TREA

Zone migration in network access

Follow

Information

  • Patent Grant
  • 12133075
  • Patent Number
    12,133,075
  • Date Filed
    Friday, August 6, 2021
    3 years ago
  • Date Issued
    Tuesday, October 29, 2024
    27 days ago
Information
Abstract
The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment.
Description
FIELD OF THE INVENTION

The present disclosure relates to the field of providing computer network access.


BACKGROUND

The use of laptop, cell phone, PDA and other mobile computing devices has become very common. Travelers, and particularly business travelers, expect and often require network access, such as access to the Internet, as they travel from one place to the next. Similarly, students in schools and doctors in hospitals require access throughout their respective campuses or medical buildings. Even in a single venue, such as a hotel or conference center, travelers and guest desire network access at various locations throughout the venue including guest rooms, restaurants, meeting rooms, lobby, business centers, etc.


SUMMARY

The present disclosure is directed to providing a system for controlling network access in different physical locations of a network. In an embodiment, the disclosure describes a system for controlling access in a network for user moving between different physical locations of the network. For example, in an embodiment, when a user moves between different rooms in a particular venue, the system implements rules which establish when the user will be automatically authenticated to the new location, or whether a new authentication is necessary.


In an embodiment, network access is controlled by implementing different authentication rules for different network access points. A network access point is any wired or wireless connection point to a network. In an embodiment, a network access point is a wired or wireless port. Ports can include, for example, 802.1Q VLAN IDs or the like, TCP ports or the like, UDP ports or the like, and any other software defined communication endpoints. In an embodiment, a network access point is a physical connection to the network, such as, for example, an Ethernet jack, a phone jack, a wireless router, or the like. An access point can also include any form of location identification, such as, for example, the triangulation of a wireless signal, the use of a global positioning system (GPS), or any other system for determining the location of a network user.


In an embodiment, access points are grouped into zones. In an embodiment, a zone includes one or more access points. In an embodiment, a network includes at least a plurality of zones. In an embodiment, a network administrator can configure access rules for allowing a user to move between access points within a zone and/or between zones. In an embodiment, for example, a user is allowed to move from access point to access point within a zone without having to re-authenticate. However, a user may be required to re-authenticate when moving between access points associated with different zones. This can be useful, for example, when a user is required to pay different amounts to access the network through access points in different zones or where different zones have different security levels associated with them. As used in the present specification, authentication can include, for example, a login, including a user name and/or password, the payment of a fee, the registration of a computer, entering a passcode or any other affirmative action taken by a user of a user device to gain permission to use a network.


For purposes of summarizing the disclosure, certain aspects, advantages and novel features of the inventions have been described herein. It is to be understood that not necessarily all such advantages can be achieved in accordance with any particular embodiment of the inventions disclosed herein. Thus, the inventions disclosed herein can be embodied or carried out in a manner that achieves or optimizes one advantage or group of advantages as taught herein without necessarily achieving other advantages as can be taught or suggested herein.





BRIEF DESCRIPTION OF THE DRAWINGS

The drawings are provided to illustrate embodiments of the inventions described herein and not to limit the scope thereof.



FIG. 1 schematically illustrates an embodiment of a network.



FIG. 2 illustrates a cross section of various access points in a hospitality setting.



FIG. 3 schematically illustrates access points and network connections of various users in a conference setting.



FIG. 4 illustrates an administrator setup screen for defining a plurality of access zones.



FIG. 5 illustrates a flow chart of a decision tree for determining when a login is required to obtain network access in an embodiment.



FIG. 6 illustrates a flow chart showing when a login is required when moving between different zones in an embodiment.



FIG. 7 illustrates a timeline of two examples of users moving between different locations in a network.





DETAILED DESCRIPTION


FIG. 1 schematically illustrates an embodiment of a network access system. The system includes various user devices 141, 143, 145, 147, 149, 151, 153, 155. User devices can include, such as, for example, laptops, desktop computers, cell phones, PDAs and any other wired or wireless network enabled communication devices. The user devices 141, 143, 145, 147, 149, 151, 153, 155 communicate with access points 121, 123, 125, 127, 129. Access points 121, 123, 125, 127, 129 provide wired or wireless communications with network management device(s) 103. The network management device(s) 103 controls network communications in-between access points and between the access points and network 101. In an embodiment, the network management device(s) are operated by a single entity. In an embodiment, the network management device(s) create a single network. Optionally, intermediate network devices 105 can also be used, including, for example, routers, switches, hubs, repeaters, etc. to assist in providing communications between access points 121, 123, 125, 127 and network management device(s) 103. The network 101 can be, for example, a public network such as the Internet. Network management device(s) 103 can include network gateways, such as, for example, network access gateways commercially available from Nomadix, Inc. of Newbury Park, CA As will be understood by those of skill in the art from the present disclosure, other network management devices can also be used. As illustrated in FIG. 1, the network includes three different physical areas including lobby 107, conference center 109 and guest room 111. Each physical area includes one or more access points.


