Enea Aptilo SMP

SIM Authentication

SIM authentication provides a seamless and secure user experience


SIM Authentication

SIM Authentication, also known as EAP-SIM/AKA/AKA’, is all about a seamless and secure user experience. Users are automatically connected to the encrypted (802.1x) Wi-Fi network(s) defined in the Wi-Fi connection profile. A 3GPP AAA, such as the one in Enea Aptilo SMP and Enea Access Manager, integrates with the mobile core’s user identity database (HLR/HSS/AUF) to authenticate and authorize the user.

EAP-SIM/AKA/AKA’, is also one of the cornerstones of Passpoint (Hotspot 2.0).

Seamless and Secure Authentication

The key to a successful mobile data offloading strategy is the ease of use with a seamless and secure user experience. A SIM-based authentication is a powerful tool for achieving these goals. This is the method whereby mobile/cellular devices use the credentials in a SIM card / eSIM to authenticate the device for Wi-Fi service on a secure 802.1x capable Wi-Fi network. Users will just automatically and securely fly onto the Wi-Fi network.

Enea Aptilo SIM authentication architecture

SIM Authentication for Wi-Fi as Secure as Cellular

One of the key benefits of using the SIM / eSIM for authentication (EAP-SIM/AKA) is that both the authentication process and the data must be encrypted in the Wi-Fi network. Hence, the Wi-Fi network becomes as secure as the cellular network. Learn more technical details below.


EAP-SIM/AKA Optimized for Wi-Fi Offload

The Enea Aptilo SMP SIM Authentication server performs EAP-SIM/AKA authentication optimized with the standard 3GPP AAA functionalities needed for an offloading scenario, enabling SIM-based authentication for any secure Wi-Fi network. Furthermore, the Enea Aptilo mobile offloading solution supports various alternative authentication methods for devices without SIM cards or lacking support for the EAP-SIM/AKA method.

EAP-SIM and EAP-AKA for Mobile Devices

Delivered as a module on Enea Aptilo Service Management Platform (SMP), the Aptilo SMP SIM Authentication server utilizes the same mechanism used in the mobile core to obtain a seamless and secure user experience when authenticating the mobile device to the cellular network. As Enea Aptilo SMP (software) or SMP-S (service on AWS) is the core platform, you can get seamless Wi-Fi Offload, Carrier Wi-Fi, and B2B Guest Wi-Fi support from one scalable platform.

We can also provide the 3GPP AAA functionality for Wi-Fi Calling, even though we recommend the Enea Access Manager if this is all you want to do.


SIM authentication with integration to OSS/BSS, policy and mobile core

Using Existing Mobile Infrastructure

A mobile operator (MNO/MVNO) can leverage the existing infrastructure for HLR/HSS by adding a dedicated EAP-SIM/AKA authentication function.

The Enea Aptilo SMP SIM Authentication server provides a means for authentication with the subscriber credentials in the SIM card /eSIM. It provides EAP-SIM/AKA (SIM/USIM-based) authentication for Wi-Fi users based on the information retrieved from the existing HSS over the Diameter Wx interface (supporting 3GPP Release 7 and onwards). It can do the same with data from the HLR over the SS7/MAP D’/Gr’ interface (supporting 3GPP Release 6 and onwards).

It can also interact with existing core network systems such as PCRF/PCF and DPI and OSS/BSS systems such as CRM to build advanced policies for the session. One example is first to authenticate the user seamlessly. Then engage them with a portal experience or send an SMS/e-mail if policies for the current location and user type dictate.

Using our vendor-agnostic solution, you can use the existing mobile infrastructure independent of the HLR/HSS vendor and regardless of system generation.

Scalability and Availability

When automatically and actively offloading cellular users, mobile operators need to handle Wi-Fi as a service that is as critical as mobile broadband.

This calls for an exceptionally scalable architecture with high availability. Our solution caters to this as we have built it on our SMP ALE architecture which takes the scalability and availability issue out of the equation with linear scalability and high availability, including geographic redundancy.

It supports SNMP-based network management, meaning service providers can integrate this node into the overall NOC operations.

Flexible Connectivity to HSS/HLR in the Mobile Core

The Enea Aptilo SMP SIM Authentication server can easily connect to existing SS7 networks and can be delivered with an optional SS7 PCI-Express board. Additionally, to facilitate connection with next-generation IP networks, it can handle SS7 over IP using the built-in support for SIGTRAN. The physical link for the IP-based SIGTRAN protocol and Diameter Wx is the native high-capacity IP network adapter in the server hardware. Many SS7 and SIGTRAN protocols are supported to facilitate smooth integration with the mobile core. Different national variants (ANSI, ITU, Chinese, and Japanese) and hybrid variants are also supported. Authentication for both USIM- and SIM-based devices simultaneously provides a seamless migration path from older to newer devices.

Enea's SIM authentication server can connect to multiple mobile core networks

With a dedicated and purpose-built function for SIM-based authentication, a service provider gets the most flexibility in terms of network topology. In a multi-HLR and -HSS environment, we provide a central aggregation point for all Wi-Fi-based SIM authentication requests. We can perform authentications to multiple HLR and HSS nodes from different vendors. Thanks to the central aggregation point based on Enea Aptilo SMP multi-vendor support, it is possible to connect various other Wi-Fi systems that perform RADIUS signaling for the individual Wi-Fi networks.

It is also possible to deploy co-located with each HLR/HSS and configure a connection to the Wi-Fi AAA from each authentication node.