Search

CN-121986510-A - Providing secure wireless network access

CN121986510ACN 121986510 ACN121986510 ACN 121986510ACN-121986510-A

Abstract

Techniques for securely accessing a computer network are described. The access provider sends network access credentials to the access management device. Upon receipt of the credentials, the access management device generates an image key embedded with the credentials. The access management device then presents the image key to the client device. The client device receives the image key and extracts the credentials from within the image key. The client device sends the credentials with an authentication request to the access provider. Based on the credentials contained within the authentication request, the access provider attempts to authenticate the client device. If the authentication is successful, the access provider grants the client device access to the wireless network and access to resources accessible through the wireless network.

Inventors

  • M. J. baranoski

Assignees

  • 甲骨文国际公司

Dates

Publication Date
20260505
Application Date
20240925
Priority Date
20231006

Claims (20)

  1. 1. One or more non-transitory computer-readable media comprising instructions that when executed by one or more hardware processors result in performance of operations comprising: transmitting, by the access management device, a credential request for a user credential for connecting to the wireless network; receiving, by the access management device, a first set of user credentials; Generating an image key embedded with the first set of user credentials, and The image key is printed or displayed.
  2. 2. The one or more non-transitory computer-readable media of claim 1, wherein receiving the first set of user credentials further comprises receiving a network identifier to be used in association with the first set of user credentials, and wherein generating an image key embedded with the first set of user credentials further comprises embedding the network identifier to be used in association with the first set of user credentials.
  3. 3. The one or more non-transitory computer-readable media of claim 2, wherein the wireless network is a Wi-Fi network, and wherein the network identifier is a Service Set Identifier (SSID).
  4. 4. The one or more non-transitory computer-readable media of claim 1, wherein the operations further comprise generating a target access configuration and sending the target access configuration with the credential request, and wherein the target access configuration is configured to terminate the connection with the first client device after a period of time.
  5. 5. The one or more non-transitory computer-readable media of claim 1, wherein the first set of user credentials are valid for authenticating a plurality of client devices.
  6. 6. The one or more non-transitory computer-readable media of claim 1, wherein the first set of user credentials are valid only for authenticating a single client device.
  7. 7. The one or more non-transitory computer-readable media of claim 1, wherein receiving by the access management device comprises receiving a first set of user credentials and a second set of user credentials, and wherein generating an image key embedded with the first set of user credentials comprises generating an image key embedded with the first set of user credentials and the second set of user credentials.
  8. 8. The one or more non-transitory computer-readable media of claim 1, wherein the image key embedded with the first set of user credentials is a QR code, a bar code, or a text-based code.
  9. 9. One or more non-transitory computer-readable media comprising instructions that when executed by one or more hardware processors result in performance of operations comprising: receiving a credential request from an access management device for a user credential for connecting to a wireless network; In response to the credential request: Generating a first set of user credentials for connecting to the wireless network; transmitting the first set of user credentials to the access management device; receiving the first set of user credentials from a first client device, wherein the first client device is different from the access management device; Authenticating the first client device based on the first set of user credentials, and After authenticating the first client device based on the first set of user credentials, a first set of requests from the first client device are serviced.
  10. 10. The one or more non-transitory computer-readable media of claim 9, wherein generating the first set of user credentials further comprises assigning a network identifier to be used in association with the first set of user credentials, and wherein transmitting the user credentials further comprises transmitting the network identifier to be used in association with the first set of user credentials.
  11. 11. The one or more non-transitory computer-readable media of claim 9, wherein the operations further comprise receiving a target access configuration with the credential request, wherein the first set of user credentials is configured according to the target access configuration, and wherein the connection with the first client device is terminated after a period of time based on the target access configuration.
  12. 12. The one or more non-transitory computer-readable media of claim 9, wherein the first set of user credentials are valid for authenticating a plurality of client devices, and wherein the operations further comprise: Receiving the first set of user credentials from a second client device; authenticating the second client device based on the first set of user credentials, and After authenticating the second client device, a second set of requests from the second client device are serviced.
  13. 13. The one or more non-transitory computer-readable media of claim 9, wherein the first set of user credentials are valid only for authenticating a single client device.
  14. 14. The one or more non-transitory computer-readable media of claim 9, wherein the operations further comprise: Further in response to the credential request: generating a second set of user credentials for connecting to the wireless network; transmitting the second set of user credentials, and Prior to receiving the first set of credentials: Receiving the second set of user credentials from the first client device; Attempting to authenticate the first client device based on the second set of user credentials; The first client device fails to be authenticated based on the second set of user credentials.
  15. 15. One or more non-transitory computer-readable media comprising instructions that when executed by one or more hardware processors result in performance of operations comprising: receiving an image key scanned by a first client device; In response to receiving the image key, configuring a connection between a wireless network and the first client device based on information embedded in the image key by: Identifying a first set of user credentials embedded within the image key; requesting authentication for the wireless network based on the first set of user credentials, and After authentication of the first client device based on the first set of user credentials, the first client device is enabled to request resources over the wireless network.
  16. 16. The one or more non-transitory computer-readable media of claim 15, wherein configuring a connection between a wireless network and the first client device based on information embedded within the image key in response to receiving the image key further comprises: prior to requesting authentication for the wireless network based on the first set of user credentials: identifying a second set of user credentials embedded within the image key; authentication is requested for the wireless network based on the second set of user credentials, wherein authentication based on the second set of user credentials fails.
  17. 17. The one or more non-transitory computer-readable media of claim 15, wherein the information embedded within the image key further comprises a network identifier to be used in association with the first set of user credentials.
  18. 18. The one or more non-transitory computer-readable media of claim 15, wherein the operations further comprise: Receiving the image key scanned by the second client device; In response to receiving the image key, configuring a connection between the wireless network and the second client device based on information embedded in the image key by: identifying the first set of user credentials embedded within the image key; requesting authentication for the wireless network based on the first set of user credentials, and After authentication of the second client device based on the first set of user credentials, the second client device is enabled to request resources over the wireless network.
  19. 19. The one or more non-transitory computer-readable media of claim 15, wherein the first set of user credentials are valid only for authenticating a single client device.
  20. 20. The one or more non-transitory computer-readable media of claim 15, wherein the image key is a QR code, a bar code, or a text-based code.

