Consumer demand for wireless local area network (WLAN) products (e.g. smart phones) grew rapidly in the recent past as the cost of WLAN chipsets and software fell while efficiencies rose. Along with the popularity, however, came inevitable and necessary security concerns.
The Institute of Electrical and Electronics Engineers (IEEE) initially attempted to address wireless security issues through the Wired Equivalent Privacy (WEP) standard. Unfortunately, the WEP standard quickly proved inadequate at providing the privacy it advertised and the IEEE developed the 802.11i specification in response. 802.11i provides a framework in which only trusted users are allowed to access WLAN network resources. RFC 2284, setting out an in-depth discussion of Point-to-Point Protocol Extensible Authentication Protocol (PPP EAP) by Merit Network, Inc (available at http://rfc.net/rfc2284.html as of Mar. 9, 2006), is one example of the 802.11i network authentication process and is incorporated by reference.
A typical wireless network based on the 802.11i specification comprises a supplicant common known as a client (e.g. a laptop computer), a number of wireless access points (AP), and an authentication server. In some implementations, the APs also act as authenticators that keep the WLAN closed to all unauthenticated traffic. To access the WLAN securely, an encryption key known as the Pairwise Master Key (PMK) must first be established between the client and an AP. The client and the AP then exchange a sequence of four messages known as the “four-way handshake.” The four-way handshake produces encryption keys unique to the client that are subsequently used to perform bulk data protection (e.g. message source authentication, message integrity assurance, message confidentiality, etc.).
A handoff occurs when the client roams from one AP to another. Prior to 802.11i, it was necessary for the client to re-authenticate itself each time it associates with an AP. This renegotiation results in significant latencies and may prove fatal for real-time exchanges such as voice data transfer.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.