The following document and the information contained herein regarding Wi-Fi Alliance programs and expected dates of

launch are subject to revision or removal at any time without notice. THIS DOCUMENT IS PROVIDED ON AN "AS IS", "AS

AVAILABLE" AND "WITH ALL FAULTS" BASIS. WI-FI ALLIANCE MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR

GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THIS DOCUMENT

AND THE INFORMATION CONTAINED IN THIS DOCUMENT.

Wi-Fi CERTIFIED Passpoint™:

An essential and strategic solution for service

provider Wi-Fi® deployments

October 2014

© 2014 Wi-Fi Alliance. All rights reserved. 2

Executive summary

Once found only at home and in coffee shops and hotels, the Wi-Fi® hotspot has become

ubiquitous. Indeed, Cisco is predicting a four-fold increase in Wi-Fi hotspots from 2013, to

55 million hotspots worldwide by 20181.

Several factors drive this growth:

Ubiquity of Wi-Fi in mobile devices like tablets, smartphones, and laptops

End-user appetite for public high-speed Wi-Fi connectivity

Investment in Wi-Fi networks by fixed broadband providers as a means to extend their

services to subscribers outside the home

Widening support by mobile operators of Wi-Fi hotspots as a means to offload traffic

from congested mobile phone networks and to improve the end-user experience

New opportunities in sectors such as retail and hospitality, where the value of a Wi-Fi

network extends beyond a customer amenity into value-driving service

Historically, the procedure to connect in a hotspot has been cumbersome and highly

variable from location to location. Also, a secure connection that prevents data theft is

often the exception, rather than the rule.

Wi-Fi Alliance® created the Wi-Fi CERTIFIED Passpoint™ program to revolutionize the end-

user experience at Wi-Fi hotspots. With Passpoint, Wi-Fi devices connect to hotspots as

effortlessly and securely as they do to cellular towers. Passpoint also enables all hotspot

operators (broadband and mobile service providers, retailers, hoteliers, and social

networks, just to name a few) to extract more business value from investments in Wi-Fi.

Passpoint certification defines several features, including:

In-pocket connection experience: Wi-Fi devices identify and associate with Passpoint-

enabled networks in the background, without any active intervention from the

subscriber. Authentication no longer requires a browser-based sign-on. Instead, devices

are authenticated automatically, using Extensible Authentication Protocols (EAP) based

on a Subscriber Identity Module (SIM), a username and password, or certificate

credentials.

Registration and provisioning: A streamlined process to establish a new user account

at the point of access, drives a common provisioning methodology across vendors

Policy: Passpoint also employs mechanisms to support operator-specific subscriber

policies, including network selection policy

Secure access: All connections are secured with WPA2™-Enterprise, which provides a

level of security comparable to that of cellular networks

1 Cisco, “The Zettabyte Era—Trends and Analysis,” 2014.

© 2014 Wi-Fi Alliance. All rights reserved. 3

This white paper describes Passpoint features within the context of the marketplace, and

explains how Passpoint devices can transform an end user’s Wi-Fi experience. For a

technical description of the technologies that support Passpoint, see the Hotspot 2.0

(Release 2) Technical Specification.

© 2014 Wi-Fi Alliance. All rights reserved. 4

Wi-Fi traffic, devices, and hotspots continue an upward trajectory

As the number of Wi-Fi

devices entering the market

accelerates, and users’

insatiable thirst for video

and other data grows, Wi-Fi

data traffic will soon account

for 61 percent of total global

Internet traffic (Figure 1)

from 36 percent in 2010. As

Wi-Fi integrated circuit (IC)

sales and Wi-Fi product

certification volumes

continue to increase, the

fastest-growing categories in

the Wi-Fi market have been

mobile and consumer

electronic (CE) devices.

Users are accustomed to using Wi-Fi when on the go. With users demanding ubiquitous

network access, the number of Wi-Fi hotspots in nonresidential settings is expected to

grow rapidly over the next four years as service providers intensify their efforts to meet

that demand.

