TW201630395A - Methods and apparatus for hybrid access to a core network based on proxied authentication - Google Patents

Abstract

Apparatus and methods for hybrid access to a core network. In one embodiment, a wireless station enables a subscriber device to connect to a core network via an intermediate network (e.g., a Wi-Fi network) rather than the network traditionally associated with the core network (e.g., a cellular network). In one implementation, the subscriber device connects to the wireless station at the (Transmission Control Protocol/Internet Protocol) TCP/IP layers. Methods and apparatus for securely authenticating the subscriber device via the wireless station are disclosed. In one such variant, the subscriber device is a SIM-less device.

Description

Method and device for hybrid accessing a core network based on proxy authentication [Priority statement]

This application claims priority to co-owned, co-pending U.S. Patent Application Serial No. 14/863,239, filed on Sep. 23, 2015, entitled "METHODS AND APPARATUS FOR HYBRID ACCESS TO A CORE NETWORK BASED ON PROXIED AUTHENTICATION. The application claims the priority of the co-owned, co-pending U.S. Provisional Patent Application No. 62/071,517, entitled "METHODS AND APPARATUS FOR HYBRID ACCESS TO A CORE NETWORK", filed on September 25, 2014, The application is hereby incorporated by reference in its entirety.

Related application

This application is filed on January 15, 2014, entitled "METHODS AND APPARATUS FOR A NETWORK-AGNOSTIC WIRELESS ROUTER", serial number 14/156,174, co-owned and co-pending US patent application, and filed on January 15, 2014. The application is entitled "METHODS AND APPARATUS FOR HYBRID ACCESS TO A CORE NETWORK", which is incorporated herein by reference in its entirety.

The present invention relates generally to the field of wireless communications and data networks. More particularly, in one exemplary aspect, the present invention is directed to a method and apparatus for hybrid access to a core network.

The rapid growth of mobile data services accelerated by the emergence of so-called "smartphone" technology has led to a rapid increase in the volume of high-speed data transmission and the popularity of mobile services. With the increase in popularity, customers are expecting better and more reliable service and network capabilities. Short-term solutions to alleviate high-volume demand include unwelcome solutions such as "data rate bottlenecks" that introduce limited and expensive fees and phase out "unrestricted data plans." Longer-term solutions require new access technologies (eg, Long Term Evolution (LTE)) to meet customer needs and also require high-cost infrastructure investments.

Examples of initial solutions include, for example, "small base stations" (eg, femto base stations, pico base stations, and micro base stations), "HetNet" (heterogeneous networks), and "Wi-Fi offload." In short, small base station technology needs to be connected to the back end of the network operator's core network; when a small base station may not be able to access sufficient frequency resources, it still needs a high capacity base (ie, must be higher) This can complicate the configuration when the cost per bit is to provide carrier-level linearity. HetNets incorporates a variety of different network technologies and can experience co-channel interference between large base stations and base base stations. In contrast, there is no spectrum shortage problem with Wi-Fi Offload, and Wi-Fi hotspots operate in an exempted (exempted license) band, in which case there is ample spectrum (Industrial, Scientific, and Medical (ISM) and The Unlicensed National Information Infrastructure (U-NII) band provides near 0.5 GHz spectrum). As a result, Wi-Fi offloading is very attractive to network operators; in fact, some small base stations have integrated Wi-Fi access point (AP) functionality (eg, "Wi-Fi ready").

Despite these benefits, there are several fundamental issues associated with Wi-Fi offload systems and networks. Existing network operators view the cellular network and the Wi-Fi network as two separate business units that operate and manage separately. At the operational and service levels, there are very few integrations and interactions between the two networks. For example, a Wi-Fi network does not have a standard "discovery", "select" and "access" mechanism and/or program. This can make it difficult to access such networks and/or inconsistent quality of service (QoS), security, and policies. However, cellular networks typically implement a single user identification module (SIM) for acquisition, registration, authentication, and cipher communication; in contrast, Wi-Fi networks are based on wireless networks. Various "web-based" authentication methods for Road Service Provider Roaming (WISPr) (or similar variants). WISPr requires the user to enter a username and a password, such as an authentication, authorization, and accounting (AAA)/remote authentication dial-up user service (RADIUS) server; this step is Inconvenient and error-prone.

In view of these shortcomings, other network technologies are needed to enable improved methods and apparatus for accessing mobile wireless (e.g., cellular) networks. Ideally, such improvements would provide an integrated solution for combining, for example, Wi-Fi networks and cellular networks to seamlessly and similarly perform user experience, policy control, etc. in both networks. Discovery, selection and association, authentication and QoS. Other benefits may include, for example, Wi-Fi roaming, Wi-Fi neutral host and IP mobility capabilities, while providing network handover for an integrated cellular Wi-Fi network.

The present invention satisfies the above needs, inter alia, by providing improved apparatus and methods for hybrid access to a core network.

The present invention discloses a method for wireless communication, comprising a first communication system and a second communication system, wherein the first communication system has at least a first node and a second node in communication with each other. In one embodiment, the method includes: performing a complex number within the first node a first portion of one of the layers, and causing the second node to perform a second portion of the one of the layers; providing one or more identification information from the first node to the second node, the one or more identification information and the The execution of the second portion of the equal layer is used in combination to authenticate the first node in at least one of the first communication systems, and wherein the successful authentication establishes the second node and the at least one logical entity One of the connections.

In a variant, the second portion of the layer executing the second node comprises a Transmission Control Protocol/Internet Protocol (TCP/IP) coupled to the first node. Floor.

In a second variant, the first portion of the layer performing the first node includes a complementary Transmission Control Protocol/Internet Protocol (TCP) coupled to the second node. /IP) layer.

In a third variant, the method includes causing the second portion of the layers to derive one or more authentication information; and based on the derived one or more authentication information, the second portion of the layers is further Encrypting one or more data payloads of the first link between the second node and the at least one logical entity. In one such variation, the method further includes deriving the one or more authentication information at the first portion of the layers; and at the first portion of the layers based on the one or more authentication information derived One or more data payloads of the second portion of the layer are encrypted.

In a fourth variation, the method includes receiving the one or more identification information from a user identification module (SIM) that is not local to the first node. In one such case, the providing the one or more identification information from the first node to the second node is performed via a public key encryption scheme. In an exemplary variation, the public key encryption scheme includes input from a user Receive a password for manual input. In another variation, the public key encryption scheme includes extracting a predefined public key.

The invention discloses a wireless station device for providing connection with a core network. In one embodiment, the wireless station device includes: a network interface for connecting to the core network associated with a second radio technology; a radio interface for using the radio interface Unlike the second radio technology, the first radio technology provides an open wireless network; a processor; and a non-transitory computer readable medium that communicates with the processor and includes one or more instructions . In an exemplary embodiment, when executed by the processor, the one or more instructions cause the wireless station device to request access to the core network in response to a user device of the open wireless network: The user device receives one or more identification information; and performs authentication on the core network via the network based on the one or more identification information, wherein the result of the authentication may derive one or more authentication keys; and based on the one Or a plurality of authentication keys are established to securely link with one of the user devices via the open wireless network.

In one variation, when the one or more instructions are executed by the processor, the wireless station device is caused to perform one or more software layers uniquely associated with the user device and the second radio technology.

In a second variation, the one or more software layers executed simulate one or more portions of one of the call stacks associated with the user device. In some cases, at least one software layer is simulated to authenticate the user device to the second radio technology.

In a third variant, the received one or more identification information is received by a public key encryption; wherein the security link established is based on a symmetric key encryption.

The invention discloses a method for communicating with a core network via a wireless station User device of the news. In one embodiment, the user device includes: a radio interface for communicating with a wireless station, wherein the wireless station is configured to communicate with the core network; a processor; and a non-transitory A computer readable device containing one or more instructions. In an exemplary embodiment, the one or more instructions are configured, when executed by the processor, to cause the user device to: provide one or more identification information to the wireless station, wherein the wireless station is used with the core Communicating with the network; receiving one or more authentication information from the wireless station; and establishing a secure connection with one of the wireless stations based on deriving one or more keys from the one or more authentication information.

In a variant, the identification information comprises a Long Term Evolution (LTE) evolved packet system (EPS) Key Access Security Management Entity (KASME) encryption key.

In a second variant, the user device is further configured to authorize the use of one or more pieces of identification information by the at least one other user device. In one such variation, the at least one other user device shares the secure connection to the wireless station. In another variation, the user device is further configured to request an Internet Protocol (IP) address for the at least one other user device.

In a third variant, the one or more identification information is provided to the wireless station by a public key encryption scheme.

Other features and advantages of the present invention will become apparent to those skilled in the <RTIgt;

100‧‧‧3GPP Release 8 Network Architecture, Existing Network Architecture

102‧‧‧Evolved closed data gateway

104‧‧‧Authentication, Authorization and Accounting (AAA) Server

106‧‧‧Access network discovery and selection

108‧‧‧Action/Controller Gateway

110‧‧‧Local User Server

112‧‧‧ Packet Data Network (PDN) Gateway (P-GW)

114‧‧‧User equipment

116‧‧‧Wi-Fi access point

200‧‧‧Network Architecture

202‧‧‧Evolved packet core

204‧‧ Wi-Fi AP

206‧‧‧User equipment

208‧‧‧Safety Gateway

210‧‧‧Evolved Node B

212‧‧‧Action/Controller Gateway

214‧‧‧Action Management Entity

216‧‧‧Strategy and Billing Rules Features

300‧‧‧Wireless stations, example devices, devices, example network independent wireless stations

302‧‧‧Substrate

304‧‧‧Processing subsystem, processing system

306‧‧‧Power Management Subsystem

308‧‧‧ memory subsystem

310‧‧‧First Radio Data Machine Subsystem, Wireless Radio Subsystem, First Radio Subsystem

312‧‧‧Ethernet switch, Ethernet interface

314‧‧‧User input/output

400‧‧‧User devices, example devices, devices

402‧‧‧One or more substrates

404‧‧‧Processing subsystem, processing system

406‧‧‧Power Management Subsystem

408‧‧‧ memory subsystem

410A‧‧‧LTE cellular air interface, cellular radio subsystem

410B‧‧ Wi-Fi IEEE 802.11n air intermediation, Wi-Fi radio subsystem, wireless network radio subsystem

410C‧‧‧GPS Air Intermediary

410D‧‧‧Blue Bulk Intermediary

412A‧‧‧screen display

412B‧‧‧Keypad

412C‧‧‧Microphone and Speaker

412D‧‧‧Audio codec

412E‧‧‧ camera

500‧‧‧IEEE 802.11n PHY (L1) and Media Access Control (L2) protocol stack

502‧‧‧Exempted National Information Infrastructure Band

504‧‧‧Industrial, scientific and medical bands

506‧‧‧Media Access Control Layer

508‧‧‧Application Software

602‧‧ Wi-Fi tube

604‧‧‧ first application

606‧‧‧Second application

1002‧‧‧corresponding buffer and MUX/DeMUX assembly

1004‧‧‧corresponding buffer and MUX/DeMUX assembly

1006‧‧‧ Wi-Fi tube

1008‧‧‧Virtual PHY

1010‧‧‧User device media access control

1012‧‧‧Access Point Media Access Control

1302‧‧‧Two-way auxiliary control channel, WoLTEN control channel

1304‧‧‧Two-way auxiliary control channel

1306‧‧‧WoLTEN application

1308‧‧‧WoLTEN agent

1310‧‧‧Buffer and MUX/DeMUX

1312‧‧‧Multiple user buffers and MUX/DeMUX, MUX/DeMUX

1314‧‧‧ Radio link control layer to non-access layer

1316‧‧‧RLC to Internet Protocol

Steps 1402, 1404, 1408, 1410‧‧

1502, 1504, 1506, 1508, 1510, 1512, 1514‧‧ steps

1602, 1604, 1606, 1608, 1610‧‧‧ steps

1700‧‧‧External Module, USIM Module

1702‧‧‧SIM/USIM

1704‧‧‧ Processor

1706‧‧‧ Non-transitory computer readable memory

1708‧‧‧Power unit

1710‧‧‧I/O communication module

L1‧‧‧RHY/entity

L2‧‧‧Media Access Control (MAC)

Figure 1 is a prior art third-generation partnership program (3GPP) version 8 network architecture The block diagram is represented.

