Current wireless mobile communication devices include microprocessors, memory, soundcards, and run one or more software applications in addition to providing for voice communications. Examples of software applications used in these wireless devices include micro-browsers, address books, email clients, instant messaging (IM) clients, and wavetable instruments. Additionally, wireless devices have access to a plurality of services via the Internet. A wireless device may, for example, be used to browse web sites on the Internet, to transmit and receive graphics, and to execute streaming audio and/or video applications. The transfer of Internet content to and from wireless device is typically facilitated by the Wireless Application Protocol (WAP), which integrates the Internet and other networks with wireless network platforms. Such wireless devices may operate on a cellular network, on a wireless local area network (WLAN), or on both of these types of networks.
With respect to WLANs, the term Wi-Fi or Wireless Fidelity pertains to certain types of WLANs that use specifications in the Institute of Electrical and Electronics Engineers (“IEEE”) 802.11 family.
In a WLAN, an access point is a station that transmits and receives data (sometimes referred to as a transceiver). An access point in an infrastructure BSS (or a client node acting as an AP in an Independent BSS) connects users to other users within the network and also can serve as the point of interconnection between the WLAN and a wired LAN. Each access point can serve multiple users within a defined network area. As users move beyond the range of one access point (i.e., when they roam), they are automatically handed over to the next one. A small WLAN may only require a single access point. The number of access points required increases as a function of the number of network users and the physical size of the network. The access point is typically an IEEE 802.11 (i.e. Wi-Fi or WLAN) radio receiver/transmitter (or transceiver) and functions as a gateway or bridge between a WLAN and a wired LAN.
A block diagram illustrating an example wireless communications system is shown in FIG. 1. The example system, generally referenced 10, comprises one or more mobile devices 12 implementing a WLAN station connected to access point (AP) 14 which is connected to network 16. Also connected to network 16 are computer 18 and DHCP server 20.
A service set identifier (SSID) identifies a particular IEEE 802.11 wireless LAN. A client device receives broadcast messages from all access points within range advertising their SSIDs. The client device can then either manually or automatically select the network with which to associate. It is legitimate for multiple access points to share the same SSID if they provide access to the same network as part of an extended service set.
The basic service set (BSS) is the basic building block of an IEEE 802.11 wireless LAN. In infrastructure mode one access point (AP) together with all associated stations (STAs) is called a BSS. An AP acts as a master to control the stations within that BSS. Each BSS is identified by a Basic Service Set Identifier (BSSID). The most basic BSS is two STAs in Independent mode. In infrastructure mode, a basic BSS consists of one AP and one STA. The BSSID uniquely identifies each BSS (the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (AP).
When a station wants to access an existing BSS (such as after power-up, sleep mode or just entering a BSS area), the station must get synchronization information from the Access Point. The station obtains this information by either (1) passive scanning whereby the station waits to receive a Beacon frame (and/or Probe Responses sent in response to other stations' Probe Requests) from the Access Point; or (2) active scanning whereby the station attempts to find an Access Point by transmitting Probe Request frames and waiting for a Probe Response from the Access Point. Note that the Beacon frame is a periodic frame sent by the Access Point containing synchronization information.
Once the station has found an Access Point, in order to join the BSS, it must perform the Authentication Process which involves the exchange of information between the Access Point and the station, where each side shows knowledge of a shared credential(s).
Once authenticated, the station begins the Association Process which involves the exchange of information about the station and BSS capabilities. Only after the association process is complete, is the station permitted to transmit and receive data frames with the Access Point.
In implementing the WLAN protocol, communications devices often utilize so called WLAN profiles to aid in establishing connections between stations and access points. A wireless local area network profile defines the parameters for the connection between the station and WLAN networks including access points. Profiles typically include connection related information including, for example, SSID, connection type (i.e., open or shared key), security, authentication, encryption, WEP shared keys, key length, frequency bands, roaming enable/disable, SSID broadcasted, etc.
Wireless devices are typically battery operated. As such, conserving battery power is important as doing so allows the wireless device to operate for an extended period of time. To conserve battery power, the wireless device will typically enter a “sleep mode” when it is not actively participating in a communication. During this sleep mode the wireless device will still monitor activity on the WLAN to determine if it should “wake up” and enter into a communication.
The IEEE 802.11 standard defines several services that govern how two IEEE 802.11 devices communicate. As part of the connection process, the station listens for messages from any access points that are in range. If the station finds a message from an access point that has a matching SSID, it sends an authentication request to the access point. The access point authenticates the station and the station sends an association request to the access point. The access point then associates with the station and the station can communicate with the network through the access point. An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802.11 standard defines two types of WEP authentication: Open System and Shared Key. Open System Authentication allows any device to join the network, assuming that the device SSID matches the access point SSID. In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. Alternatively, the device can associate with any available access point within range, regardless of its SSID. The following steps occur when two devices use Open System Authentication. First, the station sends an authentication request to the access point. The access point authenticates the station. The station then associates with the access point and joins the network.
In Shared Key Authentication WEP is used for authentication thus the station and the access point must have the same WEP key to authenticate. The following four-way challenge-response handshake is used. First, the station sends an authentication request to the access point. The access point sends a clear-text challenge to the station. The station uses its configured default key to encrypt the challenge text and sends the encrypted text back to the access point. The access point decrypts the encrypted text using its configured WEP key that corresponds to the station's default key. The access point compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP key, and the access point authenticates the station. The station connects to the network and WEP can be used for encrypting/decrypting the data frames. If the decrypted text does not match the original challenge text (that is, the access point and station do not share the same WEP key), then the access point will refuse to authenticate the station, and the station will be unable to communicate with either the IEEE 802.11 network or wired Ethernet network accessed only through the IEEE 802.11 network.
Thus, in order for a WLAN capable device (e.g., a smart phone or a laptop) to connect to a WLAN access point (AP), the device must first complete the association then the authentication phases. During association, both the device and AP negotiate the profile SSID, frequency band, data rates and transmit power levels for the WLAN connection. When association is completed (for PSK and EAP), the device must then authenticate itself to the AP prior to the data exchange phase. Authentication is done using the appropriate security credentials depending on the authentication protocol configured at the AP. Examples of authentication credentials include MAC filtering, pass-phrase, username-password, etc. Some WLAN profiles are open system profiles, i.e., require no authentication to grant network access. Hotspot profiles are usually open system profiles and can be found at metropolitan areas such as airports, coffee-shops, public libraries, etc. Network administrators, however, can still configure an open system WLAN profile to use an encryption mechanism in order to further protect the data packets exchanged between the AP and the handsets. Encryption algorithms include WEP, TKIP, AES, etc. Despite its security vulnerabilities for short (40 bit) keys, WEP is still commonly used for data encryption with longer and stronger keys enabled (104 or 256 bit long). For example, most hotspot installations are usually configured to use open system WLAN profiles with WEP as the encryption protocol.