WO2023178407A1 - Service internet à barrière géographique virtuelle - Google Patents

Service internet à barrière géographique virtuelle Download PDF

Info

Publication number
WO2023178407A1
WO2023178407A1 PCT/CA2022/050452 CA2022050452W WO2023178407A1 WO 2023178407 A1 WO2023178407 A1 WO 2023178407A1 CA 2022050452 W CA2022050452 W CA 2022050452W WO 2023178407 A1 WO2023178407 A1 WO 2023178407A1
Authority
WO
WIPO (PCT)
Prior art keywords
client device
computing device
zones
wireless access
zone
Prior art date
Application number
PCT/CA2022/050452
Other languages
English (en)
Inventor
Nicholas BREWER
Original Assignee
Western Fibre Communications Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Western Fibre Communications Corp. filed Critical Western Fibre Communications Corp.
Priority to PCT/CA2022/050452 priority Critical patent/WO2023178407A1/fr
Publication of WO2023178407A1 publication Critical patent/WO2023178407A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas

Definitions

  • This disclosure relates generally to controlling and providing network access and in particular to a method and system for providing individualized network connectivity with designated spaces within a common building
  • Network access and in particular internet connectivity is becoming a mandatory element of modern life. In particular, it is becoming increasingly required that fast, reliable internet be made available for each dwelling or suite within a building.
  • current means of providing internet connectivity to each unit or suite in such a building frequently involves providing a discrete network connection, such wired, cable or fibre optic cable to that unit. Thereafter when internet service is desired at the unit, a technician or service personnel is sent to the unit to install a wired or wireless router to that suite to install or activate the wired connection. It will be appreciated that such installation and activation by service persons is time consuming and results in delated activation of service.
  • a system for controlling access of a plurality of users in a space to a network comprising a first computing device operably coupled to an internet side network connection, at least one wireless access point connected to the first computing device and at least one application executed on the first computing device.
  • the application is operable to cause, when executed, the first computing device to at least receive a position of at least one client device within one of a plurality of predefined geofenced zones, determine if the at least one client device is within an authorized zone of the plurality of predefined geofenced zones corresponding to an account associated with the at least one client device and operably connecting the at least one client device to the internet side network connection only while the at least one client device is within the authorized zone.
  • the at least one wireless access point may be configured to define the plurality of zones.
  • the at least one wireless access point may comprise a plurality of wireless access points.
  • the at least one wireless access point may be adapted to determine a location of the client device in a particular zone within at least one of the plurality of zones.
  • the at least one wireless access point may measure signal strength to the client device.
  • the at least one wireless access point may measure the strongest signal strength from the client device indicates the zone in which the client device is located.
  • a plurality of wireless access points may triangulate the location of the client device.
  • the system may further comprise a database containing data correlating a plurality of user accounts to at least one authorized zone.
  • a non-transitory computer-readable medium embodying a program executable in at least one computing device, wherein when executed cases a first computing device to at least receive a position of at least one client device within one of a plurality of predefined geofenced zones, determine if the at least one client device is within an authorized zone of the plurality of predefined geofenced zones corresponding to an account associated with the at least one client device and operably connecting the at least one client device to an internet side network connection of the first computing device only while the at least one client device is within the authorized zone.
  • the non-transitory computer readable medium may cause the first computing device to furthermore detect when the at least one client device exits an authorized zone for the account associated with the at least one client device and terminate a connection of the at least one client device to an internet side network connection.
  • the first computing device may furthermore determine a location of the client device in a particular zone within at least one of the plurality of zones.
  • the first computing device may furthermore compare the signal strength of the wireless signal to the client device at a plurality of wireless access devices to identify which zone the client device is in of the plurality of zones.
  • the first computing device may furthermore selects the strongest signal strength as measured at the plurality of wireless access points.
  • the first computing device may furthermore triangulate the location of the client device from the plurality of wireless access points.
  • a method for controlling access to a plurality of users in a space to a network comprising providing a first computing device having an internet side network connection and an associated database containing a listing of user account and corresponding authorized zones, receiving, at the first computing device, a wireless connection from a client device and determining a location of the client device within one of a plurality of geographic zones.
  • the method further comprises obtaining a user account associated with the client device, comparing the location of the client device between the plurality of geographic zones and connecting the client device to the internet side network while the client device is within one of the authorized zones associated with the user account for that client device.
