APPARATUS, METHOD AND MEDIA READABLE BY NON-TRANSITIONAL COMPUTER

专利摘要:
device, method and non-transitory computer-readable means at least one network access point transmits a beacon transmission. a user device that receives the same determines that it does not have the necessary credentials to join a secure network access point from at least one network access point, and thus forms a preliminary association with at least one access point the net. during the preliminary association, the user device receives or creates credentials necessary to associate with the secure network access point, and then forms an association with the secure network access point using the credentials received or created and obtains internet connectivity via through the secure network access point. in one embodiment, there is an insecure network access point that transmits a beacon using the same ssid as the secure network access point, and the preliminary association is with the insecure network access point. in another embodiment, there is only one access point to the secure network.
公开号:BR112013006256A2
申请号:R112013006256-8
申请日:2011-09-12
公开日:2020-05-26
发明作者:Bajko Gabor；Patil Basavaraj
申请人:Nokia Corporation；
IPC主号:

专利说明:

APPARATUS, METHOD AND MEDIA LEGIBLE BY NON-TRANSITIONAL COMPUTER
CROSS REFERENCE TO RELATED ORDERS:
This application claims priority under 35 USC 119 (e) of the United States Provisional Patent Application with serial number 61 / 383,475, filed on September 16, 2010. This priority application is hereby incorporated by reference in its entirety .
TECHNICAL FIELD:
Exemplary and non-limiting embodiments of this invention relate, in general, to wireless communication systems, methods, equipment and computer programs and, more specifically, relate to wi-fi hotspot networks and the ability to authenticate with providers services that operate such networks.
BACKGROUND
This section is intended to provide a background or context for the invention that is recited in the claims. The present description may include concepts that can be implemented, but are not necessarily those that were previously designed, implemented or described. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims of this application and is not admitted to be prior art by inclusion in the present section.
Wi-Fi is a registered trademark of the Wi-Fi Alliance and is associated with several products that belong to a class of wireless local area network (WLAN) devices based on IEEE 802.11 standards. The term Wi-Fi is often found to be used as a synonym for IEEE 802.11 technology.
Public Wi-Fi hotspot networks are widely used today in many environments, such as hotels,
2/28 restaurants, cafes, airports, shopping malls and public / private offices. Internet access through these hotspot networks requires that the user wants to have a subscription with the operator of the hotspot network or some type of roaming arrangement.
Currently, there is an ongoing industry forum effort known as hotspot 2.0 that aims to simplify the process of accessing public Wi-Fi hotspot networks.
Currently, there are two main types of public Wi-Fi network implementations:
- open networks, where the device can freely join the network, but does not gain access to the Internet until it opens a browser and provides credentials, and
- enabled RSN networks, which require credentials to join. Robust Secure Network - Robust Security Network (RSN) is an element of IEEE 802.1 li authentication and encryption algorithms to be used for communication between wireless access points (WAPs) and wireless clients.
The public open Wi-Fi hotspot networks that are currently deployed are generally operated by ISPs (Internet Service Providers), cellular operators, or by a business establishment itself. These networks typically require a paid subscription or can be offered as part of a cellular data plan or purchase access for a specific period of time. Such Wi-Fi-Hotspot networks often use a technology called captive portals through which users can provide their credentials to access the network or purchase access. The captive portal-based approach requires the user to open a web browser that is then redirected to a portal that is managed by the operator of the hotspot network. This portal provides information about the different data plans that can be purchased. If the
3/28 user has a subscription with the operator, the portal provides a way for the user to enter the assigned credentials and then gain access to the Internet. The user's device does not have Internet connectivity (other than the captive portal) until authentication is performed. The Wi-Fi access point allows the user's device to associate with the Wi-Fi access point (AP) and assign the device an IP address. However, connectivity to the Internet beyond the captive portal is blocked until the authenticated user uses the credentials that are designated as part of a subscription, or the user purchases access for a period of time. This approach is widely implemented and works well given the types of applications and services used.
In hotspot-enabled RSN networks, the approach of redirecting captive portal is not possible to use, since RSN-enabled networks require the device to authenticate using 802.lx, and authentication is performed before the device is assigned to a IP address. Thus, there is no way for the device to be redirected to a portal page. If the device does not have the necessary credentials and the ability to authenticate using the 802.lx protocol, the device is not able to use the Wi-Fi hotspot network. 802.lx is a security protocol, specified by the IEEE for extensible authentication protocol authentication - Extensible Authentication Protocol (ΕΑΡ) (802.IX ™, IEEE standard for local and metropolitan networks, port-based network access control -based Network Access Control, December 13, 2004, incorporated herein by reference).
In general, using 802.lx to authenticate with a Wi-Fi hotspot-enabled RSN network provides a better user experience, as the user does not have to open a
4/28 browser and provide credentials. There is no manual intervention required to obtain Internet connectivity through a hotspot network.
The 802.Ix-based approach works well when the user of the device has credentials that are valid on a free Wi-Fi network. However, given the large number of Wi-Fi hotspot operators that operate such networks, the user may not have credentials when roaming or at a particular location. It should be possible, even on networks that use 802.Ix-enabled RSN-based authentication mechanisms, to provide the user with the opportunity to purchase a subscription. Hotspot Wi-Fi network operators can generate revenue by ensuring that they provide service, not only to users who have subscriptions, but to anyone who may want to use the network. The hotspot operator may therefore have a financial interest in offering the possibility to purchase a subscription to access the network.
The Wi-Fi Alliance Hotspot 2.0 working group is focused on developing solutions that allow continuous access to Wi-Fi HS2.0 networks, simplifying access authentication procedures. Providing online enrollment capabilities for RSN networks is a topic of discussion.
SUMMARY:
In a first exemplary aspect of the exemplary embodiments is an apparatus which - comprises at least one processor and at least one memory, including the computer program code. In this regard, at least one memory with the computer program code is configured with at least one processor to make the device at least: receive at least one transmission beacon from at least one network access point, in response determination that the device does not have the necessary credentials to
-----. _ ____ 5/28. ____. _J -___________ connect with a secure network access point from at least one network access point, form a preliminary association with at least one network access point, during preliminary association, receive or create credentials necessary to associate with the secure network access point, and form an association with the secure network access point using the credentials received or created and obtain connectivity to the Internet through the secure network access point.
In a second exemplary aspect of the exemplary embodiments, there is a method comprising: receiving a user device from at least one transmission beacon from at least one network access point, in response to the determination that the user device does not have the credentials required to connect with a secure network access point from at least one network access point, form a preliminary association with at least one network access point, during preliminary association, the user device that receives or creates the credentials required to associate with the secure network access point, and forming an association between the user's device and the secure network access point using the credentials received or created and obtain connectivity to the Internet through the Internet access point secure network.
In a third exemplary aspect of the exemplary embodiments is a non-transitory, computer readable medium, which includes computer program instructions. In this regard, the execution of instructions by at least one data processor results in performance of operations, which comprises: the reception of a user device from at least one transmission beacon from at least one network access point, in response determining that the user device does not have the necessary credentials to connect to a secure network access point from at least one access point
