Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The following document and the information contained herein regarding Wi-Fi Alliance programs and expected dates of
launch are subject to revision or removal at any time without notice. THIS DOCUMENT IS PROVIDED ON AN "AS IS", "AS
AVAILABLE" AND "WITH ALL FAULTS" BASIS. WI-FI ALLIANCE MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR
GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THIS DOCUMENT
AND THE INFORMATION CONTAINED IN THIS DOCUMENT.
Wi-Fi CERTIFIED Passpoint™:
An essential and strategic solution for service
provider Wi-Fi® deployments
October 2014
© 2014 Wi-Fi Alliance. All rights reserved. 2
Executive summary
Once found only at home and in coffee shops and hotels, the Wi-Fi® hotspot has become
ubiquitous. Indeed, Cisco is predicting a four-fold increase in Wi-Fi hotspots from 2013, to
55 million hotspots worldwide by 20181.
Several factors drive this growth:
Ubiquity of Wi-Fi in mobile devices like tablets, smartphones, and laptops
End-user appetite for public high-speed Wi-Fi connectivity
Investment in Wi-Fi networks by fixed broadband providers as a means to extend their
services to subscribers outside the home
Widening support by mobile operators of Wi-Fi hotspots as a means to offload traffic
from congested mobile phone networks and to improve the end-user experience
New opportunities in sectors such as retail and hospitality, where the value of a Wi-Fi
network extends beyond a customer amenity into value-driving service
Historically, the procedure to connect in a hotspot has been cumbersome and highly
variable from location to location. Also, a secure connection that prevents data theft is
often the exception, rather than the rule.
Wi-Fi Alliance® created the Wi-Fi CERTIFIED Passpoint™ program to revolutionize the end-
user experience at Wi-Fi hotspots. With Passpoint, Wi-Fi devices connect to hotspots as
effortlessly and securely as they do to cellular towers. Passpoint also enables all hotspot
operators (broadband and mobile service providers, retailers, hoteliers, and social
networks, just to name a few) to extract more business value from investments in Wi-Fi.
Passpoint certification defines several features, including:
In-pocket connection experience: Wi-Fi devices identify and associate with Passpoint-
enabled networks in the background, without any active intervention from the
subscriber. Authentication no longer requires a browser-based sign-on. Instead, devices
are authenticated automatically, using Extensible Authentication Protocols (EAP) based
on a Subscriber Identity Module (SIM), a username and password, or certificate
credentials.
Registration and provisioning: A streamlined process to establish a new user account
at the point of access, drives a common provisioning methodology across vendors
Policy: Passpoint also employs mechanisms to support operator-specific subscriber
policies, including network selection policy
Secure access: All connections are secured with WPA2™-Enterprise, which provides a
level of security comparable to that of cellular networks
1 Cisco, “The Zettabyte Era—Trends and Analysis,” 2014.
© 2014 Wi-Fi Alliance. All rights reserved. 3
This white paper describes Passpoint features within the context of the marketplace, and
explains how Passpoint devices can transform an end user’s Wi-Fi experience. For a
technical description of the technologies that support Passpoint, see the Hotspot 2.0
(Release 2) Technical Specification.
© 2014 Wi-Fi Alliance. All rights reserved. 4
Wi-Fi traffic, devices, and hotspots continue an upward trajectory
As the number of Wi-Fi
devices entering the market
accelerates, and users’
insatiable thirst for video
and other data grows, Wi-Fi
data traffic will soon account
for 61 percent of total global
Internet traffic (Figure 1)
from 36 percent in 2010. As
Wi-Fi integrated circuit (IC)
sales and Wi-Fi product
certification volumes
continue to increase, the
fastest-growing categories in
the Wi-Fi market have been
mobile and consumer
electronic (CE) devices.
Users are accustomed to using Wi-Fi when on the go. With users demanding ubiquitous
network access, the number of Wi-Fi hotspots in nonresidential settings is expected to
grow rapidly over the next four years as service providers intensify their efforts to meet
that demand.
