WO2018032085A1 - Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés - Google Patents

Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés Download PDF

Info

Publication number
WO2018032085A1
WO2018032085A1 PCT/CA2016/050968 CA2016050968W WO2018032085A1 WO 2018032085 A1 WO2018032085 A1 WO 2018032085A1 CA 2016050968 W CA2016050968 W CA 2016050968W WO 2018032085 A1 WO2018032085 A1 WO 2018032085A1
Authority
WO
WIPO (PCT)
Prior art keywords
wireless network
secured
subscriber
wireless
broadcast device
Prior art date
Application number
PCT/CA2016/050968
Other languages
English (en)
Inventor
Aflatoon AFLATOONI
Original Assignee
Aflatooni Aflatoon
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aflatooni Aflatoon filed Critical Aflatooni Aflatoon
Priority to PCT/CA2016/050968 priority Critical patent/WO2018032085A1/fr
Publication of WO2018032085A1 publication Critical patent/WO2018032085A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/48Secure or trusted billing, e.g. trusted elements or encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/80Rating or billing plans; Tariff determination aspects
    • H04M15/8038Roaming or handoff
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/668Internet protocol [IP] address subnets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5038Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks

Definitions

  • the invention relates to Internet access points, and more particularly to Internet access points shared by multiple users.
  • the Internet is a worldwide system of interconnected computer networks involving communications infrastructure of many different types of communication networks. Communication networks may be distinguished based on geographical span. For example, a wide area network (WAN) provides communication in a broad geographic area covering national and/or international locations, on a smaller scale a metropolitan area network (MAN) covers a plurality of postal code areas within a city or state, on an even smaller scale a neighborhood area network (NAN) typically spans a range of one to five bordering postal code areas, while a local area network (LAN) covers a small geographic area, such as a private residence, school or company.
  • WAN wide area network
  • MAN metropolitan area network
  • NAN neighborhood area network
  • LAN local area network
  • PANs Personal area networks
  • PDAs and printers personal area networks
  • near field communications such as infrared or near field radio.
  • NAN neighborhood area network
  • hotspot a hotspot
  • NANs and hotspots are examples of a shared wireless Internet access point, for example employing a Wi-Fi 802.11 wireless standard.
  • a NAN typically covers a small number of blocks close to a wireless access point, for example communications mediated by a single omnidirectional antenna can readily span a radius of one kilometer.
  • NAN providers are usually individuals or a group that join to share an Internet broadband connection, for example DSL or cable modem. Geographical span of a hotspot is typically limited to the wireless range of a router device, often being limited to a few hundred meters covering a building or several proximal/adjacent units within a building. Hotspot providers are often commercial establishments such as coffee shops, restaurants or airports.
  • NANs While both NANs can allow users/subscribers to connect to the Internet quickly and at an efficient cost, both suffer from potential reduction of bandwidth speed related to increased levels of subscriber usage and lack of privacy of Internet communications between subscribers. Furthermore, while the desire to share Internet access may be recognized, communication of this desire to neighbors remains a cumbersome and inefficient task.
  • a wireless network broadcast device comprising:
  • a first wireless adapter to establish password protected secured wireless communications with an Internet access point
  • a second wireless adapter to establish a plurality of secured wireless network connections and an open unsecured wireless network connection directed to a web page hosted on a remote server and providing information relating to purchase of one of the plurality of secured wireless network connections;
  • a processor communicative with both the first wireless adapter and the second wireless adapter, the processor programmed to execute network security rules to isolate network communications data of each of the plurality of secured wireless network connections from all other network communications data passing through the first wireless adapter.
  • a system for adding a secured wireless network connection to a wireless network broadcasting device comprising:
  • a wireless network broadcast device configured to broadcast a first open unsecured wireless network connection and to broadcast a first secured wireless network connection uniquely accessible by a first subscriber, the open unsecured wireless network connection directed to a unique first web page providing information relating to purchase of a second secured wireless network connection of the wireless network broadcast device; a remote server communicative with the wireless network broadcast device through an Internet access point, the remote server configured to receive a communication relating to purchase of the second secured wireless network connection by a second subscriber, and sending a communication to the wireless network broadcasting device to add the second secured wireless network connection uniquely accessible by the second subscriber.
  • a system for adding a secured wireless network connection for a subscriber in a mobility mode comprising:
  • a first wireless network broadcast device configured to broadcast an open unsecured wireless network connection, to broadcast a home mode secured wireless network connection uniquely accessible by a first subscriber in a home mode, and to broadcast a mobility mode secured wireless network connection uniquely accessible by a second subscriber in a mobility mode, the home mode designated when the first subscriber initially establishes the home mode secured wireless network connection with the first wireless network broadcast device in a first wireless communication range and remains geographically within the first wireless communication range of the first wireless network broadcast device, a mobility mode designated when the second subscriber initially establishes a home mode secured wireless network connection with a second wireless network broadcast device in a second wireless communication range and moves geographically outside of the second wireless communication range of the second wireless network broadcast device and remains within the first wireless communication range of the first wireless network broadcast device;
  • a remote server communicative with the first wireless network broadcast device through an Internet access point, the remote server configured to receive information from the first wireless network broadcast device relating to the second subscriber, accessing a stored record of the second subscriber to designate the second subscriber in the mobility mode, and sending a communication to the first wireless network broadcasting device to add the mobility mode secured wireless network connection uniquely accessible by the second subscriber in the mobility mode.
  • Figure 1 shows a system for providing a plurality of secured wireless network connections over a shared Internet access point
  • Figure 2 shows an alternative implementation of the system shown in Figure 1 ;
  • Figure 3 shows a communication path between a processor and memory in the wireless network broadcast device used in the system shown in Figure 1 or 2;
  • Figure 4 shows a block diagram of a performance parameter update of the system shown in Figure 1 or 2;
  • Figure 5 shows a block diagram of a network configuration update of the wireless network broadcast device shown in Figure 1 or 2;
  • Figure 6 shows a block diagram of a subscriber usage update of the system shown in Figure 1 or 2;
  • Figure 7 shows a block diagram of a network configuration update of the wireless network broadcast device shown in Figure 1 or 2, modified to accept two classes of subscribers - home subscribers and mobility subscribers;
  • Figure 8 shows a block diagram of automated addition of a network for a mobility subscriber to the wireless network broadcast device
  • Figure 9 shows a block diagram of automated removal of a network for a mobility subscriber to the wireless network broadcast device.
  • Figures 1 and 2 show a system, generally designated by reference numeral 1, for providing a plurality of secured wireless network connections over a single shared Internet access point.
  • the system 1 allows a subscriber of Internet services from an upstream Internet services provider (ISP) to in turn become a shared Internet service (SIS) provider of a plurality of secured wireless network connections, each of which may be assigned and sold to an individual neighboring subscriber.
  • ISP upstream Internet services provider
  • SIS shared Internet service
  • the system 1 employs a wireless network broadcast device 10 to broadcast at least one open unsecured wireless network connection and a plurality of secured wireless network connections.
  • the wireless network broadcast device 10 is a computing device including multiple operably connected computing components contained with a housing 1 1, the computing components cooperatively interacting to broadcast at least one open unsecured wireless network connection and a plurality of secured wireless network connections.
  • the wireless network broadcast device 10 may be configured with any conventional hardware or programmable elements including a processor 12 for executing computer programmable code.
  • the processor 14 is communicative with a memory 14 which stores computer programmable code and data generated during execution of the computer programmable code.
