Blog  Video Button  White Papers  Knowledge Center  ews webinar button  ews-techsupport-button.jpg  Blank Button 

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

123 and Symbols


         

EAP

EAP (Extensible Authentication Protocol) is the authentication framework used with IEEE 802.1X, which is a component of WPA-Enterprise and WPA2-Enterprise. With some Wi-Fi infrastructures, EAP authentication also can be used outside of a WPA or WPA2 context.

You can read the original definition of EAP at RFC 3748 and an updated definition at RFC 5247.

When SCU is used to configure security settings, seven EAP types are supported: EAP-TLS, EAP-TTLS, PEAP-TLS, PEAP-MSCHAPv2, PEAP-GTC, EAP-FAST, and LEAP. For details, see the sections on EAP Types and EAP Credentials.

Related Topics: 

 


 

EAP Credentials

For each EAP type supported by SCU, the table below shows the selections in the SCU Credentials box:

EAP-Type 

User 

Password 

CA Cert 

Validate Server 

User MS Store 

Others 

PEAP-MSCHAP

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

Filename (up to 32 characters)

 See Note on CA Cert Field 

See Note on Validate Server Checkbox 

See Note on Use MS store Checkbox 

 

PEAP-GTC

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

Filename (up to 32 characters)

 See Note on CA Cert Field 

See Note on Validate Server Checkbox 

See Note on Use MS store Checkbox 

 

PEAP-TLS

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

Filename (up to 32 characters)

 See Note on CA Cert Field 

See Note on Validate Server Checkbox 

See Note on Use MS store Checkbox 

 

EAP-TTLS

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

Filename (up to 32 characters)

 See Note on CA Cert Field 

See Note on Validate Server Checkbox 

See Note on Use MS store Checkbox 

 

EAP-TLS

Username or Domain/Username (up to 64 characters)

 

Filename (up to 32 characters)

 See Note on CA Cert Field 

See Note on Validate Server Checkbox 

See Note on Use MS store Checkbox 

User Cert

 See Note on User Cert 

EAP-FAST

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

     

PAC Filename (up to 32 characters)

PAC Password (up to 32 characters)

LEAP

Username or Domain/Username (up to 64 characters)

Password (up to 32 characters)

       

Note on CA Cert Field: This is the filename of the root certificate authority digital certificate. Leave this blank if the Use MS Store checkbox is checked.

Note on Validate Server Checkbox: Check this if you are using a CA certificate to validate an authentication server. When this is checked, you must enter a certificate filename in the CA Cert field or check the Use MS store checkbox. 

 Note: Summit strongly recommends the use of server validation with PEAP-GTC.

 Note on Use MS Store Checkbox: Check this if the Microsoft certificate store should be used for a CA certificate. This is applicable only when Validate Server is checked.

 Note on User Cert: Tap the "..." button to select a user (or station) certificate from the Microsoft certificate store. Do not enter a filename; the user certificate must reside in the Microsoft certificate store. When you browse for a certificate, the pop-up box displays Issued By and Issued To.

 Of the seven EAP types supported by SCU, all but EAP-FAST and LEAP rely upon information in digital certificates that are created by a certificate authority (CA). To enable a station device to authenticate the server, you must provide a root CA certificate and distribute it to that station. You can store the CA certificate in a device's Microsoft certificate store or in a specified directory (see Certs Path for additional information regarding a specified directory).

 Note: For EAP-TLS, you must also generate a user certificate for each station. The user certificate must be stored in the Microsoft certificate store on the station.

 


 

EAP Types

802.1X EAP types supported by SCU are:

EAP-FAST 

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling

A protocol that was designed to address the vulnerabilities of LEAP while keeping a "lightweight" implementation. It uses a PAC (Protected Access Credential) to create a TLS tunnel where client credentials are verified.

EAP-TLS 

Extensible Authentication Protocol-Transport Layer Security

EAP-TLS (created by Microsoft) requires an exchange of proof of identities through public key cryptography (such as digital certificates). EAP-TLS secures this exchange with an encrypted TLS tunnel which helps to resist dictionary or other MitM (Man in the Middle) attacks.

