Authentication and interoperability between cellular and Wi-Fi networks

One of the biggest impediments to traffic off-load to date has been the difficulty for users to transition between cellular and Wi-Fi networks. Until recently, it was generally necessary for users to log in manually to a public Wi-Fi hotspot in order to use the service. In some cases, this would require the entry of a WPA-2 key in the same way as a user’s home or office connection – once entered, this would provide automatic connection in the future as long as the password does not change.

In other cases, the hotspot would provide an “open” connection whereby the client device would connect automatically once the SSID is recognised, but the user would then be required to log in via a web browser. End-users would tend to find this approach counter-productive, in that by connecting automatically the cellular data connection is disabled, but the Wi-Fi connection will not convey data until the browser log-in is

complete. As a result, background data functionality (e.g. for synchronising e-mails) is lost, possibly prompting some users to disable Wi-Fi in order to maintain background connectivity.

More recently, technical improvements to the authentication process have been developed to overcome this problem and provide a more seamless network connection.

These include:

 MAC authentication: This provides automatic authentication of pre-registered devices based on their unique MAC address. It is now commonly used by the larger public Wi-Fi networks. Typically, the user is required to download an app to their device and to carry out a one-time registration, which registers the device MAC address on the network. Thereafter, the device will automatically connect to any of that network’s access points.

 Passpoint^TM: The Wi-Fi Alliance certified Passpoint^TM programme (part of the Hotspot 2.0 initiative) takes automatic authentication a stage further by adding features such as SIM-based authentication for Wi-Fi networks.

Additional security is also provided, equivalent to the WPA-2 protocols used on enterprise Wi-Fi networks. SIM-based authentication lends itself to roaming agreements between mobile network operators and Wi-Fi service providers. A number of such roaming agreements are already in place. For example, AT&T cellular subscribers from the US can now automatically roam on the The Cloud network in the UK. AT&T also has roaming agreements in France, the Netherlands and Spain.

Passpoint^TM also caters for other types of authentication, including trusted root certificates or the use of username and password credentials.

Passpoint^TM is also sometimes referred to as Hotspot 2.0 or Next Generation Hotspot.

 IEEE 802.11u: Another potentially important element of next-generation hotspots, 802.11u facilitates the discovery of accessible networks where these were not previously known to a client device. When a device detects the presence of one or more hotspots that indicate support for the IEEE 802.11u protocol, the device queries each access point and in return receives a set of credentials (e.g. whether the hotspot is free or paid for and in the latter case whether a relevant roaming agreement is in place) that can be used to decide whether to connect to a particular access point. If more than one accessible access point is detected, the mobile device uses operator policy to determine which Wi-Fi network to join.

A number of companies (sometimes referred to as Wi-Fi aggregators) are currently offering roaming across multiple Wi-Fi networks. Examples include iPass and Boingo.

Both companies provide managed Wi-Fi access to a wide range of international

partners’ hot spot access points, using secure authentication to pre-registered devices.

A more detailed examination of the role of Wi-Fi aggregators in supporting mobile data traffic offload is presented in section 5.3.7

The Third Generation Partnership Project (3GPP), which co-ordinates development of cellular mobile standards at a global level has also developed specific standards to facilitate interworking between 3G mobile networks and Wi-Fi networks. Two key standards are TS 24.327, which defines the mechanism for automatic handover between cellular and Wi-Fi networks, and TS 24.234, which defines the protocols for Wi-Fi devices to connect to cellular operators’ core networks. Another important development is the Access Network Discovery and Selection Function (ANDSF) standard, which is intended to extend a degree of control by mobile operators over which access network a device will preferentially attach to (this could either be the mobile network or one or more preferred Wi-Fi networks). Operators and equipment vendors are actively working on additional proprietary solutions to provide seamless switching between cellular and Wi-Fi networks. For example, Huawei has just announced trials of an integrated cellular and Wi-Fi platform in China, in which the mobile network assists in identifying and selecting the best Wi-Fi signal, thus enabling subscribers to connect to Wi-Fi without having to input their user name and password.³⁵

The automated authentication enhancements referred to in this section relate to public Wi-Fi networks. Users will still be able to control whether to connect to a private Wi-Fi network at home or at work by manually selecting the local Wi-Fi network as they do today. It is conceivable that future automated authentication software might limit consumer choice over which public network a device connects to by, for example, preventing connection to Wi-Fi networks that are not approved by the mobile network operator; however, we would expect that the device vendors who provide the connection manager software would resist any move to restrict the choice of network access for specific devices.

35 www.huawei.com/en/about-huawei/newsroom/press-release/hw-146103-mlabgsmwcdmaWi-Fi.htm.