Authentication service for facilitating access to services

This application claims the benefit of U.S. Provisional Patent Application Ser. No. 60/790,246 filed Apr. 7, 2006, which application is incorporated herein by reference in its entirety. 10

BACKGROUND OF THE INVENTION

1. The Field of the Invention

The present invention relates generally to accessing the 15 Internet via an Internet access point. More specifically, the present invention relates to methods and systems for authenticating a client system with an Internet access point.

2. The Relevant Technology

Recently, accessing Internet via a wireless link has become 20 increasingly common and Internet users are growing to expect wireless Internet access in many different areas, including both public and private locations. For example, many users carry a laptop or other mobile Internet-ready devices to local coffee shops, public libraries, city centers, 25 cyber cafes, public transportation, airports, among other locations, and expect to have wireless Internet access upon their arrival.

Therefore, many of the above locations offer Internet access to the public and provide Internet access points which 30 allow third party client systems to connect to the Internet. The Internet access points may include wireless and wired routers, switches, Wireless Access Points (WAPs), and the like, which are capable of distributing an Internet connection to one or more clients systems. For example, specific geographic loca- 35 tions in which an Internet access point provides public wireless broadband internet access to mobile visitors through a wireless LAN (WLAN) are commonly referred to as "hotspots." Therefore, users of third party client systems (i.e., client systems which are otherwise unaffiliated with the pro- 40 vider of the Internet access point), are able to access the Internet by establishing a connection with the Internet access point. The availability of Internet access, and particularly wireless hotspots, has become a selling point for many businesses, municipalities, airports, and the like. 45

However, many of the above mentioned Internet access point providers consider it important to monitor the identities of the individuals and client systems accessing the Internet via the providers' Internet access points. For example, the provider may be concerned with online security, and/or may 50 wish to charge a fee to the users of their Internet access points. Because the provider of the Internet access point is typically charged a usage fee for the Internet connection by their Internet Service Provider (ISP), the Internet access point provider often passes this expense onto the end user. 55

Therefore, the provider often requires third party client systems connecting to their Internet access point to perform an authentication process, which may include the submission of a username, password, and other identification information. Where the provider of the Internet access point intends to 60 charge a fee to the online users, the users are also required to submit billing information, such as credit card information, before access is granted.

However, many users are deterred from accessing the Internet via public Internet access points because they do not wish 65 to share personal and confidential information each time they wish to access the Internet. Furthermore, when a user merely

These and other limitations are overcome by embodiments of the invention, which relate to systems and methods for authenticating users. One embodiment of the invention authenticates a third party client system prior to providing Internet access via an Internet access point to the third party client system. The method may be practiced, for example, in a distributed computing system including an Internet access point, an authentication service, and a third party client system. The method includes receiving at the authentication service an authorization request from the third party client system. The authorization request is initiated in response to a single action being performed by a user of the third party client system, wherein the user is not required to manually submit any identification information. The authorization request includes a unique client identifier for identifying the third party client system. The method also includes verifying that the third party client system associated with the unique client identifier is authorized to access the Internet via the Internet access point. If the third party client system is authorized to access the Internet, the method includes providing Internet access to the third party client system associated with unique client identifier via the Internet access point.

A further embodiment is directed to a method of requesting authorization to access the Internet via an Internet access point. The method may be practiced, for example, in a distributed computing system including an Internet access point, an authentication service, and a third party client system. The method includes providing a single action user interface on a display of the third party client system for receiving a single action from the user to initiate an authorization request for accessing the Internet via the Internet access point. The single action user interface does not request the manual submission of any identification information from the user. After receiving the single action from the user at the third party client system, an authorization request is sent to the authentication service, the authorization request including a unique client identifier for identifying the user of the third party client system. Finally, the method includes receiving at the third party client system authorization to access the Internet via the Internet access point.

Additional features and advantages will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the teachings herein. Features and advantages of the invention may be realized and obtained by means of the instruments and combinations particularly pointed out in the appended claims. Features of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

To further clarify the above and other advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be 3

described and explained with additional specificity and detail through the use of the accompanying drawings in which:

FIG. 1A illustrates a schematic drawing of a networking computer environment for providing single action authentication of a third party client system; 5

FIG. IB illustrates a schematic drawing of another embodiment of a networking computer environment for providing single action authentication of a third party client system;

FIG. 2 illustrates a schematic drawing of a third party client system; 10

FIG. 3 illustrates a schematic drawing of an authentication service;

FIG. 4 illustrates a flow diagram for authenticating a third party client system; and

FIG. 5 illustrates a flow diagram for requesting authoriza- 15 tion to access the Internet via an Internet access point.

