Several Internet service providers (ISPs) provide services at public locations such as hotels, airports, restaurants, coffee shops, etc. (so-called “hot-spots”). Many of these locations provide services for a fee. The fee may be provided via a web-browser interface using credit card, debit card, prepaid card, etc., or the user may be part of a subscriber group where access may be granted for the subscriber via user submission of subscription credentials (e.g., a username and password).
Authentication mechanisms for accessing services work well for devices that support a web browser and have a keyboard to enter username and password or credit card credentials. The authentication mechanisms may not work well (e.g., may be inconvenient) for devices that are small and have limited user input capabilities. Moreover, implementation of authentication mechanisms may be difficult for devices or systems that do not support web browsers.
Many ISPs control access to a site via the MAC (media access control) address of the network interface card that connects to the internet. Hence, some ISPs have taken the approach of storing a database of MAC addresses of devices, then, when input including a MAC address of a device is received, the device is automatically authenticated based on a match of the MAC address with an MAC address entry in the database.
Whereas this MAC address identification may be convenient since it may not require user input for various network access, and also since it is device specific, unfortunately it is not secure and can be compromised. That is, the MAC address can be changed and/or “spoofed,” where the MAC address of an unauthorized device is masqueraded with a MAC address of an authorized device.
Another method for authentication that is slightly more secure is to use a certificate-based system (e.g., using X.509 certificates). While this is more secure, the X.509 certificates can be shared. Moreover, an individual certificate would have to be created, managed and placed on each device, creating a management problem for millions of devices.
What is needed is a convenient method of authentication that is manageable and may not be easily compromised.
While the embodiments presented herein are susceptible to various modifications and alternative forms, specific embodiments are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the drawings and detailed description thereto are not intended to limit claimed subject matter to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present disclosure as defined by the appended claims.