Академический Документы
Профессиональный Документы
Культура Документы
White Paper
Executive Summary
Wireless Local Area Networks (WLAN) based on the IEEE 802.11 standards has been one of the
great technology-industry success stories. The bandwidth available with the 802.11b standard is 11
Mbps. This makes it a perfect complimentary offering for the wireless carriers, enabling them to
offer high-speed data access in public hot spots along with their GPRS and UMTS lower speed data
access. However for carriers to cost effectively offer the WLAN service, the new equipment being
deployed for authentication and accounting must seamlessly integrate into their existing
infrastructure such as the HLR, SCP and provisioning systems. This enables the carrier to offer a
single bill service without duplicating the back-end applications built for the voice services.
This document provides an overview of the wireless LAN and GSM technology and covers
authentication and billing to enable the subscribers to roam between the WLAN and GSM based
networks and obtain a single bill or use a single prepaid account for both voice and high speed
data. It also introduces IntelliNet’s EAP Server that enables the convergence between WLAN and
GSM based networks.
After he stepped out of the coffee house, he realizes he didn’t bring his directions to his client. He
quickly checks the maps using his PDA that is also GPRS/UMTS enabled. While looking for maps, he
gets an email reminding him to pay the single monthly bill from the carrier for the phone, GPRS and
WLAN usage for the month.
802.11/GPRS Convergence
It’s already happening. The next generation of mobile communication technologies will support a
range of services far broader and more highly sophisticated than was ever possible. And the range of
business models, customer segments, and supply chains enabled by 3G technologies will expand
proportionally. Services that offer the most compelling user benefits and the clearest value
propositions will drive increased mobile data usage in both the WLAN and 2.5G/3G markets. 802.11/
GPRS/UMTS roaming enables end-user access to mobile Email, multimedia video and audio, news
and travel information, games, sports, and lotteries at any place, with faster data rates in the WLAN
hot spots.
www.intellinet-tech.com
EAP Server White Paper
To remain competitive and take advantage of the tremendous revenue potential that these next-
generation Internet solutions enable and offer, service providers can plan to upgrade their
infrastructure for WLAN by adding only an EAP Server into their 2.5G/3G network. The ability to offer
WLAN services by just entering into roaming agreement with hot spot operators makes it the most
effective way for the cellular carriers.
www.intellinet-tech.com
EAP Server White Paper
www.intellinet-tech.com
EAP Server White Paper
MTP-2
Message Transfer Part - Level 2 (MTP-2) is a signaling link, which together with MTP-3 provides
reliable transfer of signaling messages between two directly connected signaling points.
SCCP
The Signaling Connection Control Part (SCCP) offers enhancements to MTP level 3 to provide
connectionless and connection-oriented network services, as well as to address translation
capabilities. The SCCP enhancements to MTP provide a network service that is equivalent to the OSI
Network layer 3.
TCAP
The Transaction Capabilities Application Part enables the deployment of advanced intelligent network
services by supporting non-circuit related information exchange between signaling points using the
SCCP connectionless service. TCAP messages are contained within the SCCP portion of an MSU. A
TCAP message is comprised of a transaction portion and a component portion.
MAP
Mobile Application Part (MAP) messages sent between mobile switches and databases to support
user authentication, equipment identification, and roaming are carried by TCAP In mobile networks
(IS-41 and GSM) when a mobile subscriber roams into a new mobile switching center (MSC) area, the
integrated visitor location register requests service profile information from the subscriber's home
location register (HLR) using MAP (mobile application part) information carried within TCAP
messages.
CAMEL
Customized Applications for Mobile Networks Enhanced Logic allows roaming subscribers access to
their full portfolio of IN services. CAMEL GSM phase 2+ connects the home and visited mobile
networks to various Intelligent Network (IN) platforms used throughout national networks to provide
features such as Pre-Paid Calling, Personal Numbering and more complex location dependent
services. As a result, CAMEL is a relatively inexpensive method of allowing telecom operators to add
new services to the existing network infrastructure.
RADIUS
RADIUS servers are responsible for receiving user connection requests, authenticating the user, and
then returning all configuration information necessary for the client to deliver service to the user. A
RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication
servers. Network Security Transactions between the client and RADIUS server are authenticated
through the use of a shared secret, which is never sent over the network. In addition, any user
passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that
someone snooping on an insecure network could determine a user's password.
www.intellinet-tech.com
EAP Server White Paper
Security
In the WLAN industry, IEEE 802.11 standards have made it possible for hardware vendors to create
interoperable systems. Even though there are security holes in the standard 802.11, the EAP server is
based on a more secure 802.1x standard for authentication. The Odyssey Client software running on
the subscriber equipment will maintain security associations with the HLR and the EAP server. The
authentication information is securely transmitted and interpreted by the peers. Security associations
between the IP gateway and the EAP server ensures the accounting logs are transferred securely
without any tampering. The secure link is based on industry standard 3DES IP Security standard.
Authentication/Encryption
IntelliNet’s EAP Server uses the A3 and A8 algorithms, defined by the GSM standards, for
authentication. The standard VLR functionality is integrated into the EAP Server for authentication
purposes by interfacing with the carrier’s HLR. The A3 and A8 algorithms are highly secure and widely
adopted by all the GSM cellular carriers. This method offers the highest level of security available to
the wireless carriers today.
