Epiphany WiFi Subscriber Platform (WSP)

Key Use Cases and Business Models

User initiated seamless 2G/3G/4G WIFI offload 3GPP AAA based LTE
EAP SIM
handover. handover Wi-Fi internetworking

Captive Portal
NoN EAP
•MSISDN based via SMS – MAC ID based

Real time
Mobile App EAP based authentication Location Specific promotions Notifications

Voucher Based / Credit Card based

Walk-In Wi-Fi
Roaming Users

Policy Based Wi-Fi

Tiered Services Differentiating QoS Quota management
Premium Wi-Fi Calling

Existing
Smart City
Public Wi-Fi Location based Portal Flexible Charging credentials
offerings
based log in
OlaTech Solutions Offering

Epiphany AAA Solution

Epiphany Subscriber Platform

Epiphany Captive Portal

Rating & Charging

Reports
Changing Role of AAA
Epiphany WSP AAA in a nutshell
Key Features
Dual-Stack RADIUS & TACACS Real-time session
Single-platform solution
support. Supports EAP SIM, Management – Provides
for multiple networks with Access & Vendor Agnostic
AKA, TLS, TTLS, FAST, MD5, mobility, roaming, security
common policy and PEAP AD & LDAP based Architecture.
and usage tracking and
subscriber profile authentication. session disconnection .
Provisioning – Simplifies
Redundancy & Failover - Scalability and High provisioning and updating
Intelligent Load balancing &
Can be deployed in N+1 or Performance –Carrier Grade of network elements
failover with various
1+1 Mode and support Scalability & Performance through a centralized
aliveness checking.
Subscriber DB Failover over 2500 TPS. Management.

Roaming between networks provides a Easy scripting for complexity in interoperability –

Next Generation IPv6 Ready.
real time mobile experience. EpiphanyAAA 3GPP server support JAVA
3GPP/3GPP2 Compliant
standard JSR based scripting engine.

QoS - Provide appropriate QoS depending upon the

Reliability - Reliability to support rapid business expansion. With
type of network and subscriber access preferences
99.999% availability.
leading to optimum network utilization
Captive Portal
Key Features
▪ Web Authentication interface for Multiple Services (Walk-In Subscriber, Portal based Offload, Pre-Activated Vouchers for Short time
usage)
▪ Supports RADIUS CoA based Wi-Fi Network Login/Logout, wherein Enforcement of CoA is with limited time/volume and/or
predefined QoS based on subscriber profile
▪ Multiple options for Logout (i.e. URL Hit, Popup Window, Idle Time out etc.)
▪ Advanced validation for parameters beyond password authentication such location binding etc.
▪ Mobility Subscriber Authentication (from HLR) using MSISDN number
▪ Supports Direct Integration with AAA, LDAP/Open DB User database for Authentication and Authorization
▪ Built in Support for PMS Systems and Transparent Auto Login
▪ Pre-integrated with multiple payment gateways as well as system integration with Third party vouchers and External voucher
ecosystem over prepaid IN for online vouchers
▪ Programmable Engine for quick Customization.
▪ Business Case driven configurable flows
▪ Integration support for advanced SNMP interface
Captive Portal
Portal Customization and Personalization with branding capabilities
▪ Web-GUI based Basic Customization for Branding, Help desk information and notifications

▪ Deployment of Location/Service aware Portal for Branding and localization

▪ Automatic detection of Vendor/Hotspot location and Landing to Specific Portal Page

▪ Advance Level Customization using Web Service/HTTP API based Interface for Rapid development and implementation of Captive
Portal

▪ Configurable Message format for SMS notifications as well as Error Messaging for Login and Logout
▪ Multi-lingual SMS / Email notification and WIP support
▪ SMS and Web Based Self registration interface with support of KYC Norms (using One Time Password - OTP)
Captive Portal
Subscriber Provisioning

▪ One-Time Registration for Mobility Subscribers to Access Wi-Fi using existing 2G/3G/4G plans or separate Plan for Wi-Fi Access

▪ Capturing Device MAC ID during Registration Process for Enabling Transparent Auto Login

▪ Integration Capabilities for Mobility Account verification over Web Services

▪ Multiple Payment Option for Wi-Fi Service Purchase (i.e. Paper Voucher, Online Payment, Payment using Prepaid Balance etc)

