Prevent Fraudulent Hotspot Deployments: MFA Now Offering MulteFire OSU Server Certificate

By György Wolfner, End-to-End Architecture Working Group Chair

When you’re at your local coffee shop or at the airport waiting for your flight, it’s common to want to connect to an on-premises hotspot configured as a neutral host network (NHN). But how can you be sure that the service you’re connecting to is secure and is being delivered by a trusted service provider?

To assure MulteFire network security in NHNs, the MFA is pleased to announce that MulteFire small cell vendors can now apply for a MulteFire Online Sign-Up (OSU) Server Certificate. The certificate defines legitimate service providers and prevents subscribers from connecting to fraudulent base stations (hotspots) deployed by malicious actors. For MulteFire hotspots to provide data services via an OSU system, vendors must have a MulteFire OSU Server Certificate signed by a MulteFire Trust Root Certificate.

MulteFire technology can be deployed as a private wireless network or as a neutral host network (NHN). In a neutral host environment, small cells are deployed to provide wireless connectivity service to subscribers of various service providers. NHNs can be deployed as special purpose private networks in isolated environments (such as mines, cruise ships, private enterprise, restaurants, hotels), venues or public spaces such as city parks, providing service to subscribers of multiple service providers or enterprises.

MFA Launches Public Key Infrastructure with Trust Root Certificate

 Leveraging the Wi-Fi Alliance’s Hotspot 2.0 Specification, the MFA has defined a system, architecture and specification, referred to as a Public Key Infrastructure (PKI), for using digital certificates to secure MulteFire neutral host hotspot access. To achieve this milestone, the MFA collaborated with Comarch to set up a Trust Root computer vault located at Comarch’s data center in Krakow. To prove that a vendor is legitimate, the vendor can get a MulteFire OSU Server Certificate signed by the Trust Root Certificate stored in Comarch’s data center. This MFA PKI system provides a level of security, confirming that vendors deploying MFA neutral host networks are authorized by the MFA Certificate Authority.

MulteFire OSU Server Certificate Open to Members and Non-Members

Companies deploying the MulteFire hotspots as well as the companies developing the hotspots will need the OSU Server Certificate, meaning that both MFA members and non-members are able to apply. To begin the process, vendors must determine an Authorized Security Representative (ASR). This ASR will provide information and references to the MFA Certificate Authority and request for the certificate to be signed.

Learn More

Those interested in learning more about the MulteFire OSU Server Certificate, Trust Root Certificate and Certificate Authority are encouraged to visit our MulteFire Online Sign Up (OSU) Certificate overview page and FAQ page.

Have questions? To get in touch with the Certificate Authority and begin your application for a MulteFire OSU Server Certificate, please fill out this form.

Visit our Resource page for white papers, presentations and videos that will provide more details on MulteFire deployment scenarios.