Breaking News

Wi-Fi news from ENEA

OpenRoaming is a Wi-Fi roaming initiative initially conceived and launched by Cisco but since taken over and today operated by the Wireless Broadband Alliance (WBA).

OpenRoaming is a Passpoint-based roaming scheme bringing together identity providers and network providers into a so-called open roaming federation with currently over 1 million Wi-Fi hotspots and counting.


OpenRoaming Architecture

OpenRoaming Identity Providers
Identity providers can be any organization providing accounts for users. The most common and numerous types of identity providers within the context of OpenRoaming are fixed and mobile service providers. Still, anyone providing a user account can also be an identity provider. Both Samsung and Google are identity providers, and OpenRoaming is enabled by default in all Samsung devices from Galaxy S9 and in Google Pixel phones with Android 11 and above. Apple is largely expected to follow suit.

Game Changer for Passpoint

OpenRoaming is a game changer for the live deployment of Passpoint. The industrywide Passpoint project has been in the works since 2014, but the issue has always been the provisioning of Passpoint profiles.

Now finally, Passpoint is pre-enabled in devices from the factory for OpenRoaming. With this, Passpoint can achieve mass-market success not only in theory but also in practice, at least for the settlement-free use case within OpenRoaming.

Other identity providers could potentially be Internet giants like Facebook, Amazon, or Netflix and public networks such as WiFi4EU and Eduroam. Such companies and organizations would then be able to offer their subscribers auto-connect and secure access to Wi-Fi at participating Wi-Fi networks.

OpenRoaming Network Providers

The term network provider describes the participating venues or service providers who own and operate Wi-Fi networks. A network provider can be anything from major Wi-Fi service providers to hotel chains, malls, airports, or congress centers. The Wi-Fi roaming can be free or paid – the details are up to the roaming partners to agree upon.

OpenRoaming aims to build renewed popular support – among carriers and venues – for ubiquitous Wi-Fi roaming and Passpoint. We also see a use case for it together with Aptilo’s Zero-touch Wi-Fi IoT Connectivity invention.

STOCKHOLM – October 5,  2020 – Telkom Indonesia, owner of one of the world’s largest Wi-Fi networks, Indonesia Wi-Fi, celebrates six years in partnership with Aptilo Networks. Telkom has now completed an upgrade to the lastest version of the Aptilo Service Management Platform™ (SMP) with increased capacity and enhanced geographical redundancy.

Telkom’s Indonesia Wi-Fi network is one of the businest in the world serving more than 70 million users with 400,000+ Wi-Fi access points. To be ready for the future, this upgrade further improves capacity and strengthens geographical redundancy to ensure a consistent service.

Indonesia Wi-Fi is available with high-capacity fiber backhaul nationwide in the world’s largest archipelago country with 237 million people spread across 17,000 islands. Users are consuming 15-25 Petabyte (PB) of data per month. To put things in perspective, 25 PB is equivalent to eight million hours of full HD video.

“Managing Wi-Fi services with 400,000+ access points (including homespot) and 70 million users across 17,000 islands puts extreme demands on the Wi-Fi service management core platform,” said Irwan Indriastanto, Senior Manager Wireless Product, Telkom Indonesia. “Our customers deserve the best high-performance Wi-Fi service available. We are very pleased to expand our relationship with Aptilo to enhance the capabilities of our Wi-Fi service.”

Telkom Indonesia also offers a first class business-to-business (B2B) Wi-Fi service which addresses all customer segments including enterprise, SME, wholesale and retail. Through their WICO (Wi-Fi Corner) product, Telkom Indonesia helps governments build smart cities and provide social services.

“We are proud to have enabled one of the world’s largest public Wi-Fi services for the last six years,” said Paul Mikkelsen, CEO, Aptilo Networks. “We are also impressed at how Telkom Indonesia makes the most out of the innovations from Aptilo and Wi-Fi equipment vendors.”

About Aptilo Networks

Aptilo Networks, an Enea company, is a leading provider of carrier-class systems to manage data services with advanced functions for authentication, policy control and charging. Aptilo Service Management Platform™ (SMP) has become synonymous with Wi-Fi service management and Wi-Fi offload in large-scale deployments with 100+ operators in more than 75 countries, and is a critical component of Wi-Fi calling and IoT.

This is an excerpt from ENEA’s white paper Wi-Fi in the 5G Era – Strategy Guide for Operators. The full white paper is available here if you like what you read. Don’t hesitate to contact ENEA if you have any questions.

In this post, we will talk about the different Passpoint releases (R1-R3) and the status of device support. Don’t miss our upcoming blog post, A Pragmatic Approach to Passpoint on how to overcome challenges with the lack of widespread device support for R2 and R3.

