WO2016186539A1 - A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network. - Google Patents

A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network. Download PDF

Info

Publication number
WO2016186539A1
WO2016186539A1 PCT/SE2015/050566 SE2015050566W WO2016186539A1 WO 2016186539 A1 WO2016186539 A1 WO 2016186539A1 SE 2015050566 W SE2015050566 W SE 2015050566W WO 2016186539 A1 WO2016186539 A1 WO 2016186539A1
Authority
WO
WIPO (PCT)
Prior art keywords
sta
network access
access information
network
light source
Prior art date
Application number
PCT/SE2015/050566
Other languages
French (fr)
Inventor
Maziar MEHRABI
Le Wang
Mohit SETHI
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2015/050566 priority Critical patent/WO2016186539A1/en
Priority to EP15892704.6A priority patent/EP3298813B1/en
Priority to US15/572,343 priority patent/US10594680B2/en
Publication of WO2016186539A1 publication Critical patent/WO2016186539A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • H04B10/1141One-way transmission
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • H04B10/1149Arrangements for indoor wireless networking of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • H04B10/116Visible light communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/06Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals

Definitions

  • Embodiments herein relate to a communications system, and a method therein. Embodiments herein further relate to a Station (STA) and a controller of a light source and methods therein. In particular, they relate to authenticating the STA to access a network.
  • STA Station
  • a controller of a light source and methods therein relate to authenticating the STA to access a network.
  • Wi-Fi is a local area wireless computer networking technology that allows electronic devices access to network.
  • a W-Fi network makes use of radio waves to transmit information across a network.
  • Wi-Fi is based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.1 1 standards.
  • IEEE Institute of Electrical and Electronics Engineers'
  • Wi-Fi technology may be used to provide Internet access to devices that are within the range of a wireless network.
  • Devices may access a network resource such as the Internet via a wireless network Access Point (AP).
  • the AP may provide Internet access over cable or cellular networks such as Second Generation (2G), Third generation (3G), Long Term Evolution (LTE) etc. among other options.
  • WiFi APs may provide user devices with access to a network resource such as the Internet, without authenticating them. However, since this is insecure and vulnerable to attacks, AP owners may provide security by authentication the users and encrypting traffic.
  • a correct access information is required to be entered in the end user device. It is often asked for a combination of a customer's last name, room number and a special passcode to be entered. Then the user of the end user device has to make sure all the information is entered into the right boxes correctly. Typing all the information into small text boxes on an end user device such as a mobile device causes reduction of use experience of staying at the hotel.
  • the user of the end user device needs to make sure to be connected to the correct hotel network. Fake or poseur networks often show up as a way to lure hotel customers to give private information away unknowingly.
  • Free W-Fi connections are also offered as one of the services in a hotel.
  • the wireless network name such as a Service Set Identification (SSID) may be embedded in beacon signals broadcasted by a wireless access point to be heard by end user devices within radio range of the access point.
  • SSID Service Set Identification
  • the SSID becomes publically visible to all the W-Fi end user devices in the range.
  • a business owner does not want to advertise the information to all the Wi-Fi end user devices, only to specific Wi-Fi end user devices being inside the premises especially.
  • Wi-Fi Protected Access WPA
  • Wi-Fi Protected Access II WPA2
  • the WPA2-Personal mode of WPA2 provides security based on pre-shared passwords among users.
  • WPA2-Personal provides security based on pre-shared passwords among users. However, this is not convenient as the user of a wireless device first needs to obtain correct SSID and password and then enter them for authentication and successful Internet access. Additionally, the passwords are vulnerable against guessing and cracking since they are not updated frequently.
  • the WPA2-Enterprise mode of WPA2 provides security based on the IEEE 802.1X standard. IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC) and is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a Local Area Network (LAN) or Wireless Local Area Network (WLAN).
  • PNAC Port-based Network Access Control
  • IEEE 802.1X uses an authentication server to validate users and provide network access. On wireless networks, IEEE 802.1X may work with WPA, WPA2, or Wired Equivalent Privacy (WEP) keys. This type of authentication is typically used when connecting to an enterprise network. However, this requires Wi-Fi users to obtain access credentials off-line, resulting in unnecessary troubles, like visiting or ringing front-desk at a hotel for username and password.
  • WPA Wired Equivalent Privacy
  • the object is achieved by a method performed by a communications system, for authenticating a station, STA, to access a network.
  • the STA is capable of communicating with a light source.
  • the method comprises:
  • the object is achieved by a method performed by a Station, STA, for authenticating in the STA to a network.
  • the STA is capable of communicating with a light source, the method comprises:
  • VLC Visual Light Communication
  • the object is achieved by a method performed by a controller of a light source for providing authentication of an STA to access a network.
  • the STA is capable of communicating with the light source.
  • the controller of the light source manages the light source to perform the method comprising:
  • the network access information is received from a management server and sent to the STA via a Visual Light
  • VLC Communication, VLC, channel.
  • the VLC channel is emitted from the light source.
  • the network access information enables the STA to authenticate to the network by sending the network access information via a communication channel to an Access Point, AP, operating in the Network.
  • AP Access Point
  • the object is achieved by a communications system for authenticating a Station, STA, to access a network.
  • the STA is capable of communicating with a light source.
  • the communications system comprises:
  • a management server being configured to send to a controller of the light source, network access information.
  • the light source is configured to send to the STA, the received network access information.
  • the network access information is to be sent to the STA via a Visual Light Communication, VLC, channel.
  • the VLC channel is adapted to be emitted from the light source and received by a light detector in the STA.
  • the STA is configured to authenticate the STA to the network by sending the received network access information to an Access Point, AP, operating in the network, wherein the STA is adapted to communicate with the AP via a communication channel.
  • AP Access Point
  • the object is achieved by a Station, STA, for authenticating in the STA to a network.
  • the STA is capable of communicating with a light source.
  • the STA is configured to:
  • VLC Visual Light Communication
  • the object is achieved by a controller of a light source for providing authentication of an STA to access a network.
  • the STA is capable of communicating with the light source.
  • the controller of the light source is configured to manage the light source to send to the STA network access information.
  • the network access information is to be received from a management server and sent to the STA via a Visual Light Communication, VLC, channel.
  • the VLC channel is adapted to be emitted from the light source.
  • the network access information enables the STA to authenticate to the network by sending the network access information via a
  • Embodiments herein provide the following advantages:
  • Stations can discover APs on unsupported bands, for example a station using 802.1 1 n can at least know that there are is AP that support 802.11 a only and inform the user about this issue BRIEF DESCRIPTION OF THE DRAWINGS
  • Figure 1 is a schematic block diagram illustrating embodiments of a communications system.
  • Figure 2 is a sequence diagram depicting embodiments of a method.
  • Figure 3 is a flowchart depicting embodiments of a method in a STA.
  • Figure 4 is a flowchart depicting embodiments of a method in a controller of a light source.
  • Figure 5 is a sequence diagram depicting embodiments of a sequence of actions
  • Figure 6 is a sequence diagram depicting embodiments of a sequence of actions
  • Figure 7 is a sequence diagram depicting embodiments of a sequence of actions
  • Figure 8 is a schematic block diagram illustrating embodiments of a STA.
  • Figure 9 is a schematic block diagram illustrating embodiments of controller of a light source.
  • Figure 10 is a schematic block diagram illustrating embodiments of a communications system.
  • One example of the object of embodiments herein is to improve use experience of authenticating and accessing W-Fi networks, and provide efficiency into the system.
  • Example of embodiments herein relate to methods and a system for authorizing access to Wi-Fi users with convenient login process and fine-grained access control by using Visible Light Communication (VLC).
  • VLC Visible Light Communication
  • embodiments herein provide a system and methods that provides convenient and efficient authentication and access control for wireless users in places, like hotels, offices and so on.
  • a device with Wi-Fi module and embedded VLC receiver e.g. camera, photodetector
  • may obtain the information such as e.g. credentials directly via visual light emitted from management server controlled light sources such as e.g. LEDs.
  • Embodiments herein further provide convenience for users of stations when connecting stations to Wi-Fi networks.
  • VLC Voice Call Control
  • One main point missing from the draft is the purpose or problem we want to solve.
  • FIG. 10 Figure 1 shows a communications system 100 in which embodiments herein may be implemented.
  • the communications system 100 may e.g. comprises a Wireless Local Access Network (WLAN), a Cellular network or any other wireless networks.
  • WLAN Wireless Local Access Network
  • Cellular network any other wireless networks.
  • One or more APs operate in the communications system 100, whereof one, an AP 15 110 is depicted in Figure 1.
  • the one or more APs may represent an access network such as a WFi network.
  • the AP 110 is an access point providing access to a network 115 for end user devices such as STAs.
  • the network 115 may e.g. be the Internet, or any private WLAN.
  • the AP 110 is capable of exchange authentication messages with e.g. a W-Fi client 20 in a STA and provides network connections such as e.g. Internet or intranet connections.
  • the outer frame 118 in Figure 1 resembles an area covered by signals such as Wi-Fi signals provided by the APs. Users of devices such as a STA 120 who receive credentials through light sources of the supported area will be authorized to get access the network 1 15 via AP 1 10.
  • One or more STAs are located in the communications system 100, whereof one, the STA 120 is depicted in Figure 1.
  • the STA 120 may be a user equipment, a mobile wireless terminal, a mobile phone, a computer, a tablet computer, sometimes referred to as a surf plate, with wireless capabilities, or any other units capable to communicate with 30 the communications system 100.
  • the STA 120 may comprise a module for accessing a network via the AP 1 10.
  • the module may e.g. be a Wi-Fi module comprising a Wi-Fi client that receives Wi-Fi login credentials through a light source.
  • the STA 120 communicates with the AP 1 10 via a communication channel, such as 35 the IEEE 802.11 ⁇ .
  • the STA 120 further comprises a light detector which may receive a VLC channel.
  • the light detector may e.g. be a VLC receiver such as e.g. a camera, or a photodetector.
  • the STA 120 is thus capable of communicating with a light source 140.
  • the Light source 140 may e.g. be a LED.
  • the light source 140 is capable of emitting a VLC channel which e.g. may be received by the light detector in the STA 120.
  • the light source 140 may e.g. be a VLC-capable light bulb.
  • Light sources such as the light source 140 may be located in individual rooms and other spaces or areas of a building such as an office building or hotel.
  • the light source 140 may e.g. be located in a room 142.
  • the room 142 may be a hotel room, a room in an office or any kind of room.
  • the STA 120 When the STA 120 is located in the same room 142 or other space as the light source 140 preferably in visible sight to the light source 140, it is capable of receiving a VLC channel emitted from the light source 140.
  • the minimum distance from the STA120 to the light source 140 to be visible depends on the sensitivity of photodetector or camera in the STA 120, the brightness of light source 140 and algorithms used.
  • Each light source such as the light source 140 is controlled by a respective controller, herein referred to as a controller 145 of the light source 140.
  • the controller 145 may be an external controller or may be built-in the light source.
  • the controller 145 may encode and the light source 140 sends to the STA 120, information such as network login credentials via the light source 140.
  • the light source controllers such as the controller 145 of the light source 140 are in communication with a management server 150.
  • the controller 145 may e.g. be collocated with the light source 140 as mentioned above or with the management server 150 or it may be a unit by itself.
  • the management server 150 signals to light controllers such as the controller 145, and authenticates Wi-Fi users such as the STA 120.
  • the STA 120 is capable of obtain network access information such as e.g. network access credentials directly from the management server 150 via visual light such as the VLC channel emitted from the light source 140 being controlled by the controller 145, instead of obtaining login credentials off-line.