  • the processor 14 may also be communicative with a display 16 or any suitable visual indicators, such as LED indicators.
  • the processor 14 is also communicative with a local area network (LAN) adapter 18 and a first wireless LAN (WLAN) adapter 20 and optionally, a second WLAN adapter 22.
  • LAN local area network
  • WLAN wireless LAN
  • the housing 11 may further support additional input/output devices or input/output ports as desired.
  • the housing 11 also supports a power supply unit 24 which is operably connected with processor 12 and other computer components to distribute electric current as needed for operation. Communication of computing signals and electric current may be achieved using any conventional electric circuitry, for example computer bus architecture.
  • the first WLAN adapter 20 is controlled by processor 12 to broadcast at least one open unsecured wireless network connection 30 and a plurality of secured wireless network connections, for example a first secured wireless network connection 31a and a second secured wireless network connection 31b.
  • the at least one open unsecured wireless network connection 30 is broadcast with a network name, such as a service set identifier (SSID), that is selected by a SIS provider that uses the wireless network broadcast device 10, and more specifically uses the open unsecured wireless network connection 30, to advertise options for and sale of wireless and secure shared Internet access to neighboring subscribers wishing to purchase Internet services.
  • SSID service set identifier
  • wireless enabled computing devices of first and second neighboring subscribers, 32a and 32b can connect to first and second secured wireless network connections, 31a and 31b, respectively.
  • a neighbor interested in obtaining secured Internet access will initially connect to the at least one open unsecured wireless network connection 30 with a wireless enabled computing device. Connection of a wireless enabled computing device to the at least one open unsecured wireless network connection 30 can be achieved without a password authentication step. Connection of the neighbor's wireless enabled computing device to the at least one open unsecured wireless network connection 30 directs an Internet browser installed on the neighbor's wireless enabled computing device to an Internet webpage or captive portal hosted on a remote server 60 that provides information relating to available data transmission speed and/or permitted data transmission amounts over a preset time interval (for example, per month) for the plurality of secured wireless network connections.
  • a preset time interval for example, per month
  • the webpage or captive portal can also provide prompts and dialogue boxes for payment functions, providing contact information and providing information to configure one of the plurality of secured wireless network connections, including a network name (eg, SSID), a network password, and options for encryption and securing Internet data communications.
  • the webpage or captive portal can also provide ratings or reviews of the SIS provider that has installed the wireless network broadcast device 10.
  • the webpage or captive portal can also provide a connectivity test to test connectivity speed of the neighbor's wireless enabled computing device with the wireless network broadcast device 10 prior to committing to purchase of secured Internet access. Any conventional method for testing connectivity speeds may be used.
  • the connectivity test can comprise a step of calculating time required for download and/or upload of a reference or standardized file or data packet - for example, any conventional check file - between the neighbor's wireless enabled computing device and remote servers 60 through the open unsecured wireless network connection 30.
  • the at least one open unsecured wireless network connection 30 is typically broadcast continuously during operation of the wireless network broadcast device 10. However, broadcast of the at least one open unsecured wireless network connection 30 may be paused as desired by the SIS provider in an ad-hoc fashion or based on any predetermined rule set such as a preset threshold for a maximum number of subscribers or wireless enabled computing devices or a preset threshold for amount of data transmission over a monthly time interval or a preset threshold for a minimum speed of data transmission.
  • the interested neighbor is considered a neighbor subscriber (eg., Subscriber A).
  • Communications of the interested neighbor with the webpage or captive portal hosted on the remote server 60 can be encrypted (for example, using an https encryption protocol) to prevent misuse of the open unsecured wireless network 30 by a third party intent on stealing the interested neighbor's information, including for example credit card payment data.
  • the interested neighbor is established as a neighbor subscriber (eg., Subscriber A)
  • communications between the remote server 60 and the wireless network broadcast device 10 configure the wireless network broadcast device 10 to broadcast a first secured wireless network connection 31a with the network name (SSID) and password selected or preset by the neighbor subscriber.
  • the neighbor subscriber can then use a wireless enabled computing device 32a to connect to the first secured wireless network connection recognizable and selectable by the preset SSID and providing authentication using the preset password.
  • the enrollment process can then be repeated for a second neighbor subscriber (eg., Subscriber B) and repeated again to enroll further subscribers.
  • Network security rules such as firewall, sandbox, jail and/or tunneling protocols are implemented to isolate data communication 38 of each of the plurality of secured wireless network connections from all other data transmission passing through wireless network broadcast device 10.
  • data transmission 38 of each neighbor subscriber is secured and isolated from data transmissions of all other subscribers and data transmissions of the SIS provider.
  • a subnet organization may be imposed such that each wireless network broadcast device 10 is designated by a unique Internet Protocol (IP) address that includes a unique network identifier, typically obtained from router/modem 40 of the ISP, while each neighbor subscriber network is designated by a unique IP address that includes a unique combination of the network identifier and a subnet identifier, and each neighbor subscriber device is designated by a unique IP address that includes a unique combination of the network identifier, the subnet identifier and the machine identifier; IP address organization may be delineated even further, for example to include a unique identifier for each port within a device.
  • IP Internet Protocol
  • the wireless network broadcast device 10 can be configured with routing tables that are accessed by internal gateways to manage routing of data transmissions to and from each neighbor subscriber network.
  • the wireless broadcast network device 10 obtains IP address space from router/modem 40.
  • Any conventional scheme to combine network address, subnet address and machine address may be used to organize IP addresses obtained and supported by the wireless network broadcast device 10, including for example Classless Inter-Domain Routing (CIDR) notation or Variable-Length Subnet Masking (VLSM) notation of IPv4 or IPv6 addresses.
  • CIDR Classless Inter-Domain Routing
  • VLSM Variable-Length Subnet Masking
  • the SIS provider typically purchases Internet access from an ISP that provides network services over a geographic span that is larger than a neighborhood, such as a geography that spans a city, state, or country.
  • the SIS provider installs a router/modem 40 that provides an Internet access point to the ISP communications network 35 and ultimately to the Internet 50.
  • the SIS provider maintains Internet access and a computing network through a network connection supported by the router/modem 40.
  • the wireless network broadcast device connects to the router/modem 40 by a wired network cable (eg., Cat5) connection 34 with LAN adapter 18 as shown in Figure 1 or by a wireless network connection 36 with the second WLAN adapter 22 as shown in Figure 2.
  • any convenient method may be used to establish the wireless network connection 36 between the wireless network broadcast device 10 and the router/modem 40.
  • the wired network cable connection 34 may be used for initial automated configuration of the wireless network broadcast device 10, after which the SIS provider may access a unique account webpage where available wireless network connections that are within range of the wireless network broadcast device 10 are displayed with prompts for the SIS provider to select the appropriate SSID belonging to the SIS provider and to enter a corresponding password.
  • the SSID and password information can then be sent to the wireless network broadcast device 10 to attempt to establish the wireless network connection 36 with the router/modem 40.
  • a test may be performed to check connectivity speed and completeness of a standardized or reference file, and if the test achieves predetermined threshold criteria for success a notification to disconnect the wired network cable connection 34 may be sent to the SIS provider by any conventional messaging medium (eg., email, SMS text message) and/or may be posted to the SIS provider's dedicated account webpage. Steps to establish the wireless connection 36 may begin based on an automated protocol or may be triggered by a specific request from the SIS provider.
  • the SIS provider When enrolling in the system 1, the SIS provider undergoes verification and eligibility protocols which can include verification of contact information and address and submission of bank account information and/or credit card information and a security deposit. Information submitted during enrollment is used to setup an account for the provider and to populate the SIS provider's advertising web page or captive portal that is linked to the at least one open unsecured wireless network connection 30.
