Wireless Networking Archive

Wi-Fi Alliance starts certifying tunnel technology for better wireless performance – PC World Australia


Wi-Fi Alliance starts certifying tunnel technology for better wireless performance – WLANs / Wi-Fi, wireless, networking, MediaTek, Marvell Technology Group, Wi-Fi Alliance – PC World Australia

WiFi alliance begins Tunneled Direct Link Setup certification, hopes to improve media streaming | Engadget

My Comments

The Wi-Fi Alliance have released a new certification standard for allowing better wireless performance amongst devices in a wireless-network segment. This standard, known as Tunnelled Direct Link Setup, allows devices that are authenticated with the same access point to transmit data directly to each other.

Allowing direct node-to-node connection after an access point establishes the connection to allow for faster data-transfer performance between clients on a Wi-Fi segment. This would also yield an improved quality-of-service for media streaming or improved latency for real-time gaming.

Not like Wi-Fi Direct where a device that is normally a Wi-Fi client is there to facilitate a network connection. This is more about establishing a direct best-case device-to-device connection rather than a via-access-point connection for a file transfer or media-stream method as a way of improving the data-transfer performance.

When a TDLS link is set up, the devices would form this link at the best abilities available to each other, such as higher speed, quality-of-service, power-saving practices or security compared to what the segment’s access point would offer. Similarly, the access point does not need to be upgraded for this functionality to take place.

The access point would still play its role if the client devices move further afield, thus repeating the data between the client devices. Similarly it would also fulfil network-bridging tasks such as linking to the wired backbone or the Internet service in the case of a Wi-Fi router.

This functionality would be part of newer Wi-Fi-network chipsets that would be deployed in newer computers and similar devices. It would be interesting to see how it works further once more TDLS-enabled devices are in the field.

Send to Kindle

Improvements taking shape for better public wireless Internet access


Wi-Fi Alliance Begins Certification For Automatic Hotspot Connection – SmallNetBuilder

My Comments

The Wi-Fi Alliance are taking proper steps to make the user experience for wireless-hotspot services more user friendly and secure. This is based on the “Passpoint” standard which covers logging in and a secure usage session.

It has been driven by wireless-broadband providers who want to use these hotspots and their wired-broadband backhauls as a data offload in busy areas. One key improvement is to implement WPA-Enterprise security with session-unique security parameters rather than the common WPA-PSK security which uses a common password.

The login experience has also been tackled through the provision of a consistent experience that isn’t depending on a Web-based form. Here, the credentials could be a username/password combination that is presented by the device’s native user interface, or credentials held on the device or in a SIM card.

This may open up hotspot access to headless or limited-display devices like digital cameras, car infotainment systems or handheld games consoles. But a question that could be raised is whether it could be feasible to have a group of devices seen as a logical network that can exist through the hotspot’s space. This issue may play in to setups like multiplayer multi-machine gaming amongst a group of teenagers or young adults in the same cafe or bar.

Another question worth raising about Passpoint is whether a venue is able to have control over its Wi-Fi access? This would be of concern with anyone in the food-beverage-hospitality industry who would rather that patrons who use the venue’s Wi-Fi are the ones who are buying food and drink or renting a room.

This function has also been extended beyond just logging in to the network and Internet service. A Passpoint setup has also had the ability to factor in application-level authentication needs like content access. An example of this application is the in-room movies service offered by nearly every hotel. Here they could allow a person to stream a movie to a tablet or laptop and view this anywhere around the premises such as the lobby lounge.

One risk that I see for Passpoint or any other “easy-setup” standard promoted by the Wi-Fi Alliance is that the same old situation will repeat itself. This is where Apple won’t implement the standard in their products or platforms even though they consider themselves the “super-cool” IT brand. I have seen this for myself with WPS where just about everything except a MacBook Pro or an iPhone will enroll with a Wi-Fi segment using this “push-button” setup routine.

These standards could be implemented not just with an operating system but also in a software form which is based around a program that can be loaded on to a device by its user and that such software is available through device platform’s app store without any need for the device to be jailbroken.

Send to Kindle

Understanding WiFi DIrect

There has been the desire to see IEEE 802.11-based Wi-Fi wireless networking work as one of the many  way of interlinking computer devices without wires.

The standard and preferred practice with this technology is to implement an access point which all data in the wireless-network segment, which is typically connected to an established wired network or the Internet.

But there is a desire to link these devices in a safe and secure way without using a hardware access point or router as an interlinking device. This would lead to a “wireless personal area network” for devices like cameras, printers, network media players and smartphones.

