iPass Glossary

The Glossary is a list of terms frequently used in the iPass context.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9


AAA (Authentication, Authorization, Accounting) Server

A server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services. The AAA server typically interacts with network access and gateway servers and with databases and directories containing user information.

Access Gateway

A network element used by Hotspot Operators to provide an entrance point to the Internet.

Access Point

In iPass terms, a local network connection point. An access point can be any of several types: wired broadband, dial-up, or Wi-Fi.

Access Provider

Companies that provide network connectivity including dial-up, ISDN, PHS, wired broadband, Mobile Broadband, and Wi-Fi services.

ACS (Cisco Access Control System)

Cisco's AAA service, typically used with TACACS+ or RADIUS.


For Open Mobile on handheld devices: this feature enables companies to distribute a profile-free copy of Open Mobile. Users activating Open Mobile enter a profile ID and, optionally, a PIN. The process of activation downloads and installs the profile settings, enabling full Open Mobile function ality.

Ad-Hoc Mode

An 802.11 Networking framework in which devices or stations communicate directly with each other, without the use of an access point (AP). Ad-hoc mode is also referred to as peer-to-peer mode or an Independent Basic Service Set (IBSS). Ad-hoc mode is useful for establishing a network where wireless infrastructure does not exist or where services are not required.

Airplane Mode

On Wi-Fi and Mobile Broadband capable devices, entering Airplane Mode will disable all broadcasting radios or other services that can interfere with airplane operation. However, normal, non-broadcast operations and apps are not affected. Also known as Flight Mode.


In Mac OS X, the Wi-Fi connection manager.

All-Cities Number

A dial-up or ISDN PoP that represents a local call from any location within a country. An All-Cities Number effectively provides local coverage anywhere within that country.


The Amion (“Am I On?”) test in Open Mobile checks to see if the user is connected to the Internet. The request is made to a set of iPass ‘sniff’ servers at an iPass URL, but enterprises can substitute a custom URL if desired.


The process of verifying the identity of a user. Authentication protocols supported by iPass include RADIUS, TACACS+, Unix Passwords, NT Domains, Active Directory and LDAP.


The process of granting privileges to a legitimate user.

Automatic Phonebook Updates

In iPassConnect, users always have the most current Phonebook because the client automatically checks for updates upon each successful connection. iPass adds access points as more providers are added to the Network and periodically deletes access points as a part of the proactive network quality management program.

Automatic Software Updating

iPass releases new versions of Open Mobile and iPassConnect software at regular intervals. Each application will automatically receive program upgrades and can be designed to receive configuration file updates, freeing administrators from having to deploy new software versions.


The ability for Open Mobile (or iPassConnect) to automatically connect to a network without any user interaction.


In iOS, the ability to login automatically into a network without any user interaction.


After successful iPass authentication, and directory and configuration updates, Open Mobile and iPassConnect will give the user 60 seconds to successfully connect to the VPN. If the user does not successfully connect to the VPN within 60 seconds, the client application will disconnect the user from the Internet. Furthermore, if the user does connect to the VPN and then disconnects the VPN during the connection (without manually disconnecting), the client will terminate the Internet connection. In order to use this feature, the customer must also have an integrated auto-launched VPN.

Available Networks

In Open Mobile, the list of networks that have been detected by the connection manager and presented to the user.

Back to Top



The amount of transmission capacity that is available on a network at any point in time.

Bearer Type

In Open Mobile, bearer types are defined as the supported technology types of a SIM card (for example, between 2G, 3G and 4G).

Bits Per Second (bps)

A measurement of data transmission speed over communication lines, measured in bits. Bits measured may be sent or received. Also, Kbps: kilobits per second and Mbps: megabits per second. Do not confuse with Bytes per second (Bps).

Bytes Per Second (Bps)

A measurement of data transmission speed over communication lines, measured in bytes, where each byte is 8 bits. Bytes measured may be sent or received. Also, KBps: kilobytes per second and MBps: megabytes per second. Do not confuse with bits per second (bps).