Wi-Fi shipments continue to grow each year (Figure 2), with more than one billion devices
in use today. More than 2.6 billion Wi-Fi-enabled chipsets are likely to ship in 2014,
followed by 18 billion more over the next five years.2 Widespread adoption of the
technology by consumer, mobile, automotive, and emerging markets drives this rapid
growth forecast. Wi-Fi is now commonplace in homes, Wi-Fi hotspots, and enterprise
environments. It is found in many types of devices, including smartphones, tablets, laptop
computers, cameras, media players, photo frames, TVs, gaming consoles, and fitness
devices.
2 ABI Research, 2014, as reported in MarketWatch.
Figure 1. Global Internet traffic, wired and wireless. Source: Cisco VNI,
2014. The percentages in parentheses next to the legend refer to traffic
share in 2013 and 2018, respectively.
© 2014 Wi-Fi Alliance. All rights reserved. 5
Figure 2. Wi-Fi device shipments forecast. Source: ABI Research, August 2014.
Insatiable demand for data: A challenge and an opportunity
As people adopt a wider array of Internet-connected devices in their lives, the number of
wired and wireless Internet connections is growing faster than both the global population
and the number of human Internet users. The machine-to-machine [M2M] category alone,
including devices like smart utility meters, video surveillance systems, and logistical
trackers, will account for 35 percent of IP device share by 2018 (Figure 3).
Figure 1 shows Wi-Fi quickly
becoming the dominant
access technology. As the
much faster “gigabit” 802.11ac
Wi-Fi standard becomes
widespread, mobile users will
expect the high-definition
video streaming, gaming,
video conferencing, and other
data-heavy services they enjoy
at home.
Wi-Fi has also become an
important complement to
cellular networks, as
subscriber volume and per-
subscriber traffic load grow
Figure 3. Market share by device type. Source: Cisco VNI, 2014.
The percentages in parentheses next to the legend denote the
device share for the years 2013 and 2018, respectively.
© 2014 Wi-Fi Alliance. All rights reserved. 6
faster than available cellular capacity. Global mobile data traffic is predicted to grow 11-fold
from 2013, reaching nearly 16 exabytes per month by 2018.3
A variety of service providers are integrating Wi-Fi into their core offering, driving an
explosion in the number of hotspots and the data volumes they transport:
Wireline broadband service providers, including cable and other fixed-line
operators. With growing Wi-Fi offerings, providers can differentiate services and offer a
more compelling proposition to subscribers outside the home. They can also offer
wholesale Wi-Fi access to roaming partners.
Hotspot operators offering access in partnership with hotels, restaurants, and
retailers. Users have come to expect Wi-Fi access in a wide range of public locations.
Wi-Fi has become a tool to attract and retain customers, and to encourage direct
purchases of goods or services. Hotspot operators can strike lucrative deals with
telecommunications service providers seeking to expand Wi-Fi offerings.
Telecommunications carriers. Wi-Fi hotspots improve the subscriber experience and
allow operators to offload data from congested cellular networks. In the United States,
for example, AT&T provides Wi-Fi access to subscribers in more than 30,000 hotspots.4
The company provides managed Wi-Fi services in large facilities such as stadiums and
shopping malls.5
Wi-Fi’s twin opportunities: Ease of access and security
Thanks to the ever-growing ubiquity of public hotspots, people have come to expect Wi-Fi-
enabled Internet access everywhere they go. Users are buying more and more Wi-Fi-
enabled devices, and their data consumption and production is skyrocketing. However,
until now, most users had to consider access and security issues when they connected to
public hotspots.
In a public hotspot, subscribers typically have had to search for and choose a network, then
request and acknowledge the connection to the access point each time. In some cases,
they must re-enter authentication credentials. Proprietary solutions that simplify network
selection and association and/or offer security severely limit interoperability and worldwide
usage.
By contrast, connecting to a home or enterprise Wi-Fi network is usually automatic after
providing authentication credentials during the first network association. Network selection
and association after that are initiated on the client device side, and they are subject to
3 Cisco, “The Zettabyte Era—Trends and Analysis,” 2014.
4 AT&T, “1.2 Billion Customer Connections Made to 30,000 AT&T Wi-Fi Hot Spots in 2011”, 2012.
5 Computerworld, “Wireless competition heats up, and so do changes in executive ranks,” 2014.
© 2014 Wi-Fi Alliance. All rights reserved. 7
policies set by IT managers or to the homeowner’s preference. As users continue to access
the same networks, their devices automatically associate with known and trusted networks,
avoiding further user intervention.
