According to standards, a 3GPP AAA server provides authentication of the device so that an IPSec tunnel can be established for the Wi-Fi Calling service. This is a critical function of a next-generation Wi-Fi Calling solution.
One of the advantages of going with a vendor-agnostic 3GPP AAA such as the Enea Access Manager is that you can expect critical functionality which makes things work in real-world deployments—adding functionality that goes beyond the standards.
One example is when our 3GPP AAA interacts with iOS entitlement servers for onboarding individual iPhone devices to the VoLTE and VoWiFi services.
This process adds an additional authorization and security mechanism to what is specified in the 3GPP standards. Without the entitlement process in place, all SIM-enabled iOS devices would be allowed access to the VoLTE and Wi-Fi Calling (VoWiFi) services, which are often not desired. It also brings additional benefits for the mobile operator, such as end-user acceptance of terms and conditions (EULA), emergency address registration, and service activation for secondary devices associated with the subscriber’s mobile account.
Some operators may allow everything for anyone everywhere regarding their Wi-Fi Calling service. Others may want to apply some restrictions, and the best place to do this is where the user is authenticated for the Wi-Fi Calling service. The Enea 3GPP AAA features an integrated policy engine to handle these Wi-Fi Calling policies. A more granular control over who is admitted to the service can be achieved by integrating with VoWiFi / VoLTE entitlement servers.
Need to control the user experience on your own or your partner’s Wi-Fi network? The Enea Aptilo SMP allows the operator to control the user experience in their own Wi-Fi footprint. The built-in Wi-Fi Policy engine supports many vendor-specific attributes (e.g., quality of service control) that are unique to some gateway and Wi-Fi vendors. It can also handle Wi-Fi roaming and authentication with third-party Wi-Fi networks.
The task for a 3GPP AAA server in the Wi-Fi Offload context is to perform EAP-SIM/AKA authentication of SIM devices directly to the HLR/HSS/AUSF. This provides users with seamless and secure access to the Wi-Fi network.
The 3GPP AAA function in Wi-Fi Offload is far more complex than in Wi-Fi Calling. Apart from the authentication and authorization of users, a 3GPP AAA server should provide policy control and routing information to packet gateways for 3GPP Wi-Fi access.
This is why we recommend the award-winning integrated 3GPP AAA functionality provided in the Enea Aptilo Service Management Platform (SMP), available as software or as a cloud service hosted at AWS for the Wi-Fi Offload use case.
As the leader in mobile data offloading, we have seen in many of Aptilo’s implementations that there may be a need to add additional functionality:
- Support for monetizing the Wi-Fi network by allowing signup of ad-hoc users through Web Portals.
- Engage users through captive portals, SMS, and email.
- Ability to look up policies from the mobile core and OSS/BSS and then define granular Wi-Fi-specific policies to control the quality of service (QoS) in the Wi-Fi network.
- Add a Wi-Fi AAA to be able to run a carrier-class Wi-Fi service integrated with the existing OSS/BSS systems.
- Add a Wi-Fi Policy & Charging subsystem to apply granular policy and charging in the Wi-Fi network based on information received from the policy lookups and the operator’s PCRF/PCF.
- Handling roaming with third-party Wi-Fi footprint and support for WBA OpenRoaming.
- A Wi-Fi subscriber database to add Wi-Fi accounts and monetize the Wi-Fi network by opening it up for public use.
All these functions and more are available in the Enea Aptilo SMP featuring a built-in 3GPP AAA purpose-built for Wi-Fi.
If a 3GPP AAA for authentication, authorization, and accounting is all your need, then the Enea Access Manager may be your choice.