This invention relates to the authentication of users of a public Wl Fl system.

Background to the invention

There are many patents concerned with user authentication methods.

USA patent 8966592 discloses an authentication method for mobile computing devices which includes an access response.

USA patent 8782751 discloses an authentication method which utilises a user identity and a network access identity and an identity server.

USA patent 8844001 discloses a method of authentication for content delivery to a mobile device.

USA application 2014/0189808 discloses an authentication method that uses an authentication platform to challenge a request for authorisation and uses context information based on the user, the client computer and the request.

The use of third party applications (such as facebook, twitter, google+, or email) to authenticate users is a highly desirable function for public WLAN or WiFi networks. It allows network owners to connect with users, direct traffic to their social media pages, and to collect information about end users such as demographics and contact details.

Presently, several WiFi management platforms offer authentication using third party web applications. The method used involves allowing universal access to key resources from each application prior to authentication.

The problems with this approach are manifold and render it highly unstable and susceptible to failure. These can be summarized via the following three points:

· It requires separate approaches to each application that will be used as an authentication method.

• It involves maintaining extensive lists of the resources required to enable the login process for each application. These are subject to frequent change without notice from the application providers.

· It means that there are extensive online activities which the end user can carry out with no authentication at all (for example, enabling google + login via this method effectively renders all of google open to end users prior to authentication). Brief description of the invention

To overcome delays and difficulties with current user authentication methods it is proposed to elicit a logon action from the end user and then temporarily log the end user in to access the internet and redirect that user to a third party web application and use the third party application programming interface( API) to collect data and use it to check a Wireless local area network (WLAN) authentication database and then log the end user in to the public WLAN

This invention provides a method of authenticating a user in a public WIFI or WLAN network which includes the steps of

eliciting a logon action from the end user of a public WLAN;

logging the end user in to access the internet for a predetermined interval;

redirecting the user to a third party web application;

using the third party application API to collect data on the end user;

parsing commands from the third party application to a WLAN authentication database;

logging the end user in to the public WLAN.

RADIUS is the preferred authentication database. It is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. It is commonly used to manage internet access by ISPs(lnternet Service Providers) and is often the backend of choice for 802.1X network authentication. The RADIUS Server may be hosted remotely as a web service or onsite.

In another aspect this invention provides a public WLAN system which includes a WLAN gateway programmed to receive end user requests from an end user device to join a public WLAN network;

a captive portal server programmed to present the end user device with a third party authentication request;

the system being further programmed to collect data on the end user using the third party application API; parsing commands from the third party application to a WLAN authentication database and then logging the end user in to the public WLAN In this invention a captive portal is used to log the end user onto the internet temporarily. The captive portal is a special web page that presents to end users of a WiFi network on connection. It enables authentication to the network on

presentation of credentials including simple agreement to a set of terms and conditions, provision of a valid access code, or authentication via third party payment gateway. The Captive Portal server hosts captive portal content, presents authentication methods to the end user and communicates with the RADIUS server, the local WiFi gateway and third party applications.

The WiFi Gateway controls local network access, defining resources to which end users have access, redirecting users to a captive portal page for authentication, and carrying out accounting on user sessions. The WiFi Gateway may be a simple router or a full Network Access Server. The WiFi Gateway receives access information for each network user (such as time, download limit, speed limit) from the RADIUS server and applies it to the relevant end user session.

End user devices may consist of any WiFi enabled device that is able to perform web authentication. These include laptops, smartphones, tablets and a variety of other devices.

The third party application may be any application capable of sending

authentication responses. These include social media platforms, email clients, messaging applications and payment systems.

Detailed description of the invention.

Figure 1 illustrates a flow chart of a preferred embodiment of this invention. The preferred embodiment illustrated in figure 1 depicts the improved authentication procedure of this invention.

The end user needing to access a public WI-FI is connected by the WiFi gateway to a captive portal server which in turn presents the end user device with a third party authentication option. The third party may be any social media platform such as Facebook. The end user responds and requests a login. This request is passed onto the captive portal by the WiFi gateway. The captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name which WiFi gateway uses to obtain from the radius server attributes which are then forwarded to the third party application. The third party application responds to the end user device requesting credentials. When the credentials are received an authorisation is confirmed to the captive portal server by the third party application. The captive portal server the logs out of the radius server via the WiFi gateway which then initiates a log in request with the captive portal server. The captive portal obtains a token from the radius server and passes this to the WiFi gateway as a login request user name. The WiFi gateway then requests a login from the radius server and obtains the necessary attributes for the end user to be logged into the Public Wi-Fi.

From the above those skilled in the art will appreciate that this invention provides a robust and economical means of authenticating end users to a public WiFi network.

Those skilled in the art will also realise that this invention may be implemented in embodiments other than those described without departing from the core teachings of this invention