Search

US-20230284024-A1 - CONTROLLED GUEST ACCESS TO WI-FI NETWORKS

US20230284024A1US 20230284024 A1US20230284024 A1US 20230284024A1US-20230284024-A1

Abstract

A Wi-Fi network includes one or more access point devices configured to connect to one or more devices; wherein the Wi-Fi network is designated by a Service Set Identifier (SSID); wherein each Wi-Fi client device accesses the Wi-Fi network using the SSID and a key of a plurality of keys each being a password or certificate for the Wi-Fi network; and wherein each of the plurality of keys designates an access zone of a plurality of access zones each defining rules for network and/or device access such that the one or more access point devices provide selective access based on which of the plurality of keys is used for each of the one or more devices.

Inventors

  • HOTCHKISS Adam
  • SINGLA AMAN
  • KUMAR ABHISHEK
  • AMAROSE NATE
  • WHITE PAUL
  • KAZIOR MICHAL
  • BARJAKTAREVIC MLADEN
  • VAIDYA SAMEER

Assignees

  • PLUME DESIGN INC

Dates

Publication Date
20230907
Application Date
20230512
Priority Date
20171129

Claims (20)

  1. 1 . A method comprising: receiving, by a device, a request to access a network from a guest user of the network, the network comprising a first access zone and a second access zone, the first access zone corresponding to a portion of the network for home users of the network, the second access zone corresponding to a portion of the network for guest users of the network; communicating, by the device, in response to the request, a Service Set Identifier (SSID) for the network and a key associated with the network, the key corresponding to the second access zone; and establishing, by the device, a connection of a device of the guest user to the network, the connection being based on the SSID and the key, the connection corresponding to the second access zone of the network.
  2. 2 . The method of claim 1 , wherein the first access zone of the network includes functionality for unlimited access to capabilities of the network for the home users.
  3. 3 . The method of claim 1 , wherein the second access zone of the network includes functionality for restricted access to capabilities of the network for the guest users.
  4. 4 . The method of claim 3 , wherein the restricted access corresponds to at least one of traffic amount, access time, physical location in a distributed Wi-Fi system, traffic prioritization, and time limit for access.
  5. 5 . The method of claim 1 , wherein the SSID corresponds to both the first and second access zones of the network.
  6. 6 . The method of claim 1 , wherein the network is associated with a plurality of keys, wherein the first access zone is associated with a subset of the plurality of keys, and the second access zone is associated with a another subset of the plurality of keys.
  7. 7 . The method of claim 6 , wherein each of the plurality of keys is a password or certificate for accessing the network.
  8. 8 . The method of claim 1 , wherein the network further comprises a portal connected to a cloud for collecting network activity data of the guest user upon the connection to the network.
  9. 9 . The method of claim 1 , wherein the network access zones of the network are administered from a cloud via automatic propagation by the cloud to the device.
  10. 10 . The method of claim 1 , wherein the network is a Wi-Fi network, wherein the device is an access point device for the Wi-Fi network.
  11. 11 . A device comprising: a processor configured for: receive a request to access a network from a guest user of the network, the network comprising a first access zone and a second access zone, the first access zone corresponding to a portion of the network for home users of the network, the second access zone corresponding to a portion of the network for guest users of the network; communicate, in response to the request, a Service Set Identifier (SSID) for the network and a key associated with the network, the key corresponding to the second access zone; and establish a connection of a device of the guest user to the network, the connection being based on the SSID and the key, the connection corresponding to the second access zone of the network.
  12. 12 . The device of claim 11 , wherein the first access zone of the network includes functionality for unlimited access to capabilities of the network for the home users.
  13. 13 . The device of claim 11 , wherein the second access zone of the network includes functionality for restricted access to capabilities of the network for the guest users, wherein the restricted access corresponds to at least one of traffic amount, access time, physical location in a distributed Wi-Fi system, traffic prioritization, and time limit for access.
  14. 14 . The device of claim 11 , wherein the SSID corresponds to both the first and second access zones of the network, wherein the network is associated with a plurality of keys, wherein the first access zone is associated with a subset of the plurality of keys, and the second access zone is associated with a another subset of the plurality of keys, wherein each of the plurality of keys is a password or certificate for accessing the network.
  15. 15 . The device of claim 11 , wherein the network further comprises a portal connected to a cloud for collecting network activity data of the guest user upon the connection to the network.
  16. 16 . A non-transitory computer-readable storage medium tangibly encoded with computer-executable instructions, that when executed by a device, perform a method comprising: receiving, by the device, a request to access a network from a guest user of the network, the network comprising a first access zone and a second access zone, the first access zone corresponding to a portion of the network for home users of the network, the second access zone corresponding to a portion of the network for guest users of the network; communicating, by the device, in response to the request, a Service Set Identifier (SSID) for the network and a key associated with the network, the key corresponding to the second access zone; and establishing, by the device, a connection of a device of the guest user to the network, the connection being based on the SSID and the key, the connection corresponding to the second access zone of the network.
  17. 17 . The non-transitory computer-readable storage medium of claim 16 , wherein the first access zone of the network includes functionality for unlimited access to capabilities of the network for the home users.
  18. 18 . The non-transitory computer-readable storage medium of claim 16 , wherein the second access zone of the network includes functionality for restricted access to capabilities of the network for the guest users, wherein the restricted access corresponds to at least one of traffic amount, access time, physical location in a distributed Wi-Fi system, traffic prioritization, and time limit for access.
  19. 19 . The non-transitory computer-readable storage medium of claim 16 , wherein the SSID corresponds to both the first and second access zones of the network, wherein the network is associated with a plurality of keys, wherein the first access zone is associated with a subset of the plurality of keys, and the second access zone is associated with a another subset of the plurality of keys, wherein each of the plurality of keys is a password or certificate for accessing the network.
  20. 20 . The non-transitory computer-readable storage medium of claim 16 , wherein the network further comprises a portal connected to a cloud for collecting network activity data of the guest user upon the connection to the network.