6/28 network access, form a preliminary association with at least one network access point, during the preliminary association, the user device that receives or creates the necessary credentials to associate with the network access point secure, and form an association between the user's device and the secure network access point using the credentials received or created and obtain connectivity to the Internet through the secure network access point.
In a fourth exemplary aspect of the exemplary embodiments is an apparatus comprising at least one processor and at least one memory, including the computer program code. In this fourth aspect, at least one memory with the computer program code is configured with at least one processor to make the device at least: send at least one transmission beacon comprising a service setting identifier, and provide registration service for a secure network access point operating with the same 20 service set identifier as the device.
In a fifth exemplary aspect of the exemplary embodiments, there is a method which comprises: sending from an access point to the non-robust security network RSN network at least one beacon transmission comprising a service adjustment identifier, and the security network RSN network access point - non-robust security providing subscription service to a secure network access point operating with the same service setting identifier as the security network RSN network access point no 30 robust.
In a sixth exemplary aspect of the exemplary embodiments is a non-transitory, computer readable medium, which includes computer program instructions.
In this respect, executing instructions on at least one data processor results in the performance of operations comprising: sending from an access point to the non-robust security network RSN network of at least one beacon transmission comprising an service tuning and the non-robust security network RSN network access point providing subscription services to a secure network access point operating with the same service adjustment identifier as the network RSN network access point not robust security.
In a seventh exemplary aspect of the exemplary embodiments is an apparatus comprising at least one processor and at least one memory, including the computer program code. In this seventh aspect, at least one memory with the computer program code is configured with at least one processor to make the device at least: transmit at least one beacon transmission; provide an enrollment network access identifier NAI for a user device, while the user's device is in a state pre-associated with the device; receiving a membership request from the user's device that includes the access network access identifier NAI, and granting the limited user's device access to a network for credential creation purposes.
In an eighth exemplary aspect of the exemplary embodiments, there is a method comprising: transmitting at least one beacon transmission, providing an NAI access identifier to the enrollment network to a user device, while the user device is in a pre-associated state; receive a membership request from the user device that includes the enrollment network access identifier NAI, and grant access to the user device limited to a network for
-8- / 28 purposes for creating credentials.
In a ninth exemplary aspect of the exemplary embodiments is a non-transitory, computer readable medium, which includes computer program instructions. In this regard, the execution of instructions by at least one data processor results in performance of operations, which comprise: transmission of at least one beacon transmission, providing an NAI identifier for accessing the enrollment network to a user device, while the user device is in a pre-associated state; receive a membership request from the user's device that includes the enrollment network access identifier NAI, and grant limited user device access to a network for credential creation purposes.
BRIEF DESCRIPTION OF THE DRAWINGS In figures in the accompanying drawings: THE Figure 1 shows a block diagram simplified of various electronic devices that are
suitable for use in the practice of exemplary embodiments of the present invention.
Figure 2 is a diagram of the interaction between a station, an access point and a portal server in accordance with a first embodiment of the present invention.
Figure 3 is a diagram of the interaction between the station, the access point and the portal server - in accordance with a second embodiment of the present invention.
Figure 4 is a flow diagram that illustrates logic from the perspective of a user device, the operation of a method, and a result of executing computer program instructions contained in computer-readable memory, in accordance with at
- 9 / -28 exemplary embodiments of the present invention.
Figures 5-1 and 5-2 are flow diagrams that illustrate the logic from the point of view of the respective open / secure access network, the operation of a method, and a result of executing computer program instructions contained in memory computer readable, in accordance with the exemplary embodiments of the present invention.
DETAILED DESCRIPTION
Based on the previous discussion, it should be noted that a problem that exists is that, currently, there is no method by which a user can purchase a subscription on an enabled RSN network. Simply put, the user cannot access the network, as the user does not have the appropriate network credentials, and the user cannot create or purchase the appropriate network credentials because the user does not have access to the network. Current practices involve distributing a paper password to event participants, allowing them to access the network with that password (all with the same code, known as WPA_personal in WFA), or generating a separate signal for each individual, which referred to as WPAEnterprise by WFA, and using traditional methods of distribution (eg, email). Neither of these methods allows for the creation of an account on the fly, as they require the potential user to either register for the event, or contact an administrator in person, etc.
Exemplary embodiments of this invention address and solve these and other problems by providing a method to enable online enrollment capabilities for users on the go to enabled RSN hotspot networks.
Exemplary embodiments of this invention relate at least in part to HS2.0 Wi-Fi networks, and
- 10/28 provide an ability to dynamically create a subscription with a hotspot network operator.
Before describing in detail the exemplary embodiments of the present invention, reference is made to Figure 1, to illustrate a simplified block diagram of various electronic devices and apparatus that are suitable for use in the practice of the exemplary embodiments of the present invention. In Figure 1, a Wi-Fi network is adapted for communication via a wireless connection 11 with an apparatus, such as a mobile communication device, which can be referred to here as a station (STA), or as a communication device. user (UD) 10, through a network access node or point. In Figure 1, two network access points (NWAPs) are shown, where one represents an enabled RSN network 12 and the other, an open network 12 '(a non-enabled RSN network). At least the NWAP enabled RSN (hotspot) 12 provides access to one or more data communication networks (for example, the Internet). The UD 10 includes a controller, such as at least a computer or a data processor (DP) 10A, at least one non-transient, computer-readable memory medium incorporated as a 10B (MEM) memory that stores an instruction program (PROG) 10C, and at least one suitable radio frequency (RF) transceiver (transmitter and receiver) 10D for bidirectional wireless communications with access network nodes or points 12, 12 ¹ via one or more antennas . The NWAP 12 also includes a controller, such as at least a computer or a data processor (DP) 12A, at least one computer-readable memory medium incorporated as a 12B (MEM) memory that stores an instruction program. computer (PROG) 12C and at least one suitable RF transceiver (transmitter and receiver) 12D for communication with UD 10 via a
11/28 or more antennas. NWAP 12 'perhaps assumed to be similarly constructed to include a controller, such as at least a computer or a data processor (DP) 12A', at least a computer-readable memory medium incorporated as a memory ( MEM) 12B 'which stores a computer instruction program (PROG) 12C, and at least one suitable RF transceiver (transmitter and receiver) 12D for communication with UD 10 via one or more antennas.
It should be noted that while NWAP RSN enabled 12 and open NWAP (non-RSN enabled) 12 'are shown as two different access points, in practice, the functionality of both can be co-located within a gateway system. hardware / software access.
For the purpose of describing exemplary embodiments of the present invention, UD 10 can be assumed to also include a browser 10E, a credential store 10F and a connection manager (CM) 10G. Although shown in Figure 1 as separate elements, in practice, the 10E browser and a 10G link manager can form a part of the 10C software program, and 10F credential storage can be implemented as one of one or more storage locations on memory 10B. NWAP RSN enabled 12 and open NWAP (RSN not enabled) 12 'can include a portal page 12E, 12E', or have access to a server where the web portal page is hosted.
It should be noted that the UD 10 may include a specialized WLAN integrated circuit or chip or module that incorporates all or at least some of the functions necessary for WLAN connectivity and operations.
At least one of the 10C and 12C progs is assumed to include the program instructions which, when executed by .12 / 28