  • the SIS provider receives the wireless network broadcast device 10 programmed for automated connection with remote servers 60 once connected to router/modem 40.
  • the wireless network broadcast device 10 is authenticated by any convenient rule set, including a hardware identifier unique to each wireless network broadcast device 10, and once authenticated can communicate and synchronize with configuration updates sent from a remote server 60.
  • the wireless network broadcast device 10 can obtain the IP address from the dynamic host configuration protocol (DHCP) service of the router/modem 40, for example the processor 12 and/or the LAN adapter 18 may communicate with the router/modem 40 to obtain an IP address.
  • DHCP dynamic host configuration protocol
  • the SIS provider may be prevented from direct access or login to the wireless network broadcast device 10 as may be desired for customization or configuration of the device 10; instead customization and configuration selections, as well as device status and usage metrics of neighbor subscribers can be presented on a web page hosted on the remote servers 60 with reconfiguration of the wireless network broadcast device 10 achieved by communication with the remote servers 60.
  • the wireless network broadcast device 10 can be operational to broadcast the at least one open unsecured wireless network connection 30 to promote the wireless network service of the corresponding SIS provider.
  • the wireless network broadcast device 10 is any combination of computer hardware and computer programmable code that functions to support a plurality of secured wireless networks and at least one open network and supports analysis of usage of each of the secured wireless networks.
  • Figure 3 is an illustrative example of communication paths between the processor 12 and memory 14 showing an example of operable connections of logical components in the wireless network broadcast device 10.
  • Executable components of the processor 12 include a clock 71, usage tracker 72, data manager 73, router 74, and network security 75.
  • Clock 71 can be accessed as desired to correlate an event with a time and optionally to record the time or the time correlated event in the memory 14.
  • Clock 71 may be provided locally within the wireless network broadcast device 10 or time can be maintained based on a time service from a remote server.
  • Clock 71 may provide timestamps 81 to be recorded in memory 14 or may be accessed by any other logical component to provide a time stamp as desired which may also be recorded in memory 14.
  • Usage tracker 72 can be accessed to analyze and calculate usage of each of the plurality of secured wireless networks and can be configured by tracking algorithms 82 stored in memory. The usage tracker 72 will generate usage data specific to each of the secured wireless networks and data manager 73 can record, organize and compile the usage data as desired, for example as usage statistics 83 recorded in memory 14 categorized according to each of the secured wireless networks.
  • Router 74 is responsible for directing inbound and outbound data packets for network data traffic.
  • Router 74 will maintain routing data 84 in memory typically in the form of routing tables and will typically be configured for TCP/IP protocol capability. Routers allow for connection of a plurality of logical groups of computer devices known as subnets, each with a different sub-network address.
  • Network security 75 will be configured as desired to provide secured wireless networks including, for example firewall and/or VPN capability and will be configured according to security settings 85 such as rules and algorithms.
  • Information maintained in memory as well as logical components executed by the processor may be modified as desired by configuration update communications between the wireless network broadcast device 10 and remote servers 60. Layout of logical components and their connections shown in Figure 3 is merely illustrative and any suitable combination, substitution or addition of conventional computing components may occur including, for example, combination of router and network security components or combination of usage tracker and data manager components.
  • the wireless network broadcast device 10 communicates with one or more remote servers to send and receive information that may trigger and/or execute an update event.
  • Most update events can be accomplished by automated communication and synchronization between the wireless network broadcast device 10 and remote servers 60.
  • Figure 4 shows wireless network broadcast device logic 100 and server logic 102 for an update of a device performance parameter.
  • the device initiates a connection with the server (step 104) and the server receives the connection request (step 105).
  • the device requests a check file and downloads the check file (step 106) provided by the server (step 107).
  • the check file is a standardized data file (such as a standardized image) served by a secured check file server.
  • the device can run a test on the file to check integrity, such as a cyclic redundancy check (CRC) to yield a checksum value.
  • CRC cyclic redundancy check
  • the device measures the time interval from the time of sending the request for the check file to the time of completion of the download (step 108) and uses the measured elapsed time and the known data size of the check file to calculate the device speed of connection to the Internet (step 110).
  • To update the speed of connection the device requests connection to a server that stores the performance data (step 112) and the server receives the connection request (step 114).
  • the device provides an encrypted key (step 116) which the server validates (step 118).
  • the server proceeds to validate a good standing of the account (step 120) and update a log and any change to the IP address corresponding to the device (step 122).
  • the device provides the calculated speed of connection (step 124) prompting the server to update a speed record in a corresponding account (step 126).
  • the server Upon completion of the update the server provides a response to the device (step 128) and the device validates the response to ensure that the calculated speed data has been properly recorded (step 130).
  • Figure 5 shows an example of wireless network broadcast device logic 140 and server logic 142 for a wireless network configuration update of the device.
  • the device initiates a connection with the server (step 144) and the server receives the connection request (step 146).
  • the device provides an encrypted key (step 148) which the server validates (step 150).
  • the device requests a configuration update (step 156) prompting the server to provide a list of all network configurations linked to the corresponding account (step 154).
  • the device receives the list of current network configurations (step 156) and validates the server response to ensure that the list of current network configurations is a complete transmission (step 158).
  • the device determines whether a difference exists between the existing configuration of the device and the configuration lists received from the server (step 160).
  • the determination of a difference may be based on a comparison of any suitable parameter including for example network names (eg, SSID), network passwords, number of secured networks defined, neighbor subscriber customization selections, SIS provider customization selections, MAC addresses, and the like. If no difference exists then the update is terminated. If a difference exits then an update is executed (step 164).
  • the update can be executed using any convenient technique including, for example, a complete overwrite of the system configuration or a targeted update for each wireless network that is related to a detected difference (determined in step 160).
  • the updated configuration is saved as the existing configuration (step 166) of the device, and the network interface is reloaded (step 168).
  • FIG 6 shows an example of wireless network broadcast device logic 180 and server logic 182 for an update of subscriber usage statistics to subscriber usage records stored on the server.
  • the device tracks and records each subscriber's usage statistics derived from analysis of header information of all data packets sent and received through the device (step 184). At predetermined time intervals, that typically range from an hour to a day, the device initiates a connection with the server (step 186) and the server receives the connection request (step 188).
  • the device provides an encrypted key (step 190) which the server validates (step 192).
  • the device provides subscriber usage statistics recorded since a previous update (step 194).
  • the server updates subscriber usage records that are linked to an account corresponding to the device (step 196) and sends a completion response (step 198).
  • the device validates the response to ensure a completed update (step 200) and resets subscriber usage statistics to begin tracking and recording subscriber usage over a current time interval (step 202).
  • the system 1 can be adapted to include a mobility function to provide Internet service to a neighbor subscriber that is travelling outside of a home range.
  • a mobility function is implemented to provide Internet service to a neighbor subscriber that is travelling outside of a home range.
  • each of the plurality of neighbor subscribers served by the system 1 can be categorized as either a home neighbor subscriber or a mobility neighbor subscriber.
