USRE48758E1 - Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network - Google Patents

Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network Download PDF

Info

Publication number
USRE48758E1
USRE48758E1 US15/394,050 US200415394050A USRE48758E US RE48758 E1 USRE48758 E1 US RE48758E1 US 200415394050 A US200415394050 A US 200415394050A US RE48758 E USRE48758 E US RE48758E
Authority
US
United States
Prior art keywords
network
tunnel
mobile
mobile terminal
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/394,050
Inventor
Janne Rinne
Henry Haverinen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intellectual Ventures I LLC
Original Assignee
Intellectual Ventures I LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intellectual Ventures I LLC filed Critical Intellectual Ventures I LLC
Priority to US15/394,050 priority Critical patent/USRE48758E1/en
Application granted granted Critical
Publication of USRE48758E1 publication Critical patent/USRE48758E1/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/824Applicable to portable or mobile terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/82Miscellaneous aspects
    • H04L47/825Involving tunnels, e.g. MPLS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/18Negotiating wireless communication parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W72/042
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W72/00Local resource management
    • H04W72/20Control channels or signalling for resource management
    • H04W72/23Control channels or signalling for resource management in the downlink direction of a wireless link, i.e. towards a terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Definitions

  • the invention relates to the transfer of packet-switched data in a system comprising a mobile terminal, a wireless local network and a mobile network.
  • Packet-switched data transmission services have been developed for mobile terminals.
  • GPRS services General Packet Radio Service
  • GSM Global System for Mobile Communication
  • WCDMA Wideband Code Division Multiple Access
  • PDP Packet Data Protocol (PDP) contexts are generally logical connections on which IP data are transferred from a mobile station to a boundary node (Gateway GPRS Support Node or GGSN) in a GPRS/3GPP network and vice versa.
  • an IP multimedia subsystem IMS is designed in the 3GPP system for providing various IP multimedia services to 3GPP mobile stations (UE; User Equipment).
  • the IMS utilizes PDP contexts for data transfer to or from a mobile station.
  • the IMS includes functions that enable the negotiation of an end-to-end session on the application plane using the SIP protocol (Session Initiation Protocol), the features of session being for instance the codecs used, the termination points and the quality of service (QoS).
  • SIP protocol Session Initiation Protocol
  • the IMS includes a call session control function (CSCF), which includes a PDF function (Policy Decision Function) for authorizing quality of service resources (bandwidth, delay, etc.) for an IMS session based on SIP-layer SDP information (Session Description Protocol).
  • CSCF call session control function
  • Policy Decision Function Policy Decision Function
  • WLAN Wireless Local Area Network
  • a WLAN Access Gateway is a gateway via which the data to/from the WLAN Access Network is transferred to provide the MS with 3G PS based services.
  • a Packet Data Gateway is a network element providing access for WLAN roaming mobile terminals to external IP networks, including those supporting 3GPP PS (Packet-switched) domain-based services.
  • An AAA Authentication, Authorization and Accounting server may provide authentication and charging services for WLAN roaming mobile terminals.
  • the above-mentioned 3GPP specification TS 23.234 defines on page 29 that the PDG performs the functions of a service-based local policy enforcement point (PEP) and communicates with a policy decision function to allow a service-based local policy.
  • QoS interworking information may be obtained from the policy decision function.
  • IETF RFC (Request For Comments) 2753 “A Framework for Policy-based Admission Control”, R. Yavatkar et al., January 2000, describes a framework for providing policy-based control and a client-server protocol for communication between a policy server (PDP; Policy Decision Point) and its client (PPP).
  • PDP Policy Decision Point
  • PPP Policy Decision Point
  • the object of the invention is thus to provide a method and equipment for implementing the method so as to enable an enhanced data transfer method for terminals visiting a wireless local network.
  • the objects of the invention are achieved by a method, a system, a network element, a wireless terminal, and computer programs, which are characterized by what is stated in the independent claims. Some preferred embodiments are disclosed in the dependent claims.
  • end-to-end service related parameters are signalled via a separate signalling element.
  • a resource authorization identifier is received in the mobile terminal from the signalling element.
  • the resource authorization identifier is transmitted to the mobile network via the local network.
  • Authorization is requested from the signalling element by the mobile network on the basis of the resource authorization identifier.
  • a tunnel between the mobile terminal and the mobile network is bound to the end-to-end data flow of the mobile terminal on the basis of an authorization response received from the signalling element and comprising identification information on the end-to-the end data flow and tunnel identification information identifying the tunnel.
  • the advantage of the invention is that a policy authorized by a signalling element, such as a SIP end-to-end quality-of-service negotiation signalling element, may be used in a system in which the mobile terminal accesses the mobile network via a wireless local network.
  • a signalling element such as a SIP end-to-end quality-of-service negotiation signalling element
  • the authorization it is possible to achieve mapping between the data now in the system of the mobile network and the wireless local network and the end-to-end data flow.
  • the authorization may comprise information on the allowed quality of service, and the underlying data transmission resources in the system are adapted according to this QoS information.
  • FIG. 1 generally illustrates a WLAN-3GPP interworking system
  • FIG. 2 shows the WLAN-3GPP interworking protocol architecture
  • FIG. 3 is a flow diagram of an embodiment of the invention.
  • the method of an embodiment is illustrated next with reference to an exemplary WLAN-3GPP interworking system shown in FIG. 1 .
  • the invention is applicable to any packet-switched telecommunication system for mobile terminals visiting wireless local networks.
  • the method of the invention is applicable to a system in accordance with a second-generation GPRS service, for instance.
  • the local network is, in accordance with an embodiment, a wireless local area network employing user authentication and network access control according to an IEEE 802.1x standard, such as a wireless local area network according to the IEEE 802.11i standard.
  • the invention can also be applied to a system comprising another IEEE 802-based wireless local area network or some other type of local networks, typically to networks operating at un-licensed frequency bands, such as a network according to the BRAN (Broadband Radio Access Networks) standard, a Home RP network or a Bluetooth network.
  • BRAN Broadband Radio Access Networks
  • the BRAN standards comprise High Performance Radio Local Area Network HIPERLAN standards of types 1 and 2 , HIPERACCESS and HIPERLINK standards.
  • FIG. 1 wherein the main parts of a mobile system include a WLAN access network AN, a 3GPP network part PLMN comprising network elements for WLAN interworking, and a mobile station MS, also called user equipment UE in 3GPP specifications.
  • a WLAN access network AN a 3GPP network part PLMN comprising network elements for WLAN interworking
  • a mobile station MS also called user equipment UE in 3GPP specifications.
  • the WLAN-3GPP interworking specification work is not finished at the time of filing of the present application, and the basic principles of the present invention can also be applied to modified WLAN-3GPP interworking systems.
  • the WLAN access network AN and the 3GPP network PLMN can communicate over an IP-based (Internet Protocol) network (IPNW).
  • IPNW IP-based (Internet Protocol) network
  • the WLAN access network AN can operate as a UMTS access network, and it can also provide access to other networks, such as the public Internet.
  • the WLAN access network AN comprises access elements called access points AP, which provide a mobile station MS with radio access and thus terminate the broadband radio connection.
  • the access point AP controls the L 2 radio interface according to the applied radio technology, which means the IEEE 802.11 standard according to one embodiment.
  • the IEEE 802.11 specifications determine both physical-level and MAC-level protocols for data transmission over the radio interface.
  • the data transmission can utilize either infrared or two spread-spectrum techniques (Direct Sequence Spread-Spectrum DSSS, Frequency Hopped Spread-Spectrum FHSS). Both spread-spectrum techniques utilize a 2.4 GHz band.
  • the MAC layer utilizes a CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) technique.
  • the AP also manages the bridging of data streams at the radio interface or the routing thereof to and from other network nodes. It is to be noted that instead of a physical access point, WLAN base station, the term access point AP may also refer to a logical WLAN access point which may be accessed by a number of WLAN base stations.
  • the WLAN access network AN may also comprise further WLAN related network elements, such as a control element or a gateway element GW.
  • the 3GPP network PLMN may comprise a UMTS terrestrial radio access network UTRAN and a UMTS core network CN, or at least some functionality thereof (not shown in FIG. 1 ).
  • the following describes network elements related to WLAN-3GPP interworking.
  • the 3GPP network PLMN comprises an Authentication, Authorization and Accounting (AAA) server AS, which may provide authentication services and preferably also charging services. Therefore, 3GPP network subscriber data and authentication services can be used for mobile stations MS roaming in the WLAN network AN and comprising a UMTS subscriber identity module USIM and/or a (GSM) SIM.
  • a mobile station MS user does not necessarily have to have a contract made in advance with the WLAN network AN operator.
  • an MS can be charged for the wireless connection provided by the WLAN network AN later on via the PLMN.
  • the AAA server AS is shown as a separate element in FIG. 1 , it can be implemented as part of a PLMN network element.
  • a HLR/HSS Home Location Register/ Home Subscriber Server located within the 3GPP subscribers home network is the entity containing the authentication and subscription data required the 3GPP subscriber to access WLAN interworking services.
  • the HLR/HSS includes for example information on the quality of service allowed to a subscriber (user profile) and information for the use of services provided by the IMS.
  • the AS communicates authorization information to WLAN and maintains information on the status of the WLAN mobile stations MS.
  • the roamed network must communicate with the HPLMN for purposes of authentication and charging.
  • the HPLMN comprises the HLR/HSS, and typically also an authentication centre AuC calculating authentication vectors.
  • An AAA proxy may relay inhumation between the WLAN and the AAA server.
  • AS and carry out subscriber management-related actions in the roamed network.
  • FIG. 1 does not show any other HPLMN elements, such as the 3GMSC or the SGSN, via which the connection to the HER/AuC is typically set up.
  • the 3GPP specifications also refer is to the roamed network as a serving network (SN) and to the HPLMN as merely a home network (HN).
  • a packet Data Gateway PDG is a network element providing access for WLAN roaming mobile stations MS to external IP networks, including those supporting 3GPP PS Domain based services.
  • the packet data gateway PDG operates as a gateway between the packet radio system of the UMTS network and an external packet data network PDN.
  • External data networks include for instance the UMTS or GPRS network of another network operator, the Internet or a private local area network.
  • the mobile station MS may be a mobile phone, a table computer with a. WLAN radio interface adapter, or a PDA device, for instance. There may be mobile stations MS of diffemat classes according to their capabilities. The MS may support data transfer via the WLAN access network AN, UTRAN, and/or some other network such as the BSS of GSM, even substantially simultaneously.
  • the mobile station MS is equipped with an IC card including a (U)SIM utilized by a 3GPP subscriber to access the WLAN network for 3GPP interworking purposes.
  • the WLAN Access Gateway WAG is a gateway via which the data to/from the WLAN Access Network AN is transferred to provide the MS with 3G PS based services.
  • the WLAN Access Gateway resides in the VPLMN in the roaming case, and in the HPLMN in the non-roaming case.
  • the WAG allows a visited 3GPP network PLMN to generate charging information for users accessing via the WLAN AN in the roaming case, enforces the routing of packets through the PDG, performs collection of per tunnel accounting information, and filters out packets based on unencrypted information in the packets.
  • the WAG will forward packets only if they are part of an existing tunnel or expected messages from the MS (service requests and tunnel establishment messages).
  • WLAN/3GPP interworking related network elements For a more detailed description of various. WLAN/3GPP interworking related network elements, reference is made to 3GPP specification TS 23.234, v, 6.0.0, “3GPP to Wireless Local Area Network (WLAN) interworking. System description (Release 6)”, March 2004.
  • a 3GPP packet data system may also comprise many other functions, such as a service control function SCP for intelligent network services, and a charging gateway CGF attending to charging.
  • the WLAN-3GPP interworking system supports at least some IMS related features.
  • FIG. 1 illustrates a call session control function CSCF, which may have three different roles; Proxy-CSCF (P-CSCF) which comprises a PDF funtion and transfers SIP messages to other SIP network elements; Interrogating-CSCF (1-CSCF) which is a subscriber home network contact point and determines the serving CSCF (S-CSCF) and forwards SIP requests to the S-CSCF; S-CSCF which is a CSCF controlling the end-to-end session of a mobile station.
  • Proxy-CSCF Proxy-CSCF
  • Interrogating-CSCF (1-CSCF) which is a subscriber home network contact point and determines the serving CSCF (S-CSCF) and forwards SIP requests to the S-CSCF
  • S-CSCF which is
  • IMS IP Multimedia Subsystem
  • the mobile station MS has to perform a WLAN technology-specific access procedure, making the location of the MS known at the selected WLAN network AN.
  • the MS performs an association procedure.
  • the MS is then able to communicate with an access point AP of the WLAN network.
  • PLMN network selection for the MS may be carried out.
  • Network selection and advertisement procedures are described in Chapter 5.4 of the 3GPP TS 23.234.
  • An authentication procedure may be initiated by the MS by sending a network access identifier (NAI) to the WLAN AP which determines the correct (home) AAA server AS and forwards the authentication request to the correct AAA server AS.
  • NAI network access identifier
  • the WLAN authentication and authorization by the 3GPP AAA server involves the use of an EAP (Extensible Authentication Protocol) Authentication and Key Agreement (AKA) procedure.
  • the WLAN mobile station MS uses the NAI as identification towards the 3GPP, WLAN AAA server AS.
  • the subscriber identity module (SIM) information and corresponding information in. HLR may be used. If the authentication is successful, the MS may register as a WLAN user to the 3GPP network PLMN. More details on WLAN access and authorization are described in Chapter 7.2 of the 3GPP TS 23.344 specification.
