Intermec CK60 User Manual page 176

Chapter 5 — Network Support
Key Management Protocols
WPA (Wi-Fi Protected Access)
WPA2 (Wi-Fi Protected Access)
Authentication
EAP (Extensible Authentication
Protocol)
EAP-FAST (Flexible
Authentication via Secure
Tunneling)
LEAP (Lightweight Extensible
Authentication Protocol)
EAP-PEAP (Protected Extensible
Authentication Protocol)
EAP-TLS (Transport Layer
Security)
EAP-TTLS (Tunneled Transport
Layer Security)
162
This is an enhanced version of WEP that does not rely on a static, shared key. It
encompasses a number of security enhancements over WEP, including improved
data encryption via TKIP and 802.11b/g authentication with EAP. WiFi
Alliance security standard is designed to work with existing 802.11 products and
to offer forward compatibility with 802.11i.
Second generation of WPA security. Like WPA, WPA2 provides enterprise and
home Wi-Fi users with a high level of assurance that their data remains protected
and that only authorized users can access their wireless networks. WPA2 is based
on the final IEEE 802.11i amendment to the 802.11 standard ratified in June
2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption
and is eligible for FIPS (Federal Information Processing Standards) 140-2
compliance.
802.11b/g uses this protocol to perform authentication. This is not necessarily an
authentication mechanism, but is a common framework for transporting actual
authentication protocols. Intermec provides a number of EAP protocols for you
to choose the best for your network.
A publicly accessible IEEE 802.1X EAP type developed by Cisco Systems. It is
available as an IETF informational draft. An 802.1X EAP type that does not
require digital certificates, supports a variety of user and password database types,
supports password expiration and change, and is flexible, easy to deploy, and easy
to manage.
Also known as Cisco-Wireless EAP, provides username/password based
authentication between a wireless client and a RADIUS server. In the 802.1x
framework, traffic cannot pass through a wireless network access point until it
successfully authenticates itself.
Performs secure authentication against Windows domains and directory services.
It is comparable to EAP-TTLS both in its method of operation and its security,
though not as flexible. This does not support the range of inside-the-tunnel
authentication methods supported by EAP-TTLS. Microsoft and Cisco both
support this protocol.
Based on the TLS (Transport Layer Security) protocol widely used to secure web
sites. This requires both the user and authentication server have certificates for
mutual authentication. While cryptically strong, this requires corporations that
deploy this to maintain a certificate infrastructure for all their users.
This protocol provides authentication like EAP-TLS (see
require certificates for every user. Instead, authentication servers are issued
certificates. User authentication is done using a password or other credentials that
are transported in a securely encrypted "tunnel" established using server
certificates.
EAP-TTLS works by creating a secure, encrypted tunnel through which you
present your credentials to the authentication server. Thus, inside EAP-TTLS
there is another inner authentication protocol that you must configure via
Additional TTLS Settings.
CK60 Mobile Computer with Windows Mobile User's Manual
page 152) but does not