Automated wireless device provisioning and authentication

US 9,800,581 B2
Filed: 08/14/2014
Issued: 10/24/2017
Est. Priority Date: 03/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method for automatically provisioning a device to wirelessly connect to an access point, the method comprising:

advertising an online signup (OSU) extended service set (ESS) and a production ESS from the access point, the OSU ESS sufficient for facilitating wireless signaling independently of the production ESS between the device and the access point for purposes of providing limited network access necessary for completing an OSU operation with an OSU server located upstream from the access point, the production ESS sufficient for facilitating wireless signaling independently of the OSU ESS between the device and the access point for purposes of providing essentially unlimited network access to a network upstream from the access point, the limited network access being characterized by the device being unable to communicate with servers other than necessary for communication with the OSU server and the unlimited network access being characterized by the device being able to communicate with servers other than the OSU server, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting the unlimited network access; and

while the device is connected to the OSU ESS and unconnected to the production ESS;

i) facilitating determination of a service provider (SP) associated with the device;

ii) facilitating transmission of an OSU request from the device to the OSU server associated with the service provider for purposes of conducting the OSU operation, including facilitating delivery of a credential and a selection policy from the OSU server to the device through the access point and the production ESS following successful completion of the OSU operation, the AAA server requiring the credential prior to issuing the authentication to the access point, the selection policy at least partially provisioning the device to subsequently disconnect from the OSU ESS and then connect to the production ESS for purposes of providing the unlimited network access to the network; and

iii) facilitating use of a subscription construct for purposes of authorizing entitlements associated with the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automated provisioning and/or authentication of a device to a wireless access point is contemplated. The automated provisioning may be performed in a manner that enables the device to receive provisioning instructions in accordance with HotSpot 2.0, Passpoint or other Wi-Fi related protocols and standards without having to input identification or other user-specific information like a username and password combination. The authentication may be performed in a manner sufficient to enable service-level differentiation for the provisioned devices and/or other devices desiring wireless access, such as but not necessary limited to facilitating assigning different bandwidth speed/priorities according to a service agreement.

Citations

20 Claims

1. A method for automatically provisioning a device to wirelessly connect to an access point, the method comprising:
- advertising an online signup (OSU) extended service set (ESS) and a production ESS from the access point, the OSU ESS sufficient for facilitating wireless signaling independently of the production ESS between the device and the access point for purposes of providing limited network access necessary for completing an OSU operation with an OSU server located upstream from the access point, the production ESS sufficient for facilitating wireless signaling independently of the OSU ESS between the device and the access point for purposes of providing essentially unlimited network access to a network upstream from the access point, the limited network access being characterized by the device being unable to communicate with servers other than necessary for communication with the OSU server and the unlimited network access being characterized by the device being able to communicate with servers other than the OSU server, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting the unlimited network access; and
  
  while the device is connected to the OSU ESS and unconnected to the production ESS;
  
  i) facilitating determination of a service provider (SP) associated with the device;
  
  ii) facilitating transmission of an OSU request from the device to the OSU server associated with the service provider for purposes of conducting the OSU operation, including facilitating delivery of a credential and a selection policy from the OSU server to the device through the access point and the production ESS following successful completion of the OSU operation, the AAA server requiring the credential prior to issuing the authentication to the access point, the selection policy at least partially provisioning the device to subsequently disconnect from the OSU ESS and then connect to the production ESS for purposes of providing the unlimited network access to the network; and
  