One of the essential tools in the Wi-Fi toolbox is Passpoint® with SIM authentication. It enables seamless and secure carrier-grade quality and highly monetizable Wi-Fi services. The Wi-Fi 6 and Wi-Fi 6E radio technology, capable of delivering high-quality wireless connectivity, is an excellent starting point. But for service providers, such capabilities must be transformed into user-friendly, secure, well-defined, and preferably carrier-class high-speed wireless data services.

To that end, the Wi-Fi industry has developed the Hotspot 2.0 standard, nowadays more commonly referred to by its equipment certification name of Passpoint. Once provisioned on the phone or other Wi-Fi device, Passpoint technology allows users to connect securely, instantly, and automatically to the public (or enterprise) Passpoint-capable Wi-Fi networks, for example, at public venues such as airports, stadiums, transport hubs, on aircraft, and so on.

The Passpoint technology also facilitates roaming onto Wi-Fi networks belonging to other service providers or third parties, given that a roaming agreement with the subscriber’s home service provider exists. The WBA OpenRoaming initiative has the potential to make Wi-Fi roaming just as seamless for the user as roaming with cellular phones.


A Passpoint-capable network is defined by supporting the following functions:

  • The network (Wi-Fi access point) should broadcast its capabilities and available services using 802.11u and a protocol called ANQP.
  • The network must use 802.1x-based authentication and WPA2 or WPA3 for over-the-air encryption.
  • Support for EAP-SIM/AKA (SIM identity-based) or EAP-TLS/TTLS (certificate-based methods usually for non-SIM devices) authentication.
  • Optional Wi-Fi roaming with home operator billing.

A critical component is the capability of Passpoint services to deliver ‘Wi-Fi offload’-type services based on credentials stored in the subscriber’s SIM. This means mobile operators can integrate carrier Wi-Fi services into their total service offering. Read more about this in our Wi-Fi and Cellular Convergence – Opportunities Today post.

Passpoint is designed to create a carrier-grade Wi-Fi service with a familiar and seamless user experience like that of cellular networks. However, mobile operators can comfortably apply EAP-SIM/AKA authentication and mobile core integration outside the complete Hotspot 2.0/Passpoint specification. Aptilo Networks was already providing such solutions long before the release of the first Passpoint-capable devices. This also means that EAP-based authentication (SIM/AKA and TLS/TTLS) is not equivalent to Passpoint as such, which is a common misunderstanding.

In the USA, Passpoint-capable Wi-Fi services and roaming are fairly readily available, for example, on the Boingo Wi-Fi network deployed at many airport locations and on some public Wi-Fi networks provided by US cablecos, for instance, on the former Time Warner Cable public Wi-Fi network today owned and operated by Charter Communications. Today, both Android and iOS operating systems natively support Passpoint, and many phones provided by US carriers are pre-provisioned to support Passpoint services.

In Europe and elsewhere, Passpoint-capable Wi-Fi services are less common but available from some major carriers in the form of EAP-SIM/AKA enabled ‘Wi-Fi offload’ convergent mobile services. Most enterprise-grade Wi-Fi access points are certified according to the Passpoint specifications.

Release 1 (R1)
The first release was introduced in 2012, and all the protocols and standards mentioned above, including 802.11u and ANQP, were included with the ability for the device to discover Passpoint-enabled networks and automatically connect to the optimal one.

Challenges still remain in the onboarding of new devices. Users need to provision Pass-point R1 credentials manually by downloading a particular file that contains profile and credential information. Many service providers use an app to make this process seamless for the user. More or less, all mobile phones and laptops support Passpoint RI. This includes Apple iPhones, although Apple has never formally certified them.

Release 2 (R2)
This version, released in 2014, included the important Online Sign-Up (OSU) server allowing new users to create an account and, in a user-friendly way, provision Passpoint credentials at the point of access. This enables easy ad-hoc sign-up of new users, where they can select the service provider of choice if several options exist. The client validates the OSU server certificate to ensure that the server is trusted. SOAP-XML or OMA-DM messages over HTTPS are then used for secure communications between the client and the provisioning servers.

Passpoint R2 requires a separate SSID for Online Sign-Up, either an open SSID or a so-called OSEN (OSU Server-only Authenticated L2 Encryption Network). This version also includes enhanced policy control for service providers. Device support is still limited.

Release 3 (R3)
R3 was released in 2019, but has not yet been certified by any major handset manufacturers (as of September  2022). This version includes several new ANQP protocol elements and improvements in the interaction between operators and end-users. While previous versions have focused entirely on automatic connection and onboarding of the users, Passpoint R3 aims to enhance captive portal functions by leveraging ANQP messaging.