IntelliNet’s EAP Server is based on the latest IETF drafts of the EAP-SIM and EAP-AKA, which utilize
the A3 and A8 algorithms and increase the security by using multiple triplets (Rand, KC, Res) from the
HLR and tripling the key length. The interface and messages between the EAP Server and HLR
remain the same as between a VLR and HLR. Even if a hacker breaks the ciphering keys (Kc), it is
computationally infeasible to derive any of the original ciphering keys.
The EAP server also uses the optional pseudonym support and eliminates the need of sending the
IMSI in plain text. The pseudonym is stored in a centralized database and made available to multiple
EAP Servers over a secure connection.
www.intellinet-tech.com
EAP Server White Paper
With the EAP Server the carrier can extend WLAN services and features to GSM/GPRS mobile
subscribers every time they step into a hot spot
variety of countries and cellular carrier’s networks. IntelliNet was the first in the market to make
different versions of CAMEL available.
♦ Provides "anytime, anywhere" high-speed wireless access to the Internet and the corporate office
environment regardless of their location
♦ Functions as an extension to the LAN, allowing travelers to keep updated while on the road by
reading mail, access to company intranet and other business applications via a corporate Virtual
Private Network (VPN)
♦ Enables global roaming capabilities
♦ Maintains a single wireless service provider, one bill for both services and one customer service
number, based on the SIM card.
www.intellinet-tech.com
EAP Server White Paper
IntelliNet’s EAP Server offers carriers a cost effective way of offering WLAN access and services to its
subscribers. The subscribers use the same GSM/GPRS/UMTS SIM card for their WLAN access and
get authenticated through the carrier’s HLR via the EAP Server.
With the EAP Server, carriers can offer complimentary WLAN access to their GPRS/UMTS
subscribers. The EAP server easily integrates into the existing network and seamlessly interoperates
with their HLR and SCP to enable the carrier to offer a single bill and eliminates the duplicate
provisioning of the data user. This preserves the investment carriers made for voice and GPRS
services.
Features
Fully Standards Compliant -The EAP Server supports the latest IETF drafts of EAP-SIM and EAP-
AKA. It also supports optional IMSI Privacy, with the pseudonym being stored in a centralized
database.
Multi-carrier Roaming Support -The EAP Server supports different versions of GSM MAP, UMTS
MAP and CAMEL simultaneously. This enables the carriers to seamlessly integrate with multiple
carriers and enter into roaming arrangements with them.
Highly Available -The EAP Server is built to provide 99.999% availability. When deployed in a 1+1
active-active scenario, the servers constantly communicate over the Ethernet port and save all the
necessary information for the other node to take over at any time without service interruption. All
accounting logs are stored on persistent storage and all log deliveries are guaranteed.
Carrier Class Operability -The EAP Server is operable through a variety of ways including secure
command line interface and SNMP. It also offers rolling upgrades and logging facilities to reduce the
total cost of ownership for the carrier.
Worldwide Compliance -The EAP Server employs a proven SS7 implementation deployed in more
than 50 countries. This experience offers the robustness and proven compatibility that global service
providers require.
Scalable - The EAP Server is available in a variety of configurations, making it suitable for any
network size. It can be deployed in a centralized or distributed model. The RADIUS proxy support
enables it to proxy from third party RADIUS servers also.
Future Proof -The EAP Server is built with future standards and needs in mind. It can easily migrate
to Diameter standards, offering passwords via SMS, and WLAN subscriber location collection and
dissipation similar to a GMLC.
www.intellinet-tech.com
EAP Server White Paper
Standards:
♦ GSMMAP – Phase 1,2,2+ and 3
♦ UMTS MAP – 3GPP TS29.002 V.2.1 (2000-12)
♦ CAMEL – Stage 1 & 2 ETSI ITS 101046 (V7.0.0) 3rd Gen ETSI TS-129078 (v3.3.0)
♦ TCAP – Blue and White Book, ANSI T1.114 1996 1992 and ITU-T Q.77x06/97
♦ SCCP – ANSI T1.112 1996, ITU-T Q.71X07/96 ETSI TS 300009
♦ SNMP – V1, V2c
♦ RADIUS – RFCs 2138, 2865, 2251, 2139, 2866-69, 2809
CONCLUSION
Cellular carriers who wanted to offer the complimentary high-speed WLAN access along with GPRS
and UMTS can now safely do so by incorporating the EAP Server into their network, which seamlessly
interoperates with the existing backend infrastructure.
IntelliNet’s EAP Server supports the innovative EAP-SIM and EAP-AKA drafts, providing the carriers a
way to offer WLAN services. Just by entering into roaming arrangements with the Wireless ISPs the
carriers, the carriers can offer one bill, or one prepaid account for all the communication needs of the
subscriber including, voice, 2.5G/3G data and High-speed WLAN data access. EAP Server, an
integrated Radius Server and VLR, reflects the high quality, multi-vendor/multi-country support, and
scalability that have been the hallmarks of IntelliNet’s products since 1992. These characteristics help
ensure a maximum return from an organization’s WLAN investment.
CONTACT INFORMATION
For more information or to contact IntelliNet Sales, visit our web site at www.intellinet-tech.com or
send a note to info@intellinet-tech.com.
IntelliNet Technologies, Inc. • 1990 W. New Haven Ave., Suite 307 • Melbourne, FL 32904
www.intellinet-tech.com