Alepo Whitepaper
With mobile data usage on the upswing, wireless carriers are looking to Wi-Fi hotspots as a viable option for the delivery of high speed internet services on mobile devices. With the introduction of Wi-Fi hotspots to their overall mobile data strategy, carriers can unlock new revenue channels, drive up business value, and optimize network resources and efficiencies.
This Alepo white paper reveals five emerging innovations surrounding Carrier Wi-Fi offload and monetization that are advancing opportunities for wireless carriers in making Wi-Fi hotspots a fundamental and viable part of their mobile data strategy.
It’s no question that Wi-Fi is a mature and widespread technology, today reaching over 700 million homes, schools, enterprises, and hotspot locations worldwide. Its reach continues to grow as more Wi-Fi-enabled mobile devices, including smartphones, tablets, laptops, e-readers, and music players, hit the market. As data usage on mobile devices continues to skyrocket, wireless carriers are beginning to see great potential in leveraging Wi-Fi to capitalize on new revenue channels and reduce congestion on cellular networks.
Whether implemented by a wireless carrier, cable or internet service provider, or through a partnership with an existing Wi-Fi provider or aggregator such as Boingo, a Wi-Fi hotspot network can offer an alternative or complementary means to deliver high-speed internet services to customers. Cost-efficient, widely supported, and readily deployable, Wi-Fi hotspot networks are an attractive and immediate option for carriers looking to supplement their existing data services, offload from cellular networks, or generate additional revenue with a paid Wi-Fi hotspot business model.
As carriers deliberate exactly how Wi-Fi fits in their overall mobile data strategy, they must consider a myriad of questions and challenges that span the network, the business opportunity, and the customer experience. From a network perspective, this includes a number of questions on security, integration with legacy networks, and support for a wide variety of mobile devices. Business-wise, carriers have been challenged by competition from free, public Wi-Fi hotspots and doubts about how best to sell or package Wi-Fi hotspot services. And, in regards to the customer experience, carriers must consider how to ensure a consistent, simple, and ubiquitous experience across networks in order to facilitate adoption and encourage use.
Ongoing work in the development of standards, industry initiatives like NGH and Hotspot 2.0, and vendor solutions addresses these considerations and is driving forward the opportunities for Carrier Wi-Fi. This work has given rise to new possibilities for service innovation, new revenue channels, and partnerships. Advancements in technologies that enable automatic and granular Wi-Fi offload, manageable partnerships, and profitable hotspot networks make it possible and viable for wireless carriers to launch Wi-Fi hotspot services and reach customers with differentiated service offerings.
The following pages discuss five emerging innovations in Carrier Wi-Fi and their implications for wireless carriers. These innovations, while not an exhaustive list of the current advancements being made in Wi-Fi technology, center on the areas of Wi-Fi offload and Wi-Fi hotspot revenue generation, specifically:
Making Wi-Fi Offload Secure & Automatic
Making Carrier Services Available on Wi-Fi
Enhancing Network Discovery & Selection
Monetizing Wi-Fi Hotspots
Forging Partnerships across the Wi-Fi Ecosystem
Wi-Fi offload can be a win-win situation for carriers and subscribers. By offloading mobile data traffic from a 2.5G or 3G cellular network to a Wi-Fi hotspot network, carriers can optimize available cellular network resources, increase overall capacity, and reduce bottlenecking of service. By alleviating congestion caused by heavy smartphone internet usage, carriers can better allocate their cellular network resources to other customers for voice calls and other services. In turn, offloaded subscribers experience the advantages of high-speed Wi-Fi access without having to manually connect or log in.
In order to realize the full potential of Wi-Fi offload, the process of moving from a cellular network to a Wi-Fi network must be automatic and transparent to the end user. If it is not, the offload has to be initiated by the end user, which often requires the user to manually select the network and enter a security key or login credentials to connect. This can cause a significant drop-off in adoption and undermine the goals of the offload solution.
Yet, achieving an automatic and transparent offload process is not child’s play. To protect the integrity of the network as well as subscriber data, the mobile subscriber must be securely authenticated to the Wi-Fi hotspot network during the offload process. This means that the subscriber’s identity (e.g., IMSI) and login credentials are sent over the Wi-Fi hotspot network, which is, by definition, a non-secure, non-trusted network. If not addressed properly, this can pose security risks, such as exposing login credentials to possible interception or corruption during the authentication process, making it possible for unauthorized users to access the network.
Another challenge in realizing automatic and transparent offload is the considerable variation in mobile handsets and operating systems. Most Wi-Fi offload solutions available today require a SIM card to perform secure authentication, which overlooks a large number of popular mobile devices on the market today that do not support SIM cards. Carriers require an offload solution that works for their customers across multiple types of devices.