  • a home neighbor subscriber is a neighbor subscriber using a secured wireless network connection provided by an SIS provider linked or related to that neighbor subscriber at the time of enrollment, with the linked SIS provider being considered that neighbor subscribers home SIS provider; typically the secured wireless network connection is supported on the same wireless network broadcast device 10 that provided the open unsecure wireless network for enrollment unless the wireless network broadcast device has been changed subsequent to enrollment.
  • a mobility neighbor subscriber is a neighbor subscriber using a secured wireless network connection provided by an SIS provider that is not linked or unrelated to that neighbor subscriber at the time of enrollment.
  • each neighbor subscriber and SIS provider pairing that is established at the time of enrollment of the neighbor subscriber is considered the home relationship, and all other neighbor subscriber and SIS provider interactions are categorized as a mobility relationship. Therefore, each neighbor subscriber can transition between categorization as a home neighbor subscriber or a mobility neighbor subscriber depending on whether the neighbor subscriber is within wireless range of wireless networks provided by the corresponding home SIS provider.
  • the home neighbor subscriber computing device maintains a wireless network connection with its corresponding home SIS provider until the wireless network connection is lost or out of range, at which point a wireless network connection can be established between the neighbor subscriber and a different SIS provider in a mobility relationship.
  • each wireless network broadcast device 10 can be configured to provide IP addresses that are specific to either home network connections or mobility network connections. For example, for each wireless network broadcast device 10 a first specific range of unique internal/private IP addresses can be reserved for designation of home relationship wireless network connections, while a second specific range of internal/private IP addresses can be reserved for mobility relationship wireless network connections.
  • IP address ranges supported by the system may range from 10.1.0.0 to 10.1.255.255 for home wireless network connection internal/private IP addresses, while ranging from 10.2.0.0 to 10.2.255.255 for mobility wireless network connection internal/private IP addresses.
  • a neighbor subscriber wireless network connection is designated with either a unique home IP address or a unique mobility IP address with usage statistics being calculated accordingly in the neighbor subscribers account as well as the home SIS provider account or the mobility SIS provider account as appropriate.
  • Rules for transitioning between a home relationship wireless network connection and a mobility relationship wireless network connection can be set according to any desired criteria to promote efficiency and predictability suited to a particular implementation of the system.
  • a mobility relationship wireless network connection may be triggered by a neighbor subscriber recognizing that a home wireless network is disconnected and/or unavailable and searching available wireless network connections for a network name (SSID) identifier representing an open unsecured wireless network of an SIS provider that is different than the home SIS provider.
  • SSID network name
  • the system 1 may be automated to pole and recognize broadcast signals from devices and automatically establish wireless network connections in a mobility relationship when the home wireless network connection is unavailable or disconnected.
  • rules for initiating a diagnostic check of the home relationship wireless network connection may be established, including for example triggering a diagnostic check if the geographical proximity of the neighbor subscriber computing device and the home SIS provider wireless network broadcast device 10 is less than a predetermined threshold distance when the home relationship wireless network is disconnected.
  • a diagnostic check may be triggered if more than a predetermined number of home neighbor subscriber networks are disconnected from their corresponding home SIS provider wireless network broadcast device simultaneously.
  • Figure 7 shows an example of wireless network broadcast device logic 220 and server logic 222 for a wireless network configuration update of the device for an implementation that includes both home and mobility wireless network connections.
  • the device initiates a connection with the server (step 224) and the server receives the connection request (step 226).
  • the device provides an encrypted key (step 228) which the server validates (step 230).
  • the device requests a configuration update (step 236) prompting the server to provide a list of all network configurations linked to the corresponding account (step 234).
  • the list of all network configurations includes information relating to home networks and mobility networks as appropriate.
  • the server For home networks the server returns user configured settings including subnet (eg., 10.1.3.0, 10.1.4.0, etc.), password and other network settings, while for mobility network the server selects the next available subnet range in the mobility network (eg., 10.2.1.0, 10.2.2.0, 10.2.3.0, etc.), and provides the network password and other network settings based on the neighbor subscribers account preferences and settings.
  • the device receives the list of current network configurations (step 236) and validates the server response to ensure that the list of current network configurations is a complete transmission (step 238).
  • the device determines whether a difference exists between the existing configuration of the device and the configuration lists received from the server (step 240).
  • the determination of a difference may be based on a comparison of any suitable parameter including for example network names (eg, SSID), network passwords, number of secured networks defined, total network number, home mode network number, mobility mode network number neighbor subscriber customization selections, SIS provider customization selections, MAC addresses, and the like. If no difference exists then the update is terminated (step 242).
  • network names eg, SSID
  • network passwords number of secured networks defined, total network number, home mode network number, mobility mode network number neighbor subscriber customization selections, SIS provider customization selections, MAC addresses, and the like.
  • the list of configuration settings received from the server is parsed to extract configuration settings and identifiers and passwords for each subnet network (steps 244a to 244d), the parsed information is analyzed to ensure removal of a redundant or duplicate subnet network (step 244e), the network configurations for the device is updated (step 244f) and network security rules and tunnels are updated (steps 244g and 244h).
  • Updates can be accomplished using any convenient technique including, for example, a complete overwrite of the system configuration of the device 10 or targeted updates of networks impacted by a detected difference (as determined in step 240)
  • the updated configuration is saved as the existing configuration (step 246) of the device, and the network interface is optionally refreshed or reloaded as desired (step 248).
  • FIG 8 shows a wireless network broadcast device logic 260 and server logic 262 for automated recognition of a neighbor subscriber in range of a mobility wireless network connection and automated update of the list of network configurations for an SIS provider account by the server.
  • the device captures and compiles a list of MAC addresses in proximity or within broadcast range (step 264). At predetermined time intervals, that typically range from 10 to 10000 times a day, the device initiates a connection with the server (step 266) and the server receives the connection request (step 268).
  • the device provides an encrypted key (step 270) which the server validates (step 272).
  • the device provides a list of MAC address in proximity of the device (step 274).
  • the server analyzes the list and for each MAC address on the list determines whether the MAC address has been associated with a network (step 276).
  • a MAC address association with a network can be verified using any convenient technique including, for example, maintaining a database of MAC addresses linked to neighbor subscriber accounts and/or SIS provider accounts. If the MAC address is not recognized by the server as a known MAC address then it is discarded (step 278) without further action and the analysis proceeds to the next MAC address on the list.
  • the server updates the list of network configurations to add the MAC address network configurations stored in the neighbor subscriber account settings using an appropriate mobility subnet IP address (step 284). Once the entire list of MAC addresses is processed the server sends a completion response (step 286). The device validates the response to ensure a completed update (step 288).
  • the wireless network broadcast device When compiling the MAC address list (step 264) the wireless network broadcast device is only listening to computer broadcasts of MAC addresses to generate a list of MAC addresses in the vicinity - and is not engaging in two-way communication. Once a MAC address is recognized as associated with an existing neighbor subscriber and a mobility relationship secured wireless network connection is broadcast as part of a configuration update and the neighbor subscriber computer device automatically recognizes the network name (SSID) and password and connects that two-way encrypted communication begins between the wireless network broadcast device and the neighbor subscriber's computer device.
  • SSID network name
  • Figure 9 shows a wireless network broadcast device logic 300 and server logic 302 for automated recognition that a neighbor subscriber has disconnected from a mobility wireless network connection and automated update of the list of network configurations for an SIS provider account by the server.