What is Wi-Fi Direct

Kingston Wi-Drive and Android smartphone

The Kingston Wi-Drive in this setting is an example of what Wi-Fi Direct is all about

A Wi-Fi Direct setup requires software in a client device like a computer or smartphone to make it work as an access point using its software. This can be made obvious through a smartphone running a “Wi-Fi tether” mode where it works as a Wi-Fi router using its wireless-broadband service as a WAN.  Similarly, a mobile-NAS device like the Kingston Wi-Drive is effectively supporting this function through the use of its own Wi-Fi access point. Another example is a laptop computer running Inte’s “My Wi-Fi” software to bridge its connection that it has with a public wireless hotspot to an Internet radio in order to allow it to pick up an Internet broadcast stream.

The setup would require that the network be secured using a WPA2-PSK security protocol and is able to be set up using WPS “push-push” or PIN setup methods. They also use UPnP and/or Bonjour to set themselves up for their functionality at higher levels of the protocol stack. This can allow a user to find devices that have particular functions like file transfer, media streaming or printing and is exploited in smartphone applications as a means of rapidly transferring large file clusters.

A Wi-Fi Direct device can host current Wi-Fi-based client devices like most consumer network printers as well as other Wi-Fi Direct devices. As well a cluster of devices hosted by a Wi-Fi Direct device is considered as a Wi-Fi Direct Group. This can represent a one-to-one relationship or a one-to-many relationship with the Wi-Fi Direct.

Some devices like laptops running Intel MyWiFi can be set up to support a concurrent link to a Wi-Fi network such as a home / small-business network or a wireless hotspot while being able to maintain a Wi-Fi Direct cluster.

How to go about using Wi-Fi Direct

Wi-Fi Personal-Area Network concept diagram

If you intend to set up a Wi-Fi Direct group, determine the main computing device that is in the group. This could be a laptop, a tablet or a smartphone that has this functionality. On the other hand, you could use a DLNA-enabled network-attached-storage that supports Wi-Fi Direct as the main device if you are, for example, playing tunes held on the NAS to something like the Sony CMT-MX750Ni music system.

Then enable the Wi-Fi Direct functionality on this device and connect the other devices using WPS or a pre-determined WPA-PSK password key.

The range of this network will be determined by the radio range that the Wi-Fi Direct “master” device can provide; and this may be small for a lot of battery-powered devices like handheld games. Some devices that use a non-Wi-Fi connection like Ethernet or HomePlug may break off this connection if they are working as a Wi-Fi direct “master” device.

Increasing the relevance of Wi-Fi Direct

Wi-Fi Direct can be used in digital cameras as a way of uploading photos to a Wi-Fi NAS or a laptop or simply using a laptop’s Internet connection for providing photos to a social network. It can also work well as an alternative to Bluetooth for printing or media playout; as well as a wireless link to desktop peripherals like keyboards and mice.

The Wi-Fi Direct technology can then come in to its own with local multiplayer multi-machine gaming whether this involves laptops, smartphones, tablets or handheld gaming consoles. A game publisher could write a game to support a multiplayer mode over a local network as well as an online environment. This then allows one to “verse” an opponent in a game wherever they are without it costing money in data charges or dealing with the login requirements that a hotspot may throw at the potential competitors.

Similarly, if a device does support Wi-Fi Direct as well as a wired connection, it could support an “extended-service-set” function so as to cater for environments where there is a problem with Wi-Fi coverage in certain areas.


Once you know what you are doing, you can make Wi-Fi Direct devices work properly for creating “as-needed” Wi-Fi networks for differing applications.

Send to Kindle

WPS-capable access points and multi-access-point networks

Just about every wireless router or access point targeted at the consumer or, in some cases, SOHO/small-business market is equipped with Wi-Fi Protected Setup, commonly known as WPS. The obvious part of this feature is a button on the router that instigates a quick and easy enrolment routine for suitably-equipped wireless network client devices.

Here, you would instigate the WPS setup routine on the client device, which may be as simple as starting Wi-Fi network setup. In all versions of Microsoft Windows since Windows 7, you would have your computer searching for wireless networks through the “Add Wireless Networks” routine.  But you may find that you have to select the target network you want to connect to in newer versions of Windows and click or tap “Connect” where Windows will prompt for the passphrase but will tell you that you can use the WPS button on your router if the network supports this. Then you would press the WPS button which begins to securely transfer the network credentials to the client device. In some cases, if you unpack a new router and plug it in to the wall, you may be determining a new WPA-PSK passkey for that router.