Wi-Fi shipments continue to grow each year (Figure 2), with more than one billion devices

in use today. More than 2.6 billion Wi-Fi-enabled chipsets are likely to ship in 2014,

followed by 18 billion more over the next five years.2 Widespread adoption of the

technology by consumer, mobile, automotive, and emerging markets drives this rapid

growth forecast. Wi-Fi is now commonplace in homes, Wi-Fi hotspots, and enterprise

environments. It is found in many types of devices, including smartphones, tablets, laptop

computers, cameras, media players, photo frames, TVs, gaming consoles, and fitness

devices.

2 ABI Research, 2014, as reported in MarketWatch.

Figure 1. Global Internet traffic, wired and wireless. Source: Cisco VNI,

2014. The percentages in parentheses next to the legend refer to traffic

share in 2013 and 2018, respectively.

© 2014 Wi-Fi Alliance. All rights reserved. 5

Figure 2. Wi-Fi device shipments forecast. Source: ABI Research, August 2014.

Insatiable demand for data: A challenge and an opportunity

As people adopt a wider array of Internet-connected devices in their lives, the number of

wired and wireless Internet connections is growing faster than both the global population

and the number of human Internet users. The machine-to-machine [M2M] category alone,

including devices like smart utility meters, video surveillance systems, and logistical

trackers, will account for 35 percent of IP device share by 2018 (Figure 3).

Figure 1 shows Wi-Fi quickly

becoming the dominant

access technology. As the

much faster “gigabit” 802.11ac

Wi-Fi standard becomes

widespread, mobile users will

expect the high-definition

video streaming, gaming,

video conferencing, and other

data-heavy services they enjoy

at home.

Wi-Fi has also become an

important complement to

cellular networks, as

subscriber volume and per-

subscriber traffic load grow

Figure 3. Market share by device type. Source: Cisco VNI, 2014.

The percentages in parentheses next to the legend denote the

device share for the years 2013 and 2018, respectively.

© 2014 Wi-Fi Alliance. All rights reserved. 6

faster than available cellular capacity. Global mobile data traffic is predicted to grow 11-fold

from 2013, reaching nearly 16 exabytes per month by 2018.3

A variety of service providers are integrating Wi-Fi into their core offering, driving an

explosion in the number of hotspots and the data volumes they transport:

Wireline broadband service providers, including cable and other fixed-line

operators. With growing Wi-Fi offerings, providers can differentiate services and offer a

more compelling proposition to subscribers outside the home. They can also offer

wholesale Wi-Fi access to roaming partners.

Hotspot operators offering access in partnership with hotels, restaurants, and

retailers. Users have come to expect Wi-Fi access in a wide range of public locations.

Wi-Fi has become a tool to attract and retain customers, and to encourage direct

purchases of goods or services. Hotspot operators can strike lucrative deals with

telecommunications service providers seeking to expand Wi-Fi offerings.

Telecommunications carriers. Wi-Fi hotspots improve the subscriber experience and

allow operators to offload data from congested cellular networks. In the United States,

for example, AT&T provides Wi-Fi access to subscribers in more than 30,000 hotspots.4

The company provides managed Wi-Fi services in large facilities such as stadiums and

shopping malls.5

Wi-Fi’s twin opportunities: Ease of access and security

Thanks to the ever-growing ubiquity of public hotspots, people have come to expect Wi-Fi-

enabled Internet access everywhere they go. Users are buying more and more Wi-Fi-

enabled devices, and their data consumption and production is skyrocketing. However,

until now, most users had to consider access and security issues when they connected to

public hotspots.

In a public hotspot, subscribers typically have had to search for and choose a network, then

request and acknowledge the connection to the access point each time. In some cases,

they must re-enter authentication credentials. Proprietary solutions that simplify network

selection and association and/or offer security severely limit interoperability and worldwide

usage.

By contrast, connecting to a home or enterprise Wi-Fi network is usually automatic after

providing authentication credentials during the first network association. Network selection

and association after that are initiated on the client device side, and they are subject to

3 Cisco, “The Zettabyte Era—Trends and Analysis,” 2014.

4 AT&T, “1.2 Billion Customer Connections Made to 30,000 AT&T Wi-Fi Hot Spots in 2011”, 2012.

5 Computerworld, “Wireless competition heats up, and so do changes in executive ranks,” 2014.

© 2014 Wi-Fi Alliance. All rights reserved. 7

policies set by IT managers or to the homeowner’s preference. As users continue to access

the same networks, their devices automatically associate with known and trusted networks,

avoiding further user intervention.

