadcasting a MAC ID of the subscriber device to the public access point; receiving an SSID from the public access point, the SSID obtained via an exchange with the remote database for storing credentials for remote access; and
inserting the received SSID in a rendered list of SSIDs available for connection.
8. The method of claim 1 wherein receiving the identity further comprises:
scanning for wireless devices within range of the public access point;
receiving a probe from the subscriber device, the probe including a MAC ID designating the subscriber device; and
indexing a corresponding entry in the remote database using the MAC ID.
9. The method of claim 8 further comprising receiving the SSID of the user from the remote database, and broadcasting the SSID from the public access point upon detection of the device identifier from a device of the user.
10. The method of claim 8 further comprising automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range.
11. The method of claim 1 further comprising:
establishing, using the retrieved wireless profile, a wireless connection from the public access point to the subscriber device; authenticating an identity of the subscriber device using the wireless profile; and providing, based on the authentication, the established wireless connection with a full access connection via the public access point, the full access connection providing wireless services from the service network via the public access point.
12. The method of claim 11 further comprising superceding, based on the authentication, the established wireless connection with a full access connection via the public access point.
13. A public wireless access device for establishing wireless communication with a user device comprising:
an antenna responsive to a probe for identifying, at a public access point, a device corresponding to a subscriber;
a credential database interface configured to retrieve, via a device identifier of the subscriber device, a wireless profile corresponding to the subscriber from a remote database;
the wireless access point responsive to a wireless profile server for:
establishing, using the retrieved wireless profile, a wireless connection from the public access point to the device,
authenticating an identity of the device using the wireless profile; and providing, based on the authentication, the established wireless connection with a full access connection via the public access point.
14. The device of claim 13 wherein the retrieved wireless profile is based on a home access point previously employed by the subscriber device for establishing a wireless connection to the service network.
15. The device of claim 14 wherein the remote database includes an aggregation of the user wireless profile, at least one device identifier, and the identity of a plurality of public access points through which the user may connect using the user wireless profile.
16. The device of claim 13 wherein the public access point is operable to identify the subscriber device by:
scanning for wireless devices within range of the public access point;
receiving a probe from the subscriber device, the probe including a MAC ID designating the subscriber device; and
indexing a corresponding entry in the remote database using the MAC ID.
17. The device of claim 16 wherein the is the public access point is further configured to receive the Wireless Profile and SSID of the user from the remote database, and broadcast the SSID from the public access point upon detection of the device identifier associated with this Profile from a device of the user.
18. A computer program product on a non-transitory computer readable storage medium having instructions for performing a method for establishing wireless communication with a wireless user device comprising:
identifying, at a public access point, a device corresponding to a subscriber of a predetermined service provider;
retrieving, via a device identifier of the device, a wireless profile corresponding to the subscriber from a remote database, the remote database having subscriber information of the predetermined service provider;
establishing, using the retrieved wireless profile, a wireless connection from the public access point to the device;
authenticating an identity of the device using the wireless profile; and superceding, based on the authentication, the established wireless connection with a full access connection via the public access point.
19. The method of claim 18 further comprising establishing the remote database by aggregating the user wireless profile, the device identifier, and the identity of a plurality of public access points through which the user may connect using the user wireless profile.
20. The method of claim 19 wherein the remote database is an aggregation of residential subscribers and commercial public access points supported by a common Internet service provider for mapping the residential subscribers from the public access points via a MAC ID of the device of the user.
21. The method of claim 1 further comprising:
authenticating the subscriber device using the retrieved wireless profile;
upon authentication, pivoting the connection to a public wireless profile corresponding to the public access point; and
servicing the subscriber device for remote network access using the public wireless profile.
22. The method of claim 1 further comprising
transmitting the public wireless profile to the subscriber device following successful authentication of the personal wireless profile, the personal wireless profile providing only limited access to the public access point; and
Superceding the connection based on the personal wireless profile with a full service connection based on the public wireless profile
23. The method of claim 1 further comprising
identifying the MAC ID of the subscriber device from a successive public access point; transmitting the wireless profile of the successive public access point based on the recognition of the device identifier in the database; and
seamlessly providing a full service connection to the subscriber device using the transmitted device identifier /MAC ID without requiring an exchange using the personal wireless profile
24. The method of claim 23 further comprising transmitting the public wireless profile automatically upon detection of the subscriber device within range of a successive public wireless access point, the detection being a first detection by the successive wireless access point.
PCT/US2013/042839 2012-06-08 2013-05-28 Wireless session configuration persistence WO2013184433A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CA2875653A CA2875653C (en) 2012-06-08 2013-05-28 Wireless session configuration persistence
EP13800421.3A EP2865219B1 (en) 2012-06-08 2013-05-28 Wireless session configuration persistence