Given the experience of unhindered roaming and secure connections while using
enterprise Wi-Fi or cellular networks, users have come to expect public Wi-Fi service that is
as transparent, consistent, automatic, and secure.
Until Passpoint, that kind of customer experience didn’t exist for public Wi-Fi.
Passpoint value proposition
With active support from a wide ecosystem of device manufacturers, mobile operators, and
service providers, Wi-Fi Alliance designed the Passpoint certification program to:
Create a high-quality experience for subscribers in public hotspots
Enable service providers to extract additional value from hotspot deployments
Enable service providers to develop new Wi-Fi–based services
Create an effective platform for carriers to offload traffic to Wi-Fi networks
Enable service providers to develop Wi-Fi roaming agreements
Passpoint-enabled devices manage network association, authentication, sign-up, and
security in the background, in a way that is completely transparent to the subscriber.
Key Passpoint features are described in the following table (Table 1).
© 2014 Wi-Fi Alliance. All rights reserved. 8
Key Passpoint Feature Description
Automated network
discovery and
selection
Client devices discover and automatically select
networks based on user preferences, provisioned
operator policy, and network availability. These features
are based on Wi-Fi Alliance extensions to the IEEE
802.11u standard.
Seamless network
access and roaming
between hotspots
Wi-Fi hotspot access for in-network access points no
longer requires active selection by the subscriber.
Passpoint uses a consistent interface and automated
association process.
Devices can be automatically granted access to networks
based on several credential types. Passpoint supports
SIM–based authentication (widely used in cellular
networks), username-password combinations, and
certificate credentials. User input is not required to
establish a connection to a trusted network.
Immediate account
provisioning
Standardized and streamlined process for establishing a
new user account at the point of access drives a
common provisioning methodology across vendors.
WPA2-Enterprise
security
All Passpoint connections are secured with WPA2-
Enterprise for authentication and connectivity, offering a
level of security comparable to that of cellular networks.
Passpoint enhances WPA2-Enterprise by adding features
to mitigate common attack methods in public Wi-Fi
deployments.
Operator policies are
easy to implement
Passpoint provides mechanisms to support operator-
specific subscriber policies, including network selection
policy.
Table 1. Key Passpoint features.
© 2014 Wi-Fi Alliance. All rights reserved. 9
Transforming the user experience
As mobile device users travel from place to place, Passpoint hotspots provide a seamless
and secure connection experience. Mobile and residential subscribers can enjoy immediate
access wherever their provider has a hotspot. Wi-Fi roaming partnerships further expand
access. Other users can use online sign-up to create an account and buy secure access in
the moment.
Devices with SIM cards can be used for even faster secure access as an alternative to
manual authentication, such as entering a username and password.
These are just some examples of how Passpoint transforms the user experience.
Online sign-up — Alice walks into a coffee shop
Alice enters a coffee shop for the first time and wants to get some work done after buying
a drink. The shop’s Passpoint hotspot requires her to sign up online with its service
provider.
During this secure sign-up procedure, she enters her name, address, and credit card
information to associate her tablet with the new account. Alice’s tablet is then provisioned
with the appropriate credentials and configuration to securely access the service provider’s
hotspots – both in the coffee shop and elsewhere. (If there’s a roaming agreement between
Alice’s home service provider and the hotspot’s service provider, then her laptop is
provisioned automatically – no sign-up required.)
After this one-time sign-up procedure, Alice is connected securely to the Internet. Indeed,
she’s free to work, check email, or access her bank account without worrying about
someone intercepting her communications or stealing her data.
In the future, when Alice returns to the coffee shop or any hotspot operated by the same
service provider, Alice’s tablet just connects. The previously accepted terms and conditions
still apply, and it connects without her intervention (Figure 4).
Figure 4. Access by online sign-up (OSU)
© 2014 Wi-Fi Alliance. All rights reserved. 10
Mobile service subscriber with SIM — Jack walks into a coffee shop
If your mobile device has a SIM card affiliated with the same service provider as the
hotspot operator, the device can automatically initiate association to the Wi-Fi network.
This can also work with other service providers if agreements are in place. Authentication
occurs based on the SIM credentials if the network supports it.
Jack is at the same coffee shop as Alice, and he wants to use his mobile phone to watch his
local soccer team play a match. He has a dual-mode phone that can connect to both
cellular and Wi-Fi networks.
The hotspot uses a Wi-Fi-enabled broadband router managed by the cellular operator or
another service provider. Jack’s phone uses its SIM credentials to authenticate to the
hotspot automatically. Jack begins to watch the soccer match on his phone with no user
intervention required to get online (Figure 5).
Figure 5. Access using SIM credentials
Residential service subscriber — John waits for his commuter train to the office
John has a subscription to a residential service, such as a cable provider that also offers
hotspots in different locations. While he waits at the train station on his way to the office,
he wants to watch videos online. When he arrives at the station, his tablet automatically
finds and securely connects to his service provider’s hotspot. John starts watching an online
video (Figure 6).
© 2014 Wi-Fi Alliance. All rights reserved. 11
Figure 6. Access for residential service subscribers
Wi-Fi roaming (the visited network) — Sanjay waits for his flight home
Sanjay has an account with his home service provider in Sacramento. At Heathrow airport
waiting for his flight, he wants to connect his mobile device to a Wi-Fi hotspot.
The airport offers hotspots from many service providers, including one that has a roaming
agreement with his home service provider. Using his home account credentials, Sanjay’s
device automatically establishes a connection to the hotspot without any manual input
(Figure 7).
Figure 7. Access through Wi-Fi roaming (the visited network)
© 2014 Wi-Fi Alliance. All rights reserved. 12
Existing technologies supporting the Passpoint program
How does Passpoint make these user experiences at a hotspot possible? The Wi-Fi Alliance
Hotspot 2.0 (Release 2) Technical Specification describes technologies manufacturers and
service providers must use to be certified. The following pages offer an overview.
• IEEE 802.11u – plus custom elements are used during network discovery and selection
to identify certified Passpoint networks
• HTTPS – secure network communications protocol to prevent wiretapping and man-in-
the-middle attacks
• Public key infrastructure (PKI) – for validating servers involved in online sign-up,
registration, provisioning and secure access; Hotspot 2.0 uses five public key certificate
types: Certificate Authority (CA) trust anchor, OSU server, AAA server, subscription
remediation server, and policy server
• OMA DM and SOAP XML – protocols used to exchange messages with servers involved
in online sign-up and provisioning
• WPA2-Enterprise – provides very strong Wi-Fi data encryption and network access
control
• EAP methods – protocols used to seamlessly authenticate a user’s device. Passpoint
enables a hotspot network to use four extensible authentication protocols. Acceptable
credentials are: trusted root certificate, SIM, USIM, and username-password
• RADIUS– a networking protocol that provides centralized authentication, authorization,
and accounting (AAA) management
• Layer 2 inspection and filtering – helps detect network intrusions
• DGAF Disable feature – the purpose of the DGAF Disable feature is to mitigate the so
called “hole-196” attack by disabling forwarding of downstream group-addressed
frames
• Proxy ARP service – the address resolution protocol enables a device to answer
queries for a network address
© 2014 Wi-Fi Alliance. All rights reserved. 13
How Passpoint works
This simple architecture diagram (Figure 8) for a Wi-Fi network shows how some of the
technologies are implemented in the Wi-Fi CERTIFIED Passpoint program.
Figure 8. Simple architecture diagram, Passpoint-enabled Wi-Fi network
Mobile devices pass through four states (Figure 9) on the path to secure Wi-Fi connections.
Figure 9. Passpoint-enabled mobile device states
© 2014 Wi-Fi Alliance. All rights reserved. 14
Discovery
During discovery, hotspots advertise capabilities, and mobile devices can search for a
network pre-association with no user intervention:
1. Mobile device scans for Passpoint-enabled networks and identifies them based on the
access point’s capabilities, advertised in Beacon and Probe Response frames.
2. Mobile device queries ANQP server to determine network’s capabilities prior to
connection.
3. Mobile device checks user credentials to determine if it can access available networks.
4. If the user’s credentials are valid: Mobile device selects the preferred Passpoint-enabled
network unless overridden by the user, and directly proceeds to Secure Access state.
5. If the user’s credentials are invalid or not present: User can select an available Passpoint-
enabled network for online sign-up and proceed to Registration state.
Registration and Provisioning
Registration can be done using pre-loaded credentials and account creation can be done
via online sign-up (OSU).
If a user attempts to connect to a hotspot for the first time or without credentials, her
mobile device also goes through Registration and Provisioning. The OSU server registers
new subscribers and provisions a mobile device with credentials based on trusted root
certificates, SIM/USIM, or username-password. Credentials for devices with a SIM are pre-
provisioned, but might require metadata and policy provisioning.
If the device already has credentials for the Passpoint-enabled network it is trying to
connect to (such as a home service provider or a service provider that has a roaming
agreement with the home provider), it goes straight to the Secure Access state and
connects.
Registration can require:
• Subscriber contact information
• Credit card details
• Agreement to service provider terms and conditions
• Selection of a plan (such as 24 hours, 30 days, or 1 year)
During Provisioning, a mobile device is:
• Loaded with required certificates, credentials, and related metadata, policy, and home
service provider information for network discovery, selection, and access to Passpoint-
enabled network
• Provisioned with subscription and policy data
© 2014 Wi-Fi Alliance. All rights reserved. 15
Secure Access
The mobile device enters the Secure Access state after it is associated to the Passpoint-
enabled network. (The device has login credentials and WLAN security settings that were
previously configured.)
In the Secure Access state:
1. The mobile device mutually authenticates with the hotspot service provider’s (SP)
authentication, authorization, and accounting (AAA) server using one of the allowed
Extensible Authentication Protocol (EAP) methods supported by the SP’s network (Table
2).
Credential Type EAP Method
Certificate EAP-TLS
SIM or USIM EAP-SIM or EAP-AKA
Username-Password
(with server-side certificates) EAP-TTLS with MS-CHAPv2
Table 2. Authentication methods.
2. If authentication with the AAA server is successful, the mobile device receives full access
to the Wi-Fi Passpoint-enabled network.
With all this work going on behind the scenes, the user must only interact once with a
Passpoint hotspot: for first-time sign-up, or to choose a service provider manually.
© 2014 Wi-Fi Alliance. All rights reserved. 16
Passpoint benefits
Passpoint drives value for a broad ecosystem of stakeholders, summarized in the table
below:
Passpoint Benefits
End users Industry-standard Wi-Fi security in hotspots
In-pocket connection experience
Add additional devices to existing account easily
Create new accounts easily
Manage multiple subscriptions in the background
Fixed or Wi-Fi
only service
providers
Connect user devices easily, even non-SIM devices
Engage in Wi-Fi roaming agreements and wholesale Wi-Fi capacity
Keep in-home broadband subscribers connected on the go
Deliver value-added services over Wi-Fi, including video, voice, etc.
Mobile service
providers
Enable data offload
Connect subscriber’s non-SIM devices (tablets, etc.)
Engage in Wi-Fi roaming agreements and wholesale Wi-Fi capacity
Address coverage challenges indoors and in high-footfall areas
Deliver value-added services over Wi-Fi, including video, voice, etc.
Retail sector Provide an easy-to-use customer amenity to enhance store brand
Leverage amenity Wi-Fi to collect customer data
Deliver loyalty program services and promotions
Address cellular coverage challenges
Collect indoor location data and deliver location-based offers
Hospitality
sector
Provide an easy-to-use customer amenity to enhance brand
Leverage amenity Wi-Fi to collect customer data
Deliver loyalty program services and promotions
Address cellular coverage challenges
Deliver value-added services over Wi-Fi, including video, voice, etc.
Table 3. Passpoint benefits to industry stakeholders and end users
© 2014 Wi-Fi Alliance. All rights reserved. 17
Passpoint security with WPA2-Enterprise
WPA2-Enterprise certification is a foundational Passpoint requirement because it provides
a consistent security level that both service providers and subscribers can rely on to
protect the network, devices, and transmitted data.
WPA2-Enterprise meets enterprise and government security requirements. It leverages
authentication, authorization, accounting (AAA) servers to manage user accounts and
monitor traffic. WPA2-Enterprise also defines user-specific authentication levels by using
multiple extensible authentication protocol (EAP) methods.6
WPA2-Enterprise is widely available in Passpoint-enabled mobile devices and laptops.
Legacy clients that are certified for WPA2-Enterprise support the same level of security as
new Passpoint-certified equipment, and can connect to Passpoint-enabled networks if they
have WPA2-Enterprise enabled.
Roaming access through advanced network selection functionality
As Alice experienced in the coffee shop example, Passpoint hotspots enable service
providers to offer seamless roaming in one another’s Passpoint-enabled networks. To
enable roaming, service operators must first establish mutual roaming agreements that
include credential validation, billing, and reconciliation. In addition, they must rely on a
single common protocol for network selection and user authentication. Again, Passpoint
provides that foundation.
After roaming between two service providers is enabled, Passpoint-certified devices can
connect to either the subscriber’s (home) network, or to the visited network run by the
other provider. In each case, the Passpoint-enabled client recognizes that the access point
belongs to the list of available networks and establishes a connection. The user’s
experience is similar to cellular roaming – when he or she reaches a Passpoint hotspot, the
device connects automatically.
6 WPA2-Enterprise uses an authentication and key management infrastructure that is much stronger than
WPA2-Personal. WPA2-Personal support is mandated in all Wi-Fi equipment and provides security in residential
and small business environments without AAA capabilities.
© 2014 Wi-Fi Alliance. All rights reserved. 18
Summary
Hotels, retailers, restaurants, sports arenas,
and other businesses see Wi-Fi as a
competitive necessity for attracting
customers. Carriers and cable providers see
it as a crucial means to expand their reach,
and to relieve congestion in their networks.
Meanwhile, mobile users are demanding
more of everything: Wi-Fi-connected devices,
more bandwidth, more media-rich content,
powerful new apps, and better security. This
drives adoption of Passpoint-enabled mobile
devices (Figure 10).
The Wi-Fi Alliance Wi-Fi CERTIFIED Passpoint program enables service providers and
equipment vendors to make hotspot access powerful, seamless, effortless, and truly secure
for subscribers.
For information on Passpoint, other Wi-Fi CERTIFIED programs and products, or the Hotspot
2.0 (Release 2) Technical Specification: http://www.wi-fi.org/discover-wi-fi/wi-fi-certified-
passpoint.
Figure 10. Wi-Fi CERTIFIED Passpoint products by
category, 703 total as of August 25, 2014.
Source: Wi-Fi Alliance.
© 2014 Wi-Fi Alliance. All rights reserved. 19
Appendix A – Key Hotspot 2.0 requirements
HS2.0 Entity Requirement
Access
points
• WPA2-Enterprise
• Selected EAP methods
• Interworking information, Roaming Consortium, Extended
Capabilities, BSS Load
• IEEE 802.11 ANQP elements and Hotspot 2.0 ANQP-elements
Mobile
devices
• If the device has SIM/USIM, support all credential types and
EAP methods in HS2.0
• Filtering of encrypted frames
• Online sign-up
• QoS mapping interworking services
• IEEE 802.11 ANQP elements and Hotspot 2.0 ANQP-elements
• Device procedures
• PerProviderSubscription managed objects (PPS MO)
Hotspot
operators
• Configure a Passpoint hotspot with access point elements
• Ability to configure ANQP elements and additional Hotspot 2.0
ANQP-elements
• Acknowledge that certificate, SIM/USIM, username-password,
and associated EAP methods are a satisfactory security basis
for establishing roaming relationships with other service
providers
• Do not disable DNS security extensions
Service
providers
• With or without SIM/USIM infrastructure, support at least one
of the following:
- Username/password
- Certificate credentials and the associated EAP method (EAP-
TLS)
• Home service providers support online sign-up
• Deploy authentication, authorization, and accounting (AAA)
servers supporting specified RADIUS attributes
Table 3. Key Hotspot 2.0 requirements
© 2014 Wi-Fi Alliance. All rights reserved. 20
Appendix B – References
Cisco. “The Zettabyte Era—Trends and Analysis.” Accessed September 2, 2014.
MarketWatch. “Wi-Fi Chipset Shipments Will Near 18 Billion Chipsets During the Next Five
Years, Says ABI Research,” May 5, 2014. Accessed September 1, 2014.
AT&T. “1.2 Billion Customer Connections Made to 30,000 AT&T Wi-Fi Hot Spots in 2011,”
2012.
Computerworld. “Wireless competition heats up, and so do changes in executive ranks,”
August 27, 2014. Accessed September 1, 2014.
Wireless Broadband Alliance. “Boingo Drives the Next Generation Hotspot Revolution: WBA
Case Study, 2014.” Accessed September 1, 2014.
Appendix C – Additional resources
White paper by Heavy Reading and Wi-Fi Alliance. “Unlocking the full business potential of
cable Wi-Fi®,” April 2014.
Polling brief by Wi-Fi Alliance. “Wi-Fi CERTIFIED Passpoint™ adds value to service provider
networks,” September 2013.
Appendix D – Abbreviations, acronyms, and terms
Term Definition
AAA Authentication, Authorization and Accounting
AES Advanced Encryption Standard
ANQP Access Network Query Protocol
AP Access Point
ARP Address Resolution Protocol
BSS Basic Service Set
CE Consumer electronic devices
DAS Distributed antenna system
DGAF Downstream group-addressed forwarding
DHCP Dynamic Host Configuration Protocol
DRM Digital rights management
© 2014 Wi-Fi Alliance. All rights reserved. 21
Term Definition
EAP Extensible Authentication Protocol
EAP-AKA EAP–Authentication and Key Agreement
EAP-SIM EAP–Subscriber Identity Module
EAP-TLS EAP–Transport Layer Security
EAP-TTLS EAP–Tunneled Transport Layer Security
HLR Home Location Register
Hotspot
Site that offers public access to packet data services, such as
the Internet, via a Wi-Fi access network; can include one or
more Aps.
Hotspot
operator
Entity responsible for configuration and operation of the
hotspot.
Hotspot service
provider
Entity providing a packet data service as a business. A
subscriber has credentials from this entity, which has
authentication authority for the subscriber and provides
subscribers with authentication credentials.
HS2.0 Hotspot 2.0
HTTPS HyperText Transport Protocol Secure
IC Integrated circuit
IEEE Institute of Electrical and Electronics Engineers
MS-CHAPv2 Microsoft Challenge-Handshake Authentication Protocol
version 2
NAT Network address translation
OCSP Online Certificate Status Protocol
OSU Online sign-up
PKI Public key infrastructure
QoS Quality of service
RADIUS Remote Authentication Dial-In User Service
SIM Subscriber Identity Module
SP Service Provider
© 2014 Wi-Fi Alliance. All rights reserved. 22
Term Definition
SSID Service Set Identifier
TLS Transport Layer Security
TTLS Tunneled Transport Layer Security
USIM Universal Subscriber Identity Module
WAN Wireless Area Network
WEP Wired Equivalent Privacy
WPA2™ Wi-Fi Protected Access® 2
About Wi-Fi Alliance®
www.wi-fi.org
Wi-Fi Alliance® is a global non-profit industry association – our members are the worldwide
network of companies that brings you Wi-Fi®. The members of our collaboration forum
come from across the Wi-Fi ecosystem and share a vision of seamless connectivity. Since
2000, the Wi-Fi CERTIFIED™ seal of approval designates products with proven
interoperability, industry-standard security protections, and the latest technology. Wi-Fi
Alliance has certified more than 20,000 products, delivering the best user experience and
encouraging the expanded use of Wi-Fi products and services in new and established
markets. Today, billions of Wi-Fi products carry a significant portion of the world’s data
traffic in an ever-expanding variety of applications.
Wi-Fi®, the Wi-Fi logo, the Wi-Fi CERTIFIED logo, Wi-Fi Protected Access® (WPA), WiGig®, the Wi-Fi ZONE logo, the
Wi-Fi Protected Setup logo, Wi-Fi Direct®, Wi-Fi Alliance®, WMM®, and Miracast® are registered trademarks of
Wi-Fi Alliance. Wi-Fi CERTIFIED™, Wi-Fi Protected Setup™, Wi-Fi Multimedia™, WPA2™, Wi-Fi CERTIFIED
Passpoint™, Passpoint™, Wi-Fi CERTIFIED Miracast™, Wi-Fi ZONE™, WiGig CERTIFIED™, the Wi-Fi Alliance logo,
and the WiGig CERTIFIED logo are trademarks of Wi-Fi Alliance.