But you may be wondering how this will affect those wireless networks that have two or more access points that have this feature yet are set up to extend a wireless network’s coverage.

Last Saturday, I had an opportunity to set up such a network by repurposing a broadband router with this feature as an access point to extend a wireless network past a corrugated-iron wall to the back of a newly-extended house. Luckily the house was wired for Ethernet as part of the renovation, so the wired backbone of this “extended-service-set” was the Cat5 Ethernet cabling. But most of you may simply use a HomePlug AV powerline network as your backbone for a similar network.

Both the network’s main ADSL modem-router and the broadband router, which was floating around as a spare, were recent-issue units equipped with WPS. They were configured with different channels but the same ESSID, wireless-technology and security parameters and the broadband router was set up as an access point with its DHCP server turned off and itself existing on a fixed IP address that was part of the network.

I had discovered a problem with this broadband router where it reset the wireless-network parameters after a WPS wireless-network-setup cycle. But you need to check that the settings stay by going to “Advanced”, “Wireless Setup” or “WPS” options in your router’s / access point’s management Web page and making sure that options to keep wireless-network settings are selected after you configure the device with your network’s SSID and security parameters.

This means that WPS-equipped access points and routers are capable of working in the “extended-service-set” arrangement. It then means that you can enrol new Wi-Fi client devices like Windows 7 laptops, Android smartphones or Internet radios to your wireless-network segment using that idiot-proof WPS “push-push” method at the nearest access point to where you are setting them up at. Yet the multiple-access-point network still does the job of extending wireless coverage in to the dark spot while allowing you to move the laptop, tablet or smartphone between the access-points’ coverage areas without reconfiguring anything.

Note: I have updated the article originally published on May 2012 to added some extra notes about the WPS setup experience for versions of the Microsoft Windows regular-computer operating system released since this article was originally published.

Send to Kindle

Now DLNA is officially part of the WiFi Direct personal network


WiFi Direct and DLNA get friendly, make streaming media a little bit easier — Engadget

My Comments

Just lately, the media-streaming use case has been brought to the WiFi Direct personal-area network as a competitor to the Bluetooth A2DP / AVRCP media-streaming applications.

There is an important fact that any WiFi-capable DLNA device could be a client device in this network setup as long as the host computer or smartphone is WiFi-Direct capable and running DLNA-compliant media management software. This could mean that your Intel WiDi laptop could be set to play video on that Samsung Smart TV or music on the Sony CMT-MX750Ni without needing to use an established WiFi router or access point.

What I see about WiFi Direct is that it is effectively being run as an alternative to Bluetooth for the personal-area network or standards-based peripheral link. But I am not sure whether it will succeed due to heavy emphasis by industry on the use of Bluetooth for this application and little consumer promotion of WiFi Direct capabilities.

Send to Kindle

Bluetooth Smart–What does it mean for Bluetooth devices

Article – from the horse’s mouth

Bluetooth SIG – "Bluetooth Smart"

My Comments

Bluetooth 4.0 Low Power technology, formerly known as Wibree technology has been put on the market this year. This technology is pitched more for “sensor/controller” devices that primarily provide data to another device; and are required to run for a long time on two AA batteries or a “button-style” battery. Examples of these devices include watches, heart-rate monitors, shoe-attached pedometers, door-window security sensors and the like.

These devices are being marketed as Bluetooth Smart devices and Bluetooth terminals like smartphones and computers that can work with these devices are marketed as Bluetooth Smart Ready devices.

A Bluetooth Smart device like the heart-rate monitor or door security sensor has to be compliant to Bluetooth 4.0 Low Power as a single-mode device and support GATT functionality. These devices cannot work with legacy Bluetooth devices that don’t support this standard.

Bluetooth Smart Ready is used to describe a Bluetooth device, typically a “hub” device like a computer or smartphone that works with these Bluetooth Smart devices. The Bluetooth Smart Ready device must have Bluetooth 4.0 enablement with GATT support. It also has to have a dual-mode low-energy Bluetooth transceiver and updatable software. This would typically benefit regular and mobile/embedded computing devices that work to a “platform” like Windows, MacOS X, iOS or Android. These devices can connect to the Bluetooth Smart devices as well as regular Bluetooth devices.

At the moment Apple has the Smart Ready devices  in the form of the iPhone 4S and the latest iterations of the MacBook AIr and Mac Mini computers. But this technology will be rolled out in to newer computers and Bluetooth modules. The Bluetooth Smart technology will be a point of innovation as companies develop the sensor devices and software for this newer hardware platform.

