The idea that entire communities should be provided with wireless network access, particularly through 802.11 channels, has lately been gaining support. In the first place, it would be a matter of convenience for individuals to have available wireless access to the Internet or to other networks (such as a voice communication network) with few geographic restrictions. In the second place, the availability of many, distributed wireless access points has been discussed as one possible solution for the crippling load on centralized communication services that often occurs in the case of disasters such as floods, hurricanes, or earthquakes. Because more and more individuals and businesses operate their own household or office wireless access points, it is becoming technically feasible to stitch together community-wide access from a patchwork of independent access points.
As desirable as it may appear to open access to all those within range, there are difficulties in ensuring the security and practicality of such a scheme. For example, an malicious user entering within range of a wireless access point could use up available bandwidth, slowing access for the remaining users, or worse, he could attempt to gain access to private data in individuals' home networks. While security software can make malicious use of a wireless access point more difficult, the first and most effective layer of protection is to prohibit untrusted users from using the access point in the first place. Many 802.11 “WiFi” connections require use of a 64-bit or 128-bit key to gain access. Distributing and typing in those keys is inconvenient, however, particularly for transient users such as houseguests or visiting business associates. Moreover, distributing a key to an individual also makes it possible for that individual to distribute the key to others, who in turn could continue distribution of the key until it reaches a malicious user.
There is a need to strike a balance between providing wireless access only to a few, trusted users and providing open access to everyone. At the same time, it is desirable to provide such advantages without requiring a new, separate authentication server.