Wi-Fi Server Product Overview Mobile Convergence Technology CONNECTING NETW ORKS
AccuROAM Server is Part of the Magic consists of three components, each with its own set of features and functionalities: Server, Mobile Client and the Network Access Controller (NAC). Together these elements provide secure mobile Wi-Fi roaming for data, voice and SMS while further extending value added services, revenue potential and network management control. The Server is a carrier-class service node that binds Wi-Fi service to the mobile data service core. With 99.999% availability, high-performance and scalability, it encompasses four essential functions: RADIUS and Diameter AAA Server, Wi-Fi Footprint Management Server, WISPr 1+ User-Registration Server and the Mobile Core Authorisation Server. The functions work together, to ensure subscribers are authenticated before Wi-Fi offload and/or roaming authorisation is granted. Once a user has successfully passed these secure screening points, accurate accounting is performed in order to generate reports for data clearing. Server Components AAA Server Wi-Fi- Footprint Management Server WISPr 1+ User-Registration Server SIP Roaming Server Mobile Core Authorisation Server Handles Authentication, Authorisation and Accounting, including interworking with the mobile core subscriber, service-profile, policy/charging and online charging systems; Manages the Wi-Fi service footprint (domestic and/or global) available to service-users; tailors service-coverage and service-parameter sets according to subscriber-category settings set by the mobile service-provider; Controls SIM-related registration by issuing a mobile device Digital Certificate for each subscriber (once only); MSISDN, device number, IMSI (if available) and other identity parameters are used for secure signing; Acts as a VLR (Visitor s Location Register) and facilitates two-way connectivity between different network types using SIP (Session Initiated Protocol) Reconciles and binds the authorisation frames typical in mobile serviceprovider systems (including service-profiles in HLR/HSS, SLF and Policy/Charging profiles in PCRF) with the capabilities that can be delivered in current and on-going generations of Wi-Fi networks;
Award-winning is an End to End solution providing carrier-class service, 99.999% availability, high performance and complete scalability. AAA Security The Server contains an authentication, authorisation and accounting server, AAA, to verify subscriber identification and achieve SIM-based authentication over Remote Authentication Dial In User Service (RADIUS) or Diameter. AAA performs secure subscriber authentication by verifying credentials from the mobile device before checking with service profiles to grant authorisation for mobile network core access. The AAA Server is also responsible for RADIUS accounting traffic, which is necessary for enduser billing. In legacy situations, the AAA can also act as an AAA Proxy Server, where RADIUS signalling is received and passed on to pre-existing AAA servers. Manage your Global Footprint Operator-approved hotspot and Service Set Identifier (SSID) Rule lists reside in on the Wi-Fi Footprint Management Server and updates may be provided to from a third party network-connectivity organisation. Hotspot and SSID lists are distributed to AccuROAM mobile clients to provide subscribers with up-to-date Wi-Fi connectivity locations. As defined by the operator, subscribers are associated with specific hotspot groups, thus creating a Wi-Fi footprint for the subscriber; only the hotspots that are approved specifically for the subscriber are displayed within the Mobile Client. Geolocation data is maintained in the list to allow the Mobile Client UI to display, in map format, the Wi-Fi Hotspots that are available to the subscriber. Map directions from the current location to hotspots are also provided, as are details of the hotspot in question, such as business name, address, phone number and web address (when available). The Client uses mechanisms such as Global Positioning Systems (GPS) (when available), assisted GPS, mobile location and crowdsourced Wi-Fi to determine the current position. Grow and manage SSID Rules and Hotspots for roaming and offload subscribers with the Wi-Fi Footprint Management Server
WISPr Subscribers Register Only Once Most operators ask subscribers to register online for the roaming and/or offload service. The operator may assign the subscriber to a group, based on subscriber management/provisioning policies. The WISPr 1+ User- Registration Server handles a system whereby the subscriber is sent a link via SMS to continue registration by installing the Mobile Client. Silent steps guarantee the same user is associated with the SMS and HTTP request. The user is considered authenticated when the AAA Server successfully secures key parameters for the Mobile Client and a Wi-Fi profile is downloaded (such as the identifier, encryption keys and SSID list) specific to the subscriber. Roam, Talk and Text By interworking with existing communications infrastructures, Session Initiated Protocol (SIP) Roaming Server (SRS) offers operators and subscribers alike an inventive solution for roaming between GSM/CDMA and (pre/current) Internet Protocol Multimedia Subsystem (IMS) networks. In other words, SRS facilitates two-way connectivity between different network types, most popularly mobile and Wi-Fi technologies. Innately, SRS is a mobility manager that acts as a Visitor Location Register (VLR) to locate authenticated and authorised registered subscribers connected to Pre-IMS/IMS. SRS uses SIP, a standard used largely for voice and multi-media applications, to transfer all inbound/outbound voice and messaging traffic between the networks. Silent & Secure Authorisation The Mobile Core Authorisation Server is the facilitator between the subscriber and service profiles/policy enforcement set up by the operator; its design provides a flexible approach for querying a user s authorisation status against the service core environment. Procedures vary according to network configuration and device type, but ultimately the Mobile Core Authorisation Server provides the necessary permission to authorise a subscriber to connect to a hotspot. For each Wi-Fi session, the Mobile Client sends subscriber SIM-related credentials and authentication requests to the Mobile Core Authorisation Server (over RADIUS) and (re)checks the service core environment for the authorisation status. This process can be repeated for each Wi-Fi session or by applying logic to optimise the frequency of such authorisation requests. Authorisation and Charging (or Credit Control) are often combined in operator core environments; Accuris Networks specialises in providing complete end-to-end integration solutions with authorisation-query systems such as: Diameter-based Policy and Charging Rules Functions (PCRF) Diameter-based Online Charging Systems (OCS) CAMEL-based Charging and Service-Control Systems LDAP Services for Subscription and Service-Profiling RADIUS Services (including on-board itself) for authorisation Web-enabled End-User Provisioning Systems (XML-enabled)
AccuROAM Server for the Operator Carrier-class availability (One over N), scalability and performance Wi-Fi network and infrastructure agnostic Full AAA service Full cellular extension of voice, SMS and data onto Wi-Fi Multiple services support 3GPP AAA, Wi- Fi/WiMAX, xdsl/pppoe SIM-based secured authentication Award-winning Accuris approach using WISPr 1 +/ WISPr 1.0/WISPr 2.0/EAP- SIM/AKA / PEAP / TLS / TTLS Support for NGH, Hotspot 2.0, PassPoint Client and server integration points Policy Management with preferred Wi-Fi hotpots management; includes synchronised lists with user devices; Billing, charging & settlement (online, offline & roaming) Data-Clearing conversion and Mediation (RADIUS to TAP / CIBER) and Gy, Wo interfaces RADIUS accounting querying via Web UI AAA Proxy Server (RADIUS signalling) for interworking with legacy AAA services Wi-Fi Hotspot footprint unlimited in size; also pre-integrated with WISP aggregators (such as ipass, Trustive and Quiconnect) to bring in millions of Wi-Fi hotspots to service immediately; Support for multiple Wi-Fi footprint profiles Subscriber record querying such as IMSIs, MSISDNs, RADIUS, hotspot groups, devices and operator-specific subscriber IDs Subscriber blacklisting Standard and platform secure connections, such as IP Sec and SSL Tunnelled access to mobile network with key management Industry standard server architecture (typically Intel-Architecture 64-Bit Server Hardware, with Linux RedHat 6.3 OS) What about Subscribers? Mobile subscriptions are bound to global Wi-Fi footprints Register once if WISPr, never if EAP SIM/AKA Authentication and authorisation totally secure Accounting and billing is tied to subscription Browse hotspots available to you worldwide Always up-to-date Wi-Fi hotspot listings Automatically or manually connect to hotspot
About Accuris Networks Accuris Networks is a leading provider of Wi-Fi Offload and Roaming interworking convergence solutions for data, voice and messaging offload to Tier 1 operators. Accuris Networks produces proven carrier class performance solutions and is an established supplier of competitive, cost effective platforms internationally. Accuris Networks strengths lie in mobile core integration and the company is a committed contributor to the Wireless Broadband Alliance (WBA) and the GSM Association (GSMA). Headquarters Accuris Networks 7th & 8th Floor O Connell Bridge House D Olier St. Dublin 2 Ireland +353 1 8818700 Phone +353 1 8818701 Fax Accuris Networks Inc. 1 Batterymarch Park Quincy Boston MA 02169 USA +1 303 666 1214 Phone +1 720 206 0984 Fax Accuris Networks Malaysia Suite 18-16 18th Floor Wisma UOA II 21 Jalan Pinang Kuala Lumpur 50450 Malaysia +60 3 2161 6232 Phone Accuris Networks Sao Paulo Brazil +55 11 95653 0999 Phone www.accuris-networks.com Mobile Wi-Fi convergence technology is merging mobile services with broadband IP communications infrastructure to gain cost-efficient services, uniform service accounts, high volume transactions, faster mobile-service access speeds and CONNECTING NETW ORKS value-added services.