Professional Documents
Culture Documents
20120229b Wi-Fi CERTIFIED Passpoint Final
20120229b Wi-Fi CERTIFIED Passpoint Final
A new program from the Wi-Fi Alliance to enable seamless Wi-Fi access in hotspots
The following document and the information contained herein regarding Wi-Fi Alliance programs and expected dates of launch are subject to revision or removal at any time without notice. THIS DOCUMENT IS PROVIDED ON AN "AS IS", "AS AVAILABLE" AND "WITH ALL FAULTS" BASIS. THE WI-FI ALLIANCE MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THIS DOCUMENT AND THE INFORMATION CONTAINED IN THIS DOCUMENT.
Executive summary
Once found only in coffee shops and hotels, the public Wi-Fi hotspot has become ubiquitous around the world. Growth of Wi-Fi in public spaces is expected to continue at a very strong pace, with Informa Telecoms & Media predicting 5.8 million hotspots worldwide in 2015. The explosive growth is driven by several factors: Ubiquity of Wi-Fi in mobile devices like laptops, tablets and smartphones. End-user appetite for Wi-Fi connectivity over 3G and 4G for mobile devices. Widening support by service providers of Wi-Fi hotspots as a means to offload traffic from congested networks and to improve the end-user experience. The forthcoming Wi-Fi CERTIFIED Passpoint program is the latest initiative from the Wi-Fi Alliance to revolutionize the end-user experience in Wi-Fi hotspots. Moreover, it is a key enabler for operator data offload in public hotspots. The specification underlying Passpoint certification defines a number of features, which will be introduced over the next 12 months: Phase one features (planned for mid-2012): Network discovery and selection: Devices identify and associate with Passpoint networks in the background, without any active intervention from the subscriber. Seamless network access: Authentication no longer requires a browser-based sign-on or the subscriber to enter a password. Devices are authenticated automatically, using Extensible Authentication Protocols (EAP) based on a Subscriber Identity Module (SIM), a username and password, or certificate credentials. Secure authentication and connectivity: All connections are secured with WPA2-Enterprise, which provides a level of security comparable to that of cellular networks. Phase two features (planned for 2013): Immediate account provisioning: Streamlined process to establish a new user account at the point of access, driving a common provisioning methodology across vendors. Operator policy: Mechanisms to support operator-specific subscriber policies, including network selection policy.
Table of Contents
Executive summary .......................................................................................................................... 2 Introduction ...................................................................................................................................... 3 Wi-Fi devices and hotspots continue an upward trajectory ............................................................. 4 Insatiable demand for data: A challenge and an opportunity .......................................................... 4 Wi-Fi CERTIFIED Passpoint: Seamless Wi-Fi access in public hotspots ....................................... 6 Wi-Fi CERTIFIED Passpoint value proposition ............................................................................... 6 EAP Authentication enables seamless access ................................................................................ 7 Passpoint security with WPA2-Enterprise ....................................................................................... 9 Roaming access through advanced network selection functionality ............................................... 9 Support for legacy networks and client devices ............................................................................. 10 Timeline for the Passpoint program ............................................................................................... 10 Summary ........................................................................................................................................ 11 Further information resources ........................................................................................................ 11 About the Wi-Fi Alliance ................................................................................................................. 12 Appendix: Wi-Fi Alliance initiatives to promote seamless connectivity.......................................... 12
Executive summary
2 3
Introduction Introduction