Given the experience of unhindered roaming and secure connections while using

enterprise Wi-Fi or cellular networks, users have come to expect public Wi-Fi service that is

as transparent, consistent, automatic, and secure.

Until Passpoint, that kind of customer experience didn’t exist for public Wi-Fi.

Passpoint value proposition

With active support from a wide ecosystem of device manufacturers, mobile operators, and

service providers, Wi-Fi Alliance designed the Passpoint certification program to:

Create a high-quality experience for subscribers in public hotspots

Enable service providers to extract additional value from hotspot deployments

Enable service providers to develop new Wi-Fi–based services

Create an effective platform for carriers to offload traffic to Wi-Fi networks

Enable service providers to develop Wi-Fi roaming agreements

Passpoint-enabled devices manage network association, authentication, sign-up, and

security in the background, in a way that is completely transparent to the subscriber.

Key Passpoint features are described in the following table (Table 1).

© 2014 Wi-Fi Alliance. All rights reserved. 8

Key Passpoint Feature Description

Automated network

discovery and

selection

Client devices discover and automatically select

networks based on user preferences, provisioned

operator policy, and network availability. These features

are based on Wi-Fi Alliance extensions to the IEEE

802.11u standard.

Seamless network

access and roaming

between hotspots

Wi-Fi hotspot access for in-network access points no

longer requires active selection by the subscriber.

Passpoint uses a consistent interface and automated

association process.

Devices can be automatically granted access to networks

based on several credential types. Passpoint supports

SIM–based authentication (widely used in cellular

networks), username-password combinations, and

certificate credentials. User input is not required to

establish a connection to a trusted network.

Immediate account

provisioning

Standardized and streamlined process for establishing a

new user account at the point of access drives a

common provisioning methodology across vendors.

WPA2-Enterprise

security

All Passpoint connections are secured with WPA2-

Enterprise for authentication and connectivity, offering a

level of security comparable to that of cellular networks.

Passpoint enhances WPA2-Enterprise by adding features

to mitigate common attack methods in public Wi-Fi

deployments.

Operator policies are

easy to implement

Passpoint provides mechanisms to support operator-

specific subscriber policies, including network selection

policy.

Table 1. Key Passpoint features.

© 2014 Wi-Fi Alliance. All rights reserved. 9

Transforming the user experience

As mobile device users travel from place to place, Passpoint hotspots provide a seamless

and secure connection experience. Mobile and residential subscribers can enjoy immediate

access wherever their provider has a hotspot. Wi-Fi roaming partnerships further expand

access. Other users can use online sign-up to create an account and buy secure access in

the moment.

Devices with SIM cards can be used for even faster secure access as an alternative to

manual authentication, such as entering a username and password.

These are just some examples of how Passpoint transforms the user experience.

Online sign-up — Alice walks into a coffee shop

Alice enters a coffee shop for the first time and wants to get some work done after buying

a drink. The shop’s Passpoint hotspot requires her to sign up online with its service

provider.

During this secure sign-up procedure, she enters her name, address, and credit card

information to associate her tablet with the new account. Alice’s tablet is then provisioned

with the appropriate credentials and configuration to securely access the service provider’s

hotspots – both in the coffee shop and elsewhere. (If there’s a roaming agreement between

Alice’s home service provider and the hotspot’s service provider, then her laptop is

provisioned automatically – no sign-up required.)

After this one-time sign-up procedure, Alice is connected securely to the Internet. Indeed,

she’s free to work, check email, or access her bank account without worrying about

someone intercepting her communications or stealing her data.

In the future, when Alice returns to the coffee shop or any hotspot operated by the same

service provider, Alice’s tablet just connects. The previously accepted terms and conditions

still apply, and it connects without her intervention (Figure 4).

Figure 4. Access by online sign-up (OSU)

© 2014 Wi-Fi Alliance. All rights reserved. 10

Mobile service subscriber with SIM — Jack walks into a coffee shop

If your mobile device has a SIM card affiliated with the same service provider as the

hotspot operator, the device can automatically initiate association to the Wi-Fi network.

This can also work with other service providers if agreements are in place. Authentication

occurs based on the SIM credentials if the network supports it.