  • the wireless connection may be received by at least one wireless access point operably connected to the first computing device.
  • the location of the client device may be determined by the at least one wireless access point.
  • Figure 1 is an illustration of a building having unit specific internet accessibility provided therein.
  • Figure 2 is a schematic diagram of a network according to one embodiment of the present disclosure.
  • Figure 3 is a block diagram of a network controller of Figure 2 according to one embodiment of the present disclosure.
  • Figure 4 is a flow chart illustrating activating an account for providing the internet access according to one embodiment of the present disclosure.
  • Figure 5 is a flow chart illustrating activation of internet access for a user device within a designated geofenced zone according to one embodiment of the present disclosure.
  • Figure 3 is a block diagram of a network controller of Figure 2 according to one embodiment of the present disclosure.
  • an exemplary system for providing internet access to a plurality of units 12 within a building 10 is shown generally at 20.
  • the building 10 may include a plurality of floors 14 or may optionally include all units 12 on a common floor. Examples of such units or suites may include condominiums, apartments, offices, hotel suites or the like by way of non-limiting example.
  • the building may include a plurality of suites 12a, 12b, 12c ... 12n and so forth for as many units or suites as are included within the building or complex.
  • the present disclosure is directed to providing individualized internet access for a plurality of users within the building and therefore, although the present description references units or suites within the building, that different divisions of the overall space may also be utilized, including regions or areas within the overall space as differentiated by geofencing techniques as may be employed. Furthermore, it will be appreciated that the individual spaces or areas may be separated from each other so as to not be sharing common walls or barriers therebetweeen, but may be defined within different but proximate buildings to each other, such as cabins or the like.
  • the system includes a first computing device 22 connected to a plurality of wireless access points 40 distributed through the building 10.
  • First computing device 22 is operably connected to the internet 8 through a modem or the like as is commonly known.
  • the first computing device 22 is operably connected to a database containing information on a plurality of users with registered accounts and at least one authorized zone.
  • the system determines the location of a client device 4c 5 or 6 associated with the user’s account within the building. If the client device is within one of the authorized zones, the first computing device permits internet access therethrough. Examples of such client devices may include cellular phones 5, televisions 4 or other wifi enabled consumer electronics or computers 6. It will be appreciated that this listing is not intended to be limiting and should include any device utilized to wirelessly access the internet which may be located in one or more zones including devices enhanced with internet-of-things technology.
  • the first computing device 22 comprises a processing circuit 24, and memory 26 that stores machine instructions that when executed by the processing circuit 24, cause the processing circuit 24 to perform one or more of the operations and methods described herein.
  • the processing circuit 24 may optionally contain a cache memory unit for temporary local storage of instructions, data, or computer addresses.
  • the first computing device 22 further includes a data storage 28 of any conventional type operable to store a plurality of entries containing the saved voice profile information of a plurality of users and may optionally include an input 30 such as a keyboard, and/or mouse and display 32 for receiving and displaying inputs from a database manager or user.
  • the first database 14 also includes a network interface 34 such as modem or the like for providing communication between the processing circuit 24 and the internet at an internet side network connection as is commonly known.
  • processing circuit is intended to broadly encompass any type of device or combination of devices capable of performing the functions described herein, including (without limitation) other types of microprocessing circuits, microcontrollers, other integrated circuits, other types of circuits or combinations of circuits, logic gates or gate arrays, or programmable devices of any sort, for example, either alone or in combination with other such devices located at the same location or remotely from each other. Additional types of processing circuit(s) will be apparent to those ordinarily skilled in the art upon review of this specification, and substitution of any such other types of processing circuit(s) is considered not to depart from the scope of the present invention as defined by the claims appended hereto.
  • the processing circuit 22 can be implemented as a single-chip, multiple chips and/or other electrical components including one or more integrated circuits and printed circuit boards.
  • Computer code comprising instructions for the processing circuit(s) to carry out the various embodiments, aspects, features, etc. of the present disclosure may reside in the memory 26.
  • the processing circuit 24 can be implemented as a single-chip, multiple chips and/or other electrical components including one or more integrated circuits and printed circuit boards.
  • the processing circuit 24 together with a suitable operating system may operate to execute instructions in the form of computer code and produce and use data.
  • the operating system may be Windows-based, Mac-based, or Unix or Linux-based, among other suitable operating systems. Operating systems are generally well known and will not be described in further detail here.
