CA2691502A1 - Controlling a packet flow from a user equipment - Google Patents
Controlling a packet flow from a user equipment Download PDFInfo
- Publication number
- CA2691502A1 CA2691502A1 CA 2691502 CA2691502A CA2691502A1 CA 2691502 A1 CA2691502 A1 CA 2691502A1 CA 2691502 CA2691502 CA 2691502 CA 2691502 A CA2691502 A CA 2691502A CA 2691502 A1 CA2691502 A1 CA 2691502A1
- Authority
- CA
- Canada
- Prior art keywords
- network
- recited
- logic parameter
- eps
- receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
A method, device management server, Packet Data Network Gateway (PDN
GW) and User Equipment (UE) for establishing a PDN connection having defined packet flow limitations from a UE to a PDN GW. When a misbehaving or malicious UE
is operating in the Evolved Packet System (EPS), the invention enables the UE
to retain a PDN connection with an EPS bearer open until the software in the UE has been updated. The server sends to the UE, a management object that includes a logic parameter (packet filters) for controlling a packet flow from the UE to the network, or a defined Access Point Name (APN) that enables the UE to obtain the packet filters from a PDN GW. In turn, the UE sends to the network, a request for a new PDN
connection while requesting deactivation of any previously existing PDN connections. The UE
transmits on the new PDN connection, only packets allowed by the logic parameter.
GW) and User Equipment (UE) for establishing a PDN connection having defined packet flow limitations from a UE to a PDN GW. When a misbehaving or malicious UE
is operating in the Evolved Packet System (EPS), the invention enables the UE
to retain a PDN connection with an EPS bearer open until the software in the UE has been updated. The server sends to the UE, a management object that includes a logic parameter (packet filters) for controlling a packet flow from the UE to the network, or a defined Access Point Name (APN) that enables the UE to obtain the packet filters from a PDN GW. In turn, the UE sends to the network, a request for a new PDN
connection while requesting deactivation of any previously existing PDN connections. The UE
transmits on the new PDN connection, only packets allowed by the logic parameter.
Description
Attorney Docket No. P28235CA1 CONTROLLING A PACKET FLOW FROM A USER EQUIPMENT
BACKGROUND
The present invention relates to radio telecommunication systems. More particularly, and not by way of limitation, the present invention is directed to a method, device, and node for controlling a packet flow from a User Equipment (UE) in a radio telecommunication system.
Today, several actors are involved in managing the software and hardware of a UE, such as a mobile telephone or other communication device in a wireless communication system. The software can be applications, services, and modules, including the operating system stored in and used by the UE. The UE's manufacturer typically installs a collectic,i of software in the UE at the time the device is manufactured. Later, an end user may modify the UE's software by downloading to the UE, applications and the like from different sources via, for example, the Internet. The UE's manufacturer, the operator of the communication system to which the UE is subscribed or in which the UE is visiting, and/or an authorized third party, depending on business agreements, may also remotely modify part or all of the UE's software.
After such modi'rivat'ons and in other instances, the UE may behave improperly. From a system operator's point of view, for example, improper behavior may include the UE's dim rushing the capacity of the communication system by increasing t,-ie number of ocnt,ol or other messages exchanged with the system.
Improper UE behavior can arise in a number of ways, such as unexpected interactions between software modules it, the UE, malicious software modules, and the like.
A user might down(cad a malicious or malformed application such as a Java application, which interacts with the network E: rutocol stack through open Application Programming Interfaces (APIs; in the UE.. As a result, the UE may repeatedly send service requests to an operator's n utiork.
Attorney Docket No. P28235CAl Techniques for dealing with improper UE behavior by disabling services to a UE have been discussed in standardization organizations such as the Third Generation Partnership Project (3GPP). The 3GPP promulgates specifications for the GSM
telecommunications system and its enhancements such as Enhanced Data Rates for GSM Evolution (EDGE), the universal mobile telecommunications system (UMTS), the Long Term Evolution (LTE) access network, and systems employing wideband code-division multiple access (WCDMA).
The Third Generation Partnership Project Technical Specification, 3GPP TS
24.305, describes procedures for managing settings of the UE for remotely disabling selected UE capabilities, used over a 3GPP access, i.e., a circuit-switched (CS) and packet-switched (PS) doirain over GERAN/UTRAN radio access.
The Open Mobile Alliance (OMA) has developed specifications for Device Management (DM) of communication, devices, and versions 1.1.2 and 1.2 of those specifications define a protocol for managing configuration, data, and settings in communication devices. OMA standards and other information are available at http:/Iwww.open-riobilealli-rn,.;a.org. OMA DM can be used to manage the configuration and Management Object:, (t,MOs) of UEs from the point of view of different DM
Authorities, including seetfir.g initial configuration information in UEs, subsequently updating persistent information in UEs, retrieving management information from UEs, and processing events and "::;arms generated by UEs. An MO is generally a software object that may be written, ;:}r example, according to SyncML, which is a mark-up language specification of ar XML-based representation protocol, synchronization protocol, and DM protoc:ul, L,' r:aport bindings for the protocols, and a device description frame fork for M. Using C:'.J1A DM, third parties can configure UEs on behalf of end users. A third p r y. su ;l , a network Operator, service provider, and corporate information management capartment can remotely set UE parameters and install or upgrade software through aLJtable MOs in the UE.
The Evolved Pac;.at System (EPS) has been defined since 3GPP release-8 as a system or mobile using packet data over an evolved GPRS
network. Tha core riatwc..,, an evolved UMTS packet core network and the radio
BACKGROUND
The present invention relates to radio telecommunication systems. More particularly, and not by way of limitation, the present invention is directed to a method, device, and node for controlling a packet flow from a User Equipment (UE) in a radio telecommunication system.
Today, several actors are involved in managing the software and hardware of a UE, such as a mobile telephone or other communication device in a wireless communication system. The software can be applications, services, and modules, including the operating system stored in and used by the UE. The UE's manufacturer typically installs a collectic,i of software in the UE at the time the device is manufactured. Later, an end user may modify the UE's software by downloading to the UE, applications and the like from different sources via, for example, the Internet. The UE's manufacturer, the operator of the communication system to which the UE is subscribed or in which the UE is visiting, and/or an authorized third party, depending on business agreements, may also remotely modify part or all of the UE's software.
After such modi'rivat'ons and in other instances, the UE may behave improperly. From a system operator's point of view, for example, improper behavior may include the UE's dim rushing the capacity of the communication system by increasing t,-ie number of ocnt,ol or other messages exchanged with the system.
Improper UE behavior can arise in a number of ways, such as unexpected interactions between software modules it, the UE, malicious software modules, and the like.
A user might down(cad a malicious or malformed application such as a Java application, which interacts with the network E: rutocol stack through open Application Programming Interfaces (APIs; in the UE.. As a result, the UE may repeatedly send service requests to an operator's n utiork.
Attorney Docket No. P28235CAl Techniques for dealing with improper UE behavior by disabling services to a UE have been discussed in standardization organizations such as the Third Generation Partnership Project (3GPP). The 3GPP promulgates specifications for the GSM
telecommunications system and its enhancements such as Enhanced Data Rates for GSM Evolution (EDGE), the universal mobile telecommunications system (UMTS), the Long Term Evolution (LTE) access network, and systems employing wideband code-division multiple access (WCDMA).
The Third Generation Partnership Project Technical Specification, 3GPP TS
24.305, describes procedures for managing settings of the UE for remotely disabling selected UE capabilities, used over a 3GPP access, i.e., a circuit-switched (CS) and packet-switched (PS) doirain over GERAN/UTRAN radio access.