DETAILED DESCRIPTION OF PREFERRED
EMBODIMENTS

20

In the following detailed description of the preferred embodiments, reference is made to the accompanying drawings which form a part hereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is to be understood that other embodi- 25 ments may be utilized and structural changes may be made without departing from the scope of the present invention

Embodiments of the present invention provide for an authentication service for providing Internet access to third party client systems via an Internet access point. The authen- 30 tication service simplifies the authentication process that a user of a third party client system performs prior to being granted Internet access via the Internet access point. In particular, the authentication service provides a user interface which allows a user to authenticate and gain access to the 35 Internet via the Internet access point by taking a single action, such as a mouse click. The single action authentication of the present invention reduces the number of user interactions needed to authenticate with a provider of an Internet access point and reduces the amount of personal and confidential 40 information that is communicated between a client system and a server system.

Referring now to FIG. 1 A, a more detailed example will be illustrated using a diagrammed reference to a network computer environment 100. This embodiment supports single 45 action authentication of a third party client system 112 for online access via an Internet access point 106. The network computer environment 100 includes a Local Area Network (LAN) 105 which connects to the Internet 104 via either a dial up or broadband connection. The LAN 105 may connect to 50 the Internet 104 via an Internet Service Provider (ISP) 102. The LAN 105 may include an Internet access point 106 and an authentication service 108. The Internet access point 106 provides Internet access to one or more third party client systems 112a-112<£ The third party client systems 112 55 authenticate via an authentication service 108 prior to gaining access to the Internet via the Internet access point 106.

The ISP 102 may include a business or organization that offers Internet access and related services to individuals and companies. The ISP 102 may provide either dial up or broad- 60 band service, including ISDN, Broadband wireless access, Cable modem, DSL, Satellite, Ethernet, and the like.

The features, geographic range, and complexity of the LAN 105 may vary greatly depending on the scope and type of services the LAN 105 is intended to provide. For example, 65 the LAN 105 may simply include an Internet access point 106 for providing Internet access to a relatively small number of

4

third party client systems 112. As illustrated in the embodiment of FIG. 1A, the LAN 105 may further include a server 107 which may include an authentication service 108. Conversely, the LAN 105 may include a large and complex computer network, such as a Metropolitan Area Network (MAN) spanning an entire city, and providing Internet access to third party client systems 112 located within the city via one or more Internet access points 106. Consequently, although the term "LAN" traditionally applies to small local areas, the term "LAN", as used herein, applies to any computer network which is capable of providing Internet access to third party client systems 112.

The LAN 105 provides Internet access to third party client systems 112 via Internet access point 106. The Internet access point 106 may include any portal for distributing an Internet connection to multiple third party client systems 112. For example, the Internet access point 106 may include a wireless router, a wired router, a Wireless Access Point (WAP), a network switch, a network bridge, an Ethernet hub, an Ethernet switch, and the like, or any combination thereof. Where the Internet access point 106 distributes a wireless signal, a "hotspot" is created, as described in the background section, allowing one or more third party clients 112 to wirelessly connect to the Internet. Furthermore, when the Internet access point 106 is configured to provide wireless access over a large geographic area, the Internet access point 106 may include several WAPs linked together to form a larger network that allows "roaming", and may further include repeaters and reflectors amplifying signals over a larger geographic area.

Therefore, the transmission medium 110 for communicating Internet data between the Internet access point 106 and one or more third party client systems 112 may include either a wireless or a wired connection. For example a wired connection may include an Ethernet cable, category 5 cable, 10BASE-T, 100BASE-TX, 1000BASE-T, and the like. Also, a wireless connection may include IEEE 802.11, Wireless Fidelity (WiFi), WiMAX, and the like.

As stated previously, the Internet access point 106 is configured for providing Internet access to one or more third party client systems 112. In general, a third party client system 112 is a computer system that is not owned, affiliated with, or otherwise controlled by the provider of the Internet access point 106. For example, the laptop (e.g., 112a) of a patron who connects to the Internet 104 via an Internet access point 106, provided by a cybercafe, would be considered a third party client system because, apart from accessing the Internet from the cyber cafe, the patron and the laptop are unaffiliated with the cybercafe. In other words, the laptop of the patron is not owned or controlled by the cybercafe. Conversely, the laptop of a homeowner who connects to the Internet via a wireless router in the homeowner's home would not be considered a third party client system, because the homeowner is the provider of the Internet access point (i.e., the wireless router), and also owns and controls the laptop. In one embodiment, a third party client system 112 is one which is charged a fee by the provider of the Internet access point 106 in order to gain access to the Internet 104 via the Internet access point 106

The third party client systems 112 include portable computer devices that may easily connect to and be removed from the LAN 105. Common examples of portable computer devices include laptop computers 112a, tablet computers 1126, personal digital assistants (PDAs) 112c, cellular telephones 112d, and the like or any combination thereof. When a reference is made herein to a "third party client system 112" without specifically identifying one of the third party client systems 112a, 1126, 112c, or 1120*, the reference is to be