Figure 2 is a block diagram representation of an exemplary embodiment of a Long Term Evolution Wi-Fi (WoLTEN) network architecture.

Figure 3 is a logical block diagram representation of an exemplary wireless station for providing hybrid access to a core network in accordance with the various principles described herein.

4 is a logical block diagram representation of an example user device for accessing a core network via a hybrid access scheme in accordance with various principles described herein.

Figure 5 is a diagram showing the use of one of the Institute of Electrical and Electronics Engineers (IEEE) 802.11n Entity (PHY) (L1) and Medium Access Control (MAC) (L2) protocol stacks in conjunction with various aspects of the present invention. Logical block diagram.

Figure 6 is a logical representation of one of the Wi-Fi tubes formed by an exemplary wireless station (e.g., as illustrated in Figure 3) and an exemplary user device (e.g., as illustrated in Figure 4).

Figure 7 is a logical software representation of one of several logical channels, transport channels, and physical channels of a prior art LTE radio architecture.

Figure 8 is a logical software diagram representation of a prior art LTE software user plane protocol stack.

Figure 9 is a logical software diagram representation of a prior art LTE software control plane protocol stack.

10 is a logical software diagram illustrating an exemplary implementation of an LTE radio user plane protocol stack operating between a User Equipment (UE) and an Evolved Node B (eNB) in accordance with various aspects of the present invention. Example and its modification.

11 is a logical software diagram illustrating an exemplary embodiment of an LTE radio control plane protocol stack operating between a User Equipment (UE) and an Evolved Node B (eNB) in accordance with various aspects of the present invention and One of its modifications.

11A is a logical block diagram of an example user equipment (UE) that communicates with a Wi-Fi access point (AP) using a second exemplary stacked arrangement in accordance with the principles described herein.

Figure 12 is a logical software diagram illustrating an exemplary embodiment of one of the conceptual architectures of LTE MAC used in conjunction with various aspects of the present invention.

Figure 13 is a logical software representation of one of the overall agreement stacking architecture (both user plane and control plane) for the user device and the wireless station.

Figure 14 is a logic flow diagram of one generalization process for the discovery, initiation, and configuration of an operational management dialogue.

Figure 15 is a logic flow diagram illustrating the initialization of a Long Term Evolution Wi-Fi (WoLTEN) connection of one of the exemplary WoLTEN applications (APPs) executed on a user device.

Figure 16 is a logic flow diagram illustrating the initialization of a Long Term Evolution Wi-Fi (WoLTEN) connection of one of the exemplary WoLTEN agents executing on a wireless station.

Figure 17 is a logical block diagram of an exemplary external subscriber identity module (SIM/USIM) used in conjunction with the present invention.

Reference is now made to the drawings, in which like reference

In short, the side used for hybrid access to a network (for example, a core network) The method and apparatus are disclosed, for example, in the title of "METHODS AND APPARATUS FOR HYBRID ACCESS TO A CORE NETWORK", which is filed on January 15, 2014, and the title of the application filed on January 15, 2014. It is in the "METHODS AND APPARATUS FOR A NETWORK-AGNOSTIC WIRELESS ROUTER" serial number 14/156,174 US Patent Application. As set forth herein, an "access tunnel" (e.g., a so-called "Wi-Fi pipe") enables a user device to contact a core network via an intermediate network (e.g., a Wi-Fi network). In one embodiment, the wireless stations are used to directly connect to the core network using protocols similar (or identical) to existing network entities (e.g., evolved Node Bs (eNBs)). As explained in more detail below, an example Wi-Fi access point (AP) provides access to a Long Term Evolution (LTE) network. The user device and the wireless station are connected via a Wi-Fi pipe; the wireless station performs a translation process (eg, a User Equipment (UE) Media Access Control (MAC), a Virtual Physical Layer (VPHY), and an access point ( AP) MAC), thereby seamlessly connecting the user device to the LTE core network.

Various other advantages of the disclosed embodiments are set forth in more detail below.

Detailed description of the example embodiments

Various exemplary embodiments of the invention are now set forth in detail. Although these embodiments are primarily described in the context of a fourth generation long term evolution (4G LTE or LTE-A) wireless network in conjunction with Wi-Fi hotspot (IEEE 802.11n) operation, this technique is generally The skilled person will recognize that the invention is not limited thereto. In fact, various aspects of the present invention are applicable to any wireless network that can benefit from the wireless routing set forth herein.

As used herein, the term "wireless" means any wireless signal interface, data interface, communication interface or other interface, including Wi-Fi (IEEE 802.11 and its derivatives, eg, "b", "a", "g" , "n", "ac", etc.), Bluetooth, 3G (for example, 3GPP, 3GPP2, and UMTS), 4G (LTE, LTE-A, WiMax), HSDPA/HSUPA, TDMA, CDMA (eg, IS-95A, WCDMA, etc.), FHSS, DSSS, GSM, PAN/802.15, WiMAX (802.16), 802.20, narrowband/FDMA , OFDM, PCS/DCS, analog honeycomb, CDPD, satellite system, millimeter wave or microwave system, acoustic and infrared (ie, IrDA), but are not limited thereto.

Moreover, as used herein, the term "network" generally refers to any type of data network, telecommunications network, or other network, including data networks (including MAN, PAN, WAN, LAN, WLAN, micro network). , but not limited to, piconet, internet and intranet, satellite, cellular and telecommunications networks.

Existing solutions for hybrid access -

In the past, back-end and indoor coverage were the two biggest "pain points" of a network operator; recently, mobile network data capacity has become a challenge. Solutions that increase data capacity while saving time and money for network operators will be highly rewarding. Although network operators are resisting Wi-Fi adoption in their networks, it is clear that a viable solution to data capacity issues will require Wi-Fi integration.

In short, spectrum (or bandwidth) is a rare and expensive resource cost for network operators. Although most network operators have a bandwidth (up to most) of ~10-20 MHz, Wi-Fi networks operate in an unlicensed band spanning hundreds of MHz of spectrum. Wi-Fi systems supporting one of the Industrial, Scientific and Medical (ISM 2.4 GHz) and Unlicensed National Information Infrastructure (U-NII 5 GHz) bands will access the spectrum of approximately 80 MHz of the ISM and 450 MHz of the U-NII band (excluding Outdoor band). Initially, network operators were concerned about the availability and quality of the exempted (exempted) spectrum and may have a negative impact on the user experience; however, unauthorized technology (eg Wi-Fi) is even in congested and unfavorable scenarios. Provides a stable and effective linearity.

Unlike hive technology, most existing Wi-Fi products are based on ad hoc deployments. Wi-Fi network media access for carrier sensing multiple access and collision avoidance (CSMA/CA) and non-contention (point coordination function (PCF) or distributed coordination function (DCF)) specially designed to enable ad hoc deployment Control (MAC) protocol is used in conjunction. Ad hoc deployments reduce the burden on network operators for network planning, deployment, and maintenance.

Furthermore, the cellular technology system was originally designed to support more equal business models (for example, to provide relatively low-rate voice capabilities for a large number of users), and conceptually, Wi-Fi technology is designed to support high throughput. . Existing Wi-Fi devices typically have the ability to exceed 300 Mbits/sec data rate; other versions are expected to achieve Gbits/sec data rates.

Wi-Fi technology and devices have been around for more than a decade, and components have been commercialized and available at relatively low cost. Many existing consumer devices have been incorporated with Wi-Fi technology, so there is no significant deployment barrier for the lowest equipment cost (for both network operators and users).

For at least the above reasons, so-called "Layer 1" operators (eg, AT&T® and Verizon®) have requested integration of core networks in recent and future standards development (eg, version 3 of the 3rd Generation Partnership Project (3GPP)) With Wi-Fi. Specifically, network operators have concluded that Wi-Fi can have potential applicability as a complementary communication system for one of: (a) offloading data traffic and (b) improving coverage. More directly, Wi-Fi offloading can alleviate traffic congestion because Wi-Fi's available spectrum exceeds the spectrum of network operators. In addition, Wi-Fi is more cost effective and does not require network planning and operation for "difficult to cover" areas (eg, indoors) when compared to a small base station solution. To this end, many newer small base stations (so-called "Node B" for 3G and evolved Node B (eNode B or eNB for 4G LTE) have been incorporated into Wi-Fi access points (APs) ability.

However, existing solutions have multiple implementation issues. Currently, Wi-Fi is available The service's cellular network treats the cellular network and the Wi-Fi network as two separate service units, two of which operate and manage separately. From an implementation point of view, there is little integration and interworking between the two networks at the operational and service levels. In addition, Wi-Fi networks suffer from a lack of standard "discovery", "choice" and access mechanisms and procedures. For this reason, it is often difficult for users to find and use such networks, and even if found, quality of service (QoS) services and policies cannot be coherent or guaranteed across the network. Providing inconsistent services is easily perceived by users and can negatively impact customer satisfaction.

As mentioned previously, Wi-Fi networks are web-based authentication methods, such as WISPr (or similar variants), while WISPr is based on the traditional username/password paradigm. Although there are several major obstacles to implementing User Identity Module (SIM) operations using Wi-Fi (for example, the Extensible Authentication Protocol Authentication Key Agreement (EAP-AKA) support), some operators (for example, Swisscom®) Wi-Fi SIM/USIM based authentication has been used. Similarly, Cisco® has a proprietary solution (for example, based on the Aggregation Services Router (ASR) family of products and Cisco Prime® for network management), like Alcatel-Lucent® (for example, light radio, a Wi-Fi /WLAN gateways) and Ericsson® (for example, Service Awareness Accounting and Control (SACC)) and its network-integrated Wi-Fi solution as a Wi-Fi offload solution).

However, even in such solutions, the Wi-Fi network is an entity separate from the cellular network. This difference leads to different levels of security and user experience, and often requires the operator to manage two separate and distinct networks, investing additional funds for a large number of network and interworking entities. For example, depending on the solution, new or modified handset functional entities may be required, such as EAP-SIM and EAP-AKA for Wi-Fi and routing algorithms (eg, UE-based IP flow mobility and Seamless Uninstall (IFOM)).

A brief evolutionary history of Wi-Fi cellular interoperability is now presented. In the 3GPP version In 6, the interworking WLAN (I-WLAN) standard is mainly introduced for Wi-F integration with 3G networks. This early standard supports IP data over Wi-Fi networks or 3G networks and requires a large number of new network entities (eg, Wireless Local Area Network (WLAN) Access Gateway (WAG), Packet Data Gateway (PDG), Authentication, Authorization and Accounting (AAA) Server, and Local Agent (HA)). Although this standard is not welcomed by network operators, in 3GPP Release 8, I-WLAN is even more integrated with the Long Term Evolution (LTE) core network (also known as the Evolved Packet Core (EPC)).