The Open Mobile Alliance (OMA) has developed specifications for Device Management (DM) of communication, devices, and versions 1.1.2 and 1.2 of those specifications define a protocol for managing configuration, data, and settings in communication devices. OMA standards and other information are available at http:/Iwww.open-riobilealli-rn,.;a.org. OMA DM can be used to manage the configuration and Management Object:, (t,MOs) of UEs from the point of view of different DM
Authorities, including seetfir.g initial configuration information in UEs, subsequently updating persistent information in UEs, retrieving management information from UEs, and processing events and "::;arms generated by UEs. An MO is generally a software object that may be written, ;:}r example, according to SyncML, which is a mark-up language specification of ar XML-based representation protocol, synchronization protocol, and DM protoc:ul, L,' r:aport bindings for the protocols, and a device description frame fork for M. Using C:'.J1A DM, third parties can configure UEs on behalf of end users. A third p r y. su ;l , a network Operator, service provider, and corporate information management capartment can remotely set UE parameters and install or upgrade software through aLJtable MOs in the UE.
The Evolved Pac;.at System (EPS) has been defined since 3GPP release-8 as a system or mobile using packet data over an evolved GPRS
network. Tha core riatwc..,, an evolved UMTS packet core network and the radio
2 Attorney Docket No. P28235CA1 access network may be an evolved IJTRAN (E-UTRAN), a non-3GPP access network (for example WLAN), or a combination of both. The 3GPP Technical Specifications, 3GPP TS 23.401 and 3GPP' TS 24.301, describe the GPRS enhancements for E-UTRAN access.
To stay registered in the ED'S, an EPS bearer must be retained, as otherwise the EPS mobility procedures will be rejected by the EPS network, as described in 3GPP
TS 23.401. Also, as described in 3GPP TS 24.305, the OMA DM server controlling the Selective Disabling of a 3GPP UE Capabilities Management Object (SDoUE MO) needs to be able to push down updates of the MC to the UE. The push of MO updates using SMS cannot always be assumed to be available unless both the UE and the network support SMS using CS Fallback capabilities described in 3GPP TS 23.272, and even then a PS access is required to be open. Thus, the MO update may need to be sent over the PS access. Ther fore, the PS access open in the UE needs to be accessible by the OMA DM server. Co, 3equently, an EPS bearer towards a Packet Data Network (PDN) needs to be retained uuntii the softwar+ in the UE has been updated.
This may imply a risk of f".ood.ng the ri.e:twork v;ith malicious traffic if the UE has been hacked.
BRIEF SUMMARY OF THE INVENTION
The present inve:il'ion solves or at least mitigates the risk of flooding the radio access network and core network with malicious UE-initiated traffic. The invention enables the UE to retain a PDN con.-rectbn with an EPS bearer open that enables the OMA DM server to comet-n crate with thc UEI and ensure the EPS mobility procedure works. In one embodiment, ;` le inveis.tion provides the operator with the ability to provision an Access Point Name (APN) and a Traffic Flow Template (TFT) to be used until the ope.atci has ena::Iea Ui:_-ir.i,ia ed EPS services again.
in the present invention is directed to a method in a UE fcr limiting packet flo % ;Y c i the UE '.c; a communication network. The method includes the steps of -ece,, dg from the network, an instruction to activate a logic parameter fcr controlling the packet ;tow fror:i the UE to the network;
requesting configuration of a ccCnnectiori for transmitting packets to the network according
To stay registered in the ED'S, an EPS bearer must be retained, as otherwise the EPS mobility procedures will be rejected by the EPS network, as described in 3GPP
TS 23.401. Also, as described in 3GPP TS 24.305, the OMA DM server controlling the Selective Disabling of a 3GPP UE Capabilities Management Object (SDoUE MO) needs to be able to push down updates of the MC to the UE. The push of MO updates using SMS cannot always be assumed to be available unless both the UE and the network support SMS using CS Fallback capabilities described in 3GPP TS 23.272, and even then a PS access is required to be open. Thus, the MO update may need to be sent over the PS access. Ther fore, the PS access open in the UE needs to be accessible by the OMA DM server. Co, 3equently, an EPS bearer towards a Packet Data Network (PDN) needs to be retained uuntii the softwar+ in the UE has been updated.
This may imply a risk of f".ood.ng the ri.e:twork v;ith malicious traffic if the UE has been hacked.
BRIEF SUMMARY OF THE INVENTION
The present inve:il'ion solves or at least mitigates the risk of flooding the radio access network and core network with malicious UE-initiated traffic. The invention enables the UE to retain a PDN con.-rectbn with an EPS bearer open that enables the OMA DM server to comet-n crate with thc UEI and ensure the EPS mobility procedure works. In one embodiment, ;` le inveis.tion provides the operator with the ability to provision an Access Point Name (APN) and a Traffic Flow Template (TFT) to be used until the ope.atci has ena::Iea Ui:_-ir.i,ia ed EPS services again.
in the present invention is directed to a method in a UE fcr limiting packet flo % ;Y c i the UE '.c; a communication network. The method includes the steps of -ece,, dg from the network, an instruction to activate a logic parameter fcr controlling the packet ;tow fror:i the UE to the network;
requesting configuration of a ccCnnectiori for transmitting packets to the network according
3 Attorney Docket No. P28235CA1 to the logic parameter; and requesting deactivation of all other network connections.
The logic parameter may be in a management object, and may be pre-stored in the UE, or may accompany the instruction.
In another embodiment, the present invention is directed to a UE that includes means for receiving from a communication network, an instruction to activate a logic parameter for controlling a packet flow from the UE to the network; means for requesting configuration of a network connection for transmitting packets to the network according to the lcgic paj-ann ter; and mean., for requesting deactivation of all other network connectiors.
In another, embc) i -,,lent, the present invention is directed to a device management server in a c: mniunic Lion network for remotely controlling a packet flow from a mobile cornrlunJc:ation device. 7'1-,,.e server includes means for storing a management object that it c ,..des at least one of: a flag, a defined Access Point Name (APN), and a logic par., r, r for controlling the packet flow from the mobile comrnunicaticn device tc tlie. ~etv~ork; arr..', means for downloading the management object to the mobile communication device. The flag, when downloaded to the mobile communication cevica, e;a ss the device to activate the logic parameter in the management object cr to :_. `. rate a stc ed ',cgic parameter in the device.
The defined APN, when Jowri[eaded L, t is mobile communication device, causes the device to send a regaest to establish a nconnect on to the network on which packet flow from the device is controlled occ.oi,g to the logic parameter.
In -nothei omb,..d:rr,ent, t';-.e pr,23,c-rnt invention is directed to a Packet Data Network (PDN) Gateway. 'f re PDN Gateway includes means for receiving from a UE, a PDN connec'ivity eq.aes :. - t~ blish a r ew PDN connection; and means for limiting a packet flow fore the UE c', the , ,wl PCN connection according to defined parameters.
BRIEF DESC Fri?i l' ~' CF "-3E SEVERAL VIEWS OF THE DRAWING
in the follcyviv;g n ton, tl-rt irventlc::i will be described with reference to exemplary erTrborli.;rent: i :_,~~ rled ir, thÃ. %'_1!-_`S, iii which:
The logic parameter may be in a management object, and may be pre-stored in the UE, or may accompany the instruction.
In another embodiment, the present invention is directed to a UE that includes means for receiving from a communication network, an instruction to activate a logic parameter for controlling a packet flow from the UE to the network; means for requesting configuration of a network connection for transmitting packets to the network according to the lcgic paj-ann ter; and mean., for requesting deactivation of all other network connectiors.
In another, embc) i -,,lent, the present invention is directed to a device management server in a c: mniunic Lion network for remotely controlling a packet flow from a mobile cornrlunJc:ation device. 7'1-,,.e server includes means for storing a management object that it c ,..des at least one of: a flag, a defined Access Point Name (APN), and a logic par., r, r for controlling the packet flow from the mobile comrnunicaticn device tc tlie. ~etv~ork; arr..', means for downloading the management object to the mobile communication device. The flag, when downloaded to the mobile communication cevica, e;a ss the device to activate the logic parameter in the management object cr to :_. `. rate a stc ed ',cgic parameter in the device.