  • a registered mobile station MS has to activate at least one tunnel. This makes the MS known to the PDG and creates a logical data transfer context at the mobile station MS, the WAG and the PDG.
  • the protocol stack between the MS and the PDG is illustrated in FIG. 2 .
  • a remote IP address identifying the mobile station MS which could be an IPv4 or IPv6 address, is defined for the MS.
  • a local IP address of the MS identifies the WLAN MS in the WLAN AN, i.e. the local IP address is used at the Transport IP layer.
  • the remote IP address can be assigned by the home-PLMN, visited-PLMN or an external IP network.
  • the remote IP address is defined in tunnel information maintained by the PDG.
  • the tunnel establishment is not coupled to WLAN access authentication/authorization.
  • the WLAN UE may establish several tunnels in order to access several external IP networks simultaneously. External IP network selection is performed as part of the establishment of each tunnel, and the mobile station MS may indicate a preferred WLAN access point name (W-APN).
  • W-APN WLAN access point name
  • the PDG comprises a PEP function (Policy Enforcement Point) similar to that of the 3GPP IMS system.
  • PEP function Policy Enforcement Point
  • the PEP function controls the offering of quality-of-service resources to the data flow according to the authorization received from the PDF.
  • the PDF For binding the authorization decision, the PDF creates a resource authorization identifier, which may be referred to as an authorization token as in the IMS system, for the session and transmits it to the mobile station MS.
  • the mobile station MS When the tunnel is being established, the mobile station MS is configured to send to the PDG an authorization token and at least one flow identifier that constitute binding information.
  • the flow identifier identities the IP media flow associated with the SIP session. There may be a flow identifier for each media component that is to be transferred end to end.
  • The. PDG requests authorization for allocating resources to the session indicated by the binding information from the PDF, which is located at the P-CSCP (Proxy CSCF).
  • the PDF functionality makes a final decision on resource allocation to the session and responds to the PDG.
  • the PDG arranges binding for the external data flow to a tunnel between the MS and the PDG.
  • the gating/filtering functionality offered by the PEP thus tends to identify a given flow or a group of flows by including information about possible header fields in the form of a set of packet filter parameters, i.e. packet filters.
  • the PEP may be arranged to directly map the data flows received from external networks into the correct tunnels on the basis of the packet filters, one or more packet classification parameters (e.g. destination gate/source IP address) being specified in a packet filter.
  • the packet filter(s) may be completely defined, when establishing the logical application-plane connection for the data flow, from identifying identifiers at the P-CSCF element (PDF function), and transferred to the PDG (PEP function).
  • PDF function P-CSCF element
  • PDP function PDG
  • the PEP function may determine a gate by the packet filters for the data flow which it binds to at least one tunnel based on a tunnel identifier. Packet filters could be tunnel-specific, whereby each packet filter is bound to one tunnel.
  • FIG. 3 shows a signalling diagram illustrating in more detail the establishment or modification of a tunnel between the MS and the PDC when applying a service-based local policy in accordance with a preferred embodiment of the invention.
  • the P-CSCF receives 301 a SIP SDP message including the necessary information about the application-plane session to be set up, such as termination points and the bandwidth requirement.
  • the message 301 may originate for instance from another CSCF element (S-CSCF) because of a session invite request from another party to the application-plane logical connection or the mobile station MS.
  • S-CSCF CSCF
  • the PDF function authorizes the quality of service resources (bandwidth, delay, etc.) for the IMS session based on the SDP information.
  • the PDF creates an authorization token for the session and sends 302 the authorization token in an SDP message to the mobile station MS.
  • PDF P-CSCF
  • the mobile station MS comprises a translation/mapping function adapting 303 the application-plane (or IP-plane) quality of service requirements to the WLAN-3GPP interworking system quality of service parameters, i.e. it specifies the QoS parameters to be requested for the tunnel for user data transmission.
  • the mobile station MS sends 304 to the selected PDG a tunnel establishment or modification request including not only the conventional data of a tunnel establishment request but also an authorization token and at least one flow identifier, in one embodiment the tunnel identifier.
  • the mobile station MS does not itself adapt the QoS requirements but the network, preferably the PDG, does the adaptation.
  • the tunnel establishment message 304 does not specify any MS determined QoS parameters;
  • no QoS requirement information is sent from the MS but the PDG determines the QoS on the basis of the authorization from the PDG.
  • the PDG receives the request 305 and determines the appropriate P-CSCF (PDF) on the basis of the authorization token.
  • PDF P-CSCF
  • the PDG transmits 306 a request to authorize the required resources to the PDF functionality of the P-CSCF indicated by the authorization token. This request comprises the binding information.
  • the PDF of the P-CSCF finds the IP flow information corresponding to the request 306 , it makes the final decision about allocating resources to the session.
  • the PDF transmits 307 a response including the policy to the PDG.
  • the authorization response includes an authorization token, at least one packet classification parameter (packet classifier) negotiated on the application plane and intended as the filter, and QoS information (maximum QoS).
  • the PDG typically responds 308 to the decision message 307 . If the PDF allows resource allocation, the PDG may then bind the information in the authorization response to an identifier referring directly or indirectly to a tunnel, i.e. to a tunnel already existing or being established between the MS and the PDG.
  • the tunnel between the mobile terminal and the mobile network is thus bound to the end-to-end data flow of the mobile terminal on the basis of the authorization response received 307 from the signalling element and comprising identification information on the end-to-end data flow (for instance the source IP address) and tunnel identification information identifying the tunnel.
  • the PDG can thus arrange a tunnel between the MS and-the PDG provided-with properties in accordance with the authorization 307 and the request 304 .
  • the PDG may check, based on the quality of service information received from the PDF, that the quality of service requested for the tunnel does not exceed the quality of service negotiated on the application plane and authorized by the PDF.
  • the PDG comprises a translation/mapping function which adapts the authorized QoS information to appropriate QoS parameters in the WLAN-3GPP interworking system.
  • Underlying WLAN and/or 3GPP connection resources may be reserved ( 309 ) in accordance with the quality of service adapted by the WLAN-3GPP interworking system, preferably by the PDG, from the quality of service parameters of the IP plane or application plane of the mobile station MS (unless the PDG has had to restrict the requested quality because of subscriber data or its own resource limitations, for example).
  • the PDG may in one embodiment generate 309 a logical gate, which implements access control according to the decision of the PDF based on the at least one packet classification parameter obtained from the PDF as its packet filter parameter for one or more tunnels to the MS.
  • the packet classifier may be based on the IP-address and port number, for instance.
  • the gate is bound 309 to the tunnel being established based on a (tunnel) identifier distinguishing it from other tunnels. Other information received from the PDF may also be stored in the PDG.
  • the PDG sends a response 310 to the WAG; however, such response may be not necessary.
  • the PDG may transmit information (possibly via the AAA proxy) for arranging filtering in the WAG according to the policy authorized by the PDF.
  • the WAG may arrange filtering based on this information.
  • the WAG may initiate the establishment of a radio network service, whereby a new WLAN-3GPP bearer is set up or modified 311 for the mobile station MS. If the requested QoS attributes cannot be provided for instance on the basis of the subscription, the WAG informs this to the PDG, which confirms new QoS attributes.
  • the WAG sets the packet flow identifier and the radio priority in accordance with the negotiated QoS and responds 312 to the mobile station MS.
  • the QoS resources are arranged locally in the WLAN network AN on the basis of the information from the PDG.
  • the QoS may be arranged locally by WSM (Wi-Fi Scheduled Multimedia) being specified for IEEE 802.11e technology.
  • the mobile station MS updates its connection information with the tunnel and the WLAN-3GPP hearer.
  • the MS is now able to send and receive data packets of the logical connection negotiated on the application plane and use the tunnel.
  • an application of the mobile station MS or the entity reserving quality of service for it is still able to send the necessary messages to finally activate the end-to-end session.
  • an application using the RSVP protocol may send and receive RSVP path and RSVP response messages, based on which the underlying WLAN-3GPP interworking system transmission resources can also be updated.
  • other features may be performed in the WLAN-3GPP interworking system during tunnel establishment/modification.
  • the PDG contacts the AAA server AS for authorization of the MS.
  • the PDG is then able to transfer received downlink packets fulfilling the filter conditions defined for the gate to the mobile station using the tunnel that is associated with the gate.
  • a packet is received 313 from an external packet data network, its header fields are checked 314 .
  • the PDG compares the header fields of the packets received from the external IP network PDN with the packet classifiers of the gates, based on which the PDG knows if the packets can be forwarded to the terminal, and, if so, which tunnel is to be applied to each IP packet. If a gate is found, whose packet classifiers the packet corresponds to, i.e.
  • the PEP determines the identifier of the tunnel associated with the gate and directs 315 the packet to be transferred in accordance with the tunnel and the underlying WLAN network resources defined therein. If the packet identifiers do not conform to the filter conditions bound to the tunnel, the packet cannot be transferred by means of the tunnel. It is to be noted that the messages illustrated in FIG. 3 are only one example of arranging the data transmission and the ongoing 3GPP-WLAN development work may lead to another kind of network structure/signalling arrangement.
  • the features illustrated in association with FIG. 3 can also be utilized such that the tunnel arranged for signalling connectivity to the P-CSCF is also utilized for user data transmission between the MS and the PDG, whereby no tunnel establishment messages are required but instead messages of other type may be used between the MS and the PDG.
  • a first tunnel between the mobile station MS and a first network element (PDG) of the mobile network is established for end-to-end service parameter signalling (via the P-CSCF), and a second tunnel between the mobile station MS and a second network element of the mobile network (another PDG) is established for user data transmission after the reception of the (resource authorization) identifier.
  • tunnels are IPSec tunnels and identified by at least one IPSec tunnel specific identifier which may be used when binding authorization (and the classification parameters thereof) to the tunnel and when arranging underlying data transmission resources.
  • the IPSec tunnel may be established between the MS and the PDG by utilizing the IKE (Internet Key Exchange) protocol.
  • IKE Internet Key Exchange
  • the MS and the PDG perform a key exchange by Diffie-Hellman procedure and generate an IKE security association.
  • the IKE security association is authenticated by using an EAP (Extensible Authentication Protocol) SIM or EAP AKA (Authentication and Key Agreement) procedure.
  • EAP Extensible Authentication Protocol
  • SIM EAP AKA (Authentication and Key Agreement) procedure.
  • CHILD SAs separate security associations are negotiated for user traffic. These associations are referred to as CHILD SAs.
  • the SIP signalling could have a specific CHILD AS, and no policy control would be needed for the SIP signalling.
  • the token could be transferred to the mobile station (step 302 in FIG.
  • the token transferred from the mobile station MS to the PDG is included in a field of a CREATE CHILD AS negotiation message used for negotiating security association between the MS and the PDG.
  • One or more new data fields can be reserved in these messages for transferring the token.
  • INFORMAL negotiation of the IPsec is used to deliver the parameters required for arranging the policy control by the PDG. These parameters can be associated with an earlier negotiated CHILD SA which could be the one already negotiated for the SIP session.
  • the token could be bound to a CHILD AS security association identified by an SPI (security parameter index) and possibly with the mobile station's and/or PDG's IP address.
  • SPI security parameter index
  • This SPI is also included in user-plane packets of the IPsec ESP (encapsulating security payload) or AH protocols.
  • different media types/components are allocated with different flow identifiers.
  • the mobile terminal MS may in step 303 generate the flow identifiers for the media types.
  • the request for establishing/modifying the tunnel may thus comprise more than one flow identifier possibly relating to the same token.
  • the tunnel and/or underlying connection reservations may also be modified later.
  • the features illustrated above are applicable between the MS and PDGs in the home PLMN or in visited PLMN.
  • the authorization token is sent using an already established tunnel, i.e. the end-to-end QoS adaptation based an the authorization of the PDF is separate from the tunnel establishment procedure and the data transmission resources in WLAN network AN and/or the PLMN may be adapted according to the authorization.
  • the authorization identifier from the PDF may be some other identifier than the authorization token or that the authorization token may differ in contents from that for GPRS services. Further, for non-session based applications some binding information may be used.
  • the invention can be implemented in a mobile station and in network elements (in an embodiment, in the mobile station MS and in the PDG) by respective computer program codes executed in a processor of the respective device.
  • Computer program codes can be received via a network and/or be stored in memory means, for instance on a disk, a CD-ROM disk or other external memory means, from which they can be loaded into the memory of the processing device.
  • Hardware solutions or a combination of software and hardware solutions may also be used.
  • a chip unit or some other kind of module for controlling the network element (or the mobile station MS) may in one embodiment cause the device to perform the inventive functions in the network element (or the mobile station MS).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method of arranging the transmission of packet data in a system comprising a mobile terminal, a wireless local network and a mobile network that includes end-to-end service related parameters that are signalled via a separate signalling element. A resource authorization identifier is transmitted to the mobile network via the local network. Authorization is requested from the signalling element on the basis of the resource authorization identifier. A tunnel between the mobile terminal and the mobile network is bound to the end-to-end data flow of the mobile terminal on the basis of an authorization from the signalling element and tunnel identification information identifying the tunnel.