Description

CROSS-REFERENCE TO RELATED APPLICATION(S) This application is a continuation of and claims the benefit of priority from U.S. patent application Ser. No. 15/825,242, filed on Nov. 29, 2017, which claims the benefit of priority from U.S. Provisional Patent Application No. 62/565,418, filed on Sep. 29, 2017, the contents of which are incorporated by reference in their entirety. FIELD OF THE DISCLOSURE The present disclosure generally relates to wireless networking systems and methods. More particularly, the present disclosure relates to controlled guest access to Wi-Fi networks. BACKGROUND OF THE DISCLOSURE Wi-Fi networks (i.e., Wireless Local Area Networks (WLAN) based on the IEEE 802.11 standards) have become ubiquitous. People use them in their homes, at work, and in public spaces such as schools, cafes, even parks. Wi-Fi provides great convenience by eliminating wires and allowing for mobility. The applications that consumers run over Wi-Fi is continually expanding. Today people use Wi-Fi to carry all sorts of media, including video traffic, audio traffic, telephone calls, video conferencing, online gaming, and security camera video. Often traditional data services are also simultaneously in use, such as web browsing, file upload/download, disk drive backups, and any number of mobile device applications. In fact, Wi-Fi has become the primary connection between user devices and the Internet in the home or other locations. The vast majority of connected devices use Wi-Fi for their primary network connectivity. In Wi-Fi networks, similar to wired Local Area Network (LAN) networks, once a user device is connected (or plugged into a LAN), the user device has full access on the network. Thus, any connected user device can access any device or resources on the network. For example, when a user device is connected to a Wi-Fi network through its a Service Set Identifier (SSID) (network ID) that user device can access any device or resource also on the SSID. There is a use case for so-called guest access to Wi-Fi networks where user devices can connect to the Wi-Fi network for limited purposes, such as Internet access only, access to select devices or resources, etc. The conventional approach to guest access in Wi-Fi networks utilizes a separate SSID and password for guest access. For example, the main Wi-Fi network can be HOME whereas a separate SSID is setup for HOME_GUEST. However, this approach has disadvantages including the use of multiple SSIDs, inability to offer selective access to guest user devices to devices or resources on the main Wi-Fi network, etc. BRIEF SUMMARY OF THE DISCLOSURE In an exemplary embodiment, a Wi-Fi network includes one or more access point devices configured to connect to one or more devices; wherein the Wi-Fi network is designated by a Service Set Identifier (SSID); wherein each Wi-Fi client device accesses the Wi-Fi network using the SSID and a key of a plurality of keys each being a password or certificate for the Wi-Fi network; and wherein each of the plurality of keys designates an access zone of a plurality of access zones each defining rules for network and/or device access. The SSID can be for both guest users and home users with the guest users having a different password or certificate from the home users. The access zones can include a first access zone with unlimited access and a second access zone for guests, and wherein the second access zone can include one or more devices on the Wi-Fi network selectively disallowed for the guests. The access zone can include one or more limitations related to traffic amount, access time, physical location in a distributed Wi-Fi system, traffic prioritization, and time limit for access. A traffic forwarding table within the one or more access points can be programmed to control the rules for network and/or device access. The one or more access point devices can utilize frame forwarding rules based on Software Defined Networking (SDN) to implement the plurality of access zones. The rules for network and/or device access can be implemented on each access point in a multi-access point network such that all traffic does not need to be passed through a single AP in order for access control to operate. The Wi-Fi network can further include a captive portal configured to communicate to a user information related to the user's access based on its access zone. A user attempting to access a denied service or device can be connected to a web page or captive portal from which they can request access to the desired service or device. The Wi-Fi network can further include a dashboard from which an administrator accesses via a Web page or mobile application to define the plurality of access zones, passwords, and certificates. The Wi-Fi network can further include a dashboard from which an administrator accesses via a Web page or mobile application to observe Internet and device access activities on the Wi-Fi network. Each individual guest user can ha