EAP-TTLS 

Tunneled Transport Layer Security

EAP-TTLS enables WLAN station authentication without requiring the stations to have certificates which creates a simplified architecture of secure WLANs. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates.

PEAP 

Protected Extensible Authentication Protocol or Protected EAP

A protocol that creates an encrypted (and more secure) channel before the password-based authentication occurs.

PEAP-GTC 

Generic Token Card

An authentication mechanism that allows generic authentication to a number of databases and uses a one-time password (OTP is a password that is only valid for a single login session).

PEAP-MSCHAPv2 

Protected EAP-Microsoft Challenge Handshake Authentication Protocol - version 2

A protocol designed for a wireless network that is not configured for PKI (public key infrastructure).

PEAP-TLS 

Protected Extensible Authentication Protocol-Transport Layer Security

LEAP 

Lightweight Extensible Authentication Protocol

A proprietary EAP mutual authentication protocol developed by Cisco Systems that uses a username and password system.

Related Topics: 

 


 

Edit Profile (SCU Profile window)

Edit Profile is a SCU Profile window setting. Use the drop-down menu to select the profie to be viewed or edited.

Note: SCU Admin use only. For more information, see the Summit Software Administrator's Guide.

 


   

EHR

An electronic health record (EHR) is similar to an electronic medical record with a few identifiable differences (the concept is still in formation). Conceptually, an electronic health record is designed to facilitate sharing between different health care environments, enabling more accurate medical data that follows the patient. This ensures that no matter where a patient is treated, medical personnel have access to the most accurate patient records.

 


   

EMR

An electronic medical record (EMR) is a computerized medical record analogous to a patient’s chart or history. Electronic medical records are built, stored, and maintained in a location where medical treatment is given.

 

 


 

  

EEPROM

Electrically Erasable Programmable Read-Only Memory; a means of saving information that must remain in the absence of a power supply (non-volatile memory).

 


 

Enable Radio/Disable Radio

Enable Radio/Disable Radio is an SCU Main window feature. When the radio is enabled, select this button (which displays Disable Radio) to disable it. When the radio is disabled, select the same button (which now displays Enable Radio) to enable it. When disabled, the radio does not attempt to make a connection to an access point.

 


 

Encryption

Encryption involves scrambling transmitted data so that it can be read only by the intended receiver, which has the proper key to decrypt and unscramble the data.

In SCU, the Encryption setting in a profile can refer not just to an encryption method but also to an authentication method and an encryption key management protocol. The following table provides an explanation of SCU Encryption settings:

 

 Profile Setting 

 Authentication 

 Encryption 

 Key Management 

None

None

None

None

WEP

None

WEP

Static (in SCU)

WEP EAP

EAP type

WEP

Dynamic (from EAP)

CKIP

None

WEP+CKIP+CMIC

Static (in SCU)

CKIP EAP

EAP type

WEP+CKIP+CMIC

Dynamic (from EAP)

WPA-PSK

PSK/password (in SCU)

TKIP

WPA

WPA-TKIP

EAP type

TKIP

WPA

WPA CCKM

EAP type

TKIP

WPA+CCKM

WPA2-PSK

PSK/password (in SCU)

AES-CCMP

WPA2

WPA2 AES

EAP type

AES-CCMP

WPA2

WPA2 CCKM

EAP type

AES-CCMP

WPA2+CCKM

 
 

 

End Product Listing (EPL)

  

Signifies that a Bluetooth module does not require any additional testing or approvals from a global Bluetooth perspective and allows the OEM to fully market their device using the Bluetooth name and logos.

 
  

Entering Credentials for EAP Authentication (SCU)

There are no default values for credentials. If the credentials are not specified in the profile then, when the radio tries to associate using that profile, Summit software displays a dialog box that prompts the user to enter the credentials. Summit software populates the dialog box with the username and password supplied for the previous EAP authentication.

Important notes on Entering Credentials for EAP Authentication:

  • If the credentials specified in the profile do not match those in the authentication database then, when that profile is used:
    • If the EAP type is EAP-FAST or EAP-TLS, authentication fails.
    • If the EAP type is LEAP, PEAP-MSCHAP, PEAP-GTC, or EAP-TTLS, then Summit software tries the credentials three times and then prompts the user to enter valid credentials. Once EAP authentication is passed, Summit software stores the valid credentials in the profile.
     
