Articles
From the horse’s mouth
Wi-Fi Alliance
Wi-Fi Easy Connect (Product Page)
My Comments
The Wi-Fi Alliance has released as part of its WPA3 update for wireless-networks security the Wi-Fi Easy Connect protocol for onboarding new devices to a Wi-Fi network segment. It will work with extant WPA2 network segments as well as newer WPA3-compliant segments which offers the chance for existing Wi-FI devices to support this technology. That is alongside the ability for device manufacturers and software / operating-system developers to meld it in to their existing products using new code.
It is intended for onboarding devices that have a limited user interface including onboarding Internet-capable “white goods” and “backbone” devices like fridges or heating / cooling equipment to your Wi-Fi network. It is currently being seen as an alternative to the push-button-based WPS configuration process for devices that don’t have much in the way of a user interface. For Android smartphone users, much of this process will be similar to using a printed QR code to “onboard” your smartphone to an existing Wi-Fi wireless network.
What is it about?
The main goal with the Wi-Fi EasyConnect standard is to permit a device with a rich user interface like a laptop, tablet or smartphone running suitable configuration software to pass configuration information to other devices that have a limited user interface. This can be facilitated with an independent configuration app or function that is part of the device’s operating system. Or it could be to allow configuration through the access point using its Web-based management user interface or a management app supplied by the access point’s manufacturer.
In all cases, the software that looks after the configuration aspect is described as a configurator. Access points or client devices that want to be part of the network are described as “enrollee” devices.
It can be feasible for one device to assume the role of a configurator or enrollee. An obvious example would be a computing device like a laptop, tablet or smartphone being able to come onboard an existing Wi-Fi network then you using that same computing device to bring another device like a network-capable fridge on board. Or you could bring a Smart TV or set-top box on-board to your Wi-Fi network using Wi-Fi Easy Connect but it then has the ability to be a “set-up point” for smartphones or tablets who want to join your Wi-FI network.
There are different ways of “associating” the enrollee device with the configurator device but it is primarily about making both devices know that they are trusted by each other.
The main method would be to use a QR code.that is on a sticker or card associated with the device or shown on the device’s display if this display is of the bitmapped graphical kind or can connect to a TV or monitor. Then the configuration device would scan this QR code if it is equipped with a camera.
Another option that is put forward is to use a text string written on a card or shown on a display and this would be used for configuration devices not equipped with a camera. This kind of situation may come in to its own if you are running a configuration program from a regular computer that isn’t equipped with a functioning Webcam.
The Device Provisioning Protocol standard that is what the Wi-Fi EasyConnect feature is based on supports the use of NFC “touch-and-go” or Bluetooth Low Energy wireless link as another way to interlink a configuration device and an enrollee device during the setup phase. Both these technologies could work well with smartphone-centric applications, wireless speakers, connected building-management technology and the like. But these haven’t been placed as part of the certification testing that Wi-Fi Alliance has for the EasyConnect standard.
Once the initial information is exchanged between the devices, both devices will establish a separate secure Wi-Fi link with each other. Then the configuration software on one of the devices will use this link to pass through the parameters necessary to allow the enrollee device to connect with the extant Wi-Fi network. The whole configuration data-exchange is secured using asymmetrical public-key cryptography with the public key obtained during the initial setup process. Then that device hunts for, discovers and connects to the newly-programmed network.
There is the ability to use this same setup with an access point to set it up to work with an extant network or to create a new network. The latter situation would most likely be based around accepting a machine-generated ESSID and password or allowing the user to enter an ESSID and/or password. On the other hand, the previously-connected Wi-Fi networks list that an operating system maintains could be a data source for configuring a Wi-Fi device to a particular extant network using EasyConnect.
From the FAQs that I had read on the Wi-Fi Alliance Website, the Wi-Fi EasyConnect protocol allows for a single configuration program to configure multiple enrollee devices at once. Here, it is to facilitate situations where you are onboarding many IoT devices at once or are creating a new Wi-Fi network with new credentials.
But it doesn’t support the ability to onboard a single Wi-Fi client device to two Wi-Fi networks at once like your main network and a hotspot / guest network. Instead you have to repeat the Wi-Fi EasyConnect procedure including scanning the QR code for each network you want a device to associate with. This is so you can have greater control over what networks your devices are to associate with, but it can be of concern if you have a separate Wi-Fi network segment with distinct ESSID (network name) linking to the same logical network such as when dealing with a dual-band network with separate network names for each band.
What needs to be done
Personally, I would like to see Wi-Fi EasyConnect configuration functionality baked in to desktop and mobile operating systems including Apple’s operating systems rather than be separate programs. This avoids the need to find, download and install separate EasyConnect apps from your platform’s app store or loading a computer or smartphone with too many apps. But it could encourage other software developers to build improved Wi-Fi EasyConnect configuration apps that may, perhaps, suit particular user needs like asset control in the business-computing context.
I would also encourage the idea of maintaining WPS-PBC push-button pairing as an alternative method to Wi-Fi EasyConnect for onboarding Wi-Fi devices. This is more so for those devices that have a limited or no user interface and the goal is to quickly onboard a device without a rich user interface like a printer to a Wi-Fi router or access point.
Similarly, the use of NFC or Bluetooth as a legitimate certification option for onboarding Wi-Fi devices has to be encouraged and underscored through the life of this standard. Here, I would prefer that smartphones or tablets equipped with NFC and / or Bluetooth be tested to be compliant with the NFC and Bluetooth aspects of this standard.
There also has to be the ability with Wi-Fi EasyConnect to onboard a Wi-Fi network device with a limited user interface to an enterprise-grade Wi-Fi network that uses individual usernames and passwords. This is important for “Internet-Of-Things” devices that will increasingly be part of these networks.
Conclusion
Wi-Fi EasyConnect leads to another way of onboarding a Wi-Fi network device or access point using another device equipped with a rich user interface and can apply across all small-network setups.