  • network access information such as e.g. network access credentials directly from the management server 150 via visual light such as the VLC channel emitted from the light source 140 being controlled by the controller 145, instead of obtaining login credentials off-line.
  • VLC Visual Light Communication
  • VLC systems have the potential for high signal-to-noise ratios, and may be contained easily within walls providing a high degree of spatial diversity.
  • VLC provides a communication scheme that e.g. enables interior ambient light sources such as the light source 140 which may be related to LED lighting systems to send data to devices using either cameras or light sensors.
  • interior ambient light sources such as the light source 140 which may be related to LED lighting systems to send data to devices using either cameras or light sensors.
  • the VLC may use a demodulation approach that e.g. allows smartphones to accurately detect frequencies as high as 8 kHz with 0.2 kHz channel separation.
  • a VLC system may e.g. operate at frequencies above 2 kHz and compensate for the non-ideal frequency response of standard LED drivers by adjusting the light's duty- cycle.
  • Embodiments herein uses VLC, which is a data communication medium using visible light from the light source 140 for data transmission.
  • VLC is a data communication medium using visible light from the light source 140 for data transmission.
  • controlled VLC light sources such as the light source 140 controlled by the controller 145, to embed login information into a visual channel would bring an efficient and convenient way to access secured wireless networks such as e.g. the network 1 15.
  • LEDs have become increasingly popular e.g. in hotels over the past few years. Deploying or upgrading current lighting system would give the hotel a light makeover, and create relaxing or uplifting social areas to welcome guests and make them feel comfortable. Thus, to have VLC-capable LEDs would not be costly for business owners.
  • the location of LED may directly inform e.g. a hotel's authentication system which hotel room or area the LED covers.
  • radio spectrum methods such as short-wave radio or Wi-Fi
  • visible light cannot travel through non-transparent physical material e.g. wall, ceiling.
  • the light source 140 may be programmed by the management server 150 via the controller 145 to flash coded signals in lighting with high-frequency on-off changes in order to convey login information to a device such as the STA 120 with embedded camera. Once the device obtains the information, it may authenticate itself against the management server 150 in order to join the network such as the network 115.
  • Embodiments herein provide to use VLC as a visual channel to transmit information, such as SSID, BSSID, channel, username and password, to devices such as the STA 120 with e.g. embedded camera and Wi-Fi module for connecting to wireless networks.
  • information such as SSID, BSSID, channel, username and password
  • SSID and BSSID are information about the network. They tell which WIFI access point the station may try and connect with.
  • Embodiments of a method will first be described in a general way from the perspective of the communications system 105.
  • Example embodiments of the method performed by a communications system 105, for authenticating the STA 120 to access a network 1 15, will now be described with reference to a sequence diagram depicted in Figure 2.
  • the STA 120 is capable of communicating with the light source 140.
  • the method comprises the following actions, which actions may be taken in any suitable order.
  • the STA 120 is about to access to the network 1 15 via the AP 1 10.
  • the management server 150 sends network access information to the controller 145 of the light source 140.
  • the network access information such as the network access credentials may e.g. be provided to the management server 150 either manually by a network administrator or owner or may be discovered over the network automatically.
  • the network access information may comprise any one or more out of: a Service
  • SSID Set Identification
  • BSSID Basic Service Set Identification
  • Communication channel information username, password, certificates, channel and cipher suites supported among other such information, and credentials for the AP 1 10 that provides network access.
  • the controller 145 provides the network access information to the light source 140.
  • the light source 140 sends the received network access information to the STA 120.
  • the controller 145 manages the light source 140 to perform the sending of the network access information.
  • the network access information is sent to the STA 120 via a VLC channel.
  • the VLC channel is emitted from the light source 140 and received by a light detector in the STA 120.
  • only a first part of the network access information is sent to the STA 120 via the VLC channel, before the STA 120 authenticates to the network 115.
  • the optional actions 20-206 below will be performed wherein a second part of the network access information will be sent in action 206.
  • the first part of the network access information may e.g. comprise SSID and BSSID, and the second part of the network access information may comprise a password. This will be explained ore in detail below.
  • the AP 110 may receive the first part network access information and an identity of the STA 120 from the STA 120, and send it to the management server 150.
  • the STA 120 may send the first part network access information to the AP 1 10.
  • the AP Upon receiving the first part network access information, the AP requests an identity of the STA 120. The STA 120 then sends the requested identity to the AP 110.
  • the management server 150 authenticates the STA 120 by using the received identity of the STA 120.
  • the management server 150 sends the second part of the network access information to the controller 145 of light source 140, when the STA 120 has been successfully authenticated.
  • the light source 140 then sends the received second part of the network access information to the STA 120 via the VLC channel.
  • the STA 120 authenticates the STA 120 to the network 115 by sending the received network access information to the AP 1 10 operating in the network 1 15.
  • the STA 120 communicates with the AP 1 10 via a communication channel.
  • only the received second part of the network access information is sent at this stage.
  • the STA 120 may now access the network 1 15. Embodiments of the method described above will now be described in a general way, first from the perspective of the STA 120 and then from the perspective of the controller 145 of a light source 140. This will be followed by a more detailed description with examples and explanations. Example embodiments of a method performed by the STA 120 for authenticating the STA 120 to a network 1 15, will now be described with reference to a flowchart depicted in Figure 3. As mentioned above the STA 120 is capable of communicating with a light source 140. According to the example scenario, the STA 120 wish to access to the network 1 15 via the AP 110.
  • the method comprises the following actions, which actions may be taken in any suitable order.
  • the STA 120 is located in the same space or room 142 as the light source 140, and preferably in visible sight of the light source 140.
  • the STA 120 is thus capable to communicate with the light source 140 by using VLC.
  • the STA 120 receives network access information from the management server 150 via the VLC channel.
  • the VLC channel is emitted from the light source 140 and received by the light detector in the STA 120.
  • the network access information may comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 110 that provides network access.
  • Action 302 a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 110 that provides network access.
  • the STA 120 authenticates the STA 120 to the network 1 15 by sending the network access information to the AP 110 operating in the network 5 115.
  • the STA 120 communicates with the AP 110 via a communication channel.
  • this action of authenticating the STA 120 to the network 115 comprises:
  • the first part of the network access information may comprise any one or more out of an SSID and a BSSID.
  • the second part of the network access information may comprise a password.
  • this action of authenticating 301 the STA 120 to the network 115 further comprises selecting a data rate for communication with the network 1 15.
  • Example embodiments of a method performed by the controller 145 of the light source 140 for providing authentication of an STA 120 to access a network 1 15 will now be described with reference to a flowchart depicted in Figure 4.
  • the5 STA 120 is capable of communicating with the light source 140.
  • the STA 120 wishes to access to the network 1 15 via the AP 110.
  • the controller 145 of the light source 140 manages the light source 140 to perform the method comprising the following actions, which actions may be taken in any suitable order. Dashed lines of boxes in Figure 4 indicate that this action is not mandatory.
  • the controller 145 of the light source 140 receives network access information or a first part of the network access information from the management server 150.
  • the network access information may comprise any one or more out of: a Service5 Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
  • Action 402 a Service5 Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
  • the controller 145 of the light source 140 manages the light source 140 to send the network access information to the STA 120.
  • the network access information is sent to the STA 120 via a VLC channel.
  • the VLC channel is emitted from the light source 140.
  • the network access information enables the STA 120 to authenticate to the network 1 15 by sending the network access information via a communication channel to the AP 110 operating in the Network 1 15.
  • only the first part of network access information is sent to the STA 120 via the VLC channel before the STA 120 starts the authentication to the network 1 15.
  • the optional actions 40-404 below will be performed wherein a second part of the network access information will be sent in action 204.
  • the controller 145 of the light source 140 receives a second part of the network access information from the management server 150, when the STA 120 has been successfully authenticated.
  • the controller 145 of the light source 140 manages the light source 140 to send the second part of the network access information to the STA via the light source 140.
  • the first part of the network access information comprises any one out of SSID and BSSID, and the second part of the network access information comprises a password.
  • the controller 145 of the light source 140 may manage the light source 140 to send updated network access information to the STA 120.
  • sensitive information is sent through the light source 140, and the STA 120 may receive this information by any photon receiver such as camera built-in mobile phones, computers or any other light-receiving device/demodulator including the STA 120.
  • the lightening infrastructure of the light source 140 may be used for this purpose.
  • the light source 140 is controlled by the controller 145, which controller 145 is in communication with the management server 150. This communication may be one-way, from the management server to controller 145, or bidirectional.
  • the management server 150 sends sensitive information to light controllers such as the controller 145 to be transmitted through the respective light source including the light source 140.
  • ASK Amplitude-Shift Keying
  • the outer frame 1 18 in Figure 1 resembles the area covered by Wi-Fi signals. Users of devices such as the STA 120 who receive the credentials through the lightening system of the supported area will be authorized to get access to the Wi-Fi network. This authorization is controlled by the management server 150 which updates the credential information in the AP 1 10, other associated APs, the light source 140 via the controller 140, and other associated light sources frequently. Users of devices without the knowledge of recent credentials are considered to be outside of the pre-defined area and hence will not be authorized to get connected to the network 115.
  • Embodiments herein may work both with WPA2-Personal and WPA2-Enterprise certifications.
  • the VLC is simply used for communicating a password for obtaining Internet Access via the AP 110.
  • the STA 120 is still responsible for selecting the appropriate access point e.g. from a list of access points detected in its ambient environment. This may be circumvented and the whole process may be automated by also communicating a SSID over the VLC channel. An application of the STA 120 may then simply be opened and the STA 120 would connect with the AP 110 using the SSID and password received over the VLC channel without requiring any further user action.
  • Figure 5 depicts an embodiment using WPA Personal WiFi authentication with VLC communication.
  • the management server 150 may change the information, i.e. the credentials transmitted on the VLC channel, the passwords may be frequently updated for increased security. Additionally, since the user of a STA is no longer responsible for obtaining the password from the reception or the wall and entering them into the system, the passwords may be much more complex to protect against guessing or cracking or dictionary attacks.
  • the VLC channel may also be used for
  • Probe request and response messages no longer need to be exchanged. All the necessary information is already available to the STA 120 over the VLC channel and the STA 120 may ensure that it supports one of the advertised data rates for the connection to the network to succeed. This implies that data rate selection is now done by the STA 120 instead of the AP 110.
  • beacon message By not broadcasting the beacon message may also provide some level of anonymity, hiding the fact there is a Wi-Fi service with a given SSID in that building.
  • An AP may choose not to respond to those probe requests to provide additional protection.