Associated DP, allow the device to operate according to the exemplary embodiments of the present invention, as will be discussed in more detail below. That is, the exemplary embodiments of the present invention can be implemented, at least in part, by computer software executable by DP 10A of UD 10 and / or DP 12A of NWAP 12, or via hardware, or by a combination of software and hardware (and firmware).
In general, the various embodiments of UD 10 may include, but are not limited to, personal digital assistants (PDAs) with wireless communication capabilities, portable computers with wireless communication capabilities, image capture devices such as digital cameras with wireless communication capabilities, gaming devices with wireless communication capabilities, music storage and playback devices with wireless communication capabilities, Internet devices that allow wireless Internet access and navigation, cell phones with Wi-Fi capability, as well as portable units or terminals that incorporate combinations of such functions.
Computer-readable MEMs 10B and 12B perhaps of any type appropriate for the local technical environment and can be implemented using any suitable data storage technology, such as semiconductor-based memory devices, random access memory, read-only memory , - programmable read-only memory, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. PD 10A and 12A can be of any type appropriate for the local technical environment, which may include one or more general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and
-13 / 28processors based on multi-core architectures, as non-limiting examples.
In accordance with the exemplary embodiments of the present invention, several solutions are provided for online registration of UD 10, as well as a simplified credential generation mechanism (without transparency for the user).
In a first embodiment (see also Figure 2), for an occurrence of the enabled RSN network 12, the corresponding (ie, open) 12 'non-enabled RSN network is also provided. The 12 'open network provides at least online subscription capacity for UD 10, and would normally not provide access to the Internet or any other service.
The procedure works as follows. The open 12 'network makes public in its capabilities (for example, a newly defined capacity, or a supplier-specific capacity) that provides only an online registration service for creating credentials for use with the RSN network 12 (with the same SSID). As is well known, the service tuning identifier, or SSID, is a name that identifies a particular wireless LAN 802.11. A client device receives broadcast messages from all access points within the range announcing its SSIDs. The client device can then manually or automatically, based on the configuration, select the network with which it is associated. The SSID can be up to 32 characters long.
When UD 10 performs a network discovery and selection (NDS) and finds both open network 12'and enabled RSN network 12, with the same SSID, it checks first if it has valid credentials with the enabled RSN network 12 If UD 10 determines that it does not have the appropriate RSN credentials enabled, it detects the capacity of the open network 12 'with the same SSID. If the capacity of the
14/28 12 indicates that it supports only the registration procedure, the UD 10 associated with the open network 12 ', opens the browser 10E and generates some (for example simulated) HTTP traffic (for example, through an http request to some IP address, such as dummyhomepage.net). The open network NWAP 12 'redirects HTTP traffic to the portal page 12E (and offers its certificate to UD 10 in a conventional manner). After the terminal authenticates the portal page using the credential provided, on the portal page 12E of the UD 10 the fee plan is offered and asked to choose one and enter billing information (for example, credit card). UD 10 can also be offered the possibility to create credentials for the user, or have the 12E portal pages creating credentials (see credential creation below).
When the 10E browser receives the credentials, it can temporarily store them in the 12F credential store and initiate a decoupling message (for example, using the application programming interfaces (APIs) of a wireless chip available through a line interface. command). The UD device 10 then initiates a connection message to the enabled RSN network 12 specifying the SSID for which the credentials were newly created (for example, via the WLAN chip's command line interface). Alternatively, if the SSID is not specified, UD 10 can start a new NDS procedure, find the SSID for which the credentials were created, and connect to it. When prompted for credentials, the 10G connection manager in UD 10 provides the newly created credentials. After authentication is successful, the 10G connection manager will consider the verified credentials and update its state accordingly in the 10F credential store.
In the event that credentials are not operable or
15/28 valid, or they have expired, authentication will not be successful. Instead of providing an error message to the user, UD 10 can instead automatically re-associate with NWAP open 12 'with the same SSID, generate 5 http traffic to be redirected to the 12E portal pages , which in turn displays what step (s) the user should take next (for example, displaying a help desk phone number), when UD 10 (with its unique MAC address) is attempted to create credentials , but 10 was not successful for some reason.
Referring now more specifically to the exemplary interaction diagram of Figure 2, in 2A, a beacon: SSID X, Open, Online Description is only received from the open NWAP 12 '. In 2B, a Beacon: SSID X, enabled RSN is received. Note that the order of receiving the beacons in 2A and 2B can be reversed in some situations. Since 2A indicates online registration only (that is, no internet access, in addition to the page / page registration is provided), UD10 continues to look for a network that provides access to the internet. In response to a determination that the host (UD 10) does not have credentials to attach via RSNhabilitated AP, an Associate (SSID X, Open) is sent to NWAP 12 'for account creation purposes. The UD 10 starts the browser 10E, and in 2D it sends an HTTP Req to NWAP 12 '25 (this is the simulated http traffic mentioned above). In 2E, ________UD 10 receives, in.response.a HTTP response (redirect), _ and in 2F, an HTTPS connection to the 12E portal page is established, by means of which UD 10 authenticates the network and that is provided with the required credentials, since 3 0 provides payment information. In 2F, UD 10 sends the decouple (SSID X, Open) to NWAP 12 *. In 2H, UD 10 sends an Associate (SSID X, RSN-enabled) and authenticates with NWAP enabled RSN 12, using the credentials provided by the
16/28 12E web portal enrollment server during HTTPS 2F connection. Note that, in both 2G and 2H, SSID X is the same SSID received in 2A and 2B. At 21, UD 10 becomes connected to the Internet, in addition to the registration page or pages via enabled NWAP RSN 12, and the credentials received during the HTTPS connection in 2F can be saved in the 10F credential store for later use.
In a second embodiment (see also Figure 3), when there is an RSN 12-enabled network for which UD 10 does not have credentials, UD 10 first checks the capacity of the RSN-enabled network 12. If the ability to enroll online is supported (as currently defined in 802.llu, table 7-43bo), in accordance with an exemplary aspect of this invention, the enabled RSN network 12 offers a special subscription network access identifier (NAI, for example, see RFC4282 ) in a pre-associated state. Such NAI can be defined in 802. llu table 7-43bn, or it could be defined as a query protocol to an element of the vendor-specific list of the access network query protocol (ANQP), such that when the ability to online registration is supported by the enabled RSN network 12, the registration NAI must be provided. The UD 10 can then be used, for example, ANQP (defined in 802.llu) with, for example, newly defined information name to request the enrollment NAI from the activated RSN network 12, while in the pre state -associated. When this.enrollment NAI is received, UD 10 uses this NAI as its Extensible Authentication Protocol Identity (EAP), during the 802.1x authentication procedure. When the enabled RSN network 12 receives an EAP Response Identity message from UD 10 with the enrollment NAI as the user's identity, the enabled RSN network 12 will know that the user wants to enroll. In this case, authentication
17/28 is on the server side only and the enabled RSN network 12 should not ask for the user's credentials (this is the purpose of this being defined enrollment NAI, since the user has no credentials). Once UD 10 successfully authenticates the enabled RSN network 12 and membership is established (with session keys generated 802.Ix), UD 10 starts browser 10E and generates some (for example, simulated) HTTP traffic. The enabled RSN network 12 will redirect http traffic to your 12E portal page. Note that, although link layer security is enabled, this embodiment assumes that portal page 12 presents a certificate to UD10 and an HTTPS (secure HTTP) connection is created in order to prevent the RSN network enabled 12 see the credentials that the user has generated or that are provided with the portal page. The user is then offered the rate plan and order to choose one and enter billing information. The user can also be offered the possibility to create credentials for the user or have portal page 12 to create credentials (see below for credential creation). When the 10E browser receives the credentials it can temporarily store them in the 10F credential store, initiate the decoupling message and then initiate a connection message to the enabled RSN network 12 specifying the SSID for which the credentials were created. When the enabled RSN network 12 sends an EAP-identity request, UD 10 provides the created identity (part of the newly created set of credentials), not the enrollment NAI.
