Configuring devices for use on a network using a fast packet exchange with authentication

What is claimed is: 1. A computer-implemented method for using a first device to configure a second device to access a network, comprising: transmitting, by the first device, a first packet on a channel using an associated first media access control address, wherein the first packet comprises a probe request including a service set identifier information element that includes a setup value, wherein the setup value is a value that signals to the second device that the first device is able to configure the second device to access the network; receiving, by the first device, a second packet on the channel from the second device, wherein the second packet comprises a probe response containing a first encrypted challenge text and a sequence number and wherein the second packet includes a second media access control address; extracting, by the first device, from the second packet the second media access control address of the second device; transmitting, by the first device, a request for security information to a server, wherein the request includes the second media access control address and wherein the security information is security information associated with the second device; receiving, by the first device, the security information from the server; deriving, by the first device, a first encryption key using the first media access control address, the security information received from the server, and the sequence number; decrypting, by the first device, the first encrypted challenge text received from the second device into a first decrypted challenge text, wherein the decrypting uses the first encryption key; generating a second encryption key using the first media access control address, the second media access control address, the security information received from the server, and the sequence number; generating an encrypted security profile, using the second encryption key, from a security profile of an access point of the network, wherein the security profile includes attributes for the second device to use to connect to the network via the access point; and transmitting to the second device, by the first device, a third packet on the channel, the third packet comprising the encrypted security profile, wherein the encrypted security profile enables the second device to access the network. 2. The computer-implemented method of claim 1 , further comprising: receiving, by the second device, the third packet; generating, by the second device, a copy of the second encryption key from the first media access control address, the second media access control address, a copy of the security information stored in the second device, and the sequence number; decrypting, by the second device, the encrypted security profile using the copy of the second encryption key to form a decrypted security profile; and using, by the second device, the decrypted security profile to connect to the access point to access the network. 3. The computer-implemented method of claim 2 , wherein using the decrypted security profile to connect to the access point to access the network comprises: extracting, by the second device, a Wi-Fi configuration attribute from the decrypted security profile; extracting, by the second device, a security type from the Wi-Fi configuration attribute; extracting, by the second device, security credentials from the Wi-Fi configuration attribute; and associating, by the second device, with the access point using the security type and the security credentials. 4. The computer-implemented method of claim 1 , further comprising: encrypting, by the first device, a set of attributes with the second encryption key to form an encrypted set of attributes, wherein the set of attributes includes the first decrypted challenge text; inserting, by the first device, the encrypted set of attributes into the third packet prior to transmission to the second device; decrypting, by the second device, the encrypted set of attributes to obtain a copy of the first decrypted challenge text; and comparing, by the second device, the first decrypted challenge text with a challenge text that was encrypted to form the first encrypted challenge text. 5. A system, comprising: a transmitter and a receiver; a processor configured to: transmit a first request on a channel, the first request including a service set identifier information element with a setup value and an identifier of the system, wherein the setup value is a value that signals to an unprovisioned device that the system is able to configure the unprovisioned device to enable the unprovisioned device to access a network through an access point; receive a response on the channel from the unprovisioned device, the response requesting that the system configure the unprovisioned device to access the network through the access point wherein the response includes a sequence number and a first encrypted challenge text encrypted by a first secret value stored in the unprovisioned device; transmit a second request for security information of the unprovisioned device to a server; receive the security information from the server, wherein the security information corresponds to the first secret value stored in the unprovisioned device; generate a copy of the first secret value available outside the unprovisioned device, using an identifier of the unprovisioned device, the security information received from the server, and the sequence number; use the security information to verify an identity of the unprovisioned device; generate a security profile encrypted using a second secret value, wherein the second secret value is based on the copy of the first secret value and the identifier of the system, and wherein the security profile includes attributes for the unprovisioned device to connect to the network via the access point; and transmit the security profile to the unprovisioned device. 6. The system of claim 5 , wherein the first request further includes a vendor-specific information element with a vendor-specific organizationally unique identifier, wherein the first encrypted challenge text is encrypted using an encryption key, the encryption key based at least in part on the first secret value, and wherein to verify the identity of the unprovisioned device, the processor is further configured to decrypt the first encrypted challenge text using the security information. 7. The system of claim 6 , wherein to decrypt the first encrypted challenge text using the security information, the processor is further configured to: derive the encryption key as a function of the copy of the first secret value; and decrypt the first encrypted challenge text using the encryption key. 8. The system of claim 5 , wherein the first secret value is a function of (a) a medium access control address used by the unprovisioned device for other network interactions, (b) the first secret value stored in the unprovisioned device, and (c) the sequence number. 9. The system of claim 5 , wherein the second request for the security information is a request for the server to send the first secret value, wherein the second request includes the identifier of the unprovisioned device, the identifier of the unprovisioned device including one of a medium access control address used by the unprovisioned device for other network interactions, a serial number of the unprovisioned device, a model number of the unprovisioned device, or another number that uniquely identifies the unprovisioned device. 10. The system of claim 5 , wherein to use the security information to verify the identity of the unprovisioned device, the processor is further configured to: authenticate the identity of the unp