Description

CROSS-REFERENCE TO RELATED PATENT APPLICATION
This application is a Broadening Reissue of U.S. Pat. No. 8,923,256 (previously U.S. patent application Ser. No. 10/538,420, filed Oct. 11, 2006), which is the National Stage of International Application No. PCT/FI2004/00386, International Filing Date, Jun. 24, 2004, which designated the United States of America, the disclosures of which are hereby incorporated by reference in their respective entireties.
BACKGROUND OF THE INVENTION
The invention relates to the transfer of packet-switched data in a system comprising a mobile terminal, a wireless local network and a mobile network.
Packet-switched data transmission services have been developed for mobile terminals. GPRS services (General Packet Radio Service) are widely used in terminals supporting the GSM Global System for Mobile Communication (GSM) radio technology and packet-switched services of the 3GPP system (Third-Generation Partnership Project) based on the WCDMA (Wideband Code Division Multiple Access) radio technology are also based on GPRS General Packet Radio Services (GPRS). PDP Packet Data Protocol (PDP) contexts are generally logical connections on which IP data are transferred from a mobile station to a boundary node (Gateway GPRS Support Node or GGSN) in a GPRS/3GPP network and vice versa. Different PDP contexts may be provided with different quality of service (QoS) properties, thereby enabling optimal transmission of time-critical or error-critical data, for instance. In addition, an IP multimedia subsystem IMS is designed in the 3GPP system for providing various IP multimedia services to 3GPP mobile stations (UE; User Equipment). The IMS utilizes PDP contexts for data transfer to or from a mobile station. The IMS includes functions that enable the negotiation of an end-to-end session on the application plane using the SIP protocol (Session Initiation Protocol), the features of session being for instance the codecs used, the termination points and the quality of service (QoS). For arranging the negotiated end-to-end quality of service also in the 3GPP network, a service based local policy (SBLP) is applied. The IMS includes a call session control function (CSCF), which includes a PDF function (Policy Decision Function) for authorizing quality of service resources (bandwidth, delay, etc.) for an IMS session based on SIP-layer SDP information (Session Description Protocol).
Besides access via the conventional access networks of the PLMN (Public Land Mobile Network) networks, such as the BSS (Base Station Sub-system) of the GSM, a need has also risen to allow access to the services of a PLMN by local networks primarily targeted at providing high speed data transmission in a limited area, such as in on office building. WLAN (Wireless Local Area Network) technologies are very popular today and standardization work has been done in 3GPP to define WLAN-3GPP interworking. This interworking may include the usage of 3GPP subscriber management procedures, such as authentication and charging procedures, as well as data transmission via the 3GPP core network for mobile terminals in a WLAN network. The basic concept is to provide a 3GPP subscriber with access via a WLAN network, also when roaming abroad. 3GPP specification TS 23.234 “3GPP system to Wireless Local Area Network (WLAN) interworking”, version 6.0.0, March 2004, defines the system description for WLAN-3GPP interworking.
For WLAN interworking, the 3GPP network is provided with some new network elements or entities. A WLAN Access Gateway (WAG) is a gateway via which the data to/from the WLAN Access Network is transferred to provide the MS with 3G PS based services. A Packet Data Gateway (PDG) is a network element providing access for WLAN roaming mobile terminals to external IP networks, including those supporting 3GPP PS (Packet-switched) domain-based services. An AAA (Authentication, Authorization and Accounting) server may provide authentication and charging services for WLAN roaming mobile terminals.
It is desirable that end-to-end QoS negotiation also be provided for mobile terminals roaming in WLAN networks. The above-mentioned 3GPP specification TS 23.234 defines on page 29 that the PDG performs the functions of a service-based local policy enforcement point (PEP) and communicates with a policy decision function to allow a service-based local policy. QoS interworking information may be obtained from the policy decision function. IETF RFC (Request For Comments) 2753 “A Framework for Policy-based Admission Control”, R. Yavatkar et al., January 2000, describes a framework for providing policy-based control and a client-server protocol for communication between a policy server (PDP; Policy Decision Point) and its client (PPP). However, the 3GPP specification TS 23.234 does not disclose how to arrange the adoption of the policy for the terminal in the WLAN-3GPP interworking system.
BRIEF DESCRIPTION OF THE INVENTION
The object of the invention is thus to provide a method and equipment for implementing the method so as to enable an enhanced data transfer method for terminals visiting a wireless local network. The objects of the invention are achieved by a method, a system, a network element, a wireless terminal, and computer programs, which are characterized by what is stated in the independent claims. Some preferred embodiments are disclosed in the dependent claims.
According an aspect of the invention, end-to-end service related parameters are signalled via a separate signalling element. A resource authorization identifier is received in the mobile terminal from the signalling element. The resource authorization identifier is transmitted to the mobile network via the local network. Authorization is requested from the signalling element by the mobile network on the basis of the resource authorization identifier. A tunnel between the mobile terminal and the mobile network is bound to the end-to-end data flow of the mobile terminal on the basis of an authorization response received from the signalling element and comprising identification information on the end-to-the end data flow and tunnel identification information identifying the tunnel.
The advantage of the invention is that a policy authorized by a signalling element, such as a SIP end-to-end quality-of-service negotiation signalling element, may be used in a system in which the mobile terminal accesses the mobile network via a wireless local network. Thus, it is-possible to arrange a service in the local system comprising the mobile network and the wireless local network on the basis of a confirmation from the signalling element. By the authorization, it is possible to achieve mapping between the data now in the system of the mobile network and the wireless local network and the end-to-end data flow.
In one embodiment, the authorization may comprise information on the allowed quality of service, and the underlying data transmission resources in the system are adapted according to this QoS information.
BRIEF DESCRIPTION OF THE FIGURES
In the following, some preferred embodiments of the invention will be described in detail with reference to the accompanying drawings, in which
FIG. 1 generally illustrates a WLAN-3GPP interworking system;
FIG. 2 shows the WLAN-3GPP interworking protocol architecture; and
FIG. 3 is a flow diagram of an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION
The method of an embodiment is illustrated next with reference to an exemplary WLAN-3GPP interworking system shown in FIG. 1. However, the invention is applicable to any packet-switched telecommunication system for mobile terminals visiting wireless local networks. Besides a system incorporating a 3GPP network, the method of the invention is applicable to a system in accordance with a second-generation GPRS service, for instance. The local network is, in accordance with an embodiment, a wireless local area network employing user authentication and network access control according to an IEEE 802.1x standard, such as a wireless local area network according to the IEEE 802.11i standard. However, the invention can also be applied to a system comprising another IEEE 802-based wireless local area network or some other type of local networks, typically to networks operating at un-licensed frequency bands, such as a network according to the BRAN (Broadband Radio Access Networks) standard, a Home RP network or a Bluetooth network. The BRAN standards comprise High Performance Radio Local Area Network HIPERLAN standards of types 1 and 2, HIPERACCESS and HIPERLINK standards.
Reference is made to FIG. 1, wherein the main parts of a mobile system include a WLAN access network AN, a 3GPP network part PLMN comprising network elements for WLAN interworking, and a mobile station MS, also called user equipment UE in 3GPP specifications. It is to be noted that the WLAN-3GPP interworking specification work is not finished at the time of filing of the present application, and the basic principles of the present invention can also be applied to modified WLAN-3GPP interworking systems.
The WLAN access network AN and the 3GPP network PLMN can communicate over an IP-based (Internet Protocol) network (IPNW). As shown in FIG. 1, the WLAN access network AN can operate as a UMTS access network, and it can also provide access to other networks, such as the public Internet. The WLAN access network AN comprises access elements called access points AP, which provide a mobile station MS with radio access and thus terminate the broadband radio connection. The access point AP controls the L2 radio interface according to the applied radio technology, which means the IEEE 802.11 standard according to one embodiment. The IEEE 802.11 specifications determine both physical-level and MAC-level protocols for data transmission over the radio interface. The data transmission can utilize either infrared or two spread-spectrum techniques (Direct Sequence Spread-Spectrum DSSS, Frequency Hopped Spread-Spectrum FHSS). Both spread-spectrum techniques utilize a 2.4 GHz band. The MAC layer utilizes a CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) technique. The AP also manages the bridging of data streams at the radio interface or the routing thereof to and from other network nodes. It is to be noted that instead of a physical access point, WLAN base station, the term access point AP may also refer to a logical WLAN access point which may be accessed by a number of WLAN base stations. The WLAN access network AN may also comprise further WLAN related network elements, such as a control element or a gateway element GW.
The 3GPP network PLMN may comprise a UMTS terrestrial radio access network UTRAN and a UMTS core network CN, or at least some functionality thereof (not shown in FIG. 1). The following describes network elements related to WLAN-3GPP interworking. The 3GPP network PLMN comprises an Authentication, Authorization and Accounting (AAA) server AS, which may provide authentication services and preferably also charging services. Therefore, 3GPP network subscriber data and authentication services can be used for mobile stations MS roaming in the WLAN network AN and comprising a UMTS subscriber identity module USIM and/or a (GSM) SIM. A mobile station MS user does not necessarily have to have a contract made in advance with the WLAN network AN operator. In such a case, an MS can be charged for the wireless connection provided by the WLAN network AN later on via the PLMN. Even though the AAA server AS is shown as a separate element in FIG. 1, it can be implemented as part of a PLMN network element. A HLR/HSS (Home Location Register/ Home Subscriber Server) located within the 3GPP subscribers home network is the entity containing the authentication and subscription data required the 3GPP subscriber to access WLAN interworking services. The HLR/HSS includes for example information on the quality of service allowed to a subscriber (user profile) and information for the use of services provided by the IMS. The AS communicates authorization information to WLAN and maintains information on the status of the WLAN mobile stations MS.
