This document discusses leveraging existing Wi-Fi assets to provide a consistent home Wi-Fi user experience anywhere. It describes Anyfi.net technology which uses a remote firmware update to turn residential gateways into remote Wi-Fi radio heads, extending the home network over IP tunnels with end-to-end WPA2 security. This allows mobile users to access their home Wi-Fi network seamlessly when away from home without needing any device software or manual sign-on.
1. Leverage your existing Wi-Fi assets to provide
the home Wi-Fi user experience anywhere
Anyfi.net technology is patent pending in all jurisdictions under the Patent Cooperation Treaty. Anyfi.net is a registered trademark of Anyfi Networks AB. All other trademarks belong to their respective owners.
2. The home Wi-Fi user experience
It just works – and it’s secure
5. Anyfi.net – A remote firmware update
We work with your RG vendor to integrate s/w and assure quality
Supports all major RG platforms
Quality proven in the field
Zero CapEx deployment
6. Anyfi.net – A remote firmware update
Turns RG into a remote Wi-Fi radio head
Control
plane
End-to-end WPA2 security over
Wi-Fi over IP tunnels both air and backhaul
Cryptographic separation
between subscribers
Encryption keys not in RG
Advanced radio management
PATENT PENDING
7. The home Wi-Fi user experience
Registration for mobile service is transparent to user
Operator
core network
PATENT PENDING
8. Anyfi.net Simple™
No device software – no registration – no manual sign-on
Operator
core network
PATENT PENDING
Our reference is the home Wi-Fi user experience: you enter a passphrase once and from then on connection is automatic and completely secure.
With Anyfi.net Simple you can provide that exact same user experience anywhere. There are no sign-on portals or extra software to install on the device. Your subscribers won’t even have to change any settings. We call it ZERO sign-on because it just works.
So lets say I’m visiting friend. My laptop, the white one to the left, will automatically connect to my home Wi-Fi network using the spare capacity of my friend’s broadband. Notice however that my friend’s laptop, the black one to the right, will not detect my network. This is because with Anyfi.net technology each device sees only the networks that are relevant to them.
Many fixed-line operators have hundreds of thousands or even millions of Wi-Fi equipped residential gateways. Anyfi.net software allows them to leverage these as a radio access network, license exempt and Wi-Fi compatible. Deployment is a simple zero CapEx remote firmware update.
Anyfi.net software is designed to protect the user experience of the residential subscriber, while also letting the residential gateway be used as a remote radio head. Unlike other architectures Anyfi.net software integrates closely with the radio and allows secure distribution of mobile Wi-Fi services. The WPA2 security mechanism that normally only protects data over the air is extended over the backhaul, through a Wi-Fi over IP tunnel, providing end-to-end encryption for each subscriber. There is no need for any additional software in the device – it’s all standard Wi-Fi from the device point of view. Advanced spectrum-aware traffic prioritization and radio resource management ensures that the user experience of the fixed-line subscriber is not affected in any way, and that mobile devices are only connected if the quality of service will be sufficient.
Anyfi.net Simple lets a fixed-line operator provide the home Wi-Fi user experience outside the home. We call this solution Simple because it’s so simple to use. The first time a new device is connected to the local Wi-Fi network Anyfi.net software in the residential gateway sends a registration message to the Anyfi.net matchmaking service. This message contains the MAC address of the device but absolutely not any personal or security sensitive information. The registration process is automatic and completely invisible for the end-subscriber.
Whenever the device comes close to another residential gateway the embedded Anyfi.net software will detect its presence and send a request to the matchmaking service. The matchmaking service responds with the IP address of the subscriber’s home gateway. The matchmaking service also sends an introduction message to the subscriber’s home gateway to let it the embedded Anyfi.net tunnel termination software prepare for an incoming Wi-Fi over IP connection.
Once a direct Wi-Fi over IP connection is established between the local access point and the subscriber’s home gateway the device detects the presence of its preferred home Wi-Fi network and connects automatically. The standard WPA 4-way handshake is used to authenticate the device. No software is required on the device side; from the device point of view it is standard Wi-Fi. But what the device doesn’t see is that the Wi-Fi encryption is not terminated in the local access point. The local access point doesn’t even have the encryption keys. Instead the encrypted Wi-Fi frames are tunneled back to the subscriber’s own home gateway where they are unencrypted. This ensures end-to-end data privacy and integrity even if the local access point is untrustworthy. We call it ZERO sign-on because there is absolutely nothing your subscribers have to do to enable the service; it just works.