▪ Web based interface for Top up and Renewal using Voucher or Online payment
Web Self Care
Exhaustive Subscriber Information
Exhaustive Subscriber Information
Information on Usage based on subscriber package like Time/Volume,
Monetary Units, Current balance available etc.
➢ Subscriber Package Information
➢ Subscriber Billing / Payment Details
➢ Recharge/Renewal support
➢ Generate trouble ticket
➢ Change plan

Alerts
Alerts &&Notifications
Notifications
On any activity done in subscriber account - SMS / Email Notifications
Graphical User Interface for Partners/Re-sellers
Resellers Web Interface for
▪ Transactional information
▪ Package information
▪ Revenue and Commission information
▪ Order Placed
▪ Voucher Generation, Download and Search
▪ Send Voucher as SMS to Subscriber mobile number
▪ Real-Time Voucher generation and Printing for Over the Counter sales
Voucher Management System (VMS)
Key Features

Voucher Generation
Method:
Voucher Distribution
to Subscribers: Prepaid order-based
voucher generation Configurable Voucher
Voucher Types: Paper voucher, real with back-to-back and PIN Format:
Paper voucher, E- time voucher invoicing for voucher Voucher format
vouchers, and pre- generation and order (length, Character set
activated vouchers printing for over- the-
Prepaid model, i.e. numeric,
for short message counter sales,
where reseller/agents alphanumeric etc)
voucher delivery to
subscriber by SMS can generate
vouchers from portal
within a given cr
Rating and Charging
Key Features

Time Based Charging

Supports charging based on peak off-peak
definitions or event-based definitions

Volume Based Charging:

Supports charging based on usage or
based on flat plans

QoS Differentiation:
Provides a single platform with real- time
rating, charging
Architecture – Epiphany WSP
Epiphany WSP AAA in 3GPP WiFi Access
Faster Rollout
• Serves multiple networks Overview:-
• Easy to add new network devices & technologies The figure to the below gives an
Complete offering overview of the many Wi-Fi/3GPP
• RADIUS, DIAMETER & RDBMS Server integration
integration options ranging from simple
EAP-SIM authentication and local
NFV and Virtualization Support breakout to full service integration and
• WSP Platform supports NFV and virtualization, deployable on traffic routing to the mobile core.
cloud and in premise
Reliability
• Reliability to support rapid business expansion. With Epiphany WiFi Subscriber Platform

99.999% availability. TM
OCS OFCS
Charging Policy
CRM
SMS
SMSC

Look up O-T-P

Leverage over existing infrastructure

One Common Wi-Fi Service Core
Bridging all Scenarios Wi-Fi Portal Wi-FiPolicy/
Charging

HLR/ SWx, D’ /Gr’

ANDSF HSS 3GPP/ Wi-Fi Wi-Fi Sub

• Epiphany WSP Open APIs enable smooth integration with PCRF

S6b
AAA Database

other systems such as AAA, SPR, Billing, WSC, mediation, etc. 3G/ LTE SGSN/ GGSN/
Internet
RAN S-GW P-GW

Future proof
3GPP
3GPP GTP GTP
+ Tunnel Tunnel
Wi-Fi
Wi-Fi to SWm
ePDG
Mobile Core Trusted

• Highly customizable, modular and work-flow based AAA

Wi-Fi Wi-Fi Un-trusted Wi-Fi
STa, SWa
Web Uid /Pw Wi-Fi WAG/ EAP-SIM /AKA

system promises to meet unseen futuristic requirement EAP-TTLS EAP-

TLS WISPr
RAN AC RADIUS /Web

Local Break-Out (selected traffic e.g. Wi-Fi-only devices)

Wi-Fi to Local
Break-Out
Wi-Fi Internet
Only
IPsec
4G LTE WiFi Business Cases
Other Public WiFi Business Cases
Other Public WiFi Business Cases
Key Features
• Captive Portal with Hotspot / Partner specific branding facilities: It is a customized device agnostic portal with promotion,
branding facilities and multi-lingual support. It also enables rapid subscriber provisioning, prompt notifications via SMS/email
and easily integrates for flexible billing and charging models.

• Voucher Management: Enables service providers/ wholesalers/ partners to generate web-based batch wise vouchers (online e-
voucher / physical) with PIN, voucher access code and validity allocation.
• AAA for Seamless Access, Authentication and Authorization: Enables support for validation based on MAC-ID, credentials such
as username & password, voucher details, One Time Password (OTP), MSISDN, via Captive Portal and authorizes them for
appropriate level of services. It also provides ProxyAAA support in case of roaming or redirection to other partner networks.

