Tuesday, May 24, 2022

More flexibility to authentication with Ut interface and Radiator GBA/BSF Pack

One of the carrier products in our Radiator product line is the Radiator GBA/BSF Pack. The main use case for this product has been providing the authentication for VoLTE supplementary services in carrier networks and Radiator GBA/BSF Pack has been in this use for many years. 

In addition to self-provisioning VoLTE supplementary services (call forwarding, call barring, knocking, etc.) the same GBA/BSF functionalities can be used for proxying authentication to different services as well - such as Rich Communication Services or different services for IoT devices, for example.

The main functionality in GBA/BSF is that after the initial authentication, end user authentication can be proxied directly to Application Specific servers via Ut interface. The basic architecture is shown on the diagram below.

The Ut interface and authentication proxying can also be used for example in secure IoT authentication for different products, such as IoT devices that need to be authorised and authenticated. In this use case as well, the IoT device is supplied with SIM/eSIM that authenticates with carrier HSS. After the initial authentication, the later authentications can be proxied using the Authentication Proxy provided by Radiator GBA/BSF Pack.  

Radiator provides flexibility when working with Ut interface

For Ut interface, there is a wide range of different vendor specific implementations from device manufacturers. This causes differences in user equipment behaviour across vendors.

This is where Radiator GBA/BSF shows its strengths: wide interoperability accommodating different user equipment within the same systems makes our Radiator GBA/BSF easy to integrate to different network environments. Radiator GBA/BSF’s implementation allows tweaking the configuration when unexpected behaviour is encountered and adjust accordingly.

This focus to accommodate multiple vendor-specific implementations is what we have been doing in recent releases of Radiator GBA/BSF Pack - latest release in April 2022: providing more interoperability based on real observed behaviour of the devices. In this development work, the feedback from our live carrier customer has been extremely valuable.

Would you like to know more?

If you would like to know more about Radiator GBA/BSF and how it can be used in your use case, please contact our team at info(a)radiatorsoftware.com

Wednesday, April 6, 2022

Radiator Auth.Fi: Self-service, Passwordless Guest Access

 As a part of our Radiator Auth.Fi - Wi-Fi Authentication Service we provide self-service, passwordless guest access for Wi-Fi networks. With this service you can limit the use of your guest network to those users willing to validate their network access with email address or phone number. Compared to unauthenticated guest networks, the authenticated guest networks reduce network abuse  cases and overuse of network resources.

We have designed the guest network access validation to be easy and secure enough for the end-user without any hassle with passwords or need to reauthenticate. As the network access validation is done as a self-service, no vouchers are provided and needed reducing the work needed to support guest users in accessing the network - the authentication and authorization is connected to the user to the MAC address of the user device.

How does it work?

As seen from the picture below, the authentication and access process follows a few steps, after which the guest can join to the Wi-Fi network automatically - but still as an authenticated user. The steps are as follows:

  1. Guest user connects to the Wi-Fi network operated by your organization
  2. The user device of the guest user notices that authentication is needed before browsing and the user's WWW browser is redirected to the authentication page operated by Radiator Auth.Fi.
  3. Guest user chooses the method for authentication and inserts either email address or telephone number for authentication.
  4. Radiator Auth.Fi service sends the authentication verification message to the guest user to email or SMS messaging service.
  5. Email message (or optionally SMS) containing verification link is sent to the guest user 
  6. Following the verification link guest user verifies contact information and network access is authenticated with Radiator Auth.Fi
  7. Guest user can now use guest Wi-Fi network and the device joins network automatically
  8. Guest user can now use the guest Wi-Fi network for a limited time (for example 24 hours - based on your company policies) without the need for reauthentication. The authorisation of the user device to the network is checked periodically during allowed time.

Would you like to know more?

For more info about Radiator Auth.fi Wi-Fi Authentication Service, please contact our sales team at sales(a)radiatorsoftware.com or via contact form.

We are happy to discuss your use case and how Radiator Auth.fi may suit your needs. Commercially, Radiator Auth.fi is based on a flexible, pay-as-you-go subscription model that allows you scale the commercial model of the service based on your business needs. At the same time, we provide several feature options for the Radiator Auth.fi - this use case of providing guest access being one of them.

