Authentication is one of the corner stones in an offloading solution. Aptilo offers best practice methods as well as alternative solutions, allowing the service provider to mix methods and create more innovative user interfaces.
SIM-based authentication is the best practice for authentication for mobile data offloading as it utilizes the same mechanism as in the 3G/LTE network making the authentication process seamless and secure for the end-user. An automatic authentication process in combination with smartphones’ tendency to prioritize Wi-Fi over 3G/LTE connections will ensure a high rate of offloaded users.
The Aptilo SMP SIM Authentication™ authenticates users based on the information retrieved from the HLR or HSS in the mobile core in accordance with the 3GPP AAA functionality.
The Wi-Fi network must support the 802.1x in order to deliver SIM credentials to the SIM authentication function, which provides the additional benefit of encrypting the Wi-Fi link with the same level of security as that which is found in the 3G/LTE network. The security and the automatic authentication process make the Wi-Fi network a trusted extension of the 3G/LTE network. Together with the new IEEE 802.11u standard, SIM-based EAP-SIM/AKA authentication has become the foundation of the next generation hotspot – Hotspot 2.0, as defined by the Hotspot 2.0 Task Group in the Wi-Fi Alliance.
There are about 800 million new Wi-Fi devices activated every year; not all of them will have SIM-cards or support for EAP-SIM/AKA. Mobile operators will need alternative authentication methods to support these customers.
Alternative authentication methods
Aptilo supports a number of authentication methods which can act as alternatives to EAP-SIM/AKA. In real-world deployments service providers always need to balance the security with user experience. These methods can be used to expand and compliment the compatibility of mobile data offloading with legacy devices that do not have SIM cards or support for SIM authentication mechanisms.
Aptilo also allows the service provider to mix authentication methods to create more innovative user interfaces. For example, to SIM-authenticate users automatically before pushing them to a captive portal to approve a daily charge amount or receive a commercial message (“bill chock prevention”).
One-time-password via SMS
Delivering password via SMS to the user or silently to a client application is the best way to securely identify a user on a open SSID Wi-Fi network.
MAC-based authentication
A very common method for Wi-Fi networks running on an open SSID is to use mac-based authentication, were the unique Media Access Control address (MAC) of the device is used for identification. This mechanism provides a seamless user experience with automatic login to the Wi-Fi network and is often used as a re-authentication mechanism for short-term accounts at Wi-Fi hotspots. However, since MAC addresses can be spoofed MAC-based authentication is not commonly used by service providers as the primary authentication mechanism for long-term accounts.
The location-based multi-device login is a patent-pending Aptilo invention which allows mobile operators to achieve a greater level of security for MAC-based authentication of devices in Wi-Fi networks. It makes an automatic MAC-based authentication for multiple devices more secure by tying them to an active mobile phone, belonging to the same subscriber, which is already authenticated via a secure EAP method at the same location.
Aptilo 3GPP Wi-Fi Access Unified
The 3GPP Wi-Fi access standard requires use of SIM authentication (EAP-SIM/AKA) where policies are retrieved from the subscriber profile in the HLR/HSS during the authentication process. These policies are crucial for the Wi-Fi service and include things such as APN and parameters for setting up the individual GTP tunnel for backhauling the user’s traffic to the mobile core.
Aptilo SMP already enables 3GPP Wi-Fi access for mobile phones with SIM cards using EAP-SIM/AKA. Aptilo SMP now extends 3GPP Wi-Fi access support to all Wi-Fi devices including those with SIM cards but lacking support for SIM authentication (EAP-SIM/AKA). This innovation utilizes the highly secure EAP-TTLS/PEAP authentication method instead of EAP-SIM/AKA while retrieving policies from the subscriber profile in HLR/HSS as if it was an EAP-SIM/AKA authentication. The Aptilo SMP retrieve the user’s subscriber profile by using the MSISDN (mobile number) rather than the IMSI (SIM card ID) as an identifier while using EAP-TTLS rather than EAP-SIM/AKA for security (the orange path above). In other words, Aptilo makes 3GPP Wi-Fi access possible in real-world deployments by adding support also for devices lacking SIM authentication capabilities.
The Aptilo 3GPP Wi-Fi access Unified Solution works for any of the 3GPP Wi-Fi access methods. One of the most popular methods is the trusted 3GPP Wi-Fi access. In this method, the user traffic is securely backhauled to the mobile core through a GTP (or MIP/PMIP) tunnel between the WAG/TWAG (Wireless Access Gateway) and the GGSN/P-GW.
What's next in Carrier Wi-Fi?
Aptilo's Paul Mikkelsen at CTIA 2015
Webinar: Why wait for 5g?
View On-Demand
Download More Information
What customers say about us
People from all over the world will flock to Brazil to celebrate the World Cup and 2016 Olympics. The ability to offload mobile data to Wi-Fi will ease network congestion significantly and increase data speeds, for an exceptional user experience.
We use cookies to improve and personalize your browsing experience. This site may also include cookies from third parties. By using this site, you consent to the use of cookies.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Privacy Policy
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.
What's next in Carrier Wi-Fi?Aptilo's Paul Mikkelsen at CTIA 2015