Referring now more specifically to the exemplary interaction diagram of Figure 3, in 3A, UD 10 receives from the NWAP of activated RSN 12 a Beacon: SSID X, RSNativada, with the support of online registration being indicated. In the event that the host (UD 10) is found not to have ______ __ 18/28 _____________ the necessary credentials, a determination is made to use the enrollment NAI. In 3B, UD 10 sends a pre-associated status request to the enrollment NAI, and in 3C, receives the enrollment NAI (in the pre-associated state) from NWAP RSN enabled 12. In 3D, ouUD 10 and NWAP RSNabled 12 associated (using server-side authentication only). 0 UD 10 then starts the browser
10E. In 3E, the HTTP Req is sent (simulated HTTP traffic) and in 3F, the NWAP 12 sends the HTTP Resp (redirect). In 3F, UD 10 receives in response an HTTP Resp (redirect), and in 3G an HTTPS connection to the 12E portal page is established, according to which ÜD 10 authenticates the portal page and generates or provides credentials needed. In 3H, UD 10 sends the Dissociate (SSID X, RSN-Enabled, SU-NAI), and in 31, UD 10 sends an Associate (SSID X, RSN-enabled) and authenticates with NWAP RSN enabled 12, using the credentials provided by the portal's 12E enrollment server during the HTTPS 3G connection. In 3J, UD 10 becomes connected to the Internet via NWN 12 enabled RSN, and the credentials received during the HTTPS connection over 3G can be saved in the 10F credential store for later use.
Now described is the credential creation procedure. There are two types of credentials that can be created online for users on the go: username / password and certificate. These can be ..permanent or limited time (for example, a voucher). If they are permanent, there is probably a credit line associated with the credential. When the credit line expires, the user will have to purchase additional credits to use the credentials.
A client certificate is generated by software, but a username / password can also be generated by the user. However, there is no reason to impose that the user
19/28 enter a username / password. The software can also generate random strings, both for user / password, as in hotspor 2.0, one of the requirements is that UD 10 must not ask the user to enter credentials. That is, these credentials are not for the user, but for the consumption of the device.
Therefore, still according to the exemplary embodiments, when the user is redirected to a portal page (12, 12 '), the portal page must have an option for the user to select the generation of manual or automatic credential, with the default value is automatic credential generation (regardless of whether the network requires a username / password or a certificate as the credential). With automatic generation of credentials, the portal page 12, 12 'generates the necessary credentials (either a username / password or a client certificate) and provides the credentials
generated for the UD 10. One turn what The UD 10 receives at credentials what stores the same at the storage in credentials 12F and use them when required. From the UD 10
automatically provides the credentials for NWAP 12, 12, the user does not need to be aware of the credentials. Thus, credentials need not be in a readable format. In addition, the user does not need to know the type of credentials that are received, (whether it is a username / password or a client certificate).
On the UD 10 side, the implementation of exemplary embodiments can be a part of the 10G connection manager client or daemon. When the UD 10 notes the availability of the HS2.0 12 enabled RSN Wi-Fi hotspot network, and recognizes that it does not have the credentials for use with that network, it can provide the logic and user interface improvements that allow the user to buy network access.
There are a number of advantages and technical effects that
20/28 can be obtained by using exemplary embodiments. For example, its use provides a method by which an end user / consumer can purchase access to an HS2.0 enabled RSN hotspot Wi-Fi network. In addition, for example, the use of exemplary embodiments satisfies a commercial interest of a Wi-Fi hotspot operator to provide the capacity, through which subscriptions can be purchased by anyone in the vicinity of said network. In addition, exemplary embodiments provide a secure means by which payment information and credentials are exchanged. In addition, exemplary embodiments can be implemented through the use of pre-existing protocols. These protocols are implemented in most 10 UDs, and no improvement to the 10G connection manager protocols and / or software is required.
Based on the foregoing, it should be apparent that the exemplary embodiments of the present invention provide a method, apparatus and program or computer programs to allow connection with various types of local types of wireless communications devices and stations and terminals, such as those that conform to the IEEE 802 types of communication systems.
Figure 4 is a flow diagram illustrating UD 10's point of view logic, the operation of a method, and a result of executing computer program instructions, according to the exemplary embodiments of the present invention. According to these exemplary embodiments, a method performs, in Block 4A, a step of receiving a user device from at least one beacon transmission from at least one access point to the network. In one embodiment, a first beacon transmission is received from an unsecured network access point indicating RSN signature only and a second is also received
21/28 beacon from a secure access point, where the first and second beacons comprise the same service adjustment identifier. In another embodiment, only a beacon is received from the access point to the secure network. In response to a determination in block 4A that the user device does not have the necessary credentials to attach with the secure network access point, in block 4B a step of forming a preliminary association with a network access point safe and non-secure according to the different embodiments mentioned above. For example, in one of these embodiments, the first UD 10 receives a subscription NAI from the RSN access point during a state pre-associated with it before performing the preliminary association of block 4B with the RSN access point. In Block 4C, there is a step of sending http traffic to the associated access point in block 4B. As mentioned above, this http traffic can be simulated traffic or regular (true) traffic. In Block 4D, there is a step to be redirected to, and to form a secure http link to a portal page. In block 4E, there is a step for the user's device to authenticate the portal page and receive the portal page credentials necessary to associate with the secure network access point. Alternatively, the user's device can create credentials as also stated in block 4E. In Block 4F, there is a stage of termination of the preliminary association - and in block 4G, there is a stage of forming an association with the secure network access point using the credentials received and obtaining an Internet connection through the access point to secure network.
The method as in Figure 4, in which the first beacon in block 4A is received from the unprotected access point, which is a non-RSN network access point that announces subscription-only enabled capability, and in which the “22/28 secure network access point is a different enabled RSN access point. In another embodiment, the access points to the secure and non-secure network are incorporated into the same physical node that operates functionally in a secure network and an unsecured network, respectively.
The method of the previous paragraph, whenever the user device forms the preliminary association in block 4B with the enabled non-RSN network access point, sends (for example, simulated) HTTP traffic to the non-network access point -RSN enabled, ends the preliminary association with the enabled non-RSN access point, and makes the association with the enabled RSN access point using the received credentials.
The method as in Figure 4, where the beacon is received from an enabled robust security network (RSN) access point that provides connectivity to the Internet, the beacon that indicates that the enabled RSN network access point supports a capability enrollment to the user's device and further comprising sending a request for a network enrollment access identifier (NAI), in a pre-associated state of the user's device, to the RSN enabled network access point; receive the requested registration NAI and, using the authentication server side, associate with the enabled RSN access point.
The method of the previous paragraph, whenever the device sends the user (for example, simulated) HTTP traffic to the network enabled RSN access point, ends the preliminary association in block 4F that used the enrollment NAI with the access point. RSN network access enabled, and forms the association with the network access point using the credentials received.
The method in Figure 4 and any of the previous ______________ 23/28 ________ paragraphs, where when connected to the portal page, a user is enabled to select manual or automatic credential generation.