Wi-Fi devices and hotspots continue an to offer connectivity 4 Over the years, Wi-Fi coverage has extended upward trajectory to end users in new environments and on a widening array of client devices. Public access in hotspots, where the Wi-Fi infrastructure is shared Insatiable demand for data: A challenge and an opportunity 4 among all users who want to connect to the network, either for free or after paying a fee, is now Wi-Fi CERTIFIED Passpoint: Seamless Wi-Fi access in public hotspots prominent around the world, from an increasing number of mobile devices with Wi-Fi. 6 Wi-Fi CERTIFIED Passpoint value proposition The number of Wi-Fi hotspots has rapidly expanded over the last decade, growing from6 initial creation the of small, independent networks, which often covered only a single coffee shop or hotel, to larger, service EAP Authentication enables seamless access 7 providerowned networks designed to provide wireless access in high-traffic public locations. As Wi-Fi connectivity in public hotspots has grown in availability and popularity, delivering seamless and Passpoint security with WPA2-Enterprise 9 transparent access across networks, with secure connections and uninterrupted service, has become Roaming access through advanced network selection functionality 9 crucial for providers to add value to their service offerings and enhance the end-user experience. Support for legacy networks and client devices 10 The Wi-Fi Alliance is developing the Wi-Fi CERTIFIED Passpoint program to provide an industry-wide, interoperable platformPasspoint program access in public hotspots. Passpoint will be supported across a Timeline for the to streamline Wi-Fi 10 wide range of networks and client devices, provide an improved end-user experience, and become an Summary 11 important building block for service provider offload of data traffic and inter-provider roaming agreements. Further information resources 11 Ahead of Passpoints expected initial launch in mid-2012, this paper provides an introduction to the program and the features it supports, the market requirements it meets, and the benefits it provides end About the Wi-Fi Alliance 12 users and service providers. Appendix: Wi-Fi Alliance initiatives to promote seamless connectivity 12
3 of 13
Table of Contents
Type chapter title (level 2) ...........................................................................................................................2 Type chapter title (level 3) ......................................................................................................................3 Type chapter title (level 1) ............................................................................................................. 4 Type chapter title (level 2) ...........................................................................................................................5
Figure 1. Wired, Wi-Fi and mobile traffic volume in 2010 and 2015. Source: Cisco Visual Networking Index (VNI), www.cisco.com.
comScore, Digital Omnivores: How Tablets, Smartphones and Connected Devices Are Changing U.S. Digital Media Consumption Habits, 2011. 4 of 13 2012 Wi-Fi Alliance. All rights reserved.
A variety of service providers are integrating Wi-Fi into their core offering, driving an explosion in the number of hotspots and the data volumes they transport: Mobile operators. Wi-Fi hotspots improve the subscriber experience and allow operators to offload data from their congested cellular networks. As one example, in the United States, AT&T now provides Wi-Fi access to its subscribers in about 30,000 hotspots. The AT&T Wi-Fi network supported 487 million connections during the fourth quarter of 2011 more than triple the number from the previous year, with a 2 volume of traffic that nearly tripled over the same period. Wireline broadband service providers, including cable and other fixed-line operators. With growing public Wi-Fi offerings, these providers can differentiate their service from the competition and offer a more compelling service proposition to their subscribers outside of the home. These providers may also wholesale Wi-Fi access to roaming partners.
Figure 3. Number of public hotspots worldwide. Source: Wireless Broadband Alliance (WBA) and Informa Telecoms & Media.
Pure-play hotspot service providers offering access in partnership with hotels, restaurants, transportation authorities, and retailers. Customers have come to expect Wi-Fi access in a wide range of public locations. Wi-Fi has become a tool to attract and retain customers, or to encourage purchases of goods or services. Wholesale offerings to mobile providers who seek to expand their Wi-Fi offerings can also augment revenues for these providers.
Thanks to the ubiquity of Wi-Fi in residential and workplace environments, users have quickly learned to use Wi-Fi access everywhere they go. They expect a Wi-Fi service that is as transparent, consistent, automatic, and secure as their cellular service, and that works across all the Wi-Fi devices they own.
Figure 4. Global mobile data traffic. Source: WBA and Informa Telecoms & Media.
. AT&T, 1.2 Billion Customer Connections Made to 30,000 AT&T Wi-Fi Hot Spots in 2011, 2012.
