Patent Application
20080141348
The present invention relates to systems and methods for managing wireless access points and particularly to systems and methods that allow shared, secure access to wireless networks while providing a guaranteed quality of service to one or more privileged users of the system.
A growing trend in wireless access use is for communities of users to facilitate shared, secure access to wireless access points among their own members.
When wireless access points are shared on this basis, each access point is typically owned by a member of the community, and made available to other members of the community via a shared authentication server. One issue that arises in such communities is that while members are willing to share access to a network with other community members when they are not themselves using their access point, they want a guaranteed quality of service when they, or privileged users such as their immediate family or friends, use the access point. Guarantying this quality of service may necessitate making the access point unavailable to other members of the community when the owner, or their immediate family or friends, are using the access points.
A technical problem that arises in attempting to implement such preferred network access is that most commonly used consumer grade wireless access points, or wireless routers, do not support the features, such as bandwidth throttling, that would allow such controlled access.
Although the necessary features can be added to many consumer grade access points by flashing the access point, i.e., by downloading additional software into the access points flash memory, such a procedure is different for each different access point, and if done incorrectly, can turn the access point into what is colloquially termed “a brick”, i.e. a non-functioning device.
What is needed is a way of implementing shared, secure use of wireless access points that allow pre-selected classes of users a guaranteed quality of service (QOS) that does not depend on features in the wireless access points themselves to provide any user differentiation.
Briefly described, the invention provides a system and method of securely sharing wireless access points that allows preferential network access by a privileged set of users that guarantees them a pre-selected quality of service (QOS) when using a particular access point. The QOS system for preferential network access of this invention makes use of client modules and is independent of the functionality of the access point hardware or firmware.
In a preferred embodiment of the system, an owner of a network wireless access point sets up the preferences for access by different classes of users including, but not limited to, themselves, their friends and guests belonging to a community of users. These preferences are set by accessing a control portal that manages the community access and an authentication server associated with the control portal. The access options may include, but are not limited to, options such as no access by other community guest users when the access point is being used by the owner, or a restriction to a predetermined percentage of the available bandwidth for all guest users when the owner is using the access point. The preferences may also include defining other classes of users, such as, but not limited to, a list of friends or a preferred user access control list that defines a list of users have another level of access privileges that may be the same as the owner's, or may differ from either the owner's or the guests' access privileges.
The community of users typically all have client software modules that allow them access to community access points. These client modules communicate with an authentication server database to establish secure access over the community access points. If, however, the database shows that the owner of the access point is currently accessing the network via that access point, the owner's preferences will be implemented, including, if appropriate, denial of access at that time to other community users or only allowing the guest users a predetermined total percentage of the access points bandwidth.
In a preferred embodiment of the invention, this implementation may be done by the client software module running on the end-user's wireless computer effectively acting as a firewall, or it may be done by the client software module invoking a firewall running on the end-user's wireless computer.
These and other features of the invention will be more fully understood by references to the following drawings.
The present invention applies to systems and methods for securely sharing access to a network, and is particularly applicable to securely sharing wireless network access points in a controlled, secure manner in a way that allows predefined classes of users differing access privileges.
The present invention addresses the problem of how to share access in way that is not a “free for all” when the router providing the wireless network access does not have the required functionality to provide the required managed access.
A preferred embodiment of the invention will now be described in detail by reference to the accompanying drawings in which, as far as possible, like elements are designated by like numbers.
Although every reasonable attempt is made in the accompanying drawings to represent the various elements of the embodiments in relative scale, it is not always possible to do so with the limitations of two-dimensional paper. Accordingly, in order to properly represent the relationships of various features among each other in the depicted embodiments and to properly demonstrate the invention in a reasonably simplified fashion, it is necessary at times to deviate from absolute scale in the attached drawings. However, one of ordinary skill in the art would fully appreciate and acknowledge any such scale deviations as not limiting the enablement of the disclosed embodiments.
The network access point 10 is typically a wireless router that provides a high speed link 12 link to a network 14. The high speed link 12 may, for instance, include a cable modem and a cable link, or a fiber optic link. The network 14 may be the Internet, the worldwide web or some local, wide area network or wireless wide area network (LAN, WAN or WWAN). The network access point 10 facilitates wireless access to an owner's computer 16. The wireless access may be made using a wireless protocol such as, but not limited to, the 802.11(a.k.a. Wifi) protocol, and may be made secure using encryption such as, but limited to WEP or WPA encryption.
In a preferred embodiment of the invention, the network access point 10 owner may desire to share their secure access to the network 14 with other people. This may be done via membership of a community such as, but not limited to the Wibiki™ community access provided by the Speedus Corporation of New York, N.Y. In this access, each member of the community has a client module running on their computer. This client module recognizes community access points and has the required codes to facilitate secure access to community access points. This secure access is overseen by an authentication server 24 with the help of the community portal 22. In this way a visitor's computer 18 may securely access the network 14 via the network access point 10 when in the vicinity of the network access point 10. The client module effectively acts as a firewall, or makes use of an existing firewall running on the visitor's computer 18.
In step 31, an owner of an access point sets up preferences via a control portal 22 and an associated authentication server 24. These preferences may include setting up several classes of user with each class having specific access rights. The class of users may include, but are not limited to, the owner of the network access point 10, friends of the owner and guests who are members of the community. The access rights may include, but are not limited to, QOS guarantees such as a guarantee of 100% of the available bandwidth for the owner or any member of an access control list (ACL) at all times, 75% bandwidth guaranteed for the owner if friends access at the same time as the owner or some combination thereof.
In step 32, and an owner of the network access point 10 or one of the access control list having the same access privileges as the owner accesses the network access point 10. The request is passed on to the authentication server 24 that looks up who owns the network access point 10 and what their access control list is. The authentication server 24 then provides an “ok” to proceed to the community client module running on the owner's computer 16. This community client module obeys the instructions of the authentication server 24 and continues to provide access for the owner via the network access point 10.
In step 33, a member of the community who is not the owner or one of the access control list having the same assess privilege as the owner, access the network access point 10. Their request is passed on to the authentication server 24. After consulting the database, the authentication server 24 may issue one of three types of instructions to the community client module running on the visitor's computer 18.
In response A, if the owner or a member of the ACL is not currently using the network access point 10, the authentication server 24 will issue an “ok” command. The community client module running on the visitor's computer 18 will obey this command and allow the guest using the visitor's computer 18 access to the network 14 via the network access point 10.
In response B, if the owner or a member of the ACL is currently using the network access point 10, the authentication server 24 will issue an “no” command. The community client module running on the visitor's computer 18 will obey this command and, acting like a firewall or making use of an existing firewall on visitor's computer 18, will not allow the guest using the visitor's computer 18 continued access to the network 14 via the network access point 10. This may be accomplished by, for instance, the community client module causing the wireless connection to be dropped.
In response B, if the owner or a member of the ACL is currently using the network access point 10, but the owners preference is to achieve QOS guarantee by bandwidth throttling rather than an outright ban of shared use, the authentication server 24 will issue an “ok” command with a bandwidth limit value. The community client module running on the visitor's computer 18 will obey this command and will allow the guest using the visitor's computer 18 access to the network 14 via the network access point 10, but will monitor the bandwidth use and ensure that the visitor's computer 18 does not exceed the owner defined bandwidth value.
Although the invention has been described in language specific to structural features and/or methodological acts, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claimed invention. Modifications may readily be devised by those ordinarily skilled in the art without departing from the spirit or scope of the present invention.
This application is related to, and claims priority from, U.S. Provisional Patent application No. 60/825,760 filed on Sep. 15, 2007, by M. Lara et al entitled “QoS System for Preferential Network Access”, the contents of which are hereby incorporated by reference.
| Number | Date | Country | |
|---|---|---|---|
| 60825760 | Sep 2006 | US |