  • the device compiles a list of all MAC addresses that are currently connected to and communicative with the device (step 304), and optionally includes a corresponding mobility subnet IP address for each connected MAC address.
  • the device initiates a connection with the server (step 306) and the server receives the connection request (step 308).
  • the device provides an encrypted key (step 310) which the server validates (step 312).
  • the device provides the list of MAC addresses currently connected to the device (step 314).
  • the server determines whether a difference exists between the existing mobility network configurations stored in memory on the server and the list of connected MAC addresses received from the device (step 316). If no difference exists then the update is terminated (step 318). If a difference exits then the list of mobility network configurations stored in memory on the server is updated to remove each network configuration that does not find a match within the list of connected MAC addresses received from the device (step 320). Once the mobility network configurations are updated so that no difference exists with the list of connected MAC addresses the server sends a completion response (step 322). The device validates the response to ensure a completed update (step 324).
  • a profile of a shared Internet service (SIS) provider may tolerate many variations including any natural person or entity having and purchasing an existing Internet service from an Internet service provider (ISP).
  • ISP Internet service provider
  • the ISP will be government registered and will have a network coverage that is geographically distributed across a plurality of postal codes, for example at least distributed across a majority of the geographical area of a city or metropolitan region.
  • the SIS provider may be an operational entity such as a business, often the SIS provider will be an individual or natural person having control of a single Internet access point installed within a residential unit wishing to monetize their Internet access by sharing their service with neighbor subscribers.
  • the SIS provider can market and sell their existing Internet service access securely and safely through an open wireless network connection of the wireless network broadcast device.
  • the SIS provider can order and obtain the wireless network broadcast device by any suitable method including, for example, a registration on an administrator website or a download of a software application that automates a connection with an administrator server and navigates a registration process.
  • the SIS provider can market Internet service to potential neighbor subscribers wirelessly, automatically and securely through the open wireless network connection as it will be directed to a computer hosted electronic marketing page controlled by the administrator and will not be directed to or provide access to the SIS provider's personal network or local area network.
  • each open wireless network connection of each wireless network broadcast device is directed to a customized marketing page, and the SIS provider will be able to customize their marketing page through any convenient process to present Internet service options or packages that are suited towards or supported by the existing Internet service of the provider.
  • Customization selections may occur through interaction with administrator controlled servers and in certain examples the wireless network broadcast device communicates and synchronizes with administrator controlled servers to update the marketing page to present and maintain at least one performance parameter, such as a speed of connection or an available data usage of the wireless network broadcast device.
  • a neighbor subscriber may be any natural person or entity purchasing access to a secured wireless network connection broadcast by the wireless network broadcast device.
  • the neighbor subscriber is an individual or natural person residing in a residential unit within broadcast range of the wireless network broadcast device.
  • a potential neighbor subscriber can search for an open wireless network connection name known to be associated with the SIS provider or the SIS system to be directed to the marketing page that provides marketing information related to the corresponding SIS provider's Internet service including, for example, pricing options and one or more performance parameters of the Internet service (eg., connection speed, data usage availability).
  • the marketing page can itself or through links with further pages hosted on administrator controlled servers provide a graphical interface for a neighbor subscriber to register for and purchase access to a secured wireless network connection using any suitable technique known in electronic commerce.
  • the network name and password of the secured wireless network connection may be established through any suitable technique.
  • the registration and purchasing process can include a step of the neighbor subscriber selecting a customized and distinct network name and network password.
  • the network name and password may be selected by the administrator and provided to the neighbor subscriber with the neighbor subscriber provided with options to change a network name and password through a subscriber account webpage hosted on an administrator controlled server.
  • Additional security measures such as sending time limited codes to neighbor subscribers by cellular network (eg, automated text or voice messages to a subscriber's cell phone) or email messages that are required to be inputted by the subscriber within the designated time limit may be implemented as desired.
  • Subscribers can monitor usage and receive alerts for their consumption of services through any convenient technique including, for example, through an application installed on a computer device or through login to an online account.
  • the open wireless network connection may be broadcast with any suitable network name (eg, SSID).
  • the network name provides a notice function that a wireless network broadcast device is available for internet sharing.
  • the network name of the open wireless network connection may follow an established template with a first common portion of the network name set as a corporate or brand name and a second portion individually selected by a corresponding SIS provider.
  • a corporate or brand name is set to be the same network name for all open wireless network connections or conversely each network name is entirely set by the corresponding SIS provider.
  • an administrator of the system may engage in marketing of the corporate or brand name of the open wireless network name to enhance positive reputational recognition and confidence in network names (eg., SSID) of each open wireless network.
  • network names eg., SSID
  • the wireless network broadcast device may be any suitable computing device that has at least one processor (processor encompasses any type of computer processor including for example microprocessor or microcontroller or single chip integrated circuit architecture), a memory, a power supply input, a wireless adapter broadcasting a plurality of secured wireless network connections, and is configured for connection and communication with an Internet access point. Numerous optional features may be implemented as desired including for example, a graphical display presenting alphanumerical characters, visual or lighted indicators such as LEDs, a dedicated wireless adapter for connection to the Internet access point, and the like.
  • the wireless network broadcast device will include hardware or programmable code combinations as needed to establish a router component to maintain correct routing of data packets to and from each of the secured wireless networks, a network security component to ensure isolation of communications for each secured wireless network connection from all other secured wireless network connections broadcast by the wireless network broadcast device, and optionally a usage tracker component recording information related to usage of each of the secured wireless network connections.
  • the wireless adapter is typically configured to a Wi-Fi 802.11 communication standard. However, other communication standards or protocols may be used as suited to a particular implementation.
  • the router component of the wireless network broadcast device will typically be scaled to capabilities of home (residential) or small office routers, and will typically not be scaled to capabilities of larger enterprise and industrial routers.
  • the wireless network broadcast device will often be connected to an Internet access point of a residence or small office through an ISP that maintains a wider area network that covers at least a city or a metropolitan geography.
  • the Internet access point will typically be a router or modem configured for residential or small office use.
  • wireless network broadcast device has been illustrated using residential or small office use, other implementations can readily be accomplished including for example incorporation of wireless network broadcast device within the existing network infrastructure of a government registered ISP.
  • the usage tracker component may be configured as desired to communicate with a remote server to maintain usage records in a memory.
  • usage statistics are recorded in a memory of the wireless network broadcast device and are communicated at a predetermined time interval to the remote server configured to maintain subscriber usage records.
  • Subscriber usage may be tracked according to any convenient usage parameter including time of use and amount of data uploaded or downloaded. For example, subscriber usage may be tracked by analyzing header information of data packets sent and received through a secured wireless network connection of the wireless network broadcast device.