I would also see this as an improvement for Bluetooth keyboards, mice and controllers due to the idea of having these devices run on a pair of AA batteries that assure reliable operation for a long time without needing to be charged frequently.

It will open up the Bluetooth universe to a larger collection of devices, services and applications that most of us wouldn’t have thought of.

Send to Kindle

My comments on the WiFi “universal range extenders” like the Netgear WN3000RP

Product Page

Netgear WN3000RP

My Comments

There has been some increased Internet publicity about Netgear’s WN3000RP “universal range extender” which is intended to extend Wi-Fi coverage in to a network’s dead spot. Devices like this one are billed as being able to work with any 2.4GHz Wi-Fi network segment such as an ISP-supplied “Internet-network edge” wireless router.

But these devices work in a particular manner that may cause problems with network use. Here, they work as a wireless client bridge to the existing network and set themselves up as a Wi-Fi access point that is its own “extended service set” or Wi-Fi network segment. Most of these devices will typically have an Ethernet connection for use with Ethernet-ended network devices like PCs, network printers or games consoles and work as a Wi-Fi client bridge for these devices.

What can go wrong

Positioning in the wireless network

There is infact a lot that can go wrong in setting up and using these devices. One issue is how the device is positioned in the master wireless segment that is to be extended. You have to locate these devices just off the fringe of that wireless segment in order to avoid unreliable service from the client devices on both network segments. Usually, you would have to keep an eye on two indicator lights – one which shows reception quality relative to the master wireless segment and one which shows the quality of the wireless segment created by the device.

Operation of Wi-Fi client devices

As well, users will need to make sure that their laptop computers, smartphones or other devices point to the SSID associated with the range extender. In the case of the Netgear device that is set up using WPS to the “master segment”, the SSID will be a combination of “master_segment_SSID” + “_EXT”; like “BIGPOND-1234_EXT” for a hypothetical Telstra-supplied Wi-Fi router whose SSID is “BIGPOND-1234”. Of course, the WPA security parameters will be the same as that for the “master segment”. It may also require users to make sure their devices “latch on” to the SSID that is strongest for the area they are in; which may be a problem with laptop computers running some desktop operating systems; or some network devices like some Internet radios.

Bandwidth availability and advanced Wi-Fi setups

Another factor that is also worth considering is that the data bandwidth available in this newly-created segment will be smaller that that available in the master segment due to the device working from a weaker point of the master segment. Of course, never expect these devices to offer advanced network behaviour like client isolation for use with hotspots or support for multi-SSID access points for example. With the latter example, these devices will only work with one of the SSIDs available from these access points.

WPS network setup

A key point of confusion that can occur with Netgear’s wireless range extenders is the way the WPS “push-to-connect” function works. These devices have one WPS button on their control surface, which handles associating with the “master segment” or associating with a client device on its own segment. When you set up the range-extender for the first time with a WPS-enabled access point or router on the master segment, you are meant to press this button on this range extender to start the WPS cycle then press the button on the WPS-enabled access point to complete the process. Then you enroll a WPS-capable client device on this range extender’s segment by starting the WPS-configuration process on that device then pressing the WPS button on this range extender. What can happen is that a person who is enrolling the client device could press the button on the range extender before starting the WPS-setup process on the client and this could make the device assume it is connecting to another master segment rather than enrolling the new client.

What could be done to make these devices better

Firmware that suits multi-function operation

Of course the current firmware with these devices prohibits using them as a “pure” Wi-Fi access point with a wired backbone to the network. This is although they work properly as an access point for the new segment with the Wi-Fi “master segment” as their backbone. Rather, I would prefer that these devices have a “multi-function” firmware in place which allows at least three operation modes: a wireless range extender with one wireless segment as the backbone and another covering the area; a wireless access point with a wired backbone; and a wireless client bridge serving Ethernet-connected devices.

Improved designs could use a hardware switch that selects between the operation modes. This can then lead to a logical foolproof WPS operation mode with the WPS button only used for enrolling client devices in modes other than “Client Bridge” whereupon it would be used to enrol with the master segment. The user would be required to set the unit to “Client Bridge” mode when the want to establish a wireless backbone, then set the unit to “Range Extender” mode for operation as a range extender with a distinct satellite segment.

Improved WPS operation

Similarly, these devices could have improved WPS-button logic such as a “long press” for setup with a master segment and a “short press” for client setup. This can avoid further operation complications due to someone who intends to enrol a client device causing these range extenders to “hunt” for new master segments and affecting access to the network by established devices.

