For a computer to connect to a network as a client, the computer must be configured with security settings that are compatible with security settings of a network access point and the backend network infrastructure. In addition, as part of the authentication process that a computer must complete to gain access to a network, the computer may be required to provide user credential data, such as a user name and password.
Some computers are configured to store a network profile that contains information needed to connect to a network. This information may be input by a user as part of a process of creating the network profile. To create the profile, a user must have information about the supported configuration of the access point through which the user will connect to the network and authentication mechanisms used in the backend network infrastructure. Frequently, a typical computer user will not have the required information or will not understand details of the network well enough to provide the required information to create a profile.
Creating a profile for a wireless network poses particular challenges because of the range of possible settings required to access the network. For example, there are many protocols available for wireless network security and a user may not know which profiles are in use for the network and therefore may not know which settings to specify as part of the profile.
For example, some wireless networks require IEEE 802.1X authentication. Further, the IEEE 802.1X authentication protocol incorporates an extensible authentication protocol (EAP) that allows a network to be configured to require client computers connecting to the network to authenticate using a method beyond those specified in the standardized IEEE 802.1X protocol. Because the IEEE 802.1X protocol is extensible, there may be variations in the required settings needed to connect to different networks that implement different extensions of the IEEE 802.1X protocol.
As an example of further variations, some networks may authenticate clients using a WPA2 protocol. The WPA2 protocol also includes variations, including an enterprise variation and a personal variation. Further, when configuring a network to operate under the WPA2 protocol, different types of encryption ciphers may be required. For example, TKIP or CCMP encryption ciphers may be used. As another example, a WPA protocol may be used for authentication. Like the WPA2 protocol, the WPA protocol has an enterprise and a personal variant, each of which may use either a TKIP or a CCMP encryption cipher. The enterprise variants of these protocols are used with 802.1X authentication, but the personal versions are not.
Further difficulties in setting a profile may arise because the defined profile must also be compatible with the hardware and software of the computer. For example, a network may support an authentication/cipher that the hardware of the computer hardware is not able to support. Creating a profile that matches such a network will result in a failed connection. A similar problem can arise with software configuration. A network backend may support multiple EAP methods, such as EAP-TLS, EAP-PEAP and EAP-FAST. Creating a profile with one of these methods, even though the network supports the method, will also result in a failed connection if the client computer does not support the same method.
Some of the information needed to create a connection profile may be available to a client computer from the network itself. In a wireless network, an access point traditionally transmits a beacon, which is a signal that contains information used by a client in connecting to the access point. The beacon may provide a client with some information about the security configuration of the network, which may be used to configure security settings. However, a beacon does not provide all information needed to configure a computer seeking to connect to a network.