• Dynamic Policy and Real Time Charging: Enables differential policy application (time, volume, quota, QoS, location etc.) in real
time.

• Proven Interoperability: Pre-integrated with industry leading SMS gateways, payment gateways, email servers etc.

• Partner Reconciliation and Roaming Settlements: Enables partnership with different hotspot providers, venue owners, other
operators, content partners, international roaming partners across the globe and reconcile based on various differential
agreement models like infra sharing, revenue sharing, etc.

• Support for Multiple Payment Methodologies: Interoperable with leading payment gateways, the platform enables payment
facilities via several methods such as online credit /debit card, physical payment, deduction from existing prepaid balance, IVR
based payment over HTTP, USSD based
Epiphany WSP in 3GPP WiFi Access
Overview:-
The figure to the below gives an overview of the many Wi-Fi/3GPP integration options ranging from simple EAP-SIM authentication and local
breakout to full service integration and traffic routing to the mobile core. Many alternatives are possible and Olatechs supports them all. The 3GPP
standardization offers two main principles for 3GPP Wi-Fi access:

❖ A Wireless Access Gateway in the Wi-Fi network emulating the function of the SGSN or S-GW. This option can be used when the Wi-Fi access is
trusted.
❖ A client software in the device connecting to a tunnel terminating node in the mobile core through a secure IPSec connection. This option is used
when the Wi-Fi access is considered untrusted.

• 3GPP Wi-Fi access is all about giving mobile operators more sophisticated means of Epiphany WiFi Subscriber Platform TM
OCS OFCS
Charging Policy
CRM
SMS
SMSC

Look up O-T-P

controlling the flow of Wi-Fi traffic and enforcing policies from inside the mobile core. One Common Wi-Fi Service Core
Bridging all Scenarios Wi-Fi Portal Wi-FiPolicy/
Charging

An important part of this is the routing of Wi-Fi traffic from Smartphones to the MDM/
ANDSF
HLR/
HSS
SWx, D’ /Gr’
3GPP/ Wi-Fi Wi-Fi Sub
AAA

mobile core instead of only allowing local breakout of Wi-Fi traffic. A number of 3GPP
Database
PCRF
S6b

standardized options exist for realizing this. 3G/ LTE SGSN/ GGSN/
RAN S-GW P-GW Internet
• The figure to the right above gives an overview of the many integration options ranging 3GPP
+
3GPP
GTP GTP
Tunnel Tunnel
Wi-Fi
from simple EAP-SIM authentication and local WLAN break-out to full service integration Wi-Fi to
Mobile Core Trusted
ePDG
SWm

Wi-Fi Wi-Fi Un-trusted Wi-Fi

and traffic routing through the mobile core. Many alternatives are possible. OlaTech Web Uid /Pw Wi-Fi WAG/
STa, SWa
EAP-SIM /AKA
EAP-TTLS EAP- RAN AC RADIUS /Web
supports them all and we are continuously following the evolution of the standards. TLS WISPr

Local Break-Out (selected traffic e.g. Wi-Fi-only devices)

Individual mobile operators will need to decide what approach or combination of methods Wi-Fi to Local
Break-Out
Wi-Fi Internet
that serves their specific business needs in the best possible manner. Only
IPsec
Trusted 3GPP WiFi Access
Most deployment of today are not using any of the 3GPP standardized options for full service integration. Instead they do local break-out of the Wi-
Fi traffic and proprietary integration for policy and charging. However, the most progressive mobile operators (many customers of OlaTech) have
taken the first critical step towards 3GPP Wi-Fi access by implementing SIM-based authentication (EAP- SIM/AKA) for Smartphones and Tablets.

Overview of 3GPP options for Wi-Fi access

2014 will be the year when the 3GPP Wi-Fi access standard is starting to happen in real deployments. It defines two types of access; trusted and
untrusted non- 3GPP access.

