WO2012065846A1 - Method, apparatus and system for transmitting location information - Google Patents

Method, apparatus and system for transmitting location information Download PDF

Info

Publication number
WO2012065846A1
WO2012065846A1 PCT/EP2011/069270 EP2011069270W WO2012065846A1 WO 2012065846 A1 WO2012065846 A1 WO 2012065846A1 EP 2011069270 W EP2011069270 W EP 2011069270W WO 2012065846 A1 WO2012065846 A1 WO 2012065846A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet data
access network
location information
network
gateway
Prior art date
Application number
PCT/EP2011/069270
Other languages
French (fr)
Inventor
Juha Antero Rasanen
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Publication of WO2012065846A1 publication Critical patent/WO2012065846A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W64/00Locating users or terminals or network equipment for network management purposes, e.g. mobility management
    • H04W64/003Locating users or terminals or network equipment for network management purposes, e.g. mobility management locating network equipment

Definitions

  • the present invention relates to a mechanism for transmitting location information.
  • the present invention is related to a method, a system and apparatus for verifying the location information of a fixed access network at a mobile core network.
  • Policy control architecture has been defined by 3rd Generation Partnership Project (3GPP). Policy elements can maintain information on active packet connections of users and about packet gateways via which the packet connections traverse.
  • 3GPP 3rd Generation Partnership Project
  • 3GPP mobile networks can interface fixed broadband networks, defined for example by broadband forum (BBF).
  • BBF broadband forum
  • a UE connected to a fixed broadband access can use services that are offered by the 3GPP mobile network, i.e. the user traffic can be routed from the broadband access to the 3GPP packet core network.
  • Both the fixed broadband network and the 3GPP network can have policy control and enforcement functions on the user plane.
  • a UE connected to a 3GPP access can uses services that are offered by the fixed broadband network, i.e. the user traffic is routed from the 3GPP access to the fixed broadband packet core network.
  • both the 3GPP and fixed broadband network can have policy control and enforcement functions on the user plane.
  • a 3GPP Femto Home Node-B can be connected via a fixed broadband access to a 3GPP mobile core network.
  • the fixed broadband access network can be an untrusted access network to the mobile core network, thus the authentication of the H(e)NB and/or a user can be transparent to the fixed broadband access network, and an IP security tunnel is established between the home Node B and the security gateway (SeGW) in the mobile core network.
  • SeGW security gateway
  • Three different policy control/decision entities may be involved in a user session: Broadband policy control function (BPCF) in the broadband access, visited PCRF (V-PCRF) in the visited mobile network in a roaming case and home PCRF (H-PCRF) in the home mobile network.
  • BPCF Broadband policy control function
  • V-PCRF visited PCRF
  • H-PCRF home PCRF
  • Location verification by a mobile network verifying node can be required for the H(e)NB.
  • a mobile network verifying node e.g. Home Node B gateway / HNB-GW
  • One or more of the following information items may be used to perform location verification:
  • IP address and/or access line location identifier provided by broadband access provider.
  • H(e)NB Information of macro-cells surrounding the H(e)NB provided by the H(e)NB. Geo-coordinates provided by a GNSS receiver embedded into the H(e)NB.
  • the present invention overcomes at least some of above drawbacks by providing an apparatus, a method and a computer program product comprising establishing a packet data connection with a packet data gateway of a mobile network, including location information of a fixed access network in a signaling message, and, transmitting the signaling message to the packet data gateway, for example, during establishment of the packet data connection.
  • the packet data connection can comprise a secure internet protocol (IP) tunnel and the packet data gateway can comprise a security gateway.
  • IP internet protocol
  • the apparatus can comprise a home node B.
  • the location information can comprise one or more of:
  • IP internet protocol
  • the apparatus, method and computer program product can comprise performing authentication procedure between the apparatus and the packet data gateway, wherein the authentication procedure is transparent to the fixed access network.
  • an apparatus, a system, a method and a computer program for transmitting location information from a fixed access network to a mobile core network for verifying the location information comprising establishing a packet data connection between a fixed access network and a mobile core network, transmitting location information of the fixed access network to the mobile core network, and, verifying the location information of the fixed access network at the mobile core network.
  • the verifying can be performed by a home node B management system (H(e)MS) or a home node B gateway (HNB-GW).
  • the packet data connection can comprises a secure internet protocol (IP) tunnel and the transmitting can comprise transmitting the location information within at least one signaling message for establishing the secure tunnel.
  • IP internet protocol
  • the location information can comprise at least one of:
  • IP internet protocol
  • the apparatus, system, method and computer program can further comprise transmitting the location information to at least one of a packet data gateway (SGW, PDN), a policy and/or charging entity of a home network of a user, and, a policy and/or charging entity of a visited network.
  • SGW packet data gateway
  • PDN packet data gateway
  • an apparatus, a method and a computer program are provided comprising establishing a packet data connection with an access network entity, and receiving a signaling message comprising location information of a fixed access network from the access network entity.
  • the receiving can comprise to receive the signaling message during establishment of the packet data connection.
  • the apparatus, method and computer program can further comprise transmitting the location information to a verifying entity for verifying the location information.
  • the packet data connection can comprise a secure internet protocol (IP) tunnel.
  • IP internet protocol
  • the apparatus can comprise at least one of a security gateway, a serving gateway and a packet data gateway and/or the access network entity can comprise a home node B.
  • the apparatus, method and computer program can further comprise transmitting the location information to a packet data gateway.
  • the apparatus, method and computer program can further comprise performing authentication procedure between the apparatus and the access network entity, wherein the authentication procedure is transparent to the fixed access network.
  • - Location parameters can easily be made available to various network elements to be further utilized also for other purposes than the original location verification, like e.g. resolving contact/address information of access realm network elements.
  • Figure 1 illustrates architecture relevant for aspects of the invention.
  • Figures 2 - 3 illustrate message flows according to aspects of the invention.
  • Figure 4 illustrates an example structure and functions of apparatuses implementing aspects of the invention.
  • Figure 5 illustrates an example process implementing aspects of the invention.
  • IP-Connectivity Access Network refers to the collection of network entities and interfaces that provides the underlying IP transport connectivity between the UE and, for example, IP multimedia subsystem (IMS) entities.
  • IP multimedia subsystem IMS
  • a GPRS network can be used as an IP-connectivity access network.
  • IP flow is a unidirectional flow of IP packets with the same source IP address and port number and the same destination IP address and port number and the same transport protocol.
  • IP-CAN session is an association between a UE and an IP network.
  • the association can be identified by one or more UE IPv4 addresses/ and/or IPv6 prefix together with a UE identity information, if available, and a PDN represented by a PDN ID (e.g. an access point name (APN)).
  • PDN ID e.g. an access point name (APN)
  • An IP-CAN session can incorporate one or more IP-CAN bearers. Support for multiple IP-CAN bearers per IP-CAN session is IP-CAN specific. An IP-CAN session exists as long as the related UE IPv4 address and/or IPv6 prefix are assigned and announced to the IP network.
  • S-GW Serving gateway
  • UTRAN evolved UMTS terrestrial radio access network
  • EPS evolved packet system
  • Security gateway is a gateway that provides security based on Internet Protocol (IP) security and Internet Key exchange (IKE) and that can be located between different networks such as public and private networks or between network elements such as the evolved node B (eNB) and core network entities.
  • the core network entities can be, for example, the mobility management entity (MME), serving gateway (SGW), and operation and management server (O&M).
  • MME mobility management entity
  • SGW serving gateway
  • O&M operation and management server
  • the control plane, user plane, management plane, and synchronisation plane between the eNB and core network entities can be protected by the security gateway that is located at the core edge.
  • a security gateway can protect the control plane and user plane traffic that results from X2 inter-eNB communication.
  • a security gateway When a security gateway is located between public and private networks, it can prevent unauthorised intrusions into the private network and can provide tunneling capabilities and private data encryption.
  • a security gateway for a virtual private network can be a router, a firewall, integrated VPN hardware, or VPN software.
  • Serving GPRS support node is a GPRS support node in the I P-CAN that serves GPRS mobile stations by sending or receiving packets via a base station subsystem or a radio access network.
  • SGSN is the basic element of the GPRS infrastructure. It stores for each mobile in its context different parameters used to route the packets, for example information about the mobile's location.