If the PLMN is not the home network (HPLMN) of the mobile station MS, i.e. the mobile station MS is roaming in the PLMN, the roamed network must communicate with the HPLMN for purposes of authentication and charging. The HPLMN comprises the HLR/HSS, and typically also an authentication centre AuC calculating authentication vectors. An AAA proxy may relay inhumation between the WLAN and the AAA server. AS and carry out subscriber management-related actions in the roamed network. FIG. 1 does not show any other HPLMN elements, such as the 3GMSC or the SGSN, via which the connection to the HER/AuC is typically set up. The 3GPP specifications also refer is to the roamed network as a serving network (SN) and to the HPLMN as merely a home network (HN).
A packet Data Gateway PDG is a network element providing access for WLAN roaming mobile stations MS to external IP networks, including those supporting 3GPP PS Domain based services. The packet data gateway PDG operates as a gateway between the packet radio system of the UMTS network and an external packet data network PDN. External data networks include for instance the UMTS or GPRS network of another network operator, the Internet or a private local area network.
The mobile station MS may be a mobile phone, a table computer with a. WLAN radio interface adapter, or a PDA device, for instance. There may be mobile stations MS of diffemat classes according to their capabilities. The MS may support data transfer via the WLAN access network AN, UTRAN, and/or some other network such as the BSS of GSM, even substantially simultaneously. The mobile station MS is equipped with an IC card including a (U)SIM utilized by a 3GPP subscriber to access the WLAN network for 3GPP interworking purposes.
The WLAN Access Gateway WAG is a gateway via which the data to/from the WLAN Access Network AN is transferred to provide the MS with 3G PS based services. The WLAN Access Gateway resides in the VPLMN in the roaming case, and in the HPLMN in the non-roaming case. The WAG allows a visited 3GPP network PLMN to generate charging information for users accessing via the WLAN AN in the roaming case, enforces the routing of packets through the PDG, performs collection of per tunnel accounting information, and filters out packets based on unencrypted information in the packets. The WAG will forward packets only if they are part of an existing tunnel or expected messages from the MS (service requests and tunnel establishment messages).
For a more detailed description of various. WLAN/3GPP interworking related network elements, reference is made to 3GPP specification TS 23.234, v, 6.0.0, “3GPP to Wireless Local Area Network (WLAN) interworking. System description (Release 6)”, March 2004.
A 3GPP packet data system may also comprise many other functions, such as a service control function SCP for intelligent network services, and a charging gateway CGF attending to charging. According to an embodiment, the WLAN-3GPP interworking system supports at least some IMS related features. FIG. 1 illustrates a call session control function CSCF, which may have three different roles; Proxy-CSCF (P-CSCF) which comprises a PDF funtion and transfers SIP messages to other SIP network elements; Interrogating-CSCF (1-CSCF) which is a subscriber home network contact point and determines the serving CSCF (S-CSCF) and forwards SIP requests to the S-CSCF; S-CSCF which is a CSCF controlling the end-to-end session of a mobile station. For a more detailed description of the conventional IMS system features, reference is made to 3GPP specification 3GPP TS 23.228, v.6.5.0 (March 2004), ‘IP Multimedia Subsystem (IMS); Stage 2; Release 6’. A suitable method for session establishment and QoS selection in the WLAN-3GPP interworking system utilizing IMS principles is illustrated later is connection with FIG. 3.
To obtain the packet-switched services of the WLAN network AN, the mobile station MS has to perform a WLAN technology-specific access procedure, making the location of the MS known at the selected WLAN network AN. In the case of an IEEE 802.11 network, the MS performs an association procedure. The MS is then able to communicate with an access point AP of the WLAN network. PLMN network selection for the MS may be carried out. Network selection and advertisement procedures are described in Chapter 5.4 of the 3GPP TS 23.234. An authentication procedure may be initiated by the MS by sending a network access identifier (NAI) to the WLAN AP which determines the correct (home) AAA server AS and forwards the authentication request to the correct AAA server AS. The WLAN authentication and authorization by the 3GPP AAA server involves the use of an EAP (Extensible Authentication Protocol) Authentication and Key Agreement (AKA) procedure. The WLAN mobile station MS uses the NAI as identification towards the 3GPP, WLAN AAA server AS. In this procedure, the subscriber identity module (SIM) information and corresponding information in. HLR may be used. If the authentication is successful, the MS may register as a WLAN user to the 3GPP network PLMN. More details on WLAN access and authorization are described in Chapter 7.2 of the 3GPP TS 23.344 specification.
To receive and transmit packet-switched data, a registered mobile station MS has to activate at least one tunnel. This makes the MS known to the PDG and creates a logical data transfer context at the mobile station MS, the WAG and the PDG. The protocol stack between the MS and the PDG is illustrated in FIG. 2. When the tunnel is being established, a remote IP address identifying the mobile station MS, which could be an IPv4 or IPv6 address, is defined for the MS. A local IP address of the MS identifies the WLAN MS in the WLAN AN, i.e. the local IP address is used at the Transport IP layer. The remote IP address can be assigned by the home-PLMN, visited-PLMN or an external IP network. In addition to other tunnel related data, such as the negotiated QoS profile, the remote IP address is defined in tunnel information maintained by the PDG.
The tunnel establishment is not coupled to WLAN access authentication/authorization. The WLAN UE may establish several tunnels in order to access several external IP networks simultaneously. External IP network selection is performed as part of the establishment of each tunnel, and the mobile station MS may indicate a preferred WLAN access point name (W-APN).
According to an embodiment, in order to implement a service-based local policy in the WLAN-3GPP interworking system, the PDG comprises a PEP function (Policy Enforcement Point) similar to that of the 3GPP IMS system. However, there are no PDP contexts and associated mechanisms (as those available for GPRS terminals) for roaming WLAN terminals connecting to the PDG via a WLAN network and the WLAN access gateways. Thus, the policy adoption arrangement in the present WLAN-3GPP interworking system differs from that for GPRS terminals. The PEP function controls the offering of quality-of-service resources to the data flow according to the authorization received from the PDF. For binding the authorization decision, the PDF creates a resource authorization identifier, which may be referred to as an authorization token as in the IMS system, for the session and transmits it to the mobile station MS. When the tunnel is being established, the mobile station MS is configured to send to the PDG an authorization token and at least one flow identifier that constitute binding information. The flow identifier identities the IP media flow associated with the SIP session. There may be a flow identifier for each media component that is to be transferred end to end. The. PDG requests authorization for allocating resources to the session indicated by the binding information from the PDF, which is located at the P-CSCP (Proxy CSCF). The PDF functionality makes a final decision on resource allocation to the session and responds to the PDG.
On the basis of the authorization from the PDF, the PDG arranges binding for the external data flow to a tunnel between the MS and the PDG. The gating/filtering functionality offered by the PEP thus tends to identify a given flow or a group of flows by including information about possible header fields in the form of a set of packet filter parameters, i.e. packet filters. The PEP may be arranged to directly map the data flows received from external networks into the correct tunnels on the basis of the packet filters, one or more packet classification parameters (e.g. destination gate/source IP address) being specified in a packet filter. The packet filter(s) may be completely defined, when establishing the logical application-plane connection for the data flow, from identifying identifiers at the P-CSCF element (PDF function), and transferred to the PDG (PEP function). The PEP function may determine a gate by the packet filters for the data flow which it binds to at least one tunnel based on a tunnel identifier. Packet filters could be tunnel-specific, whereby each packet filter is bound to one tunnel.
FIG. 3 shows a signalling diagram illustrating in more detail the establishment or modification of a tunnel between the MS and the PDC when applying a service-based local policy in accordance with a preferred embodiment of the invention. The P-CSCF receives 301 a SIP SDP message including the necessary information about the application-plane session to be set up, such as termination points and the bandwidth requirement. The message 301 may originate for instance from another CSCF element (S-CSCF) because of a session invite request from another party to the application-plane logical connection or the mobile station MS. The PDF function authorizes the quality of service resources (bandwidth, delay, etc.) for the IMS session based on the SDP information. The PDF creates an authorization token for the session and sends 302 the authorization token in an SDP message to the mobile station MS. For a more detailed description of the communication between the P-CSCF (PDF) and the mobile station MS, reference is made to 3GPP specification 3GPP TS 23.207, v. 6.2.0, ‘End-to-End QoS Concept and Architecture; Release 6’.
In one embodiment, the mobile station MS comprises a translation/mapping function adapting 303 the application-plane (or IP-plane) quality of service requirements to the WLAN-3GPP interworking system quality of service parameters, i.e. it specifies the QoS parameters to be requested for the tunnel for user data transmission. When the tunnel is being established, the mobile station MS sends 304 to the selected PDG a tunnel establishment or modification request including not only the conventional data of a tunnel establishment request but also an authorization token and at least one flow identifier, in one embodiment the tunnel identifier. In an alternative embodiment, the mobile station MS does not itself adapt the QoS requirements but the network, preferably the PDG, does the adaptation. In this embodiment, the tunnel establishment message 304 does not specify any MS determined QoS parameters; In a further embodiment, no QoS requirement information is sent from the MS but the PDG determines the QoS on the basis of the authorization from the PDG.