Description

Providing secure wireless network access Technical Field The present disclosure relates to computer networks. In particular, the present disclosure relates to a mechanism for securely accessing a wireless computer network. Background Public internet access has been provided in many commercial, educational and other organizational environments. For example, public internet access points are numerous in businesses, as businesses typically offer internet access to their customers as a facility. Public internet access is typically provided through wireless computer networks. For example, coffee shops, restaurants and hotels often offer "free Wi-Fi" to their customers. Access to these wireless computer networks often lacks protection severely. Communications sent from devices over an insufficiently protected wireless computer network may be extremely vulnerable to malicious access. These communications may include login credentials, personal information, financial data, or other sensitive information. Individuals connected to these wireless computer networks may not be aware of this hazard at all. The entities that manage these wireless computer networks may lack knowledge of risk or they may not have the management resources at all that are needed to provide adequate security for each individual desiring to use public internet access. Furthermore, even if appropriate security precautions are taken, security vulnerabilities still exist when connecting to the public wireless network. The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Thus, unless otherwise indicated, any approaches described in this section are not to be construed as prior art merely by virtue of their inclusion in this section. Drawings Various embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings. It should be noted that references to "an" or "one" embodiment in this disclosure do not necessarily refer to the same embodiment, but mean at least one. In the accompanying drawings: FIG. 1 illustrates a system in accordance with one or more embodiments; FIG. 2 illustrates an example set of operations for providing secure network access in accordance with one or more embodiments; FIG. 3 illustrates an example set of operations for managing secure network access in accordance with one or more embodiments; FIG. 4 illustrates an example set of operations for requesting network access in accordance with one or more embodiments; FIG. 5 illustrates an example set of operations for securely accessing a computer network in accordance with one or more embodiments; FIG. 6A illustrates an example of a system for secure computer network access in accordance with one or more embodiments; FIG. 6B illustrates an example embodiment of an image key in accordance with one or more embodiments; FIG. 7 shows a block diagram illustrating a computer system in accordance with one or more embodiments. Detailed Description In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding. One or more embodiments may be practiced without these specific details. Features described in one embodiment may be combined with features described in a different embodiment. In some instances, well-known structures and devices are described in detail with reference to block diagram form in order to avoid unnecessarily obscuring the present invention. The following list is provided for the convenience of the reader and is not intended to limit the scope of the present disclosure. 1. General overview 2. System architecture 3. Operation for providing secure network access 4. Operation for managing secure network access 5. Operation for requesting secure network access 6. Combined operation for secure network access 7. Example embodiment 8. Computer network and cloud network 9. Microservice application 9.1 Trigger device 9.2 Action 10. Advantages of secure network access 11. Hardware overview 12. Other matters, expansion 1. General overview One or more embodiments embed user credentials for accessing a wireless computer network into an image key for distribution to client devices. The access management device obtains credentials that may be used to obtain rights to access the wireless network. The access management device may obtain the credentials from the credential generator. The credential generator may be implemented on the access provider or the access management device itself. The access management device embeds the credentials into the image key. The image key of the embedded credential, referred to herein, includes an image key that contains information that can be used to calculate or access the credential. In other words, the hash function, conversion function, or other function, when applied to the image key, may result in a computin