  • Gateway GPRS support node acts as a gateway between the GPRS network and packet-switched public data network (PSPDN). For the packet-switched public data network, the GPRS network resembles a subnetwork which can transfer data to or from a GPRS mobile station.
  • the GGSN can hide the operation of the GPRS network from the packet-switched public data network through the encapsulation of packets. From the external network's point of view, the gateway GPRS support node is simply a router to a subnetwork.
  • GTP GPRS Tunnelling Protocol
  • Proxy Mobile I P is a version of Mobile IP (MI P) that allows the movement of the mobility control from the mobile node to a proxy in the network.
  • Policy and charging rules function is a function that defines and provides the policy and charging rules that are used in the policy enforcement points for policy control and flow-based charging control.
  • the PCRF has been developed for the 3GPP Release 7 and it combines the charging rules with the policy decision function of earlier 3GPP architecture releases. PCRF can maintain I P-CAN session associated with users.
  • S9 reference point is a reference point between the visited and home PCRF when the user is roaming.
  • the S9 reference point is used to transfer the quality of service (Qos), policy and charging rules.
  • So called S9* reference point is used between 3GPP and fixed broadband domains, between the mobile network PCRF and the BPCF in scenarios where both 3GPP and fixed broadband access networks belong to the same operator or to different operators.
  • the function of the S9* interface is to convey sufficient information to the BPCF to enable it to identify a broadband network gateway (BNG) that, for example, a H(e)NB connects to, and perform admission control based on the bandwidth requirements and QoS attributes of the bearers or aggregate of bearers with similar QoS characteristics being established.
  • BNG broadband network gateway
  • PCEF Policy and charging enforcement function
  • PDN packet data network
  • Gx reference point is the reference point between a packet data network (PDN) gateway and a PCRF.
  • the Gx reference point can be used to transfer the policy and charging information from the PCRF to the PCEF located in the PDN gateway.
  • an IP-CAN session associated with an user can be established.
  • the PCRF can select a bearer control mode that will apply for the IP-CAN session and provide it to the PCEF via the Gx reference point.
  • Digital subscriber line xDSL, DSL
  • xDSL is a family of digital telecommunications technologies designed to allow high-speed data communication over the existing copper telephone lines between end-users and telephone companies.
  • xDSL is a generic abbreviation for various different DSL types, for example ADSL, HDSL, RDSL, SDSL, and VDSL.
  • xDSL calls for modems at either end of a copper twisted-pair wire to deliver data, voice, and video over a dedicated digital network.
  • Broadband remote access server is an access server that routes traffic to and from the digital subscriber line (DSL) access multiplexers (DSLAM) on an internet service provider's network.
  • the BRAS can be located at the core of the internet service provider's network and can aggregate user sessions from the access network, and terminate remote users at the corporate network or internet users at the internet service provider network.
  • the BRAS can provide firewall, authentication, and routing services.
  • the BRAS is a broadband network gateway that can be an aggregation point for the user traffic.
  • the BRAS can provide aggregation capabilities (e.g. IP, PPP, and Ethernet) between the access network and the network service provider (NSP) or access service provider (ASP). Beyond aggregation, the BRAS can also be an injection point for policy management and IP QoS in the access network.
  • Broadband Network Gateway BNG is an I P edge router where bandwidth and QoS policies may be applied.
  • Femto access point is an access point that provides transmission and control functions that are necessary for radio coverage of one femtocell.
  • a femto access point is a 3G radio access interface placed on the subscriber's premises, usually provided as part of the customer premises equipment. The range of the femto access point defines a single femtocell, or the subscriber's home femtozone and its function is to translate I P-based traffic into UMTS signals.
  • Femto gateway is a gateway through which specified femto access points can get access to the mobile operator's core network.
  • the femto gateway can communicate via the internet protocol with the femto access points for which it is responsible.
  • Femto can use fixed broadband access, for example DSL, to access the mobile core network.
  • a home (evolved) node B (H(e)NB) is a network element that can connect UE via its radio interface to a core network of a service provider through broadband backhaul connection.
  • the H(e)NB can typically be deployed in customers' premises, for example at home of the end user.
  • a home node B gateway (HeN B GW) can serve as a concentrator towards the MME.
  • the HeNB GW can appear to the MME as an eNB and can appear to the HeNB as an MME.
  • a home Node B management system (H(e)MS) is a management server that can configure H(e)NBs according to operator's policy.
  • the H(e)MS can also be capable of installing software updates on the H(e)NB.
  • a security gateway (SeGW) at the border of the core network of the service provider can connect a H(e)NB to the core network, after successful mutual authentication between the H(e)NB and the SeGW.
  • a connection between the H(e)NB and the core network can be tunneled through the SeGW.
  • a H(e)NB can be provisioned with a device certificate that can allow the authentication of the H(e)NB by the SeGW and thereby to the mobile network. Also the SeGW can be provisioned with a certificate that can allow the authentication of the SeGW by H(e)NB.
  • a fixed broadband access network can be an untrusted access network to the mobile network, thereby the authentication of the H(e)NB and/or user can be transparent to the fixed broadband access network.
  • IP Internet Protocol
  • IPsec IP Security
  • IPsec Internet Protocol Security
  • Transport mode can encrypt only the data portion (payload) of each packet, leaving the header untouched.
  • Tunnel mode can encrypt both the header and the payload.
  • the tunnels can connect sites which together form virtual private networks.
  • a global navigation satellite system is a satellite system that can be used to find out the exact location of a user's receiver anywhere in the world.
  • a H(e)NB can have capability to receive GNSS transmissions.
  • a verifying node for example, a H(e)MS and/or HNB-GW, can perform location verification.
  • Different types of location information relating to the access node or the access network can be stored in the verifying node by service providers for location verification purposes.
  • the verifying node can obtain location information from the access node or the access network which can be used to perform location verification.
  • the received location information can be compared with the stored information in the verifying node.
  • the verifying node can, for example, raise an alarm or order the H(e)NB to cease handling of connections.
  • the H(e)NB can terminate connections immediately or can wait until any calls in progress have been completed.
  • Location information can be used for example for a HNB-GW discovery and/or registration to a Home NodeB Management System HMS.
  • HMS (initial) can assign a HNB corresponding local access information of a Sec-GW serving the HNB, another serving HMS and/or optionally another HNB-GW according to the location information of the HNB.
  • the HNB-GW information can be provided either by the HMS (initial) or the HMS
  • the HNB can be pre-configured with address information of the HMS (initial) and Sec-GW (initial), while the HMS (serving) can be physically different from the HMS (initial).
  • HNB registration is a process to put the HNB into service when it is initially powered up.
  • the process can contain two registration phases: a registration to a HMS (serving) and a registration to a HNB-GW.
  • the HNB can send to the HMS (serving) a request containing, for example, HNB location parameters and HNB identity.
  • the HNB-GW can send to the HNB- GW a request to register containing, for example, HNB location parameters and HNB identity.
  • FIG. 1 illustrates architecture relevant for aspects of the invention.
  • a UE 1 which is roaming in a micro network (e.g. a private home network) is connected to a local base station 2, for example to a femto access point or a HNB.
  • the UE 1 can access the mobile core network via broadband fixed access 3, for example over an xDSL connection.
  • the broadband network 3 can be connected via a BRAS 5 to a security GW 7 of a mobile network.
  • the mobile network can have a HNB GW 8 which can be integrated to the Sec- GW 7.
  • the broadband network 3 can have its own policy entity 4 which can interface a policy entity 15 of the mobile network over S9* interface 6.
  • a H(e)MS 18 can interface the Sec-GW 7.
  • the mobile network has a mobile switching center (MSC) 1 1 , which provides for example call control functionality, a SGSN 12 which provides packet data switching and services and a mobility management entity (MME) 13.
  • MSC mobile switching center
  • SGSN packet data switching and services
  • MME mobility management entity
  • a packet data connection from the fixed broadband network 3 can traverse via a serving GW 10 and a packet data gateway 14 to a packet core or internet.
  • the protocol used for a packet data connection between the SGW 10 and the PGW 14 can be, for example, GTP or PMIP.
  • the visited network can have a policy entity 15 which can connect a policy entity 16 in the home network of the UE 1 over S9 interface 17 and a policy entity 4 in the fixed broadband network over S9* interface.
  • the serving gateway 10 can be co-located with the sec-GW7.
  • An access network entity 2 for example, a HNB can be aware of location verification parameters, such as a public internet protocol (IP) address of a broadband access device, an access line location identifier, information of macro-cells surrounding the apparatus, and/or, geographical coordinates.
  • IP internet protocol