The defined APN, when Jowri[eaded L, t is mobile communication device, causes the device to send a regaest to establish a nconnect on to the network on which packet flow from the device is controlled occ.oi,g to the logic parameter.
In -nothei omb,..d:rr,ent, t';-.e pr,23,c-rnt invention is directed to a Packet Data Network (PDN) Gateway. 'f re PDN Gateway includes means for receiving from a UE, a PDN connec'ivity eq.aes :. - t~ blish a r ew PDN connection; and means for limiting a packet flow fore the UE c', the , ,wl PCN connection according to defined parameters.
BRIEF DESC Fri?i l' ~' CF "-3E SEVERAL VIEWS OF THE DRAWING
in the follcyviv;g n ton, tl-rt irventlc::i will be described with reference to exemplary erTrborli.;rent: i :_,~~ rled ir, thÃ. %'_1!-_`S, iii which:
4 Attorney Docket No. P28235CA1 FIG. I is a tree diagram of an enhanced Selective Disabling of 3GPP UE
Capabilities Management Object (SDoUE MO+) in an exemplary embodiment of the present invention, with nodes added by the present invention indicated in boldface type;
FIG. 2 is a flow chart illustrating the steps of an exemplary embodiment of the method of the present invention; and FIG. 3 is a simplified block diagram of a User Equipment (UE) and associated nodes in a network in an exemplary embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
For economy of w p!a.nation, this application focuses on wireless communication systems that comply with specifications promulgated by the 3GPP, but it should be understood that tin principles described in this application can be implemented in other corr.. nunication systems. It will also be understood that this description is written in terms of OMA DM, but this description should not be interpreted as being limited to OMA Dk/i. Independent of the mechanism used to disable or enable services in a UE, it iõ adva.mmragecus for the UE to be selectively controllable in a standardized way.
The pr eeser.t in,c: ,ticn updates 3(3:0711P TS 24.305 procedures to handle the difference between EP's ?P TS 24.301) and GPRS (3GPP TS 24.008). The disabling of r.EPS is Uiffere~i ~, Lha i fo:- GFR.S. In EPS, the UE can request procedures for EPS contexts, bu' only thrs network can initiate them (this, in normal cases, includes the case of deactivaJon). That fore, in exempla: y ernbodirnents of the present invention, the operator is provided ~.' The ability t:; di able mobile-requested EPS
Session Management (SM) proced .:r eau. In one embodiment, a logic parameter is downloaded to the UE, caus:r. T e JOE t.: request a new PDN connection towards the network with either a def ,- rd o r:c if th defined API` is not available for the UE. The UE
requests deacti aJc, cf ~:.!i p, cviousiy existing PDN connections, and utilizes a particular traffic flow rnappi for an EP'_, cortext that provides the network operator with control cf pac'<et accc ; from U E: applications.
0.
Attorney Docket No. P28235CA1 In another embodiment, the logic parameter causes the UE to send the defined APN in the request for a new PDN connection. The defined APN causes the network to establish the now PDN connection with a particular PDN GW, configured to control the traffic flow from the UE in accordance with the particular traffic flow mapping.
Optionally, the PDN GW rr ay push traffic flow mapping parameters to the UE.
It should be noted that in different configurations of the 3GPP network architecture, the gateway may utilize either the GPRS Tunneling Protocol (GTP) or the Proxy Mobile IP (PMIP) pro:ocol as a network mobility protocol. When GTP is utilized, it is the PDN GW that may pa traffic f'owrv mapping parameters to the UE. When PMIP
is utilized, the Serving Gb1W ::gay provide this part of the PDN GW
functionality. Thus, when the PDN GVJ is r eferred to herein the term is intended to include the functionality of pushing traffic flow mappooing pararnaters to the UE, whether the push is made by the PDN GW or by the Servirnrl W.
In another e;r bu: i nent, t, he logic parameter causes the UE to utilize an existing PDN connection tc~tvvards the network rather than establishing a new connection. Again,-n, the Ur r qur_-sts decctivation of other PDN connections, if any, and utilizes a particular traffic klov~ rmr:ppinnng for an EPS context that provides the network operator with con-ta of of p~.rh.:%: ft access from UE applications.
In anotl-:er errbor"i;nent, the OMA DM server may know that the UE includes an internal application to 13ur C that only the application(s) controlling the connection towards the OMA DM ser've', and potentially emergency calls, are allowed access to use the PS connection. Ir. case, the OMA DM server does not have to download any APN or logic parame.'. ;r to th. LIE. 'istrad, the OMA DM server may send only a flag instructir:,g the CE to r~~:t; vote the. internal application.
O; ire t` a ~E tw ,p ratcr has cc!-rtrcl of packet access from UE
applications, the operai : p ever:: a m;sbehaving UE from flooding the network with malicious or erron.;cLs trLfi:,. As part of the correction process, a device management server such as an C NIA [;,./. aerveer c.c n rush corrective software to the UE to correct or replace a corruptec arplic, tiro dosing the r;m sbehavior. In addition, the logic Attorney Docket No. P28235CA1 parameter may also limit the packet flow to a maximum data rate or a maximum packet size.
FIG. 1 is a tree diagram of an enhanced Selective Disabling of 3GPP UE
Capabilities Management C:t:,ject (SDoUE MO+) in an exemplary embodiment of the present invention, with nocar s added by the present invention indicated in boldface type.
Those skilled in the art will understand that the, modified SDoUE MO+ is a software module that includes parameters that can be used to manage settings of the UE
for remotely disabling and er.aihiing selected capabilities of the UE. The identifier for an existing SDoUE MO is "urtr:oma:mo:ext=-3gpp-sdoue:1.0". The OMA DM Access Control List (ACL) propert.; v: echanis:-n as standardized (see Enabler Release Definition OMA-ERELD-DM-\''2 [t-,~,) :r,ay be used to grant or deny access rights to OMA
DM
servers in orc'.er to rr odif ; s and !ea-,' objects of the SDoUE MO.
In an exemplar; t :. r.Lodiment of the present inventicn, the existing SDoUE
MO is enhanced to scjppCL-; i !a case of EPS with the addition of the following new nodes: EPS_SM EPS, `-11 J, iraf"icMaplaing",nfo, NumberOfPacketFilters, and PacketFilterList. When cVmnioaded to the L'E, the enhanced SDoUE MO+ adds at least the following capebi iti t~. 3 d rvice management server such as an OMA
DM
server:
1. The capta air: ,k sepa::ar:aly c'irafble UE-initiated EPS procedures such as UE-requested PDN c~u it i::c U11-- qu :sted bearer resource modification, and UE-requested PDN disoc ; li ici: r , e: well is to provide restriction to EPS
services.
2. The p. uvi:Jon z >pec;ia! APN to which the UE can set up a PDN connection. This enaul.s the ?DR Oatr:wa y (PDN GW) to restrict the UE
traffic to only traffic necessary for witl. the OMA DM server and potentially IP
Multimedia Subsystem (IMS) en-,iergency calls.
3. :~ 13---ally ii-nst,S:ii th, essential Uplink Traffic Flow Template (UL TFT) pararn,-,aers ir: -E tc res riot, thc UE's rabil:ty to send IP
packets other than those al'-owed by the for th:ae reiuired towards the OMA DM server.
If an APN in iJe i:~i t': Sr o'ti_IE V'O , the PDN connection may be estaaiished with a PDN G i' 4, L 'ha, p.'e-ccnn'i, ured with TFT-type information that can be Attorney Docket No. P28235CA1 set on the EPS bearer. However, if no APN is provided, the operator may establish the PDN connection to another PND GW utilizing a default APN.
With continuing reference to FIG. 1, the following paragraphs describe additions required to the indicated sections of 3GPP TS 24.305 in order to describe the new nodes and leaf objects of the enhanced SDoUE MO+ management object:
/<X>/EPS SM EPS
Tyre EPS Sassier Ma agernEnt (3M) pro::c.dures fo- EPS contexts (EPS_SM_EPS) inter or -.ode 11 is a flag indicating an operator's preference to enable or disable mobile-'requested EPS SM procedures for EPS contexts, i.e., UE-requested PDN connectivity, UE=-requested bearer rescurce modification, and UE-requested PDN
disconnect, as vwe?, as to r.rcvids restrir,:ion :o EPS services.