  • When prompted with a dialog box, the user can enter valid credentials, enter invalid credentials, or cancel the operation:
    • If the user enters valid credentials and taps OK, the radio associates and authenticates.
    • If the user enters invalid credentials and taps OK, the radio associates but does not authenticate, and the user is re-prompted to enter credentials.
    • If the user taps Cancel or the user clears the credentials fields and taps OK, then the radio does not attempt to associate with that profile until the user performs one of the following actions (while the profile is the active profile):
      • Causes the device to go through a power cycle or suspend/resume.
      • Disables and enables the radio or taps Reconnect on the Diags window.
      • Modifies the profile and taps Commit.

      Alternatively, the user can select another profile as the active profile and then switch back to the profile for which EAP authentication was canceled.

  • If the password stored in the profile or provided in the dialog box has expired in the authentication database, then the authentication server may send an "Expired Password" (RFC 2759) message to the client. If the EAP type is PEAP-MSCHAP, PEAP-GTC, or EAP-TTLS, then Summit software handles that message by displaying a dialog box that prompts the user to enter the expired password and a new password. Summit software then uses the entered information to respond to the RFC 2759 message. If EAP authentication succeeds and the expired password was saved in the profile, then Summit software updates the profile with the new password.
  • Any password provided for EAP authentication, whether in a profile or in an authentication dialog box, should not contain parentheses. Neither SCU nor the dialog box flags a parenthesis as an invalid character, but the integrated supplicant treats parentheses as delimiters and interprets the characters between a left parenthesis and a right parenthesis as the "true" password.

Note: SCU Admin use only. For more information, see the Summit Software Administrator's Guide.

 


 

ETSI

European Telecommunications Standards Institute (ETSI) is the standards body for most of Europe, Africa, the Middle East, and parts of Asia. For more information: http://www.etsi.org/.

According to the Radio and Telecommunications Terminal Equipment (R&TTE) Directive, the manufacturer must issue a Declaration of Conformity (DoC) indicating device compliance with the basic requirements of applicable directives.

For ETSI certifications, all Summit certifications may be leveraged by mobile and portable device vendors as part of their self-declaration to obtain the CE mark required by members of the European Union.

Note: ETSI/CE rules differ from those of the FCC and IC in that there is no provision for a modular approval. All approvals and certifications must exist at the device, rather than the radio module, level.

In some situations, the module's current test reports may not be adequate to support a DoC for the end product:

  • Environmental extremes - The host (end) product may be marketed for a higher or different temperature range or a different voltage range than what was included in the module's original testing.
  • Antenna - The antenna gain used by the host product may be different than with module's original test reports.
  • Software - The host product may not fully incorporate some of the features present in the operating software used in the original module tests.
  • Module modifications - The integrator may have to modify the module to allow it to operate properly in the host system. If so, the integrator must have a thorough understanding of the impact the changes may have on each of the module tests.

Current versions of ETSI certifications:

  • EN 300 328  (v1.7.1)
  • EN 301 893 (v1.5.1) (a/b/g modules)
  • EN 301 489-1 (v1.8.1) (Council Directive 2004/108/EC on Electromagnetic Compatibility)
  • EN 301 489-17 (v.2.1.1) (Council Directive 2004/108/EC on Electromagnetic Compatibility)
  • EN 60950-1 (2006+A1:2010) (Council Directive 2006/95/EC on Low Voltage Equipment Safety)
  • EN 62311:2008 (Assessment of electronic and electrical equipment related to human exposure restrictions for electromagnetic fields)
  • EU 2002/95/EC (RoHS)

 


 

Extensible Firmware Interface (EFI)

Replacement of older BIOS systems and bootstrap loader. EFI defines an interface between an operating system and platform firmware; allows the BIOS to choose the operating system upon loading while also enabling vendors to create drivers that cannot be reverse engineered.

Related Topics: 

 


 

[Top]