Professional Documents
Culture Documents
Captive Portal
NoN EAP
•MSISDN based via SMS – MAC ID based
Real time
Mobile App EAP based authentication Location Specific promotions Notifications
Existing
Smart City
Public Wi-Fi Location based Portal Flexible Charging credentials
offerings
based log in
OlaTech Solutions Offering
Reports
Changing Role of AAA
Epiphany WSP AAA in a nutshell
Key Features
Dual-Stack RADIUS & TACACS Real-time session
Single-platform solution
support. Supports EAP SIM, Management – Provides
for multiple networks with Access & Vendor Agnostic
AKA, TLS, TTLS, FAST, MD5, mobility, roaming, security
common policy and PEAP AD & LDAP based Architecture.
and usage tracking and
subscriber profile authentication. session disconnection .
Provisioning – Simplifies
Redundancy & Failover - Scalability and High provisioning and updating
Intelligent Load balancing &
Can be deployed in N+1 or Performance –Carrier Grade of network elements
failover with various
1+1 Mode and support Scalability & Performance through a centralized
aliveness checking.
Subscriber DB Failover over 2500 TPS. Management.
▪ Advance Level Customization using Web Service/HTTP API based Interface for Rapid development and implementation of Captive
Portal
▪ Configurable Message format for SMS notifications as well as Error Messaging for Login and Logout
▪ Multi-lingual SMS / Email notification and WIP support
▪ SMS and Web Based Self registration interface with support of KYC Norms (using One Time Password - OTP)
Captive Portal
Subscriber Provisioning
▪ One-Time Registration for Mobility Subscribers to Access Wi-Fi using existing 2G/3G/4G plans or separate Plan for Wi-Fi Access
▪ Capturing Device MAC ID during Registration Process for Enabling Transparent Auto Login
▪ Multiple Payment Option for Wi-Fi Service Purchase (i.e. Paper Voucher, Online Payment, Payment using Prepaid Balance etc)
▪ Web based interface for Top up and Renewal using Voucher or Online payment
Web Self Care
Exhaustive Subscriber Information
Exhaustive Subscriber Information
Information on Usage based on subscriber package like Time/Volume,
Monetary Units, Current balance available etc.
➢ Subscriber Package Information
➢ Subscriber Billing / Payment Details
➢ Recharge/Renewal support
➢ Generate trouble ticket
➢ Change plan
Alerts
Alerts &&Notifications
Notifications
On any activity done in subscriber account - SMS / Email Notifications
Graphical User Interface for Partners/Re-sellers
Resellers Web Interface for
▪ Transactional information
▪ Package information
▪ Revenue and Commission information
▪ Order Placed
▪ Voucher Generation, Download and Search
▪ Send Voucher as SMS to Subscriber mobile number
▪ Real-Time Voucher generation and Printing for Over the Counter sales
Voucher Management System (VMS)
Key Features
Voucher Generation
Method:
Voucher Distribution
to Subscribers: Prepaid order-based
voucher generation Configurable Voucher
Voucher Types: Paper voucher, real with back-to-back and PIN Format:
Paper voucher, E- time voucher invoicing for voucher Voucher format
vouchers, and pre- generation and order (length, Character set
activated vouchers printing for over- the-
Prepaid model, i.e. numeric,
for short message counter sales,
where reseller/agents alphanumeric etc)
voucher delivery to
subscriber by SMS can generate
vouchers from portal
within a given cr
Rating and Charging
Key Features
QoS Differentiation:
Provides a single platform with real- time
rating, charging
Architecture – Epiphany WSP
Epiphany WSP AAA in 3GPP WiFi Access
Faster Rollout
• Serves multiple networks Overview:-
• Easy to add new network devices & technologies The figure to the below gives an
Complete offering overview of the many Wi-Fi/3GPP
• RADIUS, DIAMETER & RDBMS Server integration
integration options ranging from simple
EAP-SIM authentication and local
NFV and Virtualization Support breakout to full service integration and
• WSP Platform supports NFV and virtualization, deployable on traffic routing to the mobile core.