The network management device(s) 103 provide the ability to group the access points together for purposes of allowing a user device to move between certain access points without requiring re-authentication while requiring re-authentication when moving to other access points. The grouping of access points can be made, for example, along physical boundaries such as, for example, a wall. This can be done, for example, by allocating certain access points to a defined zone. In an embodiment, a zone is a room, group of rooms, building, group of buildings or the like. For example, the lobby 107 can be a first zone, the conference center 109 can be a second zone and the guest room 111 can be a third zone. In a simple example, a user device will be able to move between access points within a zone without having to re-authenticate, but will be required to re-authenticate when moving between access points located in different zones. Authentication, can include, for example, a login, payment of fees, a request for access, entry of a code, or any other action required by the user to request access to the network. In another example, a user device, once authenticated to the lobby zone 107 can be allowed to access the conference center zone 109 without reauthentication, but may be required to re-authenticate when moving to the guest room zone 111.


In an embodiment, access points advertise their presence by broadcasting a Service Set Identifier (SSID), Extended Service Set Identifier (ESSID), and/or Basic Service Set Identifier (BSSID), or the like, collectively referred to herein as SSID. In an embodiment, the same SSID is assigned to all access points and zones in a network. In an embodiment, a different SSID is assigned to each zone or to a group of zones. In an embodiment, multiple SSID's can be assigned to the same zone or same set of access points. In this respect virtual SSID's can be set up corresponding to different groupings of zones or access points. For example, at the same hotel or conference center, two different conferences which are simultaneously occurring can have custom SSID's corresponding to the access grated to each group. Conference A2 2009 for example can have a custom SSID entitled “Conference A2 2009” which allows access to access points in the Lobby, Guest Rooms and Meeting Rooms without re-authentication, but not in the Business Center. A second conference, Conference B1 2009, can also have a custom SSID entitled “Conference B1 2009” which allows access to the Lobby, Meeting Rooms, Guest Rooms and the Business Center without re-authentication. Similarly, network providers can also have various levels of SSIDs allowing access to different groups of access points where multiple SSIDs correspond to the same access point or zone. Different SSIDs can correspond to different payment levels. For example, an inexpensive SSID access may only grant access to the Lobby, whereas a more expensive SSID can grant access to the Business Center or Meeting Rooms.


In an embodiment, an amount of bandwidth, or maximum bandwidth can be assigned to different access points, groups of access points, zones, groups of zones or custom SSIDs.


The following is a non-limiting example of Zone Migration. As used in this example, a zone is a group of VLAN IDs. When customers connect to the network, for example, at a hotel, they are authenticated in one of four zones:

    • Lobby/Restaurant/Common Area: 100-150
    • Guest Wired: 201-700
    • Guest Wireless: 801-1500
    • Meeting Room A: 1601-1700


      Zone Migration provides the ability to the network to group the VLANS together, meaning that 100-150 would be grouped together, so the user could go from access point 101 in the lobby to access point 125 in the restaurant without being required to re-authenticate. A user would then be required to re-authenticate when moving between the Lobby and Meeting Room A.



FIG. 2 illustrates a cross section of various access points in a hospitality setting. Hotel 201 includes guest rooms 203, conference room 205, restaurant 207 and lobby 209. The guest rooms 203, conference room 205, restaurant 207 and lobby 209 include various access points 221. Although illustrated as having one or more access points in each room, it is to be understood that fewer or more access points can be used. For example, in an embodiment, a single access point can be used for multiple guest rooms. The access points can be configured into various zones. The zones can be defined along room lines or in any other configuration. For example, the access points 221 in the guest rooms 203 area can all be a single zone. Alternatively, access points 221 on a single floor or across less than all floors can also be configured into a zone. As will be understood by a person of skill in the art, zones can be defined along any desired physical locations, incorporating the access points in those physical zones. As will also be understood by those of skill in the art, many different types of facilities will benefit from the present disclosure. For example, although described mainly with respect to hotels, other facilities can use the present access point zone system including schools, colleges, universities, hospitals, government buildings, businesses, or any other public or private networking systems. Also, zones do not need to be restricted to a particular building, but can include multiple buildings.



FIG. 3 schematically illustrates access points and network connections of various users in a conference setting. As illustrated, various user devices, are connected with, attempting to connect with, or are moving between connections with various access points. For example, user device 351 is wirelessly communicating with access point 321. User device 352 is attempting to access the network through access points 321, 323, 325, but has not yet been authenticated and thus is not able to send or receive communications over the network.


Devices are generally programmed to automatically select between access points, by, for example, determining which access point provides the strongest signal. User device 356 is in-between three different access points and is able to communicate with all of them, but will eventually choose one access point to communicate with. In some cases, an access point will not allow a device to communicate through it, in which case the user device will attempt to communicate with another the access point. For example, user device 357 may have the strongest signal with access point 325, but may only be authenticated with access point 337. In this case, the user devices will communicate with access point 337. Of course, as will be understood, user devices can be configured to select access points based on any number of different selection options, including, for example, signal strength, bandwidth availability, access rights, access points corresponding to a particular SSID, etc. When an access point is out of range, a user device will no longer be able to communicate with it and will attempt to find another access point. In an embodiment, switching between access points is seamless, e.g. there is no loss of network session, and a user may not even realize that they have switched access points.