A technology specification for linking wireless devices for short-range transmission of voice and data across a global radio frequency band. Bluetooth is a frequency-hopping technology in the 2.4 GHz frequency spectrum, with a range of 30 feet.


A product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, wireless, Ethernet or token ring). Wireless bridges are commonly used to link buildings in campuses.


Open Mobile and iPassConnect feature permitting customization of the UI, installation files, and other aspects of the application.


A term used for high bandwidth end user-oriented network connections and defined in relation to narrowband dial services (up to 64kbps) and mid-band services (typically 64-200kbs). There is no precise definition but a service offering throughput of 384kbps and above would generally be accepted as a broadband service.

Browser Login

In Open Mobile and iPassConnect, this feature launches a custom browser for a user to authenticate against a walled garden network.

Back to Top


Cable Modem

A kind of converter used to connect a computer to a cable TV service that provides Internet access. Most cable modems have an Ethernet out-cable that then attaches to the user's Wi-Fi gateway.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)

A type of challenge-response test used in computing an attempt to ensure that the response is generated by a person. The most common type of CAPTCHA requires the user to type letters or digits that appears on the screen, and such tests are commonly used to prevent unwanted Internet bots from accessing websites.


A Carrier is a telephone or other company that sells or rents telecommunication transmission services.


In iPassConnect, a customized iPass network directory. Customization is based on a list of customer-determined parameters, such as whether to show or hide access point pricing, or adding corporate RAS access points

CDRs (Connection Detail Records)

A detailed listing of all user connections to iPass networks, which helps organizations recognize usage patterns and handle internal accounting. CDRs detail each originating location, destination, date, time, access method, and length of connection. CDRs are generated at the end of the connection session.

Certificate Authority (CA)

A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity.

CHAP (Challenge Handshake Authentication Protocol)

A password-less AAA protocol which compares a hashed user’s password to verify each side holds the correct password. After the link is made, the server sends a challenge message to the connection requestor. The requestor responds with a value obtained by using a one-way hash function. The server checks the response by comparing it its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection is usually terminated. At any time, the server can request the connected party to send a new challenge message. Because CHAP identifiers are changed frequently and because authentication can be requested by the server at any time, CHAP provides more security than PAP.


An application for connecting to a server or network. In iPass usage, specifically, Open Mobile or its predecessor, iPassConnect.

CND (Corporate Network Detection)

A feature of Open Mobile for Windows that enables the determination of whether the user is connected to a corporate network. A variety of tests may be configured to make this determination.

Conflict Detection

This feature is used to detect and resolve conflicts between Open Mobile for Windows and third party applications (for example, as between Open Mobile and the Intel Proset Wi-Fi supplicant).

Connection History

Connection history shows a detailed info about the history of connections made. It shows the amount of data sent, received, name of the network and start and end times for each connection This options is available under Options»Usage


Information used to authenticate a user. Can be a combination of username, password, domain, and other attributes.

Back to Top



A control panel in the Open Mobile Portal that displays information content about the operation of mobile office services.


An Open Mobile component responsible for the collection and transmission of SQM data.

DMZ (Demilitarized Zone)

An area outside the corporate firewall with lower security (greater access and ease of use) than inside the firewall, but greater security than being directly on the Internet. Typically found near the company’s web server.

DHCP (Dynamic Host Configuration Protocol)

A protocol that enables a server to dynamically assign IP addresses from a predefined list and limit their time of use so that they can be reassigned.


The establishment of a data service over a telephony network by negotiation with a POP accessed via a telephone number. Most commonly associated with analog dial over Plain Old Telephone Service (POTS), the term dial-up also covers access over Basic Rate ISDN (BRI) lines, 2G mobile data networks and the use of the 2.5G HSCSD mobile data service.

Digital Certificate

An electronic passport that establishes your credentials when doing business or other transactions on the Web. Certificates are issued by a certification authority and contain your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

DNS (Domain Name Service)

A program that translates URLs to IP addresses by accessing a database maintained on a collection of Internet servers. The program works behind the scenes to facilitate surfing the Web with alpha versus numeric addresses. A DNS server converts a name like mywebsite.com to a series of numbers like Every website has its own specific IP address on the Internet. A hierarchical methodology for mapping Internet numbers to names.

