Patent Application
20120110640
1. Field of the Invention
The present invention relates to network authentication. More specifically, in some embodiments, the present invention relates accessing providing network authentication for accessing a secured network.
2. Discussion of the Related Art
In general, a wireless network access point connects user terminals such as laptops or phones to a network. A common example of a network access point is a Wireless Fidelity (“Wi-Fi”) router. Wi-Fi routers commonly use protocols such as IEEE 802.11(a), (b), (g) or (n) as their wireless air interface, although other protocols can be utilized. Often access points encrypt their wireless signals for security purposes. In Wi-Fi, there are two common security methods, i.e., Wired Equivalent Privacy (“WEP”) and Wi-Fi Protected Access (“WPA”). WEP requires the user terminal to configure a 64-bit or 128-bit key and WPA requires a key or passphrase to gain access to the access point. Wi-Fi routers distinguish themselves with their SSID (Service Set Identifier). To access the Wi-Fi router the user configures the access terminal with the network's SSID and WEP key or WPA passphrase depending on the security method in place.
A social network is, for example, a social structure made up of individuals (or organizations) called ‘nodes’, which are tied (connected) by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige. One popular example of a social network is Facebook.com. Other examples of social networks are MySpace, Twitter, and Linked-in. At Facebook.com users select or connect to other members who are “friends” which grants these users special privileges. On Linked-in users select or have “connections” to other members. Many social networks have Application Programming Interfaces (APIs) to which third party applications can access some or all of the social networks services programmatically. Facebook supports their “Graph API” as one example of this (http://developers.facebook.com/docs/api). Social Networks typically require users to authenticate with the Social Network to access the associated services. An example of a Social Networking authentication screen is shown in
The above and other aspects, features and advantages of the present invention will be more apparent from the following more particular description thereof, presented in conjunction with the following drawings, wherein:
Corresponding reference characters (if any) indicate corresponding components throughout the several views of the drawings. Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions, sizing, and/or relative placement of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of various embodiments of the present invention. Also, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are often not depicted in order to facilitate a less obstructed view of these various embodiments of the present invention. It will also be understood that the terms and expressions used herein have the ordinary meaning as is usually accorded to such terms and expressions by those skilled in the corresponding respective areas of inquiry and study except where other specific meanings have otherwise been set forth herein.
The following description is not to be taken in a limiting sense, but is made merely for the purpose of describing the general principles of the invention. The scope of the invention should be determined with reference to claims (whether presented now or in the future). The present embodiments address the problems described in the background while also addressing other additional problems as will be seen from the following detailed description.
One embodiment includes a method for authenticating a terminal to an access point including: (i) receiving, at a server, network configuration information for an access point associated with a first user from a first terminal; (ii) receiving, at the server, a request for the network configuration information for the access point from a second terminal associated with a second user; (iii) sending a query from the server to a social network requesting information regarding whether the first user and the second user have a virtual trust relationship on the social network; (iv) receiving, from the social network, an indication that the first user and the second user have the virtual trust relationship; and (v) sending the network configuration information from the server to the second terminal. In one embodiment, the virtual trust relationship includes the first user and the second user being “friends” or “connected” on the social network. In an optional step, once the second terminal receives the network configuration information, the second terminal accesses a network through the access point associated with the first user. In the above example, the first user is, for example, a person or a business.
Another embodiment includes an application for authenticating a terminal to an access point, the application configured to: (i) receive network configuration information for an access point associated with a first user from a first terminal; (ii) receive a request for the network configuration information for the access point from a second terminal associated with a second user; (iii) send a query to a social network requesting information regarding whether the first user and the second user have a virtual trust relationship on the social network; (iv) receive, from the social network, an indication that the first user and the second user have the virtual trust relationship; and (v) send the network configuration information from the server to the second terminal. In one embodiment, the virtual trust relationship includes the first user and the second user being “friends” or “connected” on the social network. In the above example, the first user is, for example, a person or a business.
One alternative embodiment includes a method for authenticating a terminal to an access point including: (i) requesting, from a terminal associated with a first user, network configuration information for an access point associated with a second user; (ii) providing, from the terminal, information indicative of a social network trust relationship between the second user and the first user to a server or an access point; and (iii) receiving, at the terminal, the network configuration information for the access point from the server or the access point the terminal associated with a first user based, at least in part upon providing the information indicative of a social network trust relationship between the second user and the first user. Optionally, the terminal accesses a network through the access point after receiving the network configuration information. In one embodiment, the virtual trust relationship includes the first user and the second user being “friends” or “connected” on the social network. In the above example, the second user is, for example, a person or a business.