FIG. 4 illustrates an administrator setup screen for defining a plurality of access zones. The setup screen can be an independent computer program or it can run in a web browser. The setup screen provides the ability, as described above, to define zones which include multiple access points (labeled as “Ports-Locations” in FIG. 4). The zone setup information is stored in a database internal or external to the network management device(s) 103 and accessible to the network management device(s) 103. When a user attempts to access the network through an access point, the connection request is sent to the network management device(s) 103 which either allow the access request or deny it based on the programmed information in the database.


A relogin after migration selection 403 is provided to allow an administrator to determine whether to require a user to relogin after migrating between access points. An administrator can enter a zone name as desired in entry area 407. The administrator can then input the ports or locations that correspond to that zone in entry area 409. Optionally, an administrator can provide a description in entry area 411. The administrator can then determine whether a relogin (or reauthentication) will be required for moving between access points within the zone at selection 413. With relogin within zone 413 disabled, a user can freely move between access points without having to relogin. Add zone button 415 provides a subsequent screen which allows an administrator to define another zone. Reset button 417 allows an administrator to reset zone settings. Existing zones section 419 lists all previously defined zones for the network with corresponding ports or locations along with the relogin policy for each zone. To modify an existing zone, the administrator can click on the ‘Edit’ link of a particular zone. The fields at the top will then be populated with the attributes of the selected zone (name, ports, description and relogin policy). To remove a zone, the administrator can click on the ‘Delete’ link. A pop-up box will request the confirmation of the delete operation.


In an embodiment, zones cannot overlap, meaning that a port can belong to one and only one zone. In this embodiment, an error will be returned if the administrator enters a new zone that overlaps with an existing zone. In another embodiment, zones can be configured to overlap such that the same port or access location can form part of two or more separate zones.


Many different zone to zone migration policies can be implemented, such as, for example, at the login Portal. In an embodiment, the network can be configured to (1) charge separately for each zone, or (2) allow free migration from “Zone 1” to “Zone 2” after accepting terms and conditions but require a payment when migrating from “Zone 2” to “Zone 1”. Similarly, a single payment can be accepted for a group of zones, but an additional or separate charge could be required for other zones.


Zones can also be set up in other interfaces, such as, for example, command line interface (CLI) and simple network management protocol (SNMP). As would be understood by a person of ordinary skill in the art from the present disclosure, the various options and tools available in the interface embodiment of FIG. 4 can be mapped to CLI and SNMP interfaces.


In an embodiment, an unlimited number of zones can be configured. In an embodiment, the number of configurable zones is limited by the capacity of the network equipment used. For example, in an embodiment, up to 64 Zones or up to 32 Zones can be configured.


In an embodiment in which the number of zones is limited, if there is already the maximum number of Zones in the configuration, the network device will return a “Maximum number of Zones already reached” error.


In an embodiment, when a zone is added or modified by the administrator, the network device(s) will check for errors in, such as, for example, the zone name; the specified network access locations, such as, for example, the port assignments;


In an embodiment, the zone name is a string of a specified length, such as, for example, between 1 and 16 characters in length. In an embodiment, if this check fails, the network device(s) will return an“Invalid length of Zone Name” error; the zone description; and/or any other variables.


In an embodiment, the Zone Name must be unique. If this check fails, the network device(s) will return a “Zone Name already in use” error.


In an embodiment, the port name is a string of a specified length, such as, for example, between 1 and 128 characters in length (e.g., enough for at least 20 separate ports, or for at least 10 ranges of ports). The string can contain an individual numeric value (e.g., “211”), or a comma-separated list of numeric values (e.g., “211, 212”), or a range of numeric values with dash-separated delimiters (e.g., “111-799”), or a list of ranges of numeric values (e.g., “100-150, 201-700”), or a comma-separated list of individual numeric values and ranges (e.g., “211, 212, 213-651”). In an embodiment, if the string contains non-numeric values, the NSE will return a “Values may only be numeric, comma separated values or ranges” error.


In an embodiment, the numeric values cannot exceed 65535. When ranges are used, the right delimiter cannot be smaller than the left delimiter. In an embodiment, if these checks fail, the network management device will return an “Invalid format of Ports or value greater than 65535” error.


In an embodiment, ports of different zones cannot overlap. In an embodiment, if this check fails, the network devices will return a “Ports may not overlap ranges in other zones. Modify the overlapping zone first or change this entry” error. In an embodiment, ports are allowed to overlap and this check is not performed.


In an embodiment, the description is a string of specified length, such as, for example, between 0 and 128 characters in length. In an embodiment, if this check fails, the network device(s) will return an “Invalid length of Description” error.


In an embodiment, the relogin is a Boolean value in which no checking is necessary. In some WMI embodiments, the above errors will be shown in a pop-up error box, and in some embodiments, the field causing the error will simultaneously be highlighted with a red border.


