T-Mobile to Bring 802.1X to the Masses

By Eric Griffith

October 13, 2003

The hotspot network of Starbucks, Kinko's and others will be offering 802.1X-based authentication as a free service to any interested subscribers, as T-Mobile continues to shift toward engaging enterprise customers.

T-Mobile Hotspot, the public Wi-Fi arm of Deutsche Telekom AG's T-Mobile USA, plans to address the issue of public access security by introducing 802.1X authentication as standard at all the company's hotspot locations around the United States by next year.

End-users at hotspots are perhaps among the most vulnerable in the world of Wi-Fi. Public access networks usually require security encryption such as wired equivalent privacy (WEP) be turned off. Not to mention that if you have a laptop with File and Printer Sharing turned on, you may be wide open to anyone else in the hotspot venue. This is scary for the user certainly, but mind-numbingly terrifying for the company that user works for -- that laptop may be filled with company information. 802.1X authentication at the hotspots will protect data on the wireless connection between the user and the access point.

Pete Thompson, the director of T-Mobile Hotspots, says the company direction is "very much going after the enterprise space.... there are two decision makers at the enterprise: IT managers and mobile pros. We've traditionally gone after mobile pros, but we'll now go after IT managers who control their equipment and access." T-Mobile claims that 88 percent of hotspot usage at its locations is from mobile professionals.

The company has 802.1X authentication in field testing at select locations and expects to have all of its hotspots equipped with access points supporting 802.1X by the second quarter of 2004.

End-users will need a client that supports 802.1X. For that, T-Mobile is putting most of its faith in Microsoft. The Windows XP operating system has had 802.1X support for a while, but Microsoft on Sunday announced its Wireless Provision Services (WPS) to strengthen 802.1X support by adding the ability to automatically authenticate between an XP client and a Windows Server 2003 system on the backend.

T-Mobile intends to launch client software eventually that will provide 802.1X support for non-XP users, as well as bring in other services. No timetable is available on when that client will be ready. Non-XP users today can use third party 802.1X clients like those from Funk Software. In March of this year, T-Mobile announced that Boingo Wireless is working on software for allowing Wi-Fi and GPRS access through the same user interface. That software is entering its final quality analysis stage.

The biggest stumbling block to this service, or the somewhat similar hosted RADIUS service from Wireless Security Corporation (RADIUS servers are used to store the credentials and data used to authenticate end-users on a wireless or wired network) that can be used by any WISP or Wi-Fi network provider, is that many users may not have hardware with 802.1X support. It's generally only found in enterprise-class products.

The service at T-Mobile is meant as an added value; they will not be charging more to subscribers that wish to use 802.1X. Standard username/password login via the Web browser will remain for those not concerned about data security. Virtual private networks (VPNs) and personal firewalls are also supported options.

T-Mobile's hotspot network is the largest in the United States. T-Mobile currently has 3000 hotspot locations, and expects to have 4000 by the end of this year. Thompson says they're growing by about 30 hotspots a day. This rapid expansion is likely from adding hotspots at Kinko's copy shops. T-Mobile does not allow any roaming onto its network, nor does it have partnerships so subscribers can roam on other hotspot networks. Its plan is to allow roaming at some point, but it has previously said that the holdup is caused by quality of service issues: T-Mobile is known for hotspot locations using a full T1 line for backhaul (a tactic seen by some as far too expensive) and believes any roaming partners should provide the same level of service. Thompson says that another stumbling block is pricing plans/billing methods and synching partner methods with T-Mobile's.

T-Mobile Hotspot was a heavy participant in Intel's One Unwired Day on September 24, 2003, when it let anyone with 802.11-based laptops or PDAs on the network for free. Thompson says usage that day was 15 to 20 percent higher than average, but had no data on how many users that means and what percentage of them converted to subscribers.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.