Improving and securing the experience of connecting to a public Wi-Fi hotspot has been one of the biggest challenges that the Wi-Fi industry is trying to tackle.
As per Cisco Annual Internet Report(2018-2023), globally, there will be 628 million public Wi-Fi hotspots by 2023, up from 169 million hotspots in 2018, which is a fourfold increase. An exponential increase in smartphone usage and an “Always-On” digital lifestyle have led to the increased use of public Wi-Fi hotspots.
Some of the issues that consumers face while connecting to Public WiFi are as follows:
Joining a public Wi-Fi network involves a cumbersome manual process. Before we can use the internet, we often need to find the available Wi-Fi networks, pick one of them, open a browser, input login information, and agree to the terms of service. Due to this time-consuming process that gets repeated every time the end-user tries to connect to a network, consumers often end up using their own cellular network.
Different Wi-Fi networks implement different strategies for onboarding into their networks. One of the most popular sign-up processes involves the use of captive portals that demands inconsistent information such as email, phone number, room number, airport coupon, or hard-to-remember passwords.
Most public Wi-Fi networks are inherently insecure. According to Norton Cybersecurity Insights report, more people are afraid of using public Wi-Fi networks than public toilets. Hackers can easily intercept online traffic, infect our devices with malware and access our personal information. Therefore, it is inevitable to protect the end-user’s devices before connecting with public Wi-Fi. Some public Wi-Fi hotspots use an older encryption protocol that is weak and raises security risks. In some cases, unaware end-users end up joining a rogue network specifically created by attackers for man-in-the-middle attacks. All this has led to a lot of resentment in end-users against public wi-fi hotspots.
Connectivity must be supported while moving from one Access Point to another inside a Wi-Fi Hotspot zone. Having an efficient handover between APs is important for enabling a seamless experience.
Public wi-fi keeps disconnecting end-users when the network overloads. This hurts both productivity and the user experience. As a result, people believe it is right to avoid using a free public Wi-Fi connection when performing vital tasks.
Multiple advertisements that pop up randomly affect the user experience, especially when the users have not provided their consent.
Users must be explicitly made aware of the terms and conditions and have the option to consent to the use of their data because service providers do not always safeguard the privacy of each user’s online behaviour. Such openness and flexibility will undoubtedly improve the user experience.
The Wi-Fi Alliance (WFA) introduced Hotspot 2.0 (aka Passpoint®) as a specification to bring the Wi-Fi connection experience at par with cellular connectivity. It is an industry-wide solution that aids in network finding and auto-connection securely.
Hotspot 2.0 (aka Passpoint®) is a fundamental ingredient to global Wi-Fi OpenRoaming standards and reflects the depth and breadth of that collaboration as a great solution for end-users and service providers. By using Hotspot 2.0, the end-users are identified and authenticated using the credentials that are stored in the network. They just need to download a profile onto their device to sign into the network. The devices would automatically discover, select, and securely connect to an authorized Wi-Fi network in the vicinity. The device vendors act as a medium for realizing the value of Hotspot 2.0. It has been the most important piece of the puzzle to enable seamless Wi-Fi roaming across different networks.
As a global connectivity solutions provider, Hughes Systique has been a front-runner in utilizing the Hotspot 2.0 technology to enhance the Wi-Fi connectivity experience and power the idea of Wi-Fi roaming and monetization.
The Wireless Broadband Alliance (WBA) is a global organization that connects individuals to the most recent Wi-Fi developments. WBA OpenRoamingTM is a framework for enabling a seamless and secure Wi-Fi roaming experience globally. WBA assumed control from Cisco and launched OpenRoaming in May 2020. It was done to overcome the above-mentioned fundamental Wi-Fi connectivity issues.
End-users were looking for a seamless wi-fi connectivity experience when moving from one network to another without constantly registering or signing in.
However, due to the presence of millions of Wi-Fi hotspots offered internationally by different suppliers (including operators, venues, public places, and businesses) and their working in silos, it was hard to develop a scalable Wi-Fi roaming service of any size Thus, OpenRoaming came into play.
WBA OpenRoaming has three key elements:
OpenRoaming is a straightforward yet effective idea. Through the WBA Roaming Federation, it unites Wi-Fi Access Network Providers (ANPs) and Identity Providers (IDPs) under a Public Key Infrastructure (PKI)-based trust architecture. Any Wi-Fi ANP, regardless of size, may join the federation and connect to IDPs securely using the PKI (Public Key Infrastructure) model.
