Wi-fi Certified Easy Connect
Chieko Boteler
There is a need for a simple, secure way to onboard IoT devices in a manner that scales from small home networks to large, complex enterprise networks that also addresses the unique requirements of IoT. Wi-Fi Alliance has developed the Wi-Fi Easy Connect program based on the Device Provisioning Protocol (DPP) making onboarding a device as simple as scanning a QR code. In some optional deployments, onboarding with Wi-Fi Easy Connect merely entails turning the device on and walking away for a true zero-touch onboarding experience.
The DPP protocol is performed by two entities, the Enrollee device wishing to be onboarded, and the Configurator, which is responsible for authenticating the Enrollee and provisioning it for the network. With DPP, the Configurator could be a smartphone or other mobile device, or it could be a device fixed in the network such as an access point (AP), switch, or router. The only requirement is that both the Enrollee and the Configurator have access to an interface that enables Wi-Fi connections. The DPP protocol is also supported over TCP/IP connections, allowing for a centralized controller to act as a Configurator and use a multitude of APs for its Wi-Fi communication.
Small office deployments of Wi-Fi Easy Connect resemble home office deployments. The Configurator can reside in an AP/router and utilize an app running on a mobile device to populate the DPP URI database on the Configurator using a DPP-defined REST API.
Large enterprise Wi-Fi networks are typically handled with a multitude of APs that communicate with centralized controllers. This type of deployment is well-suited to DPP when the centralized controller is the Configurator, or when a network Configurator service exists to which various controllers communicate. APs connect to these controllers and bridge the DPP conversation back using DPP-over-TCP (figure 2).
Some Wi-Fi deployments occur in challenging environments, like an offshore oil rig or the core of a nuclear reactor, where sensors, monitors, and controllers are needed to conduct a safe operation. Traditionally, provisioning of these devices was a challenge because the personnel with IT expertise typically did not have access to the location the device needed to be installed, and those with access typically had expertise in other fields. Wi-Fi Easy Connect allows personnel with no IT or networking expertise to install a device in a challenging area simply by turning it on.
The statements and opinions by each Wi-Fi Alliance member and those providing comments are theirs alone, and do not reflect the opinions or views of Wi-Fi Alliance or any other member. Wi-Fi Alliance is not responsible for the accuracy of any of the information provided by any member in posting to or commenting on this blog. Concerns should be directed to in...@wi-fi.org.
Wi-Fi Easy ConnectTM, also known as Device Provisioning Protocol (DPP) or Easy Connect, is a provisioning protocol certified by Wi-Fi Alliance. It is a secure and standardized provisioning protocol for configuration of Wi-Fi Devices. With Easy Connect, adding a new device to a network is as simple as scanning a QR Code. This reduces complexity and enhances user experience while onboarding devices without UI like Smart Home and IoT products. Unlike old protocols like Wi-Fi Protected Setup (WPS), Wi-Fi Easy Connect in corporates strong encryption through public key cryptography to ensure networks remain secure as new devices are added.
ESP32-S3 supports Enrollee mode of Easy Connect with QR Code as the provisioning method. A display is required to display this QR Code. Users can scan this QR Code using their capable device and provision the ESP32-S3 to their Wi-Fi network. The provisioning device needs to be connected to the AP which need not support Wi-Fi Easy ConnectTM.
Easy Connect is still an evolving protocol. Of known platforms that support the QR Code method are some Android smartphones with Android 10 or higher. To use Easy Connect, no additional App needs to be installed on the supported smartphone.
The Wi-Fi Alliance is a non-profit[1] organization that owns the Wi-Fi trademark. Manufacturers may use the trademark to brand products certified for Wi-Fi interoperability. It is based in Austin, Texas.
Early 802.11 products suffered from interoperability problems because the Institute of Electrical and Electronics Engineers (IEEE) had no provision for testing equipment for compliance with its standards.
The group of companies included 3Com, Aironet (acquired by Cisco), Harris Semiconductor (now Intersil), Lucent (was Alcatel-Lucent, then acquired by Nokia), Nokia and Symbol Technologies (acquired by Motorola, Zebra Technologies, and now Extreme Networks).[4]
The alliance lists Apple, Comcast, Samsung, Sony, LG, Intel, Dell, Broadcom, Cisco, Qualcomm, Motorola, Microsoft, Texas Instruments, and T-Mobile as key sponsors. The charter for this independent organization was to perform testing, certify interoperability of products, and to promote the technology.[5]
Most producers of 802.11 equipment became members, and as of 2012,[update] the Wi-Fi Alliance included over 550 member companies. The Wi-Fi Alliance extended Wi-Fi beyond wireless local area network applications into point-to-point and personal area networking and enabled specific applications such as Miracast.
