WLAN and GPRS/UMTS

Convergence – EAP Server

White Paper

Copyright 2003 IntelliNet Technologies, Inc. All rights reserved.

IntelliNet Technologies, IntelliSS7, Accelero and Convero are registered trademarks of IntelliNet Technologies, Inc. United States and or other countries.
Visit www.intellinet-tech.com for more information.
 EAP Server White Paper

Executive Summary
Wireless Local Area Networks (WLAN) based on the IEEE 802.11 standards has been one of the
great technology-industry success stories. The bandwidth available with the 802.11b standard is 11
Mbps. This makes it a perfect complimentary offering for the wireless carriers, enabling them to
offer high-speed data access in public hot spots along with their GPRS and UMTS lower speed data
access. However for carriers to cost effectively offer the WLAN service, the new equipment being
deployed for authentication and accounting must seamlessly integrate into their existing
infrastructure such as the HLR, SCP and provisioning systems. This enables the carrier to offer a
single bill service without duplicating the back-end applications built for the voice services.
This document provides an overview of the wireless LAN and GSM technology and covers
authentication and billing to enable the subscribers to roam between the WLAN and GSM based
networks and obtain a single bill or use a single prepaid account for both voice and high speed
data. It also introduces IntelliNet’s EAP Server that enables the convergence between WLAN and
GSM based networks.

A day in the life of…

Ho Young Pak, Engagement Manager at a global consulting company, is about to leave home for work
in the morning. He turns on his laptop, connects to the network using an 802.11b SIM based PC card.
Checks his email and responds to his colleagues in a different country using IM. On his way to a
client’s office, he stops at a Starbucks. While sipping his coffee, he quickly checks his stock portfolio
on his WLAN enabled PDA connecting through Starbucks hot spots.

After he stepped out of the coffee house, he realizes he didn’t bring his directions to his client. He
quickly checks the maps using his PDA that is also GPRS/UMTS enabled. While looking for maps, he
gets an email reminding him to pay the single monthly bill from the carrier for the phone, GPRS and
WLAN usage for the month.

802.11/GPRS Convergence
It’s already happening. The next generation of mobile communication technologies will support a
range of services far broader and more highly sophisticated than was ever possible. And the range of
business models, customer segments, and supply chains enabled by 3G technologies will expand
proportionally. Services that offer the most compelling user benefits and the clearest value
propositions will drive increased mobile data usage in both the WLAN and 2.5G/3G markets. 802.11/
GPRS/UMTS roaming enables end-user access to mobile Email, multimedia video and audio, news
and travel information, games, sports, and lotteries at any place, with faster data rates in the WLAN
hot spots.

www.intellinet-tech.com
 EAP Server White Paper

The Time Is Now

Although the GPRS data access market continues to grow, the rate of that growth is showing signs of
delayed adoption, and margins are trending downward. Worldwide WLAN client shipment forecasts
indicate that the adoption of WLAN will be quick and deep. Recent push by the market leaders
Microsoft and Intel in this space will make the adoption even faster. To stay competitive, cellular
carriers must respond to this market event demand by offering new WLAN access services that will
increase their market share and profits. The survival of wireless carriers in this new world will depend
upon their ability to roll out successful new offerings to their customer base quickly.

The need for speed

The kinds of applications that enable convergence of voice, data, and video require high-speed
transmission capability. GPRS and UMTS technology, though adaptable to data transmission, can
provide data speeds only slightly better than that of TDMA/GSM. However, with WLAN systems, which
work in scattered hot spots, Internet connection speed is dramatically improved, making this kind of
system a logical complimentary to 3G technologies.

To remain competitive and take advantage of the tremendous revenue potential that these next-
generation Internet solutions enable and offer, service providers can plan to upgrade their
infrastructure for WLAN by adding only an EAP Server into their 2.5G/3G network. The ability to offer
WLAN services by just entering into roaming agreement with hot spot operators makes it the most
effective way for the cellular carriers.

www.intellinet-tech.com
 EAP Server White Paper

802.11/GPRS Convergence Technology

SS7 Suite
The Signaling System 7 (SS7) specification was developed and standardized by CCITT. SS7 is a
common channel signaling system. In SS7 one channel is used exclusively for sending the signaling
information, whether the system has a single bearer channel or multiple bearer channels. The
hardware and software functions of the SS7 protocol are divided into layers that loosely correspond to
the OSI 7 layer model.

More detail on the following SS7 protocols is provided below.