The EPS SM procedures for EPS contexts are specified in 3GPP TS 24.301 [5A].
- Occur re= ce:._e c OrOne - Forma: boor ,access Typo. Get VaL es. 0, 1 0 - lr=.dic.ate:: &:at r-, zobiie-re nested EPS SM procedures for EPS contexts are enabled and no restri,:;ticri to EPS services applies.
1 -- Indicates that mobile-requested EPS SM procedures for EPS contexts are disabled ariaa services applies.
/<X= IAP Ni The APN leaf object 12 provides the information of an access point name.
Jcc.arrcr:: . ; O 3c:r Q ~c, - Format: chr The format of tie APN is defined by 3GPP TS 23.003 [2A] in clause 9.
F
Attorney Docket No. P28235CA1 EXAMPLE: mycompany.mnc.012.rrncc340.gprs /<X>/TrafficMappirigInfo The TrafficMappingInfo interior node 13 is used to enable configuring the minimum acceptable traffic; flow template (TFT) parameters (packet filters) for EPS
context according to the operator's preference.
- Occurrence: ZeroOrOne - Fcrrr.a : node - Access Types: Get - Values: Nh4 Tha informa,:ior pr'civided'by the TrafficMappinginfo interior node is used by the UE only when, tyre EF=. M_EPS leaf value is set to "1"
/<X>,'NNu.:imiberOfR :cketFiltars The NurriaerOi '', rcketF:iltei~s leaf object 14 indicates the number of traffic filters contained in the P&.,t.etF lterl-ist leaf 15.
- Occa renice: merle - -o `rriai. int - Ac ; s s Typr_:s: et - Values: <PNumber of packet tilters>
The tvarnnbe O-~Paukeetf'iltei is an unsigned 8-bit integer, and the value range is defined as he : nin";ba a ~.,ackat fta-s parameter in the traffic flow template information element (.sec sul~E I r<se 10.5.6.1.2 in 3GPP TS 24.008 [3]).
EXAMPL _.: (acket filters) /<X>/1=`::; Fiit The Pac<:etFilt<:;rt ist Isaf object 15 provides the information of a variable number of tr,sf;c - h cir? t ,rI.
Attorney Docket No. P28235CA1 - Access 'iypes: Get - Values: <Packet filter-list information>
The Packet.FllterList is an unsigned 64-bit integer. The bit pattern shall be encoded as the packet filter list parameter in the traffic flow template information element (see subclause 10.5.6.12 in 3GPP TS 24.008 [3]) with the least significant bit in the rightmost position of the integer. For example, if the parameter is encoded into bits 6, 7, and 8 in 3GPP TS 24.008 [3], then it must be encoded into bits 1, 2, and 3 in this leaf.
FIG. 2 is a fic,iv c;.h, rt illustrating the steps of an exemplary embodiment of the method of the presein` in'jurit on. %Vhan the value of the EPS_SM_EPS leaf 11 is set to "'I", the method proceeds as follows:
At step 21, the ~; Il1A DM server sends the modified SDoUE MO+ to the UE.
At step 22, the U E inmates a new Utz.-requested PDN connectivity procedure toward the network as described in :3GPP TS 24.301 [6A]. At step 23, it is determined whether the APN leaf 12 exists i:1 the modified SDoUE MO+. If the APN leaf 12 does not exist, the method moves to stet. 24 the UE sends a PDN CONNECTIVITY REQUEST
message without a;,y APN in the message, and the network utilizes a default APN for establishing as context with a PDN GW at step 25. However, if the APN
leaf exists, the method mcr.-es instaa to step 26 where the UE sends the PDN
CONNECTIVITY PEC:UE) I ;-r. es, sag (1:11 and inclo.des the value defined in the APN leaf as the APN in the nne. sage. At step 27, the network utilizes the defined APN for establishing an ED'S cont,_--xt with a PDN GW associated with the defined APN.
Af;:r u:.c ssf,al .cr~~r~l:tio of '-,e JJE-recuested PDN connectivity procedure at step 27, it is dsterrr.i~,_:,.: step 2E w'-lsther the TrafficMappinglnfo interior node 13 exists in the mo i'-i 1 SE _ I=vMC . hEi TraficMappinglnfo interior node, as shown in FIG. 1, provides at least ioctic paiarnetc.r for controll''ng the packet flow from the UE.
If the TrafficMapping ~fc i!c e does not ::xis:, the method moves to step 29 where the UE transmits packets PUN ;:a~.~,er tlcn without filtering the packets. At step 31, the PDN GV a.;sc ci~'t.L i,ti h the d f,ned APN may optionally be configured to Attorney Docket No. P28235CAl control the traffic flow fro; ri the UE or to download to the UE, a logic parameter for controlling the traffic flow 1'rorn the UE. At step 32, the UE utilizes the logic parameter (i.e., traffic mapping information filters) to limit packet transmissions on the EPS context established by the UE-requested PDN connectivity procedure. Returning to step 28, if it is determined that the TralfiWapping Info interior node does exist in the SDoUE MO+, the method moves directly to step 32.
Furthermore, the UE continues to limit packet transmissions on the EPS
context in accordance viii; ti=ie logic parameter until the EPS_SM_EPS leaf value is reset to "0". The UE is',; vl~.~er allowed to temporarily stop using the traffic mapping information in the ,"allowing ,:;,ascs:
- upon receipt cf an OMA DM notification message indicating that the UE
shall initiate an OVA DM . c:ssiDn to the OMA DM server that either had set the disable value of the EPS_SM EPS leaf or is the one stored in the AlertServerlD leaf;
and - when the UE wishes to either establish an emergency call over IMS (if the lMS_EmergencyCuils vauurr is, set to "0") or send an OMA DM generic alert message according to sub-clause :-. ; :'A of 3G'P TS :1.4.305.
At step 3, the I-111 r; tiates the signaling procedure for UE-requested PDN
disconnection as de cribs rr, : 3GE'P TS 2+.3C 1 [SA of all previously existing PDN
connections, thus l;;av r g u;.ly t ti rre ;re, which was establ'shed by the successful completion of the UE-regi:csted PDN connectivity procedure. At step 34, the EPS
context provides inc rrefi~r~ operator wnr.';l-r (,or:trol of packet access from UE
applications. As nc= d a t i~:, rr EPS, the, UE can request procedures for EPS
contexts, but only th;e I; can ir.r-Jatr thc2rn (for normal cases, this includes the case of deactivation). T~ -,reirute, in tl 1is exemplary embodiment of the present invention, the operator is p.-ovid<:~,d W [ h :ti: a ility to dis.a!ol+~ rnob].-rec nested EPS Session Management (SfA', occ r +.~s.
It should t;; it tines inveatik:)rr is not restricted to a specific order of the PDN connectivity requeE: p, ocedure an ` tiie d ,activation of existing bearers; the only restriction is .ha t;-:,-, UE...:vv ys need to weep at 'east one PDN
connection to avoid getting deta;;h J +NUrrr the. ~..'CS. A Ui`VC ant crdcr may be required in case the UE
Attorney Docket No. P28235CA1 and/or EPS is currently using the maximum number of EPS bearers supported by the UE and/or the EPS (e.g., Mobility Management Entity (MME), Serving GW, or PDN
GW). For example, the UE may receive a rejection of an initial PDN
connectivity request, and in response, first deactivate one of the available PDN
connections to free up resources before initiating the PDN connectivity procedure for the PDN
connection to be used towards the OMA DMVI server.
