Knowledge Center: E
An alphabetical glossary of terms related to Laird's embedded wireless modules.
A | B | C | D | E | F | G | H | I | J | K | L | M
N | O | P | Q | R | S | T | U | V | W | X | Y | Z
123 and Symbols
E |
EAP (Extensible Authentication Protocol) is the authentication framework used with IEEE 802.1X, which is a component of WPA-Enterprise and WPA2-Enterprise. With some Wi-Fi infrastructures, EAP authentication also can be used outside of a WPA or WPA2 context.
You can read the original definition of EAP at RFC 3748 and an updated definition at RFC 5247.
When SCU is used to configure security settings, seven EAP types are supported: EAP-TLS, EAP-TTLS, PEAP-TLS, PEAP-MSCHAPv2, PEAP-GTC, EAP-FAST, and LEAP. For details, see the sections on EAP Types and EAP Credentials.
Related Topics:
For each EAP type supported by SCU, the table below shows the selections in the SCU Credentials box:
EAP-Type |
User |
Password |
CA Cert |
Validate Server |
User MS Store |
Others |
PEAP-MSCHAP |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
Filename (up to 32 characters) |
|||
PEAP-GTC |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
Filename (up to 32 characters) |
|||
PEAP-TLS |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
Filename (up to 32 characters) |
|||
EAP-TTLS |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
Filename (up to 32 characters) |
|||
EAP-TLS |
Username or Domain/Username (up to 64 characters) |
Filename (up to 32 characters) |
User Cert |
|||
EAP-FAST |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
PAC Filename (up to 32 characters) PAC Password (up to 32 characters) |
|||
LEAP |
Username or Domain/Username (up to 64 characters) |
Password (up to 32 characters) |
Note on CA Cert Field: This is the filename of the root certificate authority digital certificate. Leave this blank if the Use MS Store checkbox is checked.
Note on Validate Server Checkbox: Check this if you are using a CA certificate to validate an authentication server. When this is checked, you must enter a certificate filename in the CA Cert field or check the Use MS store checkbox.
Note: Laird strongly recommends the use of server validation with PEAP-GTC.
Note on Use MS Store Checkbox: Check this if the Microsoft certificate store should be used for a CA certificate. This is applicable only when Validate Server is checked.
Note on User Cert: Tap the "..." button to select a user (or station) certificate from the Microsoft certificate store. Do not enter a filename; the user certificate must reside in the Microsoft certificate store. When you browse for a certificate, the pop-up box displays Issued By and Issued To.
Of the seven EAP types supported by SCU, all but EAP-FAST and LEAP rely upon information in digital certificates that are created by a certificate authority (CA). To enable a station device to authenticate the server, you must provide a root CA certificate and distribute it to that station. You can store the CA certificate in a device's Microsoft certificate store or in a specified directory (see Certs Path for additional information regarding a specified directory).
Note: For EAP-TLS, you must also generate a user certificate for each station. The user certificate must be stored in the Microsoft certificate store on the station.
802.1X EAP types supported by SCU are:
EAP-FAST |
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling A protocol that was designed to address the vulnerabilities of LEAP while keeping a "lightweight" implementation. It uses a PAC (Protected Access Credential) to create a TLS tunnel where client credentials are verified. |
EAP-TLS |
Extensible Authentication Protocol-Transport Layer Security EAP-TLS (created by Microsoft) requires an exchange of proof of identities through public key cryptography (such as digital certificates). EAP-TLS secures this exchange with an encrypted TLS tunnel which helps to resist dictionary or other MitM (Man in the Middle) attacks. |
EAP-TTLS |
Tunneled Transport Layer Security EAP-TTLS enables WLAN station authentication without requiring the stations to have certificates which creates a simplified architecture of secure WLANs. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates. |
Protected Extensible Authentication Protocol or Protected EAP A protocol that creates an encrypted (and more secure) channel before the password-based authentication occurs. |
|
Generic Token Card An authentication mechanism that allows generic authentication to a number of databases and uses a one-time password (OTP is a password that is only valid for a single login session). |
|
Protected EAP-Microsoft Challenge Handshake Authentication Protocol - version 2 A protocol designed for a wireless network that is not configured for PKI (public key infrastructure). |
|
PEAP-TLS |
Protected Extensible Authentication Protocol-Transport Layer Security |
Lightweight Extensible Authentication Protocol A proprietary EAP mutual authentication protocol developed by Cisco Systems that uses a username and password system. |
Related Topics:
Edit Profile is a SCU Profile window setting. Use the drop-down menu to select the profie to be viewed or edited.