  • the access network entity 2 can be made aware of a line identifier, for example, by configuration when installing the access network entity 2 or even automatically by information exchange between the access network entity 2 and a broadband / DSL modem the access network entity 2 connects to.
  • an access network entity 2 can provide location information, for example location verification parameters, in a packet data connection establishment or information exchange signaling to a packet core network, for example, in an internet protocol (IP) connection establishment or information exchange signaling, or in an I Psec tunnel establishment message exchange or information message exchange to the Security-GW (7), as shown as examples with signals 201 (Fig 2) and 301 (Fig 3).
  • IP internet protocol
  • a protocol extension can be implemented to enable the transfer of location verification parameters in packet data connection establishment and/or information exchange/update messages, for example, in a tunnel establishment and/or information exchange/update messages.
  • the extension may be, for example, a new payload that can carry location verification parameters within tunnel establishment and/or information exchange/update messages.
  • a vendor specific extension to the protocol can be provided, as specified in Internet Engineering Task Force (I ETF) specification RFC 5996. New parameters can be added to existing protocols and interface, for example to PMI P, GTP, Gx and/or S9, to transfer location information of the fixed access network.
  • a packet data entity 7 or 10 or 13 in the packet core network receiving the location information can transmit the location information to a verifying entity 8, 18 which can perform the location verification.
  • the verifying entity 8, 18 can be, for example, a HNB GW 8 or H(e)MS 18.
  • the packet data entity 7 can transmit 203, 3030 one or more of the verification parameters to a serving gateway (SGW) 10.
  • SGW serving gateway
  • the sec-GW 7 and SGW 10 functionalities can be implemented in the same physical entity.
  • the packet data entity 7 and/or the SGW 10 can transmit 205, 305 one or more of the verification parameters further to a PDN Gateway (PGW) 14.
  • PGW PDN Gateway
  • the packet data entity 7 and/or the SGW 10 can transmit one or more of the verification parameters further to a visited PCRF (V-PCRF)
  • the V-PCRF 15 when establishing a control session towards the V-PCRF 15, as in message exchange 308, 309 in figure 3.
  • the V-PCRF 15 can obtain one or more of the verification parameters from a H-PCRF 16, for example, upon the S9* session
  • the PGW 14 can transmit one or more of the verification parameters/information further to the home PCRF (H-PCRF) 16, for example, among regular parameters like User/UE ID etc., upon contacting the H-PCRF 16.
  • H-PCRF home PCRF
  • network entities 10, 14, 4, 15, 16 can use the received location verification parameters, or relevant parts of them, for example address realm, to find/discover the correct counterpart, for example a PCRF or BPCF. Mapping from a location parameter to a contact address may be performed, for example, by local configuration or through a query to an entity that maintains such address/contact links.
  • a home PCRF (H-PCRF) 16 can use 310 the location parameters to discover a visited PCRF (V-PCRF) 15 that was selected earlier by the SGW 10 in signal 308 ( Figure 3).
  • a V-PCRF 15 can use 315 the location parameters to discover a BPCF 4 that controls a BNG 5 through which the IP tunnel is connected.
  • a home PCRF 16 may use 208 the location verification parameters to find/discover a correct BPCF 4.
  • the PCRF 16 can either request 209 the BPCF 4 to establish an S9* control session towards the PCRF
  • the PCRF 16 can itself initiate an S9* control session towards the BPCF 4.
  • the message exchange 21 1 , 212 can transfer QoS rules and possibly other parameters from the PCRF 16 to the BPCF 4.
  • a home PCRF 16 can either request in 311 a visited PCRF 15 to establish an S9 control session towards the home PCRF 16, or the home PCRF 16 can itself initiate an S9 control session towards the visited PCRF 15.
  • the message exchange 313, 314 can transfer PCC rules and possibly other parameters from the home PCRF 16 to the visited PCRF 15.
  • the visited PCRF 15 can either request 16 the BPCF 4 to establish an S9* control session towards the visited PCRF 15, or the visited PCRF 15 may itself initiate an S9* control session towards the BPCF 4.
  • the message exchange 318, 319 can transfer QoS rules, possibly derived from the PCC rules, and possibly other parameters from the visited PCRF 15 to the BPCF 4.
  • Figure 4 illustrates an example internal structure and functions of apparatuses
  • An apparatus 2 has an establishing unit 405 which can be configured to establish, maintain, control and/or terminate a packet data connection, for example an IPSec tunnel, for UE 1.
  • a location unit 402 can be configured to maintain location information relating to the apparatus 2, for example, a public internet protocol (IP) address of the apparatus, an access line location identifier, information of macro-cells surrounding the apparatus or its geographical coordinates.
  • IP internet protocol
  • the location information maintained in the location unit 402 can be a fixed network location of the apparatus.
  • An including unit 403 can be configured to obtain location information from the location unit 402 in a signaling message and can transmit the signaling message to a transmitting unit 401 which can transmit the signaling message to a network.
  • the transmitting unit 401 can transmit the signaling message over fixed access network to a gateway 7 in a mobile network, and can transmit during establishment of the packet data connection or later within signaling and/or information exchange messages during the active connection phase.
  • the transmitting unit 401 can be configured to transmit and receive packet data to and from an access unit 404 which can be configured to control and relay user data signaling with the UE 1.
  • An apparatus 7 can have an establishing unit 41 1 which can be configured to establish, maintain, control and/or terminate a packet data connection, for example an IPSec tunnel, with an access network entity 2.
  • a receiving unit 410 can be configured to receive location information, for example a fixed network location, associated with the access network entity 2. The unit 410 can be configured to receive the location information during establishment of the packet data connection or later within signaling and/or information exchange messages during the active connection phase.
  • a location unit 412 can be configured to transmit the location information to a verifying node 8, 18 for verifying the location information and can be configured to receive from the node 8, 18 a response to the location verifying operation.
  • a transmitting unit 413 can be configured to transmit the location information to a further packet data entity 10, 14 in the mobile network. All units described above in relation to figure 5 may be implemented for example using microprocessors, chips and/or other electrical components and/or by software.
  • a packet data gateway entity, a verifying entity and an access network entity may be physically implemented in a switch, router, server or other hardware platform or electronic equipment which can support data transmission and processing tasks, or can be implemented as a component of other existing device.
  • Figure 5 illustrates an example process which can be implemented by one or more apparatuses or software components implementing aspects of the invention.
  • First a packet data connection is established 51 , for example, between a fixed access network access node and a packet data gateway of a mobile core network.
  • Location information relating to the access node is included 52 in a signaling message which can be
  • the location information can be verified 54, for example, by a verifying node in the mobile core network.
  • the location information can be transmitted 55 after the verification to further nodes (PDN, SGW, H-PCRF, V- PCRF, BPCF) in the mobile core network which can use the location information, for example, to resolve an identity of a node, for example a policy entity, which should be involved in controlling the connection.
  • an access technology via which signaling is transferred to and from a network element or node may be any technology by means of which a node can access an access network
  • Any present or future technology such as WLAN (Wireless Local Access Network), WiMAX (Worldwide Interoperability for Microwave Access), BlueTooth, Infrared, and the like may be used; although the above technologies are mostly wireless access technologies, e.g. in different radio spectra, access technology in the sense of the present invention implies also wirebound technologies, e.g. IP based access technologies like cable networks or fixed lines but also circuit switched access technologies; access technologies may be distinguishable in at least two categories or access domains such as packet switched and circuit switched, but the existence of more than two access domains does not impede the invention being applied thereto,
  • - usable access networks may be any device, apparatus, unit or means by which a station, entity or other user equipment may connect to and/or utilize services offered by the access network; such services include, among others, data and/or (audio-) visual communication, data download etc.;
  • a user equipment may be any device, apparatus, unit or means by which a system user or subscriber may experience services from an access network, such as a mobile phone, personal digital assistant PDA, or computer;
  • any method step is suitable to be implemented as software or by hardware without changing the idea of the invention in terms of the functionality implemented;
  • CMOS Complementary MOS
  • BiMOS Bipolar MOS
  • BiCMOS Bipolar CMOS
  • ECL emitter Coupled Logic
  • TTL Transistor-Transistor Logic
  • ASIC Application Specific IC
  • FPGA Field-programmable gate array
  • any method steps and/or devices, units or means likely to be implemented as software components may for example be based on any security architecture capable e.g. of authentication,
  • devices, apparatuses, units or means can be implemented as individual devices, apparatuses, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, apparatus, unit or means is preserved,
  • an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for
  • a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally

Abstract

The invention relates to an apparatus, a system, a method and a computer program product for transmitting location information from a fixed access network to a mobile core network for verifying the location information by establishing a packet data connection between a fixed access network and a mobile core network, transmitting location information of the fixed access network to the mobile core network, and verifying the location information of the fixed access network at the mobile core network.

Description

Description Title Method, apparatus and system for transmitting location information
Technical field of the invention The present invention relates to a mechanism for transmitting location information. In particular, the present invention is related to a method, a system and apparatus for verifying the location information of a fixed access network at a mobile core network.
Background of the invention
Policy control architecture has been defined by 3rd Generation Partnership Project (3GPP). Policy elements can maintain information on active packet connections of users and about packet gateways via which the packet connections traverse.
In the future, 3GPP mobile networks can interface fixed broadband networks, defined for example by broadband forum (BBF). Policy and charging control is an important and integral part of the interworking. A UE connected to a fixed broadband access can use services that are offered by the 3GPP mobile network, i.e. the user traffic can be routed from the broadband access to the 3GPP packet core network. Both the fixed broadband network and the 3GPP network can have policy control and enforcement functions on the user plane.
Also, A UE connected to a 3GPP access can uses services that are offered by the fixed broadband network, i.e. the user traffic is routed from the 3GPP access to the fixed broadband packet core network. Again, both the 3GPP and fixed broadband network can have policy control and enforcement functions on the user plane.
In one architectural scenario a 3GPP Femto Home Node-B (H(e)NB) can be connected via a fixed broadband access to a 3GPP mobile core network. In this scenario, the fixed broadband access network can be an untrusted access network to the mobile core network, thus the authentication of the H(e)NB and/or a user can be transparent to the fixed broadband access network, and an IP security tunnel is established between the home Node B and the security gateway (SeGW) in the mobile core network. Three different policy control/decision entities may be involved in a user session: Broadband policy control function (BPCF) in the broadband access, visited PCRF (V-PCRF) in the visited mobile network in a roaming case and home PCRF (H-PCRF) in the home mobile network.
Location verification by a mobile network verifying node (e.g. Home Node B gateway / HNB-GW) can be required for the H(e)NB. One or more of the following information items may be used to perform location verification:
· The public IP address of the broadband access device provided by the H(e)NB.
The IP address and/or access line location identifier provided by broadband access provider.
Information of macro-cells surrounding the H(e)NB provided by the H(e)NB. Geo-coordinates provided by a GNSS receiver embedded into the H(e)NB.
It is open how the location verification can be performed.
Summary of the invention
The present invention overcomes at least some of above drawbacks by providing an apparatus, a method and a computer program product comprising establishing a packet data connection with a packet data gateway of a mobile network, including location information of a fixed access network in a signaling message, and, transmitting the signaling message to the packet data gateway, for example, during establishment of the packet data connection.
The packet data connection can comprise a secure internet protocol (IP) tunnel and the packet data gateway can comprise a security gateway. The apparatus can comprise a home node B.
The location information can comprise one or more of:
- a public internet protocol (IP) address of a broadband access device,
- an access line location identifier,
- information of macro-cells surrounding the apparatus, and,
- geographical coordinates. The apparatus, method and computer program product can comprise performing authentication procedure between the apparatus and the packet data gateway, wherein the authentication procedure is transparent to the fixed access network. Further, an apparatus, a system, a method and a computer program for transmitting location information from a fixed access network to a mobile core network for verifying the location information are provided comprising establishing a packet data connection between a fixed access network and a mobile core network, transmitting location information of the fixed access network to the mobile core network, and, verifying the location information of the fixed access network at the mobile core network.
The verifying can be performed by a home node B management system (H(e)MS) or a home node B gateway (HNB-GW). The packet data connection can comprises a secure internet protocol (IP) tunnel and the transmitting can comprise transmitting the location information within at least one signaling message for establishing the secure tunnel.
The location information can comprise at least one of:
- a public internet protocol (IP) address of a broadband access device,
- an access line location identifier,
- information of macro-cells surrounding the apparatus, and,
- geographical coordinates. The apparatus, system, method and computer program can further comprise transmitting the location information to at least one of a packet data gateway (SGW, PDN), a policy and/or charging entity of a home network of a user, and, a policy and/or charging entity of a visited network. Further, an apparatus, a method and a computer program are provided comprising establishing a packet data connection with an access network entity, and receiving a signaling message comprising location information of a fixed access network from the access network entity. The receiving can comprise to receive the signaling message during establishment of the packet data connection. The apparatus, method and computer program can further comprise transmitting the location information to a verifying entity for verifying the location information.
The packet data connection can comprise a secure internet protocol (IP) tunnel.
The apparatus can comprise at least one of a security gateway, a serving gateway and a packet data gateway and/or the access network entity can comprise a home node B.
The apparatus, method and computer program can further comprise transmitting the location information to a packet data gateway.
The apparatus, method and computer program can further comprise performing authentication procedure between the apparatus and the access network entity, wherein the authentication procedure is transparent to the fixed access network.
Embodiments of the present invention may have one or more of following advantages:
- Protocol structures and implementations are simplified, because no dedicated signalling messages are required for the location verification, when the location parameters are embedded in messages of an existing protocol / extisting protocols.
- Required number of exchanged signalling messages between network elements can be minimized, meaning less loading in the network, when signalling messages used for other purposes, e.g. for connection establishment, can be used for carrying the required location parameters.
- Location parameters can easily be made available to various network elements to be further utilized also for other purposes than the original location verification, like e.g. resolving contact/address information of access realm network elements.
Description of drawings
Figure 1 illustrates architecture relevant for aspects of the invention. Figures 2 - 3 illustrate message flows according to aspects of the invention.
Figure 4 illustrates an example structure and functions of apparatuses implementing aspects of the invention. Figure 5 illustrates an example process implementing aspects of the invention.
Detailed description of the invention IP-Connectivity Access Network (IP-CAN) refers to the collection of network entities and interfaces that provides the underlying IP transport connectivity between the UE and, for example, IP multimedia subsystem (IMS) entities. For example, a GPRS network can be used as an IP-connectivity access network. IP flow is a unidirectional flow of IP packets with the same source IP address and port number and the same destination IP address and port number and the same transport protocol.
