在传统方式下,用户新建一个无线网络时,必须在接入点手动设置网络名(SSID)和安全密钥,然后在客户端验证密钥以阻止“不速之客”的闯入。这整个过程需要用户具备Wi-Fi设备的背景知识和修改必要配置的能力。Wi- Fi Protected Setup能帮助用户自动设置网络名(SSID)、配置强大的WPA数据编码及认证功能,用户只需输入个人信息码(PIN方法)或按下按钮(按钮设置,或称PBC),即能安全地连入WLAN。这大大简化了无线安全设置的操作。Wi-Fi Protected Setup支持多种通过Wi-Fi认证的802.11产品,包括接入点、无线适配器、Wi-Fi电话以及其他消费性电子设备。WPS的优点· WPS能够在网络中为接入点及WPS客户端设备自动配置网络名(SSID)及WPA安全密钥。· 当连接WPS设备时,用户没有必要去了解SSID和安全密钥等概念。· 用户的安全密钥不可能被外人破解,因为它是随机产生的。· 用户不必输入预知的密码段或冗长的十六进制字符串。How Wi-Fi Protected Setup Works: A Detailed Look Configuration and security on Wi-Fi Protected Setup devices can be compared to the familiar ―lock and key‖ metaphor of traditional home security. The specification provides a simple, consistent procedure for adding new devices to established Wi-Fi networks based upon a discovery protocol that is consistent across vendors. This procedure automatically uses a Registrar to issue the credentials of devices being enrolled on the network. All Wi-Fi CERTIFIED APs with Wi-Fi Protected Setup possess Registrar capability; additionally, the Registrar can reside on any device on the WLAN. A Registrar that resides on the AP is referred to as an internal Registrar. A Registrar that resides on another device on the network is referred to as an external Registrar. A Wi-Fi Protected Setup network can support multiple Registrars on a single WLAN. The process the user follows to configure a new device on the WLAN begins with an action that can be compared to inserting a key into a lock (i.e. launching the configuration wizard and entering the PIN, pushing the PBC button, or touching one NFC device to another). At this stage, the user is seeking access. Wi-Fi Protected Setup initiates the exchange of information between the device and the Registrar, and the Registrar issues the network credentials (network name and security key) that authorize the client to join the WLAN. In the lock-and-key metaphor, this is akin to turning the key in the lock as access is granted. The new device can now securely communicate data across the network, safe from unauthorized access by intruders. In practice, when a new device that is Wi-Fi CERTIFIED for Wi-Fi Protected Setup comes within range of an active AP, its presence is detected, communicated to the Registrar and the user is prompted to initiate the action that authorizes the issuance of registration credentials. The Wi-Fi Protected Setup network encrypts data and authenticates each device. Information and network credentials are securely exchanged over the air using the Extensible Authentication Protocol (EAP), one of the authentication protocols used in WPA2. A handshake then takes place in which the devices mutually authenticate and the client is accepted onto the network. The Registrar communicates the network name (SSID) and the WPA2 ‖pre-shared key‖ (PSK), enabling security. Use of a random PSK enhances security by eliminating use of passphrases that could be predictable. The traditional installation method required the user to manually configure the AP to support a PSK, and then manually enter the SSID and PSK on both the AP and the client. This approach is subject to user errors through mistyping, confusion of PSK and SSID, and so on. With Wi-Fi Protected Setup, the credentials exchange process requires little user intervention after the initial setup action (entering the PIN or pushing the PBC button) is completed, because the network name and PSK are issued. The following diagrams illustrate how Wi-Fi Protected Setup configures a network. The gold lines indicate credentials exchange, while the green lines indicate communication over a security-enabled Wi-Fi connection. Fig. 1: Credentials Exchange In a Wi-Fi Protected Setup, the Registrar device prompts the other devices on the network to issue their identifying information, and then provides them with credentials. Information is exchanged over the Wi-Fi network. In the scenario presented in Fig. 1, the Access Point is acting as Registrar. The credentials exchange can follow the push of a button on the client and on the AP in PBC method, or the entry of a PIN from the client device being added being entered by the user into a GUI when using the PIN method. Fig. 2: Adding Additional Devices As new clients are added to an existing network, they are configured via PIN or push button. Similarly, as new AP devices are added to an existing network they are configured via a PIN or push button. Which method is used is dependent upon which configuration method is supported by the client device. Fig. 3: Many Devices Suitable for Wi-Fi Protected Setup A wide variety of devices can be added to a Wi-Fi Protected Setup network using the PIN or PBC methods. Glossary· Authentication: The process during which the identity of the wireless device or end-user is verified so that it may be allowed network access. · Credential: A data structure issued by a Registrar to a client, in order to allow it to gain access to the network. .· Discovery Protocol: A method used by the client and the Registrar to discern the presence and capabilities of networked devices. · Extensible Authentication Protocol (EAP): A protocol that provides an authentication framework for both wireless and wired Ethernet enterprise networks. Near Field Communication (NFC): A technology designed for short-range operation –approximately 10cm or less. NFC communication is enabled by touching an NFC Device with a contact-less card or NFC token. · NFC Device: A device that acts as a contactless reader/writer. NFC devices can communicate directly with each other and/or with NFC tokens. · NFC Token: A physical entity compliant with one of the mandatory NFC Forum tag specifications. An NFC Token cannot communicate with other NFC Tokens, but its content can be read or written by an NFC Device. · NFC Target Mark: A graphical sign that marks the area on NFC Devices where they have to be touched with an NFC Token or another NFC Device to initiate an NFC connection. · Personal Identification Number (PIN): A multi-digit number that is randomly generated to enroll a specific client device on a WLAN. (In the Wi-Fi Protected Setup program, the pin is 4 or 8 digits.)
温馨提示:答案为网友推荐,仅供参考