In a large enterprise wireless local area network (WLAN) deployment with branch offices, the authentication servers often are located at a central location (e.g., the headquarter) that is remote to the branch offices. However, if the network connection between network devices at the branch office and those at the headquarter office (or data center) is down, then existing client devices at the branch offices will not be able to be authenticated due to the inaccessibility of the authentication server. Thus, even if a client device requires only local or Internet access, the network still will be unavailable for the client device during the down time of the network connection between the branch office and the headquarter office.
Moreover, with the technique of Transport Layer Security (TLS), a network administrator can revoke a particular user's network access by adding a Certificate Revocation List (CRL) entry for the particular user to the existing certificate. Nevertheless, continuous addition of CRL can significantly increase the size of existing certificate, and therefore revoking a single user's network access may become unsustainable for an embedded system.