IP-CAN session is an association between a UE and an IP network. The association can be identified by one or more UE IPv4 addresses/ and/or IPv6 prefix together with a UE identity information, if available, and a PDN represented by a PDN ID (e.g. an access point name (APN)). An IP-CAN session can incorporate one or more IP-CAN bearers. Support for multiple IP-CAN bearers per IP-CAN session is IP-CAN specific. An IP-CAN session exists as long as the related UE IPv4 address and/or IPv6 prefix are assigned and announced to the IP network.
Serving gateway (S-GW, SGW) is a gateway that can terminate the interface towards evolved UMTS terrestrial radio access network (UTRAN) for UE and as so is the contact point to the network. The UE that is associated with the evolved packet system (EPS) can have a single SGW at a given point of time.
Security gateway (seGW, Sec-GW), is a gateway that provides security based on Internet Protocol (IP) security and Internet Key exchange (IKE) and that can be located between different networks such as public and private networks or between network elements such as the evolved node B (eNB) and core network entities. The core network entities can be, for example, the mobility management entity (MME), serving gateway (SGW), and operation and management server (O&M). The control plane, user plane, management plane, and synchronisation plane between the eNB and core network entities can be protected by the security gateway that is located at the core edge. In addition, a security gateway can protect the control plane and user plane traffic that results from X2 inter-eNB communication. When a security gateway is located between public and private networks, it can prevent unauthorised intrusions into the private network and can provide tunneling capabilities and private data encryption. A security gateway for a virtual private network (VPN) can be a router, a firewall, integrated VPN hardware, or VPN software.
Serving GPRS support node (SGSN) is a GPRS support node in the I P-CAN that serves GPRS mobile stations by sending or receiving packets via a base station subsystem or a radio access network. SGSN is the basic element of the GPRS infrastructure. It stores for each mobile in its context different parameters used to route the packets, for example information about the mobile's location. Gateway GPRS support node (GGSN) acts as a gateway between the GPRS network and packet-switched public data network (PSPDN). For the packet-switched public data network, the GPRS network resembles a subnetwork which can transfer data to or from a GPRS mobile station. The GGSN can hide the operation of the GPRS network from the packet-switched public data network through the encapsulation of packets. From the external network's point of view, the gateway GPRS support node is simply a router to a subnetwork.
GPRS Tunnelling Protocol (GTP) is a protocol that is used in the GPRS for transmitting user data packets and signalling between GPRS support nodes (GGSN, SGSN) over GPRS backbone network.
Proxy Mobile I P (PMI P) is a version of Mobile IP (MI P) that allows the movement of the mobility control from the mobile node to a proxy in the network. Policy and charging rules function (PCRF) is a function that defines and provides the policy and charging rules that are used in the policy enforcement points for policy control and flow-based charging control. The PCRF has been developed for the 3GPP Release 7 and it combines the charging rules with the policy decision function of earlier 3GPP architecture releases. PCRF can maintain I P-CAN session associated with users.
S9 reference point is a reference point between the visited and home PCRF when the user is roaming. The S9 reference point is used to transfer the quality of service (Qos), policy and charging rules. So called S9* reference point is used between 3GPP and fixed broadband domains, between the mobile network PCRF and the BPCF in scenarios where both 3GPP and fixed broadband access networks belong to the same operator or to different operators. The function of the S9* interface is to convey sufficient information to the BPCF to enable it to identify a broadband network gateway (BNG) that, for example, a H(e)NB connects to, and perform admission control based on the bandwidth requirements and QoS attributes of the bearers or aggregate of bearers with similar QoS characteristics being established.
Policy and charging enforcement function (PCEF) is a function that receives the policy and charging rules from the PCRF, detects traffic, and enforces the rules for classifying the traffic on service data flows. The control for the quality of service (QoS) is applied per service data flow in the PCEF. The PCEF can be co-located in a packet data network (PDN) gateway.
Gx reference point is the reference point between a packet data network (PDN) gateway and a PCRF. The Gx reference point can be used to transfer the policy and charging information from the PCRF to the PCEF located in the PDN gateway.
As part of PCC procedures, an IP-CAN session associated with an user can be established. The PCRF can select a bearer control mode that will apply for the IP-CAN session and provide it to the PCEF via the Gx reference point. Digital subscriber line (xDSL, DSL) is a family of digital telecommunications technologies designed to allow high-speed data communication over the existing copper telephone lines between end-users and telephone companies. xDSL is a generic abbreviation for various different DSL types, for example ADSL, HDSL, RDSL, SDSL, and VDSL. xDSL calls for modems at either end of a copper twisted-pair wire to deliver data, voice, and video over a dedicated digital network.
Broadband remote access server (BRAS) is an access server that routes traffic to and from the digital subscriber line (DSL) access multiplexers (DSLAM) on an internet service provider's network. The BRAS can be located at the core of the internet service provider's network and can aggregate user sessions from the access network, and terminate remote users at the corporate network or internet users at the internet service provider network. The BRAS can provide firewall, authentication, and routing services. The BRAS is a broadband network gateway that can be an aggregation point for the user traffic. The BRAS can provide aggregation capabilities (e.g. IP, PPP, and Ethernet) between the access network and the network service provider (NSP) or access service provider (ASP). Beyond aggregation, the BRAS can also be an injection point for policy management and IP QoS in the access network. Broadband Network Gateway (BNG) is an I P edge router where bandwidth and QoS policies may be applied.
Femto access point (FAP) is an access point that provides transmission and control functions that are necessary for radio coverage of one femtocell. A femto access point is a 3G radio access interface placed on the subscriber's premises, usually provided as part of the customer premises equipment. The range of the femto access point defines a single femtocell, or the subscriber's home femtozone and its function is to translate I P-based traffic into UMTS signals.
Femto gateway (FGW) is a gateway through which specified femto access points can get access to the mobile operator's core network. The femto gateway can communicate via the internet protocol with the femto access points for which it is responsible. Femto can use fixed broadband access, for example DSL, to access the mobile core network.
A home (evolved) node B (H(e)NB) is a network element that can connect UE via its radio interface to a core network of a service provider through broadband backhaul connection. The H(e)NB can typically be deployed in customers' premises, for example at home of the end user.
A home node B gateway (HeN B GW) can serve as a concentrator towards the MME. The HeNB GW can appear to the MME as an eNB and can appear to the HeNB as an MME.
A home Node B management system (H(e)MS) is a management server that can configure H(e)NBs according to operator's policy. The H(e)MS can also be capable of installing software updates on the H(e)NB.
A security gateway (SeGW) at the border of the core network of the service provider can connect a H(e)NB to the core network, after successful mutual authentication between the H(e)NB and the SeGW. A connection between the H(e)NB and the core network can be tunneled through the SeGW.
A H(e)NB can be provisioned with a device certificate that can allow the authentication of the H(e)NB by the SeGW and thereby to the mobile network. Also the SeGW can be provisioned with a certificate that can allow the authentication of the SeGW by H(e)NB. A fixed broadband access network can be an untrusted access network to the mobile network, thereby the authentication of the H(e)NB and/or user can be transparent to the fixed broadband access network. Internet Protocol (IP) Security (IPsec) is a protocol that provides internet security architecture for data confidentiality, data integrity, and data authentication to support secure exchange of packets at the IP layer. The IPsec can support two encryption modes, transport and tunnel. Transport mode can encrypt only the data portion (payload) of each packet, leaving the header untouched. Tunnel mode can encrypt both the header and the payload. The tunnels can connect sites which together form virtual private networks.
