Communications ///////////////////////////////////////////////////////////////////////////////////////////////////////////////// BY: Cathy Zatloukal, Dayna Kully, Diane Estner Unlocking the Guest Digital Engagement Opportunity Delivering a Better Guest Experience Through Centralized Authentication Why should hotel marketers be taking a seat at the table when selecting a centralized authentication solution? One aspect of centralized authentication is making it easier to connect guest devices to the hotel Wi-Fi – removing that require-ment to enter our last name and room number every new day, every new stay in the same hotel, and for every device that we carry and replacing that with a sign-up once and “we’ll remember you.” In addition to the “we’ll remember you,” now hotel marketers can associate an identity to any guest device upon connection to any Wi-Fi network in the hotel portfolio. Some solutions go beyond identity management by providing device location information as well as eliminating the need for using beacon technology. Another key aspect of some centralized authentication solutions is leveraging a recent feature built into the Wi-Fi protocol that enables the delivery of advertisements over the hotel Wi-Fi network to the guest device. Guest assistance for things such as “Click here for your mobile check-in” when the guest arrives on property now become feasible without a hotel app. The Wi-Fi industry’s standards-based version of centralized authentication, Hotspot 2.0, is a key enabler for delivering a host of new services. Things such as the ability to create Wi-Fi connectivity affinity programs using the guest’s hotel Wi-Fi identity to automati-cally connect to partner networks such as in-air, airport or smart city Wi-Fi networks. Eliminating the need for in-building cellular systems (typically referred to DAS) by allowing the hotel Wi-Fi network to deliver voice, messaging and video as if it were cellular. Our goal in writing this overview is to offer the hospitality com-munity a clearer understanding of central authentication, what the challenges and opportunities are, and to introduce what will help work within the central authentication vendor community. WHAT IS CENTRAL AUTHENTICATION (CA)? Authentication is a server-hosted process used to assess whether a guest has the right credentials for access to the hotel Wi-Fi network. In the case of central authentication, the server is cloud based which, for global hotel brands, means networked authentication servers deployed in each major region of the world. The method of authenticating is based on a single sign-on. Guests who have already authenticated once to a hotel Wi-Fi network in the brand’s property portfolio are granted access without repeating the login steps. In fact, the de-vice logs in automatically, meaning the device presents the “right credential” to the authentication server without guest intervention. Authentication servers can support multiple types of credentials. The most common credential today is the device’s hardware identifier, the MAC address. In this case, the authentication server stores the device’s MAC address in the first time sign-on and tests against that credential for all future automatic logins. To avoid using the MAC address (which introduces PII vulnerabilities), the Hotspot 2.0 standard went down the path of working with device manufacturers to allow a credential to be installed on the device during the first time sign-on. The device automatically presents this credential for all future logins. A social login credential such as Facebook or LinkedIn, is another type credential that can be supported. Given the device will automatically log in on future stays, there is the ques-tion of how the device selects the right Wi-Fi network. To minimize security vulnerabilities, the Hotspot 2.0 protocol is based on the device prompting the Wi-Fi network for its identity (matching that to network information installed during the first sign-on) before encrypting/presenting the device’s credential. For solutions that are not Hotspot 2.0 compliant, the device is probing and presenting the device’s MAC address to all Wi-Fi networks it sees. 52 Summer 2017 HOSPITALITY UPGRADE www.hospitalityupgrade.com