♦ MTP-2: Message Transfer Part Level 2
♦ MTP-3: Message Transfer Part Level 3
♦ SCCP: Signaling Connection Control Part
♦ TCAP: Transaction Capabilities Application Part
♦ MAP: Mobile Application Part

SS7 in relation to the OSI Model

MTP-3
Message Transfer Part - Level 3 (MTP-3) transfers messages between the nodes of the signaling
network. MTP-3 ensures reliable transfer of the signaling messages, even in the case of the failure of
the signaling links and signaling transfer points. The protocol includes the appropriate functions and
procedures necessary to inform the remote parts of the signaling network of the consequences of a
fault, and also appropriately reconfigure the routing of messages through the signaling network. MTP3
handles SS7 routing, Load balancing, congestion control and link management.

www.intellinet-tech.com
 EAP Server White Paper

MTP-2
Message Transfer Part - Level 2 (MTP-2) is a signaling link, which together with MTP-3 provides
reliable transfer of signaling messages between two directly connected signaling points.

SCCP
The Signaling Connection Control Part (SCCP) offers enhancements to MTP level 3 to provide
connectionless and connection-oriented network services, as well as to address translation
capabilities. The SCCP enhancements to MTP provide a network service that is equivalent to the OSI
Network layer 3.

TCAP
The Transaction Capabilities Application Part enables the deployment of advanced intelligent network
services by supporting non-circuit related information exchange between signaling points using the
SCCP connectionless service. TCAP messages are contained within the SCCP portion of an MSU. A
TCAP message is comprised of a transaction portion and a component portion.

MAP
Mobile Application Part (MAP) messages sent between mobile switches and databases to support
user authentication, equipment identification, and roaming are carried by TCAP In mobile networks
(IS-41 and GSM) when a mobile subscriber roams into a new mobile switching center (MSC) area, the
integrated visitor location register requests service profile information from the subscriber's home
location register (HLR) using MAP (mobile application part) information carried within TCAP
messages.

CAMEL
Customized Applications for Mobile Networks Enhanced Logic allows roaming subscribers access to
their full portfolio of IN services. CAMEL GSM phase 2+ connects the home and visited mobile
networks to various Intelligent Network (IN) platforms used throughout national networks to provide
features such as Pre-Paid Calling, Personal Numbering and more complex location dependent
services. As a result, CAMEL is a relatively inexpensive method of allowing telecom operators to add
new services to the existing network infrastructure.

RADIUS
RADIUS servers are responsible for receiving user connection requests, authenticating the user, and
then returning all configuration information necessary for the client to deliver service to the user. A
RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication
servers. Network Security Transactions between the client and RADIUS server are authenticated
through the use of a shared secret, which is never sent over the network. In addition, any user
passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that
someone snooping on an insecure network could determine a user's password.
www.intellinet-tech.com
 EAP Server White Paper

Security
In the WLAN industry, IEEE 802.11 standards have made it possible for hardware vendors to create
interoperable systems. Even though there are security holes in the standard 802.11, the EAP server is
based on a more secure 802.1x standard for authentication. The Odyssey Client software running on
the subscriber equipment will maintain security associations with the HLR and the EAP server. The
authentication information is securely transmitted and interpreted by the peers. Security associations
between the IP gateway and the EAP server ensures the accounting logs are transferred securely
without any tampering. The secure link is based on industry standard 3DES IP Security standard.

Authentication/Encryption
IntelliNet’s EAP Server uses the A3 and A8 algorithms, defined by the GSM standards, for
authentication. The standard VLR functionality is integrated into the EAP Server for authentication
purposes by interfacing with the carrier’s HLR. The A3 and A8 algorithms are highly secure and widely
adopted by all the GSM cellular carriers. This method offers the highest level of security available to
the wireless carriers today.

IntelliNet’s EAP Server is based on the latest IETF drafts of the EAP-SIM and EAP-AKA, which utilize
the A3 and A8 algorithms and increase the security by using multiple triplets (Rand, KC, Res) from the
HLR and tripling the key length. The interface and messages between the EAP Server and HLR
remain the same as between a VLR and HLR. Even if a hacker breaks the ciphering keys (Kc), it is
computationally infeasible to derive any of the original ciphering keys.
The EAP server also uses the optional pseudonym support and eliminates the need of sending the
IMSI in plain text. The pseudonym is stored in a centralized database and made available to multiple
EAP Servers over a secure connection.

www.intellinet-tech.com
 EAP Server White Paper

What is EAP Server?

