Wi-Fi Simple Configuration Technical Specification Version 2.0.5 This document contains a specification for easy, secure setup and introduction of devices into WPA2- enabled 802.11 networks. It is intended to meet the requirements determined by the Wi-Fi Protected Setup working group in Wi-Fi Alliance. WI-FI ALLIANCE PROPRIETARY – SUBJECT TO CHANGE WITHOUT NOTICE This document may be used with the permission of Wi-Fi Alliance under the terms set forth herein. By your use of the document, you are agreeing to these terms. Unless this document is clearly designated as an approved specification, this document is a work in process and is not an approved Wi-Fi Alliance specification. This document is subject to revision or removal at any time without notice. Information contained in this document may be used at your sole risk. Wi-Fi Alliance assumes no responsibility for errors or omissions in this document. This copyright permission does not constitute an endorsement of the products or services. Wi-Fi Alliance trademarks and certification marks may not be used unless specifically allowed by Wi-Fi Alliance. Wi-Fi Alliance has not conducted an independent intellectual property rights ("IPR") review of this document and the information contained herein, and makes no representations or warranties regarding IPR, including without limitation patents, copyrights or trade secret rights. This document may contain inventions for which you must obtain licenses from third parties before making, using or selling the inventions. Wi-Fi Alliance owns the copyright in this document and reserves all rights therein. A user of this document may duplicate and distribute copies of the document in connection with the authorized uses described herein, provided any duplication in whole or in part includes the copyright notice and the disclaimer text set forth herein. Unless prior written permission has been received from Wi-Fi Alliance, any other use of this document and all other duplication and distribution of this document are prohibited. Unauthorized use, duplication, or distribution is an infringement of Wi-Fi Alliance’s copyright. NO REPRESENTATIONS OR WARRANTIES (WHETHER EXPRESS OR IMPLIED) ARE MADE BY WI-FI ALLIANCE AND WI-FI ALLIANCE IS NOT LIABLE FOR AND HEREBY DISCLAIMS ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE USE OF THIS DOCUMENT AND ANY INFORMATION CONTAINED IN THIS DOCUMENT. © 2014 Wi-Fi Alliance. All Rights Reserved. Used with the permission of Wi-Fi Alliance under the terms as stated in this document. Wi-Fi Simple Configuration Technical Specification v2.0.5 Document History Version Date Status Comments 2.0.0.51 2010-09-01 Draft Draft release version to public 2.0.0 2010-12-20 Final Public release version 2.0.1 2011-08-11 Final Public release version - Added tablet PC to table 41 2.0.2 2012-01-30 Final Public release version - Change Headless Devices section to mandate implementation of strong mitigation against a brute force attack on the AP that uses a static PIN. 2.0.2.1.21 2014-01-27 Draft Draft release version to public - Updated to support NFC - Updated to incorporate the Wi-Fi Peer-to-Peer Services default configuration method - Updated to incorporate 60GHz_WPS_SRD_1.0 - Minor editorial corrections/clarifications 2.0.3 Draft Internal Draft, not publicly released 2.0.4 2014-03-21 Final Public release version - Clarifications on NFC sections - Minor editorial corrections/clarifications 2.0.5 2014-08-04 Final Public release version - Editorial updates to clarify references to Wi-Fi Peer-to-Peer Services (P2Ps) Specification © 2014 Wi-Fi Alliance. All Rights Reserved. Used with the permission of Wi-Fi Alliance under the terms as stated in this document. Page 2 of 155 Wi-Fi Simple Configuration Technical Specification v2.0.4 Table of Contents 1 Introduction ............................................................................................................ 11 1.1 Purpose ................................................................................................... 11 1.2 Scope....................................................................................................... 11 1.3 Supported Usage Models ........................................................................ 11 1.3.1 Primary Usage Models............................................................................. 11 1.3.2 Secondary Usage Models ........................................................................ 11 1.4 Design Approach ..................................................................................... 12 1.5 Solution Flexibility .................................................................................... 12 1.6 User Experience ...................................................................................... 13 1.6.1 In-band Setup .......................................................................................... 13 1.6.2 Out-of-Band Setup ................................................................................... 14 2 References ............................................................................................................. 15 3 Definitions .............................................................................................................. 16 4 Core Architecture ................................................................................................... 18 4.1 Components and Interfaces ..................................................................... 18 4.1.1 Architectural Overview ............................................................................. 18 4.1.2 Interface E ............................................................................................... 19 4.1.3 Interface M ............................................................................................... 20 4.1.4 Interface A ............................................................................................... 21 4.2 Registration Protocol................................................................................ 21 4.3 Security Overview .................................................................................... 23 4.3.1 In-band Configuration .............................................................................. 24 4.3.2 Guidelines and Requirements for PIN values .......................................... 26 4.3.3 Out-of-Band Configuration ....................................................................... 27 5 Initial WLAN Setup ................................................................................................. 28 5.1 Standalone AP ......................................................................................... 28 5.2 AP With an External Registrar ................................................................. 29 5.2.1 EAP-based Setup of External Registrar ................................................... 31 5.2.2 Ethernet-based Setup of External Registrar ............................................ 33 6 Adding Member Devices ........................................................................................ 34 6.1 In-band Setup Using a Standalone AP/Registrar ..................................... 35 6.2 In-band Setup Using an External Registrar .............................................. 36 © 2014 Wi-Fi Alliance. All Rights Reserved. Used with the permission of the Wi-Fi Alliance under the terms as stated in this document. Page 3 of 155 Wi-Fi Simple Configuration Technical Specification v2.0.4 6.2.1 PIN based setup - External Registrar trigger first ..................................... 36 6.2.2 PBC based setup – External Registrar trigger first .................................. 38 6.2.3 PIN based setup – Enrollee trigger first ................................................... 39 6.2.4 PBC based setup – Enrollee trigger first .................................................. 41 6.3 In-band Setup Using Multiple External Registrars ................................... 42 6.4 Secure Setup with Legacy Enrollee ......................................................... 45 6.4.1 Mental model mapping............................................................................. 45 7 Registration Protocol Definition .............................................................................. 46 7.1 Registration Protocol Initiation ................................................................. 46 7.2 Registration Protocol Messages .............................................................. 48 7.2.1 Optional Parameters ................................................................................ 50 7.2.2 Validation of Configuration Data .............................................................. 51 7.3 Key Derivation ......................................................................................... 51 7.4 Proof-of-possession of Device Password ................................................ 53 7.4.1 PIN Checksums ....................................................................................... 54 7.4.2 Device Password Splitting ....................................................................... 55 7.4.3 Device Password Usage in M1 and M2 ................................................... 55 7.5 Key Wrap Algorithm ................................................................................. 57 7.6 Key Summary and Classification ............................................................. 57 7.7