Wireless hotspots are becoming more prevalent. To access a wireless hotspot, a user utilizes a communications device in a laptop, PDA or other wireless-enabled device that allows the wireless-enabled device to communicate with an access point. For example, a laptop may include built-in wireless capability, or the user may plug in a PC card to provide the wireless functionality. The wireless communication device typically uses a standard protocol, such as the 802.11b protocol, to communicate with the access point.
The standard protocols support basic authentication protocols, including Wireless Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). Unfortunately, both of these authentication protocols are easily breachable with basic attack strategies available over the Web and therefore do not provide an acceptable level of security for many users and corporations. A new standard, 802.1x, addresses some of these security issues. However, the new standard requires changes in hardware and software and will take time to implement. Thus some current and future Wireless Local Area Network (WLAN) equipment and telecommunication carriers may not support the enhanced authentication protocol immediately or at all.
Additionally, the access point typically has no mechanism that allows a wireless-enabled device attempting to connect to an authentication server on the other side of the access point to verify that the authentication response it receives, supposedly from the authentication server, is genuine. This security hole makes it difficult to identify a rogue access point—an access point set up to impersonate an authentication server and gain unauthorized access to information on the wireless-enabled devices or from transmissions from the wireless-enabled devices.