DSL (Digital Subscriber Line)

Various technology protocols for the provision of broadband data, voice or video transmission over ordinary twisted-pair copper POTS (Plain Old Telephone Service) telephone wires using sophisticated modulation schemes operating at high frequencies that can be filtered and separated from simultaneous voice activity.

Back to Top


EAP (Extensible Authentication Protocol)

An open authentication framework which does not mandate any particular authentication method. It was designed to supplement PPP and sits inside of PPP's authentication protocol to provide a generalized framework for many authentication methods. EAP is intended to eliminate compatibility issues associated with the of multiple authentication systems through negotiation of the most secure method acceptable to both parties.

EAP-MD5 (EAP with MD5)

EAP-MD5 is functionally similar to CHAP and should only be used over links where eavesdropping is unlikely. Because WLAN sniffing is rather easy, EAP-MD5 is inappropriate for use over Wi-Fi.


The latest revision of Microsofts CHAP authentication method formatted for EAP.


A version of EAP that sends messages that convey the shared key information critical for wireless security.


An EAP Authentication Method for SIM-based authentication between a device and a carriers user registry over SS7.

EAP-TLS (EAP – Transport Layer Security)

EAP-TLS uses the Transport Layer Security (TLS) protocol to create an encrypted channel for negotiation and mutual authentication a client and server using digital certificates. TLS (the standard version of SSL) provides confidentiality and integrity, so using EAP-TLS over Wi-Fi is safe.

EAP-TTLS (EAP - Tunneled Transport Layer Security)

Extends EAP-TLS authentication negotiation by using the secure connection established by the TLS handshake to exchange additional information between client and server. It allows legacy password-based authentication protocols to be used against existing authentication databases, while protecting the security of these legacy protocols against eavesdropping, man-in-the-middle and other cryptographic attacks.


A type of wired broadband network access. , An Ethernet LAN typically uses twisted pair wires and RJ45 terminations but can also be operated on other media such as co-axial cable. Data rates are 10Mbps, 100Mbps (Fast Ethernet) and 1000Mbps (Gigabit Ethernet).


An iPass offering that supplies hosted authentication. ExpressConnect customers do not need to install a RoamServer on their network; instead, RoamServer functions are performed by the hosted RoamServer.

Event Actions

A feature in Open Mobile for Windows, enabling the triggering of automatic system events after specified steps of the connection sequence. For example, an event such as the launching of a Web browser could be triggered by the completion of the connection sequence.

Back to Top


Fast Track

AniPass online customized implementation process intended to ensure a successful installation of the iPass service.


A system that secures a network and prevents access by unauthorized users. Firewalls can be software, hardware, or a combination of both. Firewalls can allow or deny access to networks according to set of rules which might include limitations by user, port (service), source address/network, destination address/network, or client hardware.

Flight Mode

Forced Autoconnect

A feature of Open Mobile for Android intended to reduce Mobile Broadband expenditures. If the feature is in effect, where possible, a 3G connection on 3G is transferred to a less-expensive, local Wi-Fi connection.


Term for a toll-free call in Western Europe.

Frequency Band Selection

In Open Mobile for Windows, enables the user to select the radio band associated with a network.

Back to Top



A network point that acts as an entrance to another network. In the wireless world, a gateway is an access point with additional software capabilities such as providing NAT and DHCP. Gateways may also provide VPN support, roaming, firewalls, and various levels of security.

Global Broadband Roaming

The ability for users to access a broadband connection to the Internet in public locations such as airports, hotels, and convention centers.

GSM (Global System for Mobile Communications)

An international standard for cellular voice networks.

Graceful Disconnect

Can be used when a user is logged into iPass and a VPN. When the user disconnects from iPass, Open Mobile or iPassConnect will send a command to the VPN client allowing the VPN client to automatically disconnect first.