Figure 3 below shows how OpenRoaming connects ANPs and IDPs seamlessly and securely, creating a network of global wi-fi networks. Users no longer must deal with complicated and time-consuming public Wi-Fi network connecting processes thanks to OpenRoaming. Instead, OpenRoaming uses Wi-Fi on mobile devices just like cellular connectivity by offering consumers a straightforward auto connection and seamless Wi-Fi access.
Figure 4 shows the technical architecture of the OpenRoaming network deployment. WBA considered various scenarios and worked on respective limitations such as the legacy deployments or small partners that are enabled via the larger Hubs either on the VNP (Visited Network Provider) or HSP (Home Service Provider) side.
Any partner can onboard the OpenRoaming framework, either directly or through Wi-Fi HUBs. The participating network providers and identity providers would be assigned a unique WBA-ID, which is mandated to set up the RadSec connection. The WBA is ensuring to have the presence and preserve the status of all partners in the WBA global database. The database is continuously updated by WBA Program Office, WBA certificate issuers, and Hubs for onboarding as well as deboarding members. This database would be accessed through an authorized API to ensure the validity of the peer entities.
Using OpenRoaming, one can create an easy-to-use, secure, plug-and-play architecture through a cloud-based roaming federation framework that uses PKI and standard legal frameworks. By doing this, Wi-Fi networks and devices remove the barriers to adopting roaming services.
Figure 5 below shows the steps involved in creating an OpenRoaming Framework. The steps detailing the preparation of IDPs, ANPs, and devices for participation in OpenRoaming as well as what happens when authenticating and connecting to a device, are mentioned below.
Any entity that can offer and confirm user identities can become an OpenRoaming IDP by applying to the WBA and agreeing to the terms of the OpenRoaming legal contract. A WBA-ID and an OpenRoaming federation certificate are then issued to the entity. These certificates ensure that the ANP will have faith in IDPs throughout the authentication procedure.
The device can create a secure connection to the ANP’s Wi-Fi network once the IDP validates the information the device sent to the ANP. Each of these processes is safe and easy for the user to use, making it possible for quick and simple access.
OpenRoaming significantly enhances the wi-fi connectivity experience for users. With OpenRoaming, users just need to download the profile and get instantly and securely connected to any participating OpenRoaming network around the world.
Vendors can get their products ready for OpenRoaming out-of-the-box. They have the choice to pre-install and configure devices with WBA-ID and OpenRoaming federation certificates.
In addition to offering Wi-Fi access when users join an ANP’s network, the ANP can also engage with the users directly and discover useful insights. Additionally, ANPs have the choice to become an IDP for OpenRoaming and offer their clients other services.
Any organization that can authenticate users and supports customer relationships are eligible to join the OpenRoaming IDP program. Any company may quickly join the OpenRoaming federation and benefit from its size when providing services.
OpenRoaming appeals to a wide range of industry verticals. Every industry offers Wi-Fi for varied reasons, but the majority do so to provide secure connectivity to customers.
For instance, a retail establishment that wants everyone to use its application can charge nothing for a Wi-Fi connection to achieve a high attach rate. Good Wi-Fi makes shopping more enjoyable and encourages customers to browse longer and spend more time in the store and eventually buy more. It helps venue owners as well, enabling them to run their operations smoothly with the help of data and visitor analytics. It improves user experience and helps venues engage with customers better. It helps stadium visitors order food and watch replays. For enterprises that believe Wi-Fi authentication via Captive portals is the best way to engage customers, Passpoint took it one step higher and allowed the enterprises to send venue-specific information to the customers as well. Samsung even demonstrated a live OpenRoaming IDP service at MWC Barcelona, allowing Galaxy S9 and S10 devices to connect to the MWC’s venue Wi-Fi automatically and securely.
Consumers and businesses alike will notice a significant improvement in the Wi-Fi experience thanks to WBA OpenRoamingTM and Hotspot 2.0(aka Passpoint®). These technologies are creating new opportunities for broadband and Internet of Things (IoT) connectivity in a variety of business sectors, including retail, hospitality, education, smart cities, automotive, and aviation, among others.