  • Memory 26 may include various tangible, non-transitory computer-readable media including Read-Only Memory (ROM) and/or Random-Access Memory (RAM).
  • ROM Read-Only Memory
  • RAM Random-Access Memory
  • ROM acts to transfer data and instructions uni-directionally to the processing circuit 24, and RAM is used typically to transfer data and instructions in a bi-directional manner.
  • RAM includes computer program instructions that when executed by the processing circuit 24 cause the processing circuit 24 to execute the program instructions described in greater detail below.
  • the term “memory” as used herein encompasses one or more storage mediums and generally provides a place to store computer code (e.g., software and/or firmware) and data that are used by the user device 4, 5 or 6.
  • Memory 26 may further include a floppy disk, CD-ROM, DVD, magnetic disk, memory chip, ASIC, FPGA, EEPROM, EPROM, flash memory, optical media, or any other suitable memory from which processing circuit 24 can read instructions in computer programming languages.
  • the system 20 may include a plurality of wireless access points 40 distributed through the building.
  • the wireless access points 40 may be distributed in a manner to provide wireless connectivity for a plurality of client devices within the building to the first computing device 22.
  • one or more Bluetooth receivers 42 may also be utilized to detect and provide communication between a client device 4, 5 or 6 and the fist computing device.
  • the building 10 is subdivided into a plurality of zones 12a, 12b and 12c. Although only three zones are labelled in Figure 1 , it will be appreciated that more than three zones may commonly be utilized.
  • the zones are selected and defined to correspond to an existing portion of the building, such as by way of non-limiting example, an individual apartment suite or room.
  • the individual zones 12 are formed and defined during the initial design of the network according to the intended use of the building as well as the need to differentiate between users assigned to each zone. It will be appreciated that the definitions of the zones will depend on the intended method of geofencing bateen the zones. By way of nonlimiting example, such geofencing methods may include utilizing triangulation and signal strength between multiple access points 40 within the system. It will be appreciated that such systems may utilize any known communication protocol including, but not limited to Bluetooth®, Wi-Fi, RFID or the like.
  • the system 20 detects the presence of a new device 4, 5 or 6 by detecting an attempt to connect to one or more of the access points 40.
  • the database 28 may include a listing of known MAC addresses so as to enable the system to determine if that device is new or a previously connected device.
  • the system may optionally require a password and or provide the user with a log in, connection page as are commonly known or may optionally identify the device with identity means including RFID tags or the like.
  • the location of that device is determined using one or more geolocation methods, including but not limited to signal strength, triangulation, or querying device to provide location.
  • the location of the device may be determined by comparing the signal strength as measured at a plurality of access points to determine which access point, and therefore, which zone the device is in. Utilizing such methods, the access point may first receive a broadcast signal from the user device to retrieve the MAC address and therefore the identity of the device as within measurement range if it continues to receive such signal for a predetermined period of time so as to improve stability of the location.
  • the signal strength as measured at a plurality of access points 40 may be utilized to triangulate the position of the device for comparison to a map of the access points and defined zone.
  • the geolocation of the device itself may be requested by the system 20 from the global positioning information recorded and stored within that device. Thereafter, the position, as provided by the device may be compared to the predefined zones and the proper zone identified as the current location of that device. It will be appreciated that other locating methods an systems may also be utilized. It will furthermore be appreciated that the location of the device may be refreshed at intervals to monitor the continued location of the device at any desired time interval, such as, by way of non-limiting example, 1 second to 1 hour or more.
  • each of the plurality of zones is recorded in the database 28 as a zone register 50.
  • Each of such zones 12a, 12b... includes a unique identifier such that the first computing device will be able to identify when a client device 4, 5 or 6 is located therein as well as which specific zone that client device is within.
  • the database 28 contains a user account register 60 containing a listing of each user as well as their devices, the SSID 64 assigned to each device or the VLAN that is assigned to a grouping of the devices within an account.
  • the user account register 60 also includes a listing of the authorized zones 12a through wen in which the client devices 4, 5 or 6 are to be permitted to access the internet through the first computing device 22.
  • an administrator creates a user account 60 for them in the first computing device 22 using the account creation method as illustrated generally at 100 in Figure 4.
  • the user may log into the administration webpage to create an account on their own.
  • the administrator or user may first create a new user account including their identity, billing information and other Bibliographical information at step 102.
  • a user or administrator may then add devices at step 104 by entering the type of device, connection type and other details utilized to identify it.
  • the client device 4, 5 or 6 may access the system 10 through built in Wi-Fi components or add on Wi-Fi or Bluetooth receivers.