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/491,851 2012-06-08
US13/491,851 US8938785B2 (en) 2012-06-08 2012-06-08 Wireless session configuration persistence

Publications (1)

Publication Number Publication Date
WO2013184433A1 true WO2013184433A1 (en) 2013-12-12

Family

ID=49712492

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/042839 WO2013184433A1 (en) 2012-06-08 2013-05-28 Wireless session configuration persistence

Country Status (4)

Country Link
US (3) US8938785B2 (en)
EP (1) EP2865219B1 (en)
CA (1) CA2875653C (en)
WO (1) WO2013184433A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015092114A1 (en) * 2013-12-18 2015-06-25 Nokia Technologies Oy Establishing new access network
FR3016714A1 (en) * 2014-01-20 2015-07-24 Radiotelephone Sfr METHOD FOR SECURING WI-FI ROUTER DEVICES
EP3016429A1 (en) * 2014-10-29 2016-05-04 Comcast Cable Communications, LLC Network control
WO2016101729A1 (en) * 2014-12-26 2016-06-30 北京奇虎科技有限公司 Wireless network access method, device and system
EP3079393A1 (en) * 2015-04-10 2016-10-12 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router
CN108605199A (en) * 2015-11-19 2018-09-28 网易飞公司 Centralized access point configuration system and its operating method

