With the advent of low-cost hardware, wireless computer networks are becoming ubiquitous in homes and offices throughout the United States and elsewhere. Many of these networks employ hardware and software for wireless communications that is compliant with one or more of the standards promulgated by the Institute of Electrical and Electronic Engineers (IEEE). For example, the 802.11 family of standards are contemplated which includes 802.11a, 802.11b, 802.11g and others. Among the reasons for widespread adoption of such networks is the flexibility and ease of installation afforded by wireless communications.
With such benefits come some drawbacks, however. For example, wireless networks are known to be less secure than their wired counterparts inasmuch as attacks against such networks can be launched from physically remote locations that network administrators may be incapable of monitoring. To combat such threats, network administrators often employ various security protocols, among them the use of encrypted communications and access control measures. For 802.11-compliant networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) protocols are often used to encrypt data within a wireless network so that only an intended recipient is able to read it. Although neither of these security protocols is perfect, they do afford some protection against casual hackers.
Both WEP and WPA operate on the basis of encryption keys that are used to authenticate devices seeking to gain access to the wireless network and, if desired, to encrypt/decrypt messages exchanged between nodes that are so admitted. Authentication is the process of proving identity and the 802.11 standards specify that, when used, it involves a four-step process to determine whether or not the device seeking access to the network has the correct key.
For example, as illustrated in FIG. 1, a requesting node 100 starts by sending an authentication request in operation 101 to a granting node 102 such as an access point or the like. In an 802.11-compliant network, the granting node 102 taking the form of an access point acts as a gatekeeper, allowing or not allowing other nodes to join the wireless network. The granting node 102 sends a challenge message in operation 104 to the requesting node 100 and, in order to gain admission to the network, the requesting node 100 must successfully encrypt the challenge message 104 using its key (e.g. WEP key, etc.), and send a response (see operation 106) back to the granting node 102.
The granting node 102 then decrypts the challenge message and compares it to the initial message. If the message is equivalent, the granting node 102 assumes that the requesting node 100 has the correct key and will grant that node access to the wireless network by confirming a success, per operation 108. Thus, any new users seeking to join a wireless network secured by WEP or a similar scheme that relies on shared keys must, prior to so joining the network, have knowledge of and/or access to those keys.
This sometimes creates a problem because often the keys are not in easily understandable formats. For instance, WEP keys may comprise long alphanumeric strings that are not easily memorized. Even where the keys have been translated to passwords or pass phrases that are more easily read/memorized by human users, providing those passwords to all potential users of a wireless network still poses problems.
For example, if a “guest” device is to be given temporary access to a network, and therefore its user given the network key or pass phrase, then in order to preserve security, the network administrator needs to change that key after such access has been terminated and so notify all other users of the network. Even if this sort of manual updating can be accomplished, it is a tedious task.
This problem is somewhat exacerbated because the 802.11 standards themselves specify no mechanism for key exchange among users and so a roaming user that requires access to several different networks may find him/herself having to comply with a myriad of different procedures for gaining the necessary network keys (while at the same time inconveniencing all of the network administrators and users of those networks when the keys have to be subsequently revised).
There is thus a need for overcoming these and other problems.