Conclusion and my opinion on these devices

If I was to extend the coverage of a wireless network segment, I wouldn’t necessarily use the wireless backbone method that is encouraged with these devices. Instead I would use access points run off a wired (Ethernet or HomePlug AV) backbone. This would then make sure that there is the full bandwidth available across the coverage of the network

Send to Kindle

With two new standards in the works, we could be approaching the Gigabit wireless network


Understanding gigabit Wireless LAN: 802.11ac and 802.11ad

My comments

What is it all about

At the moment, 802.11n on both the 2.4GHz and 5GHz wavebands is the current link standard for the Wi-Fi wireless network. But the IEEE have decided to work on standards for providing increased-bandwidth wireless networks.

The two standards are 802.11ac, which will primarily work on the 2.4Ghz and 5GHz radio bands and be seen as a migration path from the current 802.11n technology; as well as 802.11ad which works on the 60GHz waveband and has a very short range. The latter technology would be considered best for peer-to-peer applications like short-range wireless backhaul.

Both of these systems will use MIMO (Multiple Input Multiple Output) radio technology; a “front-end diversity” system with multiple transceivers which is what the 802.11n network uses. But this technology will work with at least four “front-ends”; known as “4×4” due to four signals coming in and four going out.

Dedicated bandwidth options

One major benefit that I see with these technologies will provide is dedicated-bandwidth wireless networking which each access point compliant to these standards can do. This is brought on through the use of MU-MIMO (Multi-User Multi-Input Multi-Output) Here, it extends “transmit beamforming” technology which provides improved signal quality in an 802.11n network to allow the access point to provide “switched” Wi-Fi with dedicated bandwidth to stations; similar to the way the typical wired Ethernet network works.

It may be an improvement for network setups with many SSIDs per access point like so-called “guest / hotspot” + “private” networks, shared hotspot access points or many university networks; by allowing full bandwidth to each SSID.

The realities

Of course, the actual throughput that a network link will achieve will typically be less than headline link speed due to overheads associated with the link’s transmission requirements. Here, the average real world maximum throughput will be 867Mbps and the figure may be quoted for first-generation equipment or mature-generation equipment.

How it affects my small network

What will be asked of a small network like a home network would be a 5GHz segment that provides the 802.11ac network.

It may provide for dedicated throughput to client devices like laptops or tablet computers. For those networks that run as dual networks like hotspots or guest networks that share the same wireless router as the private network,the dedicated throughput for each wireless-network segment will be a bonus.

Of course, 2.4GHz will still be used as an 802.11n segment for existing devices and there may be a compatibility mode so that existing 802.11n devices can operate on the same segment.

Other issues

If the 802.11ad technology is to be used as a wireless-backhaul for many 802.11ac access points, there will have to be work on a complementary mesh-network technology. It will then provide a level of fault-tolerance in the wireless backhaul as well as a chance for each station to have and pass on full bandwidth networking. This is something that the IEEE standards body are working on with the 802.11s draft standard.


It therefore shows that when there is a standard in place, there will be a chance to “raise the bar” with the technology that it covers. This will mean that a Wi-Fi wireless network could become close to the goal of a switched Gigabit network.

Send to Kindle

Simplifying login and authentication processes for WiFi hotspots


Wi-Fi body wants hotspots to override 3G • reghardware

From the horse’s mouth

Wi-Fi CERTIFIED™ Hotspot Program to Ease Subscriber Connectivity in Service Provider Wi-Fi® Hotspots  – Press Release

Wi-Fi Alliance Webpage

My comments

One main thrust behind the Wi-Fi Alliance’s new initiative concerning authentication, authorisation and accounting on public hotspots was to permit a wireless-broadband carrier to use Wi-Fi hotspots as a complimentary cellular technology. This is to avoid the need to buy cellular-telephony spectrum in order to increase service capacity and is increasingly necessary as the available radio spectrum becomes increasingly scarce.

Here, a cellular carrier could run their own Wi-Fi hotspot networks like what Telstra is doing or they could form a partnership with a wireless Internet service provider like “The Cloud” in the UK as a way of providing this service. They could then allow for a customer to seamlessly hand over from a 3G network to a Wi-Fi network that supports these credentials.

The way this is going to operate is to use a SIM card in a smartphone to store credentials for Wi-Fi networks. This card is typically controlled by the cellular carrier and may be only used for login credentials that continue the carrier’s partnerships.

A limitation I find with this is that the carrier could implement software locks so that the customer can’t use public networks other than those provided for by the carrier or their partnership. As well, there are other issues that haven’t been looked at properly with this goal for improved authorisation, authentication and accounting on these networks as I list below.