Liaison with the Wireless Broadband Alliance (WBA) to deliver a harmonized hotspot platform
The Wi-Fi Alliance has created a Liaison Agreement with WBA. The agreement enables the organizations to share information, and collaborate to harmonize each groups programs. The Wi-Fi Alliance will certify equipment under the Wi-Fi CERTIFIED Passpoint program to help ensure interoperability. WBA programs facilitate roaming agreements and technical relationships between operators under the Next Generation Hotspot (NGH) guidelines. NGH guidelines assume Wi-Fi CERTIFIED Passpoint capabilities in deployed hotspot equipment and client devices. ____________________________________________ Improving customer experience is the main driver for the adoption of Passpoint for mobile operators. They want to replicate the cellular network experience that their subscribers have with their phones when they use Wi-Fi, so their users go to a hotspot and it just works no need to do anything. This will allow hotspots to provide a more reliable and user-friendly service. SIMbased authentication is crucial for mobile operators to enable seamless connectivity, as well as enhance security at Wi-Fi hotspots. Nigel Bird, Project Leader, WBA Next Generation Hotspot Operator Guidelines
The emergence of Wi-Fi CERTIFIED Passpoint will transform the user experience in public hotspots. As an industry-wide solution, Passpoint will work in any network and overcome the limitations of proprietary, non-interoperable solutions offered by some providers today. Devices certified in the program will manage network association, authentication, sign-up, and security in the background, in a way that is completely transparent to the subscriber and that consistently works in any Passpoint network.
Wi-Fi hotspot access for in-network APs no longer requires an active selection or input from the subscriber. Passpoint uses a consistent interface and automated association process. Devices can be automatically granted access to the network based on multiple credential types. Passpoint supports Subscriber Identity Module (SIM)based authentication, widely used in cellular networks today, as well as username/password combinations and certificate credentials. No end-user intervention is required in order to establish a connection to a trusted network.
WPA2-Enterprise security
All Passpoint connections are secured with WPA2-Enterprise for authentication and connectivity, offering a level of security comparable to that of cellular networks. Passpoint enhances WPA2-Enterprise by adding features to mitigate common attack vectors in public Wi-Fi deployments.
Phase two features of the Wi-Fi CERTIFIED Passpoint program (2013) Immediate account provisioning Standardized and streamlined process for establishing a new user account at the point of access, driving a common provisioning methodology across vendors. Mechanisms to support operator-specific subscriber policies, including network selection policy.
Operator policy
Phase one features of the Wi-Fi CERTIFIED Passpoint program (mid-2012) Network discovery and selection Client devices discover and automatically choose networks based on user preferences, provisioned operator policy, and network availability. These features are based on the recent IEEE 802.11u amendment. Wi-Fi hotspot access for in-network APs no longer requires an active selection or input from the subscriber. Passpoint uses a consistent interface and automated association process. Devices can be automatically granted access to the network based on multiple credential types. Passpoint supports Subscriber Identity Module (SIM)based authentication, widely used in cellular networks today, as well as username/password combinations and certificate credentials. No end-user intervention is required in order to establish a connection to a trusted network. WPA2-Enterprise security All Passpoint connections are secured with WPA2-Enterprise for authentication and connectivity, offering a level of security comparable to that of cellular networks. Passpoint enhances WPA2-Enterprise by adding features to mitigate common attack vectors in public Wi-Fi deployments.
Phase two features of the Wi-Fi CERTIFIED Passpoint program (2013) Immediate account provisioning Standardized and streamlined process for establishing a new user account at the point of access, driving a common provisioning methodology across vendors. Mechanisms to support operator-specific subscriber policies, including network selection policy.
Operator policy
Users of Wi-Fi CERTIFIED Passpoint devices will notice significant changes in the way they connect to hotspots. The commonly used browser-based authentication that requires users to enter their account information on a captive portal will no longer be necessary, as the client device can authenticate without input from the end user. Not only does browser-based authentication require an active effort from subscribers, it does not work in devices without a browser (e.g., a feature phone) or in devices configured to automatically connect to some virtual private networks (VPNs).
