1. Field
The methods and systems described herein generally relate to wireless device network authentication and particularly relate to passive device and user identification for wireless network transition.
2. Description of the Related Art
Devices using the 802.11 specifications for communications use a 12 octet field called the MAC address to identify themselves to other devices. Every packet that is transmitted wirelessly consists of a MAC header that includes the source and/or the intended destination device's MAC address. These packets are absorbed by all radio devices, where the MAC sub-layer checks the MAC address field and then either discards or passes the packet onto higher data link layers for further processing.
MAC addresses are often “hard-coded” onto connectivity chips and irreversible but newer radio chips allow the MAC address to be changed through software. This has allowed use of anonymous MAC addresses for the purposes of protecting identity, to change the MAC information in packets or using a lookup table or some other method for intelligent packet routing using multiple MAC addresses, assignment of MAC addresses on a network to each device to prevent MAC address duplication and for the cloning of one device's MAC address onto another device.
Although data transmitted in wireless packets may be encrypted if it is a secure network, MAC addresses are not encrypted as they are used to filter the packet's destination before any further processing takes place. By modifying device driver software, it is possible to accept all incoming packets regardless of the MAC address specified in the MAC header. This allows a roaming radio device with modified device driver software to listen for wireless packets, check their MAC headers and identify the MAC addresses of other radio devices in its proximity without the knowledge or prior authorization of the device's owner.
Currently, various telecommunications solutions categorized under fixed-mobile-convergence (FMC) and/or unlicensed mobile access (UMA) allow for a voice/data payload transition (“handoff” or “handover”) from a primary, automatically authenticated (no end user interaction required) wide area radio access network such as the networks of cellular towers (base transceiver stations) operated by mobile carriers to secondary, user-initiated, open/secure (free, conditional, or for-pay) destination wireless networks. The latter include a variety of wireless wide, regional and local area networks (WANs, WRANs and WLANs respectively) with the most commercially adopted being WLANs based on the IEEE 802.11 standards operating in unlicensed radio frequency spectrum, commonly referred to as Wi-Fi. This particular example of a mobile device transitioning from a single, primary WAN operated by a mobile carrier to a secondary set of Wi-Fi networks operated by any number of outside parties is a significant driver of the aforementioned FMC/UMA solutions currently being offered by solutions providers. However, most current implementations of FMC solutions require active end-user engagement (non-passive) before they can facilitate the payload transition between the primary and destination radio access networks.
In the case of a payload transition from a mobile carrier operated WAN to a destination WLAN, this end-user engagement is often required due to a need for authenticating the end-user device on the destination WLAN or authenticating both the end-user device and the WLAN for clearance from the mobile carrier operated WAN. Existing IEEE protocols such as 802.21, published in 2008, specifically allow for a better seamless transition between wireless networks on different spectrums once they have been authenticated and a connection has been established but to establish the initial connection, manual end-user engagements are still required. These active end-user engagements often include manually downloading mobile device client software and/or manual authentication on the desired destination WLAN and subsequently repeating the process for each new desired destination WLAN. As it relates to manual engagements on Wi-Fi networks for example, the end-user often has to enter a service-set identifier or SSID (for hidden Wi-Fi networks) or pick an SSID from a list of broadcasted SSIDs. If the destination network is a secure one, the end-user may also be required to manually provide a key for authentication as well.
To further end-user adoption of this particular use-case of transitioning from a mobile carrier operated WAN to a WLAN, and its enabling solutions, various stakeholders in the wireless networking, manufacturing, and service provider ecosystem have embraced the concept of a generic access network (GAN) that takes advantage of a connection to the primary, mobile-carrier operated radio access network to make authentication of end-user devices and payload transitions to secondary Wi-Fi networks a more seamless end-user experience by detecting when an end-user's device establishes a simultaneous WLAN connection (in addition to a primary WAN connection) and enabling a seamless payload handover to the WLAN. Amendments to the IEEE 802.11 protocols, namely 802.11u, have been established to advertise information on Wi-Fi networks so that end-users can choose the networks that they have access privileges to i.e. Wi-Fi networks offered by the third-parties such as a non-primary, foreign or “roaming partner” mobile network operators.
Despite these innovations, most implementations of fixed-mobile-convergence solutions with generic access networks would still require an initial manual transition for the first use of each new secondary destination network. This is because although the primary network authentication is automatic (a mobile carrier has stores of subscriber and corresponding end-user device information on remote servers) the payload transition also relies on the successful authentication of the end-user's mobile device to the destination network which as mentioned, is initially always manual. The GAN only functions seamlessly once the user has seamlessly authenticated a given mobile device on the destination network. However, most destination networks (and all WLANS operating on 802.11), in contrast to most mobile network operators, can only allow for a seamless transition by storing authentication data on the end-users devices versus in a remotely controlled data store. This will require the end-user to perform at least one manual authentication per new destination radio access network.