IEEE 802.11i-2004

In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard.

The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security Network).

These utilize the authentication services and port access control described in IEEE 802.1X to establish and change the appropriate cryptographic keys.

This process ensures that the client station (STA) is authenticated with the access point (AP).

The four-way handshake[8] is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key.

The PMK is designed to last the entire session and should be exposed as little as possible; therefore, keys to encrypt the traffic need to be derived.

The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic.

Only WEP is allowed as the cryptographic encapsulation algorithm for management frames of subtype Authentication.