FIG. 3 is a simplified block diagram of a UE 41 and associated nodes in a network 42 in an ex: rrpl, rry F;rnb~dirrrent of ti-~re present invention. For simplicity, only those components in the and those nodes :r: the network that are associated with the present inventor: are :,hc~r~n. The network includes a device management server such as an OMA DO Ser v.::, 43, the operation of which may be controlled by a processor 44. A mernory may store management objects such as the SDoUE MO+
of the present inventic-n An MO downloading unit 46 downloads the SDoUE MO+ 47 to theUE41.
Receipt of MO+ in the t;E causes a PDN connectivity request unit 48 to initiate a r,evvr I= 1]'N cc ; oti~eits procedure by sending a PDN
CONNECTIVITY
REQUEST message 191'C the . etwork X12. The network establishes a new EPS
Context 51 it firverr.: the U.- ,an.i .r PDN "Wt 52. Upon establi:.,hment of the new EPS
Context, a previous: PDN ~; ', ;n ctions d unit 53 sends a PDN disconnection request 54 to the riet~vork i., i.;c~r7; =.ct any previously established PDN
connections.
This leaves only the new EPS Context in place between the UE and the network, and packet tranEr,iissioiis irc,r:, user tit;f, o itext are controlled by the logic parameter (p3ckÃ, fiter~'~ lire SJ,;,'L'E Thus, the network has control of packet access thro,,.y"i ~~ u. n L :E ~s contrciiad by a processor 56 and applioeaicns 57.
In this rear t~.r, +.! =;: t;~,, rtt so v;s or at least mitigates the risk of flooding the radio access r :rid .=crf; retwork with malicious UE-initiated traffic.
The invention enable:.; the-e to retain a PDN connection with an EPS bearer open until the software , r. he UE. the Attorney Docket No. P28235CA1 As will be recognized by those ski!ied in the art, the innovative concepts described in the present application can be modified and varied over a wide range of applications. Accordingly, the scope of patented subject matter should not be limited to any of the specific exemplary teachings discussed above, but is instead defined by the following claims.
Capabilities Management Object (SDoUE MO+) in an exemplary embodiment of the present invention, with nodes added by the present invention indicated in boldface type;
FIG. 2 is a flow chart illustrating the steps of an exemplary embodiment of the method of the present invention; and FIG. 3 is a simplified block diagram of a User Equipment (UE) and associated nodes in a network in an exemplary embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
For economy of w p!a.nation, this application focuses on wireless communication systems that comply with specifications promulgated by the 3GPP, but it should be understood that tin principles described in this application can be implemented in other corr.. nunication systems. It will also be understood that this description is written in terms of OMA DM, but this description should not be interpreted as being limited to OMA Dk/i. Independent of the mechanism used to disable or enable services in a UE, it iõ adva.mmragecus for the UE to be selectively controllable in a standardized way.
The pr eeser.t in,c: ,ticn updates 3(3:0711P TS 24.305 procedures to handle the difference between EP's ?P TS 24.301) and GPRS (3GPP TS 24.008). The disabling of r.EPS is Uiffere~i ~, Lha i fo:- GFR.S. In EPS, the UE can request procedures for EPS contexts, bu' only thrs network can initiate them (this, in normal cases, includes the case of deactivaJon). That fore, in exempla: y ernbodirnents of the present invention, the operator is provided ~.' The ability t:; di able mobile-requested EPS
Session Management (SM) proced .:r eau. In one embodiment, a logic parameter is downloaded to the UE, caus:r. T e JOE t.: request a new PDN connection towards the network with either a def ,- rd o r:c if th defined API` is not available for the UE. The UE
requests deacti aJc, cf ~:.!i p, cviousiy existing PDN connections, and utilizes a particular traffic flow rnappi for an EP'_, cortext that provides the network operator with control cf pac'<et accc ; from U E: applications.
0.
Attorney Docket No. P28235CA1 In another embodiment, the logic parameter causes the UE to send the defined APN in the request for a new PDN connection. The defined APN causes the network to establish the now PDN connection with a particular PDN GW, configured to control the traffic flow from the UE in accordance with the particular traffic flow mapping.
Optionally, the PDN GW rr ay push traffic flow mapping parameters to the UE.
It should be noted that in different configurations of the 3GPP network architecture, the gateway may utilize either the GPRS Tunneling Protocol (GTP) or the Proxy Mobile IP (PMIP) pro:ocol as a network mobility protocol. When GTP is utilized, it is the PDN GW that may pa traffic f'owrv mapping parameters to the UE. When PMIP
is utilized, the Serving Gb1W ::gay provide this part of the PDN GW
functionality. Thus, when the PDN GVJ is r eferred to herein the term is intended to include the functionality of pushing traffic flow mappooing pararnaters to the UE, whether the push is made by the PDN GW or by the Servirnrl W.
In another e;r bu: i nent, t, he logic parameter causes the UE to utilize an existing PDN connection tc~tvvards the network rather than establishing a new connection. Again,-n, the Ur r qur_-sts decctivation of other PDN connections, if any, and utilizes a particular traffic klov~ rmr:ppinnng for an EPS context that provides the network operator with con-ta of of p~.rh.:%: ft access from UE applications.
In anotl-:er errbor"i;nent, the OMA DM server may know that the UE includes an internal application to 13ur C that only the application(s) controlling the connection towards the OMA DM ser've', and potentially emergency calls, are allowed access to use the PS connection. Ir. case, the OMA DM server does not have to download any APN or logic parame.'. ;r to th. LIE. 'istrad, the OMA DM server may send only a flag instructir:,g the CE to r~~:t; vote the. internal application.
O; ire t` a ~E tw ,p ratcr has cc!-rtrcl of packet access from UE
applications, the operai : p ever:: a m;sbehaving UE from flooding the network with malicious or erron.;cLs trLfi:,. As part of the correction process, a device management server such as an C NIA [;,./. aerveer c.c n rush corrective software to the UE to correct or replace a corruptec arplic, tiro dosing the r;m sbehavior. In addition, the logic Attorney Docket No. P28235CA1 parameter may also limit the packet flow to a maximum data rate or a maximum packet size.
FIG. 1 is a tree diagram of an enhanced Selective Disabling of 3GPP UE
Capabilities Management C:t:,ject (SDoUE MO+) in an exemplary embodiment of the present invention, with nocar s added by the present invention indicated in boldface type.
Those skilled in the art will understand that the, modified SDoUE MO+ is a software module that includes parameters that can be used to manage settings of the UE
for remotely disabling and er.aihiing selected capabilities of the UE. The identifier for an existing SDoUE MO is "urtr:oma:mo:ext=-3gpp-sdoue:1.0". The OMA DM Access Control List (ACL) propert.; v: echanis:-n as standardized (see Enabler Release Definition OMA-ERELD-DM-\''2 [t-,~,) :r,ay be used to grant or deny access rights to OMA
DM
servers in orc'.er to rr odif ; s and !ea-,' objects of the SDoUE MO.
In an exemplar; t :. r.Lodiment of the present inventicn, the existing SDoUE
MO is enhanced to scjppCL-; i !a case of EPS with the addition of the following new nodes: EPS_SM EPS, `-11 J, iraf"icMaplaing",nfo, NumberOfPacketFilters, and PacketFilterList. When cVmnioaded to the L'E, the enhanced SDoUE MO+ adds at least the following capebi iti t~. 3 d rvice management server such as an OMA
DM
server:
1. The capta air: ,k sepa::ar:aly c'irafble UE-initiated EPS procedures such as UE-requested PDN c~u it i::c U11-- qu :sted bearer resource modification, and UE-requested PDN disoc ; li ici: r , e: well is to provide restriction to EPS
services.
2. The p. uvi:Jon z >pec;ia! APN to which the UE can set up a PDN connection. This enaul.s the ?DR Oatr:wa y (PDN GW) to restrict the UE
traffic to only traffic necessary for witl. the OMA DM server and potentially IP
Multimedia Subsystem (IMS) en-,iergency calls.
3. :~ 13---ally ii-nst,S:ii th, essential Uplink Traffic Flow Template (UL TFT) pararn,-,aers ir: -E tc res riot, thc UE's rabil:ty to send IP
packets other than those al'-owed by the for th:ae reiuired towards the OMA DM server.