  • the client device 4, 5 or 6 may access the system through pre-installed, integrated or downloadable software as are know for enabling Wi-Fi access. It will be appreciated that additional devices 4, 5 or 6 may also be added to a particular user account at a later date after the account has been created.
  • the account creation process 100 will then assign a unique SSID to each client device 4, 5 and 6 or may optionally assign a common SSID to each client device within that user account at step 106.
  • all user devices 4, 5 and 6 within a common user account may be grouped together as a virtual LAN (VLAN) so as to provide security and separation between users.
  • VLAN virtual LAN
  • more than one VLAN may therefore be utilized, the number of which is dependant upon the size of the building and number and bandwidth requirements of the users.
  • more than one user may be grouped within a common VLAN.
  • the SSIDS or a group thereof for each user or group of users may be divided into one or more subnet as are commonly known.
  • the account creation process 100 may retrieve a listing of the active and optional future zones 12a from the defined zones register 50 at step 108. It will be appreciated that this listing may include currently active zones as well as future or deactivated zones. This zones register 50 may also be updated from time to time as different areas of the building are listed as occupied, removed or grouped together depending on the needs of the building. It will also be appreciated that this step may be optional in some embodiments where all functions of the network control, account administration and monitoring are conducted by a common first computing device. An administrator or user may then select the zones 12a through wen for which the devices assigned to that user are authorized to access the internet within in step 110.
  • these authorized zones 12a through wen may be automatically assigned to correspond to a pre-selected set of zones which are automatically assigned by the fist computing device 22 depending on the bibliographic information entered in step 102.
  • one or more zones 12a may be assigned to a particular suite or unit as illustrated in Figure 1.
  • the first computing device 22 may automatically assign the zone 12a assigned to the address entered. In such a manner, a user will automatically be allowed internet access within their suite or unit only. Thereafter, the system 20 will monitor for access requests by and locations of individual client devices 4, 5 and 6 and provide internet access through the internet side network connection 34 when the client device 4, 5 or 6 is within one of the approved zones in step 200
  • the first computing device monitors for connection requests on a continual basis in step 202.
  • the system will receive connection request to the one of the access points 40 according to commonly known methods.
  • the first computing device looks up the SSID assigned to that device to determine if that device has been registered with one or more accounts in step 204. IF the device is not registered, the user will be directed to either register that device or create an account in the process 100 of Figure 4. If the device is registered with a valid SSID, the first computing device 22 then determines which zone 12a through wen the device is located within at step 206.
  • the first computing device will permit the internet traffic sent and received from the client device 4, 5 or 6 to pass through the system 20 between the client device and the internet as illustrated at step 212. If the device however, is within a zone that is not a zone authorized with that user’s account, traffic between the client device and the internet will be blocked and the location of the client device determined again after a time period. As illustrated in Figure 5, the system 20 may wait a predetermined interval 214 after establishing connection between the client device and the internet to redetermine the location of the device. After such interval, the system may optionally first confirm that the device is still connected to the system a step 216. In such a manner, the system 20 will continuously monitor and determine the location of each client device 4, 5 or 6 to ensure it is still located within an authorized zone.
  • the controller includes the internet connection etc and is connected to multiple access points in the building.
  • a manager defines areas (likely suites or rooms) with geofencing (using known technology). When a user signs up, they are assigned an account that is authorized to access the wifi system through the access points, but only within their pre-registered geofenced area.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un système permettant de commander l'accès d'une pluralité d'utilisateurs dans un espace à un réseau comprend un premier dispositif informatique couplé fonctionnellement à une connexion de réseau côté Internet, au moins un point d'accès sans fil connecté au premier dispositif informatique et au moins une application utilisable pour amener le premier dispositif informatique à au moins recevoir une position d'au moins un dispositif client dans une zone d'une pluralité de zones à barrière géographique virtuelle prédéfinies, à déterminer si ledit dispositif client se trouven dans une zone autorisée de la pluralité de zones à barrière géographique virtuelle prédéfinies correspondant à un compte associé audit dispositif client et connectant fonctionnellement ledit dispositif client à la connexion de réseau côté Internet uniquement pendant que ledit dispositif client se trouve dans la zone autorisée.
PCT/CA2022/050452 2022-03-25 2022-03-25 Service internet à barrière géographique virtuelle WO2023178407A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2022/050452 WO2023178407A1 (fr) 2022-03-25 2022-03-25 Service internet à barrière géographique virtuelle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2022/050452 WO2023178407A1 (fr) 2022-03-25 2022-03-25 Service internet à barrière géographique virtuelle