Jack is at the same coffee shop as Alice, and he wants to use his mobile phone to watch his

local soccer team play a match. He has a dual-mode phone that can connect to both

cellular and Wi-Fi networks.

The hotspot uses a Wi-Fi-enabled broadband router managed by the cellular operator or

another service provider. Jack’s phone uses its SIM credentials to authenticate to the

hotspot automatically. Jack begins to watch the soccer match on his phone with no user

intervention required to get online (Figure 5).

Figure 5. Access using SIM credentials

Residential service subscriber — John waits for his commuter train to the office

John has a subscription to a residential service, such as a cable provider that also offers

hotspots in different locations. While he waits at the train station on his way to the office,

he wants to watch videos online. When he arrives at the station, his tablet automatically

finds and securely connects to his service provider’s hotspot. John starts watching an online

video (Figure 6).

© 2014 Wi-Fi Alliance. All rights reserved. 11

Figure 6. Access for residential service subscribers

Wi-Fi roaming (the visited network) — Sanjay waits for his flight home

Sanjay has an account with his home service provider in Sacramento. At Heathrow airport

waiting for his flight, he wants to connect his mobile device to a Wi-Fi hotspot.

The airport offers hotspots from many service providers, including one that has a roaming

agreement with his home service provider. Using his home account credentials, Sanjay’s

device automatically establishes a connection to the hotspot without any manual input

(Figure 7).

Figure 7. Access through Wi-Fi roaming (the visited network)

© 2014 Wi-Fi Alliance. All rights reserved. 12

Existing technologies supporting the Passpoint program

How does Passpoint make these user experiences at a hotspot possible? The Wi-Fi Alliance

Hotspot 2.0 (Release 2) Technical Specification describes technologies manufacturers and

service providers must use to be certified. The following pages offer an overview.

• IEEE 802.11u – plus custom elements are used during network discovery and selection

to identify certified Passpoint networks

• HTTPS – secure network communications protocol to prevent wiretapping and man-in-

the-middle attacks

• Public key infrastructure (PKI) – for validating servers involved in online sign-up,

registration, provisioning and secure access; Hotspot 2.0 uses five public key certificate

types: Certificate Authority (CA) trust anchor, OSU server, AAA server, subscription

remediation server, and policy server

• OMA DM and SOAP XML – protocols used to exchange messages with servers involved

in online sign-up and provisioning

• WPA2-Enterprise – provides very strong Wi-Fi data encryption and network access

control

• EAP methods – protocols used to seamlessly authenticate a user’s device. Passpoint

enables a hotspot network to use four extensible authentication protocols. Acceptable

credentials are: trusted root certificate, SIM, USIM, and username-password

• RADIUS– a networking protocol that provides centralized authentication, authorization,

and accounting (AAA) management

• Layer 2 inspection and filtering – helps detect network intrusions

• DGAF Disable feature – the purpose of the DGAF Disable feature is to mitigate the so

called “hole-196” attack by disabling forwarding of downstream group-addressed

frames

• Proxy ARP service – the address resolution protocol enables a device to answer

queries for a network address

© 2014 Wi-Fi Alliance. All rights reserved. 13

How Passpoint works

This simple architecture diagram (Figure 8) for a Wi-Fi network shows how some of the

technologies are implemented in the Wi-Fi CERTIFIED Passpoint program.

Figure 8. Simple architecture diagram, Passpoint-enabled Wi-Fi network

Mobile devices pass through four states (Figure 9) on the path to secure Wi-Fi connections.

Figure 9. Passpoint-enabled mobile device states

© 2014 Wi-Fi Alliance. All rights reserved. 14

Discovery

During discovery, hotspots advertise capabilities, and mobile devices can search for a

network pre-association with no user intervention:

1. Mobile device scans for Passpoint-enabled networks and identifies them based on the

access point’s capabilities, advertised in Beacon and Probe Response frames.

2. Mobile device queries ANQP server to determine network’s capabilities prior to

connection.

3. Mobile device checks user credentials to determine if it can access available networks.

4. If the user’s credentials are valid: Mobile device selects the preferred Passpoint-enabled

network unless overridden by the user, and directly proceeds to Secure Access state.

5. If the user’s credentials are invalid or not present: User can select an available Passpoint-

enabled network for online sign-up and proceed to Registration state.

