The Ministry of Communications, Department of Telecommunications (DoT) India has introduced significant new compliance requirements for all ISPs providing WiFi services.

The regulation goes beyond just public hotspots to include residential and business WiFi applications, extending requirements of centralized management, authentication and provisioning by the ISP even for all customers who may have installed WiFi access points within their premises.

The Key requirements outlined are:

• ISP must ensure that all WiFi access points be encrypted & secured. The list of locations includes:
  • Public hotspots including airports, transportation hubs, schools
  • Hotels, restaurants, guest houses, malls & similar locations
  • Business and offices who use leased lines and install their own WiFi Access Points (APs) also need to be secured
  • Residential & Retail customers who install WiFi Access Points also need to be secured or risk suspension of their Internet access
• Service providers must offer central authentication and tracking system to secure all WiFi end points ensuring each subscriber’s access sessions are authorized and tracked.
  • Records of subscriber records need to be kept for minimum 1 year.
  • Records must also include user metrics for full audit trace

• Identity verification of each subscriber is mandatory and must be accomplished in the following ways:
  • Photo identity based verification using well established address proof documents such as PAN, Passport, Driver License;
  • Personal Identification needs to be copied and retained for 1 year;
  • SMS based authentication of each session/subscriber thereby establishing a direct co-relation between a pre-verified mobile phone and a subscriber.

Avoiding Internet DoT License Suspension requires ISPs to:

• Ensure only secure and authorized subscribers are allowed network access at all wireless end points;
• Accurately ascertain network access and retain records of subscriber activity including IP address & location where / when an authorized user accessed a specified Internet resource;
• ISPs must, upon lawful request, enable interception and tracking capabilities for agencies to track unlawful activity.

Many in the industry feel that this new requirement is the direct outcome of the dreadful 26/11 Mumbai Terror Attacks and other incidents where unsecured WiFi access points were used by anti-social elements.

“Inventum offers a comprehensive solution to comply with this new regulation; Indeed a number of our existing customers are already compliant…” said Sachin Mehra, Managing Director of Inventum.

Key solutions which are offered by Inventum:

1. Centralized Authentication & Tracking solutions
2. SMS based authentication & charging solutions
3. Custom software for 802.1x based compliance at each customer PC
4. Lawful interception solutions
5. Bandwidth management & subscriber policy compliance
6. Billing, rating & charging solutions for:
   • ISP/WISP
   • Hotels, Guest Houses, Coffee Shops
   • Telecom Service Providers
   • Corporate and Campus Networks
   • VSAT Providers

The official notification sent out to service providers talks of various issues and provides a deadline for compliance. For further information please contact Inventum sales.