Venue-controlled hotspots

It can also make life difficult for customers who use hotspots provided by venue owners like hotels or cafes. Here, the login experience is typically managed by the hotspot owner and this may require information like a session ID in the case of a hotspot at a bar or cafe, or a room number for a hotel. These may apply for hotspot service where you pay the premises owner for that service or the service is part of the business’s main operation. In some free hotspots, you may have to click on a form to assent to terms and conditions of the service before you continue using the service.

As well, a user could use a hotspot run by an independent wireless hotspot operator and buy their access themselves through a Web-based user interface before using the service.

What I would like to see is support for these kind of hotspots because the user interface that is provided by most of them can become awkward for people who use handheld devices. This is typically because most of these user interfaces are designed for devices like laptops rather than handheld devices.

The improved interfaces could support “app-style” login experiences including “remember-me” login experiences where applicable. Other improvements that could be facilitated include the use of barcodes that are scanned by the phone’s camera to load “session keys” for docket-controlled hotspots or MMS direct-load support for login tokens for “SMS login token” WISPS. It could then lead to a venue-branded experience which some users may find as a “safety net” for their hotspot experience.

As well, a branded experience can be part of a “walled-garden” of sites that a person can visit free of charge or can be a sophisticated experience with such things as an online menu or the ability to order food and drink from your computing device.

Similarly, the idea of “franchising” WISP service to owners of venue-controlled hotspots hasn’t been worked out fully with this technology. Here, a person could have the rights to resell a WISP’s service under varying risk-return models and have the clients associated with that service use their hotspot in exchange for a cut of the costs paid by the clients.

Selective device-cluster creation

It is also a preferred standard to have devices in a public network isolated at lower network levels in order to prevent unwanted peer-to-peer discovery of the devices on these networks. This is typically achieved through functions like “AP isolation” or “Wireless Network isolation” and makes it appear to the devices that they are connecting directly to the Internet privately.

There are situations where a person may want to provide local connectivity between their own devices or devices owned by other users that are in their trust circle. Examples of this include LAN-based gaming over a wireless hotspot network, workgroups sharing data during a cafe meeting; one shifting data between a smartphone and a tablet computer at a coffee lounge or simply uploading pictures from a Wi-Fi-enabled camera to a 13” traveller laptop at their favourite “watering hole”.

Here, the authentication needed for this could be achieved through “same-token” login for devices with integrated Web browsers to entry of MAC addresses or WPS PIN numbers into a “cluster-creation” screen provided by the hotspot gateway. The Wi-Fi Alliance could examine the feasibility of using the new authentication methods as a way of creating selective network clusters across a device-isolated public wireless network.

Authenticating hotspots at the SSID-discovery level

The other question that has not been answered as far as I am concerned is whether there will be a system for authenticating hotspots and public networks in a similar manner to what is done when a user logs on to a banking site for example. This is to verify that the user has discovered a “safe” network before they select that SSID and begin to login to the hotspot.

The data that would be verified would be the MAC addresses of the access points as well as the gateway device’s  IP address and MAC address. This can be used to verify that the user has logged in to a network that is operated by the venue that is providing the hotspot service. For a WISP like “The Cloud” or FON, this may be useful for verifying that users have logged in to the WISP’s network. In this case, this information may pertain to the locally-installed hardware for the WISP.

Here, this could be achieved through a private-key / public-key exchange setup where the successfully verified hotspots could at least be highlighted in a wireless network with a ?key” or green-light icon. If this system does also support the transmission of logo icons, the client device could also show a company logo for that hotspot host.

It can also work as a way of encouraging customers to be sure of where they are surfing the Web through. As well, a business could have a Windows 7 laptop or Blackberry smartphone that supports this kind of verification for public wireless networks to prohibit logging in to public wireless networks that don’t have this kind of verification.

The main issue with this is that independently-run cafes and bars may need to be able to have access to any certification setups at a modest price, preferably through a government business-support agency or their bank.


Once these issues are ironed out concerning the provision of public Wi-Fi Internet service to the hordes of users with notebooks, netbooks, smartphones and tablet computers, then they can use these services to full capability in a secure manner.

Send to Kindle

Feature Article – Basic information about provisioning public Wi-Fi hotspot service


You might be considering setting up that complimentary hotspot for your guests to use but there are certain risks to be aware of concerning the security of your business and your guests’ data and identity.

Risks that have been highlighted include confidential-data and identity theft performed against customers as they work this data from their portable devices; as well as clandestine computer activity like the downloading or serving of illegal content; or the distribution of spam email, performed using computers connected to public Internet networks like wireless hotspots.