Registration and Provisioning

Registration can be done using pre-loaded credentials and account creation can be done

via online sign-up (OSU).

If a user attempts to connect to a hotspot for the first time or without credentials, her

mobile device also goes through Registration and Provisioning. The OSU server registers

new subscribers and provisions a mobile device with credentials based on trusted root

certificates, SIM/USIM, or username-password. Credentials for devices with a SIM are pre-

provisioned, but might require metadata and policy provisioning.

If the device already has credentials for the Passpoint-enabled network it is trying to

connect to (such as a home service provider or a service provider that has a roaming

agreement with the home provider), it goes straight to the Secure Access state and

connects.

Registration can require:

• Subscriber contact information

• Credit card details

• Agreement to service provider terms and conditions

• Selection of a plan (such as 24 hours, 30 days, or 1 year)

During Provisioning, a mobile device is:

• Loaded with required certificates, credentials, and related metadata, policy, and home

service provider information for network discovery, selection, and access to Passpoint-

enabled network

• Provisioned with subscription and policy data

© 2014 Wi-Fi Alliance. All rights reserved. 15

Secure Access

The mobile device enters the Secure Access state after it is associated to the Passpoint-

enabled network. (The device has login credentials and WLAN security settings that were

previously configured.)

In the Secure Access state:

1. The mobile device mutually authenticates with the hotspot service provider’s (SP)

authentication, authorization, and accounting (AAA) server using one of the allowed

Extensible Authentication Protocol (EAP) methods supported by the SP’s network (Table

2).

Credential Type EAP Method

Certificate EAP-TLS

SIM or USIM EAP-SIM or EAP-AKA

Username-Password

(with server-side certificates) EAP-TTLS with MS-CHAPv2

Table 2. Authentication methods.

2. If authentication with the AAA server is successful, the mobile device receives full access

to the Wi-Fi Passpoint-enabled network.

With all this work going on behind the scenes, the user must only interact once with a

Passpoint hotspot: for first-time sign-up, or to choose a service provider manually.

© 2014 Wi-Fi Alliance. All rights reserved. 16

Passpoint benefits

Passpoint drives value for a broad ecosystem of stakeholders, summarized in the table

below:

Passpoint Benefits

End users Industry-standard Wi-Fi security in hotspots

In-pocket connection experience

Add additional devices to existing account easily

Create new accounts easily

Manage multiple subscriptions in the background

Fixed or Wi-Fi

only service

providers

Connect user devices easily, even non-SIM devices

Engage in Wi-Fi roaming agreements and wholesale Wi-Fi capacity

Keep in-home broadband subscribers connected on the go

Deliver value-added services over Wi-Fi, including video, voice, etc.

Mobile service

providers

Enable data offload

Connect subscriber’s non-SIM devices (tablets, etc.)

Engage in Wi-Fi roaming agreements and wholesale Wi-Fi capacity

Address coverage challenges indoors and in high-footfall areas

Deliver value-added services over Wi-Fi, including video, voice, etc.

Retail sector Provide an easy-to-use customer amenity to enhance store brand

Leverage amenity Wi-Fi to collect customer data

Deliver loyalty program services and promotions

Address cellular coverage challenges

Collect indoor location data and deliver location-based offers

Hospitality

sector

Provide an easy-to-use customer amenity to enhance brand

Leverage amenity Wi-Fi to collect customer data

Deliver loyalty program services and promotions

Address cellular coverage challenges

Deliver value-added services over Wi-Fi, including video, voice, etc.

Table 3. Passpoint benefits to industry stakeholders and end users

© 2014 Wi-Fi Alliance. All rights reserved. 17

Passpoint security with WPA2-Enterprise

WPA2-Enterprise certification is a foundational Passpoint requirement because it provides

a consistent security level that both service providers and subscribers can rely on to

protect the network, devices, and transmitted data.

WPA2-Enterprise meets enterprise and government security requirements. It leverages

authentication, authorization, accounting (AAA) servers to manage user accounts and

monitor traffic. WPA2-Enterprise also defines user-specific authentication levels by using

multiple extensible authentication protocol (EAP) methods.6

WPA2-Enterprise is widely available in Passpoint-enabled mobile devices and laptops.