cloud and in premise
Reliability
• Reliability to support rapid business expansion. With Epiphany WiFi Subscriber Platform
99.999% availability. TM
OCS OFCS
Charging Policy
CRM
SMS
SMSC
Look up O-T-P
other systems such as AAA, SPR, Billing, WSC, mediation, etc. 3G/ LTE SGSN/ GGSN/
Internet
RAN S-GW P-GW
Future proof
3GPP
3GPP GTP GTP
+ Tunnel Tunnel
Wi-Fi
Wi-Fi to SWm
ePDG
Mobile Core Trusted
• Voucher Management: Enables service providers/ wholesalers/ partners to generate web-based batch wise vouchers (online e-
voucher / physical) with PIN, voucher access code and validity allocation.
• AAA for Seamless Access, Authentication and Authorization: Enables support for validation based on MAC-ID, credentials such
as username & password, voucher details, One Time Password (OTP), MSISDN, via Captive Portal and authorizes them for
appropriate level of services. It also provides ProxyAAA support in case of roaming or redirection to other partner networks.
• Dynamic Policy and Real Time Charging: Enables differential policy application (time, volume, quota, QoS, location etc.) in real
time.
• Proven Interoperability: Pre-integrated with industry leading SMS gateways, payment gateways, email servers etc.
• Partner Reconciliation and Roaming Settlements: Enables partnership with different hotspot providers, venue owners, other
operators, content partners, international roaming partners across the globe and reconcile based on various differential
agreement models like infra sharing, revenue sharing, etc.
• Support for Multiple Payment Methodologies: Interoperable with leading payment gateways, the platform enables payment
facilities via several methods such as online credit /debit card, physical payment, deduction from existing prepaid balance, IVR
based payment over HTTP, USSD based
Epiphany WSP in 3GPP WiFi Access
Overview:-
The figure to the below gives an overview of the many Wi-Fi/3GPP integration options ranging from simple EAP-SIM authentication and local
breakout to full service integration and traffic routing to the mobile core. Many alternatives are possible and Olatechs supports them all. The 3GPP
standardization offers two main principles for 3GPP Wi-Fi access:
❖ A Wireless Access Gateway in the Wi-Fi network emulating the function of the SGSN or S-GW. This option can be used when the Wi-Fi access is
trusted.
❖ A client software in the device connecting to a tunnel terminating node in the mobile core through a secure IPSec connection. This option is used
when the Wi-Fi access is considered untrusted.
• 3GPP Wi-Fi access is all about giving mobile operators more sophisticated means of Epiphany WiFi Subscriber Platform TM
OCS OFCS
Charging Policy
CRM
SMS
SMSC
Look up O-T-P
controlling the flow of Wi-Fi traffic and enforcing policies from inside the mobile core. One Common Wi-Fi Service Core
Bridging all Scenarios Wi-Fi Portal Wi-FiPolicy/
Charging
An important part of this is the routing of Wi-Fi traffic from Smartphones to the MDM/
ANDSF
HLR/
HSS
SWx, D’ /Gr’
3GPP/ Wi-Fi Wi-Fi Sub
AAA
mobile core instead of only allowing local breakout of Wi-Fi traffic. A number of 3GPP
Database
PCRF
S6b
standardized options exist for realizing this. 3G/ LTE SGSN/ GGSN/
RAN S-GW P-GW Internet
• The figure to the right above gives an overview of the many integration options ranging 3GPP
+
3GPP
GTP GTP
Tunnel Tunnel
Wi-Fi
from simple EAP-SIM authentication and local WLAN break-out to full service integration Wi-Fi to
Mobile Core Trusted
ePDG
SWm
and traffic routing through the mobile core. Many alternatives are possible. OlaTech Web Uid /Pw Wi-Fi WAG/
STa, SWa
EAP-SIM /AKA
EAP-TTLS EAP- RAN AC RADIUS /Web
supports them all and we are continuously following the evolution of the standards. TLS WISPr
Individual mobile operators will need to decide what approach or combination of methods Wi-Fi to Local
Break-Out
Wi-Fi Internet
that serves their specific business needs in the best possible manner. Only
IPsec
Trusted 3GPP WiFi Access
Most deployment of today are not using any of the 3GPP standardized options for full service integration. Instead they do local break-out of the Wi-
Fi traffic and proprietary integration for policy and charging. However, the most progressive mobile operators (many customers of OlaTech) have
taken the first critical step towards 3GPP Wi-Fi access by implementing SIM-based authentication (EAP- SIM/AKA) for Smartphones and Tablets.
