Furthermore, the WPA PSK is a single and irrevocable key, shared by every wireless client device on the WLAN (technically, all devices associating with a given SSID). That means all the access points and associated clients of that SSID share the same key, creating a widely known secret. If the key is compromised in any way, or an employee quits or is fired, every client has to be given a new key, a big administrative chore.

But the new Aerohive system, based on a patent-pending algorithm, bypasses these potential vulnerabilities, according to Conway. With Private PSK, the Aerohive wireless LAN now generates a unique key for each scanner or phone or guest user on a given SSID. And each key or password can be a long, complex string of characters, making them harder to break. Each key can be revoked separately if needed. In addition, each user or group of users now can be assigned specific security policies.

Aerohive offers two ways to generate and deploy the pre-shared keys.

For enterprise users, AreoHive’s HiveManager network management application identifies a list of unsecured clients, generates a key (essentially a complex password) for each, and e-mails the key to each user. At the same time, HiveManager deploys copies of the key/user database to each access point, which can keep track of up to 1,000 users. The user connects to an access point, enters the password, and is authenticated. All the clients can be on the same SSID, and each one has a unique key.

Alternatively, for guests, the keys can be created ahead of time, using AreoHive’s GuestManager application. GuestManager and the access points use a different algorithm than HiveManager to generate the keys. When a visitor checks in, the receptionist can hand over a printout with the unique password to enter when connecting to an access point. The actual authentication is handled by GuestManager’s integrated RADIUS server. The keys can be assigned a specific time limit, after which they’re not longer valid.