Back to Top


Hot Plugout

The act of unplugging a device (such as a Mobile Broadband card) without safely ejecting the device first; For example, physically removing the device in the middle of a connection. Unexpected results may occur if hot plugout is performed on a device that does not support it.

Hot Plugin

The action of plugging in a device (such as a Mobile Broadband card) after Open Mobile has been launched.


A place where an end user can access broadband Wi-Fi services on demand. This can be for free or for a fee. Hotspots can be inside a coffee shop, airport lounge, train station, convention center, hotel or any other public meeting area. Corporations and campuses are also implementing Hotspots to provide wireless Internet access to their visitors and guests.

Hotspot Finder

A feature of Open Mobile that enables the quick location of local Wi-Fi hotspots. iPass also maintained a web-based Hotspot Finder at URL.

Hotspot Operator

An entity that operates one or more Wi-Fi public access networks providing user access to the Internet.

Back to Top


IAS (Internet Authentication Service)

Microsoft's RADIUS server implementation.

In Progress

Version of the profile that is still being edited (work in progress).

Infrastructure Mode

A client setting providing connectivity to an AP. As compared to Ad-Hoc mode, whereby PCs communicate directly with each other, clients set in Infrastructure Mode all pass data through a central AP. The AP not only mediates wireless network traffic in the immediate neighborhood, but also provides communication with the wired network. See Ad-Hoc and AP.

Inherited Connection

A connection not initiated by Open Mobile or iPassConnect, but managed by them.

Inner/Outer Identity

The tunneled EAP methods such as EAP-TTLS and PEAP support a concept called identity hiding. Authentication between the supplicant and authentication server takes place in two phases. In the first phase, the supplicant presents an outer user identity, in response to which the authentication server establishes an encrypted tunnel. This outer identity is often an anonymous user. The supplicant then presents the true user name as the inner identity used by the authentication method transported through the tunnel. Because the encrypted tunnel has its endpoints at the supplicant and the authentication server, the users true identity is hidden from the access point. Only the outer identity is visible to the access point.


Communication or cooperation between Open Mobile or iPassConnect and third-party software, such as a VPN client.

intelligent Online Quality (iOQ)

A service offered by iPass that provides help desks a comprehensive, web-based view of their users roaming connections. This tool is available to troubleshoot connections, track employee remote access usage and monitor network quality.

Internet Protocol (IP)

Is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.

Internet Protocol Security (IPSEC)

A standard for VPN services over the Internet. It provides standards for authenticating traffic and encrypting traffic.

Internet Service Provider (ISP)

An organization that provides access to the Internet.

IP Address

A 32-bit number that identifies each sender or receiver of information that is sent across the Internet. An IP address has two parts: an identifier of a particular network on the Internet and an identifier of the particular device (which can be a server or a workstation) within that network.

iPass Clearinghouse

iPass Inflight

A service available on many domestic and international airlines. The service provides Wi-Fi access to through a Wi-Fi hotspot on the aircraft.

iPass NetServer

iPass proprietary software that performs two primary functions. On the front end, it sorts all requests and identifies iPass users. The back end function routes all iPass users to the iPass Transaction Center. The iPass NetServer is installed on the provider’s network.

iPass RoamServer

iPass application that links a customer’s network to the iPass Network. RoamServer serves as a secure relay between the enterprise authentication database and the iPass Transaction Centers. The RoamServer is installed on the customer network, or can be hosted by iPass or an iPass partner.

iPass Settlement System

iPass system of recording transactions and supplying invoices for services to customers.

iPass VPN Solutions Center

iPass maintains a solutions center at Headquarters for testing and showcasing the interoperability of iPass remote access service with leading VPN products.


iPass software that enables users to access the Internet through local access points.

ISDN (Integrated Services Digital Network)

A type of broadband Internet connection that provides digital service from the customer's premises to the dial-up telephone network. ISDN uses standard POTS copper wiring to deliver voice, data or video.

iSEEL (iPass Secure End-to-End Encrypted Login)

Security feature of the iPass network that uses public key cryptography to protect passwords. The password is only decrypted when it reaches the Transaction Center. This encryption of the password is done in an attempt to thwart an eavesdropper who records the message. Transmission of the user name and password are further protected with SSL from the NetServer to the RoamServer through the Transaction Centers.