There are a number of innovative approaches to realizing Wi-Fi offload that provide secure authentication while maintaining an automatic and transparent process. These approaches create transparent methods for offload that accommodate the diversity of mobile devices in use today.
Wi-Fi Offload via EAP SIM, AKA Authentication
One such approach to Wi-Fi offload is the use of a mobile device’s SIM card to securely authenticate the subscriber to the Wi-Fi network via EAP SIM or EAP AKA authentication methods. This method of authentication utilizes encrypted data from a mobile device’s SIM card to authenticate and optionally authorize a user via an authentication gateway. The gateway commonly sits between the AAA server in the Wi-Fi core network and the HLR or HSS in the mobile core network to fetch authentication vectors over a standard Diameter or SS7 interface. The process is highly secure, since it utilizes the same proven and secure authentication methods already used in mobile networks. When combined with IEEE 802.1x authentication standards, EAP SIM and EAP AKA can provide a secure, encrypted connection to WLAN equivalent to 3G or LTE levels of security.
This approach to Wi-Fi offload requires no installations or changes to the end-user device, and it works with any WPA Enterprise or WPA2 Enterprise-enabled access point, making it a readily available solution on the market today. In addition, this method minimizes dependency on other network components, needing only light integration with the mobile core network over a standard SS7 interface to function fully.
This type of Wi-Fi offload limits its support to devices that natively utilize SIM cards. Some devices that do not natively support EAP SIM or EAP AKA authentication methods may be patched to do so. However, since a number of mobile devices used to access Wi-Fi networks today do not support this offload approach, carriers may consider a multi-pronged approach in order to realize a robust and comprehensive offload solution.
Wi-Fi Offload via Mobile App
Another approach to Wi-Fi offload is the use of a mobile app to securely authenticate the subscriber to the Wi-Fi network. Installed on the end user’s mobile device, the app works in the background to authenticate the subscriber to the Wi-Fi hotspot network without requiring the end user to manually enter login credentials. Automatic and transparent, this solution bypasses the need for a SIM card to perform secure authentication, making it a highly available option for a wide range of mobile devices.
In order for the mobile app to perform secure and automatic offload, two processes must occur. First and foremost, the app must be installed on subscribers’ mobile devices, either through factory installation, customer download (a good option for an opt-in model), or over-the-air provisioning. Second, the mobile app must obtain and store the login credentials from the network, known as an enrollment process. Enrollment can be handled in multiple ways, including certificate sharing using EAP TLS/TTLS authentication methods or sending a one-time password over SMS. These options ensure the best fit for each carrier’s network topology and security requirements.
Depending on the type of enrollment process as well as the carrier’s existing network topology, this approach to Wi-Fi offload may be completely self-contained, requiring little to no integration with the existing mobile core network infrastructure. This allows for a more rapid deployment that does not impact or interrupt existing services.
In the pursuit of creating an experience on Wi-Fi that is comparable to 3G or 4G mobile data networks, carriers are seeking out ways to provide secure, uninterrupted access to carrier IP services, such as voice, video, and other multimedia services. Connections to hotspots outside of a carrier’s own network pose a particular challenge, since the delivery of carrier services requires interworking with the carrier’s core network. Because Wi-Fi is considered a non-trusted, non-3GPP access technology that has traditionally lacked sufficient methods for encryption and secure transport of data traffic, it can expose the core network to security risks.
Multiple industry organizations, including the 3GPP and Wi-Fi Alliance, have contributed to the development of a standard architecture to enable Wi-Fi interworking and roaming with access to voice, video, and multimedia services in the carrier’s 3G or 4G core network. The iWLAN architecture, standardized by the 3GPP, promotes secure connections between the packet core network and Wi-Fi networks. The iWLAN architecture designates a secure connection to the carrier’s core network via an IPSec tunnel, which extends from the UE through the wireless access gateway (WAG), the GGSN, and from there to the core network or the internet. It utilizes security keys (IKEv2) for authentication and interacts with a AAA/AAA proxy framework to retrieve subscription information and authorize the connection.
Along with carrier voice, video, and data services, iWLAN could enable carriers to extend a breadth of 3G services and functionality to the Wi-Fi environment. Carriers may provision, authenticate, and authorize traffic for their carrier services on Wi-Fi networks just as they do for their 3G networks, and they can enforce policy on these services. Additional capabilities include lawful intercept and unified charging and billing.
Yet a number of challenges of this infant architecture remain. Upon connection to a Wi-Fi network, a new session must be established, resulting in service interruption. In addition, this architecture requires a special UE client that may not be available on all devices, as well as investment in additional core network infrastructure, including a WLAN access gateway (WAG) to handle policy enforcement and accounting functions, and additional packet data gateway functionality to manage session continuity, IPSec tunnel termination, routing, and charging.
Session continuity is particularly sought after for creating a seamless interworking experience, and it is currently driving efforts to develop new standards. The 3GPP has developed an alternative proxy MIP offload architecture that enables mobility and session continuity between Wi-Fi and mobile data.
Going above and beyond automatic and transparent offload, automatic network discovery and selection can enable carriers to more discerningly offload mobile data traffic according to a number of parameters, including network type, location, time, subscription type, and more. This can help carriers overcome an “everybody on, everybody off” situation that can paradoxically leave Wi-Fi hotspot networks congested and cellular networks underutilized. With the Automatic Network Discovery and Selection Function (ANDSF), a 3GPP-defined evolved packet core (EPC) network element, carriers can define granular rules for offload that best align with their network resources and customer usage patterns.
The ability for carriers to set fixed network discovery and selection rules engenders a wide range of new opportunities for more intelligent Wi-Fi offload. Carriers can apply policies to their offload decisions to ensure quality of service and a consistent customer experience for offloaded customers. More so, carriers can offload less valuable mobile data traffic while keeping revenue-generating traffic on their mobile network, thereby minimizing the risk of weakened revenues. Rules can be configured for specific locations, hours, and days of the week to relieve network congestion and promote optimized network performance. Through strategic offload decisions, carriers can also prioritize offload to Wi-Fi hotspot networks for their roaming customers to reduce roaming costs. Furthermore, carriers can utilize Wi-Fi hotspot networks to minimize dead spots for their mobile subscribers, expand coverage and access to Wi-Fi, and promote an optimal customer experience by prioritizing the highest-quality connection at every geographic location.
The ability to capitalize on Wi-Fi hotspot services can constitute a major incentive for wireless carriers and service providers to incorporate Wi-Fi services into their service portfolio and to grow their Wi-Fi hotspot footprint. By monetizing Wi-Fi hotspots, carriers can offset the costs of the Wi-Fi infrastructure and open new revenue channels for existing and new customers. Even if the carrier’s main driver for a Wi-Fi hotspot network is to increase cellular network capacity by offloading existing mobile subscribers, the Wi-Fi hotspot network can be extended to new and non-mobile subscribers as well. This affords wireless carriers an opportunity to expand their reach to new customer segments, including new and casual users, roaming users, as well as their existing mobile subscribers using secondary, Wi-Fi-only devices.
Mobile Data Services Convergence (3G + Wi-Fi)
For existing mobile subscribers, there are boundless opportunities to cross sell, upsell and bundle Wi-Fi hotspot services alongside mobile data plans. Wi-Fi hotspot access may be bundled as a value-added service or as a flat-fee monthly add-on package to a mobile data plan. For unmetered Wi-Fi hotspot services such as these, integration with the carrier’s existing core network may be limited to the subscriber repository, such as an HSS or HLR. Whether the subscriber is automatically offloaded to the Wi-Fi hotspot services or logs in manually through a web portal interface, authorization (whether or not the subscriber has access to this service) can occur in tandem with the authentication process, as previously discussed in the context of Wi-Fi offload. For scenarios with more closely converged services, such offering as a shared account balance for prepaid mobile data and metered Wi-Fi hotspot services, integration at the charging level may be required. The potential also exists to create differentiated and tiered services surrounding Wi-Fi hotspots. For example, a carrier could charge a higher rate for prepaid Wi-Fi hotspot services at hotels and airports than at parks and museums.
Wi-Fi Passes & International Roaming
Carriers can extend their Wi-Fi hotspot business models to offer Wi-Fi data passes to new and existing customers as well as for Wi-Fi roaming options. Wi-Fi data passes afford casual users more longevity than a single session without the commitment of a subscription. Wi-Fi data passes can offer unlimited or volume-limited service for a day, week or month, for example. Once the pass expires or the volume allotment is exhausted, the customer simply purchases another pass as he needs it. This is a popular option for roaming customers who may be traveling for a short period. For example, a carrier could offer an international Wi-Fi roaming pass with up to one week of unlimited access to their own hotspot network and international partner networks for a flat fee.
When exploring potential Wi-Fi hotspot business models and revenue opportunities, carriers must consider their target audiences and how those potential customers use the Wi-Fi hotspot network. At any given Wi-Fi hotspot, a diverse mix of customers may have widely different needs, expectations and device or payment capabilities. This can also vary from market to market. Overall, there is no one-size-fits-all business model, and the network architecture and level of integration with existing services will reflect the unique business goals of each carrier.
Wi-Fi hotspots present growing opportunities for carriers to foster widespread partnerships among a range of partners, from wireless internet service providers (WISPs), to aggregators like Boingo, to location owners such as hotels, airports and shopping centers, in order to create highly extensible, cost-efficient hotspot business models. Through partnerships and collaboration, carriers can ease Wi-Fi roaming and resale models and more rapidly grow their Wi-Fi hotspot footprint, while reducing overhead and infrastructure investments. To make partnerships work across the Wi-Fi ecosystem, carriers are turning to their BSS / OSS or back office suppliers to provide a comprehensive partner management solution for Wi-Fi hotspot services. A complete, carrier-grade partner management solution for Wi-Fi hotspots includes the following features and functionalities:
Alepo’s work with MTN provides a real-world example of the viable business opportunities surrounding Carrier Wi-Fi. To read the full case study on this project, please visit www.alepo.com.
Overview
With more than five million subscribers, MTN is the leading mobile operator in Cameroon. In 2010, MTN decided to expand its services portfolio by building out a nationwide network of Wi-Fi hotspots for prepaid internet services. Integration of the Wi-Fi hotspot network with the existing mobile network infrastructure would allow MTN mobile subscribers to maintain a single balance for 3G and Wi-Fi services and to top up with a single voucher, creating a consistent and simple customer experience across services and hotspot locations.
This project also focused heavily on the development of a micro-business partnership model, wherein small businesses and institutions could establish an MTN Wi-Fi hotspot at their respective locations, such as cafes, hotels or universities, and create revenue sharing agreements with MTN. This would allow MTN to quickly and cost-effectively expand its nationwide Wi-Fi hotspot footprint, and would drive MTN customers to the hotspot locations.
Solution Highlights
In collaboration with MTN, Alepo deployed an end-to-end Wi-Fi hotspot platform that enabled the carrier to rollout prepaid Wi-Fi services alongside their existing mobile data services on an expansible, nationwide Wi-Fi hotspot network. The fully monetized, integrated solution made it simple and convenient for customers to buy and consume Wi-Fi services at any MTN partner Wi-Fi hotspot location. Real-time policy and charging ensured zero leakage of revenue, even as customers moved from hotspot to hotspot. What’s more, Alepo’s centralized partner management tools made it possible to readily grow MTN’s Wi-Fi footprint through revenue sharing partnerships in a highly cost-effective way.
Solution Components
Alepo Service Enabler for Wi-Fi (Including AAA & Prepaid Charging)
Alepo deployed its all-inclusive policy, charging and business management platform, Service Enabler, configured for prepaid policy and charging control, and integrated it with the existing core network. The scalable, modular system was adapted for MTN to handle the real-time rating, prepaid charging, accounting, reporting as well as user and reseller management for the operator’s expansive Wi-Fi Hotspot network.
The Alepo SE platform included the following modules and services:
Alepo IN to IP Charging Gateway
Bridging the gap between the legacy GSM network and the IP-based Wi-Fi network, the Alepo IN to IP Charging Gateway makes it possible for MTN Cameroon to maintain a single, centralized balance manager across all networks and services. The real-time charging gateway works to query and manage balance information between the IN and the Alepo charging node.
Alepo Hotspot Portal
Via Alepo’s Hotspot Portal, any customer can select a Wi-Fi pass and prepay for services using a credit card or prepaid voucher. MTN’s existing subscribers also have an option to charge the Wi-Fi services to their existing mobile account as a value-added service. In addition, the portal was customized to mimic the look and feel of the existing portal, creating a seamless experience between mobile and Wi-Fi.
Alepo Wi-Fi Hotspot Server
Alepo’s Wi-Fi Hotspot Server is a robust solution that turns Wi-Fi technology into a carrier-grade solution, engendering innovative and expansible business models. The unique solution enables location mapping and identification. It is used to perform rating and charging based on location, whether the location is a switch with multiple access points (hotel), a single access point or even a single CPE / MAC address. This affords operators granular control over each access point, while maintaining a centralized access network / enforcement point.
The Alepo Wi-Fi Hotspot Server includes a Network Monitoring Server (NMS) to track the performance of hotspot locations and access points using SNMP-based management interfaces. It provides a dashboard to monitor the distributed network, including such information as AP uptime, throughput and more. With built-in DHCP functionality, it also maintains and assigns IP addresses at the start of each user session.
