E | LairdTech

A | B | C | D | E | F | G | H | I | J | K | L | M
N | O | P | Q | R | S | T | U | V | W | X | Y | Z
123 and Symbols

EAP
EAP Credentials
EAP Types
Edit Profile
EEPROM

End Product Listing (EPL)
ETSI
Extensible Firmware Interface (EFI)

EAP

EAP (Extensible Authentication Protocol) is the authentication framework used with IEEE 802.1X, which is a component of WPA-Enterprise and WPA2-Enterprise. With some Wi-Fi infrastructures, EAP authentication also can be used outside of a WPA or WPA2 context.

You can read the original definition of EAP at RFC 3748 and an updated definition at RFC 5247.

When SCU is used to configure security settings, seven EAP types are supported: EAP-TLS, EAP-TTLS, PEAP-TLS, PEAP-MSCHAPv2, PEAP-GTC, EAP-FAST, and LEAP. For details, see the sections on EAP Types and EAP Credentials.

Related Topics:

EAP Credentials
EAP Types

EAP Credentials

For each EAP type supported by SCU, the table below shows the selections in the SCU Credentials box:

EAP-Type	User	Password	CA Cert	Validate Server	User MS Store	Others
PEAP-MSCHAP	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)	Filename (up to 32 characters) See Note on CA Cert Field	See Note on Validate Server Checkbox	See Note on Use MS store Checkbox
PEAP-GTC	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)	Filename (up to 32 characters) See Note on CA Cert Field	See Note on Validate Server Checkbox	See Note on Use MS store Checkbox
PEAP-TLS	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)	Filename (up to 32 characters) See Note on CA Cert Field	See Note on Validate Server Checkbox	See Note on Use MS store Checkbox
EAP-TTLS	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)	Filename (up to 32 characters) See Note on CA Cert Field	See Note on Validate Server Checkbox	See Note on Use MS store Checkbox
EAP-TLS	Username or Domain/Username (up to 64 characters)		Filename (up to 32 characters) See Note on CA Cert Field	See Note on Validate Server Checkbox	See Note on Use MS store Checkbox	User Cert See Note on User Cert
EAP-FAST	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)				PAC Filename (up to 32 characters) PAC Password (up to 32 characters)
LEAP	Username or Domain/Username (up to 64 characters)	Password (up to 32 characters)

Note on CA Cert Field: This is the filename of the root certificate authority digital certificate. Leave this blank if the Use MS Store checkbox is checked.

Note on Validate Server Checkbox: Check this if you are using a CA certificate to validate an authentication server. When this is checked, you must enter a certificate filename in the CA Cert field or check the Use MS store checkbox.

Note: Laird strongly recommends the use of server validation with PEAP-GTC.

Note on Use MS Store Checkbox: Check this if the Microsoft certificate store should be used for a CA certificate. This is applicable only when Validate Server is checked.

Note on User Cert: Tap the "..." button to select a user (or station) certificate from the Microsoft certificate store. Do not enter a filename; the user certificate must reside in the Microsoft certificate store. When you browse for a certificate, the pop-up box displays Issued By and Issued To.

Of the seven EAP types supported by SCU, all but EAP-FAST and LEAP rely upon information in digital certificates that are created by a certificate authority (CA). To enable a station device to authenticate the server, you must provide a root CA certificate and distribute it to that station. You can store the CA certificate in a device's Microsoft certificate store or in a specified directory (see Certs Path for additional information regarding a specified directory).

Note: For EAP-TLS, you must also generate a user certificate for each station. The user certificate must be stored in the Microsoft certificate store on the station.