FIG. 1 illustrates a prior art 3GPP Release 8 network architecture 100. As shown, 3GPP Release 8 introduces three network components in the 3GPP Core Network (EPC), namely: Evolved Closed Data Gateway (ePDG) 102; Authentication, Authorization and Accounting (AAA) Server 104; And access network discovery and selection function (ANDSF) 106. Certain existing network entities in a Wi-Fi network are also modified or adapted to incorporate additional functionality (e.g., mobility/controller gateway 108). As shown, the Wi-Fi AP 116 is a conventional IEEE 802.11n AP that conforms to one of the IEEE 802.11n standards. During operation, Wi-Fi AP 116 is connected to and controlled by mobility/controller gateway 108, and mobility/controller gateway 108 is integrated with EPC via ePDG 102. UE 114 may also require corresponding functionality to support UE-based mobile IP and IP flow mobility for Wi-Fi offload, as well as support for discovery, selection, association, and SIM-based authentication and encryption via Wi-Fi AP 116 .

The architecture of Figure 1 enables so-called "untrusted access." In particular, the inclusion of an AAA server 104 (which is also wired to a local user server (HSS) 110) allows SIM-based authentication of a Wi-Fi user device by means of EAP-AKA. The Packet Data Gateway (PDG) (previously introduced in Release 6) was redefined in 3GPP Release 8 as an evolved PDG (ePDG) 102. As shown, the ePDG 102 is directly wired to a Packet Data Network (PDN) Gateway (P-GW) 112 to support IP mobility for Wi-Fi. In the architecture of Figure 1, a user The device (UE) 114 is used to establish an Internet Protocol Secure (IPsec) channel between itself and the ePDG 102 (the intervening network component is an untrustworthy entity, so this solution provides untrusted access). Since the intervening network components are untrustworthy, a UE 114 must establish an IPsec tunnel with the ePDG 102. This can be a significant processing burden because ePDG must support and maintain a single IPsec tunnel for each UE.

3GPP Release 10 retains Network Architecture 100 and introduces the S2a-based Universal Packet Mobility Radio Service (GPRS) Tunneling Protocol (SaMOG), which enables "trusted" access network operations. Unlike Release 8, in Release 10, an IPsec tunnel is set between Wi-Fi AP 116 and P-GW 112. This configuration mitigates the large (bandwidth) IPsec channel at ePDG 102; however, since the IPsec tunnel does not extend to the Wi-Fi radio interface, the null plane must be protected by another mechanism (eg, Hotspot 2.0 (IEEE 802.11i) )standard).

In the context of Figure 1, various offload algorithms can be used to address different Quality of Service (QoS) requirements for different services and IP mobility. Two features (Multiple Access PDN Linked Linearity (MAPCON) and IP Flow Mobility (IFOM)) are specified in Release 10 for QoS-based offloading; network operators can implement either scheme based on, for example, business considerations.

In both MAPCON and IFOM, each protocol data network (PDN) is assigned a unique IP address; each PDN is a specific service network in the current 3GPP architecture, including but not limited to: the Internet, IP Multimedia Subsystem (IMS), IPTV, etc. Each PDN is further identified by an Access Point Name (APN). In addition, all PDNs are delivered to a Wi-Fi offload network or submitted back to the cellular network. MAPCON allows access to the network based on PDN QoS requirements or network load. IFOM is a more advanced version of MAPCON, which allows for a given PDN to have several IP streams, further fine-tuning and optimizing performance based on QoS. In Release 10, each PDN is associated with two IP addresses, one for cellular access and one for Wi-Fi network access allows simultaneous access through two networks.

In order to complete the integration of Wi-Fi networks and 3GPP cellular networks, a standard automatic network "discovery", "selection" and "association", and "policy control" framework for Wi-Fi networks are required. The existing network architecture 100 provides the aforementioned functionality using the Access Network Discovery and Selection Function (ANDSF) 106 and Hotspot 2.0. ANDSF provides a client-server-based policy control solution that uses Wi-Fi networks to provide EAP-SIM-based and EAP-AKA-based authentication (for example, providing network operators via Wi-Fi air interface) Discover, select and associate).

Example Long Term Evolution Wi-Fi (WoLTEN) Network Architecture -

Despite the many efforts previously made, there are still various problems with existing solutions for combining the cellular and Wi-Fi ecosystems. In particular, the proposed 3GPP solution for cellular/Wi-Fi integration is not "all-in-one" and the proposed solution is a patchwork of one of the specialized and/or modified functional entities spread across network elements. Program. The resulting solution is complex, incomplete, impractical, and non-scalable. Even after making significant investments in one of these relatively complex and expensive solutions, network operators must: (i) operate and maintain two different networks; and (ii) address the differences between these networks. User experience (for example, security and QoS).

In addition, there are other issues that these solutions cannot solve. For example, version 10 proposals (eg, SaMOG, MAPCON, IFOM, ANDSF, and HotSpot 2.0) require the Wi-Fi network to be a "trusted network." The practical implementation plan will most likely need to be owned by the network operator. Such limitations (even when not explicitly stated) do not include desired features (eg, Wi-Fi roaming, neutral host operations, etc.) and limit the deployment scenarios of Wi-Fi networks. In particular, some independent operators (eg, Boingo®) use Wi-Fi to fram out the network in an unlicensed band.

Current solutions provide some degree of integration and coexistence of cellular networks (eg, 3GPP) with Wi-Fi networks; however, such solutions are often complex, expensive, and require operators to pay for operating and maintenance parts. Work hard. In fact, in the United States (USA), there is only one operator (AT&T) using the aforementioned network architecture.

To this end, various embodiments of the present invention are directed to methods and apparatus for hybrid access to a core network. The ideal solution would be seamless and functionally similar across the two networks (eg, user experience, policy control, discovery, selection, association, authentication, QoS, etc.). In addition, these embodiments should provide components for Wi-Fi roaming, Wi-Fi neutral host capabilities, and IP mobility, as well as network handover for an integrated cellular/Wi-Fi network.

Current Wi-Fi integration methods rely on gradual changes to existing 3GPP and Wi-Fi networks, for example, by adding new functional entities while modifying certain existing functional entities. In contrast, the priority solution should be built on existing 3GPP networks (ie, 3GPP core networks (eg, EPC in a 4G LTE network) have no change or minimal change), not Wi-Fi The AP and UE modify the functionality to achieve the desired level of integration. Accordingly, the present invention discloses various solutions for modifying Wi-Fi AP functionality and intermediate software in a UE for enabling overall Wi-Fi with a 3GPP network with minimal changes in the core network. Integration (transparent to the end user).

Although the following discussion is presented within the context of a 3GPP core network, the 3GPP core network provides one 4G-LTE (Frequency Division Multiplexing (FDD)) network operating in a 3GPP approved FDD licensed band, but it should be understood that Given the teachings of the present invention, one of ordinary skill in the art can readily apply the principles set forth to other network technologies. Other examples of 3GPP network technologies include 3G WCDMA/UMTS/HSPA, 2G and 2.5G GSM-GPRS networks, and FDD and TDD cellular systems, but are not limited thereto.

Although the following discussion is presented within the context of the IEEE 802.11n Access Point (AP) technology, it should be understood that the general knowledge of the relevant art can readily apply the principles set forth to others in the context of the present invention. Network technology. Other examples of suitable access technologies include, for example, IEEE 802.11 derivatives, such as "b", "g", "a", "ac", frequency hopping spread spectrum (FHSS), direct sequence spread spectrum (DSSS). And infrared (IR).

FIG. 2 illustrates an exemplary embodiment of a network architecture 200, hereinafter referred to as a "WoLTEN network" (Long Term Evolution (LTE) Wi-Fi network). In the illustrated embodiment, there is little need for modification in the Evolved Packet Core (EPC) 202, but the software functionality of the Wi-Fi AP 204 and the UE 206 to accommodate differences in radio operation (eg, cellular operation and IEEE) The difference between 802.11 operations). In the illustrated WoLTEN network, the Wi-Fi AP 204 is directly connected to the security gateway 208 of the EPC 202 and is considered to have the same privileges and security as one of the eNBs 210 in the network (ie, it is A "trustworthy" AP). In other embodiments (not shown), the security gateway 208 is directly wired to a HeNB gateway or a local gateway or the like gateway entity. In some variations, the Wi-Fi AP can also be wired to a mobility/controller gateway 212 to act as a conventional Wi-Fi AP (e.g., to provide support for legacy devices, etc.). The old operation is similar to the existing proposal (for example, see the network architecture 100 of Figure 1 and will not be further elaborated).

During the WoLTEN operation, many of the IEEE 802.11n associated lower layers (referred to as physical (PHY) layers and medium access control (MAC) layers) remain substantially the same as existing IEEE 802.11n implementations. In some embodiments, a link layer control (LLC) layer is not included; in other variations, an LLC layer can be included. However, various embodiments of the present invention enable higher LTE specific functionality than the MAC layer. Specifically, the user equipment appears to be higher than one of the MAC layers, a logical LTE User Equipment (UE); similarly, the Wi-Fi AP appears to be higher than one of the MAC layers, a logical LTE evolved Node B (eNB). Dependency on functionality of lower layer entities by removing functionality from higher layers of LTE The Wi-Fi offload algorithm can freely choose any of the radio access technologies (eg, LTE or Wi-Fi) based on related considerations (eg, connectivity, power consumption, data requirements, etc.).

For example, as explained in more detail below, the WoLTEN network of Figure 2 enables authentication in the LTE Universal Subscriber Identity Module (USIM) (eg, based on the Extensible Authentication Protocol Authentication Key Protocol (EAP-AKA)). And so, the Wi-Fi network can operate in an "open system authentication" mode (ie, Wi-Fi access does not require credentials for accessing the integrated network). Since a single USIM is used for both the LTE network and the Wi-Fi network, the Wi-Fi offload selection algorithm may reside in the UE (based on the UE) 206 or reside in the network (eg, MME 214) or And may be based on several considerations, such as load and/or radio conditions on each radio access unit, quality of service (QoS) of the services provided, and the like. In one such example, a UE-based algorithm may prefer to use Wi-Fi access, and if Wi-Fi access is not available, the UE returns to LTE access.

In addition, since the Wi-Fi AP 204 is treated as an eNB entity by the WoLTEN network entity, the Policy and Charging Rules Function (PCRF) 216 can apply the same policy and charging rules to the eNB to carry and properly enable Wi-Fi. AP. In some embodiments, an operator may prefer to have different policies and charging rules for two access units (LTE eNB and Wi-Fi AP).

Example wireless station -

As explained in more detail below (see, for example, the following example user devices), various embodiments of the present invention can be utilized in conjunction with intermediate software located in a User UE (UE-S) device. In some embodiments, the intermediate software may be downloaded (eg, by a user); or, the intermediate software may be preloaded during device manufacture. In some other embodiments, various embodiments of the invention may be utilized in conjunction with user devices that include specialized hardware to support appropriate functionality.

Referring now to Figure 3, an exemplary wireless station 300 for providing hybrid access to a core network is presented.

In one embodiment, the wireless station 300 is a stand-alone device, however, those of ordinary skill in the relevant art will recognize that the functionality described can be incorporated in a variety of devices: a base station (eg, , a long-term evolution (LTE) evolved Node B (eNB), etc., a portable computer, a desktop computer, etc., but is not limited thereto.