The Wi-Fi Alliance owns and controls the "Wi-Fi Certified" logo, a registered trademark, which is permitted only on equipment which has passed testing. Purchasers relying on that trademark may have greater chances of interoperation than otherwise. Testing involves not only radio and data format interoperability, but security protocols, as well as optional testing for quality of service and power management protocols.[7] Wi-Fi Certified products have to demonstrate that they can perform well in networks with other Wi-Fi Certified products, running common applications, in situations similar to those encountered in everyday use. Certification employs 3 principles:
The Wi-Fi Alliance definition of interoperability demands that products have to show satisfactory performance levels in typical network configurations and have to support both established and emerging applications. The Wi-Fi Alliance certification process includes three types of tests to ensure interoperability. Wi-Fi Certified products are tested for:
The 802.11 protocols are IEEE standards, identified as 802.11b, 11g, 11n, 11ac, etc. In 2018 The Wi-Fi Alliance created the simpler generation labels Wi-Fi 4 - 6 beginning with Wi-Fi 5, retroactively added Wi-Fi 4 and later added Wi-Fi 6 and Wi-Fi 6E.[23][24][25] Wi-Fi 5 had Wave 1 and Wave 2 phases. Wi-Fi 6E extends the 2.4/5 GHz range to 6 GHz, where licensed. Listed in historical and capacity order. See the individual 802.11 articles for version details or 802.11 for a composite summary.
WiGig refers to 60 GHz wireless local area network connection. It was initially announced in 2013 by Wireless Gigabit Alliance, and was adopted by the Wi-Fi Alliance in 2013. They started certifying in 2016. The first version of WiGig is IEEE 802.11ad, and a newer version IEEE 802.11ay was released in 2021.[26][27][28]
In October 2010, the Alliance began to certify Wi-Fi Direct, that allows Wi-Fi-enabled devices to communicate directly with each other by setting up ad-hoc networks, without going through a wireless access point or hotspot.[29][30] Since 2009 when it was first announced, some suggested Wi-Fi Direct might replace the need for Bluetooth on applications that do not rely on Bluetooth low energy.[31][32]
Miracast, introduced in 2012, is a standard for wireless display connections from devices such as laptops, tablets, or smartphones. Its goal is to replace cables connecting from the device to the display.[37]
Wi-Fi Aware is an interoperability certification program announced in January 2015 that enables device users, when in the range of a particular access point or another compatible device, to receive notifications of applications or services available in the proximity.[38][39] Later versions of this standard included new features such as the capability to establish a peer-to-peer data connection for file transfer.[40]
TDLS, or Tunneled Direct Link Setup, is "a seamless way to stream media and other data faster between devices already on the same Wi-Fi network" based on IEEE 802.11z and added to Wi-Fi Alliance certification program in 2012. Devices using it communicate directly with one another, without involving the wireless network's router.[43]
The certification of Wi-Fi Agile Multiband indicate devices can automatically connect and maintain connection in the most suitable way. It covers the IEEE 802.11k standard about access point information report, the IEEE 802.11v standard that enable exchanging information about state of network, IEEE 802.11u standard about additional information of a Wi-Fi network, IEEE 802.11r about fast transition roaming between different access points, as well as other technologies specified by Wi-Fi alliance.
Wi-Fi EasyMesh is a certification program based on its Multi-Access Point specification for creating Wi-Fi meshes from products by different vendors,[44] based on IEEE 1905.1. It is intended to address the problem of Wi-Fi systems that need to cover large areas where several routers serve as multiple access points, working together to form a larger/extended and unified network.[45][46][47]
Formerly known as Carrier Wi-Fi, Wi-Fi Vantage is a certification program for operators to maintain and manage quality Wi-Fi connections in high usage environment.[48] It includes a number of certification, such as Wi-Fi certified ac (as in 802.11ac), Passpoint, Agile Multiband, and Optimized Connectivity.[49]
Wi-Fi Multimedia (WMM) or known as Wireless Multimedia Extensions is a Wi-Fi Alliance interoperability certification based on the IEEE 802.11e standard. It provides basic quality of service (QoS) features to IEEE 802.11 networks.
Yesterday, the Wi-Fi Alliance announced the long-awaited, next generation in Wi-Fi security, WPA3. After 15 years, WPA3 will now begin to replace the existing WPA2 protocol, which is currently used by billions of wireless devices every day. For quite some time, WPA2 has long been considered insecure. It has always been vulnerable to brute force and dictionary attacks, which take advantage of wireless networks that have a weak password. It also suffered from a weak WPS pin that was only 6-digits long, making it easy for hackers to brute force.