User's Manual

ManualsBrandsIntel Mobile Communications ManualsElectronicsIntel Centrino Advanced-N 2230

Certificate

Used for client authentication. A certificate is registered on the

authentication server (for example, RADIUS server) and used by the

authenticator.

CKIP

Cisco Key Integrity Protocol (CKIP) is a Cisco proprietary security

protocol for encryption in 802.11 media. CKIP uses a key message

integrity check and message sequence number to improve 802.11 security

in infrastructure mode. CKIP is Cisco's version of TKIP.

Client computer

The computer that gets its Internet connection by sharing either the host

computer's connection or the access point's connection.

DSSS

Direct Sequence Spread Spectrum. Technology used in radio

transmission. Incompatible with FHSS.

EAP

Short for Extensible Authentication Protocol, EAP sits inside of Point-to-

Point Protocol's (PPP) authentication protocol and provides a generalized

framework for several different authentication methods. EAP is supposed

to head off proprietary authentication systems and let everything from

passwords to challenge-response tokens and public-key infrastructure

certificates all work smoothly.

EAP-AKA

EAP-AKA (Extensible Authentication Protocol Method for UMTS

Authentication and Key Agreement) is an EAP mechanism for

authentication and session key distribution, using the Universal Mobile

Telecommunications System (UMTS) Subscriber Identity Module

(USIM). The USIM card is a special smart card used with cellular

networks to validate a given user with the network.

EAP-FAST

EAP-FAST, like EAP-TTLS and PEAP, uses tunneling to protect traffic.

The main difference is that EAP-FAST does not use certificates to

authenticate.

Provisioning in EAP-FAST is negotiated solely by the client as the first

communication exchange when EAP-FAST is requested from the server.

If the client does not have a pre-shared secret Protected Access

Credential (PAC), it can request to initiate a provisioning EAP-FAST

exchange to dynamically obtain one from the server.

EAP-FAST documents two methods to deliver the PAC: manual delivery

through an out-of-band secure mechanism, and automatic provisioning.

 Manual delivery mechanisms can be any delivery mechanism that

the administrator of the network feels is sufficiently secure for

their network.

 Automatic provisioning establishes an encrypted tunnel to protect

the authentication of the client and the delivery of the PAC to the

client. This mechanism, while not as secure as a manual method

may be, is more secure than the authentication method used in

LEAP.