In another alternative embodiment, an application for authenticating a terminal to an access point is provided, the application configured to: (i) request, from a terminal associated with a first user, network configuration information for an access point associated with a second user; (ii) provide, from the terminal, information indicative of a social network trust relationship between the second user and the first user to a server or an access point; and (iii) receive, at the terminal, the network configuration information for the access point from the server or the access point the terminal associated with a first user based, at least in part upon providing the information indicative of a social network trust relationship between the second user and the first user. In one embodiment, the virtual trust relationship includes the first user and the second user being “friends” or “connected” on the social network. In the above example, the second user is, for example, a person or a business.
Yet another embodiment includes a method for authenticating a terminal to an access point including: (i) receiving, at an access point associated with a first user, an attempt to connect to the access point from a terminal associated with a second user; (ii) requesting, from the terminal, social network authentication information (e.g., login information); (iii) receiving from the terminal the social network authentication information associated with the second user; (iv) sending the social network authentication information of the second user to a social network; (v) receiving, at the access point, a message from the social network that the social network authentication information has been authenticated by the social network; (vi) receiving, at the access point, a message from the social network that the first user and the second user have a trust relationship (e.g., “friends” or “connected”) on the social network; and (vii) providing access to a network from the access point to the terminal. In the above example, the first user is, for example, a person or a business.
Still another embodiment includes an access point associated with a first user including software loaded on the access point, the software configured to: (i) receive, at the access point associated with a first user, an attempt to connect to the access point from a terminal associated with a second user; (ii) request, from the terminal, social network authentication information (e.g., login information); (iii) receive from the terminal the social network authentication information associated with the second user; (iv) send the social network authentication information of the second user to a social network; (v) receive, at the access point, a message from the social network that the social network authentication information has been authenticated by the social network; (vi) receive, at the access point, a message from the social network that the first user and the second user have a trust relationship (e.g., “friends” or “connected”) on the social network; and (vii) provide access to a network from the access point to the terminal. In the above example, the first user is, for example, a person or a business.
Referring to
The first terminal 200 and the second terminal are, for example, a computer, a cell phone, a smart phone, a personal digital assistant (PDA), a tablet computer, or other type of electronic device capable of accessing a network.
In the system illustrated in
In the embodiment shown, the server communicates with the social network 206 for authentication of users to a secured network access point. The server optionally uses a RESTful (Representational State Transfer) interface as its communication technique, although other techniques are used in alternative embodiments. The service provided by the server 206 allows users who have a virtual trust relationship (e.g., “friends” on a social network) to access each other's secured network access points. To facilitate access to the secured network access points, a user (e.g., User A and User B) stores their network security configuration on the server or in a database associated with the server. Later, when the user's network security configuration is requested from the server, the software on the server, for example, queries the database to retrieve the security configuration.
In accordance with some embodiments, an access point is, for example, any device which provides networked services. For example, a router or wireless router (e.g., Wi-Fi router) is an access point to the Internet. Smart-phones can provide Wi-Fi access to the Internet using what is known as “Wi-Fi tethering.” Other devices can also function as network access points.
In accordance with the present embodiments, a terminal (e.g., the first terminal 200 and the second terminal 202) is any device which connects to an access point via networking techniques and/or protocols. An example of a terminal is a smart-phone with Wi-Fi capabilities. Another example is a laptop or tablet computer with Wi-Fi capabilities. Other examples are Wi-Fi phones which use VOIP over Wi-Fi for telephony or the examples provided above.
In operation, when User A wants to make available their network access points to others with a virtual trust relationship (e.g., their “friends” on a social network) they share their network security configuration with the Service. The network security configuration can be shared in a number of ways in accordance with various embodiments. In one embodiment, User A installs software on the first terminal 200 which is configured to work with the User's access point (not show). The installed software, which is designed to be used with the service, shares the network security configuration with the service. Alternatively, User A shares their security configuration with the service by navigating to the Service's web site and entering the security information manually through the web site. For example, in operation, the first terminal 200 stores network security configuration from User A's access point. The network security configuration is then sent to the server 204 through the network and stored at a database of the server (or database coupled to the server).