If an APN in iJe i:~i t': Sr o'ti_IE V'O , the PDN connection may be estaaiished with a PDN G i' 4, L 'ha, p.'e-ccnn'i, ured with TFT-type information that can be Attorney Docket No. P28235CA1 set on the EPS bearer. However, if no APN is provided, the operator may establish the PDN connection to another PND GW utilizing a default APN.
With continuing reference to FIG. 1, the following paragraphs describe additions required to the indicated sections of 3GPP TS 24.305 in order to describe the new nodes and leaf objects of the enhanced SDoUE MO+ management object:
/<X>/EPS SM EPS
Tyre EPS Sassier Ma agernEnt (3M) pro::c.dures fo- EPS contexts (EPS_SM_EPS) inter or -.ode 11 is a flag indicating an operator's preference to enable or disable mobile-'requested EPS SM procedures for EPS contexts, i.e., UE-requested PDN connectivity, UE=-requested bearer rescurce modification, and UE-requested PDN
disconnect, as vwe?, as to r.rcvids restrir,:ion :o EPS services.
The EPS SM procedures for EPS contexts are specified in 3GPP TS 24.301 [5A].
- Occur re= ce:._e c OrOne - Forma: boor ,access Typo. Get VaL es. 0, 1 0 - lr=.dic.ate:: &:at r-, zobiie-re nested EPS SM procedures for EPS contexts are enabled and no restri,:;ticri to EPS services applies.
1 -- Indicates that mobile-requested EPS SM procedures for EPS contexts are disabled ariaa services applies.
/<X= IAP Ni The APN leaf object 12 provides the information of an access point name.
Jcc.arrcr:: . ; O 3c:r Q ~c, - Format: chr The format of tie APN is defined by 3GPP TS 23.003 [2A] in clause 9.
F
Attorney Docket No. P28235CA1 EXAMPLE: mycompany.mnc.012.rrncc340.gprs /<X>/TrafficMappirigInfo The TrafficMappingInfo interior node 13 is used to enable configuring the minimum acceptable traffic; flow template (TFT) parameters (packet filters) for EPS
context according to the operator's preference.
- Occurrence: ZeroOrOne - Fcrrr.a : node - Access Types: Get - Values: Nh4 Tha informa,:ior pr'civided'by the TrafficMappinginfo interior node is used by the UE only when, tyre EF=. M_EPS leaf value is set to "1"
/<X>,'NNu.:imiberOfR :cketFiltars The NurriaerOi '', rcketF:iltei~s leaf object 14 indicates the number of traffic filters contained in the P&.,t.etF lterl-ist leaf 15.
- Occa renice: merle - -o `rriai. int - Ac ; s s Typr_:s: et - Values: <PNumber of packet tilters>
The tvarnnbe O-~Paukeetf'iltei is an unsigned 8-bit integer, and the value range is defined as he : nin";ba a ~.,ackat fta-s parameter in the traffic flow template information element (.sec sul~E I r<se 10.5.6.1.2 in 3GPP TS 24.008 [3]).
EXAMPL _.: (acket filters) /<X>/1=`::; Fiit The Pac<:etFilt<:;rt ist Isaf object 15 provides the information of a variable number of tr,sf;c - h cir? t ,rI.
Attorney Docket No. P28235CA1 - Access 'iypes: Get - Values: <Packet filter-list information>
The Packet.FllterList is an unsigned 64-bit integer. The bit pattern shall be encoded as the packet filter list parameter in the traffic flow template information element (see subclause 10.5.6.12 in 3GPP TS 24.008 [3]) with the least significant bit in the rightmost position of the integer. For example, if the parameter is encoded into bits 6, 7, and 8 in 3GPP TS 24.008 [3], then it must be encoded into bits 1, 2, and 3 in this leaf.
FIG. 2 is a fic,iv c;.h, rt illustrating the steps of an exemplary embodiment of the method of the presein` in'jurit on. %Vhan the value of the EPS_SM_EPS leaf 11 is set to "'I", the method proceeds as follows:
At step 21, the ~; Il1A DM server sends the modified SDoUE MO+ to the UE.
At step 22, the U E inmates a new Utz.-requested PDN connectivity procedure toward the network as described in :3GPP TS 24.301 [6A]. At step 23, it is determined whether the APN leaf 12 exists i:1 the modified SDoUE MO+. If the APN leaf 12 does not exist, the method moves to stet. 24 the UE sends a PDN CONNECTIVITY REQUEST
message without a;,y APN in the message, and the network utilizes a default APN for establishing as context with a PDN GW at step 25. However, if the APN
leaf exists, the method mcr.-es instaa to step 26 where the UE sends the PDN
CONNECTIVITY PEC:UE) I ;-r. es, sag (1:11 and inclo.des the value defined in the APN leaf as the APN in the nne. sage. At step 27, the network utilizes the defined APN for establishing an ED'S cont,_--xt with a PDN GW associated with the defined APN.
Af;:r u:.c ssf,al .cr~~r~l:tio of '-,e JJE-recuested PDN connectivity procedure at step 27, it is dsterrr.i~,_:,.: step 2E w'-lsther the TrafficMappinglnfo interior node 13 exists in the mo i'-i 1 SE _ I=vMC . hEi TraficMappinglnfo interior node, as shown in FIG. 1, provides at least ioctic paiarnetc.r for controll''ng the packet flow from the UE.
If the TrafficMapping ~fc i!c e does not ::xis:, the method moves to step 29 where the UE transmits packets PUN ;:a~.~,er tlcn without filtering the packets. At step 31, the PDN GV a.;sc ci~'t.L i,ti h the d f,ned APN may optionally be configured to Attorney Docket No. P28235CAl control the traffic flow fro; ri the UE or to download to the UE, a logic parameter for controlling the traffic flow 1'rorn the UE. At step 32, the UE utilizes the logic parameter (i.e., traffic mapping information filters) to limit packet transmissions on the EPS context established by the UE-requested PDN connectivity procedure. Returning to step 28, if it is determined that the TralfiWapping Info interior node does exist in the SDoUE MO+, the method moves directly to step 32.
Furthermore, the UE continues to limit packet transmissions on the EPS
context in accordance viii; ti=ie logic parameter until the EPS_SM_EPS leaf value is reset to "0". The UE is',; vl~.~er allowed to temporarily stop using the traffic mapping information in the ,"allowing ,:;,ascs:
- upon receipt cf an OMA DM notification message indicating that the UE
shall initiate an OVA DM . c:ssiDn to the OMA DM server that either had set the disable value of the EPS_SM EPS leaf or is the one stored in the AlertServerlD leaf;
and - when the UE wishes to either establish an emergency call over IMS (if the lMS_EmergencyCuils vauurr is, set to "0") or send an OMA DM generic alert message according to sub-clause :-. ; :'A of 3G'P TS :1.4.305.
At step 3, the I-111 r; tiates the signaling procedure for UE-requested PDN
disconnection as de cribs rr, : 3GE'P TS 2+.3C 1 [SA of all previously existing PDN
connections, thus l;;av r g u;.ly t ti rre ;re, which was establ'shed by the successful completion of the UE-regi:csted PDN connectivity procedure. At step 34, the EPS
context provides inc rrefi~r~ operator wnr.';l-r (,or:trol of packet access from UE
applications. As nc= d a t i~:, rr EPS, the, UE can request procedures for EPS
contexts, but only th;e I; can ir.r-Jatr thc2rn (for normal cases, this includes the case of deactivation). T~ -,reirute, in tl 1is exemplary embodiment of the present invention, the operator is p.-ovid<:~,d W [ h :ti: a ility to dis.a!ol+~ rnob].-rec nested EPS Session Management (SfA', occ r +.~s.
It should t;; it tines inveatik:)rr is not restricted to a specific order of the PDN connectivity requeE: p, ocedure an ` tiie d ,activation of existing bearers; the only restriction is .ha t;-:,-, UE...:vv ys need to weep at 'east one PDN
connection to avoid getting deta;;h J +NUrrr the. ~..'CS. A Ui`VC ant crdcr may be required in case the UE
Attorney Docket No. P28235CA1 and/or EPS is currently using the maximum number of EPS bearers supported by the UE and/or the EPS (e.g., Mobility Management Entity (MME), Serving GW, or PDN
GW). For example, the UE may receive a rejection of an initial PDN
connectivity request, and in response, first deactivate one of the available PDN
connections to free up resources before initiating the PDN connectivity procedure for the PDN
connection to be used towards the OMA DMVI server.
FIG. 3 is a simplified block diagram of a UE 41 and associated nodes in a network 42 in an ex: rrpl, rry F;rnb~dirrrent of ti-~re present invention. For simplicity, only those components in the and those nodes :r: the network that are associated with the present inventor: are :,hc~r~n. The network includes a device management server such as an OMA DO Ser v.::, 43, the operation of which may be controlled by a processor 44. A mernory may store management objects such as the SDoUE MO+
of the present inventic-n An MO downloading unit 46 downloads the SDoUE MO+ 47 to theUE41.
Receipt of MO+ in the t;E causes a PDN connectivity request unit 48 to initiate a r,evvr I= 1]'N cc ; oti~eits procedure by sending a PDN
CONNECTIVITY
REQUEST message 191'C the . etwork X12. The network establishes a new EPS
Context 51 it firverr.: the U.- ,an.i .r PDN "Wt 52. Upon establi:.,hment of the new EPS
Context, a previous: PDN ~; ', ;n ctions d unit 53 sends a PDN disconnection request 54 to the riet~vork i., i.;c~r7; =.ct any previously established PDN
connections.
This leaves only the new EPS Context in place between the UE and the network, and packet tranEr,iissioiis irc,r:, user tit;f, o itext are controlled by the logic parameter (p3ckÃ, fiter~'~ lire SJ,;,'L'E Thus, the network has control of packet access thro,,.y"i ~~ u. n L :E ~s contrciiad by a processor 56 and applioeaicns 57.
In this rear t~.r, +.! =;: t;~,, rtt so v;s or at least mitigates the risk of flooding the radio access r :rid .=crf; retwork with malicious UE-initiated traffic.
The invention enable:.; the-e to retain a PDN connection with an EPS bearer open until the software , r. he UE. the Attorney Docket No. P28235CA1 As will be recognized by those ski!ied in the art, the innovative concepts described in the present application can be modified and varied over a wide range of applications. Accordingly, the scope of patented subject matter should not be limited to any of the specific exemplary teachings discussed above, but is instead defined by the following claims.
Claims (37)
1. A method in a User Equipment (UE) for limiting packet flow from the UE to a communication network, said method comprising the steps of:
receiving from the network, an instruction to activate a logic parameter for controlling the packet flow from the UE to the network;
requesting configuration of a network connection for transmitting packets to the network according to the logic parameter; and requesting deactivation of all other network connections.
receiving from the network, an instruction to activate a logic parameter for controlling the packet flow from the UE to the network;
requesting configuration of a network connection for transmitting packets to the network according to the logic parameter; and requesting deactivation of all other network connections.
2. The method as recited in claim 1, wherein the step of receiving the instruction to activate the logic parameter includes receiving a flag to activate a previously configured internal application that triggers the requesting steps.
3. The method as recited in claim 1, wherein the step of receiving the instruction to activate the logic parameter includes receiving a flag to activate a previously stored logic parameter.
4. The method as recited in claim 3, wherein the logic parameter controls the UE to halt all applications except an application for communicating with a device management server and an application for sending emergency transmissions.
5. The method as recited in claim 1, wherein the step of receiving the instruction to activate the logic parameter includes receiving the logic parameter and a flag to activate the logic parameter.
6. The method as recited in claim 5, wherein the logic parameter and the flag to activate the logic parameter are received from a device management server.
7. The method as recited in claim 6, wherein the wherein the UE utilizes UE-requested Evolved Packet System (EPS) Session Management (SM) procedures for EPS contexts, and the device management server is an Open Mobile Alliance Device Management (OMA DM) server, and the step of receiving the logic parameter and the flag includes receiving from the OMA DM server, a modified Selective Disabling of 3GPP UE Capabilities Management Object (SDoUE MO+) that includes the logic parameter and the flag.
8. The method as recited in claim 7, further comprising, before the step of requesting configuration of the network connection, the step of verifying that the flag is set to a value that activates an EPS_SM_EPS leaf in the modified SDoUE MO+.
9. The method as recited in claim 8, further comprising the step of the UE
refraining from utilizing the UE-requested EPS SM procedures for EPS contexts until the flag is set to a value that inactivates the EPS_SM_EPS leaf in the modified SDoUE
MO+.
refraining from utilizing the UE-requested EPS SM procedures for EPS contexts until the flag is set to a value that inactivates the EPS_SM_EPS leaf in the modified SDoUE
MO+.
10. The method as recited in claim 5, Wherein the step of receiving the logic parameter and a flag includes:
receiving the logic parameter from a network gateway; and receiving the flag to activate the logic parameter from a device management server.
receiving the logic parameter from a network gateway; and receiving the flag to activate the logic parameter from a device management server.
11. The method as recited in claim 10, wherein the communication network is a Packet Data Network (PDN), and the step of receiving the logic parameter from a network gateway includes receiving the logic parameter from a PDN Gateway.
12. The Method as recited in claim 1, wherein the step of receiving the logic parameter from a PDN Gateway includes the steps of:
receiving from the device management server, a defined Access Point Name (APN); and sending the defined APN to the network in a request to establish a new PDN
connection, the defined APN causing the network to establish the new PDN
connection to a PDN Gateway configured to download the logic parameter to the UE.
receiving from the device management server, a defined Access Point Name (APN); and sending the defined APN to the network in a request to establish a new PDN
connection, the defined APN causing the network to establish the new PDN
connection to a PDN Gateway configured to download the logic parameter to the UE.
13. The method as recited in claim 12, wherein the UE utilizes UE-requested Evolved Packet System (EPS) Session Management (SM) procedures for EPS
contexts, and the device management server is an Open Mobile Alliance Device Management (OMA DM) server and the step of receiving a defined APN includes receiving from the OMA DM server, a modified Selective Disabling of 3GPP UE
Capabilities Management Object (SDoUE MO+) that includes the defined APN.
contexts, and the device management server is an Open Mobile Alliance Device Management (OMA DM) server and the step of receiving a defined APN includes receiving from the OMA DM server, a modified Selective Disabling of 3GPP UE
Capabilities Management Object (SDoUE MO+) that includes the defined APN.
14. The method as recited in claim 13, further comprising, before the step of sending the defined APN to the network, the step of verifying that the flag is set to a value that activates an EPS-_SM_ EPS leaf in the modified SDoUE MO+.
15. The method as recited in claim 14, further comprising the step of the UE
refraining from utilizing the UE requested EPS SM procedures for EPS contexts until the flag is set to a value that inactivates the EPS_SM_EPS leaf in the modified SDoUE
MO+.
refraining from utilizing the UE requested EPS SM procedures for EPS contexts until the flag is set to a value that inactivates the EPS_SM_EPS leaf in the modified SDoUE
MO+.
16. The method as recited in claim 1, wherein the step of requesting configuration of a network connection for transmitting packets to the network according to the logic parameter includes sending from the UE to the network, a request to establish a new network connection according to the logic parameter.
17. The method of claim 1, wherein the step of requesting configuration of a network connection for transmitting packets to the network according to the logic parameter includes sending from the UE to the network, a request to reconfigure an existing network connection according to the logic parameter.
18. The method as recited in claim 1, wherein the UE is a misbehaving UE in which a corrupted application triggered the network to send the instruction to activate the logic parameter, and the method further comprises receiving software from the network to repair or replace the corrupted application.