Wednesday, March 2, 2022

In-flight Connectivity with Radiator

For many of our customers we have been implementing WiFi roaming for different use cases: for example, carriers offloading traffic from their mobile network to WiFi hotspots or for providing VoWiFi (Voice over WiFi) calling to their customers.

One case for Radiator is to implement in-flight connectivity for airline carriers, providing authentication to onboard WiFi that is connected by other means (such as satellite connection) to the internet.

In this scenario, Radiator provides the necessary interfaces for WiFi roaming when subscribers of mobile operators are using their phones during the flight. With smooth WiFi roaming provided by Radiator AAA Server Software, end user devices can connect automatically to the in-flight WiFi network, and continue their use based on the roaming policy agreements between mobile operators and in-flight network operators.

Some of the benefits for this kind of solution are:

  • For the airline carrier: More value for service as a provider of smoothly connected onboard WiFi as a part of their in-flight services.
  • For the end user: Better user experience when connecting to onboard WiFi.
  • For the mobile operator: New product opportunities for mobile operator roaming with airline onboard WiFi.
  • For the onboard Wi-Fi technology provider: A flexible product with Radiator that provides connectivity to carrier networks via different interfaces.

At the same time, the solution with Radiator AAA server can of course be used in cruise ships and platforms where a smoothly run, commercial onboard WiFi is needed. 

How does it work?

On the technical side, Radiator AAA Server, combined with Radiator SIM Pack, is used to provide EAP-SIM, EAP-AKA and EAP-AKA’ authentication and connectivity to different HSS / HLR systems used by different roaming partner carriers and mobile operators. In these cases, the flexibility of Radiator helps to connect to various different systems needed via multiple interfaces.

With this configuration, in addition to handling the authentication traffic, Radiator AAA Server also proxies the accounting traffic to policy enforcement or traffic monitoring solutions that can then use it to provide access to end users, based on their data plan or subscriber profile. The following diagram shows Radiator as part of the architecture for in-flight connectivity.

Radiator provides EAP-SIM / EAP-AKA / EAP-AKA’ authentication and connecting to roaming partners HSS / HLR. 

Would you like to know more?

For commercial contact and more in-depth technical discussion, please do not hesitate to contact our sales team at sales(a)radiatorsotware.com . We are happy to discuss about your requirements, suitable license and configuration assistance needed for your service.

Wednesday, February 23, 2022

Radiator used for secure authentication in power companies

For many years, Radiator AAA Server Software has been used in different utilities: from mobility solutions to water monitoring. In addition to this, Radiator is used more and more in power companies that require secure ways for authentication and accounting in their networks.  Radiator, being the most flexible AAA server software in the market, is easy to configure to these case kind of use cases.

In some use cases, Radiator (and RADIUS protocol in general) is used to get accounting information from electric meters over the internet. Another use case, where secure access is critical, is the power system system management.

Radiator providing secure authentication for power system management

In power system networks, secure access and authentication to management systems is crucial. In times of cyber attacks, proper authentication methods ensure that only authorized personnel and equipment are able to manage power system equipment.

The standard way to do this secure authentication is role-based access control (RBAC) for power system management. RBAC assigns human users, automated systems, and software applications to specific roles, and restricts their access to only those resources, which the security policies identify as necessary for their roles.

As a part of being compliant to industry standards, Radiator also supports role-based access control (IEC 62351-8) in power systems and the related RADIUS attributes specified in the standard. 

Would you like to know more?

If you are interested in using Radiator in power system authentication and accounting, please do not hesitate to contact our sales team at sales@radiatorsoftware.com. Radiator, being the flexible AAA server in the market, may be just the solution for your authentication use case.

Tuesday, February 15, 2022

Upcoming webinar: Radiator Portfolio Updates - 8th March and 10th March

We are pleased to announce that we are presenting a series of live webinars about new developments in Radiator products and their use cases.