EAP Server is a very innovative concept that converges the GSM network and WLAN network
together. It enables the carrier to offer WLAN data access services with minimal capital expenditure. It
is an authentication server that authenticates the WLAN data users equipped with a GSM Subscriber
Identity Module (SIM) card to get securely authenticated through the Cellular carrier’s existing HLR
where the user is provisioned. It interfaces using RADIUS with the WLAN IP Gateway and the
embedded VLR functionality to interface with the HLR using MAP over the existing SS7 Network. The
built-in SSP functionality using CAMEL also interfaces with the existing SCP in the carrier’s network to
offer pre-paid data access.

With the EAP Server the carrier can extend WLAN services and features to GSM/GPRS mobile
subscribers every time they step into a hot spot

Why IntelliNet is the right choice

IntelliNet orchestrates each element required to deploy a fully operational network. IntelliNet’s flexible
architecture accommodates all stages of cellular evolution. It works with not only WLAN but enables
the convergence with both GPRS and UMTS.

Experienced in SS7 technology

IntelliNet has been building applications based on its own implementation of the SS7 stacks. When
combined with a wide variety of application level APIs such as GSM MAP, UMTS MAP and CAMEL,
IntelliNet developed a high quality EAP Server. The underlying technology has been deployed in a
www.intellinet-tech.com
 EAP Server White Paper

variety of countries and cellular carrier’s networks. IntelliNet was the first in the market to make
different versions of CAMEL available.

Strong business relationships with industry leaders

In addition to unmatched success in SS7 technologies, IntelliNet has forged strong relationships with
an ecosystem of partners. These relationships help to solidify the company’s firm commitment to the
EAP Server solution and confirm the company’s leadership in converged GPRS/ WLAN networking.
Relationships with the industry’s best hardware suppliers, as well as with leading system integrators,
provide true best-of-class, integrated business infrastructure solutions that will deliver cost-effective
and profitable next-generation services.

IntelliNet’s EAP Server Solution Benefits

To The Wireless Carrier
IntelliNet's EAP Server gives wireless carriers a cost-effective entry into the emerging wireless 802.11
market and offers the following benefits:
♦ Enables the carrier to offer WLAN access and services without the need for a costly network overlay,
by entering into roaming arrangement with the Wireless ISPs. The carrier would still own the
customer and provide a single bill.
♦ Provides the opportunity to charge the customers for voice and broadband data over 802.11 in a
variety of ways including, bytes, calls, Different types of content, SMS messages, IM messages etc.
This enables the carrier to segment and target customers effectively.
♦ Increases the revenue and profits by offering high speed data and increases the appetite for data
based applications. Increased WLAN data usage will spill over into GPRS and UMTS data usage as
well.
♦ Increases additional market share and reduces churn of existing subscribers by offering differentiated
value added
♦ Reduces the capital investment by seamlessly integrating into the existing authentication,
authorization, billing and provisioning systems.
♦ Captures the pre-paid segment by offering a single pre-paid account for both voice and high-speed
data access. The EAP server has the built in SSP functionality based on CAMEL standard.
♦ Reduces the expensive in-building build out of 3G by utilizing existing high speed WLAN with in the
building for both voice and data.
♦ Eliminates GSM subscribers roaming off the GSM network in search of higher data rates with
seamless interoperability of the GSM/WLAN networks
♦ Enables the marketing team to track the usage patterns of different subscriber groups and offer
targeted promotions using an extensive collection of statistics from the EAP server

To The WLAN/GPRS Subscriber

To the end user EAP Server:
www.intellinet-tech.com
 EAP Server White Paper

♦ Provides "anytime, anywhere" high-speed wireless access to the Internet and the corporate office
environment regardless of their location
♦ Functions as an extension to the LAN, allowing travelers to keep updated while on the road by
reading mail, access to company intranet and other business applications via a corporate Virtual
Private Network (VPN)
♦ Enables global roaming capabilities
♦ Maintains a single wireless service provider, one bill for both services and one customer service
number, based on the SIM card.

To the Independent Wireless ISP

IntelliNet’s EAP Server enables the Wireless ISP to:
♦ Capture additional revenue by entering into roaming agreements with multiple cellular carriers.
♦ Acquire a wide customer base of all the cellular carriers to use the WLAN network, with no cost of
acquisition.
♦ Reduce the hassles of provisioning, billing and collections by moving that functions to the cellular
operator.
♦ Use the WLAN infrastructure more efficiently. The roaming subscribers will use the additional capacity
not add addition operational expenses.

www.intellinet-tech.com
 EAP Server White Paper

IntelliNet’s EAP Server

By converging WLAN with GPRS using IntelliNet’s EAP Server, wireless carriers can offer high-speed
data access with minimal changes to their infrastructure and provide a single bill to their subscribers.

