Presently, providers of data communications services have established wireless Local Area Networks (LANs) (“hot spots”) at publicly accessible facilities, such as rest stops, cafes, and libraries, to allow users to access a private data network or a public data network, such as the Internet for a fee. Upon entering such a publicly accessible facility, the user establishes a communication link, typically over a wireless channel, with an access point to access to the LAN, and the public or private network therebeyond. When initiating a communications session with the wireless LAN, the user must provide a PIN that identifies an account number to provide payment for access fees. Often, the transmission of the PIN occurs without any encryption, especially if the user accesses the wireless LAN for the first time. Thus, in the absence of any prior relationship with the user, the wireless LAN lacks any key by which to decrypt a user-encrypted transmission. An unencrypted wireless transmission of sensitive information such as a PIN creates a serious security risk since hackers often can readily intercept wireless LAN traffic.
As described in our co-pending Provisional U.S. patent application No. 60/378,030, filed May 13, 2002, and in co-pending regular U.S. patent application Ser. No. 10/183,081, filed Jun. 27, 2002, a user can achieve secure authentication by first entering a request that identifies a Billing Agent that will provide payment to the operator of the LAN for the access charges incurred by the user. (The Billing Agent and LAN operator can be operated by the same entity or different entities.) The wireless LAN then queries the Billing Agent to obtain a copy of the agent's digital certificate for transmission to the user. The user verifies the certificate and then encrypts his/her PIN in accordance with the certificate. The wireless LAN forwards the user's encrypted PIN to the Billing Agent for authentication. Upon successful authentication of the user, the Billing Agent informs the wireless LAN, which then extends service. At the completion of access by the user, the wireless LAN accumulates the access charges for receipt by the Billing Agent, which reimburses the wireless LAN operator while debiting the user's account accordingly.
In order to for the user to successfully access the wireless LAN following authentication as described above, the wireless LAN operator must have a business relationship with the Billing Agent chosen by the user. Otherwise, the Billing Agent likely will not honor a request for reimbursement. As the number of wireless LANs continues to grow, a user seeking access over a widespread geographic area would need to maintain an account with a variety of different wireless LANs or their captive Billing agents, an impractical requirement.
Thus, there is a need for a technique whereby a wireless LAN operator can dynamically establish a business relationship with a Billing Agent to facilitate access to the wireless LAN by a user served by that Billing Agent.