The PDG receives the request 305 and determines the appropriate P-CSCF (PDF) on the basis of the authorization token. The PDG transmits 306 a request to authorize the required resources to the PDF functionality of the P-CSCF indicated by the authorization token. This request comprises the binding information. When the PDF of the P-CSCF finds the IP flow information corresponding to the request 306, it makes the final decision about allocating resources to the session. The PDF transmits 307 a response including the policy to the PDG. The authorization response includes an authorization token, at least one packet classification parameter (packet classifier) negotiated on the application plane and intended as the filter, and QoS information (maximum QoS). In one embodiment, other information similar to that of the Go interface between the CSCF and the PDG in 3GPP specification 3GPP TS 23.207, v. 6.0.0 ‘End-to-End QoS Concept and Architecture (Release 6)’ may also be used.
The PDG typically responds 308 to the decision message 307. If the PDF allows resource allocation, the PDG may then bind the information in the authorization response to an identifier referring directly or indirectly to a tunnel, i.e. to a tunnel already existing or being established between the MS and the PDG. The tunnel between the mobile terminal and the mobile network is thus bound to the end-to-end data flow of the mobile terminal on the basis of the authorization response received 307 from the signalling element and comprising identification information on the end-to-end data flow (for instance the source IP address) and tunnel identification information identifying the tunnel. The PDG can thus arrange a tunnel between the MS and-the PDG provided-with properties in accordance with the authorization 307 and the request 304. The PDG may check, based on the quality of service information received from the PDF, that the quality of service requested for the tunnel does not exceed the quality of service negotiated on the application plane and authorized by the PDF. In one embodiment, the PDG comprises a translation/mapping function which adapts the authorized QoS information to appropriate QoS parameters in the WLAN-3GPP interworking system. Underlying WLAN and/or 3GPP connection resources may be reserved (309) in accordance with the quality of service adapted by the WLAN-3GPP interworking system, preferably by the PDG, from the quality of service parameters of the IP plane or application plane of the mobile station MS (unless the PDG has had to restrict the requested quality because of subscriber data or its own resource limitations, for example). Based on the response 307, the PDG (PEP function) may in one embodiment generate 309 a logical gate, which implements access control according to the decision of the PDF based on the at least one packet classification parameter obtained from the PDF as its packet filter parameter for one or more tunnels to the MS. The packet classifier may be based on the IP-address and port number, for instance. The gate is bound 309 to the tunnel being established based on a (tunnel) identifier distinguishing it from other tunnels. Other information received from the PDF may also be stored in the PDG.
In one embodiment, the PDG sends a response 310 to the WAG; however, such response may be not necessary. The PDG may transmit information (possibly via the AAA proxy) for arranging filtering in the WAG according to the policy authorized by the PDF. The WAG may arrange filtering based on this information. The WAG may initiate the establishment of a radio network service, whereby a new WLAN-3GPP bearer is set up or modified 311 for the mobile station MS. If the requested QoS attributes cannot be provided for instance on the basis of the subscription, the WAG informs this to the PDG, which confirms new QoS attributes. The WAG sets the packet flow identifier and the radio priority in accordance with the negotiated QoS and responds 312 to the mobile station MS. In art alternative embodiment, the QoS resources are arranged locally in the WLAN network AN on the basis of the information from the PDG. For instance, the QoS may be arranged locally by WSM (Wi-Fi Scheduled Multimedia) being specified for IEEE 802.11e technology.
The mobile station MS updates its connection information with the tunnel and the WLAN-3GPP hearer. The MS is now able to send and receive data packets of the logical connection negotiated on the application plane and use the tunnel. After step 312, an application of the mobile station MS or the entity reserving quality of service for it is still able to send the necessary messages to finally activate the end-to-end session. For example, an application using the RSVP protocol may send and receive RSVP path and RSVP response messages, based on which the underlying WLAN-3GPP interworking system transmission resources can also be updated. Besides the above-described features, other features may be performed in the WLAN-3GPP interworking system during tunnel establishment/modification. As an example, the PDG contacts the AAA server AS for authorization of the MS.
The PDG is then able to transfer received downlink packets fulfilling the filter conditions defined for the gate to the mobile station using the tunnel that is associated with the gate. When a packet is received 313 from an external packet data network, its header fields are checked 314. When doing this, the PDG compares the header fields of the packets received from the external IP network PDN with the packet classifiers of the gates, based on which the PDG knows if the packets can be forwarded to the terminal, and, if so, which tunnel is to be applied to each IP packet. If a gate is found, whose packet classifiers the packet corresponds to, i.e. the header fields of the packet correspond to the set of packet classification parameters determined by the PDF at the PDG (PEP function), the PEP determines the identifier of the tunnel associated with the gate and directs 315 the packet to be transferred in accordance with the tunnel and the underlying WLAN network resources defined therein. If the packet identifiers do not conform to the filter conditions bound to the tunnel, the packet cannot be transferred by means of the tunnel. It is to be noted that the messages illustrated in FIG. 3 are only one example of arranging the data transmission and the ongoing 3GPP-WLAN development work may lead to another kind of network structure/signalling arrangement.
The features illustrated in association with FIG. 3 can also be utilized such that the tunnel arranged for signalling connectivity to the P-CSCF is also utilized for user data transmission between the MS and the PDG, whereby no tunnel establishment messages are required but instead messages of other type may be used between the MS and the PDG. In another embodiment, a first tunnel between the mobile station MS and a first network element (PDG) of the mobile network is established for end-to-end service parameter signalling (via the P-CSCF), and a second tunnel between the mobile station MS and a second network element of the mobile network (another PDG) is established for user data transmission after the reception of the (resource authorization) identifier.
The applicability of the functions illustrated above are not limited to any specific tunnelling technique. In one embodiment, tunnels are IPSec tunnels and identified by at least one IPSec tunnel specific identifier which may be used when binding authorization (and the classification parameters thereof) to the tunnel and when arranging underlying data transmission resources.
In this embodiment, the IPSec tunnel may be established between the MS and the PDG by utilizing the IKE (Internet Key Exchange) protocol. First the MS and the PDG perform a key exchange by Diffie-Hellman procedure and generate an IKE security association. In one embodiment, the IKE security association is authenticated by using an EAP (Extensible Authentication Protocol) SIM or EAP AKA (Authentication and Key Agreement) procedure. After this, separate security associations are negotiated for user traffic. These associations are referred to as CHILD SAs. In the present embodiment, the SIP signalling could have a specific CHILD AS, and no policy control would be needed for the SIP signalling. Thus, the token could be transferred to the mobile station (step 302 in FIG. 3) by a payload packet protected by the IPsec using the CHILD AS. In one embodiment, the token transferred from the mobile station MS to the PDG is included in a field of a CREATE CHILD AS negotiation message used for negotiating security association between the MS and the PDG. One or more new data fields can be reserved in these messages for transferring the token. In another embodiment, INFORMAL negotiation of the IPsec is used to deliver the parameters required for arranging the policy control by the PDG. These parameters can be associated with an earlier negotiated CHILD SA which could be the one already negotiated for the SIP session.
Thus, the token could be bound to a CHILD AS security association identified by an SPI (security parameter index) and possibly with the mobile station's and/or PDG's IP address. This SPI is also included in user-plane packets of the IPsec ESP (encapsulating security payload) or AH protocols.
In an embodiment, different media types/components, typically audio, video and data, are allocated with different flow identifiers. In this embodiment, the mobile terminal MS may in step 303 generate the flow identifiers for the media types. The request for establishing/modifying the tunnel may thus comprise more than one flow identifier possibly relating to the same token. With this embodiment, it is possible to separate different media types and even reserve different QoS for different media types.
In one embodiment, the tunnel and/or underlying connection reservations may also be modified later. The features illustrated above are applicable between the MS and PDGs in the home PLMN or in visited PLMN.
In an alternative embodiment differing from FIG. 3, the authorization token is sent using an already established tunnel, i.e. the end-to-end QoS adaptation based an the authorization of the PDF is separate from the tunnel establishment procedure and the data transmission resources in WLAN network AN and/or the PLMN may be adapted according to the authorization.
It is to be noted that the authorization identifier from the PDF may be some other identifier than the authorization token or that the authorization token may differ in contents from that for GPRS services. Further, for non-session based applications some binding information may be used.
The invention can be implemented in a mobile station and in network elements (in an embodiment, in the mobile station MS and in the PDG) by respective computer program codes executed in a processor of the respective device. Computer program codes can be received via a network and/or be stored in memory means, for instance on a disk, a CD-ROM disk or other external memory means, from which they can be loaded into the memory of the processing device. Hardware solutions or a combination of software and hardware solutions may also be used. A chip unit or some other kind of module for controlling the network element (or the mobile station MS) may in one embodiment cause the device to perform the inventive functions in the network element (or the mobile station MS).
It is obvious to a person skilled in the art that as technology advances, the basic idea of the invention can be implemented in a variety of ways. The invention and its embodiments are thus not limited to the above examples, but may vary within the claims. Different features may thus be omitted, modified or replaced by equivalents.

