Authenticate HotSpot users via LED sign ?

Would any of you who run public HotSpots be interested in a way to
authenticate users based on a special code that would be displayed on
an LED sign?

For example, user gets on the HotSpot, tries to surf to a but gets a
splash page (or captive portal page) that says please enter the code
shown on the sign, user would have to be in the resturant or building
in order to see the sign, upon entering the correct code (which is only
shown for a minute or 30seconds?) user can then surf freely.

The code could be random and expires quickly, it might also ask for
another part of the code shown on a sales reciept or food packaging (to
verify they actually purchased something from your establishment)

In theory I would like to use already off-the-shelf hardware like the
BetaBrite or Color Cells sign connected to the controlling PC via a
serial cable.

Does this sound like a good idea to anyone else?

JPElectron wrote:
> Would any of you who run public HotSpots be interested in a way to
> authenticate users based on a special code that would be displayed on
> an LED sign?
>
> For example, user gets on the HotSpot, tries to surf to a but gets a
> splash page (or captive portal page) that says please enter the code
> shown on the sign, user would have to be in the resturant or building
> in order to see the sign, upon entering the correct code (which is only
> shown for a minute or 30seconds?) user can then surf freely.
>
> The code could be random and expires quickly, it might also ask for
> another part of the code shown on a sales reciept or food packaging (to
> verify they actually purchased something from your establishment)
>
> In theory I would like to use already off-the-shelf hardware like the
> BetaBrite or Color Cells sign connected to the controlling PC via a
> serial cable.
>
> Does this sound like a good idea to anyone else?
>
I don't. The guy is sitting outside. He has to carry it in, type the
code, then go back outside to enjoy the fresh air ? He can't just leave
the laptop on the table and go check the number. Myself, I would go
elsewhere. It's not going to stop the freeloaders. Whats to stop the guy
from asking another person what the code is ? Sounds like a big pain in
the rear.

The code would be unique for each user who signs on, the one
troublesome issue might be when two people turn on thier laptops at
about the same time.

The code displayed on the LED sign + the code on the sales reciept
would be needed.


Kevin Weaver wrote:
> JPElectron wrote:
> > Would any of you who run public HotSpots be interested in a way to
> > authenticate users based on a special code that would be displayed on
> > an LED sign?
> >
> > For example, user gets on the HotSpot, tries to surf to a but gets a
> > splash page (or captive portal page) that says please enter the code
> > shown on the sign, user would have to be in the resturant or building
> > in order to see the sign, upon entering the correct code (which is only
> > shown for a minute or 30seconds?) user can then surf freely.
> >
> > The code could be random and expires quickly, it might also ask for
> > another part of the code shown on a sales reciept or food packaging (to
> > verify they actually purchased something from your establishment)
> >
> > In theory I would like to use already off-the-shelf hardware like the
> > BetaBrite or Color Cells sign connected to the controlling PC via a
> > serial cable.
> >
> > Does this sound like a good idea to anyone else?
> >
> I don't. The guy is sitting outside. He has to carry it in, type the
> code, then go back outside to enjoy the fresh air ? He can't just leave
> the laptop on the table and go check the number. Myself, I would go
> elsewhere. It's not going to stop the freeloaders. Whats to stop the guy
> from asking another person what the code is ? Sounds like a big pain in
> the rear.

"JPElectron" <jp.maurer@gmail.com> hath wroth:

>Would any of you who run public HotSpots be interested in a way to
>authenticate users based on a special code that would be displayed on
>an LED sign?

I don't run any hot spots, but I do help maintain a few. One tried
something like that. They would post a cardboard sign with the WEP
key of the momement. It initially was changed every few hours, but
that caused a big problem as it would disconnect users. So, it was
changed to once per day. The local freeloaders would walk into the
coffee shop, write down the WEP key, and then go to their car, camper,
or van, and proceed to suck bytes. Some of the employees just gave
out lists of the daily WEP keys to their "friends" for a small bribe.
Not exactly what you're suggesting, but close.

I also know of one system (don't know name of vendor) that prints a
number on the receipt that is used as a password. However, it
apparently does not automatically expire and seems to function until
the ARP table entry expires, or the router is rebooted. With some of
the freeloaders, that can be literally forever.