As well, there may be other imperatives required of people who provide Internet access to the public. These imperatives, asked for by various local, state / regional or national governments may include requirement like keeping a log of whom you provide Internet access to or requirement for session tracking. Therefore I am not therefore in a position to explain how to satisfy these needs and it is best to seek local advice on this topic.

Therefore, your business should know who is using the hotspot service and be able to make sure that the people who benefit are the business’s customers or guests. This means that the customers or guests are actually going to be operating the network device that they use when connecting to the service and also operate it on your premises. As well, your customers know that they are going to actually benefit from your hotspot service when they log in to this service.

The cafe or bar as a “second office”

This is more important for the cafe as an increasing number of businesspeople use these places as “second offices” where they can work without unnecessary office-borne distraction or as places where they meet their colleagues or business partners. Here, these people will be working on workplace-confidential data and most of these workplaces place high value on the security of this data as it travels between the laptop and the workplace’s main computer systems.

In fact, the reason I have decided to publish this article was because a cafe that I regularly visit in Camberwell (Melbourne, Australia) had just started to offer free public Wi-Fi access but I had wanted them to provide a free Wi-Fi service that is safe for their customers. Here, they had an ordinary wireless router as the Internet service but they needed help in getting this service working properly and safely. They also wanted to make sure that this resource was available just to their customers as part of their customer service.

Your equipment

When you start out with your complimentary-use hotspot service, you may use a wireless router hooked up to a separate Internet service or use one with a “guest-access” or hotspot function and is connected to your common Internet service.

This should be set up to cover your public area such as the bar areas in your bar or the dining room in your cafe. In some situations, you may need to use an additional access point to cover larger areas or get your signal past thick walls. This is something I have covered in this site as a separate article.

As well, if your equipment works on 802.11n technology, it should be set to work in compatibility mode where it can work with 802.11g and 802.11n devices. This is to cater for the fact that most devices that are in circulation, especially smartphones, are likely to work with 802.11g technology and people may operate battery-operated 802,11n-capable devices in 802.11g mode in order to conserve battery runtime.

Dual-band setups

It may be an asset to consider a dual-band setup for your wireless hotspot. This will use a radio presence on the 2.4GHz band as well as the newer 5GHz band and is supported by an increasing number of newer laptops, tablets and smartphones. The new waveband comes in to its own for multimedia applications like video conferencing or photo and video uploads to social media as well as taking some pressure off the 2.4GHz band for legacy equipment to use.

This can be achieved with a router / gateway or access point that implements simultaneous dual-band operation or you can add a 5GHz access point or a dual-band access point set up for 5GHz operation to your existing network.

Here, you need to make sure you still have your network set up for 802.11b/g/n operation for the 2.4GHz band and 802.11n operation for the 5GHz band. If your equipment supports 802.11ac Wi-Fi, you may have to make sure that the 5GHz aspect works in a compatibility mode for both 802.11n and 802.11ac equipment. As for the SSID (Network Name) which is talked about below, you can use the same SSID for both bands and the clients’ computer equipment switches between the bands automatically.

Your SSID or Network Name

The SSID or network name is very important to your hotspot’s identity. Here, it should reflect your business’s name and have a reference to public or guest Wi-Fi service. An example that I used for a basic complimentary-use Wi-Fi hotspot that I set up at a coffee lounge just recently was MORAVIA-PUBLIC-WIFI. Here this reflected the coffee lounge’s name (MORAVIA) as well as stating that the service was a public Wi-Fi hotspot service hosted by this business. Therefore, you can then identify any “evil-twin” or “fake-hotspot” devices left on or near the premises that exist to capture customers’ sensitive data.

This SSID must be used in all signage advertising your hotspot and the signage must reflect your company’s identity. This means that it either has your company logo and name or be in your company’s styling. In this case, the signage about the hotspot should at least exist beside the cash-register and the door, preferably at eye-level or near the main handle or pull.

Hotspot security

Basic security

Your hotspot network should be secured with a WPA-PSK passcode which your staff should give out to customers who want to use hotspot service. As well, the network should have wireless-client isolation enabled, so that customers who are using the hotspot cannot browse on to each others’ computers.

Previously, there wasn’t any wisdom in implementing link security on a public-use wireless network but now that most computers and handheld devices support WPA-based link security for wireless networks, adding this function to WPA-level is still worth it for achieving some control and security in a public-use wireless network.