A global navigation satellite system (GNSS) is a satellite system that can be used to find out the exact location of a user's receiver anywhere in the world. A H(e)NB can have capability to receive GNSS transmissions.
To satisfy various security, regulatory and operational requirements, service providers can require assurance of an access node or an access network via which a user is accessing the core network. This process is called location verification. A verifying node, for example, a H(e)MS and/or HNB-GW, can perform location verification. Different types of location information relating to the access node or the access network can be stored in the verifying node by service providers for location verification purposes. The verifying node can obtain location information from the access node or the access network which can be used to perform location verification. The received location information can be compared with the stored information in the verifying node.
In case the verification fails, the verifying node can, for example, raise an alarm or order the H(e)NB to cease handling of connections. The H(e)NB can terminate connections immediately or can wait until any calls in progress have been completed. Location information can be used for example for a HNB-GW discovery and/or registration to a Home NodeB Management System HMS. When a HNB is initially powered up, it can contact with, for example, an initially configured HMS to discover a HNB-GW. The HMS (initial) can assign a HNB corresponding local access information of a Sec-GW serving the HNB, another serving HMS and/or optionally another HNB-GW according to the location information of the HNB.
The HNB-GW information can be provided either by the HMS (initial) or the HMS
(serving). The HNB can be pre-configured with address information of the HMS (initial) and Sec-GW (initial), while the HMS (serving) can be physically different from the HMS (initial).
HNB registration is a process to put the HNB into service when it is initially powered up. The process can contain two registration phases: a registration to a HMS (serving) and a registration to a HNB-GW. Upon the registration to the HMS (serving) the the HNB can send to the HMS (serving) a request containing, for example, HNB location parameters and HNB identity. Upon the registration to the HNB-GW the HNB can send to the HNB- GW a request to register containing, for example, HNB location parameters and HNB identity.
Figure 1 illustrates architecture relevant for aspects of the invention. A UE 1 which is roaming in a micro network (e.g. a private home network) is connected to a local base station 2, for example to a femto access point or a HNB. The UE 1 can access the mobile core network via broadband fixed access 3, for example over an xDSL connection. The broadband network 3 can be connected via a BRAS 5 to a security GW 7 of a mobile network. The mobile network can have a HNB GW 8 which can be integrated to the Sec- GW 7. The broadband network 3 can have its own policy entity 4 which can interface a policy entity 15 of the mobile network over S9* interface 6. A H(e)MS 18 can interface the Sec-GW 7.
The mobile network has a mobile switching center (MSC) 1 1 , which provides for example call control functionality, a SGSN 12 which provides packet data switching and services and a mobility management entity (MME) 13.
A packet data connection from the fixed broadband network 3 can traverse via a serving GW 10 and a packet data gateway 14 to a packet core or internet. The protocol used for a packet data connection between the SGW 10 and the PGW 14 can be, for example, GTP or PMIP. When the UE 1 is roaming, the visited network can have a policy entity 15 which can connect a policy entity 16 in the home network of the UE 1 over S9 interface 17 and a policy entity 4 in the fixed broadband network over S9* interface. The serving gateway 10 can be co-located with the sec-GW7.
Some aspects of the invention are explained in the following with help of figures 2 and 3.
An access network entity 2, for example, a HNB can be aware of location verification parameters, such as a public internet protocol (IP) address of a broadband access device, an access line location identifier, information of macro-cells surrounding the apparatus, and/or, geographical coordinates.
The access network entity 2 can be made aware of a line identifier, for example, by configuration when installing the access network entity 2 or even automatically by information exchange between the access network entity 2 and a broadband / DSL modem the access network entity 2 connects to.
According to an aspect of the invention, an access network entity 2 can provide location information, for example location verification parameters, in a packet data connection establishment or information exchange signaling to a packet core network, for example, in an internet protocol (IP) connection establishment or information exchange signaling, or in an I Psec tunnel establishment message exchange or information message exchange to the Security-GW (7), as shown as examples with signals 201 (Fig 2) and 301 (Fig 3).
According to an aspect of the invention, a protocol extension can be implemented to enable the transfer of location verification parameters in packet data connection establishment and/or information exchange/update messages, for example, in a tunnel establishment and/or information exchange/update messages. The extension may be, for example, a new payload that can carry location verification parameters within tunnel establishment and/or information exchange/update messages. For example, a vendor specific extension to the protocol can be provided, as specified in Internet Engineering Task Force (I ETF) specification RFC 5996. New parameters can be added to existing protocols and interface, for example to PMI P, GTP, Gx and/or S9, to transfer location information of the fixed access network.
According to an aspect of the invention, a packet data entity 7 or 10 or 13 in the packet core network receiving the location information can transmit the location information to a verifying entity 8, 18 which can perform the location verification. The verifying entity 8, 18 can be, for example, a HNB GW 8 or H(e)MS 18.
According to an aspect of the invention, the packet data entity 7 can transmit 203, 3030 one or more of the verification parameters to a serving gateway (SGW) 10. The sec-GW 7 and SGW 10 functionalities can be implemented in the same physical entity.
According to an aspect of the invention, the packet data entity 7 and/or the SGW 10 can transmit 205, 305 one or more of the verification parameters further to a PDN Gateway (PGW) 14. According to an aspect of the invention, the packet data entity 7 and/or the SGW 10 can transmit one or more of the verification parameters further to a visited PCRF (V-PCRF)
15, when establishing a control session towards the V-PCRF 15, as in message exchange 308, 309 in figure 3. Alternatively, the V-PCRF 15 can obtain one or more of the verification parameters from a H-PCRF 16, for example, upon the S9* session
establishment 31 1 , 314 as shown in figure 3.
According to an aspect of the invention, the PGW 14 can transmit one or more of the verification parameters/information further to the home PCRF (H-PCRF) 16, for example, among regular parameters like User/UE ID etc., upon contacting the H-PCRF 16.
According to an aspect of the invention, network entities 10, 14, 4, 15, 16 can use the received location verification parameters, or relevant parts of them, for example address realm, to find/discover the correct counterpart, for example a PCRF or BPCF. Mapping from a location parameter to a contact address may be performed, for example, by local configuration or through a query to an entity that maintains such address/contact links.
According to an aspect of the invention, a home PCRF (H-PCRF) 16 can use 310 the location parameters to discover a visited PCRF (V-PCRF) 15 that was selected earlier by the SGW 10 in signal 308 (Figure 3).
According to an aspect of the invention, a V-PCRF 15 can use 315 the location parameters to discover a BPCF 4 that controls a BNG 5 through which the IP tunnel is connected.
According to an aspect of the invention, in a non-roaming case of figure 2 a home PCRF 16 may use 208 the location verification parameters to find/discover a correct BPCF 4. According to an aspect of the invention, in a non-roaming case of figure 2 the PCRF 16 can either request 209 the BPCF 4 to establish an S9* control session towards the PCRF
