Self-managed network access using localized access management
(19)AUSTRALIAN PATENT OFFICE (54) Title Self-managed network access using localized access management (51)6 International Patent Classification(s) G06F 011/30 G06F 017/60 (21) Application No: 2003277308 (22) Application Date: 2003.10.08 (87) WIPO No: WO04/034205 (30) Priority Data (31) Number (32) Date (33) Country 60/422,474 2002.10.31 US 60/477,921 2003 .06.13us 60/416,583 2002.10.08us (43) Publication Date : 2004 .05.04 (43) Publication Journal Date : 2004 .06.03 (71) Applicant(s) KOOLSPAN (72) Inventor(s) Fascenda, Anthony C. (-1-1) Application NoAU2003277308 A8(19)AUSTRALIAN PATENT OFFICE (54) Title Self-managed network access using localized access management (51)6 International Patent Classification(s) G06F 011/30 G06F 017/60 (21) Application No: 2003277308 (22) Application Date: 2003.10.08 (87) WIPO No: WO04/034205 (30) Priority Data (31) Number (32) Date (33) Country 60/422,474 2002.10.31 US 60/477,921 2003 .06.13us 60/416,583 2002.10.08us (43) Publication Date : 2004 .05.04 (43) Publication Journal Date : 2004 .06.03 (71) Applicant(s) KOOLSPAN (72) Inventor(s) Fascenda, Anthony C. -1- A system and method for consistent authentication and security mechanism to enable a client device to easily roam from one network to another without requiring the client to manually change network configurations is disclosed. In one embodiment, a client device listens for a "beacon frame" broadcast from a Wi-Fi access point. The beacon frame identifies the basic service set identifier (BSSID) of the access point. A tamper-resistant token, or client key, installed at the client device stores a set of authentication parameters, e.g., cryptographic keys, for each Wi-Fi network the client is permitted to access. Each set of authentication parameters is associated with a particular BSSID. Using the BSSID received from the access point, the client device identifies and implements the appropriate set of authentication parameters necessary to authenticate the client device according to an authentication process generally accepted by all the Wi-Fi networks potentially servicing the client. CLAIMS I claim: 1. A method for managing network access of a device, which is a capable of communicating with one or more networks, comprising the steps of : storing a network access parameter in a secure token local to said device and determining if said network access parameter has been met or exceeded.
2. The method of claim 1, wherein said network access parameter is selected from the group consisting of : maximum number of connections to said network, time of day, period of time, day in week, date, range of dates, maximum period of time spent connected to said network, device address, subnet ID, and LAN ID.
3. The method of claim 1, further comprising the step of storing one or more additional network access parameters in said secure token.
4. The method of claim 3, further comprising the steps of : determining if said one or more additional access parameters have been met or exceeded and denying access to said network if any of said network access parameters have been met or exceeded.
5. The method of claim 3, further comprising the steps of : determining if said one or more additional access parameters have been met and restricting access to a portion of said network if any of said network access parameters have been met or exceeded.
6. The method of claim 5, wherein said portion of said network includes a server and said method further comprising the steps of : authorizing additional usage of said network at said server and modifying said network access parameter.
7. The method of claim 6, wherein said step of authorizing comprises the step of receiving payment for said additional usage of said network. <Desc/Clms Page number 21> 8. The method of claim 3, further comprising the step of determining if said one or more additional access parameters has been met and allowing access to said network if all of said network access parameters has not been met.
9. The method of claim 3, wherein at least one of said network access parameters is associated with a first network and at least one of said remaining network access parameters is associated with a second network.
10. The method of claim 1, wherein said network is an 802.11 network.
11. The method of claim 10, wherein said secure token is implemented through a USB adapter.
12. The method of claim 10, wherein current time is received from an access point on said 802.11 network.
13. The method of claim 1, wherein said step of determining is performed by a usage application executed at said device.
14. The method of claim 13, wherein said usage application is stored within said secure token.
15. The method of claim 1, wherein said secure token is unique to said device.
16. The method of claim 1, wherein said secure token comprises authentication information for authenticating said device with said network.
17. The method of claim 1, wherein said network access parameter is pre-stored within said secure token.
18. A physical token comprising: a communications interface for communicating data to and from said physical token and a storage including at least one access parameter associated with a first network.
19. The physical token of claim 18, wherein said at least one access parameter is part of a first usage plan for said first network. <Desc/Clms Page number 22> 20. The physical token of claim 19, wherein said storage further includes a usage application for tracking and enforcing usage of said first network according to said first usage plan.
21. The physical token of claim 18, further comprising an adapter for connecting said physical token to a device capable of communicating with said first network.
22. The physical token of claim 18, wherein said storage further includes at least one access parameter associated with a second network.
23. The physical token of claim 18, wherein said storage further includes authentication information for authenticating said device with said first network.