The exemplary device 300 includes one or more substrates 302. The one or more substrates 302 further include a plurality of integrated circuits including: a processing subsystem 304, for example, a digital signal processor (DSP) , a microprocessor, a programmable logic device (PLD), a gate array or a plurality of processing components; and a power management subsystem 306 providing power to the device 300; a memory subsystem 308; and a first radio data machine Subsystem 310; and an Ethernet switch 312 and associated Ethernet network. In some embodiments, there may also be user input/output (IO) 314.

In some cases, processing subsystem 304 may also include an internal cache memory. Processing subsystem 304 is coupled to a memory subsystem 308 that includes non-transitory computer readable memory. For example, the non-transitory computer readable memory can include SRAM, flash, and SDRAM components. The memory subsystem can implement one or more DMA type hardware to facilitate data access, as is well known in the art. During normal operation, the processing system is configured to read one or more instructions stored in the memory and perform one or more actions based on the read instructions.

Processing system 304 has sufficient processing power to simultaneously support first radio subsystem 310 and core network connectivity. In an exemplary embodiment, the wireless station 300 is configured to provide additional functionality that operates over the processing subsystem 304 beyond existing wireless station functionality (ie, legacy Wi-Fi operations) (ie, modified to Wi-Fi supporting higher layer LTE protocol stacking and control software Agreement stack). In an exemplary embodiment, processor subsystem 304 is operative to execute software for operating and controlling a wireless station. One such commercial example is the Broadcom BCM4705 processor chip (which includes a processor core and a number of IOs, such as GPIO, RS232 UART, PCI, GMII, RGMII, and DDR SDRAM controllers).

The illustrated power management subsystem (PMS) 306 provides power to the wireless station 300 and may include an integrated circuit and/or a plurality of discrete electrical components. Common examples of power management subsystem 306 include: a rechargeable battery power source and/or an external power source, for example, from a wall outlet, an inductive charger, etc., but are not limited thereto.

User IO 314 includes any number of known IOs, including: LED lights, speakers, etc., but is not limited thereto. For example, in one such case, a set of LEDs can be used to indicate the status of the connection (eg, "green" indicates a state on the line, "red" indicates a failure or a linear problem, etc.). In more complex embodiments, the IO can incorporate a keypad, touch screen (eg, multi-touch interface), LCD display, backlight, speaker and/or microphone or other IO, such as USB, GPIO, RS232 UART , PCI, GMII, RGMII.

The first radio subsystem 310 is configured to generate a wireless network that accepts one or more user devices. In an exemplary embodiment, the generated wireless network is an "open" network, ie, the generated wireless network does not require any access control measures (eg, authentication, authorization, or accounting, etc.) ). Although open network operations are described in this article, it should be understood that access control schemes are not necessarily open; the use of limited access and closed access is equally successful. In effect, the credentials for the wireless radio subsystem 310 can be entered and set via the Ethernet switch 312 and associated Ethernet network connected to the core network (as will be explained in more detail below). In some cases, open networks may incorporate so-called "ad hoc" networks, mesh networks, and the like.

The first radio subsystem 310 is configured to generate a wireless network. In an example In an embodiment, the first radio subsystem 310 generates a Wi-Fi network (based on IEEE, eg, 802.11n, etc.). Other examples suitable for wireless technology include, but are not limited to, Bluetooth, WiMAX, and the like.

As shown in Figure 3, there are several (2 or more) antennas to support multiple input multiple output (MIMO) operation of the first network. Although not explicitly shown, it should be understood that each RF front end includes a device such as a filter, duplexer, RF switch, RF signal power level monitoring, LNA (Low Noise Amplifier) and PA (power amplifier). In an exemplary embodiment, the first radio subsystem 310 includes the functionality required to configure and operate an IEEE 802.11n modem, including a transceiver portion, a PHY (physical layer), and a MAC (Media Access Controller) unit. And associated control and operating software. A commercial example of this RF front end is the Broadcom IEEE 802.11n single-chip product, BCM4322 or BCM4323.

The Ethernet switch 312 and associated Ethernet network are used to provide access to the core network (e.g., EPC 202) and potentially other network entities (e.g., eNBs, HeNBs, etc.). Other common forms of access include, for example, Digital Subscriber Line (DSL), T1, Integrated Services Digital Network (ISDN), Satellite Link, Cable Data Service Interface Specification (DOCSIS) cable modem, and the like. A commercial example of an Ethernet switch 312 is a Broadcom BCM53115 chip that provides up to five (5) Ethernet ports. In an exemplary embodiment, the wireless station is configured to directly connect to the core network of a network operator via the Ethernet switch 312 to enable the aforementioned WoLTEN operation.

Example user device -

Referring now to Figure 4, an exemplary user device 400 is used to access a core network via a hybrid access scheme (via wireless station 300 of Figure 3). In one embodiment, user device 400 is a dedicated device, however, those of ordinary skill in the relevant art will recognize that the functionality described can be incorporated into a wide variety of devices: a smart phone, Portable A computer, and even a single device having only one radio modem for Wi-Fi IEEE 802.11n communication, etc., but is not limited thereto.

The exemplary device 400 includes one or more substrates 402, and the one or more substrates 402 further include a plurality of integrated circuits including: a processing subsystem 404, for example, a digital signal processor (DSP) , a microprocessor, a programmable logic device (PLD), a gate array or a plurality of processing components; and a power management subsystem 406 providing power to the device 400; a memory subsystem 408; and one or more radio data Machine subsystem. As shown, the example apparatus includes four (4) radio modem subsystems: a LTE cellular air plane 410A, a Wi-Fi IEEE 802.11n null plane 410B, a GPS air plane 410C, and a Bluetooth air plane 410D. In some embodiments, there may also be user input/output (IO) 412. As shown, the example user input/output (IO) 412 includes a screen display 412A, a keypad 412B, a microphone and speaker 412C, an audio codec 412D, and a camera 412E. Other peripheral devices may include external media interfaces (eg, SD/MMC card interface, etc.) and/or sensors, and the like.

In some cases, processing subsystem 404 can also include an internal cache memory. Processing subsystem 404 is coupled to a memory subsystem 408 that includes non-transitory computer readable memory. For example, non-transitory computer readable memory can include SRAM, flash, and SDRAM components. The memory subsystem can implement one or more DMA type hardware to facilitate data access, as is well known in the art. During normal operation, the processing system is configured to read one or more instructions stored in the memory and perform one or more actions based on the read instructions.

As with the processing subsystem 304 of the wireless station 300 (see FIG. 3), the processing subsystem 404 (also referred to as the "application" processor) of FIG. 4 has sufficient processing power and can access memory components to at least simultaneously Support Wi-Fi radio subsystem 410B and core network connectivity. One commercial example of processing subsystem 404 is the Freescale iMX53 1GHz ARM Cortex-A8 Processor or QUALCOMM Snapdragon 800.

The illustrated power management subsystem (PMS) 406 provides power to the user device 400 and may include an integrated circuit and/or a plurality of discrete electrical components. Common examples of power management subsystem 406 include: a rechargeable battery power source and/or an external power source, for example, from a wall outlet, an inductive charger, etc., but are not limited thereto.

The user IO 412 can include any number of known IOs shared by the consumer electronic device, including: a keypad, a touch screen (eg, a multi-touch interface), an LCD display, a backlight, a speaker, and/or a microphone or USB and Other interfaces, but not limited to this.

Those of ordinary skill in the relevant art will appreciate that a user device can have multiple other components (e.g., multiple additional radio subsystems, graphics processors, etc.), the foregoing being merely illustrative.

The cellular radio subsystem 410A is used to connect to a cellular network provided by a network operator. In one embodiment, the cellular radio subsystem 410A is a fourth generation (4G) Long Term Evolution (LTE) modem. Although not explicitly shown, it should be understood that each RF front end may include, for example, filters, duplexers, RF switches, RF signal power level monitoring, LNAs, and PAs for the radio subsystem of the device. The user device 400 is associated with an identification module that authenticates the user device to the network operator. In general, the identification module securely identifies the user device (or user account associated with the device) as authenticated and authorized for access. Common examples of the identification module include a User Identification Module (SIM), a Universal SIM (USIM), a Removable Identification Module (RUIM), a Code Division Multiple Access (CDMA) SIM (CSIM), and the like, but are not limited thereto. In some cases, the identification module can be removable (eg, a SIM card) or, in addition, can be an integral part of the device (eg, where one of the embedded components of the identification module is programmed) . A commercial example of a cellular radio subsystem 410A is the QUALCOMM Gobi MDM9600 And its associated RF and peripheral wafers.

The Wi-Fi radio subsystem 410B is used to connect, for example, one of the wireless networks generated by the wireless station 300 of FIG. In one embodiment, the wireless network radio subsystem 410B is a data machine compliant with the IEEE 802.11n standard. Although not explicitly shown, it should be understood that each RF front end may include, for example, filters, duplexers, RF switches, RF signal power level monitoring, LNAs, and PAs for the radio subsystem of the device. In an exemplary embodiment, Wi-Fi radio subsystem 410B is configured to execute software for operating and controlling IEEE 802.11n PHY (physical layer) and MAC (media access controller) units, and associated control and operation software. One commercial example of a Wi-Fi radio subsystem 410B is the Atheros single-chip IEEE 802.11n product, AR9285.

In an exemplary embodiment, user device 400 is further configured to provide additional functionality running on processing subsystem 404 (i.e., a Wi-Fi protocol stack modified to support higher layer LTE protocol stacking and control software).

Example "Wi-Fi Tube" -

Figure 5 illustrates a logical block diagram showing one of the IEEE 802.11n PHY (L1) and MAC (L2) protocol stacks 500 used in conjunction with various aspects of the present invention. As shown, the application software 508 operates directly above the MAC layer 506. It should be appreciated that other variations may be incorporated into other software layers (eg, a logical link control (LLC) and/or IP layer) based on design considerations. The exemplary PHY can operate in U-NII band 502 or ISM band 504, or both.

The MAC layer 506 can be set to operate in a "competitive" mode or a "non-competitive" mode. In non-competitive operations, the MAC uses a little coordination function (PCF); during contention mode operation, the MAC uses a distributed coordination function (DCF). Other Wi-Fi MAC features include registration, handover, power management, security, and quality of service (QoS). In the case that is not otherwise stated in this article, Having Wi-Fi components and functionality should be understood within the relevant art and will not be discussed further.

Referring now to Figure 6, assume an exemplary wireless station 300 (e.g., as set forth in Figure 3 and discussed above) and an exemplary user device 400 (e.g., as set forth in Figure 4 and discussed above) . Once the example user device 400 enters the exemplary network independent wireless station 300 coverage area and is registered within the open network, the end-to-end MAC connection between the user device 400 and the wireless station 300 forms a "transparent" connection. (or access tunnel), hereafter referred to as a "Wi-Fi pipe" 602. In some embodiments, the Wi-Fi pipe tunnel itself is unsecure (eg, where the hotspot behaves as an "open" Wi-Fi network) and is based on end-to-end for a cellular (LTE) network Or/and existing encryption schemes used at the application layer (eg, their encryption schemes used on traditional untrusted networks) to protect basic data payloads. In other embodiments, the Wi-Fi system is implemented via a closed network and incorporates native encryption or the like (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.).