  • the access control may be improved. E.g. in an office environment some rooms will receive BSSID and other necessary credentials for an AP that provides access to both the Internet and Intranet. Other areas of the office building will receive credentials for access points that only provide Internet access.
  • Rekeying may be triggered by either the management server 150 or STA users themselves such as the user of the STA 120 whenever a STA is within the range a light source according to embodiments herein. For example by pressing a switch in the room /please give an example of this here: The light source 110 may send new keys to the STA 120 and old ones may be invalidated. Many enterprise scenarios require much more fine-grained user/device
  • IEEE 802.1X defines encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802. Embodiments herein may be integrated with such WPA2-Enterprise certified 802.1x based authentication as well.
  • EAP Extensible Authentication Protocol
  • an authentication server e.g. being part of the AP 1 10 or the management server can support RADIUS/DIAMETER or similar protocols.
  • Remote Authentication Dial In User Service (RADIUS) and DIAMETER are Authentication, Authorization, and Accounting (AAA) protocols for users who connect and use a network service may simply configure the VLC channel to communicate the same Network Access Identifier (NAI) and credentials, depending on the EAP method used, for all user devices such as the STA 120.
  • NAI Network Access Identifier
  • EAP Extensible Authentication Protocol
  • PSK Pre-Shared Key
  • TLS Transport Layer Security
  • FIG. 6 depicts a WPA-Enterprise 802.1x authentication with visible light communication. As shown in Figure 6 this may be improved by only communicating the network access information such as the SSID, BSSID, data rate etc. details on the VLC channel.
  • a network application in the STA 120 may automatically start the connection request to the AP 110 upon receiving the network access information.
  • the STA 120 such as an application the STA 120, prompts the STA 120 for the appropriate username. From there on, multiple EAP Request Responses are sent between the STA 120, such as the application the STA 120
  • the authorization server 150 sends a Radius Accept message along with the PMK to the AP 110.
  • the AP 1 10 and the STA 120 finally use this PMK for performing a 4-way handshake and deriving Pairwise Transient Keys (PTK) and/or Groupwise Transient keys (GTK).
  • PTK Pairwise Transient Keys
  • GTK Groupwise Transient keys
  • Figure 7 depicts a WPA-Enterprise 802.1x authentication with visible light communication and modified EAP method. To overcome this challenge, some
  • FIG. 7 the first part of the network access information and the second part of the network access information is communicated on the visible light channel at two different stages. This relates to Actions 202-206 ,302, 402-404 described above.
  • the STA 120 such as the application the STA 120 responsible for network connection only receives the SSID, BSSID, data rate etc.
  • the STA 120 such as the application the STA 120 then initiates the connection with the appropriate AP 110.
  • the STA 120 such as the application the STA 120 receives an EAP-ldentity request from the AP 110, it prompts the STA 120 or the user of the STA 120 to enter a user name.
  • the user name may be the guest name in which the hotel was booked or the email id that was used for booking the hotel.
  • the STA 120 such as the application the STA 120 may inform what kind of username it is expecting. This information may also be communicated over the visible light channel the first part of the network access information as shown in Figure 7.
  • the STA 120 such as the application the STA 120 would then add a realm to this username, which may e.g. be @local, indicating only local authentication supported and if the first hop management server 150 cannot service this request then the STA 120 won't get Wi-Fi access, or the realm may also be communicated over the VLC channel e.g. in the first part of the network access information.
  • a realm may e.g. be @local, indicating only local authentication supported and if the first hop management server 150 cannot service this request then the STA 120 won't get Wi-Fi access, or the realm may also be communicated over the VLC channel e.g. in the first part of the network access information.
  • the AP 110 Upon receiving the identity in the EAP-Response message, the AP 110 forwards the username to the management server 150 as a radius/diameter message.
  • authentication sever 150 is then responsible for checking if there is an active guest account. Additionally the authentication sever 150 may e.g. enforce a total number of logins supported with that username and some data limits for accounting purposes.
  • the management server 150 sends the password to the STA 120 via the controller 145 and the light source 140 over the VLC channel and sends the PMK to the AP 110.
  • the password is sent to the STA 120 as the second part of the network access information.
  • the password sent to the STA 120 over the VLC channel may in this example be location specific.
  • the management server 150 may estimate the location of the STA 120 based on the requesting AP 110. So if the username received corresponds to a guest in room number 428, and the request is coming from an AP on the 4th floor, then the password is communicated over the light sources in or near room 428. If the management server 150 detects that the authentication request is from an AP in a common area, such as a lounge, and then it sends the password only to those relevant light sources in the lounge.
  • the AP 110 and the STA 120 derive the PTK and GTK using the PM K.
  • Embodiments herein may also be used with a modified version of EAP-SIM/EAP- AKA/EAP-AKA' to make sure that there is a valid user in hotel with the phone number that was used during the booking.
  • EAP for GSM Subscriber Identity Module (EAP-SIM) is used for authentication and session key distribution using the Subscriber Identity Module (SIM) from the Global System for Mobile Communications (GSM).
  • SIM Subscriber Identity Module
  • EAP-AKA Authentication Protocol Method for Universal Mobile Telecommunications System
  • USIM UMTS Subscriber Identity Module
  • AKA Prime AKA Prime variant of EAP-AKA, defined in RFC 5448, and is used for non- 3GPP access to a 3GPP core network.
  • the communications system 100 may comprise the following arrangement.
  • the STA 120 is capable of communicating with a light source 140.
  • the communications system 100 comprises the management server 150 being configured to send to a controller 145 of the light source 140, network access information.
  • the communications system 100 further comprises the controller 145 of the light source 140 being configured to send to the STA 120, the received network access information.
  • the network access information is to be sent to the STA 120 via a VLC channel.
  • the VLC channel is adapted to be emitted from the light source 140 and received by a light detector 122 in the STA 120.
  • the communications system 100 further comprises the STA 120 being configured to authenticate the STA 120 to the network 1 15 by sending the received network access information to the AP 1 10 operating in the network 1 15.
  • the STA 120 is adapted to communicate with the AP 110 via a communication channel.
  • the network access information may be arranged to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID,
  • Communication channel information username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
  • a first part of the network access information is to be sent to the STA 120 via the VLC channel before the STA 120 authenticates to the network 115.
  • the AP 1 10 is configured to receive 20 from the STA 120, an identity of the STA 120 and sending it to the management server 150,
  • the management server 150 is configured to authenticating, the STA 120 by using the received identity of the STA 120,
  • the management server 150 is configured to send a second part of the network access information to the light source 140, when the STA 120 has been successfully authenticated, and
  • the controller 145 of the light source 140 is configured to send the received second part of the network access information to the STA 120 via the VLC channel.
  • the Station, STA, 120 may comprise the following arrangement depicted in Figure 8. As mentioned above, the STA 120 is capable of communicating with a light source 140.
  • the STA 120 is configured to e.g. by means of an receiving module 810 and/or a light detector 122 configured to, receive network access information from the
  • the VLC channel is to be emitted from the light source 140 and received by a light detector 122 in the STA 120.
  • the STA 120 being configured to e.g. by means of an authenticating module 820 configured to, authenticate the STA 120 to the network 1 15 by sending the network access information to the AP 110 adapted to operate in the Network 1 15.
  • the STA 120 is arranged to communicate with the AP 1 10 via a communication channel.
  • the network access information may be adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
  • a first part of the network access information is adapted to be received before starting the authentication.
  • the STA 120 is further configured to authenticate the STA 120 to the Network 115 by:
  • the first part of the network access information may be adapted to comprise any one or more out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
  • the STA 120 may further be configured to authenticate the STA 120 to the network 115 by selecting a data rate for communication with the network 1 15.
  • the embodiments herein may be implemented through one or more processors, such as a processor 830 in the STA 120 depicted in Figure 8, together with computer program code for performing the functions and actions of the embodiments herein.
  • the program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into the STA 120.
  • One such carrier may be in the form of a CD ROM disc. It is however feasible with other data carriers such as a memory stick.
  • the computer program code may furthermore be provided as pure program code on a server and downloaded to the STA 120.
  • the end user device 120 may further comprise a memory 840 comprising one or more memory units.
  • the memory 850 comprises instructions executable by the processor 80.
  • the memory 840 is arranged to be used to store e.g. network access information, data, configurations, and applications to perform the methods herein when being executed in the end user device 120.
  • modules in the STA 120 may refer to a combination of analog and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 840, that when executed by the one or more processors such as the processor 830 as described above.
  • processors may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a system-on-a-chip (SoC).
  • ASIC Application-Specific Integrated Circuitry
  • SoC system-on-a-chip
  • the controller 145 of the light source 140 may comprise the following arrangement depicted in Figure 9. As mentioned above the STA 120 is capable of communicating with the light source 140.
  • the controller 145 of the light source 140 is configured to, e.g. by means of a managing module 910 configured to, manage the light source 140 to send to the STA 120 network access information.
  • the network access information is to be received from a management server 150 and sent to the STA 120 via a VLC channel.
  • the VLC channel is adapted to be emitted from the light source 140.
  • the network access information enables the STA 120 to authenticate to the network 1 15 by sending the network access
  • the network access information may be adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
  • a first part of network access information is to be sent to the STA 120 via the VLC channel before the STA 120 starts the authentication to the network 115.
  • the controller 145 of the light source 140 is configured to e.g. by means of a receiving module 920 configured to, receive a second part of the network access information from the management server 150, when the STA 120 has been successfully authenticated and to send the second part of the network access information to the STA via the light source 140.
  • the first part of the network access information may be adapted to comprise any one out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
  • the controller 145 of the light source 140 may be configured to e.g. by means of the managing module 910 configured to, manage the light source 140 to send to the STA 120 updated network access information.
  • the controller 145 of the light source 140 may be configured to e.g. by means of the managing module 910 configured to, manage the light source 140 to send to the STA 120 updated network access information repeatedly according to a predetermined frequency.
  • the embodiments herein may be implemented through one or more processors, such as a processor 930 in the controller 145 of the light source 140 depicted in Figure 9, together with computer program code for performing the functions and actions of the embodiments herein.
  • the program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into the controller 145 of the light source 140.
  • a data carrier may be in the form of a CD ROM disc. It is however feasible with other data carriers such as a memory stick.
  • the computer program code may furthermore be provided as pure program code on a server and downloaded to the controller 145 of the light source 140.
  • the controller 145 of the light source 140 may further comprise the memory 940 comprising one or more memory units.
  • the memory 940 comprises instructions executable by the processor 930.
  • the memory 940 is arranged to be used to store network access information, data, configurations, and applications to perform the methods herein when being executed in the controller 145 of the light source 140.
  • modules in the controller 145 of the light source 140 may refer to a combination of analog and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 940, that when executed by the one or more processors such as the processor 930 as described above.
  • processors may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a system- on-a-chip (SoC).
  • ASIC Application-Specific Integrated Circuitry
  • SoC system- on-a-chip

