1. Field of the Invention
The present invention is in the field of Internet access and, more specifically, Internet access at distributed locations. More specifically, the present invention pertains to the field of Internet access wherein location-based services are provided by a client-server architecture utilizing an automated authorization system.
2. Description of the Related Art
Several Internet service providers (ISPs) provide services at public locations such as hotels, airports, restaurants, coffee shops, etc. (so-called “hot-spots”). Many of these locations provide service for a fee. The fee may be provided via a web-browser interface using credit card, debit card, prepaid card, etc., or the user may be part of a subscriber group where access may be granted for the subscriber via submission of subscription credentials (e.g., a username and password) inputted by a user.
Whereas this authentication mechanism works well for devices that support a web browser and have a keyboard to enter username and password or credit card credentials, it is inconvenient as many of these devices are small and have limited user input capabilities. Moreover, this browser-based authentication mechanism may be somewhat difficult in systems that do not support web browsers.
Many ISPs control the access to a site via the MAC (media access control) address of the network interface card that connects to the internet. Hence, some ISPs have taken the approach of storing a database of MAC addresses of devices, then, when the device appears on the plant, the device is automatically authenticated via MAC address.
Whereas this MAC address identification may be convenient in that it may not require user input for various network access, and also in that it is device specific, unfortunately it is not secure or can be compromised. That is, the MAC address can be changed and/or “spoofed” in which the MAC address of any device can be masqueraded as one of the MAC addresses of the allowed devices.
Another method for authentication that is slightly more secure is to use a certificate-based system (e.g. using X.509 certificates). While this is more secure, the X.509 certificates can be shared. Moreover, an individual certificate would have to be created, managed and placed on each device, creating a management problem for millions of devices.
What is needed is a convenient method that is manageable and may not be easily compromised.
While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the drawings and detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present invention as defined by the appended claims.