Back to Top


No terms.

Back to Top


No terms.

Back to Top


LAN (Local Area Network)

A communications network that serves users within a defined geographical area. The benefits include the sharing of Internet access, files and equipment like printers and storage devices.

Lightweight Directory Access Protocol (LDAP)

A type of protocol used for authentication.

Lightweight Extensible Authentication Protocol (LEAP)

Cisco's version of EAP.

Log Viewer

A feature of Open Mobile that collects and displays user connection logs for troubleshooting purposes.

Back to Top


MAC (Media Access Control) Address

A hardware address that identifies each node of a network. A device’s hard-coded MAC address is unique to the device.

Mobile Broadband

Blanket term used for broadband data technologies, generally widely available over a large geographic area. Mobile Broadband includes 2G, 3G, and 4G technologies.

  • 2G includes GSM, GPRS, CDMA, and 1xRTT, also known as CDMA2000 or EDGE.
  • 3G includes 1xEV-DO, 1xEV-DV, HSPA/HSDPA/HSUPA/HSOPA, and UMTS.
  • 4G includes WiMAX and LTE.

Mobile Broadband Card

A device for enabling Mobile Broadband connections. Typically in the form of a PCMCIA card.

Back to Top


NAS (Network Access Server)

Also called a RAS (Remote Access Server). A device which controls access to network resources via a AAA mechanism.

NAT (Network Address Translation)

Conversion of IP addresses used on one network to those of another network. Generally used in firewalls to hide internal addresses from the Internet.

Network Access Identifier (NAI)

A string which identifies an end user and provides sufficient information to enable routing of authentication credentials when roaming.

Network Directory

In Open Mobile, a collection of access points or networks to which a user can connect. Network directories can be chosen,configured , and included in Open Mobile based on customer access needs.

Back to Top


OCR (On-Campus Roaming)

A feature of Open Mobile that enables connection to a local campus network through an 802.1x connection, such as at a corporate campus. The user can stay connected to the network even when roaming the campus without having to reconnect at each location.


Free Wi-Fi access points included in the iPass network. Use of an OpenAccess hotspot does not incur any cost to the user.

Open Mobile

iPass software that enables users to access the Internet through a worldwide network of local access points. Open Mobile is available for Windows, Mac OS X, Android, and iOS platforms.

Open Mobile Portal

The Open Mobile Portal is a Web-based solution for the management of Open Mobile accounts, profiles, and clients. The Portal also includes reports on Open Mobile usage.

Open Mobile Express

An iPass service intended for individual consumers. Customers with the service gain access to the iPass network. Billing is performed on the individual’s credit card.

Outer Identity

The tunneled EAP methods such as EAP-TTLS and PEAP support a concept called identity hiding. Authentication between the supplicant and authentication server takes place in two phases. In the first phase, the supplicant presents an outer user identity, in response to which the authentication server establishes an encrypted tunnel. This outer identity is often an anonymous user. The supplicant then presents the true user name as the inner identity used by the authentication method transported through the tunnel. Because the encrypted tunnel has its endpoints at the supplicant and the authentication server, the users true identity is hidden from the access point. Only the outer identity is visible to the access point.

Back to Top


PAP (Password Authentication Protocol)

A simple authentication protocol that requires users to enter a password before accessing a secure system. The username and password are sent over the network to a server, where they are compared with a database of user account names and passwords. Some authentication systems will fall back to PAP if no better authentication scheme is available. CHAP (Challenge Handshake Authentication Protocol) is an alternative protocol that avoids sending passwords in any form over the wire by using a challenge/response technique.


A string of characters used to determine that a computer user requesting access to a computer system is really that particular user.

Password Authentication Protocol (PAP)

A process used by PPP server to validate a connection request in which the password is sent unencrypted.

PEAP (Protected Extensible Authentication Protocol)

An EAP method which protects the authentication method via SSL. PEAP authenticates wireless LAN clients using only server-side digitial certificates by creating an encrypted SSL/TLS tunnel between the client and the authentication server. The tunnel then protects the subsequent user authentication exchange.