  iii) facilitating use of a subscription construct for purposes of authorizing entitlements associated with the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 further comprising instructing the device and/or the access point to generate the subscription construct by including a first access point identifier within messaging communicated from the device to the OSU server through the access point and the OSU ESS, the first access point identifier being sufficient for uniquely identifying the access point to the OSU server for purposes of enabling the OSU server to facilitate authorizing entitlements based at least in part on the access point associated with the first access point identifier.
  - 3. The method of claim 2 further comprising instructing the device and/or the access point to add the first access point identifier within a supplemental data message transmitted from the device to the OSU server through the OSU ESS as part of the OSU operation.
  - 4. The method of claim 3 further comprising instructing the access point to add the supplemental data message at the access point following communication of the supplemental data message from the device through the OSU ESS.
  - 5. The method of claim 4 further comprising the supplemental data message being one of a plurality of Transport Layer Security (TLS) messages exchanged within a TLS tunnel constructed between the device and the OSU server via the OSU ESS.
  - 6. The method of claim 2 further comprising instructing the device or the access point to generate the first access point identifier to identify a Media Access Control (MAC) address of the access point.
  - 7. The method of claim 2 further comprising instructing the device and/or the access point to generate the subscription construct to include a proximity value for indicating whether the device is within a near field range of the access point.
  - 8. The method claim 7 further comprising instructing the device and/or the access point to generate the proximity value to be a first value if the device is within the near field range and to be a second value if the device is not within the near field range.
  - 9. The method of claim 7 further comprising instructing the device and/or the access point to determine the device to be within the near field range using near field signals exchanged between the device and the access point independently of the OSU ESS and the production ESS.
  - 10. The method of claim 9 further comprising instructing the device and the access point to exchange the near field signals at a power level less than power levels associated with the OSU ESS and the production ESS such that the near field signals travel a shorter distance than related wireless signals transmitted from the access point for the OSU ESS and the production ESS.
  - 11. The method of claim 10 further comprising instructing the access point to facilitate the wireless signals transmitted from the access point for the OSU ESS and the production ESS over different wireless channels, the different wireless channels having the power levels greater than the power level of the near field signals.
  - 12. The method of claim 7 further comprising determining the device to be within the near field range if a corresponding user input to a human-machine interface (HMI) included on the access point is received proximate in time to the access point conducting a proximity test for the device.
  - 13. The method of claim 1 further comprising instructing the device and/or the access point to facilitate:
    - exchange of Extensible Authentication Protocol Transport Layer Security (EAP-TLS) messaging between the device and the AAA server via the access point and the production ESS, the EAP-TLS messaging transporting the credential from the device through the production ESS to the AAA server for purposes of performing the authentication; and
      
      transmission of a second identifier with the EAP-TLS messaging, the second identifier sufficient for uniquely identifying the access point to the AAA server for purposes of performing the authentication.
  - 14. The method of claim 1 further comprising facilitating installation of the subscription construct within an Internet browser of the device, the subscription construct acting as a token/cookie sufficient to enable zero sign-on (ZSO) access to online services over the Internet as at least part of the network access via the production ESS.

15. A non-transitory computer-readable medium comprising a plurality of instructions operable with a processor of an online signup (OSU) server and sufficient for facilitating connection of a device to a wireless access point having a local area network (LAN) interface and a wide area network (WAN) interface, the LAN interface being configured to facilitate wireless signaling with the device and the WAN interface being configured to facilitate signaling associated with providing the device network access, the wireless access point providing an online signup (OSU) extended service set (ESS) and a production ESS via the LAN interface, the OSU ESS sufficient for establishing wireless signaling between the device and OSU server for the purposes of completing an OSU operation and the production ESS sufficient for establishing wireless signaling between the device and the access point for the purposes of providing network access, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting network access, the non-transitory computer-readable medium comprising instructions sufficient for:
- receiving an OSU request from the device via the OSU ESS, the OSU request indicating a desire of the device to undertake the OSU operation in order to receive a credential and a selection policy from the OSU server, the AAA server requiring the credential prior to issuing the authentication to the access point, the selection policy at least partially provisioning the device to connect to the production ESS;
  
  determining an in-home status for the device while undertaking the OSU operation, the in-home status being one of a first state and a second state, the first state indicating the device to be within a near field range of the access point associated with the OSU request and the second state indicating the device to be either beyond the near field range or indicating a position of the device relative to the access point associated with the OSU request being unknown; and
  