Trusted 3GPP Wi-Fi access

Trusted non-3GPP Wi-Fi access was first introduced with the LTE standard in 3GPP Release 8 (2008). Trusted access is often assumed to be an
operator-built Wi-Fi access with encryption in the Wi-Fi radio access network (RAN) and a secure authentication method. However, it is always up to
the home operator to decide what is to be considered trusted. In practice, the Wi-Fi access network must sup- port the following features to be
considered trusted: Wi-Fi
❖ 802.1x-based authentication which in turn also requires encryption of the RAN WAG
Tunnel
GGSN

❖ 3GPP-based network access using EAP methods for authentication

Internet
TWAG P-GW
GTP/MIP/ PMIP

❖ IPv4 and/or IPv6 AP

• In a trusted access, the device (UE) is connected through a TWAG (Trusted Wire- less Access Gateway) in the Wi-Fi core. The TWAG is in turn
connected directly with the P-GW (Packet Gateway) in the Evolved Packet Core (EPC) through a secure tunnel (GTP, MIP or PMIP).
• Conceptually the TWAG emulates the function of the Serving Gateway (S-GW) towards the Packet Data Network Gateway (P-GW).
• A similar concept is also used in non-EPC 3G networks where a WAG (Wireless Access Gateway) is connected with the GGSN through a secure
GTP tunnel emulating the function of the SGSN.
Free WiFi Call Flow
AP/Access Epiphany Epiphany Epiphany
Subscriber Captive Portal SMSC
Controller WSP AAA

Enter WiFi Zone

Turn On WiFi

SSID’s available IP is leased to

in the network the user by
AP/AC
Latch on SSID
Redirected to
Captive Portal
Enter Details for
Registration
Request for OTP
Send OTP if mobile number is valid
Send OTP in SMS
Enter OTP
OTP Verification User
Provisioning Success Provisioning

Login Request
User Validation
HTTP Login Success
RADIUS Access Request
Check Quota
RADIUS Access
Accept (Quota)
RADIUS Accounting Start Request
RADIUS Accounting Start Response
Internet Browsing Will start
Physical Voucher based Call Flow
AP/Access Epiphany Epiphany Epiphany
Subscriber Captive Portal SMSC
Controller WSP AAA

Enter WiFi Zone

Turn On WiFi
RADIUS Access Request
SSID’s available IP is leased to
in the network the user by RADIUS Access_Accept Response
AP/AC
Latch on SSID
Redirected to
Captive Portal
Enter Voucher Number
Mobile Number Voucher
Authentication RADIUS CoA Request
RADIUS CoA Request
RADIUS CoA ACK
RADIUS CoA ACK
RADIUS Accounting Start Request
RADIUS Accounting Start Response
Sends HTTP Request
Internet Browsing Will start
RADIUS Accounting Interim Request
RADIUS Accounting Interim Response
Logout
RADIUS Accounting Stop Request
RADIUS Accounting Stop Response
Stop
Online Payment based Call Flow
AP/Access Epiphany Epiphany Epiphany Payment
Subscriber Captive Portal
Controller WSP AAA Gateway

Enter WiFi Zone

Turn On WiFi
RADIUS Access Request
SSID’s available IP is leased to
in the network the user by RADIUS Access_Accept Response
AP/AC
Latch on SSID
Redirected to
Captive Portal
Enter Details
Displays WiFi Packages
for Online Recharge
Online Payment for selected Package

Successful Package Authentication

RADIUS CoA Request
RADIUS CoA ACK
RADIUS CoA ACK
RADIUS Accounting Start Request
RADIUS Accounting Start Response
Sends HTTP Request

Internet Browsing Will start

RADIUS Accounting Interim Request
RADIUS Accounting Interim Response
Logout
RADIUS Accounting Stop Request
RADIUS Accounting Stop Response
Stop
EAP Call Flow UE AP/WLC eWAG AAA MAP HLR GGSN

Selects 802.1x SSID

EAP-Request-(Identity)
EAP-Response-(Identity)
Identity = IMSI RADIUS Access Request
RADIUS Access Request
Username=IMSI
1404201280375583@wlan.mnc201.mcc404.3gppnetwork.org
RADIUS Access Challenge
Attribute: AT_VERSION_LIST
Attribute: AT_ANY_ID_REQ
RADIUS Access Challenge
EAP-Request/SIM/Start
(AT_VERSION_LIST)
EAP-Response/SIM/Start
(AT_NONCE_MT,
AT_SELECTED_VERSION)
RADIUS Access Request
RADIUS Access Request
Attribute: AT_NONCE_MT
Attribute: AT_SELECTED_VERSION
Attribute: AT_IDENTITY
MAP Request invoke sendAuthenticationInfo
returnResultLast sendAuthenticationInfo
invoke updateGprsLocation
invoke insertSubscriberData
returnResultLast insertSubscriberData
MAP Response returnResultLast updateGprsLocation

Check
if Data Bearer
Service is
"Yes" .AND.
APN="abc"

If Result =Yes
RADIUS Access Challenge
Attribute: AT_RAND
Attribute: AT_ENCR_DATA
Attribute: AT_MAC
RADIUS Access Challenge
EAP-Request/SIM/Challenge
(AT_RAND, AT_MAC)
Peer runs GSM
algorithms, verifies
AT_MAC and derives
session keys

EAP-Response/SIM/Challenge
(AT_RAND, AT_MAC)
RADIUS Access Request
RADIUS Access Request
Attribute: AT_MAC
EAP-Failure If Result =NO Checks the
AT_MAC
response

If Result =Yes
RADIUS Access Accept
ELITECLASS,10415:1=404201280375583,0:31=919819818856,10415:13=0200
RADIUS Access Accept
EAP-Success

End of Page # 1 - Continued in Next page

Non-EAP Call Flow
UE AP/WLC Portal AAA MAP HLR SMSC

Selects Open SSID

DHCP Discover DHCP Discover (Relay)
DHCP Offer DHCP Offer (IP Address, Subnet Mask, Gateway, DNS IP)
DHCP
DHCP Request DHCP Request (Relay)
Server
DHCP ACK DHCP Acknowledgement

Initiates
www.google.com
DNS Query and Response DNS
Server
HTTP Request (www.google.com IP)
Redirects to Portal HTTP Get
Displays Portal Page Invoke SR Info For SM invoke sendRoutingInfoForSM
Punches in MSISDN Click Generate PWD returnResultLast sendRoutingInfoForSM
Portal Receives IMSI from MAP Gw

RADIUS Access Request

MAP Request invoke updateGprsLocation
Username=IMSI invoke insertSubscriberData
returnResultLast insertSubscriberData
MAP Response returnResultLast updateGprsLocation

Check
If Result =NO if Data Bearer
Service is
RADIUS Access Reject "Yes" .AND.
Portal Displays Error Message APN="abc"
on the browser Page
If Result =Yes
RADIUS Access Response
Send OTP SMS
SMS is sent to Subscriber with OTP

Punches in OTP and Clicks Login

Check
For YY days
Validity of the
Password

If Result =Yes
Invoke SR Info For SM invoke sendRoutingInfoForSM
Portal Receives IMSI from MAP Gw returnResultLast sendRoutingInfoForSM

RADIUS Access Request

Username=IMSI
MAP Request invoke updateGprsLocation
invoke insertSubscriberData
returnResultLast insertSubscriberData
MAP Response returnResultLast updateGprsLocation

Check
if Data Bearer
Service is
"Yes" .AND.
APN="abc"

If Result =Yes
HTTP Post RADIUS Access Response (+ve)
Username = IMSI
Pwd = OTP
RADIUS Access Request
Username=IMSI
Pwd = OTP
End of Page # 1
Business Analytics

Get an easy access to historical trends and location

specific information such as visitors frequency, user
profile, demographics, location name, Partner
locations, Device type, duration of data usage, services
accessed etc. from OTS Epiphany WSP or 3rd party
partner components which on aggregation helps to
understand usage pattern and user behavior and
generate data analytics and reporting. The analytics
platform also possesses the capability of importing
reports from any 3rd party servers' entities and
correlating it with the existing information to generate
specific historical, real time and new forecast reports.

Based on the insights and analysis through data mining techniques, operators can actually know the impact of
their existing Wi-Fi plans in terms of revenue streams and accordingly modify or launch customized and
innovative plans as per requirement. This enables them to improve business performance and generate new
monetizing opportunities resulting in profitability and growth in ARPU.
Business Analytics – Some sample reports
Location specific data usage
Subscriber profile wise service usage
Sessions generated based on Device type
Max revenue generating Retailer /
partner
Plan / voucher usage pattern wise
Hotspot location wise performance
Time of access - (peak – off peak)
No. of OTP / notifications sent
Co-relate the available information and
get dashboard-based reports to monitor,
evaluate and analyze to obtain business
intelligence
Launch customized revenue generating
plans helping in profitability & increased
ARPU
Operator can Offer specific reports and
analysis to parters / retailers and charge
based on the intelligence provided
Can even upsell device specific reports
to device manufacturers / third party
services
Customize reports as per Operator’s
requirement
Thank You

310, Rupa Solitaire,

Millennium Business Park, Mahape,
Navi Mumbai–400710
Maharashtra

M: +91-8779261584
+91-9225548293
E: info@olatechs.com
amit@olatechs.com
www.olatechs.com

Ola Tech Solutions. All Rights Reserved.