Secure wireless network credential sharing

摘要

A wireless communications system mitigates the threat of a man-in-the-middle attack when sharing network credentials with a new device. A new wireless device signals that it needs credentials if no other devices are signaling that they need credentials. The new device provides a visible or audible indicator when requested to do so by a device with credentials. Either in response to approval by a user or automatically in response to the indicator, the device with credentials shares credentials with the new device, which can then establish a connection to the network.

主权项

1. A method performed by a first wireless device that is a displayless device, the method comprising:
deactivating a transmitter of the first wireless device; while the transmitter is deactivated, monitoring for a first beacon signal indicating that a second wireless device is seeking wireless network credentials to connect to a network access point using a displayless credentialing protocol; delaying sending a second beacon signal in response to detecting the first beacon signal, wherein the delaying ceases after determining an absence of the first beacon signal; determining, by the first wireless device, that the first wireless device is able to use the displayless credentialing protocol, based on determining the absence of the first beacon signal; activating the transmitter after determining the absence of the first beacon signal; sending, from the transmitter, the second beacon signal indicating a desire for wireless network credentials to be provided to the first wireless device; receiving a first response from a credentialing device, the first response including instructions to activate an indicator included in the first wireless device; activating the indicator based on receiving the instructions; receiving network credentials from the credentialing device after activating the indicator; and connecting the first wireless device to the network access point using the received network credentials, the network access point being separate from the credentialing device.