Wireless multi-factor authentication with captive portals
First Claim
Patent Images
1. A method for authenticating a device to a wireless network, comprising:
- performing a first authentication to identify the device;
performing a second authentication to identify a user of the device based on a determination of the identity of the device;
re-performing the first authentication to identify the device based on a determination that a number of attempts to identify the user of the device has exceeded a maximum number of attempts; and
granting access to the wireless network based on a determination that the number of attempts to identify the user of the device has not exceeded the maximum number of attempts;
associating a subnetwork with the device, the subnetwork restricts transmission and reception by the device prior to completion of at least one of the first authentication or the second authentication;
wherein at least one of the performing the first authentication and the performing the second authentication is performed over the subnetwork.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for device-agnostic, multi-factor network authentication are disclosed. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.
-
Citations
17 Claims
-
1. A method for authenticating a device to a wireless network, comprising:
- performing a first authentication to identify the device;
performing a second authentication to identify a user of the device based on a determination of the identity of the device;
re-performing the first authentication to identify the device based on a determination that a number of attempts to identify the user of the device has exceeded a maximum number of attempts; and
granting access to the wireless network based on a determination that the number of attempts to identify the user of the device has not exceeded the maximum number of attempts;
associating a subnetwork with the device, the subnetwork restricts transmission and reception by the device prior to completion of at least one of the first authentication or the second authentication;
wherein at least one of the performing the first authentication and the performing the second authentication is performed over the subnetwork. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- performing a first authentication to identify the device;
-
10. A system for authenticating a device to a network, comprising:
- a first authentication component that determines an identity of a device;
a captive portal that accepts at least one input, wherein the captive portal is automatically displayed based on a determination of the identity of the device; and
a second authentication component that identifies a user of the device within a determined number of attempts to identify the user, wherein the system rolls back to the first authentication component to identify the device based on a determination that the number of access attempts exceeds the determined number of attempts to identify the user;
wherein the captive portal is implemented with multiple versions, and wherein a version from the multiple versions is selected based at least in part on the device. - View Dependent Claims (11, 12, 13, 14, 15)
- a first authentication component that determines an identity of a device;
-
16. A device-agnostic system for authenticating a client to a network, comprising:
- means for associating a client machine to a first connection;
means for verifying an identity of the client machine via the first connection;
means for associating the client machine to a second connection;
means for verifying an identity of a user associated with the client machine via the second connection based on a determination that a number of attempts to verify the identity of the user is less than a determined number of attempts, wherein the device-agnostic system rolls back to the means for verifying the identity of the client machine based on another determination that the number of attempts to verify the identity of the user exceeds the determined number of attempts; and
means for associating the client machine to at least a third connection based on verification of the identity of the user;
means for associating a subnetwork with the device, the subnetwork restricts transmission and reception by the device prior to completion of at least one of the first authentication or the second authentication;
wherein at least one of the performing the first authentication and the performing the second authentication is performed over the subnetwork. - View Dependent Claims (17)
- means for associating a client machine to a first connection;
Specification