Claims (38)

The invention claimed is:
1. A method of arranging transmission of packet data in a system comprising a mobile terminal, a wireless local network and a mobile network, the method comprising:
signaling end-to-end service related parameters for communication between the mobile terminal and the wireless local network,
communicating a resource authorization identifier from a policy decision function to the mobile terminal via the wireless local network, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
receiving a request for authorization from the mobile network on the basis of the resource authorization identifier,
receiving an authorization response to bind a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal, wherein the authorization response comprises identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
transmitting at least one filter or gate parameter to the mobile network, wherein the at least one filter or gate parameter is associated with the tunnel, and filtering or gating is arranged in the mobile network to or from the tunnel based on the association,
wherein a first tunnel between the mobile terminal and a first network element of the mobile network is established for end-to-end service parameter signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network is established for user data transmission after the reception of resource authorization identifier, and
wherein the receiving the request for authorization from the mobile network on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
2. A method as claimed in claim 1, wherein the same tunnel between the mobile network and a network element of the mobile network and utilizing the data transmission resources of the local network is used for signalling purposes and for user data transmission.
3. A method as claimed in claim 1, wherein the tunnel between the mobile terminal and the mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE (Internet Key Exchange) protocol.
4. A method as claimed in claim 3, wherein an association is arranged between the tunnel and a 3GPP-WLAN interworking system bearer.
5. A method as claimed in claim 1, wherein the mobile network is a 3GPP network offering a packet-switched service comprising at least one network element supporting access via a WLAN (Wireless Local Area Network).
6. The method of claim 1, wherein the policy decision function is a component of a proxy call session control function.
7. The method of claim 1, wherein the policy decision function is separate from an Authentication, Authorization, and Accounting (AAA) server.
8. A wireless system comprising a mobile terminal, a wireless local network, a network element, a signaling element and a mobile network, wherein the wireless local network is configured to provide data transmission for the mobile terminal, the mobile terminal is configured to receive a resource authorization identifier from a policy decision function during a negotiation of end-to-end service related parameters,
the mobile terminal is configured to transmit the resource authorization identifier to the mobile network via the wireless local network, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
the mobile network is configured to request authorization from the policy decision function on the basis of the resource authorization identifier,
the mobile network is configured to bind a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
wherein the network element is configured to transmit at least one filter or gate parameter from the signaling element to the mobile network,
the network element is configured to associate the at least one filter or gate parameter with the tunnel utilizing local network resources, and the network element is configured to arrange filtering or gating in the mobile network to or from the tunnel based on the association,
wherein the network element is configured to establish a first tunnel between the mobile terminal and a first network element of the mobile network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network for user data transmission after the reception of a resource authorization identifier, and
wherein the request for authorization from the mobile network on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
9. A network element for a mobile network connectable to a wireless local network providing data transmission for a mobile terminal, wherein the network element is configured to establish a tunnel with a mobile terminal for transferring information with the mobile terminal accessing the mobile network via the wireless local network, the network element is configured to receive a resource authorization identifier from the mobile terminal, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem, the network element is configured to request authorization from a policy decision function on the basis of the resource authorization identifier, the network element is configured to bind a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
wherein the network element is configured to transmit at least one filter or gate parameter from a signaling element to the mobile network,
the network element is configured to associate the at least one filter or gate parameter with the tunnel utilizing local network resources,
the network element is configured to arrange filtering or gating in the mobile network to or from the tunnel based on the association,
wherein the network element is configured to establish a first tunnel between the mobile terminal and a first network element of the mobile network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network for user data transmission after the reception of the resource authorization identifier, and
wherein the request for authorization on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
10. A network element according to claim 9, wherein the network element is configured to use the same tunnel between the mobile network and a network element of the mobile network and utilizing the data transmission resources of the local network for signalling purposes and for user data transmission.
11. A network element according to claim 9, wherein the tunnel between the mobile terminal and the mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE (Internet Key Exchange) protocol.
12. A network element according to claim 9, wherein the network element is a 3GPP network element offering as pocket-switched service for a mobile terminal accessing a WLAN (Wireless Local Area Network).
13. A system comprising:
a wireless terminal, wherein the wireless terminal is configured to connect to a wireless local network,
the wireless terminal is configured to establish a tunnel with a network element of a mobile network via the wireless local network,
the wireless terminal is configured to receive a resource authorization identifier from a separate policy decision function during a the negotiation of end-to-end service related parameters, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
the wireless terminal is configured to transmit the resource authorization identifier to the mobile network by using the tunnel, wherein the tunnel between the mobile wireless terminal and the mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE (Internet Key Exchange) protocol,
wherein the network element is configured to transmit at least one filter or gate parameter from a signaling element to the mobile network,
the network element is configured to associate the at least one filter or gate parameter with the tunnel utilizing local network resources, and the network element is configured to arrange filtering or gating in the mobile network to or from the tunnel based on the association,
wherein the network element is configured to establish a first tunnel between the mobile wireless terminal and a first network element of the mobile network for the mobile wireless terminal signaling, and a second tunnel between the mobile wireless terminal and a second network element of the mobile network for user data transmission after the reception of a resource authorization identifier, and
wherein a request for authorization from the mobile network on the basis of the resource resources authorization identifier comprises receiving the request at the separate policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the separate policy decision function.
14. A wireless terminal as claimed in claim 13, wherein the tunnel is used for signaling purposes and for user data transmission.
15. A wireless terminal as claimed in claim 13, wherein a first tunnel is established for end-to-end service parameter signalling, and a second tunnel is established for user data transmission after the reception of the resource authorization identifier.
16. A non-transitory computer readable medium encoded with computer executable instructions configured to:
receive a resource authorization identifier from a mobile terminal of a mobile network, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
request authorization from a policy decision function on the basis of the resource authorization identifier, and
bind a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel, wherein the tunnel between the mobile terminal and the mobile network is an IPSec tunnel, whereby the tunnel is established by utilizing an IKE (Internet Key Exchange) protocol,
wherein a network element is configured to transmit at least one filter or gate parameter from a signaling element to the mobile network, the network element is configured to associate the at least one filter or gate parameter with the tunnel utilizing local network resources, and the network element is configured to arrange filtering or gating in the mobile network to or from the tunnel based on the association,
wherein the network element is configured to establish a first tunnel between the mobile terminal and a first network element of the mobile network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network fur user data transmission after the reception of a resource authorization identifier, and wherein the request for authorization from the policy decision function on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
17. A wireless system comprising:
a wireless network, a policy decision function, a network element and a signaling element;
thea wireless network configured to provide data transmission in a network;
thea policy decision function coupled to the wireless network and configured to provide a resource authorization identifier during athe negotiation of end-to-end service related parameters,
wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem;
wherein the wireless network is configured to request authorization from the policy decision function on the basis of the resource authorization identifier, and to bind a tunnel for an end-to-end data flow on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
wherein the network element is configured to transmit at least one filter or gate parameter from the signaling element to the mobile wireless network,
the network element is configured to associate the at least one filter or gate parameter with the tunnel utilizing local network resources, and
the network element is configured to arrange filtering or gating in the mobile wireless network to or from the tunnel based on the association,
wherein the network element is configured to establish a first tunnel between a the mobile terminal and a first network element of the mobile wireless network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile wireless network for user data transmission after the reception of a resource authorization identifier, and
wherein the request for authorization from the policy decision function on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
18. A method of arranging transmission of packet data in a system comprising a mobile terminal, a wireless local network and a mobile network, the method comprising:
signaling end-to-end service related parameters for communication between the mobile terminal and the wireless local network,
receiving a resource authorization identifier from a policy decision function at the mobile terminal, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
sending a request for authorization on the basis of the resource authorization identifier, and sending an authorization response to bind a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal wherein the authorization response comprises identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
transmitting at least one filter or gate parameter to the mobile network, wherein the at least one filter or gate parameter is associated with the tunnel, and filtering or gating is arranged in the mobile network to or from the tunnel based on the association,
wherein a first tunnel between the mobile terminal and a first network element of the mobile network is established for end-to-end service parameter signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network is established for user data transmission after the reception of resource authorization identifier, and
wherein the request for authorization on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
19. A network element configured to receive a resource authorization identifier from a mobile terminal, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem, wherein the network element is further configured to:
request authorization from a policy decision function on the basis of the resource authorization identifier, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia system
bind a tunnel between the mobile terminal and a mobile network to an end-to-end data flow of the mobile terminal on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
transmit at least one filter or gate parameter from a signaling element to the mobile network,
associate the at least one filter or gate parameter with the tunnel utilizing local network resources,
arrange filtering or gating in the mobile network to or from the tunnel based on the association, and
establish a first tunnel between the mobile terminal and a first network element of the mobile network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network for user data transmission after the reception of the resource authorization identifier,
wherein the request for authorization on the basis of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), and wherein the PDG is configured to arrange a binding of the tunnel on the basis of the authorization from the policy decision function.
20. The network element according to claim 19, wherein any terminal between the mobile terminal and the mobile network is configured to use the same tunnel between the mobile terminal and the mobile network for signaling purposes and for user data transmission.
21. The network element according to claim 19, wherein the tunnel between the mobile terminal and the mobile network is an IPSec tunnel, and wherein the tunnel is established by utilizing an internet key exchange protocol.
22. The network element according to claim 19, wherein the network element comprises a network element offering a packet-switched service for a mobile terminal accessing an ad hoc wireless local area network.
23. The network element according to claim 19, wherein the authorization token is configured to be received by the mobile terminal via a payload packet during a security negotiation with the network element.
24. The network element according to claim 19, wherein the mobile terminal is configured to transfer the authorization token to the network in a field of a negotiation message.
25. A method of arranging transmission of packet data in a system comprising a mobile terminal and a mobile network, the method comprising:
communicating a resource authorization identifier from a policy decision function to the mobile terminal, wherein the resource authorization identifier is an authorization token in an internet protocol multimedia subsystem,
receiving a request for authorization from the policy decision function on the basis of the resource authorization identifier,
binding a tunnel between the mobile terminal and the mobile network to an end-to-end data flow of the mobile terminal on the basis of an authorization response received from the policy decision function and comprising identification information on the end-to-end data flow and tunnel identification information identifying the tunnel,
transmitting at least one filter or gate parameter from a signaling element to the mobile network, wherein the at least one filter or gate parameter is associated with the tunnel, and filtering or gating is arranged in the mobile network to or from the tunnel based on the association;
establishing a first tunnel between the mobile terminal and a first network element of the mobile network for the mobile terminal signaling, and a second tunnel between the mobile terminal and a second network element of the mobile network for user data transmission after the reception of the resource authorization identifier, and
wherein the receiving the request for authorization from the mobile network on the bases of the resource authorization identifier comprises receiving the request at the policy decision function from a packet data gateway (PDG), wherein the PDG is configured to arrange the binding of the tunnel on the basis of the authorization from the policy decision function.
26. The method according to claim 25, wherein the same tunnel between the mobile terminal and mobile network is utilized by another mobile terminal therebetween for signaling purposes and for user data transmission.
27. The method according to claim 25, wherein the authorization token is communicated to the mobile terminal via a payload packet during a security negotiation with the mobile network.
28. The method according to claim 25, further comprising transferring the authorization token from the mobile terminal to the packet data gateway in a field of a negotiation message.
29. A wireless system comprising:
a mobile terminal and a mobile network, wherein the mobile terminal and mobile network are connected via a binding tunnel,
a network element configured to establish and modify of the binding tunnel on the basis of an authorization command from a second network element, wherein the second network element is connected to the mobile terminal via a second tunnel; and
wherein the mobile terminal is configured to request an authorization token of an internet protocol multimedia system from the mobile network, the request for the authorization token comprising a plurality of flow identifiers, wherein each of the plurality of flow identifiers relate to a different media type.
30. The wireless system according to claim 29, wherein the network element is a packet data gateway.
31. The wireless system according to claim 29, wherein the network element is configured to modify the binding tunnel based on receiving a new set of plurality of flow identifiers from the mobile terminal.
32. A method comprising:
generating, by a mobile terminal, a plurality of flow identifiers, each of the plurality of flow identifiers relating to a different media type,
requesting, by the mobile terminal, an authorization token from a network element of a mobile network, wherein the authorization token is based on the plurality of flow identifiers, wherein the authorization token is a token in an internet protocol multimedia system;
receiving, by the mobile terminal, tunnel identification information identifying the binding tunnel, wherein the binding tunnel creates an end-to-end user data flow between the mobile terminal and the mobile network on the basis of an authorization token received from the network element, and
requesting, by the mobile terminal, to modify the binding tunnel through a second binding tunnel to a second network element of a mobile network.
33. The method according to claim 32, wherein the network element is in communication with a policy decision function.
34. The method according to claim 32, further comprising using each of the plurality of flow identifiers to utilize a unique quality of service with the binding tunnel for each communication.
35. The method according to claim 32, wherein a second network element performs the modifying of the binding tunnel.
36. The method according to claim 35, wherein the second network element comprises a packet data gateway.
37. The method according to claim 32, further comprising sending, by the mobile terminal, the new set of flow identifiers through the binding tunnel.
38. The method according to claim 32, wherein the subsequent request comprises receiving the request at a policy decision function from the second network element.
US15/394,050 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network Active 2028-12-02 USRE48758E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/394,050 USRE48758E1 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/394,050 USRE48758E1 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network
US10/538,420 US8923256B2 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network
PCT/FI2004/000386 WO2006000612A1 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network