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method performed by a communications system, for authenticating a station, STA, to access a network is provided. The STA is capable of communicating with a light source. The method comprises: Sending (201) by a management server to a controller of the light source, network access information, Sending (202) by the light source to the STA, the received network access information, which network access information is sent to the STA via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source and received by a light detector in the STA,and Authenticating(207)by the STA, the STA to the network by sending the received network access information to an Access Point, AP, operating in the network, wherein the STA communicates with the AP via a communication channel.

Description

A COMMUNICATIONS SYSTEM, A STATION, A CONTROLLER OF A LIGHT SOURCE, AND METHODS THEREIN FOR AUTHENTICATING THE STATION TO ACCESS A
NETWORK.
TECHNICAL FIELD
Embodiments herein relate to a communications system, and a method therein. Embodiments herein further relate to a Station (STA) and a controller of a light source and methods therein. In particular, they relate to authenticating the STA to access a network.
BACKGROUND
Wi-Fi, or WFi, is a local area wireless computer networking technology that allows electronic devices access to network. A W-Fi network makes use of radio waves to transmit information across a network. W-Fi is based on the Institute of Electrical and Electronics Engineers' (IEEE) 802.1 1 standards. To connect to a W-Fi LAN, a computer has to be equipped with a wireless network interface controller. Wi-Fi technology may be used to provide Internet access to devices that are within the range of a wireless network. Devices may access a network resource such as the Internet via a wireless network Access Point (AP). The AP may provide Internet access over cable or cellular networks such as Second Generation (2G), Third generation (3G), Long Term Evolution (LTE) etc. among other options.
WiFi APs may provide user devices with access to a network resource such as the Internet, without authenticating them. However, since this is insecure and vulnerable to attacks, AP owners may provide security by authentication the users and encrypting traffic.
Offering W-Fi connections is a crucial service provided by businesses to attract customers. Organizations and businesses, such as hotels, airports, and restaurants, often provide hotspots wither free-of-charge or commercially, using a captive portal webpage for access. For example, to join a wireless network at a hotel, a distinct network name and particular configuration instructions are needed for connecting. However, there are several known issues of this traditional Wi-Fi access management, which are presented below.
To login an end user device to a hotel's wireless networks, a correct access information is required to be entered in the end user device. It is often asked for a combination of a customer's last name, room number and a special passcode to be entered. Then the user of the end user device has to make sure all the information is entered into the right boxes correctly. Typing all the information into small text boxes on an end user device such as a mobile device causes reduction of use experience of staying at the hotel.
Further, the user of the end user device needs to make sure to be connected to the correct hotel network. Fake or poseur networks often show up as a way to lure hotel customers to give private information away unknowingly.
It is often found that when connecting to the hotel's network, the web-loading speed is extremely slow. One of the typical reasons is that many customers are using the same resources, at the same time. The problem is often caused by less considerate
implementation of Wi-Fi access points in the building, leading too many connections to one access point.
Free W-Fi connections are also offered as one of the services in a hotel.
Traditionally, the wireless network name such as a Service Set Identification (SSID) may be embedded in beacon signals broadcasted by a wireless access point to be heard by end user devices within radio range of the access point. Thus, the SSID becomes publically visible to all the W-Fi end user devices in the range. However, a business owner does not want to advertise the information to all the Wi-Fi end user devices, only to specific Wi-Fi end user devices being inside the premises especially.
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs that provide secure wireless network access.
The WPA2-Personal mode of WPA2 provides security based on pre-shared passwords among users.
WPA2-Personal provides security based on pre-shared passwords among users. However, this is not convenient as the user of a wireless device first needs to obtain correct SSID and password and then enter them for authentication and successful Internet access. Additionally, the passwords are vulnerable against guessing and cracking since they are not updated frequently. The WPA2-Enterprise mode of WPA2 provides security based on the IEEE 802.1X standard. IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC) and is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a Local Area Network (LAN) or Wireless Local Area Network (WLAN).
IEEE 802.1X uses an authentication server to validate users and provide network access. On wireless networks, IEEE 802.1X may work with WPA, WPA2, or Wired Equivalent Privacy (WEP) keys. This type of authentication is typically used when connecting to an enterprise network. However, this requires Wi-Fi users to obtain access credentials off-line, resulting in unnecessary troubles, like visiting or ringing front-desk at a hotel for username and password.
SUMMARY It is therefore an object of embodiments herein to improve the authentication of a device, referred to herein as a station to access a network and the user experience of a user of the station wishing to access a network.
According to a first aspect of embodiments herein, the object is achieved by a method performed by a communications system, for authenticating a station, STA, to access a network. The STA is capable of communicating with a light source. The method comprises:
Sending by a management server to a controller of the light source, network access information,
Sending by the light source to the STA, the received network access information, which network access information is sent to the STA via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source and received by a light detector in the STA, Authenticating by the STA, the STA to the network by sending the received network access information to an Access Point, AP, operating in the network, wherein the STA communicates with the AP via a communication channel. According to a second aspect of embodiments herein, the object is achieved by a method performed by a Station, STA, for authenticating in the STA to a network. The STA is capable of communicating with a light source, the method comprises:
Receiving network access information from a management server via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source and received by a light detector in the STA.
Authenticating the STA to the network by sending the network access information to an Access Point, AP, operating in the Network, which STA communicates with the AP via a communication channel. According to a third aspect of embodiments herein, the object is achieved by a method performed by a controller of a light source for providing authentication of an STA to access a network. The STA is capable of communicating with the light source. The controller of the light source manages the light source to perform the method comprising:
Sending network access information to the STA. The network access information is received from a management server and sent to the STA via a Visual Light
Communication, VLC, channel. The VLC channel is emitted from the light source. The network access information enables the STA to authenticate to the network by sending the network access information via a communication channel to an Access Point, AP, operating in the Network.
According to a fourth aspect of embodiments herein, the object is achieved by a communications system for authenticating a Station, STA, to access a network. The STA is capable of communicating with a light source. The communications system comprises:
A management server being configured to send to a controller of the light source, network access information.
The light source is configured to send to the STA, the received network access information. The network access information is to be sent to the STA via a Visual Light Communication, VLC, channel. The VLC channel is adapted to be emitted from the light source and received by a light detector in the STA. The STA is configured to authenticate the STA to the network by sending the received network access information to an Access Point, AP, operating in the network, wherein the STA is adapted to communicate with the AP via a communication channel. According to a fifth aspect of embodiments herein, the object is achieved by a Station, STA, for authenticating in the STA to a network. The STA is capable of communicating with a light source. The STA is configured to:
Receive network access information from a management server via a Visual Light Communication, VLC, channel, which VLC channel is to be emitted from the light source and received by a light detector in the STA.
Authenticate the STA to the network by sending the network access information to an Access Point, AP, adapted to operate in the Network, which STA is arranged to communicate with the AP via a communication channel. According to a sixth aspect of embodiments herein, the object is achieved by a controller of a light source for providing authentication of an STA to access a network. The STA is capable of communicating with the light source. The controller of the light source is configured to manage the light source to send to the STA network access information. The network access information is to be received from a management server and sent to the STA via a Visual Light Communication, VLC, channel. The VLC channel is adapted to be emitted from the light source. The network access information enables the STA to authenticate to the network by sending the network access information via a
communication channel to an Access Point, AP, operating in the Network . Embodiments herein provide the following advantages:
Convenient login
Precise location-based access control
Anonymity/Security
Energy Saving
Other location-based services for Wi-Fi users
Stations can discover APs on unsupported bands, for example a station using 802.1 1 n can at least know that there are is AP that support 802.11 a only and inform the user about this issue BRIEF DESCRIPTION OF THE DRAWINGS
Examples of embodiments herein are described in more detail with reference to attached drawings in which:
Figure 1 is a schematic block diagram illustrating embodiments of a communications system.
Figure 2 is a sequence diagram depicting embodiments of a method.
Figure 3 is a flowchart depicting embodiments of a method in a STA.
Figure 4 is a flowchart depicting embodiments of a method in a controller of a light source.
Figure 5 is a sequence diagram depicting embodiments of a sequence of actions
performed in a communications system.
Figure 6 is a sequence diagram depicting embodiments of a sequence of actions
performed in a communications system.
Figure 7 is a sequence diagram depicting embodiments of a sequence of actions
performed in a communications system.
Figure 8 is a schematic block diagram illustrating embodiments of a STA.
Figure 9 is a schematic block diagram illustrating embodiments of controller of a light source.
Figure 10 is a schematic block diagram illustrating embodiments of a communications system.
DETAILED DESCRIPTION
One example of the object of embodiments herein is to improve use experience of authenticating and accessing W-Fi networks, and provide efficiency into the system.
Example of embodiments herein relate to methods and a system for authorizing access to Wi-Fi users with convenient login process and fine-grained access control by using Visible Light Communication (VLC).
For example, embodiments herein provide a system and methods that provides convenient and efficient authentication and access control for wireless users in places, like hotels, offices and so on. Instead of obtaining login credentials off-line, a device with Wi-Fi module and embedded VLC receiver (e.g. camera, photodetector) may obtain the information such as e.g. credentials directly via visual light emitted from management server controlled light sources such as e.g. LEDs.
Embodiments herein further provide convenience for users of stations when connecting stations to Wi-Fi networks. With the help of VLC, one does not need to ask 5 username/password from info desk or anywhere else explicitly. Once a user is in the range of light sources, the access is granted implicitly. One main point missing from the draft is the purpose or problem we want to solve.
10 Figure 1 shows a communications system 100 in which embodiments herein may be implemented. The communications system 100 may e.g. comprises a Wireless Local Access Network (WLAN), a Cellular network or any other wireless networks.
One or more APs operate in the communications system 100, whereof one, an AP 15 110 is depicted in Figure 1. The one or more APs may represent an access network such as a WFi network. The AP 110 is an access point providing access to a network 115 for end user devices such as STAs. The network 115 may e.g. be the Internet, or any private WLAN.
The AP 110 is capable of exchange authentication messages with e.g. a W-Fi client 20 in a STA and provides network connections such as e.g. Internet or intranet connections.
The outer frame 118 in Figure 1 resembles an area covered by signals such as Wi-Fi signals provided by the APs. Users of devices such as a STA 120 who receive credentials through light sources of the supported area will be authorized to get access the network 1 15 via AP 1 10.
25
One or more STAs are located in the communications system 100, whereof one, the STA 120 is depicted in Figure 1. The STA 120 may be a user equipment, a mobile wireless terminal, a mobile phone, a computer, a tablet computer, sometimes referred to as a surf plate, with wireless capabilities, or any other units capable to communicate with 30 the communications system 100.
The STA 120 may comprise a module for accessing a network via the AP 1 10. The module may e.g. be a Wi-Fi module comprising a Wi-Fi client that receives Wi-Fi login credentials through a light source.
The STA 120 communicates with the AP 1 10 via a communication channel, such as 35 the IEEE 802.11 η. The STA 120 further comprises a light detector which may receive a VLC channel. The light detector may e.g. be a VLC receiver such as e.g. a camera, or a photodetector.
The STA 120 is thus capable of communicating with a light source 140. The Light source 140 may e.g. be a LED. The light source 140 is capable of emitting a VLC channel which e.g. may be received by the light detector in the STA 120. The light source 140 may e.g. be a VLC-capable light bulb.
Light sources such as the light source 140 may be located in individual rooms and other spaces or areas of a building such as an office building or hotel. The light source 140 may e.g. be located in a room 142. The room 142 may be a hotel room, a room in an office or any kind of room. When the STA 120 is located in the same room 142 or other space as the light source 140 preferably in visible sight to the light source 140, it is capable of receiving a VLC channel emitted from the light source 140. The minimum distance from the STA120 to the light source 140 to be visible depends on the sensitivity of photodetector or camera in the STA 120, the brightness of light source 140 and algorithms used.
Each light source such as the light source 140 is controlled by a respective controller, herein referred to as a controller 145 of the light source 140. The controller 145 may be an external controller or may be built-in the light source. The controller 145 may encode and the light source 140 sends to the STA 120, information such as network login credentials via the light source 140. The light source controllers such as the controller 145 of the light source 140 are in communication with a management server 150. The controller 145 may e.g. be collocated with the light source 140 as mentioned above or with the management server 150 or it may be a unit by itself. The management server 150 signals to light controllers such as the controller 145, and authenticates Wi-Fi users such as the STA 120.