The Wi-Fi tube enables two logical endpoints of a first application 604 and a second application 606 (respectively) to communicate directly without any interventional translation (ie, without modifying the data transfer). Logical endpoints are unaware of the underlying entity and data link transactions that occur in their respective Wi-Fi interfaces. In an exemplary embodiment, the first application 604 is coupled to a software stack of user devices and the second application 606 is coupled to a software stack (not shown) of the wireless station. In other words, the Wi-Fi pipe enables the stack of user devices (SIM/USIM cards on the user device 700) to be directly wired to the stack of wireless stations (on the wireless station 300).

As previously described (e.g., as set forth in FIG. 2 and discussed above), the wireless station is directly connected to an evolved packet core (EPC) (via, for example, security gateway 208). In an exemplary embodiment, the wireless station is configured to communicate with the LTE EPC and the UE using all or some of the existing eNB LTE software structures and entities (eg, logical channels, protocols and software stacks, RRM, etc.)

And/or interact with LTE EPCs and UEs. For example, Figure 7 illustrates several logical channels, transport channels, and physical channels of a prior art LTE radio architecture, along with corresponding protocol stack layers. Figure 8 illustrates a prior art LTE radio user plane protocol stack operating between a User Equipment (UE), an Evolved Node B (eNB), a Servo Gateway (SGW), and a PDN Gateway (PGW). Figure 9 illustrates a prior art LTE control plane protocol stack for use between a UE, an eNB, and an Mobility Management Entity (MME). Still other entities and/or logical entities (e.g., a Radio Resource Manager (RRM), etc.) may be used for eNB operations, and where the content of the present invention is presented, including or not including such entities are in the related art. Usually within the skill of the knowledger.

It is relatively simple for the wireless station to communicate with, for example, the SGW and the MME on the network side. For example, during operation, the wireless station 300 configures its Ethernet interface as a logical eNB to perform a communication protocol, thereby seamlessly integrating with existing LTE network architectures. Specifically, on the user plane, the wireless station 300 appears to the EPC as an eNB and communicates with the SGW using an agreement between the eNB and the SGW (eg, the General Packet Radio Service (GPRS) Tunneling Protocol (GTPU)). The communication is performed via the User Datagram Protocol (UDP) Internet Protocol (IP) (via the Ethernet interface 312 of the wireless station 300). On the control plane side, the wireless station 300 communicates with the MME using a protocol used between the eNB and the MME (eg, Stream Control Transmission Protocol (SCTP) S1-AP); the communication is performed via IP. Although the foregoing examples are presented with respect to the Ethernet interface of the wireless station, given the content of the present invention, those of ordinary skill in the relevant art will appreciate that other interfaces may be utilized (eg, via for wireless stations and EPCs). Any MAC (L2) and entity (L1) layers of the backbone network to perform user plane communication and control plane communication.

The interface between the example user device and the example wireless station (eg, similar to the eNB-UE interface, via Wi-Fi null mediation) needs to be modified to handle the operation by the Wi-Fi modem The difference between the two. For example, FIG. 10 illustrates an example embodiment of an LTE radio user plane protocol stack operating between a User Equipment (UE) and an Evolved Node B (eNB) in accordance with the principles set forth herein and supporting example Modification of user devices and example wireless stations. 11 illustrates an example embodiment of an LTE radio control plane protocol stack operating between a User Equipment (UE) and an Evolved Node B (eNB) in accordance with the principles set forth herein, and supporting example user equipment and examples. Modification of the wireless station.

As shown, in both Figure 10 and Figure 11, an example hybrid Wi-Fi pipe protocol stack operates under the Radio Link Control (RLC) layer, and it has used the corresponding buffer and MUX/DeMUX total The (LTE2, 1004), Wi-Fi pipe 1006, and virtualized PHY 1008, User Equipment (UE) MAC 1010, and Access Point (AP) MAC 1012 replace the LTE MAC and L1 layers.

In one embodiment, the Wi-Fi tube is coupled to a first in first out (FIFO) data buffer on both sides (eg, at user device 400 and wireless station 300) to handle arrival time issues (eg, jitter), which Scheduling problems that could have caused Wi-Fi pipe or LTE operations. In a multi-user embodiment, the station can incorporate a plurality of buffers corresponding to each user, a single buffer divided into one of a plurality of partitions for each user, and the like.

There is one RLC entity per radio bearer; this enables multiple radio bearers to isolate radio bearer performance. The LTE RLC is used to disassemble (and reassemble) data packets destined for the Packet Data Convergence Protocol (PDCP) layer into manageable sizes for Wi-Fi pipes. The LTE RLC is also used to ensure that all received packets are in order, after which they are passed to the PDCP layer. In the event that a packet is lost, the LTE RLC layer can recover the lost packet by initiating an automatic repeat request (ARQ) procedure.

There is one PDCP entity per radio bearer (this ensures isolated radio bearers) Load performance). The LTE PDCP entity is used to provide cryptographic compilation (and integrity) protection (on untrusted connections, such as Wi-Fi pipes). LTE PDCP is also used to provide Robust Header Compression (ROHC), which reduces the additional burden of transmitting small packets (further improving Wi-Fi pipe performance). Finally, the PDCP entity can provide reordering and retransmission during the handover operation.

Even though the Wi-Fi pipe 1006 and the corresponding buffer and MUX/DeMUX assemblies (1002, 1004) enable one Wi-Fi radio link between the example user and the example wireless station, higher layers (eg, RLC, PDCP) , RRM, etc.) are handled using existing LTE implementations, so virtualized PHY 1008, UE MAC 1010, and AP MAC 1012 ensure that higher layers based on LTE are unaware of Wi-Fi radio link operations. More directly, the UE MAC 1010 is simulated on the wireless station 300, and the UE MAC 1010 communicates with a virtualized PHY 1008 (VPHY) to deliver the simulated MAC PDU to the AP MAC 1012 of the wireless station under minimal intermediation conditions. . Many LTE PHY operations are not necessary, and thus the VPHY can effectively "avoid" or "disguise" irrelevant PHY operations in order for the UE MAC 1010 and AP MAC 1012 to operate properly. For example, programs associated with physical layer operations, such as random access channel (RACH), timing advance (TA), etc., are no longer needed.

In some cases, VPHY, UE MAC 1010, and AP MAC 1012 may be further optimized (because there is no actual physical propagation channel) as a "streamlined MAC" that performs successful interoperation between Wi-Fi pipes and higher layers. Minimum formatting and translation functionality required. For example, Figure 12 illustrates a conceptual architecture of the LTE MAC (UE side) (LTE MAC on the eNB side has similar functionality). MAC control operations, such as RACH, TA, channel scheduling, and discontinuous reception/transmission (DRX/DTX). These functions are handled entirely within the VPHY and can be deactivated or ignored (without executing appropriate signals or commands) or "disguised" (appropriate signals or commands are generated at appropriate times to indicate success, thereby enabling processing to continue). For example, uplink and downlink resources are granted for use by sending letters. The VPHY logic "disguises" and the VPHY logic emulates an entity that indicates that the resource is ready for use. Downstream Hybrid Automatic Repeat Request (HARQ) can be ignored when handling data packets within the VPHY (which is essentially error free and lost). Similarly, uplink HARQ may be disabled when data packet errors and loss are handled before the UE MAC (eg, via a Wi-Fi pipe). Channel multiplex and multiplex can also be ignored when a MAC Service Data Unit (SDU) (or a Protocol Data Unit (PDU) at the MAC output) can be directly passed between the UE MAC and the AP MAC via the VPHY. Other MAC related functions may also be optimized and/or ignored, including: buffer status report, power headroom report, downlink and uplink channel resource scheduling, logical channel prioritization, etc., but are not limited thereto.

The previous discussion of the example "streamlined MAC" and VPHY ("virtual" PHY) is based on the use of, for example, counters, key performance indicators (KPIs), and from lower layers to higher layers to ensure proper operation of the LTE protocol stack. Control information. It should be appreciated that certain embodiments may not require "streamlined MAC" or VPHY emulation (eg, proprietary implementations, future enhancements to existing implementations, highly optimized implementations, specialized use cases, etc.). The RLC entity at each end can pass its frame directly to each other via a Wi-Fi pipe.

Other considerations for an example Wi-Fi tube -

While the previous discussion is presented in terms of Wi-Fi pipe functionality at the MAC layer and the L1 layer, it should be appreciated that other embodiments may perform similar operations at any layer of the user device and/or the wireless station device. For example, as illustrated in FIG. 11A, the Wi-Fi pipe is implemented within one of the higher software layers of the protocol stack; that is, at the (Transmission Control Protocol/Internet Protocol) TCP/IP layer.

It will be readily apparent to those of ordinary skill in the relevant art that, given the present invention, the higher software layer of the split protocol stack can result in changes to the basic security architecture of the LTE system. For example, assume an embodiment in which a Wi-Fi pipe is inserted in a Packet Data Convergence Protocol (PDCP) In the layer, the uplink encryption and downlink decryption functions are supported in the wireless station 204 (not at the UE 206), and the uplink and downlink robust header compression (RHOC) compression and decompression functions of the PDCP layer are supported in the UE 206. In this configuration, two problems are introduced: 1) the SIM/USIM information of the UE must be provided to the wireless station 204 so that the wireless station 204 can "proxy" the UE 206; and 2) must be connected to the Wi via the radio link The -Fi pipe transmission is further encrypted as the LTE encryption provided by the SIM/USIM terminates at the wireless station 204.

With respect to "proxy", a wireless station (e.g., a Wi-Fi AP in this exemplary embodiment) 204 may incorporate one or more selected virtual (i.e., secure memory) or physical embedded or Remove the SIM/USIM module. SIM/USIM modules can be statically stylized or, in some cases, dynamically reprogrammable. The SIM/USIM module allows the wireless station 204 to proxy one or more connected UEs 206 (which can be served via Wi-Fi pipes). For example, one or more identification modules (eg, USIMs) are integrated by wireless station 204 and "attached to" (ie, a proxy) reside at one or more UE protocol stacks at wireless station 204 ( Including the PHY layer), each of the UE protocol stacks corresponds to one or more connected UEs 206. For a dynamically reprogrammable embodiment, the content of the SIM/USIM of the UE (including the key) can then be transmitted to one of the SIM/USIM modules in the wireless station (Wi-Fi AP) 204. Once the content of the UE 206 SIM/USIM is replicated in the wireless station (Wi-Fi AP) 204, the entire UE protocol stack of the UE 206 can be simulated by the wireless station (Wi-Fi AP) 204 to the Servo Gateway (S-GW). .

Once the wireless station (Wi-Fi AP) 204 has successfully connected to the S-GW, the UE can connect to the TCP/IP layer (or even higher layer) of the stack in the wireless station (Wi-Fi AP) 204 UE. Wi-Fi tube to trade data.

One of ordinary skill in the relevant art will readily appreciate that the transfer of SIM/USIM content from UE 206 to a wireless station (Wi-Fi AP) 204 should be performed via a full link. In one of this In the scheme, SIM/USIM content is securely transmitted via a Wi-Fi pipe using, for example, a PGP (Good Privacy) protocol. PGP is a well-known public key encryption scheme for securely transmitting data. The same success can be achieved with other encryption schemes, including, but not limited to, a symmetric key system, a chain based on a trusted system, and the like.

Referring now to the second problem of encrypting an example Wi-Fi pipe, since LTE encryption is terminated at the wireless station 204, the Wi-Fi pipe between the UE 206 and the wireless station 204 requires additional encryption to ensure secure transactions. In one embodiment, Wi-Fi pipe encryption may be extended based on one of the existing LTE encryption schemes; for example, during operation, LTE symmetric key encryption information may be used to generate both UE 206 and wireless station 204 locations. Key to extend symmetric key encryption via Wi-Fi pipe. In one such embodiment, the native Wi-Fi encryption algorithm and dedicated HW accelerometer (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.) are supported based on a pre-agreed protocol. Key delivery, or over-the-air download for dynamic negotiation. In this manner, the Wi-Fi encryption algorithm and the dedicated HW accelerometer can be utilized (with modifications) and/or combined with subsequent generation and associated LTE keys to enable over-the-air Wi-Fi pipe security. Finally, native LTE Non-Access Stratum (NAS) security and integrity protection can be implemented in the UE 206 by SW or HW emulation, since the data rate and body of the NAS message are actively low.

In one such embodiment, Wi-Fi pipe encryption may be based on one or more of the associated derived LTE encryption keys, and may use any secure public key based protocol (eg, the aforementioned PGP protocol). Pass (without a SIM/USIM encryption protocol) to the UE. For example, UE 206 transmits a public key to Wi-Fi AP 204, which is then used by Wi-Fi AP 204 to secure the appropriate key (eg, one or more of the associated LTE keys, etc.) Is sent to the UE 206, after which the Wi-Fi pipe security can be based on the local encryption engine via the Wi-Fi pipe and the available HW accelerator (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2 Symmetrical Key encryption.

Alternatively, in some embodiments, the UE 206 can support manual input of an encryption key, password, etc. via a suitable software user interface (UI) application for use with a native Wi-Fi pipe encryption engine. In some variations, manual authentication further enables access control for WoLTEN operations. In some cases, the "manual" input key corresponds to being set on the Wi-Fi AP 204 side (via a server or stored in one or more pre-configured wireless stations, eg, Wi-Fi AP 204). A predetermined key. In other cases, a predetermined key may be passed to the Wi-Fi AP 204 in accordance with an out-of-band process using a public key encryption scheme (e.g., PGP).

The general knowledge of the relevant art will be easy to understand, since the customer billing is based on the existing LTE certification authority and accounting (AAA), the proxy Wi-Fi AP 204 SIM/USIM operation enables the network operator to identify in Wi- Information on transactions during the Fi service period (ie, offline users of UE 206). Offline usage metrics can be used, for example, to directly bill, identify hive coverage of missing services, identify user habits and/or usage, determine unrealized revenue opportunities, and the like.

Previously, the data throughput based on Wi-Fi pipes was much larger than that required by all users in the LTE network support coverage area. Although the previous assumptions are generally true, it should be understood that in the case where the LTE network operates at one speed faster than the Wi-Fi interface, the Wi-Fi tube can be used to indicate the available capacity to the LTE network, such that the LTE network The path can make appropriate adjustments to the radio bearers (eg, limiting the resource and bandwidth allocation for each UE MAC). For example, such scenarios may occur when the wireless station provides cellular network connectivity and both legacy wireless station operations; the two functions "upper limit" can be set to a certain percentage of the station bandwidth to Make sure you fully support the two features.

Example "Wi-Fi Tube" Software Architecture -

Referring now to Figure 13, the overall protocol stacking of the user device and the wireless station is presented. Structure (both user plane and control plane). The two-way auxiliary control channel (1302, 1304) and the supporting applications and agents (1306, 1308) are collectively referred to as LTE (WoLTEN) protocol stack Wi-Fi. As shown, the WoLTEN APP (Application) 1306 resides in the User Equipment 400 and includes an LTE stack that supports Radio Link Control (RLC) Layer to Non-Access Stratum (NAS) 1314 for Control Plane Operation. And the RLC layer to Internet Protocol (IP) 1316 for user plane operations. The WoLTEN APP 1306 also includes a buffer and MUX/DeMUX 1310, as well as a WoLTEN control channel 1302 and control and operating software. The corresponding WoLTEN proxy 1308 resides in the wireless station 300 and includes LTE UE MAC, VPHY, and LTE AP MAC entities that are configured for the corresponding control plane and user plane of one or more user devices. In one embodiment, the WoLTEN proxy may also include other logical entities and/or entities (such as, for example, a Radio Resource Management (RRM), etc.) to handle additional functionality typically provided by an LTE eNB.

The WoLTEN APP 1306 and the WoLTEN proxy 1308 perform two-way communication via the WoLTEN control channel. In one embodiment, the WoLTEN control channel can be turned on or encrypted using a security protocol (eg, PGP) to exchange keys, and the exchanged key and the native encryption engine of the Wi-Fi pipe are available. HW accelerometers (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.) are used in conjunction to provide security for the WoLTEN Control Channel.

In one embodiment, the WoLTEN APP is a downloadable application (eg, purchased) and/or included in the user device during manufacture. Depending on the nature of the software implementation and accessibility for third party support of the native LTE software, the WoLTEN APP may replace the intrinsic LTE protocol stack in whole or in part during operation. For example, due to security concerns, the WoLTEN APP may have its own replica of the associated LTE protocol stack; in other embodiments, the WoLTEN APP may be used to interface with the supported LTE protocol stack.

Referring now to the buffer and MUX/DeMUX 1310, the buffer and MUX/DeMUX 1310 are used to packetize different transmit radio bearers (SRBs), data radio bearers (DRBs), control planes, user plane RLC packets, and WoLTEN control channels. Multiplexed into a single stream for delivery via the Wi-Fi tube in the uplink. On the downlink, the buffer and MUX/DeMUX 1310 are used to buffer incoming data and to demultiplex the packet into the appropriate SRB, DRB, control plane, user plane and WoLTEN control channel.

Similarly, the multi-user (MU) buffer and the MUX/DeMUX 1312 of the WoLTEN proxy are used to multiplex different users' MAC packets (including SRB and DRB) with packets from their corresponding WoLTEN control channels into a single stream. After that, it is buffered and delivered to the Wi-Fi tube for transmission to the user. On the uplink, the MUX/DeMUX 1312 is used to buffer and demultiplex the packets (from multiple users) that are delivered via the Wi-Fi pipe, and then pass them to the corresponding LTE MAC and PHY entities corresponding to the user. Each user attached to the network via the WoLTEN agent has a unique execution individual of one of the corresponding WoLTEN protocol stacks.

method-

An exemplary Wi-Fi pipe between WoLTEN APP 1306 and WoLTEN agent 1308 is self-contained. Manage Wi-Fi links without input from external entities. The WoLTEN APP and the WoLTEN agent perform two-way communication via the WoLTEN control channel, and are responsible for: a) Wi-Fi management while being in the coverage area of the AP 300, which may include: a. Configuring Wi according to radio link performance -Fi management, monitoring and maintaining the operation of Wi-Fi pipes; and b. Acquiring and configuring LTE conversations with one of the Evolved Packet Core (EPC) networks, The evolved packet core (EPC) network is used to provide sufficient throughput for the Wi-Fi pipe; b) LTE link management (to assist in the selection between the LTE interface and the Wi-Fi interface), which typically includes: a. Information transfer; b. paging channel operation; c. cell measurement and response cell reselection and handover procedure; d. radio resource control (RRC); e. security, integrity, access control (eg , via SIM); f. call control; c) mobility control; and d) WoLTEN conversation initiation; a. discovering, initiating, and configuring WoLTEN conversations (eg, for hotspots supporting both WoLTEN operations and legacy operations) ).

Some of the other entities and/or logical entities may be used in the operation, including or not including such entities within the skill of ordinary skill in the relevant art in the context of the present invention.

In more detail, the Wi-Fi pipe management controls the wireless connectivity between the user device and the wireless station. In one embodiment, Wi-Fi hotspot functionality is based on legacy components that operate according to, for example, existing IEEE 802.11n specifications; in other embodiments, Wi-Fi hotspot functionality may be integrated with WoLTEN APP and/or WoLTEN agents. Optimized for the performance of Wi-Fi pipes. For example, WoLTEN The agent can monitor the performance of the LTE network with a linearity and use the monitored performance to notify the Wi-Fi pipe to operate, for example, to improve the user's resource allocation and the like. By coordinating channel and bandwidth assignments, the WoLTEN agent can reduce the amount of buffering and/or provide better quality for services such as VoLTE (LTE voice) or VoIP (IP voice) (eg, low latency and low) Bounce) link. It should be appreciated that certain operations may not directly affect the radio link (eg, Wi-Fi registration, Wi-Fi handover, Wi-Fi power management, Wi-Fi QoS, etc.); depending on the implementation, these features may be Legacy components and/or WoLTEN APP/agent handling.

In one embodiment, the LTE network connection is based on legacy components operating according to, for example, existing LTE specifications; in other embodiments, LTE link functionality may be integrated with the WoLTEN APP and/or WoLTEN agent for optimization. Dedicated to the performance of Wi-Fi pipes. As mentioned previously, the performance of the LTE chain can be monitored to improve Wi-Fi pipe operation. Similarly, operations that may not directly affect LTE performance may be handled by legacy components or incorporated within the WoLTEN agent and/or WoLTEN APP. Common examples include: LTE network acquisition (selection and reselection), authentication, encryption, integrity protection, call control (call/conversation settings/cleanup), mobility (inter-LTE and inter-LTE handover), but not limited to this.

With regard to mobility management, one embodiment of a generalization process for discovering, initiating, and configuring a dialog is illustrated in FIG. As shown, the WoLTEN APP and/or WoLTEN agent is used to discover, initiate, and configure WoLTEN conversations and Wi-Fi pipes.

At step 1402 of process 1400, a user device discovers a consistent wireless network. The user device determines if the wireless network supports WoLTEN operation. Common examples of discovery include: decoding control broadcast, direct query, etc., but are not limited thereto.

In some variations, the wireless network is an "open" network. Open networks do not have restrictive access control (eg, authentication, authorization, etc.). In other networks, the network can It is closed, partially restricted, etc. For example, the user device may be required to prompt the user for a password, or press a button on the wireless station or the like. In still other cases, the user device may be allowed to access via an out-of-band program (eg, by an administrator to allow, etc.). Given the content of the present invention, one of ordinary skill in the art will appreciate various other suitable solutions.

At step 1404, when the user device determines that the wireless network supports the WoLTEN operation, the WoLTEN APP attempts to establish an access channel (or Wi-Fi pipe session) between the user device and a network operator via the wireless station. In one embodiment, the access channel includes a Wi-Fi tube between the user device and the wireless station. In one such example, a WoLTEN APP (or WoLTEN proxy) transmits a WoLTEN connection request via a WoLTEN control channel; the connection request includes information related to connection establishment. Common examples of information include, for example, a software version, a list of Wi-Fi and LTE neighbors, and the like.

At step 1406 of process 1400, in response to receiving the connection request, the WoLTEN agent determines if a WoLTEN connection can be established. In some cases, the WoLTEN agent may not be able to support connection requests due to resource limitations (eg, lack of memory, insufficient processing power, inability to access network operators, etc.). If the WoLTEN proxy can support the connection request, the WoLTEN proxy allocates or retains memory for the data stream buffer corresponding to the user device. In one embodiment, a portion or partition of the MU buffer and MUX/DeMUX buffer of the WoLTEN agent is reserved and a buffer ID (processor) is issued to it. The Buffer ID is provided to the WoLTEN APP, and thereafter, the User Equipment WoLTEN APP will use the Buffer ID to access/modify its corresponding WoLTEN connection (the WoLTEN Agent can handle multiple different users simultaneously).