Publications (1)

Publication Number Publication Date
USRE48758E1 true USRE48758E1 (en) 2021-09-28

Family

ID=35781578

Family Applications (2)

Application Number Title Priority Date Filing Date
US15/394,050 Active 2028-12-02 USRE48758E1 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network
US10/538,420 Ceased US8923256B2 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network

Family Applications After (1)

Application Number Title Priority Date Filing Date
US10/538,420 Ceased US8923256B2 (en) 2004-06-24 2004-06-24 Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network

Country Status (5)

Country Link
US (2) USRE48758E1 (en)
EP (1) EP1759551B1 (en)
AT (1) ATE440467T1 (en)
DE (1) DE602004022722D1 (en)
WO (1) WO2006000612A1 (en)

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8996698B1 (en) * 2000-11-03 2015-03-31 Truphone Limited Cooperative network for mobile internet access
KR100651716B1 (en) * 2004-10-11 2006-12-01 한국전자통신연구원 Bootstrapping method in mobile network based on Diameter protocol and system therein
WO2006046896A1 (en) * 2004-10-29 2006-05-04 Telefonaktiebolaget Lm Ericsson (Publ) Methods and nodes in a communication system for controlling the use of access resources
CA2504499A1 (en) * 2005-04-18 2006-10-18 Telefonaktiebolaget L M Ericsson (Publ) A method for controlling the quality of service in an ip multimedia system
CN1949705B (en) * 2005-10-14 2010-08-18 上海贝尔阿尔卡特股份有限公司 Dynamic tunnel construction method for safety access special LAN and apparatus therefor
JP4935156B2 (en) * 2006-04-05 2012-05-23 日本電気株式会社 Wireless LAN device, wireless LAN system, communication system, and data communication method
US8489096B2 (en) * 2006-06-01 2013-07-16 Nokia Corporation Inter-access handover with access specific policy control functions
US8280374B2 (en) * 2006-08-04 2012-10-02 Telefonaktiebolaget Lm Ericsson (Publ) Policy management in a roaming or handover scenario in an IP network
US20080049648A1 (en) * 2006-08-28 2008-02-28 Motorola, Inc. Method and apparatus for policy management for an internet protocol multimedia subsystem based wireless communication system
CN101227714B (en) * 2007-01-18 2011-04-06 华为技术有限公司 System, apparatus and method for sharing network resource
FR2916926B1 (en) * 2007-05-28 2009-10-09 Alcatel Lucent Sas METHODS OF MANAGING INTERWORKING BETWEEN A VISIBLE 3GPP NETWORK HAVING 3GPP AND WLAN ACCESS NETWORKS AND A HOME 3GPP NETWORK FOR A MOBILE STATION THROUGH AND SGSN NODE AND TTG GATEWAY CORRESPONDING
CN101330753B (en) 2007-06-22 2014-07-09 华为技术有限公司 Method for establishing and erasuring resource as well as network appliance
KR100981963B1 (en) * 2007-07-06 2010-09-13 한국전자통신연구원 Node authentication and noce operation methods within service and asccess networks for bundle authentication bewteen service and access networks in NGN environment
US9749142B2 (en) * 2007-08-20 2017-08-29 Telefonaktiebolaget Lm Ericsson (Publ) Notification of resource restrictions in a multimedia communications network
CN101399741B (en) * 2007-09-28 2014-04-30 华为技术有限公司 Method, system and device for dynamically updating information of classifier
CN101399699B (en) * 2007-09-30 2011-10-05 华为技术有限公司 Addressing method, network element device and network system for policy determination functional entity
CN101505296A (en) * 2008-02-05 2009-08-12 华为技术有限公司 Control method and apparatus for tunnel service data stream
US9332000B2 (en) * 2008-02-21 2016-05-03 Alcatel Lucent One-pass authentication mechanism and system for heterogeneous networks
JP4966432B2 (en) * 2008-04-11 2012-07-04 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Access via non-3GPP access network
US8687631B2 (en) * 2009-10-16 2014-04-01 Cisco Technology, Inc. System and method for providing a translation mechanism in a network environment
KR101669276B1 (en) * 2009-10-19 2016-10-25 삼성전자주식회사 Method and apparatus for guaranteeing quality of service according to priority of terminal
US8655392B2 (en) * 2009-10-30 2014-02-18 At&T Intellectual Property I, L.P. Generic paging service for third-party applications over wireless networks
JP5914750B2 (en) * 2012-04-26 2016-05-11 華為技術有限公司Huawei Technologies Co.,Ltd. Method for accessing packet switched network, WLAN access system, and user equipment
EP2663125B1 (en) * 2012-05-08 2019-02-13 Telefonaktiebolaget LM Ericsson (publ) Mobile terminal, network node server, method and computer program
US8817707B2 (en) 2012-07-20 2014-08-26 Intel Corporation Mechanisms for roaming between 3GPP operators and WLAN service providers
US9357430B2 (en) * 2012-10-26 2016-05-31 Qualcomm Incorporated Systems and methods for samog bearer management
US9215591B2 (en) 2012-12-06 2015-12-15 At&T Intellectual Property I, L.P. Security for network load broadcasts over cellular networks
US9819469B2 (en) 2013-07-01 2017-11-14 Qualcomm Incorporated Techniques for enabling quality of service (QoS) on WLAN for traffic related to a bearer on cellular networks
US9578647B2 (en) 2013-08-29 2017-02-21 Telefonaktiebolaget Lm Ericsson (Publ) 3GPP bearer-based QoS model support on WiFi
EP3050354B1 (en) * 2013-09-25 2020-04-29 Intel Corporation End-to-end (e2e) tunneling for multi-radio access technology (multi-rat)
CN109379902B (en) * 2016-03-24 2021-04-16 世界卫星有限公司 Access control system based on satellite internet access and transmission
US10673649B2 (en) * 2017-10-24 2020-06-02 Cisco Technology, Inc. Method and device for quality of service regulation
US11605972B2 (en) * 2018-06-01 2023-03-14 Google Llc Smartphone charging station connectivity
US11323445B2 (en) * 2019-12-03 2022-05-03 Blackberry Limited Methods and systems for accessing a network