In this way the STA 120 is capable of obtain network access information such as e.g. network access credentials directly from the management server 150 via visual light such as the VLC channel emitted from the light source 140 being controlled by the controller 145, instead of obtaining login credentials off-line. VLC
In general, Visual Light Communication (VLC) provides a high data-rate and low- cost network link. VLC systems have the potential for high signal-to-noise ratios, and may be contained easily within walls providing a high degree of spatial diversity.
VLC provides a communication scheme that e.g. enables interior ambient light sources such as the light source 140 which may be related to LED lighting systems to send data to devices using either cameras or light sensors. By e.g. exploiting rolling shutter camera sensors that are common on tablets, laptops and smartphones such as the STA 120, it is possible to detect high-frequency changes in light intensity reflected off of surfaces and in direct line-of-sight of the camera. The VLC may use a demodulation approach that e.g. allows smartphones to accurately detect frequencies as high as 8 kHz with 0.2 kHz channel separation. In order to avoid humanly perceivable flicker in the lighting, a VLC system may e.g. operate at frequencies above 2 kHz and compensate for the non-ideal frequency response of standard LED drivers by adjusting the light's duty- cycle.
Embodiments herein uses VLC, which is a data communication medium using visible light from the light source 140 for data transmission. Using controlled VLC light sources such as the light source 140 controlled by the controller 145, to embed login information into a visual channel would bring an efficient and convenient way to access secured wireless networks such as e.g. the network 1 15.
LEDs have become increasingly popular e.g. in hotels over the past few years. Deploying or upgrading current lighting system would give the hotel a light makeover, and create relaxing or uplifting social areas to welcome guests and make them feel comfortable. Thus, to have VLC-capable LEDs would not be costly for business owners.
Since a VLC-based LED is also used for indoor positioning, the location of LED may directly inform e.g. a hotel's authentication system which hotel room or area the LED covers. Despite other radio spectrum methods, such as short-wave radio or Wi-Fi, visible light cannot travel through non-transparent physical material e.g. wall, ceiling. This advantage allows embodiments herein to provide localization by identifying individual rooms and other spaces. Embodiments herein may also broadcast sensitive information without concerning about eavesdropping happening from outside of the areas. Thus, the light source 140 may be programmed by the management server 150 via the controller 145 to flash coded signals in lighting with high-frequency on-off changes in order to convey login information to a device such as the STA 120 with embedded camera. Once the device obtains the information, it may authenticate itself against the management server 150 in order to join the network such as the network 115.
Embodiments herein provide to use VLC as a visual channel to transmit information, such as SSID, BSSID, channel, username and password, to devices such as the STA 120 with e.g. embedded camera and Wi-Fi module for connecting to wireless networks.
SSID and BSSID are information about the network. They tell which WIFI access point the station may try and connect with.
Embodiments of a method will first be described in a general way from the perspective of the communications system 105.
Example embodiments of the method performed by a communications system 105, for authenticating the STA 120 to access a network 1 15, will now be described with reference to a sequence diagram depicted in Figure 2. The STA 120 is capable of communicating with the light source 140.
The method comprises the following actions, which actions may be taken in any suitable order.
According to an example scenario, the STA 120 is about to access to the network 1 15 via the AP 1 10.
Action 201
To access the network 115 via the AP, the STA needs some credentials. The management server 150 sends network access information to the controller 145 of the light source 140.
The network access information such as the network access credentials may e.g. be provided to the management server 150 either manually by a network administrator or owner or may be discovered over the network automatically.
The network access information may comprise any one or more out of: a Service
Set Identification, SSID, a Basic Service Set Identification, BSSID, Communication channel information, username, password, certificates, channel and cipher suites supported among other such information, and credentials for the AP 1 10 that provides network access.
The controller 145 provides the network access information to the light source 140.
Action 202 The light source 140 sends the received network access information to the STA 120. The controller 145 manages the light source 140 to perform the sending of the network access information. The network access information is sent to the STA 120 via a VLC channel. The VLC channel is emitted from the light source 140 and received by a light detector in the STA 120.
In some embodiments, only a first part of the network access information is sent to the STA 120 via the VLC channel, before the STA 120 authenticates to the network 115. In these embodiments the optional actions 20-206 below will be performed wherein a second part of the network access information will be sent in action 206. The first part of the network access information may e.g. comprise SSID and BSSID, and the second part of the network access information may comprise a password. This will be explained ore in detail below.
Action 203
In some embodiments, the AP 110 may receive the first part network access information and an identity of the STA 120 from the STA 120, and send it to the management server 150.
In this action the STA 120 may send the first part network access information to the AP 1 10. Upon receiving the first part network access information, the AP requests an identity of the STA 120. The STA 120 then sends the requested identity to the AP 110.
Action 204
In some embodiments, the management server 150 authenticates the STA 120 by using the received identity of the STA 120.
Action 205
The management server 150 sends the second part of the network access information to the controller 145 of light source 140, when the STA 120 has been successfully authenticated.
Action 206
The light source 140 then sends the received second part of the network access information to the STA 120 via the VLC channel.
Action 207 The STA 120 authenticates the STA 120 to the network 115 by sending the received network access information to the AP 1 10 operating in the network 1 15. The STA 120 communicates with the AP 1 10 via a communication channel.
In some embodiments only the received second part of the network access information is sent at this stage.
Action 208
The STA 120 may now access the network 1 15. Embodiments of the method described above will now be described in a general way, first from the perspective of the STA 120 and then from the perspective of the controller 145 of a light source 140. This will be followed by a more detailed description with examples and explanations. Example embodiments of a method performed by the STA 120 for authenticating the STA 120 to a network 1 15, will now be described with reference to a flowchart depicted in Figure 3. As mentioned above the STA 120 is capable of communicating with a light source 140. According to the example scenario, the STA 120 wish to access to the network 1 15 via the AP 110.
The method comprises the following actions, which actions may be taken in any suitable order.
Action 301
In the example scenario the STA 120 is located in the same space or room 142 as the light source 140, and preferably in visible sight of the light source 140. The STA 120 is thus capable to communicate with the light source 140 by using VLC. The STA 120 receives network access information from the management server 150 via the VLC channel. The VLC channel is emitted from the light source 140 and received by the light detector in the STA 120.
The network access information may comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 110 that provides network access. Action 302
Now the STA has obtained the network access information and is enabled to start to access the network 115. Thus, the STA 120 authenticates the STA 120 to the network 1 15 by sending the network access information to the AP 110 operating in the network 5 115. The STA 120 communicates with the AP 110 via a communication channel.
In some embodiments, a first part of the network access information is received before starting the authentication. In these embodiments, this action of authenticating the STA 120 to the network 115 comprises:
-sending the first part of the network access information to the AP 1 10, to
0 authenticate the STA 120,
-sending an identity of the STA 120 to the AP 110 upon request,
-receiving a second part of the network access information from the management server 150 via the VLC channel,
-sending the second part of the network access information to the AP 110.
5 The first part of the network access information may comprise any one or more out of an SSID and a BSSID. The second part of the network access information may comprise a password.
In some embodiments this action of authenticating 301 the STA 120 to the network 115 further comprises selecting a data rate for communication with the network 1 15.
Example embodiments of a method performed by the controller 145 of the light source 140 for providing authentication of an STA 120 to access a network 1 15 will now be described with reference to a flowchart depicted in Figure 4. As mentioned above the5 STA 120 is capable of communicating with the light source 140. According to the example scenario, the STA 120 wishes to access to the network 1 15 via the AP 110.
The controller 145 of the light source 140 manages the light source 140 to perform the method comprising the following actions, which actions may be taken in any suitable order. Dashed lines of boxes in Figure 4 indicate that this action is not mandatory.
0
Action 401
The controller 145 of the light source 140 receives network access information or a first part of the network access information from the management server 150.
The network access information may comprise any one or more out of: a Service5 Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access. Action 402
The controller 145 of the light source 140 manages the light source 140 to send the network access information to the STA 120. The network access information is sent to the STA 120 via a VLC channel. The VLC channel is emitted from the light source 140. The network access information enables the STA 120 to authenticate to the network 1 15 by sending the network access information via a communication channel to the AP 110 operating in the Network 1 15.
In some embodiments, only the first part of network access information is sent to the STA 120 via the VLC channel before the STA 120 starts the authentication to the network 1 15. In these embodiments the optional actions 40-404 below will be performed wherein a second part of the network access information will be sent in action 204.
Action 403
The controller 145 of the light source 140 receives a second part of the network access information from the management server 150, when the STA 120 has been successfully authenticated.
Action 404
The controller 145 of the light source 140 manages the light source 140 to send the second part of the network access information to the STA via the light source 140.
In some embodiments, the first part of the network access information comprises any one out of SSID and BSSID, and the second part of the network access information comprises a password.
Action 405
The controller 145 of the light source 140 may manage the light source 140 to send updated network access information to the STA 120.
This may be performed repeatedly according to a predetermined frequency. Embodiment's herein will now be further described and explained. The text below is applicable to and may be combined with any suitable embodiment described above.
According to embodiments herein, sensitive information is sent through the light source 140, and the STA 120 may receive this information by any photon receiver such as camera built-in mobile phones, computers or any other light-receiving device/demodulator including the STA 120. The lightening infrastructure of the light source 140 may be used for this purpose. As mentioned above, the light source 140 is controlled by the controller 145, which controller 145 is in communication with the management server 150. This communication may be one-way, from the management server to controller 145, or bidirectional. The management server 150 sends sensitive information to light controllers such as the controller 145 to be transmitted through the respective light source including the light source 140.
As a transmission through light takes place in very high speed frequencies, a human eye cannot perceive any change in its surrounding ambient light. To not perceive any changes by human eyes, the frequency has to be over 1 KHz. On-off keying denotes an Amplitude-Shift Keying (ASK) modulation. This fact allows exploitation of capacities of existing lightening system as a medium to hide the information transmission.
The outer frame 1 18 in Figure 1 resembles the area covered by Wi-Fi signals. Users of devices such as the STA 120 who receive the credentials through the lightening system of the supported area will be authorized to get access to the Wi-Fi network. This authorization is controlled by the management server 150 which updates the credential information in the AP 1 10, other associated APs, the light source 140 via the controller 140, and other associated light sources frequently. Users of devices without the knowledge of recent credentials are considered to be outside of the pre-defined area and hence will not be authorized to get connected to the network 115.
Embodiments herein may work both with WPA2-Personal and WPA2-Enterprise certifications. In the simplest form of the embodiments herein, the VLC is simply used for communicating a password for obtaining Internet Access via the AP 110. The STA 120 is still responsible for selecting the appropriate access point e.g. from a list of access points detected in its ambient environment. This may be circumvented and the whole process may be automated by also communicating a SSID over the VLC channel. An application of the STA 120 may then simply be opened and the STA 120 would connect with the AP 110 using the SSID and password received over the VLC channel without requiring any further user action.
Figure 5 depicts an embodiment using WPA Personal WiFi authentication with VLC communication.
The management server 150 may change the information, i.e. the credentials transmitted on the VLC channel, the passwords may be frequently updated for increased security. Additionally, since the user of a STA is no longer responsible for obtaining the password from the reception or the wall and entering them into the system, the passwords may be much more complex to protect against guessing or cracking or dictionary attacks.
However, as is seen in Figure 5, the VLC channel may also be used for
communicating additional information such as the BSSID, channel and cipher suites supported in addition to the SSID and password. This may provide several additional benefits.
- The APs such as the AP 1 10 no longer have to broadcast a beacon message on an IEEE 802.11 wireless interface thereby saving energy. This is marked with X in Figure 5
Probe request and response messages no longer need to be exchanged. All the necessary information is already available to the STA 120 over the VLC channel and the STA 120 may ensure that it supports one of the advertised data rates for the connection to the network to succeed. This implies that data rate selection is now done by the STA 120 instead of the AP 110.
- By not broadcasting the beacon message may also provide some level of anonymity, hiding the fact there is a Wi-Fi service with a given SSID in that building. Users of devices that do not have access to the VLC channel, i.e. those devices that are not physically present where the W-Fi service is offered, would not see the AP in their list unless they send a probe request. An AP may choose not to respond to those probe requests to provide additional protection.
- The access control may be improved. E.g. in an office environment some rooms will receive BSSID and other necessary credentials for an AP that provides access to both the Internet and Intranet. Other areas of the office building will receive credentials for access points that only provide Internet access.