EAP Types

802.1X EAP types supported by SCU are:

EAP-FAST	Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling A protocol that was designed to address the vulnerabilities of LEAP while keeping a "lightweight" implementation. It uses a PAC (Protected Access Credential) to create a TLS tunnel where client credentials are verified.
EAP-TLS	Extensible Authentication Protocol-Transport Layer Security EAP-TLS (created by Microsoft) requires an exchange of proof of identities through public key cryptography (such as digital certificates). EAP-TLS secures this exchange with an encrypted TLS tunnel which helps to resist dictionary or other MitM (Man in the Middle) attacks.
EAP-TTLS	Tunneled Transport Layer Security EAP-TTLS enables WLAN station authentication without requiring the stations to have certificates which creates a simplified architecture of secure WLANs. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates.
PEAP	Protected Extensible Authentication Protocol or Protected EAP A protocol that creates an encrypted (and more secure) channel before the password-based authentication occurs.
PEAP-GTC	Generic Token Card An authentication mechanism that allows generic authentication to a number of databases and uses a one-time password (OTP is a password that is only valid for a single login session).
PEAP-MSCHAPv2	Protected EAP-Microsoft Challenge Handshake Authentication Protocol - version 2 A protocol designed for a wireless network that is not configured for PKI (public key infrastructure).
PEAP-TLS	Protected Extensible Authentication Protocol-Transport Layer Security
LEAP	Lightweight Extensible Authentication Protocol A proprietary EAP mutual authentication protocol developed by Cisco Systems that uses a username and password system.

Related Topics:

EAP
EAP Credentials

Edit Profile (SCU Profile window)

Edit Profile is a SCU Profile window setting. Use the drop-down menu to select the profie to be viewed or edited.

Note: SCU Admin use only. For more information, see the Wi-Fi Software Administrator's Guide.

EHR

An electronic health record (EHR) is similar to an electronic medical record with a few identifiable differences (the concept is still in formation). Conceptually, an electronic health record is designed to facilitate sharing between different health care environments, enabling more accurate medical data that follows the patient. This ensures that no matter where a patient is treated, medical personnel have access to the most accurate patient records.

EMR

An electronic medical record (EMR) is a computerized medical record analogous to a patient’s chart or history. Electronic medical records are built, stored, and maintained in a location where medical treatment is given.

EEPROM

Electrically Erasable Programmable Read-Only Memory; a means of saving information that must remain in the absence of a power supply (non-volatile memory).

Enable Radio/Disable Radio

Enable Radio/Disable Radio is an SCU Main window feature. When the radio is enabled, select this button (which displays Disable Radio) to disable it. When the radio is disabled, select the same button (which now displays Enable Radio) to enable it. When disabled, the radio does not attempt to make a connection to an access point.

Encryption

Encryption involves scrambling transmitted data so that it can be read only by the intended receiver, which has the proper key to decrypt andunscramble the data.

In SCU, the Encryption setting in a profile can refer not just to an encryption method but also to an authentication method and an encryption key management protocol. The following table provides an explanation of SCU Encryption settings:

Profile Setting	Authentication	Encryption	Key Management
None	None	None	None
WEP	None	WEP	Static (in SCU)
WEP EAP	EAP type	WEP	Dynamic (from EAP)
CKIP	None	WEP+CKIP+CMIC	Static (in SCU)
CKIP EAP	EAP type	WEP+CKIP+CMIC	Dynamic (from EAP)
WPA-PSK	PSK/password (in SCU)	TKIP	WPA
WPA-TKIP	EAP type	TKIP	WPA
WPA CCKM	EAP type	TKIP	WPA+CCKM
WPA2-PSK	PSK/password (in SCU)	AES-CCMP	WPA2
WPA2 AES	EAP type	AES-CCMP	WPA2
WPA2 CCKM	EAP type	AES-CCMP	WPA2+CCKM

End Product Listing (EPL)

Signifies that a Bluetooth module does not require any additional testing or approvals from a global Bluetooth perspective and allows the OEM to fully market their device using the Bluetooth name and logos.

Entering Credentials for EAP Authentication (SCU)

There are no default values for credentials. If the credentials are not specified in the profile then, when the radio tries to associate using that profile, Laird software displays a dialog box that prompts the user to enter the credentials. The software populates the dialog box with the username and password supplied for the previous EAP authentication.