There are a number of cases to consider when the zone (e.g. port in some embodiments) of the subscriber changes: (1) If the “Relogin after migration parameter” is disabled, the subscriber does not need to relogin; (2) If the “Relogin after migration parameter” is enabled, and no zone is specified, the subscriber will need to relogin; (3) If the “Relogin after migration parameter” is enabled, and one or more zones are specified, the subscriber may need to relogin when: (1) the port changes to that of a different zone; or (2) the relogin policy of the zone is to require relogin.


In an embodiment, ports that do not belong to any of the configured zone are automatically assigned to a “default Zone”. In an embodiment, the absence of a port is also assigned to a “default Zone”. The relogin policy of the “default Zone” is simply derived from the “Relogin after migration” parameter. When the subscriber is re-logged in, and a portal is involved in the relogin process, the zone name will also be sent to the portal along with the other portal parameters (MAC address, room number, etc).


In an embodiment, the Administrator setup page also allows the administrator to set up SSID's corresponding to different zones, groups of zones, access points or groups of access points. In an embodiment, SSID's can be programmed to correspond to overlapping access points or zones. For example, a plurality of SSID's can be assigned to the same access point or zone. The Administrator setup page can also provide for temporary (or permanent) custom SSID's corresponding to a plurality of access points or zones. For example, a conference can be set up with a personalized SSID corresponding to a set of access points or zones.


In an embodiment, the Administrator setup page can also allow an administrator to assign an amount of bandwidth to a particular access point, group of access points, zone, group of zones or SSID. For example, the Lobby may be provided less bandwidth than the Guest Rooms. Similarly, a conference with a custom SSID can be provided a set amount of Bandwidth for users of the custom SSID.



FIG. 5 illustrates a flow chart of a decision tree for determining when a login is required to obtain network access in an embodiment. At block 510, a subscriber's access point (labeled as Port-Location) has changed. The system moves to decision block 503 where the system determines whether or not the relogin after migration is enabled. If it is not, then the system allows users to migrate freely between access points at block 505. If the relogin after migration is enabled, then the system moves to decision block 507 where the system determines whether or not zones have been specified. If there are no zones specified then the system will require a relogin at each access point at block 509. If zones have been specified, then the system moves to decision block 511. At decision block 511, the system determines whether the access point, or port in FIG. 5 is within the same zone as the previous access point used by the user. If the answer is no, then a relogin is required at block 513. If the access point is within the same zone, then the system moves to decision block 517. At decision block 517, the system determines whether relogin is required within a zone. If no, then no relogin is required at block 515. If yes, then the user is required to relogin at block 519.


In an embodiment, an administrator can separately define different access rights when moving between zones. For example, in an embodiment, anytime a user moves between zones they are required to login. This type of system is illustrated in FIG. 5. In an embodiment, an administrator can specify that users can move between certain zones without requiring re-authentication while requiring re-authentication when moving to other zones. This type of system is illustrated in FIG. 6.



FIG. 6 illustrates a flow chart showing when a login is required when moving between different zones in an embodiment. FIG. 6 illustrates four zones, lobby 601, business center 605, guest rooms 603, and meeting room A 607. As illustrated, when a user moves from guest rooms 603 to lobby 601, no relogin is required. When a user moves from lobby 601 to guest rooms 603, a relogin is required. When a user moves between the guest rooms 603 and the business center 605 no relogin is required. When a user moves from the guest rooms to the meeting room A, no relogin is required, but when a user moves from meeting room A to the guest rooms, a relogin is required. When a user moves from meeting room A 607 to the lobby 601, no relogin is required, but when a user moves from the lobby to meeting room A, a relogin is required. When a user moves between the meeting room A and the business center, a relogin is required. When a user moves from the business center 605 to the lobby 601, no relogin is required, but when a user moves from the lobby 601 to the business center 605, a relogin is required. Although FIG. 6 has been described with respect to certain named zones, it is to be understood that any number of zones, zone names, or zone locations can be used with the present system. Also, although described with respect to a relogin, any type of reauthentication can be used to move between zones.


In an embodiment, migration between zones can be further configured to use a “home” authentication or initial authentication location to track migration policy. This allows a user, for example, to move from a first zone to a second zone and back to the first zone without a relogin in a system that generally requires a relogin to move from the second zone to the first zone. FIG. 7 illustrates an example timeline of two users moving between different locations in a network which uses a home authentication feature to track migration permission. As illustrated in FIG. 7, User A's 701 initial login is in the guest wireless zone at block 711. The network places into memory User A's initial authentication location and refers back to User A's initial authentication location when to determine migration access rights. User A 701 then moves to the lobby at block 713, then to the business center at block 715 and then back to the guest room at block 717 without relogin. However, when the user moves to meeting room A at block 719, a relogin is required. At this point, the home login can be changed to “meeting room A” or the home login can be both “guest wireless” and “meeting room A” providing permissions to both home authentication permission sets. User B's 751 initial login is the meeting room A at block 761. The user then moves to lobby at block 763 and then back to meeting room A at block 765 without requiring a relogin. However, when the user moves to the guest wireless zone at block 767, a relogin is required. Again, the home login is then altered to either “guest wireless” or both “guest wireless” and “meeting room A.”