For the first time, Passpoint allows operators to offer B2B customers a tool to engage with visitors. They can do this through a Venue URL, which displays information about the Wi-Fi service and, at the same time, provides offers and local promotions. The R3 version also includes features for end-users to approve terms and conditions and charges for the Wi-Fi service.

We think Passpoint R3 may have attempted to push the user engagement features too far. Deploying these features through ANQP locally in the access points will make it harder to maintain central control, especially in a multi-vendor deployment scenario. Because of the challenges in management and lack of device support, there is a risk that R3 will never be implemented in carrier Wi-Fi networks.

Passpoint R3 also makes roaming much quicker and easier as the client can indicate its membership of a roaming consortium to a Wi-Fi access point.

Security is further improved in R3 with support up WPA3-Enterprise, whereas R2 and R1 only support up to WPA2-Enterprise. It is also possible to use the same SSID for both the actual Wi-Fi service (WPA2/WPA3) and the online sign-up (OSEN) functionality.


The Passpoint certification is a moving target, and things may have changed by the time you read this. But, as of September 2022, only niche handset brands has been certified for the latest Passpoint release (R3). Some Android-based phones are R2 certified, but many are old and not in the market anymore. In addition, smartphone vendors usually customize the Android platform to match their product requirements. So, just because it works with one vendor doesn’t mean it works with another.

The Passpoint certification from Wi-Fi Alliance only certifies the radio protocols. In practice, new releases from R2 and above, which include more complex service-related features, cannot be guaranteed to work end-to-end in a Wi-Fi service. We have experienced this through the testing conducted by the Wireless Broadband Alliance (WBA).

Conversely, it is probably true that devices with R2 support that has not been Passpoint certified also exist, just as R1 is supported in iPhones without official certification.

But as a service provider, you cannot rely on so many unknown parameters.

On a more positive note, it is generally true that most smartphones, tablets, and laptops now support at least Passpoint R1. Therefore, operators should create and deploy Wi-Fi services based on R1, possibly with an extension for selective use of R2.

One thing is certain: Operators who wait for new standards to be fully deployed and for mobile device manufacturers to adopt them risk waiting for a very long time. It is not only the complexity of the technology that decides whether a handset manufacturer develops support for standards like Passpoint R2/R3 or not. Thus, the wait could go on forever. Fortunately, there is no reason to delay the introduction of carrier-grade Wi-Fi services.

In our upcoming blog post, A Pragmatic Approach to Passpoint, we will discuss how Passpoint R1, together with the new Captive Portal API, may well be the interim solution that, in the end, becomes the permanent pragmatic solution for Passpoint-enabled networks.

STOCKHOLM – July 1,  2020 – Swedavia, the state-owned Swedish Airport developer and operator, has further enhanced their Wi-Fi service and moved to the cloud with Aptilo Networks.

The ten largest airports in Sweden, with 42 million passengers yearly, are owned and operated by Swedavia. Since 2005, Swedavia has put their trust in Aptilo’s experts managing the Wi-Fi service from servers in Swedavia’s data center.

Now Swedavia has renewed the contract for another three years and is moving from in-house operations to the Aptilo private cloud offering on Amazon Web Services (AWS).

Swedavia can now use the latest Aptilo features for Wi-Fi marketing, analytics, and Internet of Things (IoT). This includes the new Wi-Fi access method using an icon-based survey. It provides enhanced insights about the user with the smallest user effort. The login page (Wi-Fi Captive Portal) is split into several screens. The user provides data by clicking on icons, rushing on to the next page. One of Aptilo’s other airport customers gained 15% more Wi-Fi users overnight by using this approach instead of a traditional login.

“We are proud to have earned Swedavia’s trust for another three years,” said Paul Mikkelsen, CEO, Aptilo Networks. “We will continue to help them deliver state-of-the-art connectivity services at their airports. It is also wonderful that Swedavia has joined our cloud-first strategy. Our new IoT offerings, Aptilo Wi-Fi Zero-touch and Aptilo IoT CCS, are both by default delivered as services on AWS.”

About Aptilo Networks

Aptilo Networks is a leading provider of carrier-class systems to manage data services with advanced functions for authentication, policy control and charging. Aptilo Service Management Platform™ (SMP) has become synonymous with Wi-Fi service management and Wi-Fi offload in large-scale deployments with 100+ operators in more than 75 countries, and is a critical component of Wi-Fi calling and IoT.

# # #

This is an excerpt from ENEA’s white paper Wi-Fi in the 5G Era – Strategy Guide for Operators. The full white paper is available here if you like what you read. Don’t hesitate to contact ENEA if you have any questions.