IntelliNet’s EAP Server offers carriers a cost effective way of offering WLAN access and services to its
subscribers. The subscribers use the same GSM/GPRS/UMTS SIM card for their WLAN access and
get authenticated through the carrier’s HLR via the EAP Server.

With the EAP Server, carriers can offer complimentary WLAN access to their GPRS/UMTS
subscribers. The EAP server easily integrates into the existing network and seamlessly interoperates
with their HLR and SCP to enable the carrier to offer a single bill and eliminates the duplicate
provisioning of the data user. This preserves the investment carriers made for voice and GPRS
services.

Features
Fully Standards Compliant -The EAP Server supports the latest IETF drafts of EAP-SIM and EAP-
AKA. It also supports optional IMSI Privacy, with the pseudonym being stored in a centralized
database.

Multi-carrier Roaming Support -The EAP Server supports different versions of GSM MAP, UMTS
MAP and CAMEL simultaneously. This enables the carriers to seamlessly integrate with multiple
carriers and enter into roaming arrangements with them.

Highly Available -The EAP Server is built to provide 99.999% availability. When deployed in a 1+1
active-active scenario, the servers constantly communicate over the Ethernet port and save all the
necessary information for the other node to take over at any time without service interruption. All
accounting logs are stored on persistent storage and all log deliveries are guaranteed.
Carrier Class Operability -The EAP Server is operable through a variety of ways including secure
command line interface and SNMP. It also offers rolling upgrades and logging facilities to reduce the
total cost of ownership for the carrier.
Worldwide Compliance -The EAP Server employs a proven SS7 implementation deployed in more
than 50 countries. This experience offers the robustness and proven compatibility that global service
providers require.
Scalable - The EAP Server is available in a variety of configurations, making it suitable for any
network size. It can be deployed in a centralized or distributed model. The RADIUS proxy support
enables it to proxy from third party RADIUS servers also.

Future Proof -The EAP Server is built with future standards and needs in mind. It can easily migrate
to Diameter standards, offering passwords via SMS, and WLAN subscriber location collection and
dissipation similar to a GMLC.

www.intellinet-tech.com
 EAP Server White Paper

Standards:
♦ GSMMAP – Phase 1,2,2+ and 3
♦ UMTS MAP – 3GPP TS29.002 V.2.1 (2000-12)
♦ CAMEL – Stage 1 & 2 ETSI ITS 101046 (V7.0.0) 3rd Gen ETSI TS-129078 (v3.3.0)
♦ TCAP – Blue and White Book, ANSI T1.114 1996 1992 and ITU-T Q.77x06/97
♦ SCCP – ANSI T1.112 1996, ITU-T Q.71X07/96 ETSI TS 300009
♦ SNMP – V1, V2c
♦ RADIUS – RFCs 2138, 2865, 2251, 2139, 2866-69, 2809

CONCLUSION
Cellular carriers who wanted to offer the complimentary high-speed WLAN access along with GPRS
and UMTS can now safely do so by incorporating the EAP Server into their network, which seamlessly
interoperates with the existing backend infrastructure.

IntelliNet’s EAP Server supports the innovative EAP-SIM and EAP-AKA drafts, providing the carriers a
way to offer WLAN services. Just by entering into roaming arrangements with the Wireless ISPs the
carriers, the carriers can offer one bill, or one prepaid account for all the communication needs of the
subscriber including, voice, 2.5G/3G data and High-speed WLAN data access. EAP Server, an
integrated Radius Server and VLR, reflects the high quality, multi-vendor/multi-country support, and
scalability that have been the hallmarks of IntelliNet’s products since 1992. These characteristics help
ensure a maximum return from an organization’s WLAN investment.

CONTACT INFORMATION
For more information or to contact IntelliNet Sales, visit our web site at www.intellinet-tech.com or
send a note to info@intellinet-tech.com.

IntelliNet Technologies, Inc. • 1990 W. New Haven Ave., Suite 307 • Melbourne, FL 32904

Tel: +1.321.726.0686 • FAX: +1 321.726-0683

Copyright ©2003 IntelliNet Technologies, Inc., All rights reserved.

www.intellinet-tech.com