1. All users on the home wireless network share a single 256-bit passphrase. Unlike WPA2, the connection handshake derives session keys independently on each side using Diffie-Hellman — no hash of the passphrase is transmitted across the wireless medium, eliminating offline brute-force attacks.
2. WPA3 uses this single algorithm to provide both AES-based data encryption for confidentiality and GMAC-based message integrity checking — replacing the separate CCMP algorithm used in WPA2.
3. In an 802.1X deployment, this is the role filled by the wireless access point — it blocks network access until authentication succeeds, relays EAP credential messages between the client and the authentication server, and opens the logical port upon receiving an Access-Accept response.
4. The centralized AAA server that receives forwarded authentication requests from access points, validates credentials against Active Directory, and returns Access-Accept or Access-Reject responses — optionally including authorization attributes such as VLAN assignment and session time limits.