  providing the credential and the selection policy to the device upon receipt of an identification if the second state is determined and without receipt of the identification if the first state is determined, the identification being determined from a user input to the device as part of the OSU operation.
- View Dependent Claims (16, 17)
- - 16. The non-transitory computer-readable medium of claim 15 further comprising instructions sufficient for determining the in-home status as a function of an OSU tag added by the access point as a supplemental data message to Transport Layer Security (TLS) messages exchanged between the device and the OSU server via the OSU ESS.
  - 17. The non-transitory computer-readable medium of claim 15 further comprising instructions sufficient for providing an authentication cookie to the device as part of the OSU operation, the authentication cookie being suitable for use with an Internet browser of the device to enable zero sign-on (ZSO) access to online services accessed over the Internet via the production ESS.

18. A non-transitory computer-readable medium comprising a plurality of instructions operable with a processor to facilitate automatically provisioning a device to wirelessly connect to an access point, the plurality of instructions being sufficient for:
- advertising an online signup (OSU) extended service set (ESS) and a production ESS from the access point, the OSU ESS sufficient for facilitating wireless signaling independently of the production ESS between the device and the access point for purposes of providing limited network access necessary for completing an OSU operation with an OSU server located upstream from the access point, the production ESS sufficient for facilitating wireless signaling independently of the OSU ESS between the device and the access point for purposes of providing essentially unlimited network access to a network upstream from the access point, the limited network access being characterized by the device being unable to communicate with servers other than necessary for communication with the OSU server and the unlimited network access being characterized by the device being able to communicate with servers other than the OSU server, the access point requiring an authentication for the device from an Authentication, Authorization and Accounting (AAA) server prior to granting the unlimited network access; and
  
  while the device is connected to the OSU ESS and unconnected to the production ESS;
  
  i) facilitating determination of a service provider (SP) associated with the device;
  
  ii) facilitating transmission of an OSU request from the device to the OSU server associated with the service provider for purposes of conducting the OSU operation, including facilitating delivery of a credential and a selection policy from the OSU server to the device through the access point and the production ESS following successful completion of the OSU operation, the AAA server requiring the credential prior to issuing the authentication to the access point, the selection policy at least partially provisioning the device to subsequently disconnect from the OSU ESS and then connect to the production ESS for purposes of providing the unlimited network access to the network; and
  
  facilitating use of a subscription construct for purposes of authorizing entitlements associated with the device.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18 further comprising instructions sufficient for:
    - instructing the device and/or the access point to generate the subscription construct by including a first access point identifier within messaging communicated from the device to the OSU server through the access point and the OSU ESS, the first access point identifier being sufficient for uniquely identifying the access point to the OSU server for purposes of enabling the OSU server to facilitate authorizing entitlements based at least in part on the access point associated with the first access point identifier; and
      
      instructing the device and/or the access point to generate the subscription construct to include a proximity value for indicating whether the device is within a near field range of the access point.
  - 20. The non-transitory computer-readable medium of claim 18 further comprising instructions sufficient for:
    - instructing the device and/or the access point to determine the device to be within the near field range using near field signals exchanged between the device and the access point independently of the OSU ESS and the production ESS;
      
      instructing the device and the access point to exchange the near field signals at a power level less than power levels associated with the OSU ESS and the production ESS such that the near field signals travel a shorter distance than related wireless signals transmitted from the access point for the OSU ESS and the production ESS; and
      
      instructing the access point to facilitate the wireless signals transmitted from the access point for the OSU ESS and the production ESS over different wireless channels, the different wireless channels having the power levels greater than the power level of the near field signals.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cable Television Laboratories Incorporated
Original Assignee
Cable Television Laboratories Incorporated
Inventors
Hoggan, Stuart
Primary Examiner(s)
NGUYEN, THU HA T

Application Number

US14/459,909
Publication Number

US 20150264051A1
Time in Patent Office

1,167 Days
Field of Search

726 1- 5
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04W 12/065   Continuous authentication

H04W 12/069   using certificates or pre-s...

Automated wireless device provisioning and authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated wireless device provisioning and authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links