Based on twenty years of Wi-Fi industry evolution, carrier Wi-Fi monetization strategies are both well-known and evolving continuously to match B2B and B2C needs.

In our previous blog posts, we have addressed how operators can monetize indirectly by making the most of their Wi-Fi assets and integrating Wi-Fi with their cellular 4G and 5G networks.

This blog post will dwell on how service providers can monetize Wi-Fi directly through B2B and home Wi-Fi services.

Enea, through the Aptilo Product Line, has been actively participating in this service evolution process from the start.

So how do you monetize Wi-Fi? The question has loomed large for years, particularly since, from a consumer point of view, Wi-Fi is typically offered as a free amenity. This does, however, not mean that service providers cannot monetize Wi-Fi services. Apple founder Steve Jobs once elegantly pointed out that “if you’re not paying for the product, you are the product.” And this is indeed true specifically for Wi-Fi.

The service provider will receive significant revenues from venues that want to provide carrier-grade Wi-Fi to guests or workers to stay competitive and relevant. Users receive the free service in return for their engagement with the brand and as a result of surrendering some personal details. The service providers may even agree to subsidize the B2B Wi-Fi service at particularly attractive venues to secure a valuable indoor Wi-Fi footprint for their subscribers’ use.

For years operator-managed Wi-Fi has been a specialized but growing telecom market segment. Most Wi-Fi monetization strategies and methods are not new. Still, in the coming years, we expect them to grow in value and importance as they are boosted, particularly by the mass-market arrival of new Wi-Fi technology.

This strategy is driven by the continuous increase in demand for quality Wi-Fi services by businesses everywhere. Hardly a public or private venue exists without the need for Wi-Fi. So business customers can now benefit by offering their visitors and staff top-quality carrier-grade Wi-Fi delivered by expert service providers.



B2B Wi-Fi offers not only a significant revenue stream but also a needed service ‘stickiness’ that keeps businesses and consumers coming back. Enea believes B2B Wi-Fi is a business-critical contribution to an all-encompassing 5G strategy, including high-speed, low-latency indoor services delivered over Wi-Fi.

Businesses want to provide an easy-to-use, high-quality Wi-Fi service for their visitors. In many cases, venue owners see value in using Wi-Fi to engage with their guests and clients, for example, by asking clients to complete a short survey, create and verify accounts, or presenting them with Internet access sponsorship options, coupon offers, and so on.

In some cases, venues will still request payment for Wi-Fi services, often according to a ‘freemium’-type business model. In other instances, venues may accept guests accessing their network via Passpoint-based auto-connect Wi-Fi either for free or via a paid settlement agreement between operators.

It is a well-established fact that venue owners benefit from collecting and analyzing Wi-Fi data. They can use the data for targeted marketing of products and services. Care must be exercised to act only in accordance with GDPR or other relevant privacy regulations.

When operators provide such sophisticated Wi-Fi-based tools to businesses, they are typically also engaging their clients at the decision-making level, which is conducive to building stronger, higher-value, and more fruitful client relationships.


B2B Wi-Fi is a win x 5. The service provider’s B2B department gets a profitable service, business customers get analytics and a tool to engage their visitors, and visitors get a carrier class Wi-Fi service. If an additional SSID or Passpoint service is implemented for the operator’s subscribers, then the consumer department will receive the benefits of reduced churn and network operations will get much needed indoor coverage.

All of these things are not easy for business owners to accomplish on their own. In most cases, they are best provided by experts – meaning operators.

Suppose operator B2B Wi-Fi doubles as a service offered to consumers. In that case, both operators and consumers will benefit from the high-capacity deep indoor wireless coverage – provided that the Wi-Fi networks are built on Wi-Fi 6 and follow carrier-grade quality standards. The same applies to any businesses relying on indoor coverage.

Last but not least: Mobile operators can, in some cases, leverage the strong demand for Wi-Fi from businesses to introduce small cells or DAS systems into indoor locations owned by such businesses. In some instances, venue owners may more readily accept such installations when also provided with the quality Wi-Fi that their businesses and their guests need. In this way, the operator’s B2B Wi-Fi services can also become an indirect means of achieving better indoor cellular coverage.

Residential Wi-Fi delivered by ISPs is right now one of the most significant growth opportunities not just in Wi-Fi but within all of the tech world. A big driver is the need for much better home connectivity to accommodate an avalanche of devices. More and more individuals are transforming their homes into work-from-home offices.

