The configuration and provisioning of WiFi credentials is a significant challenge, especially for the “Internet of Things”. Many devices do not have suitable user interfaces for entering credentials  such as a WiFi network identity (SSID), passwords, etc.  End users need a secure and standard way to simply connect new devices to existing WiFi networks. The requirements for security of devices in commercial and industrial settings are also more advanced than within homes.

The Wi-Fi Alliance has created “Wi-Fi Easy Connect”, which is based on the Device Provisioning Protocol.  Wi-Fi Easy Connect  was released with WPA3 in June 2018.  

Wi-Fi Easy Connect greatly simplifies connecting new devices to WiFi .  In summary, the only requirements by end users are:

• A mobile phone connected to the WiFi network, and 
• A scan of a QR code for the device.  The QR code could be on packaging, or on the device, etc. 

A summary of Wi-Fi Easy Connect for consumer use, such as within a home, is illustrated below:

Security is based on a Public Key Infrastructure (PKI) key pair recorded in the device, including the Device Public Key.  Manufacturers are beginning to certify and sell devices to support Wi-Fi Easy Connect along with support of WPA3.  WPA3 will begin to replace WPA2 over the next several years.  In addition, Android 10 and future versions of Android include support for Wi-Fi Easy Connect.

The simplicity for device configuration can provide significant benefits for commercial and industrial users as well, such as within manufacturing environments, distribution centers, health care facilities, offices, etc.  However, one additional requirement compared to residential use, is for mutual authentication.  The device also needs to authenticate the mobile phone providing WiFi credentials. 

In other words, for business users, a configuring mobile phone should be authenticated with the device even though the device may not yet have any WiFi or Internet connectivity.  The device needs to trust the configuration data received from the mobile phone, since the device could be high value or sensitive equipment.  Or, IT security policies may reasonably mandate mutual authentication in order to setup new devices for connecting to the network.  

A summary of Wi-Fi Easy Connect with mutual authentication is below:

Although many businesses may prefer mutual authentication for Wi-Fi Easy Connect, mutual authentication adds the significant, new Step 3 above to securely transfer the mobile phone public key to the device.   The effort and steps required to load the device with the mobile phone public key can be equivalent to simply loading the device with WiFi credentials for the network.

Networks for businesses can consist of many different devices and mobile phones for device configuration.  The new Step 3 above to securely transfer mobile phone public keys to devices adds significant costs and time.  Note the associated costs scale with the number of devices and mobile phones for the network.  Those costs and steps reduce benefits from using Wi-Fi Easy Connect with mutual authentication.  

Cloud DPP  provides patented solutions that are 100% compatible with Wi-Fi Easy Connect to achieve the following key benefits:

• Ensures mutual authentication
• Eliminates the steps and costs to transfer mobile phone public keys to devices
• Increases security, since configuring mobile phones could be insecure
• Readily supports scaling to millions of devices or more

The Cloud DPP solution for Public Clouds provides the above benefits to large cloud service providers, where each cloud can support Wi-Fi Easy Connect for consumers or small businesses.

The Cloud DPP solution for Private Clouds provides the above benefits to corporate networks, where a company can easily implement and support mutually authenticated WiFi device configuration with internal networks.