The method of the previous paragraph, always with automatic credential generation, the portal page 12 generates credentials such as anyone and username / password or a client certificate and provides the generated credentials for the user's device, which stores and automatically provides credentials for the enabled RSN network access point without requiring the user to be aware of the content of the credentials. Or in one embodiment, the user can enter the credentials generated manually.
Figure 5-1 is a logic flow diagram that illustrates from the perspective of the non-RSN 12 'AP, the operation of a method, and a result of executing computer program instructions, in accordance with the exemplary embodiments of present invention. According to these exemplary embodiments, a method performs, in block 5 A, the step of sending a network access point (non-RSN) of at least one transmission comprising a service identifier, and in block 5B (non- RSN), network access point providing subscription service to a secure network access point operating with the same service adjustment identifier. In one embodiment, the transmission of at least one beacon also includes a capacity indication that indicates that the access point_ to the non-RSN network is capable of RSN enrollment only.
Registration can, in an exemplary embodiment, proceed as follows. In block 5C, there is a step for the non-RSN access point to associate with the user's device, such as to accept an association request from the user device, and in block 5D, there is a step for the non-RSN access point. -RSN receive http traffic from
24/2 8 user device. As above, this http traffic can be simulated traffic or any type of traffic. In block 5E, there is a step of redirecting traffic to a portal page, and for a specific embodiment in step 5F, there is a step of forming a secure HTTP connection with the user's device to establish credentials by which the device user can access the secure network access point. In block 5G, there is an alternative in a device user authentication step with page 10 of the portal, in which the user's device creates the credentials. In Block 5H, there is another alternative in a step of authenticating the user's device with the portal page, in which the credentials necessary to associate with the secure access point (RSN) are sent from the portal's page 15 to the user’s device. There may be a preliminary association with the insecure access point, as mentioned above following the description in Figure 4.
And, at block 51, there is a step for the non-RSN access point to disassociate from the user device.
0 Figure 5-2 is a flow diagram that illustrates the logic from the point of view of the AP RSN 12, the operation of a method, and a result of executing computer program instructions, in accordance with the exemplary embodiments of the present invention. The RSN access node 25 can be co-located with the non-RSN access node as ------- both being incorporated into the same node, but performing distinctly different functions. In Block 5 J, the RSN access node transmits at least one beacon transmission and, in block 5K, in this particular embodiment, there is the step of the RSN access point 30 to provide an enrollment NAI to the user's device, while the user is in a state pre-associated with the RSN access point. In block 5L, there is the step of receiving from the user device of
25/28 an association request, which includes the enrollment NAI, and in block 5M, there is a step of granting the user's device (limited) access to the network for the purposes of creating credentials. Blocks 5D to 5H in Figure 5-2 are the same, as described above for the same blocks in Figure 5-1. Then, the RSN access point ends in block 5N, the preliminary association that was granted in block 5M, and forms in block 50 an association with the user device with the credentials and grants internet connectivity to the user device, through the RSN access point.
Exemplary embodiments also include a non-transitory computer-readable medium containing the computer program instructions, in which the execution of the software program instructions, at least one data processor results in performance of operations that comprise the execution of the steps of the process of Figures 4 and 5-1 and 5-2 and the respective several previous paragraphs.
The various blocks shown in Figures 4, 5-1 and 5-2 can thus be seen as steps in the method, and / or as operations that result from the operation of computer program code, and / or as a plurality of logic elements of coupled circuits built to perform the function or associated functions.
Exemplary embodiments also concern an apparatus comprising a processor and a memory, including computer program code. The memory-and the computer program code are configured to, with the processor, make the device receive at least one user device from at least one transmission beacon from at least one network access point, and in response a determination that the user device does not have the necessary credentials to attach to the network access point, to form a preliminary association with the point of _2.6_ / 2.8.
network access, to send (for example, simulated) traffic from http to the network access point and in response to what is being redirected to, and form a secure http connection to, a portal page, to authenticate the user's device with the portal page and receive the portal page credentials required to associate with the network access point. Ά memory and computer program code are further configured, with the processor, to terminate the preliminary association with the network access point and in order to form an association with the network access point, using the credentials received so obtain an Internet connection through the network access point.
In general, the various exemplary embodiments can be implemented in special purpose hardware or circuits, software, logic, chip sets, for example, a WLA chip set or chip sets, or any combination thereof. For example, some aspects can be implemented in hardware, while other aspects can be implemented in firmware or software that can be executed by a controller, microprocessor or other computing device, although the invention is not limited to them. Although various aspects of the exemplary embodiments of the present invention can be illustrated and described as block diagrams, flowcharts, or using some other pictorial representation, it is well understood that these blocks, devices, systems, techniques and methods described in this document can be be implemented in, as non-limiting examples, hardware, software, firmware, special-purpose circuits or logic, general-purpose hardware or controller or other computing devices, or some combination of these.
It should therefore be appreciated that at least some _________________________ 27/28 ./.·. ;
aspects of the exemplary embodiments of the invention can be practiced on various components, such as integrated circuit chips and modules, and that the exemplary embodiments of the present invention can be performed on an apparatus that is realized as an integrated circuit. The integrated circuit, or circuits, can comprise a circuit (as well as possibly firmware) for which contains at least one or more of a data processor or data processors, a digital signal processor or processors, base band and radio frequency circuits that are configured so as to operate according to the exemplary embodiments of the present invention.
Various modifications and adaptations of the previous exemplary embodiments of the present invention may become apparent to those skilled in the relevant technique in view of the foregoing description, when read in conjunction with the accompanying drawings. However, any and all modifications still fall within the scope of the non-limiting and exemplary embodiments of the present invention.
For example, although the exemplary embodiments have been described above in the context of the IEEE 802 type of systems, it should be noted that the exemplary embodiments of the present invention are not limited to using only this particular type of wireless communication system, and that they can be used to advantage in other wireless communication systems.
It should be noted that the terms connected, coupled, or any variant thereof, means any connection or coupling, direct or indirect, between two or more elements, and may include the presence of one or more intermediate elements between the two elements that They are
28/28 connected or associated together. The coupling or connection between the elements can be physical, logical, or a combination of these. As used here, two elements can be considered to be connected or associated, together with the use of one or more wires, cables and / or printed electrical connections, as well as the use of electromagnetic energy, such as electromagnetic energy having wavelengths in the radio frequency region, the microwave region and the optical region (visible and invisible), like several non-limiting and non-exhaustive examples.
In addition, the various names used for the described parameters (for example, the SSID, etc.) are not intended to be limiting in any respect, as these parameters can be identified by appropriate names. In addition, the various names assigned to different network communications (for example, HTTP, HTTPS, etc.) are not intended to be limiting in any respect, as these different communications can be identified by appropriate names.
In addition, some of the features of the various non-limiting and exemplary embodiments of the present invention can be used to advantage without the corresponding use of other features. As such, the foregoing description should be considered as merely illustrative of the principles, teachings and exemplary embodiments of the present invention, and not for your limitation.