Families Citing this family (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10142023B2 (en) 2003-01-31 2018-11-27 Centurylink Intellectual Property Llc Antenna system and methods for wireless optical network termination
US8769060B2 (en) 2011-01-28 2014-07-01 Nominum, Inc. Systems and methods for providing DNS services
US9756571B2 (en) * 2012-02-28 2017-09-05 Microsoft Technology Licensing, Llc Energy efficient maximization of network connectivity
US8938785B2 (en) * 2012-06-08 2015-01-20 Time Warner Cable Enterprises Llc Wireless session configuration persistence
US9392641B2 (en) 2012-07-05 2016-07-12 Centurylink Intellectual Property Llc Multi-service provider wireless access point
US9497800B2 (en) * 2012-07-05 2016-11-15 Centurylink Intellectual Property Llc Multi-service provider wireless access point
US9826399B2 (en) * 2013-01-04 2017-11-21 Apple Inc. Facilitating wireless network access by using a ubiquitous SSID
US10164989B2 (en) 2013-03-15 2018-12-25 Nominum, Inc. Distinguishing human-driven DNS queries from machine-to-machine DNS queries
US9215123B1 (en) * 2013-03-15 2015-12-15 Nominum, Inc. DNS requests analysis
CN104219667B (en) * 2013-05-31 2018-05-11 华为终端(东莞)有限公司 For establishing the method and apparatus of connection
EP2824973A1 (en) * 2013-07-09 2015-01-14 Orange Network architecture enabling a mobile terminal to roam into a wireless local area network
US20150127436A1 (en) * 2013-11-04 2015-05-07 David Neil MacDonald Community wi-fi network
US9749849B1 (en) * 2014-02-12 2017-08-29 The Wireless Registry, Inc. Systems and methods for associating user personal information with wireless enabled devices
US9554272B2 (en) * 2014-04-04 2017-01-24 Time Warner Cable Enterprises Llc Provisioning of wireless security configuration information in a wireless network environment
US9578620B2 (en) 2014-04-22 2017-02-21 Comcast Cable Communications, Llc Mapping and bridging wireless networks to provide better service
US10057813B1 (en) * 2014-05-09 2018-08-21 Plume Design, Inc. Onboarding and configuring Wi-Fi enabled devices
US10158995B2 (en) * 2014-06-25 2018-12-18 Mitel Networks Corporation Personal area network system and method
KR102300098B1 (en) 2014-10-15 2021-09-09 삼성전자주식회사 Electronic device for connecting communication and method for connecting communication
US9655034B2 (en) 2014-10-31 2017-05-16 At&T Intellectual Property I, L.P. Transaction sensitive access network discovery and selection
US9870534B1 (en) 2014-11-06 2018-01-16 Nominum, Inc. Predicting network activities associated with a given site
US9629076B2 (en) 2014-11-20 2017-04-18 At&T Intellectual Property I, L.P. Network edge based access network discovery and selection
JP6489835B2 (en) * 2015-01-09 2019-03-27 キヤノン株式会社 Information processing system, information processing apparatus control method, and program
US10623502B2 (en) 2015-02-04 2020-04-14 Blackberry Limited Link indication referring to content for presenting at a mobile device
US9838390B2 (en) * 2015-03-31 2017-12-05 Afero, Inc. System and method for automatic wireless network authentication
US10097368B2 (en) 2015-04-09 2018-10-09 Honeywell International Inc. WiFi access based actions/scenes execution in home automation security panels
US9591529B2 (en) 2015-05-20 2017-03-07 Xirrus, Inc. Access point providing multiple single-user wireless networks
US10162351B2 (en) 2015-06-05 2018-12-25 At&T Intellectual Property I, L.P. Remote provisioning of a drone resource
US10129706B2 (en) 2015-06-05 2018-11-13 At&T Intellectual Property I, L.P. Context sensitive communication augmentation
US9686404B1 (en) * 2015-08-05 2017-06-20 Sorenson Ip Holdings, Llc Methods and devices for automatically connecting to a communication service through a password protected network connection
US10542569B2 (en) * 2015-08-06 2020-01-21 Tmrw Foundation Ip S. À R.L. Community-based communication network services
CN105263196A (en) * 2015-08-31 2016-01-20 小米科技有限责任公司 Connection state prompting method and device
US10171439B2 (en) * 2015-09-24 2019-01-01 International Business Machines Corporation Owner based device authentication and authorization for network access
US10104111B2 (en) * 2016-02-17 2018-10-16 Sony Corporation Network security for internet of things
US11696216B2 (en) * 2016-02-18 2023-07-04 Comcast Cable Communications, Llc SSID broadcast management to support priority of broadcast
JP6684123B2 (en) * 2016-03-22 2020-04-22 キヤノン株式会社 Image forming apparatus, control method and program
US10251042B2 (en) 2016-07-27 2019-04-02 Mario Soave Activity-triggered provisioning of portable wireless networks
US9781696B1 (en) * 2016-07-27 2017-10-03 Mario Soave Activity-triggered provisioning of portable wireless networks
CN106303952A (en) * 2016-07-28 2017-01-04 百度在线网络技术(北京)有限公司 A kind of method and apparatus of the WiFi access point for accessing target shop
EP3277008A1 (en) * 2016-07-29 2018-01-31 Deutsche Telekom AG Subscriber identity element for authenticating a communication device to a communication network
JP2018029220A (en) * 2016-08-15 2018-02-22 富士ゼロックス株式会社 Wireless network device, image formation apparatus, wireless network system and program
US10470241B2 (en) 2016-11-15 2019-11-05 At&T Intellectual Property I, L.P. Multiple mesh drone communication
US11419165B2 (en) * 2016-12-27 2022-08-16 Ambeent Inc. Method and system for establishing a connection between a client device and a Wi-Fi access point using a cloud platform
CN109196916A (en) * 2016-12-30 2019-01-11 华为技术有限公司 A kind of method, apparatus and system obtaining authentication information
CN110268733B (en) 2016-12-30 2022-05-10 英国电讯有限公司 Automatically pairing devices to a wireless network
EP3563599B1 (en) * 2016-12-30 2021-10-13 British Telecommunications Public Limited Company Automatic pairing of devices to wireless networks
US10419318B2 (en) 2017-02-14 2019-09-17 At&T Intellectual Property I, L.P. Determining attributes using captured network probe data in a wireless communications system
CN110557773B (en) * 2018-06-01 2023-04-21 慧与发展有限责任合伙企业 Categorizing interfering devices using a classifier received from a centralized repository
US11102259B2 (en) * 2019-01-22 2021-08-24 Apple Inc. Network system for content playback on multiple devices
EP3879422A1 (en) 2020-03-09 2021-09-15 Carrier Corporation Network identifier and authentication information generation for building automation system controllers
WO2021221812A1 (en) * 2020-04-30 2021-11-04 Arris Enterprises Llc Wi-fi ssib broadcasting activation and deactivation based on client position and predicted movement
CN115209509A (en) * 2022-06-01 2022-10-18 北京快乐茄信息技术有限公司 Method, device, equipment and storage medium for establishing connection