Most ISP-delivered home Wi-Fi services are today managed with simple WPA2 or WPA3 passkey access. However, in more sophisticated cases, smart home services are delivered to Wi-Fi devices at the endpoints. For example, a smart home Wi-Fi configuration app can provision not only Internet connectivity but many other services, such as parental controls, security monitoring, motion detection, and more.

In a few relatively new use cases, the classic world of residential Wi-Fi (as provided by ISPs) and public Wi-Fi (such as managed services enabled by Passpoint or SIM-based authentication) are to some extent merging.

These include, for example, Wi-Fi services offered at MDU (Multi-Dwelling Unit) housing complexes such as senior living facilities, long-stay resorts and condominiums, college campuses, and more.

Wi-Fi services for MDUs – because they are often deployed to cover a wide area similar to classic campus Wi-Fi – often require carrier-grade authentication and service management so guests and residents can enjoy high-quality, secure, and reliable Wi-Fi services anywhere on the property and on any connected device they choose.

We believe the service provider industry in the coming years will see new products or even new companies emerge to serve many such specialized MDU (or new emerging enterprise) segments. Many such new business opportunities will be driven by the hugely improved and more sophisticated Wi-Fi technology and services based on Wi-Fi 6 and Wi-Fi 6E.

Click here to download the white paper.

Enea today announced the launch of the industry’s first complete Wi-Fi Software-as-a-Service (SaaS) service management solution for Communication Service Providers (CSPs) to launch and monetize Wi-Fi services. The Enea Aptilo Wi-Fi Service Management Platform as a Service (SMP-S) is hosted as a dedicated instance per customer at Amazon Web Services (AWS). Each CSP has a self-contained, secure service that also can be deployed as a hybrid service to enhance existing Wi-Fi service management software.

One of Europe’s leading mobile operators has already deployed the solution to securely authenticate users through their SIM card credentials. This tier 1 operator joins a growing list of more than 100 service providers who have deployed the Enea Aptilo SMP. The new SMP-S incorporates all the features from the SMP, including multi-tenancy business-to-business (B2B) support so CSPs can sell Managed Wi-Fi services to organizations such as venue owners and enterprises. Organizations can choose from a variety of login methods to onboard visitors to their Wi-Fi service, including social media accounts, Office 365, surveys, and online payments. They can also monetize valuable insights gained from users by providing GDPR-compliant targeted advertising.

Security is another critical aspect of Wi-Fi, and Enea provides a unique combination of security and connectivity. CSPs can add an extra secure Wi-Fi SSID (802.1x) at every access point and combine this with mobile core integration and SIM authentication for robust security. This enables CSPs to offload subscribers securely and seamlessly to Wi-Fi and boost indoor coverage while freeing up much-needed additional capacity.

Enea’s solution allows CSPs to scale at their own pace with a pay-as-you-grow model to expand their Wi-Fi service footprint and deliver more coverage. As the network grows, CSPs can pick and choose functions that complement their existing solution so that they do not need to perform a costly replacement of their entire system. CSPs can now add new enhanced Wi-Fi service management functions over legacy services from the cloud for the first time.

Roland Steiner, Senior Vice President for Telecoms at Enea, commented: “Moving forward with legacy or homegrown systems in 2022 can feel expensive and problematic. That’s why we’re seeing more and more CSPs move their operations into public cloud solutions, leveraging the innovation and functionality growth shared by many. With our expertise in virtualization and security, CSPs can now use the cloud to monetize Wi-Fi safely using the new Wi-Fi SMP as a service (SMP-S)”

Sue Rudd, Director of Networks and Service Platforms at Strategy Analytics, said of the launch: “Wi-Fi service management ‘in the Cloud’ should immediately accelerate CSPs’ ability to launch new functionality and add services alongside existing systems to secure new revenues. Enea’s Wi-Fi service management offers multi-tenant B2B customer self-management while ensuring the correct handling of consent and use of personal data. These capabilities now make it far easier to monetize Wi-Fi and create valuable experiences for subscribers. Carrier Wi-Fi SaaS is a game-changer for CSPs and their business customers.”


Chevaan Seresinhe, Sonus PR for Enea
Email: [email protected]
Telephone: +44 797 1967 644

Stephanie Huf, Enea Chief Marketing Officer
E-mail: [email protected]

About Enea
Enea is a world-leading specialist in software for telecom and cybersecurity. The company’s cloud-native solutions connect, optimize, and secure services for mobile subscribers, enterprises, and the Internet of Things. More than 100 communication service providers and 4.5 billion people rely on Enea technologies every day.

Enea has strengthened its product portfolio and global market position by integrating a number of acquisitions, including Qosmos, Openwave Mobility, Aptilo Networks, and AdaptiveMobile Security.

Enea is headquartered in Stockholm, Sweden, and is listed on Nasdaq Stockholm.

