Carrier Wi-Fi

Hotspot 2.0

Hotspot 2.0 is all about facilitating the user experience in service provider Wi-Fi. This includes an automatic discovery and network selection followed by a secure and seamless user device connection to the carrier Wi-Fi network.

Wi-Fi CERTIFIED Passpoint™ was launched by Wi-Fi Alliance through partnerships between mobile device manufacturers, network equipment vendors, and operators. The purpose was to streamline network access in Wi-Fi hotspots and eliminate the need for users to find and authenticate a network each time they connect.  The Passpoint certification is based on the Hotspot 2.0 specification.

At the same time the Wireless Broadband Alliance (WBA), of which Aptilo is a member, launched their Next Generation Hotspot (NGH) program. It primarily focuses on interoperability between service provider Wi-Fi networks for roaming.

Together these two initiatives aim to create a blueprint for advanced Wi-Fi networks with an enhanced end-user experience for network selection, service authentication, security and roaming.

The ingredients of a Hotspot 2.0 Wi-Fi network

The ingredients of a Hotspot 2.0 service provider Wi-Fi network include:

  • An IEEE 802.11u-enabled Wi-Fi network that broadcasts capabilities of the network (ANQP)
  • An IEEE 802.1x-enabled Wi-Fi network with WPA2-Enterprise air interface encryption
  • Support for EAP-SIM/AKA or EAP-TLS/TTLS authentication
  • Facilitator for Wi-Fi roaming and home operator billing

The encrypted radio transmission (WPA2-enterprise) and EAP-based authentication makes Wi-Fi as secure and seamless as any cellular network.

Wi-Fi Alliance Hotspot 2.0 specifications, the WBA’s work with NGH, the latest 3GPP standards for Wi-Fi integration to the mobile core and CableLabs’ Wi-Fi roaming specifications. They all serve different industry needs and are complementary to one another.  Hotspot 2.0 primarily focuses on a seamless network selection over a secure Wi-Fi connection. The 3GPP efforts concentrate on a seamless integration of Wi-Fi access into the mobile core. This enables the mobile network operator (MNO) the possibility to offer their subscriber base a more streamlined mobile data service.

For Mobile Network Operators (MNO) and Multi System Operators (MSO), the seamless user experience and the additional security that EAP-based authentication methods and 802.1x support provide has become a must. Neither of these features are mutually exclusive to Hotspot 2.0. They can be implemented independently of the Hotspot 2.0 standard. In fact, EAP-SIM/AKA, EAP-TTLS and 802.1x are in operation by a number of operators globally including many of Aptilo’s customers. Some industry players would have called these installations Hotspot 2.0. We do not, unless they utilise the full feature-sets of Hotspot 2.0.

Aptilo SMP’s role in a Hotspot 2.0 Wi-Fi service

The Aptilo Service Management Platform™ , which include SIM-authentication capabilities, provides all the necessary back-end service management functions for a Hotspot 2.0 Wi-Fi network.

Hotspot 2.0 release 2 (R2) focuses on provisioning of EAP-TLS/TTLS certificates in non-SIM devices and to support online sign-up for Hotspot 2.0 services.

Aptilo’s captive portal solution supports online sign-up for Hotspot 2.0. The certificates will automatically install when the user click on a link at the portal. This is a one-time process. From now and on, the user will be automatically and securely connected to the 801.1x SSID via EAP-TTLS. Furthermore, we also have customers that have developed a simple tablet/smartphone app that automatically provisions EAP-TTLS certificates in non-SIM devices.