权利要求:
Claims (11)
[1]
1. APPLIANCE, characterized by comprising:
at least one processor, and at least one memory, including computer program code;
wherein at least one memory with the computer program code is configured with at least one processor to make the device at least:
receive at least one transmission beacon from at least one network access point;
in response to determining that the device does not have the necessary credentials to join a secure network access point from at least one network access point, form a preliminary association with at least one network access point;
during preliminary membership, receive or create credentials necessary to associate with the secure network access point and;
form an association with the secure network access point using the credentials received or created and obtain connectivity to the Internet through the secure network access point.
[2]
2. APPLIANCE according to claim 1, characterized in that the at least one memory with the computer program code is configured with at least one processor to further make the device at least:
send http traffic to at least one access point with which the preliminary association is formed; and form a secure http connection to a portal page to which the device is redirected in response to sending http traffic;
where the device is configured to receive or create the necessary credentials to associate with the
2/11 secure network access, while on the secure http link with the portal page.
[3]
3. APPLIANCE, according to claim 2, characterized by when connected to the portal page, a
5 user be able to select the manual or automatic generation of credentials through the device.
[4]
4. APPLIANCE, according to claim 3, characterized in that with the automatic generation of credentials, the device receives the generated credentials from the portal page
10 that comprise one of a username, a password and a client certificate; the device is configured to store received credentials in at least one memory, and the device is configured to automatically provide stored credentials to the secure network access point,] _ 5 without requiring the user to be aware of the content of the credentials.
[5]
Apparatus according to any one of claims 1 to 4, characterized in that the at least one network access point comprises a non-network access point
20 secure, which is an RSN non-robust security network enabled network access point, and the secure network access point, which is a different RSN enabled access point;
wherein the at least one beacon transmission received from the at least one network access point comprises a first transmission beacon received from the access point to _________ unsecured network that indicates — robust RSN security network subscription only and also a second received beacon the access point to the secure network where the first and second beacons comprise the same set of 30 service identifiers;
and the preliminary association is formed with the access point to an unsecured network.
[6]
6. APPLIANCE, according to claim 5,
3/11 characterized by the access point to the secure network and the access point to the non-secure network being incorporated into the same physical node that operates functionally in a secure network and an insecure network, respectively.
7. APPLIANCE, according to claim 5, characterized in that the at least one memory with the computer program code is configured with at least one processor to further make the device at least: end the preliminary association formed with the access point 10 to the unsecured network, before forming the association between the device and the access point to the secure network.
APPLIANCE according to any one of claims 1 to 4, characterized in that the at least one network access point comprises only the network access point
15 secure, and the at least one transmission beacon that is received comprises a beacon received only from the secure network access point which indicates that the secure network access point supports online subscription.
9. APPLIANCE, according to claim 8,
2 0 characterized in that at least one memory with the computer program code is configured with at least one processor to still make the device at least: while the device is in a pre-associated state, send a request for an identifier access to the NAI network of 25 registration to the secure network access point;
-------- receive the identifier___of access _the requested subscription network; and then form the preliminary association with the secure network access point using the network access identifier 30 and server-side authentication only.
10. METHOD, characterized by comprising: receiving at least one beacon transmission from at least one network access point on a user device;
4/11 in response to the determination that the user device does not have the necessary credentials to join a secure network access point from at least one network access point, form a preliminary association with at least one access point the net;
during preliminary association, the user device receives or creates the necessary credentials to associate with the secure network access point; and form an association between the user's device and the secure network access point using the credentials received or created and obtain connectivity to the Internet through the secure network access point.
11. METHOD, according to claim 10, characterized in that the method further comprises:
send http traffic to at least one access point with which the preliminary association is formed; and form a secure http connection to a portal page to which the device is redirected in response to sending http traffic;
where the device is configured to receive or create the necessary credentials to associate with the secure network access point, while on the secure http connection to the portal page.
METHOD, according to claim 10 or 11, characterized in that the at least one network access point comprises an unsecured network access point, which is a non-robust network enabled network access point RSN, and the secure network access point that is different from an RSN enabled access point;
wherein receiving at least one beacon transmission from at least one network access point comprises receiving on the user device a first beacon transmission from the non-secure network access point which indicates RSN robust security network enrollment only and also receiving on the user device a second beacon from the secure network access point, in which the first and second beacons comprise the same service set identifier;
and the preliminary association is formed with the access point to an unsecured network.
13. METHOD according to claim 10 or 11, characterized in that the at least one network access point comprises only the secure network access point, and receiving at least one transmission beacon comprises receiving a beacon only from the secure network access that indicates that the secure network access point supports online subscription.
14. METHOD, according to claim 13, characterized in that the method further comprises:
while the device is in a pre-associated state, send a request for a network access identifier to the NAI subscription to the secure network access point;
receive the requested network access identifier, and then form the preliminary association with the secure network access point using the network access identifier and authentication only on the server side.
15. LEGIBLE MEDIA BY NON-TRANSITIONAL COMPUTER, characterized by including computer program instructions that, when executed by at least one data processor, result in the performance of operations that
-include:
receiving on a user device at least one transmission beacon from at least one network access point;
in response to the determination that the user device lacks the necessary credentials to join a secure network access point from at least one network access point, form a preliminary association with at least one network access point;
6/11 during the preliminary association, the user device receives or creates the necessary credentials to associate with the secure network access point; and form an association between the user's device and the secure network access point using the credentials received or created and obtain connectivity to the Internet through the secure network access point.
16. APPLIANCE, characterized by comprising:
at least one processor, and at least one memory, including computer program code;
wherein at least one memory with the computer program code is configured with at least one processor to make the device at least:
send at least one transmission beacon that comprises a service set identifier, and provide subscription service to a secure network access point operating with the same service set identifier as the device.
17. Apparatus according to claim 16, characterized in that the at least one transmission beacon also includes an indication of capacity indicating that the access point to the non-robust safety net is capable of RSN registration only.
18. APPLIANCE according to claim 16 or 1-7, characterized in that the apparatus comprises an access point with a non-robust security network and the registration service provided comprises:
the non-rugged safety network access point RSN associating with a user device (accepting a user device association request), the safety network access point does not
[7]
Robust 7/11 RSN allowing the user device to obtain credentials to associate with a secure network access point; and then the access point to the RSN non-robust safety net disconnecting from the user device.
19. APPLIANCE, according to claim 18, characterized by enabling the user device to obtain credentials comprising at least one of the following:
redirect http traffic received from the user's device to a portal page;
form a secure http connection to the user's device to establish credentials;
authenticate the user device with a portal page, through which the user device can create credentials;
authenticate the user device with a portal page that generates the credentials and sends the generated credentials to the user device.
20. METHOD, characterized by understanding:
send, from an access point to the non-robust RSN security network, at least one transmission beacon comprising a service set identifier, and the access point to the non-robust RSN safety network provide subscription service to a secure network access point operating with the same service set identifier as the non-robust RSN security network access point.
21. METHOD according to claim 20, characterized in that the at least one transmission beacon also includes an indication of capacity indicating that the access point to the non-robust safety net is capable of RSN registration only.
22. METHOD, according to claim 20 or 21,
[8]
8/11 characterized in that the registration service provided comprises:
the non-robust RSN safety network access point associating with a user device (accepting a user device association request), the non-robust RSN safety network access point allowing the device user obtain the credentials to associate with a secure network access point, and then the non-robust RSN security network access point by disassociating from the user device.
23. Means readable by a non-transitory computer, characterized by including computer program instructions that, when executed by at least one data processor, result in the performance of operations that include:
send from an access point the RSN non-robust security network network with at least one transmission beacon comprising a service set identifier, and the non-robust RSN security network access point provide subscription service to a access to the RSN non-robust safety net working with the same service set identifier as the access point to the non-robust RSN safety net
24. APPARATUS, characterized by comprising:
at least one processor, and at least one memory, including computer program code;
wherein at least one memory with the computer program code is configured with at least one processor to make the device at least:
[9]
9/11 transmits at least one beacon transmission;
provide a NAI enrollment network access identifier for a user device, while the user device is in a state pre-associated with the device;
receive a membership request from the user device that includes the network access identifier for the NAI enrollment, and grant limited user device access to a network for credential creation purposes.
25. APPARATUS, according to claim 24, characterized by granting limited user device access to the network for credential creation purposes including:
establish a preliminary association with the user device;
redirect http traffic received from the user's device to a portal page;
form a secure http connection to the user's device to establish credentials; and terminate the preliminary association with the user device.
26. APPLIANCE, according to claim 24 or 25, characterized in that the apparatus comprises an access point to the RSN robust security network, and at least one memory with the computer program code is configured with at least a _para processor. still make the device at least:
form an association with the user device with the credentials and then grant the user device Internet connectivity through the device.
27. METHOD, characterized by comprising:
transmit at least one beacon transmission;
provide a network access identifier
[10]
10/11 NAI enrollment for a user device, while the user device is in a pre-associated state;
receive from the user device a request for
5 association, which includes the NAI registration network access identifier; and grant the user device limited access to a network for credential creation purposes.
28. METHOD, according to claim 27,
10 characterized by granting the user device limited access to the network for the purposes of creating credentials:
establish a preliminary association with the user device;
15 redirect http traffic received from the user's device to a portal page;
form a secure http connection to the user device to establish credentials and terminate the preliminary association with the user device 20.
29. METHOD according to claim 27 or 28, characterized in that the method is performed by an access point to the RSN robust security network, and the method further comprises:
25 form an association with the user device using the credentials and subsequently grant to the. the user's device connectivity to the Internet via the RSN robust security network access point.
30. MEDIA legible by non-transitory computer,
30 characterized by including computer program instructions that, when executed by at least one data processor, result in the performance of operations that comprise:
[11]
11/11 transmit at least one transmission beacon;
provide a NAI enrollment network access identifier for a user device, while the user device is in a pre-associated state;
receive an association request from the user's device, which includes the NAI subscription network access identifier; and grant the user device limited access to a network for credential creation purposes.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112013006256A2|2020-05-26|APPARATUS, METHOD AND MEDIA READABLE BY NON-TRANSITIONAL COMPUTER

