Wireless devices must be properly provisioned to allow the devices to join a wireless network in compliance with IEEE 802.11 standards. Specifically, the joining process involves discovery, association, and authentication.
Conventionally, the provisioning process involves cumbersome manual provisioning of each device with information to discover and associate to a particular network, and with credentials to allow each device to authenticate to the network. Other networking protocols, such as Wi-Fi Simple Config, have attempted to simplify the provisioning process by having a dedicated configurator that provisions each device with the information to select the correct network and a shared secret that the device uses with a shared key confirmation protocol, e.g., the “Four-Way Handshake” as defined in the IEEE 802.11 standard.
The secret is shared by all devices in such network protocols, which voids some benefits of authentication, for example, data integrity protection, data source authentication, confidentiality, etc. Specifically, a secret shared by all devices may inadvertently allow a client device to impersonate other client devices to connect to an access point, or impersonate an access point to obtain information from other client devices using the shared secret.
Moreover, when devices need to communicate securely over a network, these devices must authenticate each other to ensure that they are, in fact, participating in the communications. One type of authentication protocol involves the use of a third party device trusted by both the devices involved in the secure communications. The trusted third party device is responsible for authenticating the devices and certifying a key which is used to authenticate the devices to each other. However, these authentication protocols involving trusted third party typically require extra infrastructure to be set up (for example, a Public Key Infrastructure or PKI), and thus are problematic for provisioning a device for secured communications in WLAN.