Personal Firewall

A software application used to protect a single Internet-connected computer from intrusion. Personal firewall protection is especially useful for users with always-on connections.

PHS (Personal Handyphone System)

A popular mobile phone service that relies on numerous small relay stations. Allowing high-speed data communications at 64 Kbps, PHS provides a comfortable mobile computing environment in which subscribers can use small, high-performance terminals and laptops. Terminals also function as wireless extension handsets for home and office phones.


In iPassConnect, a directory of local access points. These may be dial-up, Wi-Fi, Ethernet, or other types of connection.

PIN (Personal Identification Number)

On handheld devices, Open Mobile activation is secured with a PIN. The user must enter the PIN in order to activate and use the application.

POP (Point of Presence)

A dial-up (telephone) network access point.

PPTP (Point-to-Point Tunneling Protocol)

Microsoft protocol used to create a Virtual Private Network (VPN).

PPP (Point to Point Protocol)

A link-layer protocol used for controlled interconnecting of data links. Most commonly used for dial-up Internet access, to transmit IP packets between a client workstation and a provider.


A collection of settings and other data that determine the behavior of Open Mobile. Customers can have any number of distinct profiles to address the needs of different user bases. Profiles are created and maintained on the Open Mobile Portal.

Profile ID

A numeric identifier assigned to each Open Mobile profile. The Profile ID is used on handheld devices to activate Open Mobile.

Profile Finder

A feature of Open Mobile for handheld devices, enabling the use of profile IDs across platforms for activation purposes. If the user has a valid profile ID for any platform, that ID can be used on a handheld to activate Open Mobile. For example, a user has Open Mobile installed on her Windows laptop. Her Open Mobile installation has a profile ID assigned. Later, she wishes to install Open Mobile on her Android device. After downloading it from the Google Play store, she enters her Windows Profile ID. Open Mobile for Android then connects to the Internet, finds the default Open Mobile for Android profile for her enterprise, and installs it on her Android device.

Profile Template

A profile with pre-configured settings, which can be used as the basis of creating other profiles.

Proxy Server

Used in larger companies and organizations to improve network operations and security, a proxy server is able to prevent direct communication between two or more networks. The proxy server forwards allowable data requests to remote servers or responds to data requests directly from stored remote server data.

Public Key Infrastructure (PKI)

A method of authentication that avoids key distribution and management issues by using a private/public key pair. Used primarily to authenticate users and encrypt traffic.


If the wrong PIN is entered for a PIN-enabled SIM card too many times, the card will be locked to the user. If so, a PIN Unblocking Key (PUK) must be entered to re-enable the card.

Back to Top


No terms.

Back to Top


RADIUS (Remote Authentication Dial-In User Service)

A client/server protocol and software that enables remote access servers to communicate with a central server to authenticate remote users and authorize their access to the requested system or service.


Remote Access Server, also called a NAS. A device which controls access to network resources via a AAA mechanism.

Residential Gateway

A wireless device that connects multiple PCs, peripherals and the Internet on a home network. Most Wi-Fi residential gateways provide DHCP and NAT as well.


Standard connectors used in Ethernet networks. Looks similar to standard RJ-11 telephone connectors, but RJ-45 connectors can have up to eight wires, whereas telephone connectors have only four.


Moving seamlessly from one wireless access coverage area to another with no loss in connectivity.


Defines a user’s access level to the Open Mobile Portal. Each role defines the privileges and resultant access to specific functions of the Portal.


A device that connects two networks and directs network traffic towards its destination by selecting the optimal path at any given time.

Run-Once Packaging (ROP)

Feature of Open Mobile for Windows that enables administrators to create a downloadable package for end users, to deliver third-party software components or upgrades to device drivers and firmware.

Back to Top



A computer that provides its resources to other computers and devices on a network. These include print servers, Internet servers and data servers. A server can also be combined with a hub or router.

