Page History

...

• Public Hotspots

  • Passpoint is widely used by public Wi-Fi providers, such as airports, hotels, and cafes, to streamline the user experience.

• Service Provider Networks

  •  Internet service providers (ISPs) often deploy Passpoint to allow their subscribers to access their Wi-Fi networks automatically, even when they are away from home.

• Enterprise Networks

  •  Some organizations use Passpoint to provide employees with secure and seamless Wi-Fi access in different office locations.

Appendix

• Steps to Map SIM-Based Authentication with Wi-Fi Passpoint:

  1. SIM-based Authentication Overview (EAP-SIM):
     • EAP-SIM is a type of EAP (Extensible Authentication Protocol) used for authenticating devices based on their SIM cards. It enables automatic connection to Wi-Fi networks using information from the SIM card (such as IMSI and authentication keys) instead of traditional username/password methods.
     • Mobile Network Operators (MNOs) or Wi-Fi providers that have partnerships with MNOs can use EAP-SIM to let subscribers connect to Wi-Fi networks seamlessly.

  Steps to Implement SIM-Based Authentication with Wi-Fi Passpoint:

  1. Configure Wi-Fi Network to Support EAP-SIM:

     • The Wi-Fi network, specifically the RADIUS server (Authentication server), must be configured to support EAP-SIM for authentication.
     • The network provider’s infrastructure should support 3GPP AAA servers or similar infrastructure that allows the Wi-Fi network to communicate with the Home Location Register (HLR) or Home Subscriber Server (HSS) to authenticate the SIM credentials.

     Steps:

     • The Wi-Fi access point (AP) is configured to use WPA2-Enterprise (or WPA3-Enterprise for enhanced security).
     • In the AP's configuration, select EAP-SIM as one of the supported authentication methods.
     • The AP communicates with a RADIUS server, which verifies the subscriber's identity through the Mobile Core Network using the SIM card information.

  2. Wi-Fi Passpoint Network Configuration:

     • Passpoint profiles are used to configure client devices to automatically connect to Passpoint-enabled networks.
     • The Passpoint profile for a network that supports SIM-based authentication will specify EAP-SIM as the authentication method.
     • The network's Online Sign-Up (OSU) Server can also deliver the profile to compatible devices, so they can connect automatically.

     Steps:

     • In the Access Network Query Protocol (ANQP) settings, configure EAP-SIM as a supported authentication method.
     • The ANQP responses from the AP will indicate to the device that the network supports EAP-SIM, allowing devices with SIM cards to select this network for automatic connection.

  3. Device-Side Configuration:

     • On the client side (e.g., smartphones or tablets), Passpoint profiles are created by the mobile operator or network provider.
     • Devices with Passpoint support will automatically select networks that match their Passpoint profile and initiate EAP-SIM authentication.

     Steps:

     • The device detects the Passpoint-enabled network and checks the profile for available authentication methods (such as EAP-SIM).
     • The device automatically chooses EAP-SIM and sends the SIM card information (IMSI) to the network.
     • The RADIUS server communicates with the mobile operator’s backend to verify the SIM card’s information.

  4. Authentication Process (EAP-SIM):

     • When a device with a SIM card attempts to connect to a Passpoint-enabled network that supports EAP-SIM, the following occurs:

     Steps:

     • The device sends a request to authenticate using EAP-SIM.
     • The access point forwards this request to the RADIUS server.
     • The RADIUS server then communicates with the Mobile Core Network, querying the HLR or HSS to authenticate the device using the IMSI and other SIM data.
     • The mobile network sends a challenge-response mechanism back to the device, which uses the SIM card to respond and complete authentication.
     • Once authentication is successful, the device is granted access to the network.

  5. SIM-Based Roaming:

     • When the network is set up for roaming, SIM-based authentication works across different networks with roaming agreements.
     • A device using SIM-based authentication can automatically connect to Wi-Fi networks provided by a partner operator in a different country or region.

  6. Advantages of SIM-Based Authentication in Passpoint:

     • Seamless Authentication: Users do not need to manually select a Wi-Fi network or enter credentials. The SIM card handles all authentication automatically.
     • Roaming Support: EAP-SIM enables users to roam between Wi-Fi networks that have roaming agreements with the user’s mobile operator, providing a seamless transition between Wi-Fi and cellular networks.
     • Security: The authentication process is secure, leveraging SIM credentials that are difficult to compromise. EAP-SIM operates over WPA2/WPA3-Enterprise networks, ensuring encryption during data transmission.

  Example Workflow of SIM-Based Authentication with Passpoint:

  1. User Device with SIM detects a Passpoint-enabled Wi-Fi network.
  2. The device checks its Passpoint profile and determines that EAP-SIM is supported by the network.
  3. The device sends an authentication request using EAP-SIM, including the IMSI (International Mobile Subscriber Identity) from the SIM card.
  4. The Wi-Fi network’s AP forwards the request to the RADIUS server, which queries the user’s mobile network for authentication.
  5. The mobile network verifies the SIM credentials using the HLR/HSS and sends back an authentication challenge.
  6. The device responds to the challenge using the SIM card.
  7. Upon successful verification, the RADIUS server grants access to the Wi-Fi network, and the user is automatically connected.