Traditionally, cables have been used to connect devices, e.g., desktop computers, printers, modems, and servers, to one another to form a local area network (LAN). In a LAN, the networked devices are able to communicate with one another and to share information. If the LAN is connected to the Internet, the networked devices can access the Internet as well.
With the advent of wireless technology, suitably enabled devices can connect to a LAN without physically connecting to the network, thereby forming a wireless LAN (WLAN). Here, each device is equipped with a wireless communication card or an embedded wireless communication module that allows the device to send and receive data transmissions to and from a wireless access point (AP). The AP is typically attached to the wired LAN and can include a router so that it also provides a gateway to the Internet.
Typical APs that are commercially available can communicate simultaneously with several devices (or clients) within a certain range. Within that range, the user of the client enjoys a full network connection with the benefit of mobility. The AP's range is typically a radius of approximately 45 m (indoors) to approximately 100 m (outdoors), but that can be affected by a number of factors, such as, e.g., the location of the AP, nearby obstructions, type of antenna, and power output of the AP. Accordingly, in general, the AP's range is limited to a relatively small area, such as a room, house, or building. To increase the coverage area, additional APs can be connected together to form a larger WLAN, but this can be costly for a typical home consumer. Complicating factors involve setting up the correct parameters on similar devices or connecting potentially incompatible devices from different manufacturers. Moreover, it is difficult for different people who own APs to coordinate the complicated task of linking their separate APs into a larger network.
Most commercially available APs are equipped to provide network security by incorporating a Wi-Fi Protected Access (WPA) encryption protocol to protect the wireless LAN from unauthorized devices. WPA is designed for use with an IEEE 802.1x authentication server, which distributes, and periodically changes, different keys to each authorized user. For home and small office networks that cannot afford the cost and complexity of the 802.1x authentication server, WPA can also be used in a less secure “pre-shared key” (PSK) mode, where every authorized user is given a passphrase which must be entered before being allowed to access the network. Selecting and managing the passphrase can be a tedious burden for the user, particularly if more than one authorized user exists. The problem is exacerbated when the AP owner wants to change access privileges for multiple users over time, as removing access for one user may require distributing a new passphrase to every other user. It has also been noted in the literature that WPA-PSK passphrases of limited size can lead to the deciphering of the encrypted traffic, thus rendering this mode of security vulnerable to attack.
As stated above, a WLAN's range or coverage area is somewhat limited to the vicinity of the wireless access point(s). Within that coverage area, an authorized wireless device can enjoy the benefits of the network, including Internet access. Outside of the coverage area, unless the wireless device is authorized to use other WLANs, the device is generally not allowed to access other private WLANs. Thus, the wireless aspects of the device are effectively useless outside of the authorized WLAN.
Wireless network owners are thus faced with a paradox. If they wish to participate in an open community of wireless access, they may leave their APs unsecured. However, this decision also leaves them unprotected and exposed to harmful or illegal use of their wireless networks by unscrupulous users. Moreover, they have no guarantee that other AP owners will similarly feel inclined to share their network by disabling security settings. On the other hand, if they lock down their network, they face the ongoing challenge of managing access to their network by known users, and they completely bar access by unknown users. Many default AP configurations are unsecured and therefore the intent of the AP owner to share that connection cannot be simply inferred from by the unsecured nature of an AP. Those connecting to such devices therefore cannot be assured that they are abiding by the intent of the AP owners and may end up subject to usage disputes.
A few solutions have been proposed to resolve this paradox. First, it has been proposed that AP users deploy a “captive portal” to control access to their AP. Here, would-be users of the AP are presented with a web form that authenticates their credentials. Unfortunately, captive portals typically require the user to maintain a separate computer, attached to the AP, to host the portal application. Moreover, such systems are too complicated for the average user to administer. Others approaches propose fee-based systems whereby AP owners effectively “lease” out authenticated access to their AP to other users of the system in exchange for usage credits or other currency. These proposals, however, require a complex set of transactions for every access event and are not conducive to the spirit of an open wireless community.