Configuration Guide Configuring WAPI
AS
Authentication Server: The AS provides the WAPI certificate authentication service.
ASU
Authentication Service Unit: An entity that provides mutual authentication service for the AE and ASUE. This entity resides in
the AS.
ASUE
Authentication Supplicant Entity: An entity that requests authentication before accessing a service. This entity resides in the
STA.
BK
Base Key: A key used for exporting unicast session keys. A BK is obtained through negotiation during certificate
authentication or is exported from a pre-shared key.
CA
Certification Authority: A CA is a trusted third-party organization who ensures that a certificate is issued to a person who
deserves it.
Overview
WAPI Authentication Approaches
You can enable authentication for an STA that accesses a WLAN.
You can enable unicast key negotiation and multicast key announcement.
5.3.1 WAPI Authentication Approaches
WAPI defines two authentication approaches:
Certificate authentication
Pre-shared key authentication
Working Principle
Certificate Authentication
Certificate authentication refers to authentication based on the certificates of an STA and an AE. Before authentication, the
STA and AE must have their own certificates. Then, the AS is used to authenticate the STA and AE to generate a BK based
on their temporary public keys and private keys and prepare for subsequent unicast key negotiation and multicast key
announcement.
When the WAPI function is applied in large-scaled WLANs, the certificate issuing system and certificate authentication
system must be separated. The ASUE and AE should be installed with three certificates: user or STA certificate, CA
certificate, and trusted ASU certificate. Among them, the ASU certificate is a mandatorily trusted certificate. After the
certificates are installed, the ASUE and AE become the CA and ASU. Therefore, we call this mode WAPI three-certificate
To Next Page
Loading...
Need help?
General