SIM (Subscriber Information Module)

A cellphone’s SIM card stores the user’s account information, network access settings, phone number and other user data. Access to SIM data is readily secured through a Personal Identification Number (PIN).

SLA (Service Level Agreement)

An agreement between the service provider and the customer regarding the service provider’s network performance. SLAs guarantee the customer that certain levels of service will be met or some remedy (such as financial credit) is due.

SQM (Service Quality Management)

Connection data generated by connections (either attempted or successful) made in Open Mobile or iPassConnect. This connection data is used to monitor iPass network quality, and report on usage patterns. SQM data is expressed in Open Mobile Reports (or, for iPassConnect, the iOQ tool).

SSID (Service Set Identifier)

The designation of a local Wi-Fi network. Also known as network name.

SMS (Simple Messaging Service)

A service for sending simple text messages to a mobile device. Open Mobile for Windows supports SMS messaging.

Solution Partner (SP)

A reseller of iPass services.

SSL (Secure Socket Layer)

Commonly used encryption scheme used by many online retail and banking sites to protect the financial integrity of transactions. When an SSL session begins, the server sends its public key to the browser. The browser then sends a randomly generated secret key back to the server in order to have a secret key exchange for that session.

Subnet or Subnetwork

Found in larger networks, these smaller networks are used to simplify addressing between numerous computers. Subnets connect to the central network through a router, hub or gateway. Each individual wireless LAN will probably use the same subnet for all the local computers it communicates with.


An 802.1x-enabled access client requesting access from the authenticator.

Back to Top


TACACS+ (Terminal Access Controller Access Control System)

A type of authentication protocol.


The use of remote communication, such as Internet access, to work outside the traditional office or workplace, usually at home or in a mobile situation.

TKIP (Temporal Key Integrity Protocol)

Part of the IEEE 802.11i encryption standard for wireless LANs. TKIP is the next generation of WEP, the Wired Equivalency Protocol, which is used to secure 802.11 wireless LANs. It rotates the post-connection WEP keys to maintain over-the-air security and also includes message integrity checking and a re-keying mechanism, thus fixing the flaws of WEP. By rotating the post-connection WEP keys wireless security can be maintained.

Token Card (Authentication Token))

Also known as one-time pad. Used to generate values for one-time password systems.

Toll-Free Number

A dial-up or ISDN access point in which all calling charges are included in the hourly rate the customer pays to iPass to use the access point.

Transaction Center

An iPass facility that provides a security checkpoint for an access request. It generates all accounting and billing records for iPass customer connections.

TTLS (Tunneled Transport Layer Security)

An EAP method which protects the authentication method using SSL. TTLS combines network-based certificates with other authentication such as tokens or passwords. TTLS offers strong mutual authentication without having to distribute and manage certificates for all your users. It allows legacy password-based authentication protocols to be used against existing authentication databases, while protecting the security of these legacy protocols against eavesdropping, man-in-the-middle and other cryptographic attacks. Also known as EAP-TTLS.

Back to Top


URA (Unauthorized Roaming Activity)

Connection activity which is not authorized; for example, records of customers connecting in countries to which they have not traveled. iPass makes regular reports on URA to customers to help prevent unauthorized activity.

Usage Alerts

Open Mobile can send data usage alerts when the user is close to reaching the monthly cellular data limit

User Settings

A dialog in Open Mobile and iPassConnect, permitting the user to enter and save login credentials.

USID (Unique Session Identifier)

Identifier assigned to each connection attempt for tracking purposes. By default, when iPass clients originate authentication, they affix an unique session ID string as a prefix to the username. When such authentications pass through the iPass Transaction Center, these USIDs are recorded and stripped before being dispatched to the authenticating user's company AAA or RoamServer.

Back to Top



A location, such as a hotel or coffee shop, where iPass service is provided.

Virtual Network Operator (VNO)

iPass is the world’s largest virtual network operator.

VPN (Virtual Private Network)

A private, secure network created through a combination of tunneling, encryption, authentication, and access control technologies.

VoIP (Voice Over IP)

Voice transmission using Internet Protocol to create digital packets distributed over the Internet.