• In a trusted access, the device (UE) is connected through a TWAG (Trusted Wire- less Access Gateway) in the Wi-Fi core. The TWAG is in turn
connected directly with the P-GW (Packet Gateway) in the Evolved Packet Core (EPC) through a secure tunnel (GTP, MIP or PMIP).
• Conceptually the TWAG emulates the function of the Serving Gateway (S-GW) towards the Packet Data Network Gateway (P-GW).
• A similar concept is also used in non-EPC 3G networks where a WAG (Wireless Access Gateway) is connected with the GGSN through a secure
GTP tunnel emulating the function of the SGSN.
Free WiFi Call Flow
AP/Access Epiphany Epiphany Epiphany
Subscriber Captive Portal SMSC
Controller WSP AAA
Login Request
User Validation
HTTP Login Success
RADIUS Access Request
Check Quota
RADIUS Access
Accept (Quota)
RADIUS Accounting Start Request
RADIUS Accounting Start Response
Internet Browsing Will start
Physical Voucher based Call Flow
AP/Access Epiphany Epiphany Epiphany
Subscriber Captive Portal SMSC
Controller WSP AAA
Check
if Data Bearer
Service is
"Yes" .AND.
APN="abc"
If Result =Yes
RADIUS Access Challenge
Attribute: AT_RAND
Attribute: AT_ENCR_DATA
Attribute: AT_MAC
RADIUS Access Challenge
EAP-Request/SIM/Challenge
(AT_RAND, AT_MAC)
Peer runs GSM
algorithms, verifies
AT_MAC and derives
session keys
EAP-Response/SIM/Challenge
(AT_RAND, AT_MAC)
RADIUS Access Request
RADIUS Access Request
Attribute: AT_MAC
EAP-Failure If Result =NO Checks the
AT_MAC
response
If Result =Yes
RADIUS Access Accept
ELITECLASS,10415:1=404201280375583,0:31=919819818856,10415:13=0200
RADIUS Access Accept
EAP-Success
Initiates
www.google.com
DNS Query and Response DNS
Server
HTTP Request (www.google.com IP)
Redirects to Portal HTTP Get
Displays Portal Page Invoke SR Info For SM invoke sendRoutingInfoForSM
Punches in MSISDN Click Generate PWD returnResultLast sendRoutingInfoForSM
Portal Receives IMSI from MAP Gw
Check
If Result =NO if Data Bearer
Service is
RADIUS Access Reject "Yes" .AND.
Portal Displays Error Message APN="abc"
on the browser Page
If Result =Yes
RADIUS Access Response
Send OTP SMS
SMS is sent to Subscriber with OTP
Check
For YY days
Validity of the
Password
If Result =Yes
Invoke SR Info For SM invoke sendRoutingInfoForSM
Portal Receives IMSI from MAP Gw returnResultLast sendRoutingInfoForSM
Check
if Data Bearer
Service is
"Yes" .AND.
APN="abc"
If Result =Yes
HTTP Post RADIUS Access Response (+ve)
Username = IMSI
Pwd = OTP
RADIUS Access Request
Username=IMSI
Pwd = OTP
End of Page # 1
Business Analytics
Based on the insights and analysis through data mining techniques, operators can actually know the impact of
their existing Wi-Fi plans in terms of revenue streams and accordingly modify or launch customized and
innovative plans as per requirement. This enables them to improve business performance and generate new
monetizing opportunities resulting in profitability and growth in ARPU.
Business Analytics – Some sample reports
M: +91-8779261584
+91-9225548293
E: info@olatechs.com
amit@olatechs.com
www.olatechs.com