Skip to main content

Network Architecture

Overview

The Helium Mobile Network has six main components:

Users: Users of the network are people who get their mobile service from a participating wireless service provider e.g. Helium Mobile (A cellular provider built directly on the Helium Network), Movistar, or others. Users consume voice, text, and data services using a smartphone that supports Passpoint. Users are also referred to as 'subscribers'.

Hotspots: Hotspots are Wi-Fi radios that have been configured to connect to the Helium Mobile Network. Hotspots can either be Helium Mobile Hotspots designed from the ground up to support the Helium network, or Converted Networks that support Wi-Fi Passpoint.

Core: The Core of the Helium Mobile Network is a message router responsible for managing the links to partner Service Provider Authentication, Authorization, and Accounting (AAA) functions. In addition to AAA functions, the Core also collects metrics for network visualization. Lastly, the Core provides operations, administration, and management (OAM) functions for radio owners.

Oracles: Oracles are servers and data stores that provide an interface between the Helium Mobile Network and the blockchain. Oracles do data processing and consolidation to ensure efficient use of blockchain resources. In general oracles are application specific and process a specific dataset for a specific blockchain related function.

Blockchain: The Solana blockchain provides a public ledger which can be used for following events on the Helium Mobile Network. The blockchain also manages rewards eligibility and distribution based on set of rules decided by community governance.

Service Providers: Service Providers are the mobile service providers (voice, text, data) that use the Helium Mobile Network for offload and coverage enhancement. Subscribers to these service providers automatically connect when they are in the coverage area of a Helium Mobile Network radio.

Users

To become a user of the network, subscribers must obtain mobile service from a participating Helium Mobile Network Service Provider. Once subscribed, the carrier will provision a Passpoint Profile to the subscriber's phone via a Carrier Bundle or Carrier App.

For example, when subscribers join Helium Mobile and install the mobile app (Apple or Android), they will be prompted to approve the installation of an "Enhanced Coverage" profile, configuring Passpoint on their device. Afterward, whenever a subscriber enters coverage range of a Hotspot, the device automatically connects.

Hotspots

Helium Mobile Hotspots are Wi-Fi radios that have been built from the ground up to integrate telecom technology with blockchain technology. This specifically means the firmware running on these radios has been secured using industry leading security features like TrustZone, Secure Boot, and Full Disk Encryption. As a result, these radios are eligible for earning Proof of Coverage rewards because the firmware producing the Proof of Coverage metrics is trusted.

Converted Radios, whether enrolled through the Helium Plus program or via the Self-Serve portal, have a lower trust rating and thus currently earn only data transfer rewards.

The Telco Protocols

All Hotspots on the Helium Mobile Network support 2 main protocols that enable users easy access and allow Service Providers to securely offload traffic. These protocols are Passpoint and RadSec.

Passpoint is the protocol that allows Helium radios to advertise their support for Service Providers that participate on the Helium Network. When a subscriber's phone enters the coverage area and detects the protocol and advertised support for its Service Provider, the device automatically connects to the network using the Passpoint Profile installed by the user or their Service Provider. Passpoint removes the user friction of having to ask for the Wi-Fi password giving users a universal credential they can use across the entire Helium Mobile Network.

The second protocol that enables the magic of carrier offload is called RadSec. RadSec is like a secure tunnel for important network conversations. Think of it this way: when a user or device needs to prove who they are to a network (like showing an ID), RadSec makes sure that proof is sent in a locked box. This locked box can only be opened by the right people, preventing anyone else from spying on or tampering with the information inside.

In more technical terms, RadSec stands for “RADIUS over TLS.” RADIUS is a system that handles things like logins and permissions, and TLS adds a layer of encryption so the data can't be viewed or changed in transit. Essentially, RadSec is just a safer way to verify identities and manage access on networks, protecting sensitive information along the way.

RadSec also transports and protects the accounting information central to the Helium Data Rewards model and Service Provider offload agreements. RADIUS is a standard telco accounting protocol used to communicate the start, interim, and stop usage reports for users once they connect and start using data. This accounting data originates in the Hotspot and via RadSec eventually makes it way to the Service Provider and to the oracles for Data Rewards.

Passpoint facilitates communication between Hotspots and subscribers' smartphones, while RadSec facilitates secure communication between Hotspots and Service Providers.

Local Breakout

All Helium Mobile Hotspots send user traffic to the internet using a concept called Local Breakout. This means the data travels directly from the subscriber's device to the Hotspot and then to the internet, without routing through the Service Provider Core or Helium Network Core. Using local breakout provides the lowest latency connection and the best user experience.

The Core

The core of the Helium Mobile Network is a control message broker. The core mainly processes 2 kinds of message from the Hotspots:

  • RADIUS messages
  • Operation, Administration, and Management messages

RADIUS in the Core

A key function of the Core is acting as a RADIUS message router. The core takes all the incoming RADIUS packets from the Hotspots and from Service Providers and routes the message either to the correct Service Provider or to the correct Hotspot.

During this routing the core also reads the radius messages and uses the data contained within to capture statistical data. The captured data is then sent to the oracles for various accounting, rewarding, eligibility, and anti-gaming analyses.

OAM in the Core

In addition to RADIUS processing, the Core hosts several convenience services referred to as Operations, Administration, and Management (OAM) functions. Examples of OAM functions include configuration management, monitoring and alerting, status reporting, and network statistics collection and visualization. An example of the visualization tools this enables is the Helium World explorer.

Additionally, OAM provides builders with a dashboard for monitoring and configuring deployed radios. The Helium Mobile Builder Dashboard is hosted on and powered by data collected by the core.

Oracles

When operating a telecom network on a blockchain two challenges present themselves: managing large volumes of data and addressing privacy and regulatory requirements associated with this data. The primary function of Oracles is collecting and processing telecom data, preparing it for sharing on a public blockchain. Preparing the data involves aggregation and anonymization to prevent sharing regulated, privacy-sensitive data on-chain, or performing aggregation and analysis to reduce the volume of data.

While the following list may change, current oracles for the mobile network include:

  • mobile-ingest: This oracle receives all data from Hotspots and service providers.
  • mobile-packet-verifier: This oracle tracks data usage on the network and is in charge of burning DC from the right payer.
  • mobile-verifier: This oracle processes data from Hotspots and Service Providers to evaluate eligibility and calculate rewards.
  • mobile-reward-index: This oracle serves as an interface to make claiming rewards to an owners wallet work on chain.
  • mobile-config: This oracle makes data which lives on chain available to other service such as Helium smartphone apps.

Blockchain

The Helium Network utilizes the Solana blockchain. For Helium, the primary functions of the blockchain are to implement rewarding of wallets for Helium radio owners and Helium Mobile subscribers and to serve as the historical public ledger that allows transparency into the operation of the Helium Network.

For more on Helium's use of blockchain see the Solana documentation.

Service Providers

Service Providers are Mobile Network Operators (MNOs) or Mobile Virtual Network Operators (MVNOs) who opt to enhance their own their cellular network with Helium Network offload coverage. Operators can achieve this through a straightforward Passpoint and RadSec integration, enabling automatic connectivity for their subscribers to Helium Network radios.

In the Helium Network Service Providers can either be directly involved as a on-chain service provider or they can be a roaming partner as an on-chain Service Provider. The distinction here is who's wallet the data credits are burned from when data is used. In the case of an on-chain service provider they are the owner of the wallet and payer for data usage. If the Service Provider is not an on-chain provider, a roaming or offload agreement with an on-chain provider is required, whereby the on-chain provider's wallet covers the Data Credit consumption.

The process to become an on-chain provider is documented in HIP 53.