Field of the invention
The present invention generally relates to public wireless networks.
Overview of the related art
Nowadays, public wireless networks have become very common. In this document, by public wireless network it is intended any wireless network with public access that does not belong to the category of mobile cellular networks. Examples of communication technologies for mobile cellular networks are Global System for Mobile Communications (GSM), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE). Examples of communication technologies for public wireless networks are Wi-Fi and Wi-Max.
Being specifically designed for the public access, a public wireless network usually requires user authentication before granting a user of a user equipment (such as a mobile phone, a smartphone, a tablet, a portable computer, and so on) to access the network. Therefore, user authentication procedures for public wireless networks have become a very important issue.
In a public wireless network another important issue relates to the identification of users requesting the authentication, and the possibility to trace their data activity on the public wireless network (once the authentication has been successfully carried out) according to possible regulations governing the public wireless network. Moreover, the user identification and the tracing of his/her data activity may be advantageously exploited by the operator of the public wireless network to apply particular data service profiles, and/or to make targeted offers.
Presently, two main authentication procedures for granting access to a public wireless network are typically employed: the authentication procedure based on the IEEE 802.1X standard, and the authentication procedure based on the Universal Access Method (UAM).
The IEEE 802.1X standard, briefly disclosed in White Paper “Introduction to 802.1X for Wireless LANs”, 2006, Interlinks Networks LLC, provides a protocol for authentication and port-based access control supporting enhanced access security. This authentication procedure supports different types of credentials such as SIM (Subscriber Identity Module) credentials used by EAP-SIM (Extensible Authentication Protocol SIM). The authentication procedure according to the IEEE 802.1X requires a client software to be installed on the user equipment, and provides for the following operations:                1) The client software installed on a user equipment provided with a SIM corresponding to an operator of a mobile network interacts with a public wireless network for the authentication of the user of such user equipment.        2) The public wireless network interrogates the mobile network corresponding to the SIM.        3) The mobile network checks the credentials of the SIM, and carries out the authentication according to this check.        4) The mobile network provides a response to the public wireless network based on the authentication outcome.        5) The public wireless network grants access to the user equipment conditioned to the response provided by the mobile network.        
The UAM authentication procedure, briefly disclosed in “Best Current Practices for Wireless Internet Service Provider (WISP) Roaming”, Section 2.1, Wi-Fi Alliance, February 2003, does not require a client software to be installed on the user equipment, since it can be accomplished using a web browser. The UAM authentication procedure provides for the following operations:                1) A user equipment tries to connect to a public wireless network using a web browser for availing of the services offered by the public wireless network (e.g., for surfing web pages).        2) Instead of loading the home page of the user of the user equipment, the web browser loads a specific welcome page of a web portal provided by the operator of the public wireless network, which allows the user to login by manually filling corresponding fields of the welcome page with wireless network credentials (hereinafter, simply referred to as “wireless credentials”) for accessing the public wireless network in order to exploit the services offered by the public wireless network. For example, such wireless credentials may be in the form of a username and a password.        3) Authentication is granted to access the home page of the user and surf the web conditioned to the correctness of the wireless credentials provided by the user.        
The first time a user tries to login, he/she has to apply for a registration on such web portal. According to the UAM authentication procedure, the registration requires that the user provides through the web portal his/her Mobile Subscriber ISDN Number (MSISDN). In this way, the public wireless network is able to provide the wireless credentials to the user equipment of the user through a text message, such as by means of an SMS. Even if there are other ways to register the user to the web-portal (e.g. e-mail address), the MSISDN is a trusted data to retrieve the user identity in a simple and scalable way.
US 2012149334 discloses a method and system for completing the authentication process of a user device in a second communication network (such as Wi-Fi or WiMAX), which utilizes the user credential (such as a SIM card, a USIM card, or a RUIM card) of a first communication network (such as GSM, CDMA, EDGE, or LTE). A client, such as a software module, executes on the wireless device. An authentication platform retrieves the SIM card credential information in the first communication network and passes the information to the authentication platform of the second communication network, thereby granting the client access to the second communication after the authentication platform validates with the first communication network.
US 2005114680 discloses a method and apparatus for performing SIM-based authentication and authorization in a WLAN Internet Service Provider (WISP) network supporting the universal access method (UAM) of authentication and authorization enabling roaming for customers of mobile service providers onto said networks. In addition, US 2005114680 provides a secure way of authenticating the customer's client device to the mobile service provider's network by employing temporary credentials for authentication that provide privacy of the user's identity and prevent replay attacks. Finally, if the WISP network supports the ‘pass-through’ facility, the authentication can be done more securely and quickly.