16, or the PCRF 16 can itself initiate an S9* control session towards the BPCF 4. The message exchange 21 1 , 212 can transfer QoS rules and possibly other parameters from the PCRF 16 to the BPCF 4.
According to an aspect of the invention, in a roaming case of figure 3, a home PCRF 16 can either request in 311 a visited PCRF 15 to establish an S9 control session towards the home PCRF 16, or the home PCRF 16 can itself initiate an S9 control session towards the visited PCRF 15. The message exchange 313, 314 can transfer PCC rules and possibly other parameters from the home PCRF 16 to the visited PCRF 15. Further, the visited PCRF 15 can either request 16 the BPCF 4 to establish an S9* control session towards the visited PCRF 15, or the visited PCRF 15 may itself initiate an S9* control session towards the BPCF 4. The message exchange 318, 319 can transfer QoS rules, possibly derived from the PCC rules, and possibly other parameters from the visited PCRF 15 to the BPCF 4.
Figure 4 illustrates an example internal structure and functions of apparatuses
implementing aspects of the invention. An apparatus 2 has an establishing unit 405 which can be configured to establish, maintain, control and/or terminate a packet data connection, for example an IPSec tunnel, for UE 1. A location unit 402 can be configured to maintain location information relating to the apparatus 2, for example, a public internet protocol (IP) address of the apparatus, an access line location identifier, information of macro-cells surrounding the apparatus or its geographical coordinates. The location information maintained in the location unit 402 can be a fixed network location of the apparatus. An including unit 403 can be configured to obtain location information from the location unit 402 in a signaling message and can transmit the signaling message to a transmitting unit 401 which can transmit the signaling message to a network. The transmitting unit 401 can transmit the signaling message over fixed access network to a gateway 7 in a mobile network, and can transmit during establishment of the packet data connection or later within signaling and/or information exchange messages during the active connection phase. The transmitting unit 401 can be configured to transmit and receive packet data to and from an access unit 404 which can be configured to control and relay user data signaling with the UE 1.
An apparatus 7 can have an establishing unit 41 1 which can be configured to establish, maintain, control and/or terminate a packet data connection, for example an IPSec tunnel, with an access network entity 2. A receiving unit 410 can be configured to receive location information, for example a fixed network location, associated with the access network entity 2. The unit 410 can be configured to receive the location information during establishment of the packet data connection or later within signaling and/or information exchange messages during the active connection phase. A location unit 412 can be configured to transmit the location information to a verifying node 8, 18 for verifying the location information and can be configured to receive from the node 8, 18 a response to the location verifying operation. A transmitting unit 413 can be configured to transmit the location information to a further packet data entity 10, 14 in the mobile network. All units described above in relation to figure 5 may be implemented for example using microprocessors, chips and/or other electrical components and/or by software.
A packet data gateway entity, a verifying entity and an access network entity may be physically implemented in a switch, router, server or other hardware platform or electronic equipment which can support data transmission and processing tasks, or can be implemented as a component of other existing device.
Figure 5 illustrates an example process which can be implemented by one or more apparatuses or software components implementing aspects of the invention. First a packet data connection is established 51 , for example, between a fixed access network access node and a packet data gateway of a mobile core network. Location information relating to the access node is included 52 in a signaling message which can be
transmitted 53, for example, by the access node through the fixed access network to the packet data gateway in the mobile core network. The location information can be verified 54, for example, by a verifying node in the mobile core network. The location information can be transmitted 55 after the verification to further nodes (PDN, SGW, H-PCRF, V- PCRF, BPCF) in the mobile core network which can use the location information, for example, to resolve an identity of a node, for example a policy entity, which should be involved in controlling the connection.
For the purpose of the present invention as described herein above, it should be noted that
- an access technology via which signaling is transferred to and from a network element or node may be any technology by means of which a node can access an access network
(e.g. via a base station or generally an access node). Any present or future technology, such as WLAN (Wireless Local Access Network), WiMAX (Worldwide Interoperability for Microwave Access), BlueTooth, Infrared, and the like may be used; although the above technologies are mostly wireless access technologies, e.g. in different radio spectra, access technology in the sense of the present invention implies also wirebound technologies, e.g. IP based access technologies like cable networks or fixed lines but also circuit switched access technologies; access technologies may be distinguishable in at least two categories or access domains such as packet switched and circuit switched, but the existence of more than two access domains does not impede the invention being applied thereto,
- usable access networks may be any device, apparatus, unit or means by which a station, entity or other user equipment may connect to and/or utilize services offered by the access network; such services include, among others, data and/or (audio-) visual communication, data download etc.;
- a user equipment may be any device, apparatus, unit or means by which a system user or subscriber may experience services from an access network, such as a mobile phone, personal digital assistant PDA, or computer;
- method steps likely to be implemented as software code portions and being run using a processor at a network element or terminal (as examples of devices, apparatuses and/or modules thereof, or as examples of entities including apparatuses and/or modules therefor), are software code independent and can be specified using any known or future developed programming language as long as the functionality defined by the method steps is preserved;
- generally, any method step is suitable to be implemented as software or by hardware without changing the idea of the invention in terms of the functionality implemented;
- method steps and/or devices, apparatuses, units or means likely to be implemented as hardware components at a terminal or network element, or any module(s) thereof, are hardware independent and can be implemented using any known or future developed hardware technology or any hybrids of these, such as MOS (Metal Oxide Semiconductor), CMOS (Complementary MOS), BiMOS (Bipolar MOS), BiCMOS (Bipolar CMOS), ECL (Emitter Coupled Logic), TTL (Transistor-Transistor Logic), etc., using for example ASIC (Application Specific IC (Integrated Circuit)) components, FPGA (Field-programmable
Gate Arrays) components, CPLD (Complex Programmable Logic Device) components or DSP (Digital Signal Processor) components; in addition, any method steps and/or devices, units or means likely to be implemented as software components may for example be based on any security architecture capable e.g. of authentication,
authorization, keying and/or traffic protection;
- devices, apparatuses, units or means can be implemented as individual devices, apparatuses, units or means, but this does not exclude that they are implemented in a distributed fashion throughout the system, as long as the functionality of the device, apparatus, unit or means is preserved,
- an apparatus may be represented by a semiconductor chip, a chipset, or a (hardware) module comprising such chip or chipset; this, however, does not exclude the possibility that a functionality of an apparatus or module, instead of being hardware implemented, be implemented as software in a (software) module such as a computer program or a computer program product comprising executable software code portions for
execution/being run on a processor;
- a device may be regarded as an apparatus or as an assembly of more than one apparatus, whether functionally in cooperation with each other or functionally
independently of each other but in a same device housing, for example.