Once User A has shared its network security configuration with the service, it is potentially available to other users having a trust relationship with User A (e.g., “friends”). User B, who has a virtual trust relationship with User B, can then access User A's network by installing software designed to use the service on the second terminal 202. The software queries the server 204 and retrieves the security configuration for User A's network access point. Next, the software configures the network settings on User B's access terminal to connect to User A's access point. (As described in
Referring to
The first terminal 200 is being used or is owned by User A. User A shares their network security configuration with other users (e.g., User B) to which User A has a virtual trust relationship (e.g., “friends” on one or more of their social networks). The second terminal is being used or, for example, is owned by User B. User B seeks to gain access to User A's network through User A's access point (not shown). The server 204 is accessible over a network (e.g., the Internet) and is configured to share the network security information after authentication of User B. The social network 206 is a social networking service which provides, for example, the virtual trust relationship between User A and User B.
In operation, in step 300, the first terminal 200 shares its access point's network security configuration with the server 204. User B wishes to access User A's secured access point. Therefore, at step 302, the second terminal 202 queries the server 204 requesting User A's network security configuration (also referred to herein as the security configuration). The server 204, in turn, at step 306, queries the social network 206 to verify User A is, for example, “friends” with User B. In step 308, the social network replies to the query with a list of User A's “friends.” Alternatively, the social network could reply only with User B, if User B is friends with User A. Still alternatively, the social network can provide verification that User B is a friend of User A. In step 310, once the server verifies that User A is “friends” with User B, the network security configuration is provided to the second terminal 202. The second terminal 204, (i.e., User B's access terminal) and User B can now access User A's network through User A's network access point.
Without referring to any specific figure, in one exemplary embodiment, User A and User B share their network security information (e.g., network keys) by both participating in a network based service which has a server accessible over the Internet. The server stores the network security information in a database. The server also controls which users gain access to other user's network security configurations. For User B to gain access to User A's secured network access point, User B's device (i.e., a terminal) queries the server for a list of available networks and their associated keys. The server first retrieves the list of User B's “friends” from the social network and the queries the server's database to find which “friends” have shared their networks and associated keys. This list of network ID and associated key pairs is then returned to User B. If User B is in User A's list of “friends,” and User A previously shared its network security information with the server, then User A's network and associated key is included in the list returned to User B. User B will then be able to connect to User A's network access point.
In another exemplary embodiment, User A and User B share their network keys by participating in a network based service which has a server that is accessible over a network (e.g., the Internet). The server stores the network security information in a database. The server controls which users gain access to other user's security configurations. For User B to gain access to User A's secured access point, User B's device queries the social network for a list of User B's “friends.” User B's device then queries the server for each of User B's “friends” network security configurations (e.g., a SSID & WEP key pair). For each of User B's “friends,” if the “friend” had previously shared its network security configuration (e.g., was also a user of the server or a member of the service), the “friend's” network security configuration is returned to User B's device (i.e., terminal). If User A is one of User B's “friends” who had previously shared their network security information with the server, User A's network and key is available to User B. After User B's device receives the network security information, the device is configured so that User B can connect to User A's network.
The service described in the above examples, which allows the sharing of the network security configurations, can optionally include another layer of filtering on who gains access to each other's network security configurations. For example, the service's website or access terminal software provides additional functionality to select a subset of the user's “friends” with which to share their network security configurations. For example, in this embodiment, in order for User B to gain access User A's network security information, the following conditions would need to be met:
For example, in this embodiment, User A may have many “friends” on its social network. However, User A only wants its family members or other subset of its “friends” to have access to its network security configuration. Therefore, User A can designate on those subset of its “friends” that are allowed to have access. The server determines whether User B is part of the subset of “friends” by, for example, a simple additional logic check. In one example, on facebook.com, there is an application that is used to keep track of which “friends” are family members. The server could query the application or User A's profile to determine the family members.
In one embodiment, a service which enables social networking “friends” to share their access point's network security configurations includes an Android application and a Google AppEngine-based web-service. The Android application allows users to share their network security configurations and connect to their Facebook “friends” access points. The AppEngine-based web-service uses a secure, RESTful protocol which enables access terminals to programmatically share their network security configurations. If any of the access terminal's owner's Facebook “friends” have shared their network security configurations with the Application Engine-based web-service, the configurations can be retrieved and configured on the access terminal. Applications running on other operating systems are used in alternative embodiments. For example, an application for a Windows laptop, a Macbook, iPhone, or Windows Mobile Phone is used in alternative embodiments, however, will not be described in greater detail here.
