AUTOMATED WIRELESS DEVICE PROVISIONING AND AUTHENTICATION
First Claim
1. A method for automatically provisioning a device to wirelessly connect to an access point, the method comprising:
- advertising an online signup (OSU) extended service set (ESS) and a production ESS, the OSU ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of completing an OSU operation and the production ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of providing network access, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting network access; and
while the device is connected to the OSU ESS;
i) facilitating determination of a service provider (SP) associated with the device;
ii) facilitating transmission of an OSU request from the device to an OSU server associated with the service provider for the purposes of conducting the OSU operation, including facilitating delivery of a credential and a selection policy from the OSU server to the device following successful completion of the OSU operation, the AAA server requiring the credential prior to issuing the authentication to the access point and the selection policy at least partially provisioning the device to connect to the production ESS; and
iii) facilitating use of a subscription construct for the purposes of authorizing entitlements associated with the device.
1 Assignment
0 Petitions
Accused Products
Abstract
Automated provisioning and/or authentication of a device to a wireless access point is contemplated. The automated provisioning may be performed in a manner that enables the device to receive provisioning instructions in accordance with HotSpot 2.0, Passpoint or other Wi-Fi related protocols and standards without having to input identification or other user-specific information like a username and password combination. The authentication may be performed in a manner sufficient to enable service-level differentiation for the provisioned devices and/or other devices desiring wireless access, such as but not necessary limited to facilitating assigning different bandwidth speed/priorities according to a service agreement.
-
Citations
20 Claims
-
1. A method for automatically provisioning a device to wirelessly connect to an access point, the method comprising:
-
advertising an online signup (OSU) extended service set (ESS) and a production ESS, the OSU ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of completing an OSU operation and the production ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of providing network access, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting network access; and while the device is connected to the OSU ESS; i) facilitating determination of a service provider (SP) associated with the device; ii) facilitating transmission of an OSU request from the device to an OSU server associated with the service provider for the purposes of conducting the OSU operation, including facilitating delivery of a credential and a selection policy from the OSU server to the device following successful completion of the OSU operation, the AAA server requiring the credential prior to issuing the authentication to the access point and the selection policy at least partially provisioning the device to connect to the production ESS; and iii) facilitating use of a subscription construct for the purposes of authorizing entitlements associated with the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium comprising a plurality of instructions operable with a processor of an online signup (OSU) server and sufficient for facilitating connection of a device to a wireless access point having a local area network (LAN) interface and a wide area network (WAN) interface, the LAN interface being configured to facilitate wireless signaling with the device and the WAN interface being configured to facilitate signal associated with providing the device network access, the wireless access point providing an online signup (OSU) extended service set (ESS) and a production ESS via the LAN interface, the OSU ESS sufficient for establishing wireless signaling between the device and OSU server for the purposes of completing an OSU operation and the production ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of providing network access, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting network access, the non-transitory computer-readable medium comprising instructions sufficient for:
-
receiving an OSU request from the device via the OSU ESS, the OSU request indicating a desire of the device to undertake the OSU operation in order to receive a credential and a selection policy from the OSU server, the AAA server requiring the credential prior to issuing the authentication to the access point, the selection policy at least partially provisioning the device to connect to the production ESS; determining an in-home status for the device while undertaking the OSU operation, the in-home status being one of a first state and a second state, the first state indicating the device to be within a near field range of the access point associated with the OSU request and the second state indicating the device to be either beyond the near field range or indicating a position of the device relative to the access point associated with the OSU request being unknown; and providing the credential and the selection policy to the device upon receipt of an identification if the second state is determined and without receipt of the identification if the first state is determined, the identification being determined from a user input to the device as part of the OSU operation. - View Dependent Claims (16, 17)
-
-
18. A non-transitory computer-readable medium comprising a plurality of instructions operable with a processor of an Authentication, Authorization and Accounting (AAA) server and sufficient for facilitating authentication of a device to a first access point advertising an online signup (OSU) extended service set (ESS) and a production ESS, the OSU ESS sufficient for establishing wireless signaling between the device and the first access point for the purposes of executing an OSU operation, successful execution of the OSU operation resulting in the OSU server provisioning the device with a credential and a set of instructions sufficient for connecting to the production ESS, the production ESS being sufficient for establishing wireless signaling between the device and the access point for the purposes of providing network access, the non-transitory computer-readable medium comprising instructions sufficient for:
-
receiving an update request from the OSU server identifying the credential provided to the device as part of the OSU operation; associating the credential with one or more identifiers used to uniquely identify a corresponding access point; executing a security association with the device via the production ESS, the security association including the device providing the credential and the access point providing a first identifier; determining whether the first identifier matches with one or more of the identifiers previously associated with the credential; providing a first authentication to the first access point if the first identifier matches with one of the identifiers associated with the credential, the first authentication being sufficient to authenticate the device to access a first level of service; and providing a second authentication to the first access point if the first identifier fails to match with one of the identifiers associated with the credential, the second authentication being sufficient to authenticate the device to access a second level of service, the second level of service being different than the first level of service. - View Dependent Claims (19, 20)
-
Specification