At step 1408, if the WoLTEN connection request has been successful, the WoLTEN agent grants the connection parameters back to the WoLTEN APP via a WoLTEN connection. In one embodiment, the wire parameters include a buffer ID. Other common examples of connection parameters can include, for example, Quality of connection, maximum data rate and/or throughput, minimum data rate and/or throughput, latency, other connection restrictions (eg, QoS), etc.

At step 1410, thereafter, the user device can exchange data via the WoLTEN connection. More generally, the user device can perform "access channel" LTE operations, such as system acquisition, connection establishment, initiation, radio bearer setup, and data flow.

Figure 15 illustrates an exemplary logic flow for initiating a WoLTEN connection of one of the exemplary embodiments of a WoLTEN APP on a user device platform.

At step 1502, when the user device is first powered on or reset, the WoLTENAPP initializes and sets its internal variables and flags to a missing value (eg, resets the "LTE Flag" to "0" to indicate that there is currently no LTE. Network available).

At step 1504, after initialization, the WoLTEN APP enables the LTE modem and searches for available LTE eNBs and networks. Upon detecting a desired network and eNB, the WoLTEN APP sets the "LTE Flag" to "1" to indicate that LTE network access is available.

Before attaching to the LTE network, the WoLTEN APP attempts to search for a Wi-Fi network to try the WoLTEN operation. In general, WoLTEN is preferred for LTE access because WoLTEN operation consumes less power and/or supports higher data rates. It should be appreciated that certain other embodiments may incorporate different priority schemes.

At step 1506, the WoLTEN APP enables a Wi-Fi modem and looks for nearby Wi-Fi APs. In some cases, the WoLTEN APP may have a preferred access mode specifically for finding one of the wireless stations.

At step 1508, if a Wi-Fi access point (AP) is found, the WoLTEN APP will register in the access point. In a simple implementation, the Wi-Fi AP is an "open" model. Operation. If the WoLTEN APP cannot be registered in the Wi-Fi AP, the WoLTEN APP continues as if the Wi-Fi AP was not found. The closed Wi-Fi AP can still be accessed via an alternate access scheme (described later).

At step 1510, if the WoLTEN APP has successfully registered in the Wi-Fi AP, the WoLTEN APP will query the AP to find out if it has a suitable WoLTEN proxy. In one embodiment, the query includes a WoLTEN connection request/WoLTEN connection grant transaction. If the WoLTEN inquiry is successful, the "WoLTEN APP" can continue to acquire/register the LTE network via the Wi-Fi pipe using the wireless network connection (for example, Ethernet).

Periodically, during the WoLTEN connection, the WoLTEN APP will measure performance to determine if a preferred Wi-Fi AP or LTE eNB is available. In one embodiment, the user device may periodically power its own LTE cellular interface to perform the appropriate measurements. These measurements are reported to the LTE network; the LTE network can responsively result in a handover (HO). Exemplary measurements for HO may include: Received Signal Strength Indicator (RSSI) signal level measurement, signal to noise ratio (SNR), bit error rate (BER), etc., but are not limited thereto. Other useful information may include, for example, a list of neighbors of the LTE eNB based on measurements by the LTE PHY of the user device.

Referring back to step 1514, when no Wi-Fi network is available, but one or more LTE networks are available, the WoLTEN APP will continue to use the LTE network while continuing to look for a WoLTEN-enabled Wi-Fi AP.

Figure 16 illustrates one of the logic flows for initiating one of the WoLTEN connections of one of the exemplary embodiments of a WoLTEN proxy on a wireless station.

At step 1602, when the wireless station is first powered on or reset, the WoLTEN APP initializes and sets its internal variables and flags to a missing value (eg, "USER" is set to "0") To indicate that no user is currently accepting the service, and for a single user operation, MAX_USER is set to "1"), and proceed to turn on the Wi-Fi modem.

At step 1604, in response to receiving a WoLTEN connection request message, the WoLTEN agent determines if the connection request is serviceable. In an exemplary embodiment, the WoLTEN agent increments the USER scratchpad and verifies that the number of users has not exceeded the maximum allowed number of users. If the maximum number of allowed users is not reached, the WoLTEN agent continues to allocate buffer space on a MU buffer and MUX/DeMUX buffer, and assigns a buffer ID to the WoLTEN APP, the buffer ID is associated with a WoLTEN. The connection is passed along to the WoLTEN APP. During subsequent transactions, the WoLTEN APP is expected to use the buffer ID whenever it sends a message; in some embodiments, it may be associated with a Wi-Fi User ID (eg, the MAC address of the incoming packet) Join to extract the buffer ID.

Otherwise, if the connection request cannot be serviced (for example, the maximum number of users is reached), the new user is denied access. In some cases, an information message is sent to notify a new user of a failure (eg, system overload).

At step 1606, the WoLTEN agent initiates one of the WoLTEN protocol stacks for the new user (each WoLTEN APP requires one of the WoLTEN protocol stacks to execute the individual).

Periodically, the WoLTEN agent checks if a user has terminated a connection (step 1608). When a user has terminated a connection, the WoLTEN agent decrements the USER register and stops the corresponding WoLTEN protocol stack execution entity associated with the corresponding WoLTEN APP.

Incomming hands-off has a similar process to add a new user (see step 1604), so outgoing delivery is similar to user termination (see steps) 1608).

No SIM variants -

Various embodiments of the present invention are directed to user equipment (UE) that interfaces to a local subscriber identity module (SIM, USIM, UICC, CSIM, or RUIM). However, alternative embodiments may offload SIM functionality in so-called SIM-free operations. As used herein, the term "no SIM" generally and without limitation refers to the lack of a local user identification module (SIM, USIM, UICC, CSIM or RUIM) for, for example, software, hardware and/or firmware operations.

In a first such embodiment, a SIM/USIM module of one of the "proxy" UE protocol stacks (for an associated UE 206) is integrated within the Wi-Fi AP 204. As used in this invention, the term "agent" generally refers to the ability of a wireless station (or other intermediate node) to perform as an authorized substitute for one of the mobile devices with respect to a larger network. In one such embodiment, the PDCP layer has been functionally split and managed by a Wi-Fi pipe stack of Wi-Fi pipes. In order to support the authentication and encryption and integrity protection security requirements of the PDCP layer, the proxy UE protocol stack executed at the Wi-Fi AP 204 includes all of the affiliate software layers (eg, all LTE UE layers up to and including PDCP); The remaining software layers in this embodiment reside at the UE 206 on the user plane (which operates in a SIM-free mode). Moreover, in an exemplary embodiment, the control plane terminates at Wi-Fi AP 204.

Given the content of the present invention, one of ordinary skill in the relevant art will readily appreciate that other configurations can achieve equal success. For example, an alternative variant can set the Wi-Fi pipe inside the PDCP layer to support the uplink encryption and downlink decryption functions in the wireless station 204, and support the uplink and downlink robust headers of the PDCP layer in the SIM-free UE. Compression (RHOC) compression and decompression. Under these configurations, LTE encryption/decryption is handled at the Wi-Fi AP 204, so additional encryption is required to protect the Wi-Fi pipe transmission because the SIM-free UE and the wireless station 204 The data stream between them is no longer protected. As previously described, for example, Wi-Fi pipe encryption may be based on one or more associated/derived LTE encryption keys that may be passed to a SIM-free UE via, for example, a PGP security protocol.

In a second embodiment, an external subscriber identity module (SIM/USIM) is coupled to the UE without SIM via an available wired (eg, USB) or wireless (eg, Bluetooth) I/O. The external SIM/USIM is essentially coupled to the LTE stack of UEs without SIM.

FIG. 17 illustrates one such exemplary configuration of the external module 1700, including: a SIM/USIM 1702, a processor 1704, a non-transitory computer readable memory 1706, and a power unit (eg, battery) 1708. And an I/O communication module (for example, Bluetooth, USB, etc.) 1710. The I/O communication module, the USIM module 1700, and the SIM-free UE can be protected via, for example, two-way public key-private key encryption, symmetric key encryption (eg, a manually entered key or a pre-installed key). Safety.

During normal operation, the external module 1700 maintains an LTE evolved packet system (EPS) KASME (key) for initial authentication between the external module 1700 and the LTE network's mobility management entity (MME) via the SIM-free UE. Access Security Management Entity Encryption Key After the initial authentication process is completed, a key to the subsequent LTE EPS is derived using an existing security link (eg, via PGP encryption) (eg, KeNB (Evolved Node B Key)) CK (Cryptographic Compilation Key) and CI (Integrity Check) are securely transferred from the external module 1700 to the UE without SIM. Subsequent encryption/decryption can be handled at the SIM-free UE using, for example, one of the remaining LTE security algorithms software emulation implementations. Or, for the implementation of the PDCP layer of the SIM-free UE by the Wi-Fi AP 204, the native Wi-Fi encryption engine (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc. The LTE EPS derived keys (eg, KeNB, CK, and CI) can be utilized at Wi-Fi AP 204 and SIM-free UEs to secure Wi-Fi pipe transmissions. About non-access layer (NAS) Security and integrity protection, these functions can be implemented in SIM-free UEs (for example, in software) because NAS messages have a low data rate and body.

In some other embodiments, a LTE EPS derived key may be transmitted from the Wi-Fi AP 204 to the UE 206 using a security protocol. In addition, some variants may use a NULL encryption (i.e., no encryption) for the user plane, but use a software-based security for LTE encryption/decryption and integrity checking at SIM-free UEs. In these variations, the native Wi-Fi encryption engine (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.) may be associated with one or more LTE symmetric keys associated with/derived The key is used in combination for user plane encryption/decryption in a UE without SIM.

In a further variation, a SIM-free UE is "attached" to a connected UE 206 identification module (eg, SIM/USIM). For example, assume that a UE and a SIM/USIM have been associated with an LTE network by the same Wi-Fi AP 204. If the associated UE is connected in its RRC_IDLE mode, the WoLTEN application can trigger a state transition to RRC_CONNECTED mode (ie, initiate a valid session). Thereafter, the UE without SIM can request to share (or attach) a valid RRC connection.

In some cases, the Wi-Fi AP 204 can verify that the SIM-free UE is authorized to attach to the previously associated UE; the common authorization scheme includes a password-based scheme, user prompts (ie, prompting the use of the associated UE) Adding a UE without SIM, etc., but is not limited thereto. In the attached variant, both NAS operations and RRC operations can be controlled by the Wi-Fi AP WoLTEN agent (operating on the associated UE and/or UE without SIM) via the dedicated WoLTEN control channel via the WoLTEN APP.

If the attach operation is authorized, the Wi-Fi AP 204 can support the SIM-free UE according to a plurality of different schemes. In a first solution, if the LTE network supports dual IP stacking UEs, then Wi-Fi The AP 204 requests a new IP address for the same USIM entity (from the LTE Evolutionary Packet Core (EPC)). After obtaining the second IP address, the Wi-Fi AP 204 can set an additional bearer for the second IP address intended for the SIM-free UE and establish a second LTE UE stack (up to the IP layer). The second LTE UE stack can tunnel the appropriate IP packets to the SIM-free UE via the Wi-Fi pipe. As previously described, Wi-Fi pipe security can be implemented in a variety of scenarios. The WoLTEN network of the associated UE is completely independent of the network of the UE without SIM.