>For example, user gets on the HotSpot, tries to surf to a but gets a
>splash page (or captive portal page) that says please enter the code
>shown on the sign, user would have to be in the resturant or building
>in order to see the sign, upon entering the correct code (which is only
>shown for a minute or 30seconds?) user can then surf freely.

That's built into NoCatAuth/NoCatSplash and its numerous mutations.
The users get a splash screen. Type the magic password and they get
to surf. It leaves a cookie on the users machine that is checked by
the wireless router. If it expires, port 80 goes back to the splash
screen and the user gets to re-enter the magic password.

>The code could be random and expires quickly, it might also ask for
>another part of the code shown on a sales reciept or food packaging (to
>verify they actually purchased something from your establishment)
>
>In theory I would like to use already off-the-shelf hardware like the
>BetaBrite or Color Cells sign connected to the controlling PC via a
>serial cable.
>
>Does this sound like a good idea to anyone else?

It's an idea, but I'm not sure if it can be sold effectively. The
basic requirement would be that it NOT involve any time or labor on
the part of the coffee shop staff. If someone gets disconnected when
the key gets changed, you've lost a customer. Therefore, your problem
is not issuing the keys. It's dealing with key changes and
expirations. Also return visitors that don't want the hassle. There's
also the perspective of the owner. How much money will such as system
generate or save? If near zero, then they won't buy.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

JPElectron wrote:
> The code would be unique for each user who signs on, the one
> troublesome issue might be when two people turn on thier laptops at
> about the same time.
>
> The code displayed on the LED sign + the code on the sales reciept
> would be needed.
>
>
> Kevin Weaver wrote:
>> JPElectron wrote:
>>> Would any of you who run public HotSpots be interested in a way to
>>> authenticate users based on a special code that would be displayed on
>>> an LED sign?
>>>
>>> For example, user gets on the HotSpot, tries to surf to a but gets a
>>> splash page (or captive portal page) that says please enter the code
>>> shown on the sign, user would have to be in the resturant or building
>>> in order to see the sign, upon entering the correct code (which is only
>>> shown for a minute or 30seconds?) user can then surf freely.
>>>
>>> The code could be random and expires quickly, it might also ask for
>>> another part of the code shown on a sales reciept or food packaging (to
>>> verify they actually purchased something from your establishment)
>>>
>>> In theory I would like to use already off-the-shelf hardware like the
>>> BetaBrite or Color Cells sign connected to the controlling PC via a
>>> serial cable.
>>>
>>> Does this sound like a good idea to anyone else?
>>>
>> I don't. The guy is sitting outside. He has to carry it in, type the
>> code, then go back outside to enjoy the fresh air ? He can't just leave
>> the laptop on the table and go check the number. Myself, I would go
>> elsewhere. It's not going to stop the freeloaders. Whats to stop the guy
>> from asking another person what the code is ? Sounds like a big pain in
>> the rear.
>
Still would not. I have AT&T for my wireless hotspots. None of this get
a number crap. It's simple. Pay your bill, Log on. Asking people to
locate and enter code numbers is not going to fly.

One local hotspot here gives it out for free. The access code is printed
on the wall. It changes a few times a month.

The guy spends 30.00 a month for DSL and 50.00 for a wireless router.
(One time buy) With a high profit on water and bean, the owner could
care less about free loaders. Thats why he has a busy shop.

> With a high profit on water and bean, the owner could
> care less about free loaders. Thats why he has a busy shop.

Why he has a busy shop probably has more to do with everything BUT wireless
access.

If you've got an idle link then freeloading won't be much of an issue. But
what if you're in an area where nearby businesses deliberately leech your
bandwidth and entirely clog the uplink? What good does 'free' do your
customers when everyone else (who may or may not be a customer) hog it all?

It's all a matter of balance. Balance what you've got with what you're
prepared to do to manage it, and what those efforts will 'cost' all-around.
It does no good to 'manage' the connection if it aggravates your customers
and consumes inordinate amounts of your staff's time. Likewise, it does no
good to make it 'free' if people swamp the uplink.

Although, you can do things like change the antennas or limit the radio
power as a means to keep the bandwidth consumable to within the premises.
If it's free and doesn't work outside your establishment (as is necessary)
that might save a lot of overhead efforts.

-Bill Kearney