At the heart of secure hotspot technology are two essential tasks:
1) generating unique encryption keys for each user and
2) automating the configuration of these keys and other wi-fi information within the user's device.
Two exciting technologies either in progress or already available to solve these problems: Hotspot 2.0 and new secure hotspot technology.
Hotspot 2.0 is a global initiative championed by the Wi-Fi Alliance (WFA) and Wireless Broadband Alliance (WBA) to address a myriad of wi-fi hotspot concerns ranging from automating the authentication and security of wi-fi connections to provisioning policy, establishing roaming agreements and ultimately the seamless transition between wi-fi and cellular networks. Hotspot 2.0 is an ideal way for carriers and enterprises to address some of these specific wi-fi hotspot security concerns when commercial Hotspot 2.0 network services become available in the future.
Beyond the larger Hotspot 2.0 framework, recent advances in wi-fi and wi-fi security now provide a way for public venues, enterprise and carrier to offer secure hotspots through an open wi-fi network. This has the advantage of requiring no new protocol or software support (Hotspot 2.0) and works across nearly all wi-fi enabled devices.
With secure hotspot technology, once a client associates to an open SSID from an access point, the wireless LAN (WLAN) controller sends the client device to a predetermined Web portal. The end-user is then asked if he or she wants a secure or open connection.
After signing in, a unique 63-byte encryption key with a limited life span is generated and bound to the user device by the WLAN controller. Vendors often call this capability Dynamic Pre-Shared Keys (DPSK). There is no need for pre-defined user credentials whatsoever. The Web server simply instructs WLAN controller to create a unique encryption key based on whatever information that hotspot operator wants to use to track users such as an email address, name, etc.
Once the key generation process is complete, the unique PSK and all the requisite WLAN information necessary to establish a secure connection is installed within the user's device connection manager using a dissolvable provisioning file that it automatically created and pushed to the user's devices without having to install any additional applications. The user device then automatically associates with the encrypted hotspot wi-fi network.
The end-user sees the option to connect more securely or not. There is no need for the hotspot administrator to pre-configure any user, although they can log details on each user and usage within the hotspot. The administrator's setup is very simple: configure an "open" (provisioning) SSID and an encrypted hotspot SSID for devices to automatically connect, once the user has agreed to set up an encrypted connection.
Sign up for Computerworld eNewsletters.