---

US10341328B2|2019-07-02|Secure on-line sign-up and provisioning for Wi-Fi hotspots using a device-management protocol

---

US9787683B2|2017-10-10|Seamless wi-fi subscription remediation

---

JP6022706B2|2016-11-09|Secure online sign-up and provisioning with wireless devices

---

US10856135B2|2020-12-01|Method and apparatus for network access

---

KR101644723B1|2016-08-01|Mobile device and method for secure on-line sign-up and provisioning for wi-fi hotspots using soap-xml techniques

---

US20160242033A1|2016-08-18|Communication service using method and electronic device supporting the same

---

US20200220938A1|2020-07-09|Local access information for presenting at a mobile device

---

CN106105134B|2019-11-05|Method and apparatus for improving end-to-end data protection

---

CN109996346B|2021-07-16|Session establishment method, device and system

---

US20180310172A1|2018-10-25|Method And Apparatus For Extensible Authentication Protocol

---

WO2019024744A1|2019-02-07|Method and device for acquiring identifier of terminal device

---

BR112020000932A2|2020-07-21|network security management method, and device

---

CN109391937B|2021-10-19|Method, device and system for obtaining public key

---

CN108540493B|2021-05-04|Authentication method, user equipment, network entity and service side server

---

WO2018137239A1|2018-08-02|Authentication method, authentication server, and core network equipment

---

CN113498055A|2021-10-12|Access control method and communication equipment

---

BR112014005388B1|2021-12-28|METHOD CARRIED OUT BY A MOBILE DEVICE AND MOBILE DEVICE FOR SECURE ONLINE SUBSCRIPTION AND PROVISIONING FOR WI-FI HOTSPOTS

同族专利:

---

公开号 | 公开日

---

EP2617222A4|2017-05-03|

---

AP3977A|2017-01-04|

---

EP2617222B1|2019-07-24|

---

US20120072976A1|2012-03-22|

---

EP2617222A1|2013-07-24|

---

WO2012035203A1|2012-03-22|

---

TWI525447B|2016-03-11|

---

US9131373B2|2015-09-08|

---

RU2013114721A|2014-10-27|

---

AP2013006805A0|2013-04-30|

---

CN103222292A|2013-07-24|

---

HUE046534T2|2020-03-30|

---

ES2750031T3|2020-03-24|

---

CN103222292B|2016-08-10|

---

ZA201302643B|2014-10-29|

---

RU2564251C2|2015-09-27|

---

TW201224775A|2012-06-16|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

JP3419391B2|2000-10-05|2003-06-23|日本電気株式会社|LAN that allows access to authentication denied terminals under specific conditions|