Claims

Claims
1. An apparatus (H(e)NB), comprising
means for establishing (405) a packet data connection with a packet data gateway of a mobile network,
means for including (403) location information of a fixed access network in a signaling message, and,
means for transmitting (401) the signaling message to the packet data gateway
2. An apparatus of claim 1 , wherein the packet data connection comprises a secure internet protocol (IP) tunnel and the packet data gateway comprises a security gateway.
3. An apparatus of claim 1 or 2, wherein the means for transmitting is configured to transmit the signaling message during establishment of the packet data connection.
4. An apparatus of any of claims 1 - 3, wherein the location information comprises at least one of:
- a public internet protocol (IP) address of a broadband access device,
- an access line location identifier,
- information of macro-cells surrounding the apparatus, and,
- geographical coordinates.
5. An apparatus of any of claims 1 - 4, wherein the apparatus comprises a home node B.
6. An apparatus of any of claims 1 - 5, further comprising means for performing authentication procedure between the apparatus and the packet data gateway, wherein the authentication procedure is transparent to the fixed access network.
7. A method of transmitting location information from a fixed access network to a mobile core network for verifying the location information, comprising:
establishing (51) a packet data connection between a fixed access network and a mobile core network,
transmitting (53) location information of the fixed access network to the mobile core network, and,
verifying (54) the location information of the fixed access network at the mobile core network.
8. A method of claim 7, wherein the verifying is performed by a home node B management system (H(e)MS) or a home node B gateway (HNB-GW).
9. A method of claim 7 or 8, wherein the packet data connection comprises a secure internet protocol (IP) tunnel and wherein the transmitting comprises transmitting the location information within at least one signaling message for establishing the secure tunnel.
10. A method of any of claims 7 - 9, wherein the location information comprises at least one of:
- a public internet protocol (IP) address of a broadband access device,
- an access line location identifier,
- information of macro-cells surrounding the apparatus, and,
- geographical coordinates.
11. A method of any of claims 7 - 10, further comprising transmitting (55) the location information to at least one of:
a packet data gateway (SGW, PDN),
a policy and/or charging entity of a home network of a user, and,
a policy and/or charging entity of a visited network.
12. A method of any of claims 7 - 1 1 , further comprising performing authentication procedure between the mobile core network and an access network entity connected through the fixed access network, wherein the authentication procedure is transparent to the fixed access network.
13. An apparatus (Sec-GW), comprising
means for establishing (41 1) a packet data connection with an access network entity, means for receiving (410) a signaling message comprising location information of a fixed access network from the access network entity.
14. An apparatus of claim 13, further comprising means for transmitting (412) the location information to a verifying entity for verifying the location information.
15. An apparatus of claim 13 or 14, wherein the packet data connection comprises a secure internet protocol (IP) tunnel.
16. An apparatus of any of claims 13 - 15, wherein the apparatus comprises at least one of a security gateway (7), a serving gateway (10) and a packet data gateway (14) and/or wherein the access network entity comprises a home node B.
17. An apparatus of any of claims 13 - 16, wherein the means for receiving is configured to receive the signaling message during establishment of the packet data connection.
18. An apparatus any of claims 13 - 17, further comprising means for transmitting (413) the location information to a packet data gateway (10, 14).
19. An apparatus any of claims 13 - 18, further comprising means for performing authentication procedure between the apparatus and the access network entity, wherein the authentication procedure is transparent to the fixed access network.
20. A method, comprising
establishing (51) a packet data connection with a packet data gateway of a mobile network,
including (52) location information of a fixed access network in a signaling message, and, transmitting (53) the signaling message to the packet data gateway.
21. A method, comprising
establishing (51) a packet data connection with an access network entity,
means for receiving (53) a signaling message comprising location information of a fixed access network from the access network entity.
22. A computer program product comprising code means adapted to produce steps of any of claims 7 - 12 and 20 - 21 when loaded into the memory of a computer.
PCT/EP2011/069270 2010-11-15 2011-11-03 Method, apparatus and system for transmitting location information WO2012065846A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP2010067466 2010-11-15
EPPCT/EP2010/067466 2010-11-15

Publications (1)

Publication Number Publication Date
WO2012065846A1 true WO2012065846A1 (en) 2012-05-24

Family

ID=44913277

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2011/069270 WO2012065846A1 (en) 2010-11-15 2011-11-03 Method, apparatus and system for transmitting location information

Country Status (1)

Country Link
WO (1) WO2012065846A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080112551A1 (en) * 2006-11-14 2008-05-15 Microsoft Corporation Secured communication via location awareness
US20100062791A1 (en) * 2008-09-08 2010-03-11 Huawei Technologies Co., Ltd. Method of location positioning and verification of an ap, system, and home register

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080112551A1 (en) * 2006-11-14 2008-05-15 Microsoft Corporation Secured communication via location awareness
US20100062791A1 (en) * 2008-09-08 2010-03-11 Huawei Technologies Co., Ltd. Method of location positioning and verification of an ap, system, and home register

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Universal Mobile Telecommunications System (UMTS); LTE; Security of Home Node B (HNB) / Home evolved Node B (HeNB) (3GPP TS 33.320 version 9.3.0 Release 9)", TECHNICAL SPECIFICATION, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE, vol. 3GPP SA 3, no. V9.3.0, 1 October 2010 (2010-10-01), XP014061682 *
"Universal Mobile Telecommunications System (UMTS); UTRAN architecture for 3G Home Node B (HNB); Stage 2 (3GPP TS 25.467 version 9.3.0 Release 9)", TECHNICAL SPECIFICATION, EUROPEAN TELECOMMUNICATIONS STANDARDS INSTITUTE (ETSI), 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS ; FRANCE, vol. 3GPP RAN 3, no. V9.3.0, 1 June 2010 (2010-06-01), XP014047284 *

Similar Documents

Publication Publication Date Title
JP6981491B2 (en) Communication systems, communication devices, communication methods, terminals, programs
EP3629673B1 (en) Policy and charging rules apparatus, method and computer program product
EP2676463B1 (en) Mobile router and method in an eps
US8849273B2 (en) Method and system for reporting fixed network access information
CN108401036B (en) Communication system
US9401888B2 (en) Internet protocol mapping resolution in fixed mobile convergence networks
US9019923B2 (en) Network devices and method for supporting downlink paging for LIPA or SIPTO
EP2557729A1 (en) Method and system for information transmission
US9119114B2 (en) Method and system for updating tunnel information
JP5972467B2 (en) Method and system for notifying location information of access network
KR20050105255A (en) Wlan tight coupling solution
CN106470465A (en) WIFI speech business initiating method, LTE communication equipment, terminal and communication system
CN106982427B (en) Connection establishment method and device
WO2012171430A1 (en) Method for obtaining tunnel information, a security gateway(segw) and an evolved home base station/ a home base station
WO2012100874A1 (en) Method, apparatus and system for deciding on a control entity for a packet data connection.
JP7066802B2 (en) Transport layer signal safety with next-generation firewall
WO2012065846A1 (en) Method, apparatus and system for transmitting location information
WO2012041128A1 (en) Communication network system, method and device for finding home node b strategy network element

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11779640

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11779640

Country of ref document: EP

Kind code of ref document: A1