19. A User Equipment (UE), comprising:
means for receiving from a communication network, an instruction to activate a logic parameter for controlling a packet flow from the UE to the network;
means for requesting configuration of a network connection for transmitting packets to the network according to the logic parameter, and means for requesting deactivation of all other network connections.
means for receiving from a communication network, an instruction to activate a logic parameter for controlling a packet flow from the UE to the network;
means for requesting configuration of a network connection for transmitting packets to the network according to the logic parameter, and means for requesting deactivation of all other network connections.
2G. The UE as recited in claim 19, further comprising an internal application for triggering the means for requesting configuration of a network connection responsive to receiving the instruction.
21. The UE as recited in claim 19, wherein the means for receiving the instruction to activate a logic parameter is configured to receive the logic instruction from the communication network.
22. The UE as recited in claim 12, further comprising means for storing the logic parameter in an inactive state until the instruction to activate the logic parameter is received.
23. The UE as recited in claim 19, wherein the means for requesting configuration of a network connection is configured to send a request to establish a new connection to the network on which packet transmission by the UE is controlled according to the logic parameter.
24. The UE as recited in claim 19, wherein the means for requesting configuration of a network connection is configured to send a request to reconfigure an existing connection to the network on which packet transmission by the UE is controlled according to the logic parameter.
25. The UE as recited in claim 19, wherein the UE is a misbehaving UE in which a corrupted application triggered the network to send the instruction to activate the logic parameter, and the UE further comprises means for receiving software from the network to repair or replace the corrupted application.
26. A device management server in a communication network for remotely controlling a packet flow from a mobile communication device, said server comprising:
means for storing a management object that includes at least one of:
a flag;
a defined Access Point Name (APN); and a logic parameter for controlling the packet flow from the mobile communication device to the network, and means for downloading the management object to the mobile communication device;
wherein the flag, when downloaded to the mobile communication device, causes the device to activate the logic parameter in the management object or to activate a stored logic parameter in the device; and wherein the defined APN, when downloaded to the mobile communication device, causes the device to send a request to establish a new connection to the network on which packet flow from the device is controlled according to the logic parameter.
means for storing a management object that includes at least one of:
a flag;
a defined Access Point Name (APN); and a logic parameter for controlling the packet flow from the mobile communication device to the network, and means for downloading the management object to the mobile communication device;
wherein the flag, when downloaded to the mobile communication device, causes the device to activate the logic parameter in the management object or to activate a stored logic parameter in the device; and wherein the defined APN, when downloaded to the mobile communication device, causes the device to send a request to establish a new connection to the network on which packet flow from the device is controlled according to the logic parameter.
27. The device management server as recited in claim 26, wherein the means for downloading the management object is configured to download the management object in response to receiving an indication that the mobile communication device is a malicious or misbehaving mobile communication device.
28. The device management server as recited in claim 26, wherein the device management server is an Open Mobile Alliance Device Management (OMA DM) server, the mobile communication device is a user Equipment (UE) utilizing UE-requested Evolved Packet System (EPS) Session Management (SM) procedures for EPS
contexts, and the management object is a modified Selective Disabling of 3GPP
UE
Capabilities Management Object (SDoUE MO+).
contexts, and the management object is a modified Selective Disabling of 3GPP
UE
Capabilities Management Object (SDoUE MO+).
29. A network gateway, comprising:
means for receiving from a mobile communication device, a connectivity request to establish a new network connection; and means for limiting a packet flow from mobile communication device on the new network connection according to defined parameters.
means for receiving from a mobile communication device, a connectivity request to establish a new network connection; and means for limiting a packet flow from mobile communication device on the new network connection according to defined parameters.
30. The network gateway as recited in claim 29, wherein the defined parameters limit the packet flow only packets necessary to communicate with a device management server or to make emergency calls.
31. The network gateway as recited in claim 29, wherein the defined parameters also limit the packet flow to a maximum data rate or a maximum packet size.
32. The network gateway as recited in claim 29, wherein:
the gateway is a Serving Gateway that utilizes the Proxy Mobile IP (PMIP) protocol as a network mobility protocol, and the mobile device is a User Equipment (UE).
the gateway is a Serving Gateway that utilizes the Proxy Mobile IP (PMIP) protocol as a network mobility protocol, and the mobile device is a User Equipment (UE).
33. The network gateway as recited in claim 29, wherein:
the network is a Packet Data Network (PDN);
the connectivity request is a PDN connectivity request;
the gateway is a Packet Data Network Gateway (PDN GW) that utilizes the GPRS Tunneling Protocol (GTP) as a network mobility protocol; and the mobile communication device is a User Equipment (UE).
the network is a Packet Data Network (PDN);
the connectivity request is a PDN connectivity request;
the gateway is a Packet Data Network Gateway (PDN GW) that utilizes the GPRS Tunneling Protocol (GTP) as a network mobility protocol; and the mobile communication device is a User Equipment (UE).
34. The network gateway as recited in claim 33, wherein the means for limiting the packet flow includes:
means for determining whether the PDN connectivity request includes a defined Access Point Name (APN), and means for limiting the packet flow from the UE only when the PDN connectivity request includes the defined APN.
means for determining whether the PDN connectivity request includes a defined Access Point Name (APN), and means for limiting the packet flow from the UE only when the PDN connectivity request includes the defined APN.
35. The network gateway as recited in claim 34, wherein the means for limiting the packet flow from the UE only when the PDN connectivity request includes the defined APN includes packet filtering means within the PDN Gateway for limiting the packet flow from the UE.
36. The network gateway as recited in claim 34, wherein the means for limiting the packet flow from the UE only when the PDN connectivity request includes the defined APN includes means for pushing defined parameters to the UE.
37. The network gateway as recited in claim 33, further comprising means for receiving from a network manager, an instruction to limit the packet flow from the UE
according to the defined parameters.
according to the defined parameters.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/694,378 | 2010-01-27 | ||
| US12/694,378 US8289848B2 (en) | 2009-02-02 | 2010-01-27 | Controlling a packet flow from a user equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2691502A1 true CA2691502A1 (en) | 2011-07-27 |
| CA2691502C CA2691502C (en) | 2017-10-24 |
Family
ID=44318680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2691502A Active CA2691502C (en) | 2010-01-27 | 2010-02-01 | Controlling a packet flow from a user equipment |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2691502C (en) |
-
2010
- 2010-02-01 CA CA2691502A patent/CA2691502C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CA2691502C (en) | 2017-10-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9974110B2 (en) | Controlling a packet flow from a user equipment | |
| US9787483B2 (en) | Method, system, and controller for routing forwarding | |
| JP5048774B2 (en) | Selective control of user equipment performance | |
| US9420001B2 (en) | Securing data communications in a communications network | |
| US9204416B2 (en) | Gateway apparatus, control method therefor and computer program | |
| US9763176B2 (en) | Communications system | |
| AU2018234135A1 (en) | Terminal apparatus, core network apparatus, and communication control method | |
| EP3158781B1 (en) | Location information in managed access networks | |
| WO2021094236A1 (en) | Service based interface (sbi) policy control function (pcf) initiated application session context for time sensitive networking (tsn) networks | |
| US8838174B2 (en) | Device initiated card provisioning via bearer independent protocol | |
| WO2009147215A2 (en) | Device management in visited network | |
| US20230011348A1 (en) | System And Method For Subscriber Awareness In A 5G Network | |
| CA2691502A1 (en) | Controlling a packet flow from a user equipment | |
| CN108476398B (en) | Method and system for controlling the implementation of services in a mobile telecommunications network | |
| WO2024033782A1 (en) | Sepp support of disaster roaming | |
| CN117957879A (en) | Access type-based network slice access control method | |
| GB2596905A (en) | Methods for PDU session in interworking across EPS and 5GS for NB-IoT | |
| BRPI1000351B1 (en) | method on a user device to limit packet flow from user device to a communication network, and user device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |
Effective date: 20150202 |