"JPElectron" <firstname.lastname@example.org> hath wroth:
>Would any of you who run public HotSpots be interested in a way to
>authenticate users based on a special code that would be displayed on
>an LED sign?
I don't run any hot spots, but I do help maintain a few. One tried
something like that. They would post a cardboard sign with the WEP
key of the momement. It initially was changed every few hours, but
that caused a big problem as it would disconnect users. So, it was
changed to once per day. The local freeloaders would walk into the
coffee shop, write down the WEP key, and then go to their car, camper,
or van, and proceed to suck bytes. Some of the employees just gave
out lists of the daily WEP keys to their "friends" for a small bribe.
Not exactly what you're suggesting, but close.
I also know of one system (don't know name of vendor) that prints a
number on the receipt that is used as a password. However, it
apparently does not automatically expire and seems to function until
the ARP table entry expires, or the router is rebooted. With some of
the freeloaders, that can be literally forever.
>For example, user gets on the HotSpot, tries to surf to a but gets a
>splash page (or captive portal page) that says please enter the code
>shown on the sign, user would have to be in the resturant or building
>in order to see the sign, upon entering the correct code (which is only
>shown for a minute or 30seconds?) user can then surf freely.
That's built into NoCatAuth/NoCatSplash and its numerous mutations.
The users get a splash screen. Type the magic password and they get
to surf. It leaves a cookie on the users machine that is checked by
the wireless router. If it expires, port 80 goes back to the splash
screen and the user gets to re-enter the magic password.
>The code could be random and expires quickly, it might also ask for
>another part of the code shown on a sales reciept or food packaging (to
>verify they actually purchased something from your establishment)
>In theory I would like to use already off-the-shelf hardware like the
>BetaBrite or Color Cells sign connected to the controlling PC via a
>Does this sound like a good idea to anyone else?
It's an idea, but I'm not sure if it can be sold effectively. The
basic requirement would be that it NOT involve any time or labor on
the part of the coffee shop staff. If someone gets disconnected when
the key gets changed, you've lost a customer. Therefore, your problem
is not issuing the keys. It's dealing with key changes and
expirations. Also return visitors that don't want the hassle. There's
also the perspective of the owner. How much money will such as system
generate or save? If near zero, then they won't buy.
Jeff Liebermann email@example.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558