For more information:


This is an excerpt from our white paper Wi-Fi in the 5G Era – Strategy Guide for Operators. The full white paper is available here if you like what you read. Don’t hesitate to contact ENEA if you have any questions.

Business and technical consolidation trends all point in the same direction: Mobile and fixed networks are coming together – for the benefit of everyone in the industry and consumers.

5G introduces new network architectural concepts for Wi-Fi integration with the mobile core (non-3GPP access). In this post, we first explore the opportunities for mobile operators today and then the basic concepts of trusted and untrusted Wi-Fi access.  In our next blog post about Wi-Fi and Cellular convergence, we will dive into what is new within 5G, introduced in 3GPP releases 15 and 16. After that blog post, we will cover the new Access Traffic Steering, Switching & Splitting (ATSSS) function, the ‘Holy Grail’ of mobile data offloading. Spoiler alert; ATSSS complexity and reliance on device support mean it will likely take years to come to market.


While Wi-Fi and cellular are on a gradual path to technical convergence, there can be no question that corporate fixed-cellular convergence, aka consolidation, has already been happening for a long time. Some years ago, dominant mobile operators trended towards acquiring cable and fiber operations. More recently, fixed service providers and cablecos have either acquired mobile operators or have become MVNOs themselves.

All of this is seeding the ground for technology and services convergence in addition to the more apparent corporate consolidation.

But, as already discussed in one of our blog posts, if genuine technical Wi-Fi and mobile (5G) convergence are to happen, service providers also need to break free from conventional organizational ‘silos’ and compartmentalized thinking on what technologies do and do not belong to mobile and fixed wireless services, respectively.

We believe there is significant untapped business potential in breaking such operator ‘silos’ to achieve progress in service and technological convergence.

Some of these opportunities do not need significant infrastructure investments, nor do operators need to wait for new convergence (3GPP) standards or equipment to emerge.

Selective Wi-Fi Offload is the answer

Selective Wi-Fi Offload is the answerMobile network traffic data may indicate overcapacity. But that is often only true as a high-level average. There will always be some cell sites suffering from congestion and some only serving a handful of subscribers. Selective Wi-Fi offload is the answer: Build Wi-Fi capacity where it is needed most to make users happy (Churn zone) and always for indoor coverage.

If regulations allow it, mobile operators may even take the bold step to replace cellular with Wi-Fi at some locations (CAPEX overload zone).

Here is our suggested list of reasonably simple network changes that would create a ‘Wi-Fi offload’ service and hence a quick new source of revenue for operators:

  • Create an additional SSID (network name) supporting the 802.1x protocol on all of your existing Wi-Fi footprint.
  • Enable SIM-based Wi-Fi services authentication (using the EAP-SIM/AKA protocol).
  • Introduce selective offloading of mobile traffic to Wi-Fi at various locations.

By introducing the correct configurations and by provisioning devices correctly, such a scheme would create an additional layer of mobile network capacity using Wi-Fi. But this would also require that mobile and fixed parts of the operator organization collaborate.

Let’s now look into how to integrate Wi-Fi with the mobile core. The 3GPP standard offers two main strategies to integrate Wi-Fi networks with the mobile core: Trusted and untrusted non-3GPP (Wi-Fi) access.


Untrusted non-3GPP Access

Untrusted non-3GPP (Wi-Fi) access was first introduced in the Wi-Fi specification in 3GPP Release 6 (2005). At that time, Wi-Fi access points featuring advanced security features were rare. Hence Wi-Fi was considered open and unsecured by default. Untrusted access includes any Wi-Fi access that the operator has no control over, such as public hotspots, subscribers’ home Wi-Fi, and corporate Wi-Fi. It also consists of Wi-Fi that does not provide sufficient security mechanisms such as authentication and radio link encryption.

The fact that untrusted non-3GPP access works over any Wi-Fi network is the reason that it is the method of choice for Wi-Fi Calling.

The untrusted model requires no changes to the Wi-Fi network but impacts the device side because it needs an IPsec client to reside on the device. The device is connected through a secure IPsec tunnel directly to an IPsec Terminating Gateway in the Mobile Core, which is connected through an encrypted tunnel to the Packet Gateway. The Packet Gateway is used for both cellular and Wi-Fi traffic.

This integration on the core network side also means that Wi-Fi service management platforms, such as the Aptilo Service Management Platform™ (SMP), must interface with mobile core network HLR/HSS/AMF for SIM Authentication (EAP-SIM/AKA/AKA’ or 5G-AKA). This provides the same level of authentication security as in the cellular network. It may also be required to interface with mobile core network policy functions. In addition to authentication of the device, the SIM authentication process produces cryptographic keys used for IPsec tunnel establishment.