- On-demand rekeying may be provided. Rekeying may be triggered by either the management server 150 or STA users themselves such as the user of the STA 120 whenever a STA is within the range a light source according to embodiments herein. For example by pressing a switch in the room /please give an example of this here: The light source 110 may send new keys to the STA 120 and old ones may be invalidated. Many enterprise scenarios require much more fine-grained user/device
authentication/access control and therefore rely on IEEE 802.1x based authentication. IEEE 802.1X defines encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802. Embodiments herein may be integrated with such WPA2-Enterprise certified 802.1x based authentication as well.
In a simplest manifestation of these embodiments, an authentication server e.g. being part of the AP 1 10 or the management server can support RADIUS/DIAMETER or similar protocols. Remote Authentication Dial In User Service (RADIUS) and DIAMETER are Authentication, Authorization, and Accounting (AAA) protocols for users who connect and use a network service may simply configure the VLC channel to communicate the same Network Access Identifier (NAI) and credentials, depending on the EAP method used, for all user devices such as the STA 120. So for Extensible Authentication Protocol (EAP) - Pre-Shared Key (PSK) it may be the password that is comprised in the network access information while for EAP- Transport Layer Security (TLS) it may be the client side certificate that is comprised in the network access information. However, such sharing of same access credentials among all users defeats the purpose of IEEE 802.1x finegrained authentication.
Figure 6 depicts a WPA-Enterprise 802.1x authentication with visible light communication. As shown in Figure 6 this may be improved by only communicating the network access information such as the SSID, BSSID, data rate etc. details on the VLC channel. A network application in the STA 120 may automatically start the connection request to the AP 110 upon receiving the network access information. When the AP 110 sends an EAP-ldentity request, the STA 120, such as an application the STA 120, prompts the STA 120 for the appropriate username. From there on, multiple EAP Request Responses are sent between the STA 120, such as the application the STA 120
(supplicant) and the authorization server 150 until the STA 120 or the user of the STA 120 is successfully authenticated. Thereafter, the authorization server 150 sends a Radius Accept message along with the PMK to the AP 110. The AP 1 10 and the STA 120 finally use this PMK for performing a 4-way handshake and deriving Pairwise Transient Keys (PTK) and/or Groupwise Transient keys (GTK). While 802.1x authentication with username password such as EAP-PSK or certificates etc., depending on the exact EAP method used, works well in many enterprise scenarios such as offices, such strong user authentication may not be required in other scenarios, such as a W-Fi service provided by a hotel for its guests. For example, a hotel network administrator may only want to ensure that there is a valid guest and he is situated somewhere on the hotel premises. Distributing passwords or client-side certificated for 802.1x authentication in such a scenario would be challenging.
Figure 7 depicts a WPA-Enterprise 802.1x authentication with visible light communication and modified EAP method. To overcome this challenge, some
embodiments are modified as shown in Figure 7. As shown in Figure 7 the first part of the network access information and the second part of the network access information is communicated on the visible light channel at two different stages. This relates to Actions 202-206 ,302, 402-404 described above.
In these embodiments, the STA 120, such as the application the STA 120 responsible for network connection only receives the SSID, BSSID, data rate etc.
information over the VLC channel, i.e. the first part of the network access information.
By using this information the STA 120, such as the application the STA 120 then initiates the connection with the appropriate AP 110.
Once the STA 120, such as the application the STA 120 receives an EAP-ldentity request from the AP 110, it prompts the STA 120 or the user of the STA 120 to enter a user name. The user name may be the guest name in which the hotel was booked or the email id that was used for booking the hotel. The STA 120, such as the application the STA 120 may inform what kind of username it is expecting. This information may also be communicated over the visible light channel the first part of the network access information as shown in Figure 7.
The STA 120, such as the application the STA 120 would then add a realm to this username, which may e.g. be @local, indicating only local authentication supported and if the first hop management server 150 cannot service this request then the STA 120 won't get Wi-Fi access, or the realm may also be communicated over the VLC channel e.g. in the first part of the network access information.
Upon receiving the identity in the EAP-Response message, the AP 110 forwards the username to the management server 150 as a radius/diameter message. The
authentication sever 150 is then responsible for checking if there is an active guest account. Additionally the authentication sever 150 may e.g. enforce a total number of logins supported with that username and some data limits for accounting purposes.
Once the management server 150 has confirmed the identity, it sends the password to the STA 120 via the controller 145 and the light source 140 over the VLC channel and sends the PMK to the AP 110. The password is sent to the STA 120 as the second part of the network access information. The password sent to the STA 120 over the VLC channel may in this example be location specific. The management server 150 may estimate the location of the STA 120 based on the requesting AP 110. So if the username received corresponds to a guest in room number 428, and the request is coming from an AP on the 4th floor, then the password is communicated over the light sources in or near room 428. If the management server 150 detects that the authentication request is from an AP in a common area, such as a lounge, and then it sends the password only to those relevant light sources in the lounge.
Finally, the AP 110 and the STA 120 derive the PTK and GTK using the PM K.
Embodiments herein may also be used with a modified version of EAP-SIM/EAP- AKA/EAP-AKA' to make sure that there is a valid user in hotel with the phone number that was used during the booking. EAP for GSM Subscriber Identity Module (EAP-SIM) is used for authentication and session key distribution using the Subscriber Identity Module (SIM) from the Global System for Mobile Communications (GSM). Extensible
Authentication Protocol Method for Universal Mobile Telecommunications System (UMTS) Authentication and Key Agreement (EAP-AKA) is an EAP mechanism for authentication and session key distribution using the UMTS Subscriber Identity Module (USIM). The EAP-AKA' (AKA Prime) variant of EAP-AKA, defined in RFC 5448, and is used for non- 3GPP access to a 3GPP core network.
To perform the method actions for authenticating a STA 120 to access a network 1 15, described above in relation to Figure 2, the communications system 100 may comprise the following arrangement. As mentioned above the STA 120 is capable of communicating with a light source 140.
The communications system 100 comprises the management server 150 being configured to send to a controller 145 of the light source 140, network access information.
The communications system 100 further comprises the controller 145 of the light source 140 being configured to send to the STA 120, the received network access information. The network access information is to be sent to the STA 120 via a VLC channel. The VLC channel is adapted to be emitted from the light source 140 and received by a light detector 122 in the STA 120.
The communications system 100 further comprises the STA 120 being configured to authenticate the STA 120 to the network 1 15 by sending the received network access information to the AP 1 10 operating in the network 1 15. The STA 120 is adapted to communicate with the AP 110 via a communication channel.
The network access information may be arranged to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID,
Communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
In some embodiments, a first part of the network access information is to be sent to the STA 120 via the VLC channel before the STA 120 authenticates to the network 115. In these embodiments:
the AP 1 10 is configured to receive 20 from the STA 120, an identity of the STA 120 and sending it to the management server 150,
the management server 150 is configured to authenticating, the STA 120 by using the received identity of the STA 120,
the management server 150 is configured to send a second part of the network access information to the light source 140, when the STA 120 has been successfully authenticated, and
the controller 145 of the light source 140 is configured to send the received second part of the network access information to the STA 120 via the VLC channel.
To perform the method actions for authenticating in the STA 120 to the network 115 described above in relation to Figure 3, the Station, STA, 120 may comprise the following arrangement depicted in Figure 8. As mentioned above, the STA 120 is capable of communicating with a light source 140.
The STA 120 is configured to e.g. by means of an receiving module 810 and/or a light detector 122 configured to, receive network access information from the
management server 150 via a VLC channel: The VLC channel is to be emitted from the light source 140 and received by a light detector 122 in the STA 120. The STA 120 being configured to e.g. by means of an authenticating module 820 configured to, authenticate the STA 120 to the network 1 15 by sending the network access information to the AP 110 adapted to operate in the Network 1 15. The STA 120 is arranged to communicate with the AP 1 10 via a communication channel.
The network access information may be adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
In some embodiments, a first part of the network access information is adapted to be received before starting the authentication. In these embodiments, the STA 120 is further configured to authenticate the STA 120 to the Network 115 by:
-sending the first part of the network access information to the AP 1 10, to
authenticate the STA 120,
-sending an identity of the STA 120 to the AP 110 upon request,
-receiving a second part of the network access information from the management server 150 via the VLC channel,
-sending the second part of the network access information to the AP 110.
The first part of the network access information may be adapted to comprise any one or more out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
The STA 120 may further be configured to authenticate the STA 120 to the network 115 by selecting a data rate for communication with the network 1 15. The embodiments herein may be implemented through one or more processors, such as a processor 830 in the STA 120 depicted in Figure 8, together with computer program code for performing the functions and actions of the embodiments herein. The program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into the STA 120. One such carrier may be in the form of a CD ROM disc. It is however feasible with other data carriers such as a memory stick. The computer program code may furthermore be provided as pure program code on a server and downloaded to the STA 120. The end user device 120 may further comprise a memory 840 comprising one or more memory units. The memory 850 comprises instructions executable by the processor 80.
The memory 840 is arranged to be used to store e.g. network access information, data, configurations, and applications to perform the methods herein when being executed in the end user device 120.
Those skilled in the art will also appreciate that the modules in the STA 120, described above may refer to a combination of analog and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 840, that when executed by the one or more processors such as the processor 830 as described above. One or more of these processors, as well as the other digital hardware, may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a system-on-a-chip (SoC).
To perform the method actions for providing authentication of the STA 120 to access a network 115, described above in relation to Figure 4, the controller 145 of the light source 140 may comprise the following arrangement depicted in Figure 9. As mentioned above the STA 120 is capable of communicating with the light source 140.
The controller 145 of the light source 140 is configured to, e.g. by means of a managing module 910 configured to, manage the light source 140 to send to the STA 120 network access information. The network access information is to be received from a management server 150 and sent to the STA 120 via a VLC channel. The VLC channel is adapted to be emitted from the light source 140. The network access information enables the STA 120 to authenticate to the network 1 15 by sending the network access
information via a communication channel to an Access Point, AP, 1 10 operating in the Network 1 15. The network access information may be adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP 1 10 that provides network access.
In some embodiments, a first part of network access information is to be sent to the STA 120 via the VLC channel before the STA 120 starts the authentication to the network 115. In these embodiments the controller 145 of the light source 140 is configured to e.g. by means of a receiving module 920 configured to, receive a second part of the network access information from the management server 150, when the STA 120 has been successfully authenticated and to send the second part of the network access information to the STA via the light source 140.
The first part of the network access information may be adapted to comprise any one out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
The controller 145 of the light source 140 may be configured to e.g. by means of the managing module 910 configured to, manage the light source 140 to send to the STA 120 updated network access information.
The controller 145 of the light source 140 may be configured to e.g. by means of the managing module 910 configured to, manage the light source 140 to send to the STA 120 updated network access information repeatedly according to a predetermined frequency.
The embodiments herein may be implemented through one or more processors, such as a processor 930 in the controller 145 of the light source 140 depicted in Figure 9, together with computer program code for performing the functions and actions of the embodiments herein. The program code mentioned above may also be provided as a computer program product, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into the controller 145 of the light source 140. One such carrier may be in the form of a CD ROM disc. It is however feasible with other data carriers such as a memory stick. The computer program code may furthermore be provided as pure program code on a server and downloaded to the controller 145 of the light source 140.
The controller 145 of the light source 140 may further comprise the memory 940 comprising one or more memory units. The memory 940 comprises instructions executable by the processor 930.
The memory 940 is arranged to be used to store network access information, data, configurations, and applications to perform the methods herein when being executed in the controller 145 of the light source 140.
Those skilled in the art will also appreciate that the modules in the controller 145 of the light source 140, described above may refer to a combination of analog and digital circuits, and/or one or more processors configured with software and/or firmware, e.g. stored in the memory 940, that when executed by the one or more processors such as the processor 930 as described above. One or more of these processors, as well as the other digital hardware, may be included in a single Application-Specific Integrated Circuitry (ASIC), or several processors and various digital hardware may be distributed among several separate components, whether individually packaged or assembled into a system- on-a-chip (SoC).
Please also see Figure 10 showing an overview of an example of the methods described above.
When using the word "comprise" or "comprising" it shall be interpreted as non- limiting, i.e. meaning "consist at least of".
The embodiments herein are not limited to the above described preferred embodiments. Various alternatives, modifications and equivalents may be used.
Therefore, the above embodiments should not be taken as limiting the scope of the invention, which is defined by the appending claims.

