Microsoft has released native support for the IEEE 802.11i wireless security specification in Windows XP and its variants, nearly a year after the standard's ratification. The update, made available on Friday, gives Windows compatibility with WPA2 - the certification based on 802.11i - as well as a standard designed to help laptops connect to secure public hotspots.

The Wi-Fi Alliance's WPA2 is designed to replace both the outdated Wired Equivalent Privacy (WEP) originally built into 802.11 and the stopgap WPA (Wi-Fi Protected Access) specification, which implements a subset of 802.11i. The standard uses the Advanced Encryption Standard (AES) block cipher, 802.1X authentication, RSN (Robust Security Network) and the CCMP encryption algorithm.

WPA2 is expected to greatly increase the security of enterprise wireless networks once it becomes widespread, but so far its implementation has been hampered by the need to upgrade both clients and access points, with access point hardware often needing to be replaced in order to handle AES.

The update to Windows XP, which also works with variants such as Media Center Edition, Tablet PC Edition and Service Pack 2, means Windows will work with WPA2-secured networks without needing any other special client software, Microsoft said.

The update supports WPA2 Enterprise using 802.1X authentication and WPA Personal using a preshared key (PSK) and AES using CCMP, Microsoft said. It supports the optional use of Pairwise Master Key (PMK) caching, a way of speeding up 802.1X authentications by storing authentication results, and the optional use of preauthentication, another way of speeding up 802.1X authentications.

The update requires WPA2-compliant access points, network adapters, Windows XP network adapter drivers, Microsoft said.

The update also adds Wireless Provisioning Services Information Element (WPS IE), a way of improving network discovery. Wireless hotspot providers are currently supporting networks both with and without security, and often need to advertise both types of networks at the same time using the same hardware infrastructure.

WPS IE is a standards-based way of getting around technical limitations preventing users from discovering both network SSIDs (Service Set Identifiers), Microsoft said; the technique means users should now be able to see previously hidden SSIDs of secure hotspot networks and log onto them.