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020036983A1 (en) * 2000-05-22 2002-03-28 Ina Widegren Application influenced policy
US20020184510A1 (en) * 2001-04-17 2002-12-05 At&T Wireless Services, Inc. Binding information for IP media flows
US20030041266A1 (en) * 2001-03-30 2003-02-27 Yan Ke Internet security system
US20030119483A1 (en) * 2001-12-05 2003-06-26 Lg Electronics Inc. Wireless data service apparatus and method in broadcast mobile communication system
US20030163577A1 (en) * 2002-02-23 2003-08-28 Se-Woong Moon Security system for accessing virtual private network service in communication network and method thereof
WO2003105007A1 (en) 2002-06-06 2003-12-18 Thomson Licensing S.A. Interworking function (iwf) as logical radio network controller (rnc) for hybrid coupling in an interworking between wlan and a mobile communications network
EP1392077A1 (en) * 2002-08-21 2004-02-25 Thomson Licensing S.A. Managing the Quality of Service (QoS) levels during transfer between a wireless local area network (WLAN) and a mobile telephone network
US6714515B1 (en) * 2000-05-16 2004-03-30 Telefonaktiebolaget Lm Ericsson (Publ) Policy server and architecture providing radio network resource allocation rules
US20040090937A1 (en) * 2002-11-13 2004-05-13 Nokia Corporation Method and apparatus for performing inter-technology handoff from WLAN to cellular network
US20040267874A1 (en) * 2003-06-30 2004-12-30 Lars Westberg Using tunneling to enhance remote LAN connectivity
US20050007984A1 (en) * 2003-05-02 2005-01-13 Interdigital Technology Corporation Method and architecture for accessing an internet protocol multimedia subsystem (IMS) over a wireless local area network (WLAN)
US20050091409A1 (en) * 2001-11-28 2005-04-28 Brian Williams Policy co-ordination in a communications network
US20050163078A1 (en) * 2004-01-22 2005-07-28 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
US20050195780A1 (en) * 2004-03-08 2005-09-08 Henry Haverinen IP mobility in mobile telecommunications system
US20050259679A1 (en) * 2004-04-15 2005-11-24 Kuntal Chowdhury Radio link loss management in multimedia domain (MMD)
US7546376B2 (en) * 2000-11-06 2009-06-09 Telefonaktiebolaget Lm Ericsson (Publ) Media binding to coordinate quality of service requirements for media flows in a multimedia session with IP bearer resources

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6714515B1 (en) * 2000-05-16 2004-03-30 Telefonaktiebolaget Lm Ericsson (Publ) Policy server and architecture providing radio network resource allocation rules
US20020036983A1 (en) * 2000-05-22 2002-03-28 Ina Widegren Application influenced policy
US7546376B2 (en) * 2000-11-06 2009-06-09 Telefonaktiebolaget Lm Ericsson (Publ) Media binding to coordinate quality of service requirements for media flows in a multimedia session with IP bearer resources
US20030041266A1 (en) * 2001-03-30 2003-02-27 Yan Ke Internet security system
US20020184510A1 (en) * 2001-04-17 2002-12-05 At&T Wireless Services, Inc. Binding information for IP media flows
US20050091409A1 (en) * 2001-11-28 2005-04-28 Brian Williams Policy co-ordination in a communications network
US20030119483A1 (en) * 2001-12-05 2003-06-26 Lg Electronics Inc. Wireless data service apparatus and method in broadcast mobile communication system
US20030163577A1 (en) * 2002-02-23 2003-08-28 Se-Woong Moon Security system for accessing virtual private network service in communication network and method thereof
WO2003105007A1 (en) 2002-06-06 2003-12-18 Thomson Licensing S.A. Interworking function (iwf) as logical radio network controller (rnc) for hybrid coupling in an interworking between wlan and a mobile communications network
EP1392077A1 (en) * 2002-08-21 2004-02-25 Thomson Licensing S.A. Managing the Quality of Service (QoS) levels during transfer between a wireless local area network (WLAN) and a mobile telephone network
US20040090937A1 (en) * 2002-11-13 2004-05-13 Nokia Corporation Method and apparatus for performing inter-technology handoff from WLAN to cellular network
US20050007984A1 (en) * 2003-05-02 2005-01-13 Interdigital Technology Corporation Method and architecture for accessing an internet protocol multimedia subsystem (IMS) over a wireless local area network (WLAN)
US20040267874A1 (en) * 2003-06-30 2004-12-30 Lars Westberg Using tunneling to enhance remote LAN connectivity
US20050163078A1 (en) * 2004-01-22 2005-07-28 Toshiba America Research, Inc. Mobility architecture using pre-authentication, pre-configuration and/or virtual soft-handoff
US20050195780A1 (en) * 2004-03-08 2005-09-08 Henry Haverinen IP mobility in mobile telecommunications system
US20050259679A1 (en) * 2004-04-15 2005-11-24 Kuntal Chowdhury Radio link loss management in multimedia domain (MMD)

Non-Patent Citations (20)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP system to Wireless Local Area Network (WLAN) interworking; System Description (Release 6)", 3GGP TS 23.234 V6.0.0 (Mar. 2004), pp. 1-83.
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; End-to-end Quality of Service (QoS) concept and architecture (Release 6)", 3GPP TS 23.207 V6.2.0 (Mar. 2004), pp. 1-52.
"A Framework for Policy-based Admission Control", Yavatkar, et al., Network Working Group, Request for Comments: 2753, Category: Informational, Apr. 15, 2005, pp. 1-24.
"Key Technologies of WLAN Accessing 3GPP PS Based Services", Hefei Hu, et al. IEEE 6th CAS Symp. On Emerging Technologies: Mobile and Wireless Comm. Shanghai, China, May 31-Jun. 2, 2004, pp. 137-139.
"The Path toward the 4G Network and Services: The Wine Glass Vision", L. Dell Uomo, et al., 2003 Telecom Italia Lab S.p.A., pp. 169-175.
3rd Generation Partnership Project; Technical Specification (3GPP TS 23.234 V6.0.0 (Mar. 2004). *
3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS); Stage 2 (Release 6), 3GPP TS 23.228 V6.5.0 (Mar. 2004), pp. 1-174.
Interworking Architecture Between 3GPP and WLAN Systems, Ahmavaara et al., IEEE Communications Magazine, Nov. 2003 (Year: 2003). *
IP Mobility Support for IPsec-based Virtual Private Networks: an architectural soluttion, Berioli et al. GLOBECOM 2003 0-7803-7974-8/03 2003 IEEE (Year: 2003). *
Policy Based Architecture for the UMTS Multimedia Domain Wolfgang Böhm, et al. Proceedings of the Second IEEE International Symposium on Network Computing and Applications (NCA '03) 2003 IEEE (Year: 2003). *
Quality of Service Among IP—Based Heterogeneous Networks, Alam et al. IEEE Personal Communications, Dec. 2001 (Year: 2001). *
U.S. Notice of Allowance on U.S. Appl. No. 10/538,420 dated Aug. 28, 2014.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Apr. 21, 2008.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Apr. 29, 2009.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Aug. 29, 2008.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Dec. 1, 2009.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Dec. 23, 2008.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Jun. 14, 2010.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated May 21, 2014.
U.S. Office Action on U.S. Appl. No. 10/538,420 dated Nov. 26, 2013.

Also Published As

Publication number Publication date
DE602004022722D1 (en) 2009-10-01
EP1759551A1 (en) 2007-03-07
WO2006000612A1 (en) 2006-01-05
US20070070958A1 (en) 2007-03-29
EP1759551B1 (en) 2009-08-19
US8923256B2 (en) 2014-12-30
ATE440467T1 (en) 2009-09-15

Similar Documents

Publication Publication Date Title
USRE48758E1 (en) Transfer of packet data in system comprising mobile terminal, wireless local network and mobile network
US10511961B2 (en) Service in WLAN inter-working, address management system, and method
JP3971388B2 (en) Transfer of packet data to wireless terminals
US7106718B2 (en) Signaling quality of service class for use in multimedia communicatations
US7546376B2 (en) Media binding to coordinate quality of service requirements for media flows in a multimedia session with IP bearer resources
US7209458B2 (en) Enhanced QoS control
US7826353B2 (en) Method, system and network element for authorizing a data transmission
EP1332627B1 (en) Method and apparatus for coordinated charging of services in a multimedia session
US20020062379A1 (en) Method and apparatus for coordinating quality of service requirements for media flows in a multimedia session with IP bearer services
US20060168303A1 (en) Method and apparatus for coordinating charging for services provided in a multimedia session
US20030120135A1 (en) Method for remote medical consultation and care
US20060294363A1 (en) System and method for tunnel management over a 3G-WLAN interworking system
EP1543659B1 (en) Service level allocation for ip networks
EP1820305B1 (en) Method and system for implementation of sblp for a wlan-gsm/3g integrated system
JP2005522125A (en) How to handle PDP context errors
CN1845523B (en) Method for realizing service quality arrangement in intercommunication WLAN
WO2002037869A2 (en) Method and apparatus for coordinating quality of service requirements for media flows in a multimedia session with ip bearer resources
AU2003216764B2 (en) Transfer of packet data to wireless terminal
Elmangosh et al. Quality of service provisioning issue of accessing IP multimedia subsystem via wireless LANS

Legal Events

Date Code Title Description
MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8