Note: SCU Admin use only. For more information, see the Wi-Fi Software Administrator's Guide.
An electronic health record (EHR) is similar to an electronic medical record with a few identifiable differences (the concept is still in formation). Conceptually, an electronic health record is designed to facilitate sharing between different health care environments, enabling more accurate medical data that follows the patient. This ensures that no matter where a patient is treated, medical personnel have access to the most accurate patient records.
An electronic medical record (EMR) is a computerized medical record analogous to a patient’s chart or history. Electronic medical records are built, stored, and maintained in a location where medical treatment is given.
Electrically Erasable Programmable Read-Only Memory; a means of saving information that must remain in the absence of a power supply (non-volatile memory).
Enable Radio/Disable Radio is an SCU Main window feature. When the radio is enabled, select this button (which displays Disable Radio) to disable it. When the radio is disabled, select the same button (which now displays Enable Radio) to enable it. When disabled, the radio does not attempt to make a connection to an access point.
Encryption involves scrambling transmitted data so that it can be read only by the intended receiver, which has the proper key to decrypt andunscramble the data.
In SCU, the Encryption setting in a profile can refer not just to an encryption method but also to an authentication method and an encryption key management protocol. The following table provides an explanation of SCU Encryption settings:
Profile Setting |
Authentication |
Encryption |
Key Management |
None |
None |
None |
None |
WEP |
None |
WEP |
Static (in SCU) |
WEP EAP |
EAP type |
WEP |
Dynamic (from EAP) |
CKIP |
None |
WEP+CKIP+CMIC |
Static (in SCU) |
CKIP EAP |
EAP type |
WEP+CKIP+CMIC |
Dynamic (from EAP) |
WPA-PSK |
PSK/password (in SCU) |
TKIP |
WPA |
WPA-TKIP |
EAP type |
TKIP |
WPA |
WPA CCKM |
EAP type |
TKIP |
WPA+CCKM |
WPA2-PSK |
PSK/password (in SCU) |
AES-CCMP |
WPA2 |
WPA2 AES |
EAP type |
AES-CCMP |
WPA2 |
WPA2 CCKM |
EAP type |
AES-CCMP |
WPA2+CCKM |
Signifies that a Bluetooth module does not require any additional testing or approvals from a global Bluetooth perspective and allows the OEM to fully market their device using the Bluetooth name and logos.
There are no default values for credentials. If the credentials are not specified in the profile then, when the radio tries to associate using that profile, Laird software displays a dialog box that prompts the user to enter the credentials. The software populates the dialog box with the username and password supplied for the previous EAP authentication.
Alternatively, the user can select another profile as the active profile and then switch back to the profile for which EAP authentication was canceled.
Note: SCU Admin use only. For more information, see the Wi-Fi Software Administrator's Guide.
European Telecommunications Standards Institute (ETSI) is the standards body for most of Europe, Africa, the Middle East, and parts of Asia. For more information: http://www.etsi.org/.
According to the Radio and Telecommunications Terminal Equipment (R&TTE) Directive, the manufacturer must issue a Declaration of Conformity (DoC) indicating device compliance with the basic requirements of applicable directives.
For ETSI certifications, all Laird certifications may be leveraged by mobile and portable device vendors as part of their self-declaration to obtain the CE mark required by members of the European Union.
Note: ETSI/CE rules differ from those of the FCC and IC in that there is no provision for a modular approval. All approvals and certifications must exist at the device, rather than the radio module, level.
In some situations, the module's current test reports may not be adequate to support a DoC for the end product:
Current versions of ETSI certifications:
Replacement of older BIOS systems and bootstrap loader. EFI defines an interface between an operating system and platform firmware; allows the BIOS to choose the operating system upon loading while also enabling vendors to create drivers that cannot be reverse engineered.
Related Topics: