SIM-based (EAP-AKA / AKA')
Authenticates mobile subscribers over non-3GPP access using SIM credentials. Implements 3GPP TS 29.273 — SWm and SWx Diameter interfaces. No HSS or IMS core modifications required.
Telecom · Security & Access
OVOO AAA
Carrier-grade Authentication, Authorization & Accounting for mobile and fixed-mobile operators. One platform covering SIM-based, Wi-Fi, and token-based access flows - at Tier-1 scale.
Production-provenFive-nines HAMulti-scenario from day one
In production. At scale. Today.
OVOO AAA is live at a major European Tier-1 operator running Hotspot 2.0 / Citizen Network EAP-AKA authentication at full commercial scale. The same platform handles VoWiFi and Apple Entitlement Server - a single integration effort, multi-scenario coverage from day one.
- • Single integration, multiple use cases active simultaneously
- • No cold standby, no single point of failure
- • Tested deployment automation & rollback procedures
- • Operational at Tier-1 traffic volumes
Authentication protocols
Three auth models on one platform. Use one, two, or all three simultaneously.
RADIUS
Standard AAA for enterprise Wi-Fi and broadband access scenarios. Integrates with operator NAS infrastructure and subscriber databases. Supports both authentication and accounting flows.
OAuth2 / Token-based
Modern token-based auth for API-driven and digital service scenarios. Complements SIM-based flows for hybrid access architectures where both subscriber and device-level auth are required.
Built for the scenarios operators actually run
All use cases share the same platform, the same operational stack, and the same integration point.
VoWiFi
SIM authentication for IMS subscribers registering over Wi-Fi via ePDG. EAP-AKA over SWm, subscriber validation over SWx.
Hotspot 2.0 / Citizen Network
Automatic, password-free Wi-Fi authentication using SIM credentials. Proven at Tier-1 scale in a live operator environment.
Apple Entitlement Server (AES)
SIM-based device service activation between Apple and the operator HSS. No custom integration layer required.
Wi-Fi offload / non-3GPP access
Any EAP-AKA scenario across fixed-mobile convergence or MVNO architectures. Covers the full non-3GPP access path.
Enterprise Wi-Fi
RADIUS-based authentication for corporate and campus networks. Integrates with existing operator NAS and subscriber management.
Broadband access
RADIUS AAA for fixed broadband subscriber management. Accounting and authorization for xDSL, GPON, and cable access scenarios.
Platform that doesn't compromise
Designed for operator-grade reliability from the ground up — not bolted on later.
Up to 1,000 TPS per node, linear scaling
Horizontal scale-out with no architectural ceiling. Designed for simultaneous multi-use-case traffic at Tier-1 volumes.
Achieving five nines availability
Active-active clustering with full session replication. No cold standby, no single point of failure. Supports 2-site and 3-site geo-redundant deployment models.
In-house Diameter stack
Purpose-built, not adapted from a third-party library. Full in-house ownership of transport, failover, and AVP handling — no external vendor on a critical path.
Cloud-native CNF
Kubernetes-native deployment. Compatible with IaaS, CaaS, and bare-metal environments. Works with any telco cloud stack — no vendor lock-in.
Optional LDAP subscriber DB
Synchronous fallback for subscriber attribute lookup and MSISDN resolution. Zero impact on the nominal authentication path.
Observability built-in
JMX KPIs, SNMP alarms, structured logging, and Grafana-compatible metrics. Integrates into your existing operations stack without custom instrumentation.
Technical at a glance
| Interfaces | SWm / SWx (Diameter), RADIUS, OAuth2, optional LDAPs |
| Throughput | Up to 1,000 TPS per node · linear horizontal scaling |
| Redundancy | Active-active clustering · session replication · 2-site and 3-site geo-redundant models |
| Deployment | Kubernetes / CaaS · IaaS · bare metal · any telco cloud |
| Observability | JMX KPIs · SNMP alarms · structured logging · Grafana-compatible metrics |
Evaluating AAA for your network?
We'll deliver a technical architecture session or scoped integration estimate within 5 business days. No commitment — just clarity on what integration actually looks like for your environment.