Conventional computer devices typically have the ability to identify a presence of available WiFi™ access points. For example, according to current technology, to learn of one or more access points in a region, a computer device can listen for so-called beacons indicating their identities (a.k.a., SSIDs).
In addition to or as an alternative to monitoring beacons, a communication device can be configured to transmit a wireless query signal (e.g., a probe request) in a region. In response to the wireless query signal, any of one or more active WiFi™ network access points in the region will respond with information indicating their identities (a.k.a., SSIDs).
In certain instances, a respective SSID is a human-readable network name assigned to a respective network. Accordingly, via the response information from the access points, the operator of the computer or the computer itself can be configured to identify which, if any, WiFi™ networks are available for use in the region.
After identifying available WiFi™ networks, the computer device can initiate display of the identities of the different WiFi™ networks on a display screen. In such an instance, the user of the computer can manually select from a listing of the available WiFi™ networks (SSIDs) in which to connect. It is now common that software in the computer device select an appropriate SSID in which to connect.
If the WiFi™ access point is an open WiFi™ network, the user will not need to provide a password to be granted access to the Internet through the selected WiFi™ access point. Alternatively, in certain instances, such as in secured WiFi™ networks (secured SSIDs), the user may be required to provide appropriate credentials (such as username, password, etc.) to use the wireless access point. This sometimes referred to as authentication.
If used, a downside of open networks is that illegitimate users (a.k.a., hackers) can potentially eavesdrop on respective wireless communications between a computer device and a respective WiFi™ access point. Via eavesdropping, an illegitimate user may be able to learn of a respective network address associated with the computer device. Using the network address, the illegitimate user may be able to control use of the communication link and/or steal personal data. Thus, unsecured wireless communications (such as WiFi™ communications) are typically undesirable.
To alleviate and/or prevent hacking of wireless communications, several wireless communication protocols have been established for use in WiFi™ applications to provide more secured wireless communications. For example, the EAP (Extensible Authentication Protocol) is a desired protocol for use in wireless network applications. The EAP protocol expands on authentication methods used by the Point-to-Point Protocol (PPP), a protocol often used when connecting a computer to the Internet.
In general, to communicate in accordance with a wireless security protocol such as EAP, a user requests to establish a connection with a respective wireless access point (such as via the WiFi™ communication protocol). In response to receiving the request, the wireless access point requests that the user (or corresponding mobile communication device) of the communication device provide identification information. The wireless access point forwards the identification information received from the communication device to an appropriate authentication server. Via communications through the wireless access point, the authentication server challenges the user of the communication device to provide proof of the validity of the provided identification information. The wireless access point receives and forwards authentication information (such as password, etc.) received from the user to the authentication server. Based on received credentials, the authentication server authenticates the user and corresponding mobile communication device.
Successful authentication can include forwarding appropriate security information such as encryption keys to the communication device such that the communication device is able to communicate with a respective wireless access point over a secured link.
In addition to EAP services, conventional WiFi™ supports so-called Passpoint services. In general, Passpoint services allow your mobile device to connect to different wireless access points of a single service provider as the mobile device roams through a respective geographical region. For example, both a first wireless access point and a second wireless access point may support wireless connectivity for a single particular service provider. A respective user may communicate with the first wireless access point, provide appropriate credentials, receive security association information supporting communications, and then communicate through the first wireless access point to the Internet.
The respective user may roam outside a coverage region provided by the first wireless network into a wireless coverage provided by the second wireless access point. It is possible that the communication device uses a Passpoint inquiry to identify that the second wireless access point is part of a same service provider's wireless network including the first wireless access point operated by the single particular service provider. In such an instance, because the second wireless access point is part of the same network as the first wireless access point, the user operated client device is able to use the security association established with the first wireless access point to then establish connectivity with the second wireless access point. The second wireless access point provides the user access to the Internet based upon the previous security association.