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6961762B1 (en) * 2000-02-14 2005-11-01 Sygate Technologies, Inc. Automatic switching network points based on configuration profiles

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100469083B1 (en) * 2002-02-19 2005-02-02 주식회사 코베콤 System and Method for providing service in wireless network environment using customer relation management
US7693516B2 (en) * 2004-12-28 2010-04-06 Vtech Telecommunications Limited Method and system for enhanced communications between a wireless terminal and access point
US8527938B2 (en) * 2005-06-21 2013-09-03 The Boeing Company Worklet modeling
ATE484143T1 (en) * 2005-09-30 2010-10-15 Alcyone Holding S A METHOD AND DEVICE FOR SETTING UP A CONNECTION BETWEEN A MOBILE DEVICE AND A NETWORK
US7903817B2 (en) * 2006-03-02 2011-03-08 Cisco Technology, Inc. System and method for wireless network profile provisioning
US8265621B2 (en) * 2006-08-29 2012-09-11 Marvell International Ltd. Wi-Fi based geo-location connectivity
US8582543B2 (en) * 2007-03-15 2013-11-12 Panasonic Corporation Wireless communication device and access point connection method
JPWO2009034624A1 (en) * 2007-09-12 2010-12-16 パナソニック株式会社 Wireless terminal device, wireless connection method, and program
JP2010192993A (en) * 2009-02-16 2010-09-02 Panasonic Corp Wireless communication device, and priority change method
TW201038011A (en) * 2009-04-07 2010-10-16 Chicony Electronics Co Ltd Wireless network connecting and setting method and application thereof
US8473743B2 (en) * 2010-04-07 2013-06-25 Apple Inc. Mobile device management
GB2485239B (en) * 2010-11-08 2014-08-27 Samsung Electronics Co Ltd Providing access of a user equipment to a data network
US8699379B2 (en) * 2011-04-08 2014-04-15 Blackberry Limited Configuring mobile station according to type of wireless local area network (WLAN) deployment
JP2014515902A (en) * 2011-04-21 2014-07-03 エンパイア テクノロジー ディベロップメント エルエルシー Locative social networking using mobile devices
JP5903663B2 (en) * 2011-07-27 2016-04-13 パナソニックIpマネジメント株式会社 Network connection apparatus and method
US8904013B2 (en) * 2012-01-26 2014-12-02 Facebook, Inc. Social hotspot
US9479488B2 (en) * 2012-01-26 2016-10-25 Facebook, Inc. Network access based on social-networking information
US8938785B2 (en) * 2012-06-08 2015-01-20 Time Warner Cable Enterprises Llc Wireless session configuration persistence
US8913959B1 (en) * 2012-09-28 2014-12-16 Juniper Networks, Inc. Method and apparatus for facilitating wireless access point registration
KR102248694B1 (en) * 2014-12-02 2021-05-07 삼성전자주식회사 Method for managing profile and electronic device supporting thereof
CN107113306A (en) * 2014-12-31 2017-08-29 班德韦斯克公司 System and method for controlling the access to wireless service

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6961762B1 (en) * 2000-02-14 2005-11-01 Sygate Technologies, Inc. Automatic switching network points based on configuration profiles