Back to Top


Walled Garden

A local browsing environment which an end user can access without being authenticated.

WAN (Wide Area Network)

A computer network that spans a relatively large geographical area. Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the internet.

WEP (Wired Equivalent Privacy)

Basic wireless security provided by Wi-Fi. In some instances, WEP may be all a home or small-business user needs to protect wireless data. WEP is available in 40-bit (also called 64-bit), or in 108-bit (also called 128-bit) encryption modes. As 108-bit encryption provides a longer algorithm that takes longer to decode, it can provide better security than basic 40-bit (64-bit) encryption.


A type of high-bandwidth wireless connectivity, using radio waves and conforming to the IEEE 802.11 standard. Wi-Fi is short-range in extent (usually within 100 feet). Encompasses 802.11 a,b, g, and n technologies.

Wired Broadband

An Ethernet connection to an always open, high bandwidth connection to the Internet.

Wireless Broadband

An 802.11b connection to an always open, high bandwidth connection to the Internet.

Wireless Local Area Network (WLAN)

In iPassConnect, this term is used to describe Wi-Fi connections (or 802.11b connections).

WPA (Wi-Fi Protected Access)

The Wi-Fi Alliances adoption of TKIP and portions of the 802.11i security standard to overcome the security limitations of WEP. WPA is the use of Temporal Key Integrity Protocol (TKIP) to bolster encryption of wireless packets with sequencing rules, and a re-keying mechanism. WPA will uses 802.1x and EAP authentication, based on a central authentication server (RADIUS) will eliminate the need for running wireless VPN software.

Back to Top


No terms.

Back to Top


No terms.

Back to Top


No terms.

Back to Top



1G (First Generation Mobile Broadband) refers to the analog transmission of voice.


2G (Second Generation Mobile Broadband) refers to the digital transmission of voice.


2.5G refers to the digital transmission of voice and limited bandwidth data.


3G refers to the digital transmission of voice and full bandwidth data.


4G refers to the projected future technologies succeeding 3G, including the digital transmission of voice, full bandwidth data, and possible other improvements including new transmission technologies.


802.11, or IEEE 802.11, is a type of radio technology used for wireless local area networks (WLANs). It is a standard that has been developed by the IEEE (Institute of Electrical and Electronic Engineers), Wi-Fi, 802.11, is composed of several standards operating in different radio frequencies.


An IEEE specification for wireless networking that operates in the 5 GHz frequency range (5.725 GHz to 5.850 GHz) with a maximum 54 Mbps data transfer rate. The 5 GHz frequency band is not as crowded as the 2.4 GHz frequency, because the 802.11a specification offers more radio channels than the 802.11b. These additional channels can help avoid radio and microwave interference. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.


International standard for wireless networking that operates in the 2.4 GHz frequency range (2.4 GHz to 2.4835 GHz) and provides a throughput of up to 11 Mbps. This is a very commonly used frequency. Microwave ovens, cordless phones, medical and scientific equipment, as well as Bluetooth devices, all work within the 2.4 GHz frequency band. An extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. Also referred to as 802.11 High Rate or Wi-Fi.


802.11g Similar to 802.11b, but this standard provides a throughput of up to 54 Mbps. It also operates in the 2.4 GHz frequency band but uses a different radio technology in order to boost overall bandwidth.


The 802.1X standard provides the ability to identify who is attempting to gain access to a given port. There are five components to 802.1x deployment.

  1. Supplicant software runs on the client device responsible to the authentication request.
  2. An 802.1x network adapter installed on the client system. (Note that not all network adapters work with all supplicants.)
  3. The supplicant sends the authentication request to the authenticator, such as a wireless access point or an 802.1x-enabled LAN switch.
  4. The authentication is handled by an authentication RADIUS server using ESP. Most wireless enterprise deployment will have a RADIUS server for centralized authentication.
  5. The authentication server communicated with a user database for verification. The user database can be an LDAP-based directory, SQL database, or digital certificates server.

Back to Top

Go to: Other Product Documents


©2015 iPass Inc. All rights reserved. Terms of Use