Sesame opens up wireless guest access

Setting up temporary wireless LAN Internet access for visitors to your offices is an administrative headache and a security nightmare.

Sesame Networks is launching in the U.S. a subscriber service, with some on-site hardware, to automatically provision visitors and guests with WLAN access to the Internet. It's like creating your own WLAN hot spot outside the corporate firewall, without any work on the part of network IT staff.

Sesame works like this: A business partner visiting a corporate location opens his wireless notebook PC, which connects to a Sesame access point and then to a Sesame controller, which is plugged into the Internet access router at your site. The user enters his cell phone number and other data, which the controller passes on via the Internet to an application at Sesame's data center. The application stores the user's identity information, creates a unique password and sends this to the requesting user's cell phone via Short Message Service (SMS). The user enters the password and completes the logon to access the Internet or start up a VPN client to access his own corporate network.

At the customer site, there are two components to the Sesame network: 802.11b/g WLAN access points, called SesameSpots, which plug into the Sesame Access Manager (SAM), which in turn attaches to a spare port on a corporate router used for Internet access. Or a company could buy its own access points or set up a separate virtual LAN (VLAN) on its WLAN solely for visitor use. The VLAN funnels the wireless traffic to the SAM.

The SAM connects via the Internet to Web and identity servers in Sesame's data center. These servers handle registration, password creation, authentication and session management.

Once the Sesame hardware is set up, visitors simply connect to it as they would to any other WLAN, by opening their wireless notebooks or PDAs. The SAM pushes to these clients a Web page, which can bear the logo and greeting of the company being visited. The Web page prompts the visitor to enter his cell phone number, and click "Get password."

The SAM passes this information back to the Sesame data center, which stores it along with the user's name, media access control address of the client device and the IP address of the SAM.

The data center creates a Sesame ID and password, and hands off the latter in the form of an SMS message through the visitor's cellular carrier. In a few seconds the message arrives on the cell phone. The visitor types in the password on the Sesame screen to complete registration and logon.

The password is valid for 30 days on any Sesame network. When the visitor logs on another time, Sesame checks the user name and cell phone information. It tracks session information each time the visitor logs on via a SAM at any location.

The hardware price is about $1,500 for the Sesame Access Manager and three SesameSpots. That price goes up with more SesameSpots, at $360 each, and larger models of the SAM.

The yearly subscription fee for this small system would be about $1,200. That fee increases with the number of access points. Volume discounts are available.