Trusted non-3GPP Access

Trusted non-3GPP (Wi-Fi) access was first introduced with the LTE standard in 3GPP Release 8 (2008). Trusted access is often assumed to be operator-built Wi-Fi access with encryption (enabled by 802.1x) in the Wi-Fi radio access network (RAN) and a secure authentication method (EAP). However, it is always up to the home operator to decide what is considered trusted.

In the case of trusted access, the device (UE) is connected through a Wireless Access Gateway in the Wi-Fi core. This Wireless Access Gateway is connected through a secure tunnel directly with the Packet Gateway, also used for cellular traffic in the Mobile Core.

SIM Authentication is also essential for trusted non-3GPP access. In addition to authentication of the device, it produces cryptographic keys used for encryption in the secure Wi-Fi network (802.1x).

This is an excerpt from our white paper Wi-Fi in the 5G Era – Strategy Guide for Operators. The full white paper is available here if you like what you read. Don’t hesitate to contact us if you have any questions.

Rapid evolution and availability of new technology and new spectrum are making carrier Wi-Fi inevitable as a strategic technology of choice for service providers everywhere. The idea that Wi-Fi is the dominant indoor wireless technology is not new. But we believe that Wi-Fi’s dominance will be even more pronounced in the 5G era.

It is well known that device data consumption continues to rise particularly as the result of the increased popular demand for video streaming and – more recently perhaps – the explosive demand for collaborative work applications, such as video conferencing. More than this, research suggests (see figure) that the need for mobile networks to ‘offload’ traffic to Wi-Fi will substantially increase in the 5G era.

In some countries – such as the UK, Japan, and Germany – ‘Wi-Fi offload’ percentages (meaning the percentage of smartphone traffic delivered over Wi-Fi networks of any kind) are already well above 80%. In connection with the US decision to allocate all of the 6 GHz band to Wi-Fi, the FCC cited the need for offload from 5G networks as an important contributing factor in their decision.

Most analysts believe Wi-Fi 6 and Wi-Fi 6E technology will be ramped up quickly and indeed faster than previous generations of Wi-Fi, specifically because work-from-home connectivity today is business critical for ISPs and consumers. Such factors will continue to play important roles as drivers of renewed connectivity demand as will the continued growth in number of devices in the home as well as data consumption.

The next phase in the ramp-up and deployment of new Wi-Fi technology will then be enterprise and carrier-grade APs and supporting systems. This evolution will happen a little later but also in parallel with the mass-market deployment of home Wi-Fi 6 and Wi-Fi 6E gateways and systems.

In general, the IEEE 802.11 standardization working group is now aiming for a Wi-Fi technology renewal cycle of five years, which means full market penetration of Wi-Fi 6 and Wi-Fi 6E into the enterprise and service provider Wi-Fi markets will sharply rise and come to completion around 2025-26.

Meanwhile it is critical to understand that the availability of pristine new unlicensed spectrum has made the case for carrier Wi-Fi hugely more compelling. Have a look – for example – at the graphic picturing the total licensed spectrum holdings for mobile operators. The analysis uses the UK as an example.

The most amount of licensed spectrum is held by BT and totals 295 MHz while H3G is in second place totaling 229.5 MHz. None of the UK’s mobile operators hold more than 300 MHz of total licensed spectrum – and most hold much less.

The UK recently released 500 MHz of pristine – meaning unused by legacy Wi-Fi – unlicensed spectrum in the lower 6 GHz band. That slice of Wi-Fi spectrum alone is around double the amount of licensed band that most UK mobile operators hold at this time. Add to this the existing 5 GHz and 2.4 GHz Wi-Fi bands – and we contend that it is becoming increasingly difficult for operators to reject the strategic use of carrier Wi-Fi services. Mobile and fixed operators need to embrace carrier Wi-Fi today to stay competitive.

In countries where the full 1.2 GHz of 6 GHz spectrum (up to 7.2 GHz) has been released – including the US, Korea, Brazil, Saudi Arabia, and the Republic of Chile thus far – the situation is even more extreme. The total amount of unlicensed spectrum available (some of it available for outdoor use as well) could be up to 10 times as much as the licensed spectrum holdings of a single mobile operator.


This is an excerpt from our white paper Hyperscale Cellular IoT. If you like what you read, the full white paper is available here. Don’t hesitate to contact Enea if you have any questions. Download white paper here.

In the Hyperscale Cellular IoT white paper, we focus entirely on cellular IoT connectivity. Although cellular IoT will only stand for 22% of all connections at the end of 2026, around 5,9 billion devices will be connected through cellular networks!