---

JP4340626B2|2002-05-13|2009-10-07|トムソンライセンシング|Seamless public wireless local area network user authentication|

---

EP1615381A1|2004-07-07|2006-01-11|Thomson Multimedia Broadband Belgium|Device and process for wireless local area network association|

---

US8041035B2|2005-12-30|2011-10-18|Intel Corporation|Automatic configuration of devices upon introduction into a networked environment|

---

US7974249B2|2006-03-01|2011-07-05|Dell Products L.P.|Virtual access point for configuration of a LAN|

---

ES2381392T3|2006-04-29|2012-05-25|Alcatel Lucent|Procedure for providing a visiting terminal with emergency access over a WLAN|

---

RU2420902C2|2006-06-23|2011-06-10|Нек Корпорейшн|Wireless communication device and method of switching modulation system thereof|

---

US8341717B1|2008-11-13|2012-12-25|Sprint Communications Company L.P.|Dynamic network policies based on device classification|

---

US11134102B2|2009-01-28|2021-09-28|Headwater Research Llc|Verifiable device assisted service usage monitoring with reporting, synchronization, and notification|US7487363B2|2001-10-18|2009-02-03|Nokia Corporation|System and method for controlled copying and moving of content between devices and domains based on conditional encryption of content key depending on usage|

---

US9571482B2|2011-07-21|2017-02-14|Intel Corporation|Secure on-line sign-up and provisioning for Wi-Fi hotspots using a device management protocol|

---

CA2845281A1|2011-08-22|2013-02-28|Telefonaktiebolaget L M Ericsson |Virtual access point using single service set identifiers|

---

KR101341256B1|2011-09-19|2013-12-12|주식회사 팬택|Apparatus and method for strengthening security connection of network|

---

CN103249047B|2012-02-10|2018-11-23|南京中兴新软件有限责任公司|The access authentication method and device of WLAN hot spot|

---

US9338159B2|2012-03-19|2016-05-10|Nokia Technologies Oy|Method and apparatus for sharing wireless network subscription services|

---

US9686710B2|2012-05-31|2017-06-20|Lg Electronics Inc.|Method for obtaining policy information for making traffic detour|

---

US9907014B2|2012-07-03|2018-02-27|Futurewei Technologies, Inc.|System and method for subscription and policy provisioning|

---

US8913559B2|2012-07-10|2014-12-16|Futurewei Technologies, Inc.|System and method for online sign up provider selection|

---

CN103546983B|2012-07-13|2017-10-27|华为技术有限公司|Communication means, device and system|

---

US8817707B2|2012-07-20|2014-08-26|Intel Corporation|Mechanisms for roaming between 3GPP operators and WLAN service providers|

---

US9979710B2|2012-07-26|2018-05-22|Stmicroelectronics, Inc.|Single SSID and dual-SSID enhancements|

---

WO2014082669A1|2012-11-29|2014-06-05|Telefonaktiebolaget L M Ericsson |A method and apparatus for controlling association of a station with a wlan|

---

US9307408B2|2012-12-27|2016-04-05|Intel Corporation|Secure on-line signup and provisioning of wireless devices|

---

US20150223059A1|2013-03-01|2015-08-06|Intel Corporation|Techniques for establishing access to a local wireless network|

---

CN108667699B|2013-08-06|2021-07-20|华为终端有限公司|Method and device for interconnecting terminal equipment and gateway equipment|

---

JP6068370B2|2014-01-21|2017-01-25|Ｎｅｃプラットフォームズ株式会社|Wireless communication apparatus, information communication terminal, communication system control method, and control program|

---

US9900774B2|2014-05-30|2018-02-20|Paypal, Inc.|Shared network connection credentials on check-in at a user's home location|

---

US20160014689A1|2014-07-14|2016-01-14|Qualcomm Incorporated|Advertising supported domains via probe request/response and beacons|

---

CN104135728B|2014-07-17|2015-10-14|腾讯科技（深圳）有限公司|Method for connecting network and device|

---

CN105828326B|2014-07-24|2021-01-01|中兴通讯股份有限公司|Access method of wireless local area network and wireless access node|

---

US20160150409A1|2014-11-21|2016-05-26|Mediatek Inc.|Method of Access Point Connection|

---

US9473940B2|2015-02-20|2016-10-18|Roku, Inc.|Authenticating a browser-less data streaming device to a network with an external browser|

---

US20180115424A1|2016-10-24|2018-04-26|Avago Technologies General IpPte. Ltd.|Securing wireless frames without association|

---

CN107197462B|2017-06-28|2020-04-07|阿里巴巴集团控股有限公司|Wireless network type detection method and device and electronic equipment|

---

US10541990B2|2017-07-31|2020-01-21|Hewlett Packard Enterprise Development Lp|Client device ticket|

法律状态:
2020-06-02| B15K| Others concerning applications: alteration of classification|Free format text: AS CLASSIFICACOES ANTERIORES ERAM: H04W 12/08 , H04W 76/02 Ipc: H04W 12/06 (2009.01), H04L 29/06 (2006.01) |

---

2020-06-02| B15I| Others concerning applications: loss of priority|Free format text: PERDA DA PRIORIDADE US 61/383,475 REIVINDICADA NO PCT/FI2011/050778, CONFORME AS/ DISPOSICOES PREVISTAS NA LEI 9.279 DE 14/05/1996 (LPI) ART. 167O, ITEM 28 DO ATO NORMATIVO 128/97 E NO ART. 29 DA RESOLUCAO INPI-PR 77/2013. ESTA PERDA SE DEU PELO FATO DE O DEPOSITANTE CONSTANTE DA PETICAO DE REQUERIMENTO DO PEDIDO PCT (?NOKIA CORPORATION?) SER DISTINTO DAQUELES QUE DEPOSITARAM A PRIORIDADE REIVINDICADA E NAO FOI APRESENTADO O DOCUMENTO COMPROBATORIO DE CESSAO NO PRAZO LEGAL, CONFORME AS DISPOSICOES PREVISTAS NA LEI 9.279 DE 14/05/1996 (LPI) ART. 166O, ITEM 27 DO ATO NORMATIVO 128/97 E NO ART. 2 DA RESOLUCAO INPIPR 179/2017. |

---

2020-06-09| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2020-07-14| B25A| Requested transfer of rights approved|Owner name: NOKIA TECHNOLOGIES OY (FI) |

---

2020-08-18| B12F| Other appeals [chapter 12.6 patent gazette]|

---

2021-10-19| B350| Update of information on the portal [chapter 15.35 patent gazette]|

---

2022-02-15| B06A| Patent application procedure suspended [chapter 6.1 patent gazette]|

优先权:

---

申请号 | 申请日 | 专利标题

---

US38347510P| true| 2010-09-16|2010-09-16|

---

PCT/FI2011/050778|WO2012035203A1|2010-09-16|2011-09-12|Dynamic account creation with secured hotspot network|

---