Conditional language used herein, such as, among others, “can,” “could,” “might,” “may,” “e.g.,” and the like, unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or states. Thus, such conditional language is not generally intended to imply that features, elements and/or states are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without author input or prompting, whether these features, elements and/or states are included or are to be performed in any particular embodiment.


While certain embodiments of the inventions disclosed herein have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions disclosed herein. Indeed, the novel methods and systems described herein can be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein can be made without departing from the spirit of the inventions disclosed herein. The claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of certain of the inventions disclosed herein.

Claims
  • 1. A network management system comprising one or more hardware processors configured to: receive a network access request from a user device at a first network access point;in response to receiving the network access request, determine, based on a network access history associated with the user device and permission data associated with the first network access point, that a re-authentication is not required for granting the network access request from the user device; andgrant the network access request without the re-authentication based on the determination that the re-authentication is not required for granting the network access request from the user device.
  • 2. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device has moved from a second network access point to the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from the second network access point.
  • 3. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device was previously granted network access via a second network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices previously granted network access via the second network access point.
  • 4. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point in the same zone as the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from another network access point in the same zone as the first network access point.
  • 5. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point having an access level higher than that associated with the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from another network access point having an access level higher than that associated with the first network access point.
  • 6. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point associated with a different service set identifier (SSID) than that associated with the first network access point.
  • 7. The network management system of claim 1, wherein the network access history associated with the user device indicates that the user device was previously authenticated via a second network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices previously authenticated via the second network access point.
  • 8. The network management system of claim 1, wherein the permission data comprises a username and a password.
  • 9. The network management system of claim 1, wherein the permission comprises payment authorization.
  • 10. The network management system of claim 1, wherein the first network access point comprises a wireless port.
  • 11. A network management method comprising: receiving a network access request from a user device at a first network access point;in response to receiving the network access request, determining, based on a network access history associated with the user device and permission data associated with the first network access point, that a re-authentication is not required for granting the network access request from the user device; andgranting the network access request without the re-authentication based on the determination that the re-authentication is not required for granting the network access request from the user device.
  • 12. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device has moved from a second network access point to the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from the second network access point.
  • 13. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device was previously granted network access via a second network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices previously granted network access via the second network access point.
  • 14. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point in the same zone as the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from another network access point in the same zone as the first network access point.
  • 15. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point having an access level higher than that associated with the first network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices moving to the first network access point from another network access point having an access level higher than that associated with the first network access point.
  • 16. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device has moved to the first network access point from another network access point associated with a different service set identifier (SSID) than that associated with the first network access point.
  • 17. The network management method of claim 11, wherein the network access history associated with the user device indicates that the user device was previously authenticated via a second network access point, and the determination that the re-authentication is not required for granting the network access request from the user device is based on the permission data indicating that the re-authentication is not required for user devices previously authenticated via the second network access point.
  • 18. The network management method of claim 11, wherein the permission data comprises a username and a password.
  • 19. The network management method of claim 11, wherein the permission data comprises payment authorization.
  • 20. The network management method of claim 11, wherein the first network access point comprises a wireless port.
CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent application Ser. No. 17/129,503, filed Dec. 21, 2020, which is a continuation of U.S. patent application Ser. No. 16/401,894, filed May 2, 2019, which is a continuation of U.S. patent application Ser. No. 15/891,167, filed Feb. 7, 2018, which is a continuation of U.S. patent application Ser. No. 14/855,221, filed Sep. 15, 2015, which is a continuation of U.S. patent application Ser. No. 14/057,481, filed Oct. 18, 2013, now U.S. Pat. No. 9,141,773, which is a continuation of U.S. patent application Ser. No. 13/478,458, filed May 23, 2012, now U.S. Pat. No. 8,566,912, which is a continuation of U.S. patent application Ser. No. 12/534,814, filed Aug. 3, 2009, which claims the benefit of priority to U.S. Provisional Patent Application No. 61/223,667, filed Jul. 7, 2009. The aforementioned applications are hereby incorporated by reference in their entireties.