Claims

A method performed by a communications system (100), for authenticating a station, STA, (120) to access a network (1 15), which STA (120) is capable of communicating with a light source (140), the method comprising:
sending (201) by a management server (150) to a controller (145) of the light source (140), network access information,
sending (202) by the light source (140) to the STA (120), the received network access information, which network access information is sent to the STA (120) via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source (140) and received by a light detector (122) in the STA (120), authenticating (207) by the STA (120), the STA (120) to the network (1 15) by sending the received network access information to an Access Point, AP, (1 10) operating in the network (1 15), wherein the STA (120) communicates with the AP (1 10) via a communication channel.
The method according to claim 1 , wherein the network access information comprises any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, Communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (110) that provides network access.
The method according to claim 1 or 2, wherein a first part of the network access information is sent to the STA (120) via the VLC channel before the STA (120) authenticates to the network (1 15), the method further comprising:
receiving (203) by the AP (1 10) from the STA (120), the first part network access information and an identity of the STA (120) and sending it to the management server (150),
authenticating (204) by the management server (150), the STA (120) by using the received identity of the STA (120),
sending (205) by the management server (150) a second part of the network access information to the controller (145) of light source (140), when the STA (120) has been successfully authenticated, sending (206) by the light source (140) the received second part of the network access information to the STA (120) via the VLC channel.
A method performed by a Station, STA, (120), for authenticating in the STA (120) to a network (1 15), which the STA (120) is capable of communicating with a light source (140), the method comprising,
receiving (301) network access information from a management server (150) via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source (140) and received by a light detector (122) in the STA (120), and
authenticating (302) the STA (120) to the network (1 15) by sending the network access information to an Access Point, AP, (110) operating in the Network (115), which STA (120) communicates with the AP (1 10) via a communication channel.
The method according to claim 4, wherein the network access information comprises any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (1 10) that provides network access.
6. The method according to claim 4 or 5, wherein a first part of the network access information is received before starting the authentication, wherein authenticating (302) the STA (120) to the Network (1 15) comprises:
-sending the first part of the network access information to the AP (110), to authenticate the STA (120),
-sending an identity of the STA (120) to the AP (110) upon request,
-receiving a second part of the network access information from the management server (150) via the VLC channel,
-sending the second part of the network access information to the AP (1 10).
The method according to claim 6, wherein the first part of the network access information comprises any one or more out of SSID and BSSID, and wherein the second part of the network access information comprises a password.
8. The method according to any of the claims 4-7, wherein authenticating (302) the STA (120) to the network (1 15) further comprises:
selecting a data rate for communication with the network (1 15).
9. A method performed by a controller (145) of a light source (140) for providing
authentication of an STA (120) to access a network (1 15), which STA (120) is capable of communicating with the light source (140), the controller (145) of the light source (140) manages the light source (140) to perform the method comprising:
sending (402) to the STA (120) network access information, which network access information is received from a management server (150) and sent to the STA (120) via a Visual Light Communication, VLC, channel, which VLC channel is emitted from the light source (140), which network access information enables the STA (120) to authenticate to the network (1 15) by sending the network access information via a communication channel to an Access Point, AP, (110) operating in the Network (115).
10. The method according to claim 9, wherein the network access information
comprises any one or more out of: a Service Set Identification, SSID, a Basic
Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (1 10) that provides network access.
1 1. The method according to claim 9 or 10, wherein a first part of network access
information is sent to the STA (120) via the VLC channel before the STA (120) starts the authentication to the network (1 15), the method further comprising:
receiving (403) a second part of the network access information from the management server (150), when the STA (120) has been successfully
authenticated, and
sending (404) the second part of the network access information to the STA via the light source (140).
12. The method according to claim 11 , wherein the first part of the network access information comprises any one out of SSID and BSSID, and wherein the second part of the network access information comprises a password.
13. The method according to any of the claims 9-12, further comprising
sending (405) to the STA (120) updated network access information.
14. The method according to claim 1 , wherein sending (405) to the STA (120) updated network access information is performed repeatedly according to a predetermined frequency.
15. A communications system (100), for authenticating a Station, STA, (120) to access a network (1 15), which STA (120) is capable of communicating with a light source (140), the communications system (100) being characterized by:
a management server (150) being configured to send to a controller (145) of the light source (140), network access information,
the light source (140) being configured to send to the STA (120), the received network access information, which network access information is to be sent to the STA (120) via a Visual Light Communication, VLC, channel, which VLC channel is adapted to be emitted from the light source (140) and received by a light detector (122) in the STA (120), and
the STA (120) being configured to authenticate the STA (120) to the network (115) by sending the received network access information to an Access Point, AP, (1 10) operating in the network (1 15), wherein the STA (120) is adapted to communicate with the AP (1 10) via a communication channel.
16. The communications system (100) according to claim 15, wherein the network access information is arranged to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, Communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (110) that provides network access.
17. The communications system (100) according to claim 15 or 16, wherein a first part of the network access information is to be sent to the STA (120) via the VLC channel before the STA (120) authenticates to the network (1 15), the
communications system (100) being further characterized by:
the AP (1 10) being configured to receive from the STA (120), the first part network access information and an identity of the STA (120) and sending it to the management server (150),
the management server (150) being configured to authenticating, the STA (120) by using the received identity of the STA (120),
the management server (150) being configured to send a second part of the network access information to the controller (145) of the light source (140), when the STA (120) has been successfully authenticated, and
the light source (140) is configured to send the received second part of the network access information to the STA (120) via the VLC channel.
18. A Station, STA, (120) for authenticating in the STA (120) to a network (1 15), which the STA (120) is capable of communicating with a light source (140) the STA (120) being configured to:
receive network access information from a management server (150) via a Visual Light Communication, VLC, channel, which VLC channel is to be emitted from the light source (140) and received by a light detector (122) in the STA (120), and
authenticate the STA (120) to the network (1 15) by sending the network access information to an Access Point, AP, (1 10) adapted to operate in the Network (1 15), which STA (120) is arranged to communicate with the AP (1 10) via a communication channel.
19. The STA (120) according to claim 18, wherein the network access information is adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (110) that provides network access.
20. The STA (120) according to claim 18 or 19, wherein a first part of the network
access information is adapted to be received before starting the authentication, and wherein the STA (120) further is configured to authenticate the STA (120) to the Network (115) by:
-sending the first part of the network access information to the AP (110), to authenticate the STA (120),
-sending an identity of the STA (120) to the AP (110) upon request,
-receiving a second part of the network access information from the management server (150) via the VLC channel,
-sending the second part of the network access information to the AP (1 10).
21. The STA (120) according to claim 20, wherein the first part of the network access information is adapted to comprise any one or more out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
22. The STA (120) according to any of the claims 18-21 , wherein the STA (120) further is configured to authenticate the STA (120) to the network (1 15) by:
selecting a data rate for communication with the network (1 15).
23. A controller (145) of a light source (140) for providing authentication of an STA (120) to access a network (1 15), which STA (120) is capable of communicating with the light source (140), the controller (145) of the light source (140) is characterized by:
the controller (145) of the light source (140) being configured to manage the light source (140) to send to the STA (120) network access information, which network access information is to be received from a management server (150) and sent to the STA (120) via a Visual Light Communication, VLC, channel, which VLC channel is adapted to be emitted from the light source (140), which network access information enables the STA (120) to authenticate to the network (1 15) by sending the network access information via a communication channel to an Access Point, AP, (1 10) operating in the Network (115).
24. The controller (145) of a light source (140) according to claim 2, wherein the
network access information is adapted to comprise any one or more out of: a Service Set Identification, SSID, a Basic Service Set Identification, BSSID, communication channel information, username, password, certificates, channel and cipher suites supported in addition to the SSID and the password, and credentials for the AP (1 10) that provides network access.
25. The controller (145) of a light source (140) according to claim 2 or 24, wherein a first part of network access information is to be sent to the STA (120) via the VLC channel before the STA (120) starts the authentication to the network (1 15), and wherein:
the controller (145) of the light source (140) is configured to receive a second part of the network access information from the management server (150), when the STA (120) has been successfully authenticated.
26. The controller (145) of a light source (140) according to claim 25, wherein the first part of the network access information is adapted to comprise any one out of SSID and BSSID, and wherein the second part of the network access information is adapted to comprise a password.
27. The method according to any of the claims 2-26, wherein:
the controller (145) of the light source (140) is configured to manage the light source (140) to send to the STA (120) updated network access information.
28. The controller (145) of a light source (140) according to claim 27, wherein the
controller (145) of the light source (140) is configured to manage the light source (140) to send to the STA (120) updated network access information repeatedly according to a predetermined frequency and to send the second part of the network access information to the STA via the light source (140).
PCT/SE2015/050566 2015-05-19 2015-05-19 A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network. WO2016186539A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/SE2015/050566 WO2016186539A1 (en) 2015-05-19 2015-05-19 A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network.
EP15892704.6A EP3298813B1 (en) 2015-05-19 2015-05-19 A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network.
US15/572,343 US10594680B2 (en) 2015-05-19 2015-05-19 Communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2015/050566 WO2016186539A1 (en) 2015-05-19 2015-05-19 A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network.