EAP-SIM EAP-Authentication and Key Agreement (EAP-AKA) EAP-Tunneled Transport Layer Security (TTLS) with Microsoft Challenge-Handshake Authentication Protocol Version 2 (MSCHAPv2)
). The EAP-SIM and EAP-AKA SIM-based authentication methods enable mobile operators to use the same credential for both cellular and Wi-Fi authentication.
EAP-SIM EAP-Authentication and Key Agreement (EAP-AKA) EAP-Tunneled Transport Layer Security (TTLS) with Microsoft Challenge-Handshake Authentication Protocol Version 2 (MSCHAPv2)
Table 2. EAP methods supported by Passpoint.
SIM, if mobile device has SIM credential Universal Subscriber Identity Module (USIM), if mobile device has USIM credential Username and password, with server-side certificates
In addition to ease of use, Passpoint seamless authentication brings these benefits to service providers and users: Hotspot access for CE devices without a browser. Passpoint authentication methods do not require a browser, and will facilitate the use of CE devices like cameras or embedded devices in cars that do not have a browser. New sign-up and content delivery models. The increased flexibility in provisioning new accounts and tying them to complementary accounts (e.g., a cable modem subscription) and services (e.g., location-based services to reward customers for a purchase) will further encourage the emergence of new sign-up and content delivery models. Keeping the authentication process in the background and securing the connection will make hotspot access much more attractive to content providers and manufacturers of content-oriented devices such as digital book readers. Occasional Wi-Fi access can also be simplified for subscribers who do not have a prepaid subscription for instance, using charging models similar to prepaid plans from mobile operators. Enable digital-rights management over Wi-Fi. Service providers increasingly provide protected and paid content to their subscribers, but to do so they need to know who receives the content. Passpoint background authentication enables service providers to verify the identity and access rights of subscribers, and to deliver premium content to subscribers connected to home and workplace networks, as well as public hotspots.
WPA2-Enterprise uses an authentication and key management infrastructure that differs from WPA2-Personal. WPA2Personal support is mandated in all Wi-Fi equipment and provides security in residential and small business environments without AAA capabilities. Devices that support only WPA2-Personal do not benefit from Passpoints new security features, but will still be able to connect to Passpoint networks. 10 of 13 2012 Wi-Fi Alliance. All rights reserved.
Once roaming between two service providers is enabled, Passpoint devices can connect to either a network provided by the subscribers service provider, or to a visited network provided by another provider, using the same process. In all cases, the Passpoint client recognizes the AP as belonging to the list of available networks and establishes a connection. The end users experience is similar to cellular roaming as they reach a Passpoint hotspot, the device connects automatically.
Summary
Wi-Fi hotspots enable service providers to enhance subscriber experience and to relieve congestion in their networks (Figure 5). End users own an increasing number of Wi-Fienabled devices, and hotspots provide users a cost-effective way to get a reliable and affordable connection in high-traffic locations. Vendors benefit from a widening market for Wi-Fi mobile devices that is increasingly moving beyond laptops and smartphones, to include tablets, digital book readers, game consoles and other CE devices. Wi-Fi CERTIFIED Passpoint is the new certification program developed by the Wi-Fi Alliance in close collaboration with service providers and equipment vendors to make hotspot access seamless, effortless and secure for subscribers. Passpoint empowers service providers to fully leverage Wi-Fi ubiquity in the client devices, and to offer a more compelling service to their subscribers and customers.
Figure 5. The benefits of Passpoint to service providers, end users, and equipment vendors.
Wi-Fi CERTIFIED n leverages multiple-in, multiple-out (MIMO) technology in IEEE 802.11n Wi-Fi CERTIFIED products to enhance performance and capacity in Wi-Fi networks.