The first webinar focuses on harnessing benefits of the full Radiator product portfolio and giving brief examples from the topic list below. Each of the following sessions takes a deep-dive on real Radiator use cases, with technical insight from our experts:

  • Radiator Software news and updates in our product and services portfolio
  • Radiator Auth.fi - our new secure and easy service for Wi-Fi authentication
  • How to connect to OpenRoaming (™) roaming federation service with Radiator
  • Radiator VNF Flex - new and flexible approach to AAA VNF with Radiator
  • Using Radiator in eduroam and other roaming services 
  • Using Radiator with utility networks, such as water systems and power system management
  • Experiences from using Radiator as replacement for products nearing end-of-life
  • More coming up

The first webinar Radiator Portfolio Updates is held in parallel sessions on Tuesday 8th March 08.00-09.00 UTC and Thursday 10th March 16.00-17.00 UTC for participants from different regions to join.

Please register here to receive an invite to your preferred session. By registering you’ll also get access to the presentation recording and materials after the webinar.

Thursday, February 3, 2022

How Radiator can be used in different test use cases

Radiator AAA Server Software can be used by different vendors to perform authentication tests, whenever they need their equipment to be connected to different networks in a secure and flexible way, such as Wi-Fi networks or mobile networks. Over the years, Radiator team has acquired a lot of experience in these scenarios.

Secure authentication is especially important for vendors developing IoT-products, such as medical equipment used in mission-critical hospital Wi-Fi networks. Secure authentication, and various supported authentication methods, help the products to be connected securely in different environments.

Radiator can be easily deployed and configured when automating these tests. Whenever a new version of a product needs to go through authentication and other tests, the process is easy and time-efficient with Radiator. In addition to authentication tests, Radiator provides logging in a variety of formats, making it easy to interoperate with external testing systems.

Additionally, for many utility appliance vendors, such as water sensors or electricity meters, Radiator can handle the accounting data, which can then be used to integrate with different reporting and management systems. The Radiator team has plenty of experience with interoperability testing from different use cases.

In recent years, Radiator has been an integral component in the Wi-Fi Alliance ® testbed for Wi-Fi authentication certification purposes, which is used by vendors to acquire the Wi-Fi Certified ® certification. Authentication methods included in the testbed are EAP-TLS, EAP-TTLS, EAP-FAST, EAP-PEAP, and EAP-PWD. In other similar test cases, Radiator has been used for testing IMSI privacy encryption, which is supported by Radiator SIM Module.

Would you like to know more?

We are happy to discuss your use case, the different authentication methods, and to suggest suitable configuration and deployment models. We can provide our expertise gathered from using Radiator in different environments such as interoperability testing. For test use cases, we provide flexible licensing options; please contact our sales team at sales(a)radiatorsoftware.com.

In addition, if you would like to know more about the Wi-Fi Alliance ® testbed, we are happy to assist you.

Thursday, January 6, 2022

Radiator Auth.fi: easy and secure Wi-Fi Authentication for your organization

Organizations using Wi-Fi networks need an easy and secure way to provide access to the network, either to their own users or guests. At Radiator Software, we have been working with many use cases around this theme and we wanted to provide a solution where authentication features of Radiator can be used as easily as possible.

For this use, we created Radiator Auth.fi.

Radiator Auth.fi is a RADIUS based Wi-Fi authentication cloud service for network users and guests. It provides an easy way for employees or subcontractors to get self-service network access credentials for WPA2/WPA3 Enterprise secured network. It can also be easily deployed: you do not need new hardware, but only a few changes to the settings of your current network devices.

Radiator Auth.fi can be used globally from different locations. To accomplish this, we have set up a global cloud service that can cover multiple locations, while making sure that the service is GDPR compliant.

In addition, Radiator Auth.fi supports Wi-Fi roaming. If the visited organization and networks are part of the same roaming federation (such as eduroam or govroam) that is supported by the service, and roaming access is permitted, the roaming user’s device signs in to the network automatically and safely. It uses the settings and user credentials that are already stored in the user device.

Would you like to know more?

For more info about Radiator Auth.fi, please contact our sales team at sales(a)radiatorsoftware.com. We are happy to discuss your use case and how Radiator Auth.fi may suit your needs. Commercially, Radiator Auth.fi is based on a flexible, pay-as-you-go subscription model that allows you to scale the use of the service based on your business needs.