Important notes on Entering Credentials for EAP Authentication:

If the credentials specified in the profile do not match those in the authentication database then, when that profile is used:
- If the EAP type is EAP-FAST or EAP-TLS, authentication fails.
- If the EAP type is LEAP, PEAP-MSCHAP, PEAP-GTC, or EAP-TTLS, then Laird software tries the credentials three times and then prompts the user to enter valid credentials. Once EAP authentication is passed, the software stores the valid credentials in the profile.
When prompted with a dialog box, the user can enter valid credentials, enter invalid credentials, or cancel the operation:
- If the user enters valid credentials and taps OK, the radio associates and authenticates.
- If the user enters invalid credentials and taps OK, the radio associates but does not authenticate, and the user is re-prompted to enter credentials.
- If the user taps Cancel or the user clears the credentials fields and taps OK, then the radio does not attempt to associate with that profile until the user performs one of the following actions (while the profile is the active profile):
  - Causes the device to go through a power cycle or suspend/resume.
  - Disables and enables the radio or taps Reconnect on the Diags window.
  - Modifies the profile and taps Commit.
  Alternatively, the user can select another profile as the active profile and then switch back to the profile for which EAP authentication was canceled.
If the password stored in the profile or provided in the dialog box has expired in the authentication database, then the authentication server may send an "Expired Password" (RFC 2759) message to the client. If the EAP type is PEAP-MSCHAP, PEAP-GTC, or EAP-TTLS, then the software handles that message by displaying a dialog box that prompts the user to enter the expired password and a new password. The software then uses the entered information to respond to the RFC 2759 message. If EAP authentication succeeds and the expired password was saved in the profile, then the software updates the profile with the new password.
Any password provided for EAP authentication, whether in a profile or in an authentication dialog box, should not contain parentheses. Neither SCU nor the dialog box flags a parenthesis as an invalid character, but the integrated supplicant treats parentheses as delimiters and interprets the characters between a left parenthesis and a right parenthesis as the "true" password.

Note: SCU Admin use only. For more information, see the Wi-Fi Software Administrator's Guide.

ETSI

European Telecommunications Standards Institute (ETSI) is the standards body for most of Europe, Africa, the Middle East, and parts of Asia. For more information: http://www.etsi.org/.

According to the Radio and Telecommunications Terminal Equipment (R&TTE) Directive, the manufacturer must issue a Declaration of Conformity (DoC) indicating device compliance with the basic requirements of applicable directives.

For ETSI certifications, all Laird certifications may be leveraged by mobile and portable device vendors as part of their self-declaration to obtain the CE mark required by members of the European Union.

Note: ETSI/CE rules differ from those of the FCC and IC in that there is no provision for a modular approval. All approvals and certifications must exist at the device, rather than the radio module, level.

In some situations, the module's current test reports may not be adequate to support a DoC for the end product:

Environmental extremes - The host (end) product may be marketed for a higher or different temperature range or a different voltage range than what was included in the module's original testing.
Antenna - The antenna gain used by the host product may be different than with module's original test reports.
Software - The host product may not fully incorporate some of the features present in the operating software used in the original module tests.
Module modifications - The integrator may have to modify the module to allow it to operate properly in the host system. If so, the integrator must have a thorough understanding of the impact the changes may have on each of the module tests.

Current versions of ETSI certifications:

EN 300 328 (v1.7.1)
EN 301 893 (v1.5.1) (a/b/g modules)
EN 301 489-1 (v1.8.1) (Council Directive 2004/108/EC on Electromagnetic Compatibility)
EN 301 489-17 (v.2.1.1) (Council Directive 2004/108/EC on Electromagnetic Compatibility)
EN 60950-1 (2006+A1:2010) (Council Directive 2006/95/EC on Low Voltage Equipment Safety)
EN 62311:2008 (Assessment of electronic and electrical equipment related to human exposure restrictions for electromagnetic fields)
EU 2002/95/EC (RoHS)

Extensible Firmware Interface (EFI)

Replacement of older BIOS systems and bootstrap loader. EFI defines an interface between an operating system and platform firmware; allows the BIOS to choose the operating system upon loading while also enabling vendors to create drivers that cannot be reverse engineered.