When I posted the How is WPS Supposed to Work? article, I expected to have the error of my ways shown to me in short order. But instead of a barrage of "You bonehead! This is how you do it..." comments, the article received only a few responses, most of which reported similar experiences.
The Wi-Fi Alliance provided no information, either, just an query via its PR agency asking which products had been tested. It turns out, however, that one reader, known only as "UTO", had the golden clue, which I'll share with you shortly.
So due to the scarcity of useful information on the workings of Wi-Fi Protected Setup, I'm going to use this Need To Know to flesh out the subject. I hope that it will save others the hassle of having to discover by experimentation information that should have been provided by the product manufacturers that are (so very) slowly incorporating WPS into their products.
As noted in the first article, WPS is a wireless security setup protocol announced in August 2006 that the Alliance brokered as a way to get Buffalo, Intel, Atheros, Broadcom and Microsoft to stop working at cross-purposes.
WPS combines elements of Broadcom's Secure Easy Setup, Buffalo's AOSS (AirStation One-Touch Secure System), Atheros' JumpStart, Intels Smart Wireless Technology and Microsoft's WCN (Windows Connect Now) into a single method for getting a wireless network securely set up quickly and easily.
We put both AOSS and Secure Easy Setup through their paces back in 2005. While both had their problems, both did succeed in automatically making a secure connection. But neither system would interoperate with the other; the problem that WPS set out to solve. Here we are three years later with the technology available to do what was done in 2005, but still not widely deployed for various reasons known only to the chip, product makers and Wi-Fi Alliance.
I suspect that part of the reason is that unlike WPA and WPA2 security, WPS is an optional certification. While many draft 11n routers are WPS certified, products introduced even as recently as last year, such as the Linksys WRT150N, still don't support it.
WPS support in client devices is even harder to find and must be supported in manufacturer-provided client applications. This is because Windows XP provides no WPS support and Windows Vista supports only the PIN method (more on that shortly). And even then, the router and client device must be initially connected via Ethernet (!) for Vista to support the WPS PIN session. (Subsequent client additions can be done via wireless connection, however.)
WPS currently supports two methods: Personal Information Number (PIN) and Push Button Configuration (PBC). The spec also includes a third method, Near-Field Communication (NFC) but there are currently no products that support NFC. To quote from the white paper:
"The Wi-Fi Protected Setup specification mandates that all Wi-Fi CERTIFIED products that support Wi-Fi Protected Setup are tested and certified to include both PIN and PBC configurations in APs, and at a minimum, PIN in client devices."
The difference between the two methods is pretty much described in their names. The PIN method involves entering a client device PIN, obtained either from a client application GUI or a label on a device, into the appropriate admin screen on a Registrar device.
Quoting further:"A Registrar ... issues the credentials necessary to enroll new clients on the network. In order to enable users to add devices from multiple locations, the specification also supports having multiple Registrars on a single network. Registrar capability is mandatory in an AP."
The PBC method requires the user to push buttons on the Registrar and Client devices within a two-minute period to connect them. (The two-minute period also applies to the PIN method.) The buttons can be physical, as they typically are on AP / router devices or virtual, as is normal on client devices.