IDG News Service - Palo Alto Research Center Inc. (PARC), the storied institution started by Xerox Corp. that has spawned easy-to-use technologies including Ethernet and the computer mouse, still remembers how to invent things that busy users can just plug in and forget about.
PARC researchers recently announced that they have come up with a device that lets new users securely sign onto a wireless LAN in less than five minutes, as well as a way for otherwise incompatible digital consumer devices to exchange data.
The WLAN "enrollment station," which has been under development for about a year and is already in use at Palo Alto, Calif.-based PARC, uses a public-key infrastructure (PKI) to automatically authenticate a client device to a WLAN. As it's currently implemented, a user walks up to the station with a notebook computer or other device, lines up its infrared port with that of the station and waits for the device to be signed on to the network. It cuts the process down from several steps and more than an hour to two steps and about two minutes, with no choices for the end user to make during the process, said Dirk Balfanz, a researcher in PARC's security group. The process would have to happen only once for every user on that LAN.
At the heart of the system is the IEEE 802.1x standard, a specification for authenticating clients on LANs. The enrollment station uses Extensible Authentication Protocol-Transport Level Security, one of the authentication protocols that's optional under 802.1x. It's compatible with the Wi-Fi Protected Access mechanism introduced last year, Balfanz said. In a company that already has a PKI for its WLAN, the station can be integrated into the existing system through the standard, which can support a wide range of current PKI technologies.
When the user brings a client system up to the enrollment station, the devices initially exchange a cryptographic key pair. Then the client requests a digital certificate, which can be approved or rejected automatically based on preset policies or by a network administrator via e-mail. When the client gets approved, it receives a certificate and is automatically configured to use the WLAN, according to PARC.
Though useful in enterprises, the technology might have more potential for home networks, Balfanz said. The enrollment station, consisting mostly of software, could be integrated with a combination access point and router, making it easier and safer for end users to sign onto a home LAN. Getting the LAN going would be as easy as plugging in the combination device
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
