Many mobile operators are currently looking to build their own Wi-Fi footprint to handle the urgent need for more mobile data capacity. Their goal is to have subscribers automatically move over from the 3G network to Wi-Fi whenever it is in range. It makes good business sense for two reasons:

Cost savings, as building data capacity in Wi-Fi is only 10 percent of the cost for doing so for 3G, according to one of our European mobile operator customers.

Because they have to.  Mobile operators understand it is imperative to follow their subscribers into whichever environment they prefer. Smartphones tend to automatically select Wi-Fi when they can and so do users. This means operators must find a way to follow subscribers into the Wi-Fi environment. Otherwise, subscribers will spend the majority of their time outside the operator's network, a scary thought.

Torbjorn WardFor a successful mobile data offloading-to-Wi-Fi strategy, the Wi-Fi network needs to provide the same level of functionality (for the operator) and service (for the subscriber) as the existing 3G/4G network. For the operator, this means the Wi-Fi network must offer the same level of security, reliability and scalability.  Subscribers are expecting a better user experience in terms of speed.  Also, there has to be a seamless and automatic process for the user to move between the two networks. Without an automatic authentication of users, the whole business case for offloading will suffer since too few users will take the active step of utilizing the Wi-Fi network.

So, are the current Wi-Fi hotspots up to snuff?

I would argue that most of them aren't, so there is a need for a carrier-class Wi-Fi solution for mobile data offloading.

Carrier-class Wi-Fi security
There is really only one way to obtain carrier-class Wi-Fi security and that is to utilize the very same authentication mechanisms as the mobile network does – authentication via the SIM card or similar unique identity credentials used in mobile networks that do not use SIM cards. The use of SIM authentication has the additional benefit from a security standpoint of requiring the Wi-Fi access points to be 802.1x-enabled. This means that the actual user data – the payload – will be encrypted in the Wi-Fi network.

To enable SIM authentication for the Wi-Fi network, a SIM authentication server needs to be deployed.

Using the SIM card – or a client for mobile networks that do not use SIM – will also ensure that the user is automatically authenticated for a seamless user experience when moving between the mobile and Wi-Fi network.

Carrier-class Wi-Fi reliability and scalability
Many "coffee shop hotspot solutions" are not designed for high reliability and scalability. For these more informal networks, it may not be a catastrophe for the system to go down.  Also, the services are often delivered at best effort when it comes to bandwidth.

User expectations are high regardless. And they are even higher in a mobile data offloading scenario where the users are moved to the Wi-Fi network automatically, many times without even noticing. The subscriber will not think, "I cannot expect better now when I am on Wi-Fi." On the contrary, they will expect a service that is just as reliable as in the 3G network but with a higher data capacity and speed. This is why mobile operators need to deliver an excellent experience in the Wi-Fi network.

Their reputation depends on it.

So, whether the mobile operator builds its own Wi-Fi network, relies on partners' footprints or both, they must make sure that the underlying Wi-Fi network is carrier-class when it comes to redundancy and a linear scalability by adding more traffic nodes. This will ensure reliability of the service and provide the option to expand as demand increases.

Carrier-class Wi-Fi delivering a better user experience
The congestion of 3G networks is primarily due to an imbalance of data usage: In many cases, about 10 percent of the users are consuming 90 percent of the available bandwidth.  This congestion will shift to the Wi-Fi network unless this imbalance is addressed.

SIM Authentication ServerAvoid bandwidth hoggers and obtain a fair use policy with a service management system that will define policies to make sure that the Wi-Fi network can deliver an excellent experience for prioritized users. Furthermore, the access gateways for the Wi-Fi network must be able to enforce these policies. Another key element for the future in a carrier-class Wi-Fi network is to ensure the radio equipment supports the new 802.11u standard to facilitate enrollment and network selection.

The new 802.11u standard is one of the pillars of the Hotspot 2.0 initiative from the Wi-Fi Alliance. The radio link encryption and EAP-based authentication that come with SIM authentication are also part of this initiative. While the Hotspot 2.0 concept mostly focuses on authentication, network selection and QoS in the radio link, a carrier-class Wi-Fi network must go beyond that to include outbound QoS toward the Internet and integration with the mobile core for policy and charging.

A holistic view of mobile data offloading
Only when a Wi-Fi network is carrier-class can mobile operators take it to the next level and implement an automatic and seamless authentication and integration with the mobile core for policy and charging. Even if SIM authentication or authentication via client for non-SIM-based mobile networks is considered best practice, in providing an authentication mechanism that is just as seamless for the operator as it is for the user, there will be a need for additional alternative authentication methods. Not every device has a SIM card and mobile operators will need to cater to multiple devices for each subscriber with different authentication methods including MAC-authentication, EAP-TLS (X.509 certificates), one-time password via SMS and username/password. For Wi-Fi networks that do not support 802.1x, a SIM-based authentication can be achieved using a WiSPr 2.0 client.  However, the radio link will not be encrypted in this case.

Mobile operators will need to take a holistic view and balance the cost-saving benefits and ease of use for subscribers with the security requirements to be able to implement a profitable and popular solution for mobile data offload to Wi-Fi.

Torbjorn Ward is CEO of Aptilo Networks.