Legacy clients that are certified for WPA2-Enterprise support the same level of security as

new Passpoint-certified equipment, and can connect to Passpoint-enabled networks if they

have WPA2-Enterprise enabled.

Roaming access through advanced network selection functionality

As Alice experienced in the coffee shop example, Passpoint hotspots enable service

providers to offer seamless roaming in one another’s Passpoint-enabled networks. To

enable roaming, service operators must first establish mutual roaming agreements that

include credential validation, billing, and reconciliation. In addition, they must rely on a

single common protocol for network selection and user authentication. Again, Passpoint

provides that foundation.

After roaming between two service providers is enabled, Passpoint-certified devices can

connect to either the subscriber’s (home) network, or to the visited network run by the

other provider. In each case, the Passpoint-enabled client recognizes that the access point

belongs to the list of available networks and establishes a connection. The user’s

experience is similar to cellular roaming – when he or she reaches a Passpoint hotspot, the

device connects automatically.

6 WPA2-Enterprise uses an authentication and key management infrastructure that is much stronger than

WPA2-Personal. WPA2-Personal support is mandated in all Wi-Fi equipment and provides security in residential

and small business environments without AAA capabilities.

© 2014 Wi-Fi Alliance. All rights reserved. 18

Summary

Hotels, retailers, restaurants, sports arenas,

and other businesses see Wi-Fi as a

competitive necessity for attracting

customers. Carriers and cable providers see

it as a crucial means to expand their reach,

and to relieve congestion in their networks.

Meanwhile, mobile users are demanding

more of everything: Wi-Fi-connected devices,

more bandwidth, more media-rich content,

powerful new apps, and better security. This

drives adoption of Passpoint-enabled mobile

devices (Figure 10).

The Wi-Fi Alliance Wi-Fi CERTIFIED Passpoint program enables service providers and

equipment vendors to make hotspot access powerful, seamless, effortless, and truly secure

for subscribers.

For information on Passpoint, other Wi-Fi CERTIFIED programs and products, or the Hotspot

2.0 (Release 2) Technical Specification: http://www.wi-fi.org/discover-wi-fi/wi-fi-certified-

passpoint.

Figure 10. Wi-Fi CERTIFIED Passpoint products by

category, 703 total as of August 25, 2014.

Source: Wi-Fi Alliance.

© 2014 Wi-Fi Alliance. All rights reserved. 19

Appendix A – Key Hotspot 2.0 requirements

HS2.0 Entity Requirement

Access

points

• WPA2-Enterprise

• Selected EAP methods

• Interworking information, Roaming Consortium, Extended

Capabilities, BSS Load

• IEEE 802.11 ANQP elements and Hotspot 2.0 ANQP-elements

Mobile

devices

• If the device has SIM/USIM, support all credential types and

EAP methods in HS2.0

• Filtering of encrypted frames

• Online sign-up

• QoS mapping interworking services

• IEEE 802.11 ANQP elements and Hotspot 2.0 ANQP-elements

• Device procedures

• PerProviderSubscription managed objects (PPS MO)

Hotspot

operators

• Configure a Passpoint hotspot with access point elements

• Ability to configure ANQP elements and additional Hotspot 2.0

ANQP-elements

• Acknowledge that certificate, SIM/USIM, username-password,

and associated EAP methods are a satisfactory security basis

for establishing roaming relationships with other service

providers

• Do not disable DNS security extensions

Service

providers

• With or without SIM/USIM infrastructure, support at least one

of the following:

- Username/password

- Certificate credentials and the associated EAP method (EAP-

TLS)

• Home service providers support online sign-up

• Deploy authentication, authorization, and accounting (AAA)

servers supporting specified RADIUS attributes

Table 3. Key Hotspot 2.0 requirements

© 2014 Wi-Fi Alliance. All rights reserved. 20

Appendix B – References

Cisco. “The Zettabyte Era—Trends and Analysis.” Accessed September 2, 2014.

MarketWatch. “Wi-Fi Chipset Shipments Will Near 18 Billion Chipsets During the Next Five

Years, Says ABI Research,” May 5, 2014. Accessed September 1, 2014.

AT&T. “1.2 Billion Customer Connections Made to 30,000 AT&T Wi-Fi Hot Spots in 2011,”

2012.