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NIRMALA SHENOY ET AL., IEEE WIRELESS COMMUNICATIONS, June 2005 (2005-06-01), XP010887970 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015092114A1 (en) * 2013-12-18 2015-06-25 Nokia Technologies Oy Establishing new access network
FR3016714A1 (en) * 2014-01-20 2015-07-24 Radiotelephone Sfr METHOD FOR SECURING WI-FI ROUTER DEVICES
US9608864B2 (en) 2014-10-29 2017-03-28 Comcast Cable Communications, Llc Network control
EP3016429A1 (en) * 2014-10-29 2016-05-04 Comcast Cable Communications, LLC Network control
US11646934B2 (en) 2014-10-29 2023-05-09 Comcast Cable Communications, Llc Network control
US10985976B2 (en) 2014-10-29 2021-04-20 Comcast Cable Communications, Llc Network control
WO2016101729A1 (en) * 2014-12-26 2016-06-30 北京奇虎科技有限公司 Wireless network access method, device and system
US9965225B2 (en) 2015-04-10 2018-05-08 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
US10599368B2 (en) 2015-04-10 2020-03-24 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
EP3079393A1 (en) * 2015-04-10 2016-10-12 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
CN106060303A (en) * 2015-04-10 2016-10-26 佳能株式会社 COMMUNICATION APPARATUS and METHOD OF CONTROLLING THE SAME
KR20160121411A (en) * 2015-04-10 2016-10-19 캐논 가부시끼가이샤 Communication apparatus, method of controlling the same, and storage medium
KR102007689B1 (en) * 2015-04-10 2019-08-06 캐논 가부시끼가이샤 Communication apparatus, method of controlling the same, and storage medium
US10372386B2 (en) 2015-04-10 2019-08-06 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
CN106060303B (en) * 2015-04-10 2019-10-08 佳能株式会社 Communication device and its control method
CN106060303B9 (en) * 2015-04-10 2020-01-21 佳能株式会社 Communication apparatus and control method thereof
US10552097B2 (en) 2015-04-10 2020-02-04 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
JP2016201701A (en) * 2015-04-10 2016-12-01 キヤノン株式会社 Communication device, control method thereof, and program
US10901662B2 (en) 2015-04-10 2021-01-26 Canon Kabushiki Kaisha Communication apparatus, method of controlling the same, and storage medium
CN108605199A (en) * 2015-11-19 2018-09-28 网易飞公司 Centralized access point configuration system and its operating method
WO2018036221A1 (en) * 2016-08-23 2018-03-01 上海斐讯数据通信技术有限公司 Wireless network security verification device, method thereof, and router

Also Published As

Publication number Publication date
US20130333016A1 (en) 2013-12-12
CA2875653A1 (en) 2013-12-12
US10659962B2 (en) 2020-05-19
US20180152843A1 (en) 2018-05-31
EP2865219B1 (en) 2019-10-23
US8938785B2 (en) 2015-01-20
EP2865219A1 (en) 2015-04-29
CA2875653C (en) 2019-08-06
US20150121505A1 (en) 2015-04-30
EP2865219A4 (en) 2016-01-20
US9883391B2 (en) 2018-01-30

Similar Documents

Publication Publication Date Title
US10659962B2 (en) Wireless session configuration persistence
KR101567294B1 (en) Apparatuses and computer program products for discovering and accessing local services via wifi hotspots
US9264433B2 (en) Secure and automatic connection to wireless network
US10097587B2 (en) Communication management and policy-based data routing
US11303710B2 (en) Local access information for presenting at a mobile device
US20230231838A1 (en) Multi-option authentication portal implementation in a network environment
US11089477B2 (en) Methods and apparatus for obtaining a service
US9648577B1 (en) ADSS enabled global roaming system
US10462673B2 (en) Wireless network management and online signup of services
US8948728B2 (en) Method and apparatus for using a cellular network to facilitate access by a mobile device to a local wireless access point
US20210160128A1 (en) Provisioning of wireless security configuration information in a wireless network environment
US20160262014A1 (en) Method and system for configuring a device for use over a communication network
US20200077455A1 (en) Communication management and wireless roaming support
JP2014235439A (en) Communication device, control method, and program
US20170006515A1 (en) Dynamic generation of per-station realm lists for hot spot connections

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13800421

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2875653

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2013800421

Country of ref document: EP