It is still important to change the WPA-PSK passphrase regularly such as at least twice a month. Some environments may require the passphrase to the changed every week. This is so that it becomes hard to set up a “fake hotspot” using your service’s credentials or keep a computer logged in to the hotspot service without you knowing.

People who use “open-frame” computing devices based on recent versions of Android or Windows may find that this job may be simplified. One method, which works with both the operating systems, is to use WPS push-button setup on consumer routers that are suitably equipped and are serving as dedicated hotspot devices. But another method is to make a QR code representing the SSID and WPA passcode as a machine-readable form and print this out on to a card that you hand to your customer. Then they scan this code with their Android or Windows 10 device with the appropriate reader software.

As well, your hotspot should properly support VPN pass-through for all protocols so that business users can log in to their workplace VPNs  without any headache.

Special hotspot-gateway devices

It may be worth knowing that if you want greater control over your public Internet service, it may be worth implementing a “docket-printer-based” wireless hotspot gateway like the Netcomm HS-1100, Solwise WAS-105R or Zyxel N4100.

Here, these devices direct users to a login page where they have to key in a session login and password that they transcribe from a paper docket that is printed from a docket printer attached to the hotspot gateway. If you intend to offer a paid service, these devices put you in a position to use the payment methods and paths that you use to accept payment for your goods and services.

This is unlike some other hotspot gateway setups that require the potential user to pay another company directly using their credit card or an account maintained by that other company using a payment form hosted by that hotspot. Typically, a lot of these setups are managed in a manner where you don’t have much control over how the service in provided and the service may be provided in a manner not dissimilar to how most vending and amusement machines are provided where you don’t own the equipment, representatives visit the premises to maintain the equipment and you get a small “cut” from the takings.

As well, the session login parameters that your users type in from these dockets exist only for a particular time limit. This is also important for people who run a paid service, but can be useful for managing complimentary service so you can be sure that the people who are using your service are your customers or guests who are in your public areas.

If you do run one of these dedicated hotspot gateway devices, such as a “docket-printer-based” device, the wireless network that these devices operate should still have WPA-PSK security with the passphrase changed regularly. The “docket-based” devices will list the WPA-PSK passphrase on that same docket so your customers can still log in to your hotspot from their device.

Hotspot 2.0 / Wi-Fi Passpoint functionality

Hotspot-gateway devices that supports Hotspot 2.0 or Wi-Fi Passpoint operation, including firmware updates that bring this functionality to existing equipment, is also worth its salt. This provides for improved login experiences including the ability to have your venue described in the list of available Wi-Fi networks when your customers use compatible along with a simplified signup or login procedure. It also supports link-level security between the user’s computer or phone and the access point.

When you enable Hotspot 2.0 or Passpoint functionality on your hotspot gateway device, make sure that your establishment’s details are properly entered when you fill out the setup form for this function. Here, if your users have equipment that supports this technology to the letter, they can identify your establishment in a more qualified manner so they are sure that the Wi-Fi service they are connecting to is the one you are providing at your business.

Of course those of us who use devices that don’t support this functionality can still benefit from Wi-Fi hotspot service on these services as long as “universal” authentication is enabled on the gateway device.

Branding options

If you do implement these devices, make sure that you know how to brand the customer-facing user interfaces.

Most of these devices can allow you to upload a graphic and integrate it in to the login interface or they can allow you to upload customised login screens or point to a Web server for the login interface graphics. The latter option may appeal to you if you have a good hand with creating basic HTML Web pages.

Here, make sure that you have your business name and logo and, if you can do it, set the colour scheme to your business’s colour scheme. As well, make sure that your business name appears on the access dockets that your hotspot gateway prints out.

Power outlets

With a hotspot, always expect that some of your customers will use the power outlets on your premises to power their laptops or smartphones from AC power to avoid compromising battery runtime. This is more so with customers are operating older equipment that has batteries that are “on their last legs” or are working VPN sessions in order to “pick up” files from work and want to be sure this is done properly.

Here, a few double outlets near the tables can work wonders here and if an outlet is used for powering a device like a lamp, the device could be connected to the outlet via a multi-socket power-board with extra outlet space for a few appliances.


Once you know how to choose and set up your public-use wireless network properly, you can make sure that this is a service that your customers and guests will benefit from fully. This may even put your business “on the map” as far as customer-service extras are concerned.


I have done some revisions to this article which was originally published in August 2011 to reflect the arrival of newer technologies like 802.11ac dual-band Wi-Fi wireless technology, Wi-Fi network credentials via QR codes, and Wi-Fi Passpoint technology.

Send to Kindle