Typically, controlling device access to a wireless network has been accomplished using a few limited techniques, most of which involve limiting access by way of server-side or router-side technology. For example, a wireless network operator may use a “captive portal” technique to control network access through the wireless access point/router, e.g., wireless access to the Internet. The captive portal technique forces an HTTP client on a network, such as a web browser, to receive a particular web page prior to allowing the HTTP traffic through the router. For example, a user may attempt to access a website on their mobile device upon connecting to the operator's wireless network, such as a wireless network in a coffee shop. The user may then be presented with a Terms and Conditions page that must be accepted prior to accessing the Internet, or the user may be presented with a payment page to provide payment details, e.g, credit card information, in order to access the Internet through the operator's wireless network. Once the user has performed the required steps, the user's device is authorized to use the network. While this technique can be useful for basic wireless access control, this technique is generally not effective for permitting certain types of traffic, while restricting others. In other words, once the user's device has been authorized to access the network, the captive portal technique is effectively useless for preventing a user from accessing the Internet using an iTunes or Facebook mobile application.
An operator may also restrict network access by utilizing specialized hardware and software applications that permit an operator to require each user to uniquely authenticate themselves on the network based on predefined login credentials. Using this complex mixture of specialized hardware and software, the operator may then specify specific levels of access for each individual. This process often requires an express synchronization of effort between the operator and each individual user, i.e., one-on-one support, to establish access levels appropriate for the user, to communicate the login credentials required to access the network, and to assist the user with manually configuring their device to properly connect to the network.
Generally speaking, however, there is presently not a “middle ground” for controlling network access in a manner that minimally involves the user, but still allows a wireless network operator to control which types of network traffic the wireless network will accept from the user's device, e.g., which mobile applications are allowed to send/receive data across the wireless network.