SIM Authentication, also known as EAP-SIM/AKA, is all about a seamless and secure user experience. Users are automatically connected to an encrypted 802.1x Wi-Fi network.
SIM AUTHENTICATION FOR WI-FI AS SECURE AS MOBILE
One of the key benefits of using the SIM for authentication (EAP-SIM/AKA), is that both the authentication process as well as the data must be encrypted in the Wi-Fi network. Hence, the Wi-Fi network becomes as secure as the mobile network, learn more technical details below.
SEAMLESS SIM AUTHENTICATION FOR MOBILE
Key to a successful mobile data offloading strategy is ease of use with a seamless and secure user experience. SIM-based authentication is a powerful tool for achieving these goals. This is the method whereby mobile/cellular devices that have a SIM card use the same SIM card to authenticate the device for the Wi-Fi service. Users will just securely fly on to the Wi-Fi network.
The Aptilo SMP SIM Authentication™ performs EAP-SIM/AKA authentication optimized with the standard 3GPP AAA functionalities needed for an offloading scenario, enabling SIM-based authentication for any Wi-Fi network. Furthermore, the Aptilo mobile offloading solution supports a wide variety of alternative authentication methods for devices without SIM cards or lack of support for the EAP-SIM/AKA method.
EAP-SIM AND EAP-AKA FOR MOBILE DEVICES
Based on the award-winning Aptilo Service Management Platform™ (SMP), the Aptilo SMP SIM Authentication™ utilizes the same mechanism that is used in the mobile core to obtain a seamless and secure user experience when authenticating the user to the Wi-Fi network. If you need more functionality than just automatic authentication through the SIM, such as captive portal functionality and Wi-Fi policy management, then please consider the Aptilo SMP 3GPP AAA+™ or benefit from the full functionality for a next-generation Wi-Fi hotspot with Aptilo SMP.
USING EXISTING MOBILE INFRASTRUCTURE
A mobile service provider can leverage the existing infrastructure for HLR/HSS by adding a dedicated EAP-SIM/AKA authentication function.
The Aptilo SMP SIM Authentication™ provides a means for authentication with the subscriber credentials in the SIM card. It provides EAP-SIM/AKA (SIM/USIM-based) authentication for Wi-Fi users based on the information retrieved from the existing HSS over the Diameter Wx interface (supporting 3GPP Release 7 and onwards). It can do the same with information from the HLR over the SS7/MAP D’/Gr’ interface (supporting 3GPP Release 6 and onwards).
It can also interact with existing core network systems such as PCRF and DPI and OSS/BSS systems such as CRM, to build advanced policies for the session. One example is to first authenticate the user seamlessly. Then engage them with a portal experience or send and SMS/e-mail, if policies for the current location and user type so dictates.
By using our vendor-agnostic solution, you can use the existing mobile infrastructure independent of HLR/HSS vendor and regardless of system generation.
SCALABILITY AND AVAILABILITY
When automatically and actively offloading 3G/4G users, mobile operators need to handle Wi-Fi as a service that is as critical as mobile broadband.
This calls for an exceptionally scalable architecture with high availability. Our solution caters to this as it is built on Aptilo’s new ALE architecture which takes the scalability and availability issue out of the equation with linear scalability and high availability including geographic redundancy.
It supports SNMP-based network management, which means that service providers can integrate this node into the overall NOC operations.
FLEXIBLE CONNECTIVITY TO HSS/HLR IN THE MOBILE CORE
The Aptilo SMP SIM Authentication can connect to existing SS7 networks with ease and can be delivered with an optional SS7 PCI-Express board. Additionally, to facilitate connection with next-generation IP networks, it can handle SS7 over IP using the built-in support for SIGTRAN. The physical link for the IP-based SIGTRAN protocol and Diameter Wx is the native high-capacity IP network adapter in the server hardware. A multitude of SS7 and SIGTRAN protocols are supported to facilitate a smooth integration with the mobile core. Different national variants (ANSI, ITU, Chinese and Japanese) as well as hybrid variants are also supported. Authentication for both USIM- and SIM-based devices simultaneously provides a seamless migration path from older to newer devices.
With a dedicated and purpose-built function for SIM-based authentication, a service provider is presented with the most flexibility in terms of network topology. In a multi-HLR and -HSS environment we provide a central aggregation point for all Wi-Fi-based SIM authentication requests and is able to perform authentications to multiple HLR and HSS nodes from different vendors. Thanks to the central aggregation point, it is also able to connect with multiple different Wi-Fi systems that perform RADIUS signaling for the individual Wi-Fi networks.
It is also possible to deploy co-located with each HLR/HSS and configure a connection to the Wi-Fi AAA from each of the authentication nodes.
HOW DOES EAP-SIM/AKA WORK?
The EAP-SIM/AKA method requires that the Wi-Fi network has support for 802.1x which encrypts the content of the communication – an important benefit as it gives a security level equivalent to the security in 3G/4G networks. The authentication – using the user credentials on the SIM-card and the Extensible Authentication Protocol (EAP) – is made in three automatic steps that occur without any user interaction:
During the initialization, only EAP over LAN (EAPOL) 802.1x traffic is allowed between the client and the Wi-Fi access point. All other traffic like DHCP or HTTP is blocked.
The user credentials from the SIM card are delivered by the client to the Wi-Fi access point which in turn encapsulates an EAP authentication request in RADIUS and sends it to the Aptilo SMP SIM Authentication. The Aptilo SMP SIM Authentication contacts the HSS/HLR through the SS7/MAP or Diameter D’/Gr’ interface and retrieves the GSM/LTE authentication vectors that are used to authenticate the user. Upon successful authentication, Aptilo SMP SIM Authentication sends the generated encryption keys, used for protection of the Wi-Fi radio network, to the access point (AP).
The client needs to generate exactly the same encryption keys and validate the authentication vectors correctly through the SIM card in order to be admitted to the network.
We use cookies to improve and personalize your browsing experience. This site may also include cookies from third parties. By using this site, you consent to the use of cookies.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Privacy Policy
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.