Wi-Fi Passpoint polishes provisioning, policy

The Passpoint specification for seamless and secure wireless network authentication now has on-the-spot provisioning and more operator policy control.

The Wi-Fi Alliance, an industry consortium that develops and promotes wireless networking standards, has announced new features in the PassPoint standard for simplifying secure access to networks.


Passpoint aims to make the process of connecting to Wi-Fi networks seamless by authenticating the user with an account based on an existing relationship, such as the user's mobile carrier or broadband ISP. These companies establish roaming agreements with Wi-Fi network operators like Boingo, Comcast, large universities and even public entities like the City of San Francisco. It could even be the user's employer.

The end result should be an experience like that of a mobile phone: You come into range of a Passpoint-enabled Wi-Fi network and the device automatically connects, even if it's still in your pocket. All connections are secured with WPA2-Enterprise, which provides a level of security comparable to that of cellular networks.

The announcement describes three new features that have been added to Passpoint. First, there is an on-the-spot account provisioning facility. If the user does not have an account with the Wi-Fi provider or any companies with which that provider has roaming agreements, Passpoint will allow them to set up an account then and there, on the device, and the transaction is still secure.

Passpoint now also includes operator policy settings, implemented through 802.11u extensions. This means that the account-holding entity can set rules for how the user is to connect. It can set routing preferences or specify preferred wireless network providers. It could choose a connection based on the performance of various backhauls available. If an employer were the operator, it might require connections through the organization's VPN.

Mobile network operators use Wi-fi to lighten the load on the cellular network, a process called mobile data offloading. This is usually a win for the user too, as Wi-Fi is likely to give better performance. Mobile operators get to extend their coverage through routing agreements with Wi-Fi services and to reach subscribers' non-SIM devices. Speaking of such devices, Passpoint is also relevant to Wi-Fi-only devices. It makes the public Wi-Fi experience easy and secure. Fixed and Wi-Fi only network operators also get to wholesale excess capacity through roaming agreements.

Security in Passpoint can be quite high. SIM-based devices, usually mobile phones, can be authenticated based on the SIM ID, which is the same ID used for the cellular network. All Passpoint connections are secured with WPA2-Enterprise for authentication and connectivity, and Passpoint enhances WPA2-Enterprise by adding features to mitigate common attack methods in public Wi-Fi deployments.

Image courtesy the Wi-Fi Alliance