Computerworld. “Wireless competition heats up, and so do changes in executive ranks,”

August 27, 2014. Accessed September 1, 2014.

Wireless Broadband Alliance. “Boingo Drives the Next Generation Hotspot Revolution: WBA

Case Study, 2014.” Accessed September 1, 2014.

Appendix C – Additional resources

White paper by Heavy Reading and Wi-Fi Alliance. “Unlocking the full business potential of

cable Wi-Fi®,” April 2014.

Polling brief by Wi-Fi Alliance. “Wi-Fi CERTIFIED Passpoint™ adds value to service provider

networks,” September 2013.

Appendix D – Abbreviations, acronyms, and terms

Term Definition

AAA Authentication, Authorization and Accounting

AES Advanced Encryption Standard

ANQP Access Network Query Protocol

AP Access Point

ARP Address Resolution Protocol

BSS Basic Service Set

CE Consumer electronic devices

DAS Distributed antenna system

DGAF Downstream group-addressed forwarding

DHCP Dynamic Host Configuration Protocol

DRM Digital rights management

© 2014 Wi-Fi Alliance. All rights reserved. 21

Term Definition

EAP Extensible Authentication Protocol

EAP-AKA EAP–Authentication and Key Agreement

EAP-SIM EAP–Subscriber Identity Module

EAP-TLS EAP–Transport Layer Security

EAP-TTLS EAP–Tunneled Transport Layer Security

HLR Home Location Register

Hotspot

Site that offers public access to packet data services, such as

the Internet, via a Wi-Fi access network; can include one or

more Aps.

Hotspot

operator

Entity responsible for configuration and operation of the

hotspot.

Hotspot service

provider

Entity providing a packet data service as a business. A

subscriber has credentials from this entity, which has

authentication authority for the subscriber and provides

subscribers with authentication credentials.

HS2.0 Hotspot 2.0

HTTPS HyperText Transport Protocol Secure

IC Integrated circuit

IEEE Institute of Electrical and Electronics Engineers

MS-CHAPv2 Microsoft Challenge-Handshake Authentication Protocol

version 2

NAT Network address translation

OCSP Online Certificate Status Protocol

OSU Online sign-up

PKI Public key infrastructure

QoS Quality of service

RADIUS Remote Authentication Dial-In User Service

SIM Subscriber Identity Module

SP Service Provider

© 2014 Wi-Fi Alliance. All rights reserved. 22

Term Definition

SSID Service Set Identifier

TLS Transport Layer Security

TTLS Tunneled Transport Layer Security

USIM Universal Subscriber Identity Module

WAN Wireless Area Network

WEP Wired Equivalent Privacy

WPA2™ Wi-Fi Protected Access® 2

About Wi-Fi Alliance®

www.wi-fi.org

Wi-Fi Alliance® is a global non-profit industry association – our members are the worldwide

network of companies that brings you Wi-Fi®. The members of our collaboration forum

come from across the Wi-Fi ecosystem and share a vision of seamless connectivity. Since

2000, the Wi-Fi CERTIFIED™ seal of approval designates products with proven

interoperability, industry-standard security protections, and the latest technology. Wi-Fi

Alliance has certified more than 20,000 products, delivering the best user experience and

encouraging the expanded use of Wi-Fi products and services in new and established

markets. Today, billions of Wi-Fi products carry a significant portion of the world’s data

traffic in an ever-expanding variety of applications.

Wi-Fi®, the Wi-Fi logo, the Wi-Fi CERTIFIED logo, Wi-Fi Protected Access® (WPA), WiGig®, the Wi-Fi ZONE logo, the

Wi-Fi Protected Setup logo, Wi-Fi Direct®, Wi-Fi Alliance®, WMM®, and Miracast® are registered trademarks of

Wi-Fi Alliance. Wi-Fi CERTIFIED™, Wi-Fi Protected Setup™, Wi-Fi Multimedia™, WPA2™, Wi-Fi CERTIFIED

Passpoint™, Passpoint™, Wi-Fi CERTIFIED Miracast™, Wi-Fi ZONE™, WiGig CERTIFIED™, the Wi-Fi Alliance logo,

and the WiGig CERTIFIED logo are trademarks of Wi-Fi Alliance.