US Referenced Citations (224)
Number Name Date Kind
5185860 Wu Feb 1993 A
5293488 Riley Mar 1994 A
5623601 Vu Apr 1997 A
5678041 Baker Oct 1997 A
5699520 Hodgson Dec 1997 A
5745481 Phillips et al. Apr 1998 A
5802320 Baehr et al. Sep 1998 A
5835061 Stewart Nov 1998 A
5845692 Kellem et al. Dec 1998 A
5940394 Killian Aug 1999 A
5969678 Stewart Oct 1999 A
6009475 Shrader Dec 1999 A
6064674 Doidge et al. May 2000 A
6115545 Mellquist Sep 2000 A
6130892 Short et al. Oct 2000 A
6141690 Weiman Oct 2000 A
6147976 Shand Nov 2000 A
6154775 Coss Nov 2000 A
6173322 Hu Jan 2001 B1
6182139 Brendel Jan 2001 B1
6182141 Blum et al. Jan 2001 B1
6194992 Short et al. Feb 2001 B1
6226677 Slemmer May 2001 B1
6233686 Zenchelsky et al. May 2001 B1
6240533 Slemmer May 2001 B1
6256307 Salmonson Jul 2001 B1
6259405 Stewart Jul 2001 B1
6326918 Stewart Dec 2001 B1
6343315 Stoel et al. Jan 2002 B1
6377990 Slemmer et al. Apr 2002 B1
6389462 Cohen May 2002 B1
6414635 Stewart et al. Jul 2002 B1
6452498 Stewart Sep 2002 B2
6453353 Win Sep 2002 B1
6470027 Birrell Oct 2002 B1
6470386 Combar Oct 2002 B1
6571221 Stewart May 2003 B1
6574664 Liu Jun 2003 B1
6584505 Howard Jun 2003 B1
6636894 Short et al. Oct 2003 B1
6650963 DiLorenzo Nov 2003 B2
6697018 Stewart Feb 2004 B2
6732176 Stewart May 2004 B1
6738382 West May 2004 B1
6751677 Ilnicki Jun 2004 B1
6759960 Stewart Jul 2004 B2
6760416 Banks et al. Jul 2004 B1
6789110 Short Sep 2004 B1
6792323 Krzyzanowski et al. Sep 2004 B2
6795852 Kleinrock et al. Sep 2004 B1
6810426 Mysore et al. Oct 2004 B2
6823059 Kalmanek Nov 2004 B2
6834341 Bahl Dec 2004 B1
6854010 Christian et al. Feb 2005 B1
6856800 Henry et al. Feb 2005 B1
6857009 Ferreria et al. Feb 2005 B1
6868399 Short et al. Mar 2005 B1
6934754 West et al. Aug 2005 B2
6950628 Meier et al. Sep 2005 B1
6970927 Stewart Nov 2005 B1
6996073 West Feb 2006 B2
7003578 Kanada et al. Feb 2006 B2
7006440 Agrawal et al. Feb 2006 B2
7007080 Wilson Feb 2006 B2
7009556 Stewart Mar 2006 B2
7010303 Lewis et al. Mar 2006 B2
7016960 Howard Mar 2006 B2
7020082 Bhagavath et al. Mar 2006 B2
7032243 Leerssen et al. Apr 2006 B2
7058594 Stewart Jun 2006 B2
7072056 Greaves et al. Jul 2006 B1
7076544 Katz et al. Jul 2006 B2
7080077 Ramamurthy Jul 2006 B2
7088727 Short et al. Aug 2006 B1
7089586 Kilgore Aug 2006 B2
7117526 Short Oct 2006 B1
7120678 Greuel Oct 2006 B2
7123613 Chawla et al. Oct 2006 B1
7126915 Lu Oct 2006 B1
7194554 Short et al. Mar 2007 B1
7197556 Short et al. Mar 2007 B1
7216152 Short et al. May 2007 B2
7240106 Cochran et al. Jul 2007 B2
7269653 Mentze et al. Sep 2007 B2
7283803 Karaoguz et al. Oct 2007 B2
7336960 Zavalkovsky et al. Feb 2008 B2
7349982 Hannum et al. Mar 2008 B2
7356841 Wilson et al. Apr 2008 B2
7376113 Taylor et al. May 2008 B2
7428413 Fink Sep 2008 B2
7472191 Stewart Dec 2008 B2
7474617 Molen et al. Jan 2009 B2
7493084 Meier et al. Feb 2009 B2
7502841 Small et al. Mar 2009 B2
7506368 Kersey et al. Mar 2009 B1
7526538 Wilson Apr 2009 B2
7536714 Yuan May 2009 B2
7554995 Short Jun 2009 B2
7580376 West Aug 2009 B2
7689446 Sagar Mar 2010 B2
7689716 Short et al. Mar 2010 B2
7694006 Boic et al. Apr 2010 B2
7698432 Short et al. Apr 2010 B2
7702279 Ko et al. Apr 2010 B2
7739383 Short et al. Jun 2010 B1
7752334 Paunikar et al. Jul 2010 B2
7778193 Mizuno et al. Aug 2010 B2
7822873 Paunikar Oct 2010 B1
7930721 Hernes Apr 2011 B1
7953857 Short et al. May 2011 B2
8027339 Short et al. Sep 2011 B2
8051206 Paunikar et al. Nov 2011 B2
8056125 Hirose Nov 2011 B2
8170123 Hobgood et al. May 2012 B1
8190708 Short et al. May 2012 B1
8230466 Cockrell et al. Jul 2012 B2
8244886 Short et al. Aug 2012 B2
8245276 DeRosia et al. Aug 2012 B1
8266266 Short et al. Sep 2012 B2
8370879 Zerr et al. Feb 2013 B2
8370937 Gal et al. Feb 2013 B2
8543665 Ansari et al. Sep 2013 B2
8566912 Olshansky Oct 2013 B2
8626922 Short et al. Jan 2014 B2
8713641 Pagan et al. Apr 2014 B1
8782165 Fee et al. Jul 2014 B2
8813138 Warrick et al. Aug 2014 B2
8856843 Hubach et al. Oct 2014 B1
8868740 Pitchaikani et al. Oct 2014 B2
9118578 Olshansky Aug 2015 B2
9131266 Guedalia et al. Sep 2015 B2
9141773 Olshansky Sep 2015 B2
9225704 Johansson et al. Dec 2015 B1
9350815 Agarwal et al. May 2016 B2
9438567 Barraclough et al. Sep 2016 B1
9594846 Pinto et al. Mar 2017 B2
9654821 Coburn, IV et al. May 2017 B2
9706241 Felt et al. Jul 2017 B2
9716902 Ogle et al. Jul 2017 B2
9762679 Gast et al. Sep 2017 B2
9769056 Gast et al. Sep 2017 B2
9847888 Kannan et al. Dec 2017 B2
9894035 Olshansky Feb 2018 B2
10873858 Olshansky Dec 2020 B2
20020006788 Knutsson et al. Jan 2002 A1
20020083344 Vairavan Jun 2002 A1
20030140345 Fisk et al. Jul 2003 A1
20030217122 Roese et al. Nov 2003 A1
20040006615 Jackson Jan 2004 A1
20040015572 Kang Jan 2004 A1
20040059815 Buckingham et al. Mar 2004 A1
20040203752 Wojaczynski et al. Oct 2004 A1
20040244031 Martinez Dec 2004 A1
20050143065 Pathan et al. Jun 2005 A1
20050148342 Sylvain Jul 2005 A1
20050154766 Huang et al. Jul 2005 A1
20050154849 Watanabe Jul 2005 A1
20050175014 Patrick Aug 2005 A1
20050260973 van de Groenendaal Nov 2005 A1
20050283791 McCarthy et al. Dec 2005 A1
20060031436 Sakata et al. Feb 2006 A1
20060089122 Zavalkovsky et al. Apr 2006 A1
20060135155 Chung et al. Jun 2006 A1
20070073728 Klein, Jr. et al. Mar 2007 A1
20070143458 Milligan et al. Jun 2007 A1
20070162598 Gorodyansky Jul 2007 A1
20070241990 Smith et al. Oct 2007 A1
20070271598 Chen et al. Nov 2007 A1
20070286100 Saaranen et al. Dec 2007 A1
20080209479 Zerr et al. Aug 2008 A1
20080263600 Olague et al. Oct 2008 A1
20080271109 Singh Oct 2008 A1
20080295012 Sloo et al. Nov 2008 A1
20090015723 Doumuki Jan 2009 A1
20090027222 Larsson et al. Jan 2009 A1
20090064346 Larsson et al. Mar 2009 A1
20090113537 Woo Apr 2009 A1
20090125609 Wood et al. May 2009 A1
20090144425 Marr et al. Jun 2009 A1
20090228919 Zott et al. Sep 2009 A1
20100057501 Mohammed Mar 2010 A1
20100082784 Rosenblatt et al. Apr 2010 A1
20100153576 Wohlert et al. Jun 2010 A1
20100169935 Abbruzzese Jul 2010 A1
20100250767 Barreto et al. Sep 2010 A1
20100313225 Cholas et al. Dec 2010 A1
20100325672 Barnett, Jr. et al. Dec 2010 A1
20100332615 Short et al. Dec 2010 A1
20110030037 Olshansky et al. Feb 2011 A1
20110035466 Panigrahi Feb 2011 A1
20110074794 Felt et al. Mar 2011 A1
20110083193 Howcroft et al. Apr 2011 A1
20110099589 Woo et al. Apr 2011 A1
20110138069 Momchilov et al. Jun 2011 A1
20110179106 Hulse et al. Jul 2011 A1
20110200094 Kalra et al. Aug 2011 A1
20110231903 Springer Sep 2011 A1
20110296501 Drovdahl et al. Dec 2011 A1
20110302607 Warrick et al. Dec 2011 A1
20120011033 Salgia Jan 2012 A1
20120021684 Schultz et al. Jan 2012 A1
20120050012 Alsina et al. Mar 2012 A1
20120162351 Feldman et al. Jun 2012 A1
20120174163 Moorthy et al. Jul 2012 A1
20120239775 Hubbard et al. Sep 2012 A1
20120254793 Briand et al. Oct 2012 A1
20120324076 Zerr et al. Dec 2012 A1
20120324517 Ogle et al. Dec 2012 A1
20130024880 Moloney-Egnatios et al. Jan 2013 A1
20130055324 Ostlund Feb 2013 A1
20130074106 Hayashi et al. Mar 2013 A1
20130173694 Arsenault Jul 2013 A1
20130174021 Buchwald et al. Jul 2013 A1
20130179931 Osorio et al. Jul 2013 A1
20130212656 Ranade et al. Aug 2013 A1
20130290465 Harrison et al. Oct 2013 A1
20130301429 Peters et al. Nov 2013 A1
20130318205 N et al. Nov 2013 A1
20130347025 Prakash et al. Dec 2013 A1
20140053054 Shen et al. Feb 2014 A1
20140172946 Hershberg et al. Jun 2014 A1
20140258366 L'Heureux et al. Sep 2014 A1
20170163724 Puri et al. Jun 2017 A1
20190020624 Olshansky et al. Jan 2019 A1
Foreign Referenced Citations (28)
Number Date Country
2 150 215 Nov 1996 CA
2 600 760 Sep 2006 CA
2 707 202 Dec 2010 CA
2 709 651 Dec 2010 CA
2 750 345 Dec 2011 CA
2 790 354 Mar 2013 CA
2 817 932 Dec 2013 CA
1171704 Jan 1998 CN
101848211 Sep 2010 CN
202488617 Oct 2012 CN
0 783 353 Jan 2001 EP
1 521 183 Apr 2005 EP
2 071 506 Jun 2009 EP
2 495 909 Sep 2012 EP
2302588 Jul 2008 ES
10-105516 Apr 1998 JP
11-282804 Oct 1999 JP
2007-282103 Oct 2007 JP
20040088137 Oct 2004 KR
I277352 Mar 2007 TW
WO 01031861 May 2001 WO
WO 01031885 May 2001 WO
WO 2004036371 Apr 2004 WO
WO 2008108699 Sep 2008 WO
WO-2010135842 Dec 2010 WO
WO 2011005710 Jan 2011 WO
WO 2012032013 Mar 2012 WO
WO 2012072105 Jun 2012 WO
Non-Patent Literature Citations (12)
Entry
Agari et al., “IP Telephony Solution that Extends by Wireless IP Cellular Phone Use”, Hitachi Hyoron, Jun. 2007 vol. 89, No. 6, pp. 48-51.
Maruyama et al., “A Secure LAN Sockets System for Everyone Which Need Not Modify Existing DHCP Clients”, Study Report of Information Processing Society of Japan, Jul. 16, 1999, vol. 99, No. 56, pp. 131-136.
Murakami et al., “A Study and Implementation for Rights Management on Electric Documents using Location Information”, 2005, p. 50.
Ruckus, “BYOD Webinar Featuring St. Vrain School District,” available at https://web.archive.org/save/https://www.youtube.com/watch?v=bGEQKFFc0cw, as accessed Jun. 20, 2017.
Ruckus, “Dynamic Pre-Shared Key (DPSK),” available at https://web.archive.org/web/20170620220833/https://www.youtube.com/watch?v=tW6_DadBVuo, as accessed Jun. 20, 2017.
Ruckus, “Zero IT,” available at https://web.archive.org/web/20170620221535/https://www.youtube.com/watch?v=UsWfGkZ3rhw, as accessed Jun. 20, 2017.
Sakai et al., “Context-Aware Information Provision Based on Context-Handling Platform,” The Institute of Electronics, Information and Communication Engineers, Technical Report of IEICE, Nov. 2004, pp. 13-18.
Nakamura et al., “Notes on Spread of Free Public Wireless LAN Systems”, National Conference Proceedings Lecture [in Japanese], Mar. 10, 2009, pp. 3-327-3-328.
Case No. CV 09-8441 (C.D. Cal. 2009), Nomadix, Inc. v. Hewlett-Packard Co., Complaint for Patent Infringement of U.S. Pat. Nos. 6,130,892; 7,088,727; 7,554,995; 6,636,894; 7,195,554; 6,868,399 and 6,789,110 dated Nov. 17, 2009 in 189 pages.
Case No. CV 10-0381 (C.D. Cal. 2010), Nomadix, Inc. v. Solution Inc. Technologies Ltd., Complaint for Patent Infringement of U.S. Pat. Nos. 6,130,892; 7,088,727; 7,554,995; 6,636,894; 7,195,554; 6,868,399 and 6,857,009 dated Jan. 19, 2010 in 163 pages.
Petition for Inter Partes Review of U.S. Pat. No. 8,266,266, Guest-Tek Interactive Entertainment Ltd. v. Nomadix, Inc. in 65 pages dated Dec. 22, 2017.
Petition for Inter Partes Review of U.S. Pat. No. 8,725,899, Guest-Tek Interactive Entertainment Ltd. v. Nomadix, Inc. in 62 pages dated Dec. 28, 2017.
Related Publications (1)
Number Date Country
20220182831 A1 Jun 2022 US
Provisional Applications (1)
Number Date Country
61223667 Jul 2009 US
Continuations (7)
Number Date Country
Parent 17129503 Dec 2020 US
Child 17396536 US
Parent 16401894 May 2019 US
Child 17129503 US
Parent 15891167 Feb 2018 US
Child 16401894 US
Parent 14855221 Sep 2015 US
Child 15891167 US
Parent 14057481 Oct 2013 US
Child 14855221 US
Parent 13478458 May 2012 US
Child 14057481 US
Parent 12534814 Aug 2009 US
Child 13478458 US