Publications (1)

Publication Number Publication Date
WO2023178407A1 true WO2023178407A1 (fr) 2023-09-28

Family

ID=88099483

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2022/050452 WO2023178407A1 (fr) 2022-03-25 2022-03-25 Service internet à barrière géographique virtuelle

Country Status (1)

Country Link
WO (1) WO2023178407A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050192056A1 (en) * 2004-02-17 2005-09-01 Seiko Epson Corporation Method and apparatus for connecting/disconnecting wireless-connection to network
CN101668293A (zh) * 2009-10-21 2010-03-10 杭州华三通信技术有限公司 Wlan中访问网络权限的控制方法和系统
KR101218409B1 (ko) * 2012-07-13 2013-01-03 주식회사 엔피코어 접근 통제 시스템 및 방법
CN107708068A (zh) * 2017-09-29 2018-02-16 深圳奇迹智慧网络有限公司 室内定位方法、系统、计算机存储介质及服务器
EP2744234B1 (fr) * 2012-12-11 2018-10-10 BlackBerry Limited Système et procédé de gardiennage virtuel
US10193894B2 (en) * 2017-02-15 2019-01-29 At&T Intellectual Property I, L.P. Enabling access to restricted data using geofences

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050192056A1 (en) * 2004-02-17 2005-09-01 Seiko Epson Corporation Method and apparatus for connecting/disconnecting wireless-connection to network
CN101668293A (zh) * 2009-10-21 2010-03-10 杭州华三通信技术有限公司 Wlan中访问网络权限的控制方法和系统
KR101218409B1 (ko) * 2012-07-13 2013-01-03 주식회사 엔피코어 접근 통제 시스템 및 방법
EP2744234B1 (fr) * 2012-12-11 2018-10-10 BlackBerry Limited Système et procédé de gardiennage virtuel
US10193894B2 (en) * 2017-02-15 2019-01-29 At&T Intellectual Property I, L.P. Enabling access to restricted data using geofences
CN107708068A (zh) * 2017-09-29 2018-02-16 深圳奇迹智慧网络有限公司 室内定位方法、系统、计算机存储介质及服务器

Similar Documents

Publication Publication Date Title
US10397800B2 (en) System and method for network access point installation and access control
AU2016204744B2 (en) Passenger conveyance way finding beacon system
KR101328779B1 (ko) 이동 단말기, 서버 및 이를 이용한 정보 제공 방법
US20210314725A1 (en) Electronic location identification & tracking system with beacon clustering
US9325590B2 (en) Automatic switch-mapping and client device location detection
US9172612B2 (en) Network device configuration management by physical location
US10535210B2 (en) Electronic access control and location tracking system
US10390173B2 (en) Techniques for establishing and using associations between location profiles and beacon profiles
US9781696B1 (en) Activity-triggered provisioning of portable wireless networks
US10791428B2 (en) Electronic location determination and tracking system with virtual beacon clustering
CN106991742B (zh) 一种动态识别社区蓝牙及网络门禁终端的开门方法及系统
CN102625230B (zh) 一种楼宇系统通信方法、装置及系统
US9075123B2 (en) System and method for radio-based localization of a terminal device
US20200067767A1 (en) Automated provisioning of networked access points by port or location
WO2023178407A1 (fr) Service internet à barrière géographique virtuelle
KR102275796B1 (ko) 카메라 설치 인증 시스템
CN111637891A (zh) 厕所定位方法及系统
US20200234201A1 (en) Environmental preference based seat exchange platform
US9325595B1 (en) Method and apparatus for identifying available work stations
US20190221096A1 (en) Security system with occupancy determination based on hvac applications
KR20170004534A (ko) BLE 비콘 기반 WiFi 접속을 위한 장치 및 방법
US20200380431A1 (en) Environmental preference based desk exchange platform
US10588006B2 (en) Method and device for controlling target device of host and client
US20180115460A1 (en) Automatic provisioning of a network access point
JP6309714B2 (ja) 情報管理装置及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22932525

Country of ref document: EP

Kind code of ref document: A1