  • the system may accommodate any type of end-user computing device, whether it be a neighbor subscriber computing device or an SIS provider computing device, provided the computing device includes a wireless network interface and includes an Internet browser.
  • the computing device may be a desktop, laptop, notebook, tablet, personal digital assistant (PDA), PDA phone or smartphone, gaming console, portable media player, and the like.
  • the computing device may be implemented using any appropriate combination of hardware and/or software configured for wireless communication over a wireless network connection provided by the wireless network broadcast device.
  • the computing device hardware components such as displays, storage systems, processors, interface devices, input/output ports, bus connections and the like may be configured to run one or more applications to allow, for example, tracking of network usage, display of network usage metrics, customization of network parameters, and/or initiating a transition between a home mode and a mobility mode.
  • the term end-user computing device can encompass both a neighbor subscriber computing device and a SIS provider computing device.
  • the terms end-user computing device and client computing device may be used interchangeably when the system is implemented in a client/server arrangement. Suitable protocols for handshakes and network security are implemented for connection and communication between the wireless network broadcast device and an end-user computing device.
  • the server computer may be any combination of hardware and software components used to store, process and/or provide information relating to operation of a wireless network broadcast device including, for example, authentication of a wireless network broadcast device, configuration update of a wireless network broadcast device, tracking of network usage, display of network usage metrics, customization of network parameters, and/or a transition between a home mode and a mobility mode.
  • the server computer components such as storage systems, processors, interface devices, input/output ports, bus connections, switches, routers, gateways and the like may be geographically centralized or distributed.
  • the server computer may be a single server computer or any combination of multiple physical and/or virtual servers including for example, a web server, a performance tracker server, a usage tracker server, a configuration update server, a home/mobility mode server, an image server, an application server, a bus server, an integration server, a meta actions server, and the like.
  • the server computer components such as storage systems, processors, interface devices, input/output ports, bus connections, switches, routers, gateways and the like may be configured to run one or more applications to, for example, generate a unique identifier for a network connection, generate a unique identifier for a neighbor subscriber, generate a unique identifier for an SIS provider, generate a unique identifier for a wireless network broadcast device, generate a URL for a unique web page for promoting an SIS provider, populating the unique web page according to selected choices of the SIS provider, receive a request from a wireless network broadcast device including its unique identifier, send the predetermined actions to the wireless network broadcast device, and/or receive the selection of one or more of the predetermined actions from an end-user computing device. While the system has been illustrated using a client/server implementation, the system may also accommodate a peer-to-peer implementation.
  • the network may be a single network or a combination of multiple networks.
  • the network may include the Internet as a single network or may include the Internet in combination with one or more intranets, landline networks, wireless networks, and/or other appropriate types of communication networks.
  • the network may comprise a wireless telecommunications network (e.g., cellular phone network) adapted to communicate with other communication networks, such as the Internet.
  • the network will comprise a computer network that makes use of a TCP/IP protocol (including protocols based on TCP/IP protocol, such as HTTP, HTTPS or FTP).
  • the system may be adapted to follow any computer communication standard including Extensible Markup Language (XML), Hypertext Transfer Protocol (HTTP), Java Message Service (JMS), Simple Object Access Protocol (SOAP), Lightweight Directory Access Protocol (LDAP), and the like.
  • XML Extensible Markup Language
  • HTTP Hypertext Transfer Protocol
  • JMS Java Message Service
  • SOAP Simple Object Access Protocol
  • LDAP Lightweight Directory Access Protocol
  • Network security provided in each wireless network broadcast device may be any combination of hardware and software that isolates communications data of each secured wireless network connection from all other network communications passing through the device, or more generally through the Internet access point.
  • computer programmable code of network security rules are provided to isolate network communication data of each of the plurality of secured wireless network connections from all other network communications data passing through the device, or more generally through the Internet access point.
  • the network security rules provide a firewall, a sandbox, a jail, and the like.
  • the network security rules may provide a tunneling protocol including, for example, a virtual private network (VPN) protocol for tunneling and/or encryption such as Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), Secure Shell (SSH), Microsoft Point-to-Point Encryption (MPPE), Secure Socket Tunneling Protocol (SSTP), Internet Protocol Security (IPsec), and the like.
  • VPN virtual private network
  • L2TP Layer 2 Tunneling Protocol
  • PPTP Point-to-Point Tunneling Protocol
  • SSH Secure Shell
  • MPPE Microsoft Point-to-Point Encryption
  • SSLTP Secure Socket Tunneling Protocol
  • IPsec Internet Protocol Security
  • Other forms of network security include password secured network access.
  • Password authentication may occur through any suitable protocol including wired equivalent privacy (WEP), Wi-Fi protected access (WPA or WPA2), lightweight extensible authentication protocol (LEAP), and the like.
  • Hardware and/or firmware may be adapted to support network security rules as desired.
  • network security will at least include authentication, typically with a username and a password, and a firewall. Two- or three-factor authentication using, for example, a security token such as a USB token or software token, a unique membership identifier, a time- limited mobile phone code, a fingerprint or retinal scan, and/or a digital certificate may be added as desired.
  • a firewall enforces access policies such as what services are allowed to be accessed by the network users.
  • network security may include anti-virus software and/or an intrusion prevention system, more specifically a wireless intrusion prevention system.
  • network security options include tunneling protocols, MAC address filtering based on lists of approved MAC addresses, and end-to-end encryption.
  • unique identifiers The purpose of using unique identifiers is to be able to sort information relevant to each neighbor subscriber, SIS provider, wireless network broadcast device configuration update, usage metrics, subscriber purchasing interest, recognition of subscriber in mobility mode, and the like according to unique identifiers.
  • Many different types of unique identifier schemes may be useful and any conventional scheme may be accommodated and used within the system.
  • a code scheme may be based on a unix time appended a numerical or alphanumerical incremental series.
  • a portion of each unique identifier may have a random or entropy component.
  • Each unique identifier may optionally be obfuscated through an encryption function or a hashing function.
  • Hashing functions provide a convenient compromise of security and speed. Examples of hashing functions include MD5 or any of the Secure Hash Algorithms SHA1, SHA2 (SHA224, SHA256, SHA384, SHA512) and SHA3.
  • the system may accommodate any type of still or moving image file as may be suitable to generate a unique web page promoting SIS provider services or displaying usage metrics to SIS providers or neighbor subscribers.
  • Suitable types of still and moving images include, for example, JPEG, PNG, GIF, PDF, RAW, BMP, TIFF, MP3, WAV, WMV, MOV, MPEG, AVI, FLV, WebM, 3 GPP, SVI and the like.
  • a still or moving image file may be converted to any other file without hampering the ability of the system software to identify and process the image.
  • the system may accommodate any image file type and may function independent of a conversion from one file type to any other file type.
  • Web pages promoting each SIS provider and prompts for directing subscriber purchasing interest may be represented by any convenient form or user interface element including, for example, a window, a tab, a text box, a button, a hyperlink, a drop down list, a list box, a check box, a radio button box, a cycle button, a datagrid or any combination thereof.
  • the user interface elements may provide a graphic label such as any type of symbol or icon, a text label or any combination thereof.
  • the user interface elements may be spatially anchored or centered around the corresponding advertising display or prompt. Otherwise, any desired spatial pattern or timing pattern of appearance of user interface elements may be accommodated by the system.
  • a web page may be customized by an SIS provider and types and orientation of graphic user interface elements ma at least in part be selected by the SIS provider.
  • a home mode is designated when a neighbor subscriber computer device initially establishes the home mode secured wireless network connection with the wireless network broadcast device and remains geographically within the wireless communication range of the wireless network broadcast device.