Alternatively, the associated UE and the SIM-free UE may use the same LTE UE stack to serve the two IP addresses that are subsequently relayed by the Wi-Fi pipe. In such embodiments, the IP addresses are used by the associated UE and the SIM-free UE via Wi-Fi access. More directly, the two sets of IP packets are transmitted to the associated UE and the SIM-free UE via the Wi-Fi pipe. Both the associated UE and the UE without SIM internally determine which packets are addressed to it.

In a second scenario, the attach operation is supported via the IP address of the associated UE (no other IP address is provided). In one such embodiment, the WoLTEN network uses the same bearer for both the SIM-free UE and the associated UE, but with a unique number for the SIM-free UE and associated UE. Thereafter, the IP packet can be routed to the intended UE (SIM-free UE or associated UE) via the Wi-Fi pipe. Alternatively, in another such embodiment, the WoLTEN network uses a unique number for the SIM-free UE and associated UEs, and sets an additional bearer for the SIM-free UE. In this manner, the SIM-free UE has a single protocol stack up to one of the IP levels at the Wi-Fi AP 204, and the lower level handles the selection of the appropriate IP packet via the Wi-Fi pipe to the SIM-free UE and associated UEs and transmission.

During attach operations, Wi-Fi pipe security may be populated with associated UE cryptographic information, etc., as described above. For example, Wi-Fi pipe security can be implemented based on a PGP protocol to exchange with native Wi-Fi encryption algorithms (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc. ) The key used in conjunction with. It is also possible to use a NULL encryption. User plane, but a software implementation for LTE encryption/decryption and integrity checking at SIM-free UEs, and associated with one or more of user plane encryption/decryption in UEs without SIM The LTE symmetric key uses a native Wi-Fi encryption engine (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.) in combination. In some other embodiments, the bearer associated with the associated UE may be handled in a different manner and/or utilizing one of the different stacks from the UE without the SIM.

In another variation, a SIM-free UE uses a virtual identification module to store and/or manage one or more SIM/USIM protocols. In this option, it is received and stored in one of the secure memory areas at the UE without SIM (manually via an out-of-band software process (eg, a user application), via an external SIM/USIM module, etc. A USIM KASME key along with a pre-installed authentication and key generation algorithm. After authentication, subsequent encryption and/or decryption may be handled by the UE without the SIM using, for example, any of the above processes. For example, security may be handled via a software implementation of one of the LTE algorithms and/or a native Wi-Fi encryption engine with one or more generated LTE keys for Wi-Fi pipe over-the-air security. . As previously described, since the LTE key is symmetric at the Wi-Fi AP 204 and the SIM-free UE, these keys can be generated independently at the two ends of the Wi-Fi pipe. Alternatively, the LTE keys can be transmitted from the Wi-Fi AP 204 to the UE without SIM using a PGP protocol. It is also possible to use a NULL encryption for the user plane and use a software implementation for LTE encryption/decryption and integrity checking at SIM-free UEs, as well as for users in UEs without SIM. The native encryption/decryption one or more associated LTE symmetric keys use a native Wi-Fi encryption engine (Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), WPA2, etc.) in combination. In addition, some embodiments may perform NAS security and integrity protection in a SIM-free UE software because the data rate and body of the NAS message are actively low.

It is also possible to stack all of the UEs 206 (eg, including the NAS layer) Or most of it is placed in an access point (eg, Wi-Fi AP 204). In this example, one of the UE 206 NAS's responsible authentication is placed in the UE 206 App (which is downloadable), and the UE 206 App is connected via a dedicated control channel (present between the UE 206 App and the Wi-Fi AP 204 agent) The rest of the UE 206 NAS resides within the Wi-Fi AP 204. Therefore, the proxy in Wi-Fi AP 204 must have one of the NAS portions residing in the UE 206 protocol stack (residing in Wi-Fi AP 204). Finally, the UE 206 App must have a connection to one of the portions of the NAS that resides in the UE 206. In fact, the entire UE 206 NAS entity can be maintained within the Wi-Fi AP 204 and the USIM API can be wired to the Wi-Fi AP using a control channel present between the UE 206 App and the Wi-Fi AP 204 agent. 204 UE UE in the proxy.

In one embodiment, the UE further includes a user interface application residing on the higher level operating system. In one variation, the user interface application is used to emulate the traditional hardware-based components used to process LTE voice (VoLTE) telephone calls and LTE messaging. In an exemplary embodiment, the user interface application is incorporated with one or more software based: voice codec, echo cancellation, dial pad, and the like. In one such variation, the user interface application is used to connect to a VoLTE call via the aforementioned WoLTEN network connection.

Although the foregoing exemplary embodiments and variations for SIM-free operation set forth various operations performed by associated UEs, SIM-free UEs, and Wi-Fi APs 204, in the context of presenting the present invention, related art Those of ordinary skill will additionally recognize that many LTE-specific functions are excluded by this operation and can therefore be ignored, "corrected" or otherwise optimized. For example, in one such embodiment, the UE 206 protocol stack that resides in the Wi-Fi AP 204 and the eNB protocol stack residing in the Wi-Fi AP 204 can greatly reduce PHY, MAC, RLC, and PDCP software transactions. Because these software layers are only used for LTE radio operation (and therefore incorporated by Wi-Fi pipe operation). Those of ordinary skill in the art will appreciate that a residual version of these layers can be implemented to ensure LTE

Proper end-to-end operation of the program, and/or allow the remainder of the software stack to operate with minimal impact.

For example, LTE RRC functionality on both UE and eNB software stacks may be minimized, for example, because there is no LTE radio, and thus LTE handover and measurement operations are excluded. In another such example, PDCP ROHC and/or internal encryption is not required, so a NULL encryption can be used for user plane operations. For control plane operation, any encryption and integrity protection can be performed in software for both the UE 206 and the Wi-Fi AP 204 side. As previously explained, the LTE keys generated on both the UE 206 and Wi-Fi AP 204 sides can be used in a Wi-Fi native encryption engine to authenticate users between the UE 206 and the Wi-Fi AP 204. Control plane data is encrypted. The dedicated control channel present between the UE 206 application and the Wi-Fi AP 204 proxy can be either open (unencrypted) or encrypted via a PGP key exchange between the application and the proxy.

Given the present invention, one of ordinary skill in the art will recognize numerous other schemes for implementing a hybrid access to a core network.

It will be appreciated that while certain aspects of the present invention are described in terms of a particular step of the method, these are merely illustrative of the broad methods of the invention and may be modified as needed for the particular application. In some cases, certain steps may be unnecessary or optional. In addition, some steps or functionality may be added to the disclosed embodiments, or the order of execution of two or more steps may be changed. All such variations are considered to be included within the disclosure disclosed and claimed herein.

While the above detailed description has shown, illustrated, and illustrated the invention of the embodiments of the present invention, it is understood that the claimed And various neglects, substitutions and changes in details. The above description is the best mode currently covered by the present invention. This description is not intended to be in any way limiting, but rather as an exemplification of the general principles of the invention. The scope of the invention should be referred to Apply for a patent scope to determine.

204‧‧ Wi-Fi AP

206‧‧‧User equipment

S-GW‧‧‧servo gateway

Claims (20)

A method for wireless communication using at least a first communication system and a second communication system, the first communication system having at least a first node and a second node in communication with each other, the method comprising: in the first node Performing a first portion of a plurality of layers of a first protocol stack, and causing the second node to perform a second portion of the ones of the first protocol stack; and providing one or more identification information from the first node And to the second node, wherein the one or more identification information is used in combination with the execution of the second portion of the layers of the first protocol stack in at least one of the second communication systems The first node is authenticated, and the authentication enables the second node to be connected to one of the at least one logical entity. The method of claim 1, wherein the performing the second portion of the layers of the first protocol stack within the second node comprises: coupling to the first layer of the first protocol stack of the first node One of the first parts is a Transmission Control Protocol/Internet Protocol (TCP/IP) layer. The method of claim 2, wherein the first portion of the layer of the first protocol stack executing in the first node comprises: a complementary transmission control protocol/internet protocol coupled to the second node (TCP/IP) layer. The method of claim 1, further comprising: deriving the second portion of the layers of the first protocol stack to derive one or more authentication information; and based at least on the one or more authentication information derived, The second portion of the second layer of the first protocol stack is the first link between the second node and the at least one logical entity (link) One or more data payloads are encrypted. The method of claim 4, further comprising: deriving the one or more authentication information at the first portion of the layers of the first protocol stack; and at least based on the stack also being in the first protocol stack The one or more authentication information derived at the first portion of the layer, at the first portion of the layers of the first protocol stack, one or more of the second portion of the first stack of the first agreement stack Data payloads are encrypted. The method of claim 1, further comprising receiving the one or more identification information from a subscriber identity module (SIM) not located at the first node. The method of claim 1, wherein the providing the one or more identification information from the first node to the second node is performed via at least one public key encryption scheme. The method of claim 7, wherein the public key encryption scheme comprises receiving a manually entered password from a user input. The method of claim 8, wherein the public key encryption scheme comprises extracting a predefined public key. The method of claim 1, wherein the first communication system comprises a Wi-Fi compliant network, and the second communication system comprises a Long Term Evolution with one or more eNodeB entities. The LTE) standard network, the at least one logical entity comprising at least one of the one or more eNodeB entities. A wireless station device for providing linearity with a core network, comprising: a network interface for connecting to the core network associated with a second radio technology; a radio interface for providing an open wireless network according to a first radio technology different from the second radio technology; a processor; and a non-transitory computer readable medium for data communication with the processor And including one or more instructions for, when executed by the processor, causing the wireless station device to request access to the core network in response to a user device of the open wireless network: Receiving one or more identification information from the user device; performing authentication on the core network via at least the network based on the one or more identification information, wherein the result of the authentication may derive one or more authentication keys And establishing, at least based on the one or more authentication keys, a secure link with one of the user devices via at least the open wireless network. The wireless station device of claim 11, wherein the non-transitory computer readable medium further comprises one or more instructions for causing the wireless station device to perform when executed by the processor One or more software layers are uniquely associated with the user device and the second radio technology. The wireless station device of claim 12, wherein: the one or more software layers executed simulate one or more portions of a call stack associated with the user device; and the executed One or more software layers are used to authenticate the user device to the second radio technology. The wireless station device of claim 12, wherein the one or more identification information received is received by a public key encryption; The secure link established therein is based on a symmetric key encryption. A user device for communicating with a core network via a wireless station, comprising: a radio interface for communicating with a wireless station, the wireless station for communicating with the core network; a processor; and a non-transitory computer readable device in communication with the processor and including one or more instructions for causing the user device to be executed by the processor Providing one or more identification information to the wireless station; receiving one or more authentication information from the wireless station; and establishing and communicating with the wireless station based on at least one or more keys derived from the one or more authentication information One of the safe connections. The user equipment of claim 15, wherein the identification information comprises a Long Term Evolution (LTE) evolved packet system (EPS) Key Access Security Management Entity (KASME) encryption key. key. The user device of claim 16 is further configured to authorize the use of one or more pieces of identification information by the at least one other user device. The user device of claim 17, wherein the at least one other user device shares the secure connection to the wireless station. The user equipment of claim 17 further requests an internet protocol (IP) address for the at least one other user device. The user device of claim 15, wherein the one or more identification information is provided to the wireless station by a public key encryption scheme.