In the embodiments described in
Referring now to
Referring next to
Referring now to
Referring now to
Referring now to
If the user selects one of its shared networks from the list illustrated in
In accordance with one embodiment, one use for the described system is for users to easily connect to their “friends” secured networks when they visit their “friend's” houses, apartments or workplace. Instead of needing to type in a difficult to remember Wi-Fi passkey, the application provides an easy graphical entry method. Namely, as shown in
In another embodiment, another use of the described system helps a business to gain “friends” for their social network advertising. For instance, many businesses (such as a coffee shop or book store) have a secured Wi-Fi network available for their customers to use. In operation, the network security configuration for the business' network is shared with the described service. The network security configuration is shared, in one embodiment, through the service's web-based interface or by the proprietor or manager of the business using the service's client application. Next, as one example, to gain access to the secured Wi-Fi network, customers would “friend” the business on Facebook (or “connect” on Linked-in). Next, the customer using the service's client application (described in
Referring next to
In the shown embodiment, the network access point 902 can be any device which provides networked services. For example: (i) a Wi-Fi router is an access point to the Internet; and (ii) Smart-phones can provide Wi-Fi access to the Internet using what is known as Wi-Fi tethering. The terminal 900, in accordance with one embodiment, is any device which connects to an access point via common networking techniques and protocols or otherwise. One example of the terminal 900 is a smart-phone with Wi-Fi capabilities or other network access capabilities. Another example is a laptop or tablet computer with Wi-Fi capabilities. Yet another example is a Wi-Fi phone which uses VOIP over Wi-Fi for telephony.
In the system illustrated in
In this embodiment, the access point 902 is configured to challenge any unauthorized user with a Social Networking login. (Alternatively, users could be authorized apriori using a number of different methods such as MAC address filtering or by entering a username and password.) In this regard, for purposes of the present example, User B is currently unauthorized and wishes to connect to User A's network using User A's access point. When User B's device attempts to connect to the access point, the access point will request or “challenge’ User B for a social network login. This request is presented to User B's device as a web page, dialog box, or otherwise. For example, when User B opens a web browser (e.g., Microsoft Internet Explorer, Google Chrome, or otherwise) the Social Network's authentication screen is presented. User B then enters log in information (i.e., his/her social network authentication information) into the web browser running on the device. If User B successfully logs in, the network access device 902 will query the social network 904 to determine if User B is “friends” with User A (the access point owner). If so, the access point will allow User B network access through the network access point 902.
Referring now to
In one embodiment,
Next, in step 1000, User A configures the Access Point 204 with User A's social network log in using User A's terminal 200. Next, in step 1002, User B's access terminal 202 attempts to access User A's network through User A's access point 202 using, for example, a web browser on User B's access terminal 202. The access point 204 returns, for example, a web page with a social network log in form (such as shown in
In some embodiments, the network access point 204 allows its owner to share its network access with its “friends” by providing social networking authentication software on the access point 204. When the owner of the access point 204 configures the network, the access point's configuration includes the owner's authentication for the supported social network. Once configured, if an unauthorized user accesses the network through the access point 204, for example, using a web browser on a terminal, the user is presented with a social networking authentication screen. One example of a social networking authentication screen is the login widget associated with “Facebook Connect” such as shown in
In another embodiment, the network access point allows its owner to share its network access with its “friends” by providing social networking authentication software on access point 204. In this embodiment, when the owner of the access point 204 configures the network, the access point's configuration includes the owner's authentication for the supported social network 206. When the owner logs into the supported social network 206 through the access point 204, the access point 204 presents the owner with a list of “friends.” The owner of the access point 204 then selects which “friends” to allow access the owner's network through the owner's access point 204. Once configured, if an unauthorized user accesses the network with, for example, their web browser, the unauthorized user is presented with a social networking authentication screen (such as in
While the invention herein disclosed has been described by means of specific embodiments and applications thereof, other modifications, variations, and arrangements of the present invention may be made in accordance with the above teachings other than as specifically described to practice the invention.
This application claims priority to and is a U.S. non-provisional patent application of U.S. Provisional Patent Application No. 61/409,114, filed Nov. 2, 2010, entitled “METHOD, APPARATUS AND SYSTEM FOR WIRELESS NETWORK AUTHENTICATION THROUGH SOCIAL NETWORKING,” which application is incorporated herein by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 61409114 | Nov 2010 | US |