  • a mobility mode is designated when the neighbor subscriber computer device moves geographically outside of the home mode wireless communication range of the home mode wireless network broadcast device and remains within the wireless communication range of another wireless network broadcast device for a predetermined period of time. Any convenient technique may be used for connecting a neighbor subscriber device in a home mode or a mobility mode.
  • mobility mode of a neighbor subscriber computer device may be established based on MAC address capture as described for example in Figure 8 and compilation of MAC addresses that are captured over two consecutive captures separated by a predetermined time period to determine MAC addresses that are associated with a secured wireless network of the system and are disconnected from the corresponding home mode secured wireless network.
  • mobility mode may be designated using geolocation tracking of neighbor subscriber computer device as may occur through communications with a GPS component.
  • mobility mode may be designated through automated connection or active subscriber directed connection of the neighbor subscriber computer device with an open wireless network of a wireless network broadcast device that is geographically separated from the home mode wireless broadcast network device.
  • An automated connection to open wireless networks may be mediated by having a common name for all open wireless networks of the system that are to be used to initiate and register neighbor subscribers, so that once enabled for wireless connection the neighbor subscriber computer device can automatically connect to an open wireless network to communicate information such as a MAC address to allow administrator controlled servers to determine and configure a suitable mobility mode designation and connection.
  • a home mode designation need not be permanent and may be updated and modified depending on any desired rule set or predetermined event including, for example, a change of a neighbor subscriber primary geographical location accompanied by a request for changing a home mode designation sent from the neighbor subscriber computer device.
  • the system may automatically analyze and calculate secured wireless network connection activity of a subscriber and may automatically change designation of home mode from a first secured wireless network connection to a second geographically distinct secured wireless network connection if the subscriber usage of the second secured wireless network connection is greater than the first secured wireless network connection over a threshold time period.
  • home mode and mobility mode designations may be modified and updated at any given time point home mode and mobility mode designations will be mutually exclusive such that a single wireless network connection cannot be designated a home mode and a mobility mode at the same time.
  • Home mode and mobility mode secured wireless network connections will be geographically distinct in that the respective wireless communication geographical area of the home mode connection and the mobility mode connection will not be identical, but will encompass both non-overlapping and partially overlapping ranges.
  • wireless communication geographical areas of home mode and mobility mode connections will be sufficiently geographically separated to be non- overlapping, as would typically occur for example if the home mode and mobility mode connections were supported by corresponding home and mobility wireless broadcast network devices that were located at least 400 meters apart in an urban setting without range-extenders.
  • wireless communication geographical areas of home and mobility mode connections may be geographically distinct and partially overlapping as may occur for example if the corresponding home and mobility wireless broadcast network devices were located 20 meters apart in an urban setting without range-extenders.
  • the home mode may optionally be prioritized. Similar prioritization may be designated between first and second mobility modes, for example based on a system analysis of subscriber mobility mode recorded history.
  • a neighbor subscriber computer device may need to be maintained for a predetermined period of time within a wireless range of a wireless network broadcast device before a mobility mode secured wireless network connection is initiated.
  • the predetermined time period may be any convenient time period to achieve a threshold probability that the neighbor subscriber computer device will remain in a mobility mode connection with a designated mobility mode secured wireless network connection for a suitable period of time.
  • the predetermined time period may be a function of any convenient technique including, for example, a minimum time period between capture of the same MAC address on a first MAC address capture list and a second MAC address capture list. In another example, a minimum time period may be imposed between a MAC address capture and broadcasting a network in a mobility mode.
  • the predetermined time limit may be administrator imposed or may be modified and updated by the system based on usage patterns as desired to make efficient use of computing resources to increase occurrences of mobility mode secured wireless network connections being maintained for a suitable period of time.
  • the predetermined time period will typically be at least 10 seconds, and may be at least 20 seconds, at least 30 seconds, at least 1 minute, at least 2 minutes, or any other minimum time period as suited to a particular implementation.
  • Algorithms may be established for resolving potential conflicts between multiple wireless network broadcast device communications with a neighbor subscriber computer device when outside of a home mode and potentially in a mobility mode.
  • a neighbor subscriber computer device connected to a first mobility mode secured wireless network connection may require a system check and confirmation of disconnection of the neighbor subscriber computer device from the first mobility mode secured wireless network connection before establishing a connection to a potential second mobility mode wireless network connection.
  • the system will be configured so that an end-user device only connects to a single secured wireless network over a minimum time period, such as 5 minutes, 10 minutes, 20 minutes, 30 minutes, 40 minutes, 50 minutes, 60 minutes or any other suitable minimum time period, and does not frequently flip back and forth between secured wireless network connections.
  • Information relating to neighbor subscriber connections in home and mobility mode may be recorded and analyzed by automated algorithms to establish groupings of mobility mode secured wireless network connections associated with a neighbor subscriber identifier to enhance efficiency of mobility mode connections.
  • Home mode and mobility mode connections within each wireless network broadcast device may be distinguished based on categories of internal/private IP address. For example, a first range of private IP addresses may be reserved for home mode networks and sub-networks, while a second range of private IP addresses may be reserved for mobility mode networks and sub -networks.
  • the system described herein and each variant, modification or combination thereof may also be implemented as a method or as computer programmable code on a non-transitory computer readable medium (i.e. a substrate).
  • the computer readable medium is a data storage device that can store data, which can thereafter, be read by a computer system. Examples of a computer readable medium include read-only memory, random-access memory, CD-ROMs, magnetic tape, optical data storage devices and the like.
  • the computer readable medium may be geographically localized or may be distributed over a network coupled computer system so that the computer readable code is stored and executed in a distributed fashion.
  • a non- transitory computer readable medium encompasses a single computer readable medium or a plurality of computer readable media cooperatively combining to implement a method or a system described herein.
  • the computer readable media may be distributed and installed on a plurality of devices, for example including a first computer readable medium installed on a wireless network broadcast device and a second computer readable medium installed on a remote server communicative with the wireless network broadcast device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un dispositif de diffusion en réseau sans fil comprenant : une interface réseau prenant en charge des communications sécurisées avec un point d'accès à Internet ; un adaptateur sans fil pour établir une pluralité de connexions de réseau sans fil sécurisées et une connexion de réseau sans fil non sécurisée ouverte dirigée vers une page Web hébergée sur un serveur distant et fournissant des informations relatives à l'achat de l'une de la pluralité de connexions de réseau sans fil sécurisées; et un processeur programmé pour exécuter des règles de sécurité de réseau pour isoler des données de communication de réseau de chacune de la pluralité de connexions de réseau sans fil sécurisées à partir de toutes les autres données de communication de réseau passant à travers l'adaptateur sans fil. Les abonnés voisins peuvent utiliser la page Web pour acheter l'accès à l'une des connexions de réseau sans fil sécurisées et ont un dispositif informatique configuré pour une connexion sans fil protégée par mot de passe à l'une de la pluralité de connexions de réseau sans fil sécurisées.
PCT/CA2016/050968 2016-08-17 2016-08-17 Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés WO2018032085A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CA2016/050968 WO2018032085A1 (fr) 2016-08-17 2016-08-17 Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2016/050968 WO2018032085A1 (fr) 2016-08-17 2016-08-17 Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés

Publications (1)

Publication Number Publication Date
WO2018032085A1 true WO2018032085A1 (fr) 2018-02-22

Family

ID=61196017

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2016/050968 WO2018032085A1 (fr) 2016-08-17 2016-08-17 Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés

Country Status (1)

Country Link
WO (1) WO2018032085A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112262560A (zh) * 2018-06-03 2021-01-22 苹果公司 用于更新外部设备的网络连接设置的用户界面
US11157234B2 (en) 2019-05-31 2021-10-26 Apple Inc. Methods and user interfaces for sharing audio
US11301130B2 (en) 2019-05-06 2022-04-12 Apple Inc. Restricted operation of an electronic device
CN114585014A (zh) * 2022-03-28 2022-06-03 南京汉隆科技有限公司 一种wifi功能可用性测试装置及方法
US11539831B2 (en) 2013-03-15 2022-12-27 Apple Inc. Providing remote interactions with host device using a wireless device
US11604571B2 (en) 2014-07-21 2023-03-14 Apple Inc. Remote user interface
US11609681B2 (en) 2014-09-02 2023-03-21 Apple Inc. Reduced size configuration interface

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070083470A1 (en) * 2005-10-12 2007-04-12 Cingular Wireless Ii, Llc Architecture that manages access between a mobile communications device and an IP network
US7272392B2 (en) * 2002-11-06 2007-09-18 Nokia Corporation Connection set-up in a communication system
US7305229B2 (en) * 2004-07-14 2007-12-04 Vodafone Group Plc Providing services in communications networks
GB2440193A (en) * 2006-07-19 2008-01-23 Connect Spot Ltd Wireless hotspot roaming access system
US8023966B2 (en) * 2004-12-21 2011-09-20 Nokia Corporation Systems, devices, methods and computer program products for downloading content to mobile devices in a roaming environment
US8379512B2 (en) * 2008-09-18 2013-02-19 Qualcomm Incorporated Using identifier mapping to resolve access point identifier ambiguity
US20130142059A1 (en) * 2010-01-06 2013-06-06 Interdigital Patent Holdings, Inc. Method and apparatus for assisted/coordinated intra-home communications
US8681683B2 (en) * 2007-06-11 2014-03-25 Qualcomm Incorporated Inter-system idle mode mobility
US8792419B2 (en) * 2010-04-08 2014-07-29 At&T Intellectual Property I, L.P. Presence-based communication routing service and regulation of same
US8953566B2 (en) * 2008-12-29 2015-02-10 Airvana Lp Providing a cellular network with connectivity to a different network
US8977257B2 (en) * 2010-03-05 2015-03-10 Qualcomm Incorporated Method and apparatus to control visited network access for devices
US8995318B2 (en) * 2010-04-02 2015-03-31 Qualcomm Incorporated Network registration procedures
US20150142623A1 (en) * 2007-03-16 2015-05-21 Finsphere Corporation System and method for identity protection using mobile device signaling network derived location pattern recognition
US9055511B2 (en) * 2007-10-08 2015-06-09 Qualcomm Incorporated Provisioning communication nodes
US20150350870A1 (en) * 2014-06-03 2015-12-03 Qualcomm Incorporated Managing ue subscription establishment

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272392B2 (en) * 2002-11-06 2007-09-18 Nokia Corporation Connection set-up in a communication system
US7305229B2 (en) * 2004-07-14 2007-12-04 Vodafone Group Plc Providing services in communications networks
US8023966B2 (en) * 2004-12-21 2011-09-20 Nokia Corporation Systems, devices, methods and computer program products for downloading content to mobile devices in a roaming environment
US20070083470A1 (en) * 2005-10-12 2007-04-12 Cingular Wireless Ii, Llc Architecture that manages access between a mobile communications device and an IP network
GB2440193A (en) * 2006-07-19 2008-01-23 Connect Spot Ltd Wireless hotspot roaming access system
US20150142623A1 (en) * 2007-03-16 2015-05-21 Finsphere Corporation System and method for identity protection using mobile device signaling network derived location pattern recognition
US8681683B2 (en) * 2007-06-11 2014-03-25 Qualcomm Incorporated Inter-system idle mode mobility
US9055511B2 (en) * 2007-10-08 2015-06-09 Qualcomm Incorporated Provisioning communication nodes
US8379512B2 (en) * 2008-09-18 2013-02-19 Qualcomm Incorporated Using identifier mapping to resolve access point identifier ambiguity
US8953566B2 (en) * 2008-12-29 2015-02-10 Airvana Lp Providing a cellular network with connectivity to a different network
US20130142059A1 (en) * 2010-01-06 2013-06-06 Interdigital Patent Holdings, Inc. Method and apparatus for assisted/coordinated intra-home communications
US8977257B2 (en) * 2010-03-05 2015-03-10 Qualcomm Incorporated Method and apparatus to control visited network access for devices
US8995318B2 (en) * 2010-04-02 2015-03-31 Qualcomm Incorporated Network registration procedures
US8792419B2 (en) * 2010-04-08 2014-07-29 At&T Intellectual Property I, L.P. Presence-based communication routing service and regulation of same
US20150350870A1 (en) * 2014-06-03 2015-12-03 Qualcomm Incorporated Managing ue subscription establishment

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11539831B2 (en) 2013-03-15 2022-12-27 Apple Inc. Providing remote interactions with host device using a wireless device
US11604571B2 (en) 2014-07-21 2023-03-14 Apple Inc. Remote user interface
US11609681B2 (en) 2014-09-02 2023-03-21 Apple Inc. Reduced size configuration interface
CN112262560A (zh) * 2018-06-03 2021-01-22 苹果公司 用于更新外部设备的网络连接设置的用户界面
CN112262560B (zh) * 2018-06-03 2021-07-13 苹果公司 用于更新外部设备的网络连接设置的用户界面的方法、电子设备和非暂态计算机可读存储介质
US11301130B2 (en) 2019-05-06 2022-04-12 Apple Inc. Restricted operation of an electronic device
US11340778B2 (en) 2019-05-06 2022-05-24 Apple Inc. Restricted operation of an electronic device
US11157234B2 (en) 2019-05-31 2021-10-26 Apple Inc. Methods and user interfaces for sharing audio
US11714597B2 (en) 2019-05-31 2023-08-01 Apple Inc. Methods and user interfaces for sharing audio
CN114585014A (zh) * 2022-03-28 2022-06-03 南京汉隆科技有限公司 一种wifi功能可用性测试装置及方法

Similar Documents

Publication Publication Date Title
WO2018032085A1 (fr) Système de connexion à un réseau local sans fil sécurisé (wlan) lorsqu'il est en itinérance au moyen de justificatifs d'identité d'accès sécurisé achetés
US10171474B2 (en) Network access based on social-networking information
AU2016250450B2 (en) Social hotspot
AU2017200505B2 (en) Network access based on social-networking information
EP3047634B1 (fr) Identification et ciblage de dispositifs d'après des abonnements à des services de réseau
CN110753067B (zh) 无线局域网接入
US9439071B2 (en) Billing engine and method of use
US10637997B2 (en) Billing engine and method of use
JP6411629B2 (ja) 移動通信システムに用いられる端末認証方法及び装置
KR20070015389A (ko) 무선랜 애플리케이션 용 보안 인증 및 네트워크 관리시스템
JP2011503925A (ja) ネットワーク・データベースに記憶された属性に基づく無線ネットワーク選択のためのシステム及び方法
JP2012531822A (ja) ネットワーク信用証明書を取得するためのシステム及び方法
Nguyen et al. An SDN‐based connectivity control system for Wi‐Fi devices
EP3292673B1 (fr) Moteur de facturation et son procédé d'utilisation
Zhaika et al. Device Identification in the Presence of MAC Randomization
JP2022519316A (ja) 決済エンジンおよび使用の方法
Nakhila Masquerading techniques in IEEE 802.11 wireless local area networks
Lee Windows XP Unwired: A Guide for Home, Office, and the Road

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16912883

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16912883

Country of ref document: EP

Kind code of ref document: A1