Publications (1)

Publication Number Publication Date
WO2016186539A1 true WO2016186539A1 (en) 2016-11-24

Family

ID=57320841

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2015/050566 WO2016186539A1 (en) 2015-05-19 2015-05-19 A communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network.

Country Status (3)

Country Link
US (1) US10594680B2 (en)
EP (1) EP3298813B1 (en)
WO (1) WO2016186539A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018070366A1 (en) * 2016-10-12 2018-04-19 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Transmission device, reception device, communication system, transmission method, reception method, and communication method
WO2018206107A1 (en) * 2017-05-11 2018-11-15 Telefonaktiebolaget Lm Ericsson (Publ) Establishing connections between wifi access points and wireless devices via light fidelity access points
EP3444684A1 (en) * 2017-08-14 2019-02-20 Honeywell International Inc. Method and system for securely connecting to field devices in an industrial plant using li-fi and augmented reality
CN109716827A (en) * 2016-12-16 2019-05-03 松下电器(美国)知识产权公司 Terminal and communication means

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6516009B2 (en) * 2015-07-10 2019-05-22 富士通株式会社 Device authentication system, management apparatus and device authentication method
CN105933899B (en) * 2016-04-14 2019-07-09 北京小米移动软件有限公司 The cut-in method and device of wireless access point
JP6902048B2 (en) * 2016-04-21 2021-07-14 シグニファイ ホールディング ビー ヴィSignify Holding B.V. Systems and methods for verifying credentials
KR102351498B1 (en) * 2018-01-09 2022-01-14 삼성전자주식회사 Data processing method and electronic apparatus thereof
TWI770279B (en) * 2018-09-19 2022-07-11 財團法人工業技術研究院 Voucher verification auxiliary device, system and method thereof
US11146931B2 (en) * 2018-10-10 2021-10-12 Rosemount Aerospace, Inc. Portable wireless avionics intra-communication adapter location system
GB201907574D0 (en) * 2019-05-29 2019-07-10 Purelifi Ltd Light communication system and method
JP7231031B2 (en) * 2019-07-02 2023-03-01 日本電信電話株式会社 Communication system, base station, and communication method
WO2021002024A1 (en) * 2019-07-04 2021-01-07 日本電信電話株式会社 Wireless communication system, wireless communication method, and wireless terminal device
WO2021002023A1 (en) * 2019-07-04 2021-01-07 日本電信電話株式会社 Communication system, terminal, communication method, and program
JP7294428B2 (en) * 2019-08-07 2023-06-20 日本電信電話株式会社 Wireless communication system, wireless terminal device, wireless base station device, and wireless communication method
US12074640B2 (en) 2019-12-16 2024-08-27 Nippon Telegraph And Telephone Corporation Terminal devices, communication methods, and communication systems
WO2021124407A1 (en) 2019-12-16 2021-06-24 日本電信電話株式会社 Terminal device, communication method, and communication system
JP7226592B2 (en) * 2020-01-23 2023-02-21 日本電信電話株式会社 Terminal device, communication method, and communication system
WO2021199393A1 (en) * 2020-04-02 2021-10-07 日本電信電話株式会社 Radio communication system, base station control device, evacuation guidance method, and base station control program
JP7384270B2 (en) * 2020-04-02 2023-11-21 日本電信電話株式会社 Wireless communication system, wireless communication method, base station control device, and base station control program
CN111867178B (en) * 2020-07-18 2022-10-04 国网福建省电力有限公司 Main control room lighting system based on local area network and voice recognition
US20240063906A1 (en) 2021-01-04 2024-02-22 Nippon Telegraph And Telephone Corporation Wireless communication system, base station control device, evacuation guidance method, and base station control program
CN112512028B (en) * 2021-02-04 2021-05-11 深圳市晶讯技术股份有限公司 Intelligent product replacement system and method based on Bluetooth Mesh network
US11677630B2 (en) * 2021-04-30 2023-06-13 Cisco Technology, Inc. Secure device management

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007045937A1 (en) * 2005-10-18 2007-04-26 Nokia Corporation Security in wireless environments using out-of-band channel communication
US20110119745A1 (en) * 2007-05-24 2011-05-19 Iti Scotland Limited Network authentication
US20130330088A1 (en) * 2012-05-24 2013-12-12 Panasonic Corporation Information communication device
US20140057676A1 (en) * 2012-01-20 2014-02-27 Digimarc Corporation Shared secret arrangements and optical data transfer
US20140380443A1 (en) * 2013-06-24 2014-12-25 Cambridge Silicon Radio Limited Network connection in a wireless communication device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7548744B2 (en) 2003-12-19 2009-06-16 General Motors Corporation WIFI authentication method
US20080136621A1 (en) * 2006-12-07 2008-06-12 Symbol Technologies, Inc. Methods and apparatus for wlan management using rf tags
CN103621127B (en) * 2011-05-04 2019-04-19 马维尔国际贸易有限公司 For the access point controller of wireless authentication, method and integrated circuit
WO2012166115A1 (en) * 2011-05-31 2012-12-06 Research In Motion Limited System and method for authentication and key exchange for a mobile device via spectrally confined wireless communications
JP4932047B1 (en) * 2011-06-30 2012-05-16 楽天株式会社 Content or application providing system, content or application providing system control method, terminal device, terminal device control method, authentication device, authentication device control method, program, and information storage medium
US9444547B2 (en) 2011-07-26 2016-09-13 Abl Ip Holding Llc Self-identifying one-way authentication method using optical signals
US8732801B2 (en) * 2011-12-09 2014-05-20 Verizon Patent And Licensing Inc. Wireless connection method and device
US20150223277A1 (en) * 2014-01-31 2015-08-06 Qualcomm Incorporated Using visible light communication to manage wireless communications between devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007045937A1 (en) * 2005-10-18 2007-04-26 Nokia Corporation Security in wireless environments using out-of-band channel communication
US20110119745A1 (en) * 2007-05-24 2011-05-19 Iti Scotland Limited Network authentication
US20140057676A1 (en) * 2012-01-20 2014-02-27 Digimarc Corporation Shared secret arrangements and optical data transfer
US20130330088A1 (en) * 2012-05-24 2013-12-12 Panasonic Corporation Information communication device
US20140380443A1 (en) * 2013-06-24 2014-12-25 Cambridge Silicon Radio Limited Network connection in a wireless communication device

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018070366A1 (en) * 2016-10-12 2018-04-19 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Transmission device, reception device, communication system, transmission method, reception method, and communication method
US10862585B1 (en) 2016-12-16 2020-12-08 Panasonic Intellectual Property Corporation Of America Terminal and communication method
US10778331B2 (en) 2016-12-16 2020-09-15 Panasonic Intellectual Property Corporation Of America Terminal and communication method
US11956013B2 (en) 2016-12-16 2024-04-09 Panasonic Intellectual Property Corporation Of America Terminal and communication method
CN109716827A (en) * 2016-12-16 2019-05-03 松下电器(美国)知识产权公司 Terminal and communication means
US20190223232A1 (en) * 2016-12-16 2019-07-18 Panasonic Intellectual Property Corporation Of America Terminal and communication method
EP3557888A4 (en) * 2016-12-16 2020-01-01 Panasonic Intellectual Property Corporation of America Terminal and communication method
US10644795B2 (en) 2016-12-16 2020-05-05 Panasonic Intellectual Property Corporation Of America Terminal and communication method
US11711146B2 (en) 2016-12-16 2023-07-25 Panasonic Intellectual Property Corporation Of America Terminal and communication method
US11309963B2 (en) 2016-12-16 2022-04-19 Panasonic Intellectual Property Corporation Of America Terminal and communication method
EP3849246A1 (en) * 2016-12-16 2021-07-14 Panasonic Intellectual Property Corporation of America Terminal and communication method
WO2018206107A1 (en) * 2017-05-11 2018-11-15 Telefonaktiebolaget Lm Ericsson (Publ) Establishing connections between wifi access points and wireless devices via light fidelity access points
US11805411B2 (en) 2017-05-11 2023-10-31 Telefonaktiebolaget Lm Ericsson (Publ) Establishing connections between WiFi access points and wireless devices via light fidelity access points
EP3444684A1 (en) * 2017-08-14 2019-02-20 Honeywell International Inc. Method and system for securely connecting to field devices in an industrial plant using li-fi and augmented reality
CN109388114A (en) * 2017-08-14 2019-02-26 霍尼韦尔国际公司 Method and system for the field device for using LI-FI and augmented reality to be securely connected in industrial plant

Also Published As

Publication number Publication date
EP3298813A1 (en) 2018-03-28
US10594680B2 (en) 2020-03-17
US20180139202A1 (en) 2018-05-17
EP3298813B1 (en) 2019-04-03
EP3298813A4 (en) 2018-05-16

Similar Documents

Publication Publication Date Title
US10594680B2 (en) Communications system, a station, a controller of a light source, and methods therein for authenticating the station to access a network
US10750366B1 (en) Efficient authentication and secure communications in private communication systems having non-3GPP and 3GPP access
US10644880B1 (en) Network access control
CN108781216B (en) Method and apparatus for network access
ES2908002T3 (en) Method and apparatus for registering with external networks in wireless network environments
US9654972B2 (en) Secure provisioning of an authentication credential
US9979710B2 (en) Single SSID and dual-SSID enhancements
US8549658B2 (en) Provisioning credentials for embedded wireless devices
US9824193B2 (en) Method for using mobile devices with validated user network identity as physical identity proof
US9049184B2 (en) System and method for provisioning a unique device credentials
ES2755953T3 (en) Systems and procedures for remote credential management
EP2617222B1 (en) Dynamic account creation with secured hotspot network
US11895489B2 (en) Distributed management of secure Wi-Fi network
US20160242033A1 (en) Communication service using method and electronic device supporting the same
CN110832823A (en) Cloud-based WIFI network setup for multiple access points
CN114667499A (en) Password and policy based device independent authentication
ES2534046T3 (en) Method and devices to access a wireless local area network
CN115362747A (en) Terminal equipment verification method and device
CN114223231A (en) Communication method and device
Suduwella et al. Visible light communication based authentication protocol designed for location based network connectivity
KR101940722B1 (en) Method for providing communication security for user mobile in open wifi zone
CN117641345A (en) Transmission of network access information for wireless devices
Tas WI-FI ALLIANCE HOTSPOT 2.0 SPECIFICATION BASED NETWORK DISCOVERY, SELECTION, AUTHENTICATION, DEPLOYMENT AND FUNCTIONALITY TESTS.
Carthern et al. Wireless LAN (WLAN)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15892704

Country of ref document: EP

Kind code of ref document: A1

REEP Request for entry into the european phase

Ref document number: 2015892704

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 15572343

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE