3GPP AAA

In the context of Wi-Fi Offloading, the 3GPP AAA (Authentication, Authorization, and Accounting) server plays a crucial role by performing EAP-SIM/AKA authentication of SIM devices directly with the HLR/HSS. While the 3GPP AAA isn’t specifically designed for the 5G standalone (SA) architecture, we anticipate its evolution to support SIM authentication through the AMF/AUSF for 5G SA. This advancement will enable local traffic breakout, eliminating the need for interworking gateways (TNGF/TWIF). As a result, mobile operators will benefit from a unified authentication function for Wi-Fi access, providing users with seamless and secure network connection across “any G”.

The role of the 3GPP AAA function in Wi-Fi Offloading extends beyond the complexity of Wi-Fi Calling. In addition to user authentication and authorization, a 3GPP AAA server must deliver policy control and routing information to packet gateways for optimal 3GPP Wi-Fi access.

As leaders in mobile data offloading, we have observed that additional functionality is often required in various implementations. Our award-winning Enea Aptilo Service Management Platform (SMP), built around the robust Enea AAA core, provides this functionality. Available as software or a cloud service hosted on AWS, it offers:

• Support for monetizing the Wi-Fi network through ad-hoc user signups via Web Portals.
• Engagement tools such as captive portals, SMS, and email.
• The ability to retrieve policies from the mobile core (PCRF/PCF) and OSS/BSS, then define detailed Wi-Fi-specific policies to deliver an excellent user experience within the Wi-Fi network.
• AAA function purpose built for the Wi-Fi use case, we refer to this as Wi-Fi AAA.
• Support for roaming with third-party Wi-Fi networks and WBA OpenRoaming.
• A Wi-Fi subscriber database to create Wi-Fi accounts and monetize the network by opening it for public use.

By leveraging these capabilities, operators can enhance network efficiency and deliver a superior user experience.

According to standards, a 3GPP AAA server is responsible for authenticating devices to establish an IPSec tunnel for the Wi-Fi Calling service, a critical function in next-generation Wi-Fi Calling solutions. Choosing a vendor-agnostic 3GPP AAA like the Enea AAA Server offers key functionalities that enhance real-world deployment beyond the standard specifications.

A significant advantage of the Enea AAA Server is its capability to interact with iOS entitlement servers, allowing the onboarding of individual iPhone devices for VoLTE and VoWiFi services. This process introduces additional authorization and security mechanisms beyond what the 3GPP standards outline. Without this entitlement mechanism, all SIM-enabled iOS devices could potentially access VoLTE and VoWiFi services indiscriminately, which may not be desirable.

This entitlement process offers mobile operators various benefits, including ensuring end-user acceptance of terms and conditions (EULA), registering emergency addresses, and enabling service activation for secondary devices related to the subscriber’s mobile account.

While some operators may opt for an open-access approach to their Wi-Fi Calling service, others might prefer to impose restrictions. The ideal point to implement such controls is during the user authentication phase for the Wi-Fi Calling service. The Enea AAA Server incorporates an integrated policy engine to manage these Wi-Fi Calling policies effectively. By integrating with VoWiFi/VoLTE entitlement servers, operators can exercise more granular control over service admission.