SIM Authentication for WiFi's Tested
Published on: 24th Mar 2004
Note -- this news article is more than a year old.
Tatara Systems says that the company's SIM based Wi Fi authentication roaming and service delivery solutions have been proven in a real world environment. Tatara's SIM based authentication solutions facilitate easier authentication and delivery of enhanced services to wireless users roaming between wireless local area networks (LANs) and wireless wide area networks (WANs).
Tatara demonstrated the end-to-end authentication of a SIM-based user on a Wi-Fi network across VeriSign's SS7 backbone network, in conjunction with an unnamed U.S.-based GSM operator which supplied access to their production home location register (HLR) to further test the service.
GSM operators are increasingly looking to enable easy authentication of end users roaming across wireless LAN and WAN (GPRS, EDGE and UMTS) networks. While most WAN networks use SIM-based authentication methods - making it relatively simple to support seamless authentication and thus roaming across WAN networks - authentication in wireless LAN networks is primarily based on RADIUS, an IP standard for remote access authentication and accounting.
By bridging these technologies, operators can use a common method to authenticate roaming subscribers, thus making the process of supporting roaming and delivering enhanced services between WAN and LAN networks easier for both carriers and subscribers. This is particularly important as Wi-Fi and wireless WAN networks are integrated into a single 'wireless data package' offering consistent services and capabilities to end customer regardless of which network they are using.
Tatara Systems offers two products that enable SIM authentication across RADIUS-based networks such as public Wi-Fi 'hotspots'. The Tatara Subscriber Gateway, deployed centrally by a GSM operator, can accept incoming RADIUS messages from a hotspot network - either directly or through a third party aggregator - and complete the authentication with the Home Location Register (HLR) over the GSM MAP protocol. The Tatara Partner Gateway, deployed centrally by an aggregator or wholesale network provider, can also interface directly to SS7 across GSM MAP to complete a SIM authentication. Both products support the EAP-SIM standard, allowing any standards-based supplicant client to run on the user's device. The Tatara Service Manager client or SDK includes an EAP-SIM supplicant.
One challenge that GSM operators face in deploying SIM authentication for their end users is that the EAP-SIM standard relies on the roaming network supporting 802.1x security. Since most roaming networks today are deployed using an HTTP-based authentication mechanism instead of 802.1x, the ability to use SIM authentication in a real-world environment is constrained. Tatara's solution addresses this through a unique, two-stage authentication process that allows the user to complete a SIM authentication even on a network that does not support 802.1x, thereby delivering a practical capability for an operator to leverage SIM-based authentication without waiting for network upgrades from all their roaming partners. The solution then seamlessly switches over to full EAP-SIM as 802.1x is deployed in individual networks.
Gartner research predicts that by 2007, 50% of business devices such as laptops and PDAs will be both voice and data capable on at least 3 types of networks, and that mobile applications designed around a single access methodology will face rapid obsolescence. "Wireless networking and mobile applications are being embraced by enterprise customers as the underlying technologies mature and as more opportunities are identified to improve efficiency, reduce costs or drive revenue," said Phil Redman, vice president at Gartner. "Security remains the number one concern with CIOs according to our research. The use of SIM-based security in GSM has been proven and will now be applied to more devices, especially those emerging with both GSM and Wi-Fi."
"We view SIM authentication as an important requirement for enabling seamless roaming between network technologies - and interoperability testing was an important milestone for VeriSign's Wireless Data Roaming Service (WDRS)," said Vernon Irvin, executive vice president of VeriSign Communications Services. "Tatara was the first company to demonstrate to us that it had a robust SIM-authentication solution that met our rigorous standards."
"Tatara Systems is delivering on the promise of a single-provider, simple-to-use wireless data service that provides a common set of connectivity and enhanced application capabilities across network technologies in both home and roaming environments," says Steve Nicolle, president and CEO of Tatara Systems. "Having a common process for secure authentication is a critical piece of the infrastructure required to make this happen. We're pleased to be working with industry leaders to deliver SIM-based authentication solutions to the market."