The vast majority of IoT connections will be short-range devices using radio technologies such as Wi-Fi, Bluetooth, Z-wave, and Zigbee. But, just like most radio technologies for IoT, cellular connectivity will have rapid growth.

Each technology has its own use case. Cellular is the technology of choice for devices requiring mobility. Short-range technologies such as Wi-Fi are mainly for indoor connectivity. The Low Power Wide Area Networks (LPWAN), including the cellular NB-IoT and technologies such as LoRa, are focused on battery-powered devices with a battery life of up to 10 years.

Cellular is the only technology that enables global central management by using the mobile operator’s existing roaming portfolio, typically in 200 or more countries. However, as discussed in our white paper, there are markets where permanent roaming is not a viable option (regulations and/or commercial reasons).

Initiatives such as Aptilo Zero-touch Wi-Fi IoT Connectivity™ and WBA’s OpenRoaming aims to make Wi-Fi-based IoT more seamless and secure also on a global scale.

Today, many IoT applications are using the existing 4G (LTE) broadband, which has been improved for IoT. In the last few years, 3GPP has created new standards to better support specific use cases. The largest volume of new IoT devices will come in the Massive IoT area designed to support low-cost wearables, sensors, and meters over long distances. 5G provides the ability to support Critical IoT use cases for real-time mission-critical applications such as connected cars and remote surgery.

The Massive IoT market segment includes devices that are widely used in our society, mainly different sensors and meters. The NB-IoT and LTE-M technologies are the dominant technologies for Massive IoT. Compared to 4G, they are designed to deliver extreme coverage with much smaller data volumes and mainly periodical transfer of data. This means a battery life of up to 10 years which is ideal for low-cost devices such as smart meters.

NB-IoT is useful for simpler devices that don’t require connected mobility and tolerate low data rates in tens of Kbps and high latency of up to 10 seconds.
For tracking devices where connected mobility is crucial, CAT-M is a better choice. Cat-M also offers support for voice, higher data speeds of up to 1 Mbps and lower latency (100-150 ms).

According to the Ericsson Mobility report November 2020, massive IoT (NB-IoT and Cat-M) will have an explosive growth going from almost 200 million connected devices in 2020 to approximately 2.6 billion or 45% of all cellular IoT connections by the end of 2026. At the same time, the total number of cellular IoT devices will be approximately 5.9 billion and 44 percent of those will use broadband IoT and Critical IoT (first devices expected in 2021), with 4G connecting most devices.

The non-cellular long range technology low-power wide-area network (LPWAN) will, according to the same report, go from 200 million to 400 million between 2020-2026.


Stockholm, Sweden, March 21, 2022:  Enea today announced that its Wi-Fi Service Management Platform (SMP) was deployed by Batelco to seamlessly connect visitors at the Bahrain International Circuit (BIC). The BIC has a capacity of over 70,000, and the Enea Aptilo Wi-Fi SMP authenticated and connected Batelco’s customers automatically, and subscribers from other networks via a dedicated portal, during the Grand Prix event.

The BIC is part of Batelco’s ‘Bahrain Wi-Fi’ service, the Kingdom’s WiFi digital network. For over ten years the operator has used Enea’s solution to connect subscribers in hotspots nationwide.

“Enea is a valuable partner, and we share a common ethos,” said Batelco General Manager Enterprise Abdulla Danesh. “When we launched our service for people in the Kingdom to benefit from a uniform, island wide network – we relied on Enea’s technology.  They have helped us deliver secure and reliable connectivity not only for our subscribers but for all people in Bahrain and visitors to the country.”

Enea’s Wi-Fi SMP not only provides secure connectivity, but also enables communication service providers (CSPs) to secure revenue streams with their Wi-Fi service. The technology has been deployed by over 100 CSPs in 75 countries and has a subscriber footprint of over 250 million.

“Our expertise supported Batelco’s delivery of Wi-Fi on one of the most important days in the sporting calendar,” said Jonas Jacobsson, Senior Vice President of Service Provider Sales at Enea. “Wi-Fi is a critical component of any sporting event adding the extra dimension on connecting fans to the action.”


Chevaan Seresinhe, Sonus PR for Enea
Email: [email protected]
Telephone: +44 797 1967 644 Stephanie Huf, Enea Chief Marketing Officer

E-mail: [email protected]

About Enea
Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. The company’s cloud-native products are used to enable and protect services for mobile subscribers, enterprise customers, and connected devices. More than 4.5 billion people rely on Enea technologies in their daily lives.

Enea is headquartered in Stockholm, Sweden, and is listed on Nasdaq Stockholm.

For more information: