WO2013096938A1 - Method and apparatus for load transfer - Google Patents

Method and apparatus for load transfer Download PDF

Info

Publication number
WO2013096938A1
WO2013096938A1 PCT/US2012/071540 US2012071540W WO2013096938A1 WO 2013096938 A1 WO2013096938 A1 WO 2013096938A1 US 2012071540 W US2012071540 W US 2012071540W WO 2013096938 A1 WO2013096938 A1 WO 2013096938A1
Authority
WO
WIPO (PCT)
Prior art keywords
wtru
server
profile
vpn
message
Prior art date
Application number
PCT/US2012/071540
Other languages
French (fr)
Inventor
Alain Charles Briancon
David Thompson
Egor ERMAKOV
Christopher Ward
Edward Thomas
Original Assignee
Airsense Wirelss Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Airsense Wirelss Ltd. filed Critical Airsense Wirelss Ltd.
Publication of WO2013096938A1 publication Critical patent/WO2013096938A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/16Performing reselection for specific purposes
    • H04W36/22Performing reselection for specific purposes for handling the traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Definitions

  • This application is related to network load balancing, offloading, and handover for wireless systems.
  • Wireless transmit/receive units such as cellular phones
  • SMS short message service
  • WTRUs Wireless transmit/receive units
  • SMS short message service
  • iOS Apple's iPhone operating system
  • Android Android
  • Some of the data-intensive tasks that may be performed on advanced WTRUs include web surfing, receiving and displaying web pages written in hypertext markup language 5 (HTML5), downloading applications, downloading mapping elements and other geographic data, streaming audio and video content, and video conferencing. Additionally, corporate users seek to have secure communication to corporate networks.
  • HTML5 hypertext markup language 5
  • some WTRUs implement one or more "cellular" mobile technologies, such as, but not limited to, UTMS, GSM, Edge, IS-95, WCDMA, TD-SCDMA, HSPDA, HSUDA, HSPA+, CDMA2000, IEEE 802.16 (WiMAX), LTE, 3G, 4G, TD- LTE.
  • the WTRUs also implement "local" wireless technology, such as Bluetooth and Wireless Local Area Network (WLAN) technologies, which are informally known as WiFi.
  • WLAN technologies include the IEEE 802. llx family protocols, including 802.11a/b/g/n.
  • APs wireless access points
  • WiFi hot spots also referred to as “hot spots” or “WiFi hot spots”
  • QoS quality of service
  • WTRUs between different air interfaces.
  • Many approaches rely on the use of the Remote Authentication Dial In User Service (RADIUS) protocol.
  • Other approaches include the installation of a background client, (for example, daemon), in the WTRU that scans for handover commands.
  • a background client for example, daemon
  • RADIUS server which servers as an authentication, (for example, identity authentication), authorization (for example, authority to perform a specific function), and accounting (AAA) server.
  • the RADIUS server supports authenticating users or devices before granting the users or devices access to a network, authorizing the users or devices to used network services, and accounting for the usage of the services.
  • RADIUS servers use a number of different technologies to manage quality- of- service (QoS) of WTRUs or wireless devices including technologies, such as IEEE 802.1p, 802.1Q, 802.11e, DiffServ, INtServ, RSVP, RSVP-TE, and MLPS.
  • QoS quality- of- service
  • EAP extensible authentication protocol
  • EAP methods include, among others, LEAP, EAP-TLS, EAP-MDS, EAP-PSK, EAP-TTLS, EAP-IKEv2, EAP-PEAP, EAP- FAST, EAP-SIM, EAP-AKA, EAP-AKA', EAP-GTC, EAP- EKE.
  • EAP messages including 802. IX, Protected Extensible Authentication Protocol (PEAP), Transport Layer Security (TLS) Tunnel, and Protocol for Carrying Authentication for Network Access (PAN A).
  • PEAP Protected Extensible Authentication Protocol
  • TLS Transport Layer Security
  • PAN A Protocol for Carrying Authentication for Network Access
  • a VPN Virtual Private Network
  • a VPN is a secured, private network connection that is built on top of publicly accessible infrastructure, such as the Internet, wireless cellular networks, and local area wireless networks.
  • a VPN provides remote users access to a central organizational network.
  • a VPN may also provide functionality that is found on any network, such as sharing of data and access to network resources, printers, databases, intranet websites, and the like.
  • a VPN user typically experiences the central network in a manner that is identical to being connected directly to the central network.
  • a VPN may be used to provide end-to- end, (for example, mobile phone to corporate network), security.
  • VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.
  • Authentication protocols presently in use include, among others, AKA, CAVE-based authentication, Challenge-handshake authentication protocol (CHAP), MS- CHAP, MS-CHAPv2, CRAM-MD5, Host Identify Protocol (HIP), Kerberos, Microsoft NT LAN Manager (NTLM), Password-authenticated key agreements, password Authentication Protocol (PAP), Secure Remote Password (SRP) protocol, TACACS, TACACS+, Woo-Lam (92) protocol, the Diameter protocol, RADIUS, and Extensible Authentication Protocol (EAP).
  • AKA AKA
  • CAVE-based authentication CAVE-based authentication
  • CHAP Challenge-handshake authentication protocol
  • MS-CHAP MS- CHAP
  • MS-CHAPv2 CRAM-MD5
  • HIP Host Identify Protocol
  • Kerberos Kerberos
  • NTLM Microsoft NT LAN Manager
  • a method and apparatus for load balancing are described.
  • a request to associate with an access point is received from a wireless transmit/receive unit (WTRU) and an association profile is generated and transmitted to the WTRU.
  • WTRU wireless transmit/receive unit
  • an association profile is generated and transmitted to the WTRU.
  • VPN Virtual Private Network
  • VPN status information is received from the WTRU.
  • a second configuration profile is generated and transmitted to the WTRU.
  • an Internet Control Message Protocol (ICMP) message is transmitted to the WTRU.
  • ICMP Internet Control Message Protocol
  • QoS quality- of- service
  • An attribute of the QoS message may be based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
  • FIG. 1 shows an example network architecture that includes networks of diverse radio access technologies
  • FIGs. 2A and 2B show a method for performing load balancing in wireless networks
  • FIG. 3 shows a block diagram of a WTRU that may be used to implement features described herein;
  • FIG. 4 shows a block diagram of a server computer that may be used to implement features described herein.
  • Described herein are a method and apparatus for the performance of load balancing and transfer in wireless networks.
  • the wireless networks may be of the same or of different types.
  • a RADIUS-based authentication procedure may be performed in 802. llx networks, where push notification technologies may be used to trigger WTRU handover between networks.
  • Push notification technologies may include, among others, Apple's Apple Push Notification Service (APNS), which is supported on iOS devices, and Cloud to Device Messaging (C2DM), which is supported in the Android operating system.
  • APNS Apple's Apple Push Notification Service
  • C2DM Cloud to Device Messaging
  • AAAME Authentication, Authorization, and Accounting Management Entity
  • the AAAME may perform or implemented features described herein.
  • a WTRU may be any device capable of communicating in a wireless environment including, but is not limited to, a wireless phone, a smartphone, a tablet, a personal computer, a Universal Serial Bus (USB) modem, a Personal Computer Memory Card International Association (PCMCIA) modem, a telemetry modem, a test modem, a user equipment (UE), a station (STA), a mobile station (MS), a subscriber terminal, and/or a mobile terminal.
  • USB Universal Serial Bus
  • PCMCIA Personal Computer Memory Card International Association
  • the WTRU may be equipped with an operating system (OS) that permits or does not permit a background task to run or be executed.
  • OS operating system
  • the WTRU's OS may put limits, (for example, time constraints or location constraints), on background tasks or, alternatively, the OS of the WTRU may not put limits on background tasks.
  • the AAAME may use standard signaling associated with VPN technologies in order change the configuration of a WTRU and, thus, enable load balancing the networks to which the WTRU may associate or connect or via which the WTRU may receive connectivity.
  • the AAAME may send a formatted notification to an advertising server (AS).
  • ASs or "ad servers” are specialized web servers that store advertisements and deliver the advertisements to web browsers.
  • the ad servers may be local, whereby the ad serves serve a single publisher or locale, for example, to support, among other, a barker signal.
  • an ad server may be remote, whereby the ad server serves multiple publishers and locales.
  • ad servers include Adblade, open AdStream, Adform, adk2, ADTECH, AppNexus, EmediateAd, DoubleClick, OpenX, Smart AdServer, Zedo.
  • an ad server may directly integrate into applications such as Apple Inc.'s IAd and Google's AdMob.
  • the AAAME may send a notification to a web service (WS) server to notify the WS of the presence of the WTRU.
  • WS web service
  • Such may be performed by sending a message using the Simple Object Access Protocol (SOAP) standard, using a Remote Procedure Call (RPC) technology and the Web Services Description Language (WSDL), executing a Common Object Request Broker Architecture (CORBA) object request, sending one or more messages using an Open Software Federation Distributed Computing Environment (DCE) technology, Microsoft Distributed Component Object Model (DCOM) technology, or Java Remote Method Invocation (RMI) technology.
  • DCE Open Software Federation Distributed Computing Environment
  • DCOM Microsoft Distributed Component Object Model
  • RMI Java Remote Method Invocation
  • the web services with which the AAME may interact may be web services offered by social networks such as Facebook or Google+.
  • the AAAME may be hosted by the same device as the AS or the WS server.
  • FIG. 1 shows an example of a network architecture.
  • the network architecture includes a plurality of WLAN APs 101 (singularly referred to hereinafter as AP 101), which are managed by a plurality of RADIUS servers 102.
  • An AP 101 provides an area of coverage 103 with QoS and cost of use.
  • a cellular network 104 provides coverage to a coverage area 105, access to the cellular network by third parties is controlled by an AAA Server 106.
  • the radius servers 102 and the AAA server 106 are connected to each other and additional entities via the Internet 107.
  • Also connected to the Internet 107 are an AAMME 108, a notification server 109, and a web services server 110, a social network web services server 111, and an advertising server 112.
  • a plurality of WTRUs 114— 118 are also connected to the internet via an AP 101 or the cellular network.
  • WTRU 114 receive coverage only via a WLAN facilitated by an AP 101 whereas other WTRUs, e.g., WTRU 116, receive cellular coverage only.
  • WTRUs such as WTRU 117
  • WTRUs such as WTRU 118
  • WTRUs such as WTRU 115
  • WTRUs 114 - 118 are singularly referred to herein as WTRU 114.
  • FIGs. 2A and 2B shows a message flow diagram for performing load balancing.
  • a WTRU 114, an AAAME 108, a push gateway 204, an AP 101, and a RADIUS server 102 exchange messages for performing load balancing.
  • the AAAME 108 includes a hypernet controller (HC) 201, an AAA RADIUS server 202, and a VPN server 203.
  • the WTRU 114 is managed by the AAAME 108 for load balancing.
  • the AAAME 108 interfaces with the push gateway 204 (or alternatively, a push server) and the push gateway 204 supports the OS of the WTRU 114.
  • Configuration information associated with a set of access points is created by the AAAME 108 and pushed to the WTRU 114 using the push gateway 204 210.
  • Sending the configuration information facilitates establishing a connection between the WTRU 114 and the AP 101.
  • the configuration information may include a certificate, a password, or login information.
  • the WTRU 114 may use the configuration information to make a request to connect to the AP 101. Further, sending the configuration information allows faster connection establishment in a WTRU whose OS does not support the execution of background tasks. Having received the configuration information, the WTRU is relieved from the task of executing a background task.
  • the HC 201 sends a request for access provisioning for the WTRU
  • the AAA RADIUS server 202 provisions WTRU access and a user account for the WTRU that may be used for standard RADIUS AAA.
  • the AAA RADIUS server 202 may generate a certificate for the WTRU 114 and provision AP access 212.
  • Provisioned user credentials may include a user name and cleartext password attributes for use with an authentication mechanism such as EAP-PAP, EAP-TTLS and the like.
  • the provisioned user credentials may also include a user name and certificate for use with an authentication mechanism, such as EAP-TLS and the like, and any other valid RADIUS authentication credentials forms.
  • the AAA RADIUS server 202 then provides an access certificate including the WTRU credentials to the HC 201 213.
  • the HC 201 creates a WTRU configuration profile including the
  • WTRU credentials generated by the AAA RADIUS server 202 214 and pushes the configuration profile to the WTRU via push gateway 204 215.
  • the configuration profile may be pushed using a profile sync request.
  • the push gateway 204 sends the configuration profile to the WTRU 114 216, for example, using a sync request.
  • the WTRU 114 may then synchronize its profile with the HC 201.
  • an initial connection or association is established for the WTRU 114 with the RADIUS server 102 220 based on the WTRU's 114 request.
  • the WTRU 114 sends a request to associate to the AP 101 221.
  • the request may be based on the credentials or configuration profile with which the WTRU 114 was configured. Further, the request to associated may sent using EAP-TLS and the AP 101 may operate in accordance with IEEE 802. llx.
  • the AP 101 commences a RADIUS authentication/authorization sequence to verify that the WTRU has a right to or may be allowed to connect to the AP 101.
  • the AP 101 sends an access request to the RADIUS server 102 222.
  • the RADIUS server 102 proxies the access request to the AAA
  • RADIUS server 202 by sending the access request to the AAA RADIUS server 202 223. In order to complete the authentication or authorization of the WTRU 114, a number of RADIUS-related transaction sequences may then occur. The transaction sequences may be based on an authentication scheme utilized.
  • the AAA RADIUS server 202 performs authentication or authorization, and upon successfully completing the authentication or authorization, the AAA RADIUS server 202 sends an access acceptance message to the RADIUS server 102 224.
  • the RADIUS server 102 proxies the access acceptance message to the AP 101 225 and, accordingly, the AP 101 notifies the HC 201 that the WTRU 114 is in the final stage of connecting to the AP 101 227.
  • the AP 101 accepts the WTRU 114 association and sends an association accepted message to the WTRU 114 226 to indicate to the WTRU 114 that the association is accepted. Subsequently, the WTRU 114 may get connected to the Internet via the AP 101 and the initial connection or association may be said to have been established.
  • the HC 201 of the AAAME 202 creates one or more VPN configuration profiles that may include a QoS VPN configuration 230.
  • the HC 201 pushes the one or more VPN configuration profiles to the WTRU 114 via the push gateway 204 240 using, for example, using a sync request.
  • the push gateway 204 may modify the one or more VPN configuration profiles before sending the one or more VPN configuration profiles to the WTRU 114.
  • the WTRU 114 may synchronize its profile with HC 201.
  • the WTRU 114 may further establish a VPN connection with the VPN server 203 251, 252.
  • the VPN server 203 may test or measure the QoS of the WTRU's 114 connection via an Internet Control Message Protocol (I CMP) ping or message 253 and may receive an ICMP response from the WTRU 254.
  • the VPN server 203 may notify the HC 201 of the tested or measured QoS using a QoS message 254.
  • the HC 201 may acknowledge the QoS measurement by a QoS acknowledgement 255.
  • the VPN server 203 may generate a QoS measure associated with the WTRU 114 or the QoS message based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
  • the VPN server 203 may further generate the QoS value associated with the WTRU 114 or the QoS message based on the ICMP response received from the WTRU 114.
  • 201 creates a configuration profile that removes the VPN configuration but keeps AP 101 configuration. However, if the measured QoS is below the requirement or threshold, both the AP 101 configuration and the VPN configuration are removed from the configuration profile. When AP 101 configuration is removed from the profile, the WTRU 114 ceases its connection to the AP 101 and accordingly the QoS is used to influence AP 101 selection.
  • the HC 201 sends the configuration profile to the push gateway 204, for example, using a profile sync request 257 and the push gateway 204 sends the configuration profile to the WTRU 114 258.
  • the WTRU 114 is then configured according to the configuration profile 259 and the WTRU's 114 profile is synchronized with the HC 201.
  • additional configuration profiles such as, the configuration profile created by the HC 201 and described with reference to numeral 256, for example, may be created and provided to the WTRU 114.
  • the additional configuration profiles may be based information received from the WTRU, such as, an ICMP response, and/or on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
  • the push gateway 204 which proxies the configuration profiles, may modify a configuration profile before providing the configuration profile to the WTRU 114. If additional configuration profiles are generated and provided to the WTRU 114, the WTRU 114 may be reconfigured in accordance with each received configuration profile.
  • the generation of a configuration profile and the reconfiguration of the WTRU 114 based on the configuration profile enables load balancing and load offset, whereby the load on an AP 101 and the AP's 101 associated networks and coverage area may be modified and adjusted based on the QoS experienced by WTRUs.
  • the HC 201 may change the WTRU's 114 configuration profile and remove the AP 101 from the WTRU's 114 configuration profile.
  • the WTRU 114 may cease its connection to the AP 101 based on the absence of the AP's 101 configuration from the configuration profile.
  • the configuration profile may include configuration information associated with another AP whose resources are less contentious and the WTRU 114 may associate and establish a connection with the other AP to achieve load balancing.
  • handover for the WTRU 114 may be performed between two networks having the same access platform, such as two WLAN network, or between two network having different access platforms, such as a WLAN network and a cellular LTE network.
  • QoS factors such as a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information, may be utilized for load balancing by the WTRU 114 or the AAAME 108.
  • FIG. 3 shows a block diagram of an example WTRU.
  • the WTRU includes a processor, a memory device, one or more transceivers, a data storage device, and a display device.
  • the processor, memory device, one or more transceivers, data storage device, and display device may be connected via a system bus in the WTRU, and/or via another interface.
  • the memory device may be or include a device such as a Dynamic
  • D-RAM Dynamic RAM
  • S-RAM Static RAM
  • flash memory any other type of device for persistent data storage.
  • the one or more transceivers may implement various radio access technologies, including any combination of the radio access technologies described herein, such as UTMS, GSM, Edge, IS-95, WCDMA, TD-SCDMA, HSPDA, HSUDA, HSPA+, CDMA2000, IEEE 802.16 (WiMAX), LTE, 3G, 4G, TD-LTE, Bluetooth, Wireless Local Area Network (WLAN) technology, or 802. llx.
  • radio access technologies described herein such as UTMS, GSM, Edge, IS-95, WCDMA, TD-SCDMA, HSPDA, HSUDA, HSPA+, CDMA2000, IEEE 802.16 (WiMAX), LTE, 3G, 4G, TD-LTE, Bluetooth, Wireless Local Area Network (WLAN) technology, or 802. llx.
  • the display device may be a Liquid Crystal Display (LCD) or Organic
  • the display may be a touchscreen display, which may be based on one or more technologies such as resistive touschreen technology, surface acoustic wave technology, surface capacitave technology, projected capacitave technology, and/or any other appropriate touchscreen technology.
  • the WTRU described with reference to FIG. 3 may be configured to perform any feature or features described herein as performed by a WTRU.
  • the memory device and/or the data storage device in the WTRU may store instructions which, when executed by the processor in the WTRU (in conjunction with the other components in the WTRU such as the one or more transceivers, memory device, display device and/or data storage device), cause the WTRU to perform any feature or combination of features described herein as performed by a WTRU.
  • the AAAME 108 may gather statistics associated with network operation for load balancing and for achieving a desired QoS.
  • FIG. 4 is a block diagram of a server computer that may be used to implement features described herein.
  • the server computer includes a processor, a memory device, one or more network interfaces, and a data storage device. These components may be connected via a system bus in the server computer, and/or via other appropriate interfaces within the server computer.
  • the memory device may be or include a device such as a Dynamic
  • D-RAM Dynamic RAM
  • S-RAM Static RAM
  • flash memory any other type of electronic device for persistent data storage.
  • the one or more network interfaces may be or include one or more wired and/or wireless transceivers, and/or may implement various wired and/or wireless data communication technologies, including any combination of the radio access technologies mentioned herein.
  • the one or more network interfaces may implement technologies such as IEEE 802.3 and/or Digital Subscriber Line (DSL) technology.
  • the server computer of FIG. 4 may be configured to perform any feature or combination features described herein as performed by a server computer, and/or any feature or combination of features described herein as performed by an AAME, AS, and/or WS.
  • the memory device and/or the data storage device in the server computer may store instructions which, when executed by the processor in the server computer (in conjunction with the other components in the server computer such as the one or more network interfaces, memory device, and/or data storage device), cause the server computer to perform any feature or combination of features described herein as performed by an AAME, AS, and/or WS.
  • connection means that elements within the system are connected physically or functionally connected (via, for example, a remote connection).
  • a connection may be temporary or permanent.
  • a remote connection may be through a localized Radio Frequency link.
  • a connection may be a wireline connection through a dedicated network and/or via the Internet.
  • Examples of computer-readable storage media include, but are not limited to, a read only memory (ROM), a random access memory (RAM), a register, a cache memory, a semiconductor memory device, a magnetic media, (e.g., an internal hard disc or a removable disc), a magneto- optical media, and an optical media such as a compact disc (CD) or a digital versatile disc (DVD).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and apparatus for load balancing in wireless networks is disclosed. In the method and apparatus a RADIUS-based authentication procedure is utilized and push notifications are used to trigger handover of WTRUs between networks. Further an authentication, authorization, and accounting management entity (AAAME) is utilized for performing the load balancing.

Description

METHOD AND APPARATUS FOR LOAD TRANSFER
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims the benefit of U.S. Provisional Application
No. 61/579,761 filed December 23, 2011, the contents of which is hereby incorporated by reference herein.
TECHNICAL FIELD
[0002] This application is related to network load balancing, offloading, and handover for wireless systems.
BACKGROUND
[0003] Wireless transmit/receive units (WTRUs), such as cellular phones, were primarily used in the past to receive voice calls and carry voice traffic and text messages, such as short message service (SMS). Today, however, WTRUs are used to access information while on the go from a variety of different sources, such as the World Wide Web, application stores, and corporate resources. Advanced WTRUs, (for example, smart phones using operating systems, such as Apple's iPhone operating system (iOS) and Android) require significant wireless network resources due to the large data traffic they generate. Some of the data-intensive tasks that may be performed on advanced WTRUs include web surfing, receiving and displaying web pages written in hypertext markup language 5 (HTML5), downloading applications, downloading mapping elements and other geographic data, streaming audio and video content, and video conferencing. Additionally, corporate users seek to have secure communication to corporate networks.
[0004] Many WTRUs have the capability to support multiple air interfaces.
For example, some WTRUs implement one or more "cellular" mobile technologies, such as, but not limited to, UTMS, GSM, Edge, IS-95, WCDMA, TD-SCDMA, HSPDA, HSUDA, HSPA+, CDMA2000, IEEE 802.16 (WiMAX), LTE, 3G, 4G, TD- LTE. Further, the WTRUs also implement "local" wireless technology, such as Bluetooth and Wireless Local Area Network (WLAN) technologies, which are informally known as WiFi. Examples of WLAN technologies include the IEEE 802. llx family protocols, including 802.11a/b/g/n.
[0005] More recently, wireless access points (APs), also referred to as "hot spots" or "WiFi hot spots", that are based on technologies in the IEEE 802.11 family have become more and more prevalent in businesses and homes. Operators and consumers alike seek to leverage the wireless APs to manage their traffic and provide communication services with adequate and predictable quality of service (QoS).
[0006] Multiple methods have been proposed to perform handovers of
WTRUs between different air interfaces. Many approaches, as described in further detail herein, rely on the use of the Remote Authentication Dial In User Service (RADIUS) protocol. Other approaches include the installation of a background client, (for example, daemon), in the WTRU that scans for handover commands.
[0007] Implementation of the RADIUS protocol typically involves hosting a
RADIUS server, which servers as an authentication, (for example, identity authentication), authorization (for example, authority to perform a specific function), and accounting (AAA) server. As such, the RADIUS server supports authenticating users or devices before granting the users or devices access to a network, authorizing the users or devices to used network services, and accounting for the usage of the services.
[0008] RADIUS servers use a number of different technologies to manage quality- of- service (QoS) of WTRUs or wireless devices including technologies, such as IEEE 802.1p, 802.1Q, 802.11e, DiffServ, INtServ, RSVP, RSVP-TE, and MLPS.
[0009] Further, the extensible authentication protocol (EAP) is an authentication framework used in wireless networks to transmit and process keys, profiles and authentication methods. EAP methods include, among others, LEAP, EAP-TLS, EAP-MDS, EAP-PSK, EAP-TTLS, EAP-IKEv2, EAP-PEAP, EAP- FAST, EAP-SIM, EAP-AKA, EAP-AKA', EAP-GTC, EAP- EKE. Different mechanisms may be used to encapsulate EAP messages, including 802. IX, Protected Extensible Authentication Protocol (PEAP), Transport Layer Security (TLS) Tunnel, and Protocol for Carrying Authentication for Network Access (PAN A).
[0010] Of importance in securing communications, and accordingly, preventing breaches in security, is utilization of a Virtual Private Network (VPN). A VPN is a secured, private network connection that is built on top of publicly accessible infrastructure, such as the Internet, wireless cellular networks, and local area wireless networks. A VPN provides remote users access to a central organizational network. Further, a VPN may also provide functionality that is found on any network, such as sharing of data and access to network resources, printers, databases, intranet websites, and the like. A VPN user typically experiences the central network in a manner that is identical to being connected directly to the central network. In addition, a VPN may be used to provide end-to- end, (for example, mobile phone to corporate network), security.
[0011] VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties. Authentication protocols presently in use include, among others, AKA, CAVE-based authentication, Challenge-handshake authentication protocol (CHAP), MS- CHAP, MS-CHAPv2, CRAM-MD5, Host Identify Protocol (HIP), Kerberos, Microsoft NT LAN Manager (NTLM), Password-authenticated key agreements, password Authentication Protocol (PAP), Secure Remote Password (SRP) protocol, TACACS, TACACS+, Woo-Lam (92) protocol, the Diameter protocol, RADIUS, and Extensible Authentication Protocol (EAP).
[0012] Current approaches to handling load balancing suffer from a multitude of issues. For example, many approaches require significant amounts of power or require that a proprietary client application be installed or downloaded onto the WTRU. Further, it may be required that the operating system of the WTRU supports concurrent operation of multiple applications and if not security issues may be invoked. It is, therefore, desirable to have a method and apparatus for load balancing and transfer. SUMMARY
[0013] A method and apparatus for load balancing are described. In the method and apparatus, a request to associate with an access point is received from a wireless transmit/receive unit (WTRU) and an association profile is generated and transmitted to the WTRU. Further in the method and apparatus, a Virtual Private Network (VPN) configuration profile is generated and transmitted to the WTRU. In one embodiment, VPN status information is received from the WTRU.
[0014] In another embodiment, a second configuration profile is generated and transmitted to the WTRU. In yet another embodiment, an Internet Control Message Protocol (ICMP) message is transmitted to the WTRU. Additionally, a quality- of- service (QoS) message may be generated and transmitted to a server. An attribute of the QoS message may be based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] A more detailed understanding may be had from the following description, given by way of example in conjunction with the accompanying drawings wherein:
[0016] FIG. 1 shows an example network architecture that includes networks of diverse radio access technologies;
[0017] FIGs. 2A and 2B show a method for performing load balancing in wireless networks;
[0018] FIG. 3 shows a block diagram of a WTRU that may be used to implement features described herein; and
[0019] FIG. 4 shows a block diagram of a server computer that may be used to implement features described herein. DETAILED DESCRIPTION
[0020] Described herein are a method and apparatus for the performance of load balancing and transfer in wireless networks. The wireless networks may be of the same or of different types. A RADIUS-based authentication procedure may be performed in 802. llx networks, where push notification technologies may be used to trigger WTRU handover between networks. Push notification technologies that may be used may include, among others, Apple's Apple Push Notification Service (APNS), which is supported on iOS devices, and Cloud to Device Messaging (C2DM), which is supported in the Android operating system. Also described herein is an Authentication, Authorization, and Accounting Management Entity (AAAME). The AAAME may perform or implemented features described herein.
[0021] As referred to herein, a WTRU may be any device capable of communicating in a wireless environment including, but is not limited to, a wireless phone, a smartphone, a tablet, a personal computer, a Universal Serial Bus (USB) modem, a Personal Computer Memory Card International Association (PCMCIA) modem, a telemetry modem, a test modem, a user equipment (UE), a station (STA), a mobile station (MS), a subscriber terminal, and/or a mobile terminal.
[0022] Further, the WTRU may be equipped with an operating system (OS) that permits or does not permit a background task to run or be executed. An examples of a WTRU, whose OS does not permit a background task to run or be executed, is an Apple iPhone running iOS version 4.x or 5.x. Further, the WTRU's OS may put limits, (for example, time constraints or location constraints), on background tasks or, alternatively, the OS of the WTRU may not put limits on background tasks.
[0023] The AAAME may use standard signaling associated with VPN technologies in order change the configuration of a WTRU and, thus, enable load balancing the networks to which the WTRU may associate or connect or via which the WTRU may receive connectivity. [0024] Further, upon completion of load balancing, (for example, providing configuration information to a WTRU to handover the WTRU between networks), the AAAME may send a formatted notification to an advertising server (AS). The ASs (or "ad servers") are specialized web servers that store advertisements and deliver the advertisements to web browsers. The ad servers may be local, whereby the ad serves serve a single publisher or locale, for example, to support, among other, a barker signal. Alternatively, an ad server may be remote, whereby the ad server serves multiple publishers and locales. Examples of ad servers include Adblade, open AdStream, Adform, adk2, ADTECH, AppNexus, EmediateAd, DoubleClick, OpenX, Smart AdServer, Zedo. Further, an ad server may directly integrate into applications such as Apple Inc.'s IAd and Google's AdMob.
[0025] Upon the completion of load balancing, (for example, providing configuration information to a WTRU to handover the WTRU between networks), the AAAME may send a notification to a web service (WS) server to notify the WS of the presence of the WTRU. Such may be performed by sending a message using the Simple Object Access Protocol (SOAP) standard, using a Remote Procedure Call (RPC) technology and the Web Services Description Language (WSDL), executing a Common Object Request Broker Architecture (CORBA) object request, sending one or more messages using an Open Software Federation Distributed Computing Environment (DCE) technology, Microsoft Distributed Component Object Model (DCOM) technology, or Java Remote Method Invocation (RMI) technology. The web services with which the AAME may interact may be web services offered by social networks such as Facebook or Google+. Further, the AAAME may be hosted by the same device as the AS or the WS server.
[0026] FIG. 1 shows an example of a network architecture. The network architecture includes a plurality of WLAN APs 101 (singularly referred to hereinafter as AP 101), which are managed by a plurality of RADIUS servers 102. An AP 101 provides an area of coverage 103 with QoS and cost of use. Further, a cellular network 104 provides coverage to a coverage area 105, access to the cellular network by third parties is controlled by an AAA Server 106. The radius servers 102 and the AAA server 106 are connected to each other and additional entities via the Internet 107. Also connected to the Internet 107 are an AAMME 108, a notification server 109, and a web services server 110, a social network web services server 111, and an advertising server 112. A plurality of WTRUs 114— 118 are also connected to the internet via an AP 101 or the cellular network.
[0027] As shown in FIG. 1, some of the WTRUs, e.g., WTRU 114, receive coverage only via a WLAN facilitated by an AP 101 whereas other WTRUs, e.g., WTRU 116, receive cellular coverage only. Further, WTRUs, such as WTRU 117, have both cellular and WLAN coverage whereas WTRUs, such as WTRU 118, receive coverage from two WLANs that are independently controlled by two APs 101. In addition, a WTRU, such as WTRU 115, does not receive either a WLAN or cellular coverage. The WTRUs 114 - 118 are singularly referred to herein as WTRU 114.
[0028] FIGs. 2A and 2B shows a message flow diagram for performing load balancing. A WTRU 114, an AAAME 108, a push gateway 204, an AP 101, and a RADIUS server 102 exchange messages for performing load balancing. Further, the AAAME 108 includes a hypernet controller (HC) 201, an AAA RADIUS server 202, and a VPN server 203. The WTRU 114 is managed by the AAAME 108 for load balancing. The AAAME 108 interfaces with the push gateway 204 (or alternatively, a push server) and the push gateway 204 supports the OS of the WTRU 114.
[0029] Configuration information associated with a set of access points is created by the AAAME 108 and pushed to the WTRU 114 using the push gateway 204 210. Sending the configuration information facilitates establishing a connection between the WTRU 114 and the AP 101. The configuration information may include a certificate, a password, or login information. The WTRU 114 may use the configuration information to make a request to connect to the AP 101. Further, sending the configuration information allows faster connection establishment in a WTRU whose OS does not support the execution of background tasks. Having received the configuration information, the WTRU is relieved from the task of executing a background task.
[0030] The HC 201 sends a request for access provisioning for the WTRU
114 to the AAA RADIUS server 202 211. The AAA RADIUS server 202 provisions WTRU access and a user account for the WTRU that may be used for standard RADIUS AAA. The AAA RADIUS server 202 may generate a certificate for the WTRU 114 and provision AP access 212. Provisioned user credentials may include a user name and cleartext password attributes for use with an authentication mechanism such as EAP-PAP, EAP-TTLS and the like. The provisioned user credentials may also include a user name and certificate for use with an authentication mechanism, such as EAP-TLS and the like, and any other valid RADIUS authentication credentials forms. The AAA RADIUS server 202 then provides an access certificate including the WTRU credentials to the HC 201 213.
[0031] The HC 201 creates a WTRU configuration profile including the
WTRU credentials generated by the AAA RADIUS server 202 214 and pushes the configuration profile to the WTRU via push gateway 204 215. The configuration profile may be pushed using a profile sync request. The push gateway 204 sends the configuration profile to the WTRU 114 216, for example, using a sync request. The WTRU 114 may then synchronize its profile with the HC 201.
[0032] Having received the configuration profile, an initial connection or association is established for the WTRU 114 with the RADIUS server 102 220 based on the WTRU's 114 request.
[0033] To perform connection or association with the AP 101, the WTRU 114 sends a request to associate to the AP 101 221. The request may be based on the credentials or configuration profile with which the WTRU 114 was configured. Further, the request to associated may sent using EAP-TLS and the AP 101 may operate in accordance with IEEE 802. llx. The AP 101 commences a RADIUS authentication/authorization sequence to verify that the WTRU has a right to or may be allowed to connect to the AP 101. The AP 101 sends an access request to the RADIUS server 102 222.
[0034] The RADIUS server 102 proxies the access request to the AAA
RADIUS server 202 by sending the access request to the AAA RADIUS server 202 223. In order to complete the authentication or authorization of the WTRU 114, a number of RADIUS-related transaction sequences may then occur. The transaction sequences may be based on an authentication scheme utilized. The AAA RADIUS server 202 performs authentication or authorization, and upon successfully completing the authentication or authorization, the AAA RADIUS server 202 sends an access acceptance message to the RADIUS server 102 224. The RADIUS server 102 proxies the access acceptance message to the AP 101 225 and, accordingly, the AP 101 notifies the HC 201 that the WTRU 114 is in the final stage of connecting to the AP 101 227. Further, the AP 101 accepts the WTRU 114 association and sends an association accepted message to the WTRU 114 226 to indicate to the WTRU 114 that the association is accepted. Subsequently, the WTRU 114 may get connected to the Internet via the AP 101 and the initial connection or association may be said to have been established.
[0035] The HC 201 of the AAAME 202 creates one or more VPN configuration profiles that may include a QoS VPN configuration 230. The HC 201 pushes the one or more VPN configuration profiles to the WTRU 114 via the push gateway 204 240 using, for example, using a sync request. The push gateway 204 may modify the one or more VPN configuration profiles before sending the one or more VPN configuration profiles to the WTRU 114. The WTRU 114 may synchronize its profile with HC 201. The WTRU 114 may further establish a VPN connection with the VPN server 203 251, 252. The VPN server 203 may test or measure the QoS of the WTRU's 114 connection via an Internet Control Message Protocol (I CMP) ping or message 253 and may receive an ICMP response from the WTRU 254. The VPN server 203 may notify the HC 201 of the tested or measured QoS using a QoS message 254. The HC 201, on the other hand, may acknowledge the QoS measurement by a QoS acknowledgement 255. [0036] The VPN server 203 may generate a QoS measure associated with the WTRU 114 or the QoS message based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information. The VPN server 203 may further generate the QoS value associated with the WTRU 114 or the QoS message based on the ICMP response received from the WTRU 114.
[0037] If the measured QoS satisfies a requirement or a threshold, the HC
201 creates a configuration profile that removes the VPN configuration but keeps AP 101 configuration. However, if the measured QoS is below the requirement or threshold, both the AP 101 configuration and the VPN configuration are removed from the configuration profile. When AP 101 configuration is removed from the profile, the WTRU 114 ceases its connection to the AP 101 and accordingly the QoS is used to influence AP 101 selection.
[0038] After the HC 201 created the configuration profile, the HC 201 sends the configuration profile to the push gateway 204, for example, using a profile sync request 257 and the push gateway 204 sends the configuration profile to the WTRU 114 258. The WTRU 114 is then configured according to the configuration profile 259 and the WTRU's 114 profile is synchronized with the HC 201.
[0039] As described herein, additional configuration profiles, such as, the configuration profile created by the HC 201 and described with reference to numeral 256, for example, may be created and provided to the WTRU 114. The additional configuration profiles may be based information received from the WTRU, such as, an ICMP response, and/or on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information. [0040] The push gateway 204, which proxies the configuration profiles, may modify a configuration profile before providing the configuration profile to the WTRU 114. If additional configuration profiles are generated and provided to the WTRU 114, the WTRU 114 may be reconfigured in accordance with each received configuration profile.
[0041] The generation of a configuration profile and the reconfiguration of the WTRU 114 based on the configuration profile enables load balancing and load offset, whereby the load on an AP 101 and the AP's 101 associated networks and coverage area may be modified and adjusted based on the QoS experienced by WTRUs. When an AP 101 is heavily used and when the communication resources of the AP 101 are heavily contested by WTRUs, such is reflected by the QoS experienced by the WTRU 114. Accordingly, the HC 201 may change the WTRU's 114 configuration profile and remove the AP 101 from the WTRU's 114 configuration profile. The WTRU 114 may cease its connection to the AP 101 based on the absence of the AP's 101 configuration from the configuration profile. The configuration profile may include configuration information associated with another AP whose resources are less contentious and the WTRU 114 may associate and establish a connection with the other AP to achieve load balancing.
[0042] Due to the QoS, handover for the WTRU 114 may be performed between two networks having the same access platform, such as two WLAN network, or between two network having different access platforms, such as a WLAN network and a cellular LTE network.
[0043] QoS factors, such as a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information, may be utilized for load balancing by the WTRU 114 or the AAAME 108.
[0044] FIG. 3 shows a block diagram of an example WTRU. The WTRU includes a processor, a memory device, one or more transceivers, a data storage device, and a display device. The processor, memory device, one or more transceivers, data storage device, and display device may be connected via a system bus in the WTRU, and/or via another interface.
[0045] The memory device may be or include a device such as a Dynamic
Random Access Memory (D-RAM), Static RAM (S-RAM), or other RAM or a flash memory. The data storage device may be or include a hard disk, a solid state disk (SSD), or any other type of device for persistent data storage.
[0046] The one or more transceivers may implement various radio access technologies, including any combination of the radio access technologies described herein, such as UTMS, GSM, Edge, IS-95, WCDMA, TD-SCDMA, HSPDA, HSUDA, HSPA+, CDMA2000, IEEE 802.16 (WiMAX), LTE, 3G, 4G, TD-LTE, Bluetooth, Wireless Local Area Network (WLAN) technology, or 802. llx.
[0047] The display device may be a Liquid Crystal Display (LCD) or Organic
Light- Emitting Diode (OLED) display device, or any another display device. The display may be a touchscreen display, which may be based on one or more technologies such as resistive touschreen technology, surface acoustic wave technology, surface capacitave technology, projected capacitave technology, and/or any other appropriate touchscreen technology.
[0048] The WTRU described with reference to FIG. 3 may be configured to perform any feature or features described herein as performed by a WTRU. Alternatively or additionally, the memory device and/or the data storage device in the WTRU may store instructions which, when executed by the processor in the WTRU (in conjunction with the other components in the WTRU such as the one or more transceivers, memory device, display device and/or data storage device), cause the WTRU to perform any feature or combination of features described herein as performed by a WTRU. As such, the AAAME 108 may gather statistics associated with network operation for load balancing and for achieving a desired QoS.
[0049] FIG. 4 is a block diagram of a server computer that may be used to implement features described herein. The server computer includes a processor, a memory device, one or more network interfaces, and a data storage device. These components may be connected via a system bus in the server computer, and/or via other appropriate interfaces within the server computer.
[0050] The memory device may be or include a device such as a Dynamic
Random Access Memory (D-RAM), Static RAM (S-RAM), or other RAM or a flash memory. The data storage device may be or include a hard disk, a solid state disk (SSD), or any other type of electronic device for persistent data storage.
[0051] The one or more network interfaces may be or include one or more wired and/or wireless transceivers, and/or may implement various wired and/or wireless data communication technologies, including any combination of the radio access technologies mentioned herein. Alternatively or additionally, the one or more network interfaces may implement technologies such as IEEE 802.3 and/or Digital Subscriber Line (DSL) technology.
[0052] The server computer of FIG. 4 may be configured to perform any feature or combination features described herein as performed by a server computer, and/or any feature or combination of features described herein as performed by an AAME, AS, and/or WS. Alternatively or additionally, the memory device and/or the data storage device in the server computer may store instructions which, when executed by the processor in the server computer (in conjunction with the other components in the server computer such as the one or more network interfaces, memory device, and/or data storage device), cause the server computer to perform any feature or combination of features described herein as performed by an AAME, AS, and/or WS.
[0053] Although examples are provided above that relate to the offloading of traffic between networks of different types (such as cellular networks and WLANs), the features described herein are also applicable, mutatis mutandis, in the context of bandwidth aggregation or RAT aggregation, and/or in any other context wherein traffic is handled by multiple channels of the same air interface technology and/or spread across multiple air interface technologies. [0054] As used herein, term "connected" means that elements within the system are connected physically or functionally connected (via, for example, a remote connection). A connection may be temporary or permanent. As a non- limiting example, a remote connection may be through a localized Radio Frequency link. Alternatively or additionally, a connection may be a wireline connection through a dedicated network and/or via the Internet.
[0055] The words "a" and "one," as used herein, are defined as including one or more of the referenced item unless specifically stated otherwise. The phrase "at least one" followed by a list of two or more items, such as "A, B, or C," means any individual one of A, B or C as well as any combination thereof. Further, as used herein, the singular forms "a," "an," and "the" include plural referents unless expressly and unequivocally limited to one referent. For example, while examples are provided above wherein a single instance of an AAAME is referred to, it should be understood that the features described herein in a single AAME may be implemented across multiple AAMEs.
[0056] Although features and elements are described herein in particular combinations, one of ordinary skill in the art will appreciate that each feature or element may be used alone or in combination with any of the other features and elements. In addition, the embodiments described herein may be implemented in a computer program, software, or firmware incorporated in a computer-readable medium for execution by a computer or processor. Examples of computer-readable media include electronic signals, (transmitted over wired or wireless connections), and computer-readable storage media. Examples of computer-readable storage media include, but are not limited to, a read only memory (ROM), a random access memory (RAM), a register, a cache memory, a semiconductor memory device, a magnetic media, (e.g., an internal hard disc or a removable disc), a magneto- optical media, and an optical media such as a compact disc (CD) or a digital versatile disc (DVD).
[0057] It should be understood that the features described herein are not limited to the particular embodiments disclosed, but is are to cover all modifications which are within the spirit and scope of the described features, as defined by the appended claims, the above description, and/or as shown in the attached drawings.

Claims

CLAIMS What is claimed is:
1. A method for providing controlled handover between networks, implemented by a server, the method comprising:
receiving, from a wireless transmit/receive unit (WTRU), a request to associate with an access point;
generating an association profile;
notifying the WTRU of association by transmitting the association profile to the WTRU;
generating a Virtual Private Network (VPN) configuration profile;
transmitting the VPN configuration profile to the WTRU; and
receiving VPN status information from the WTRU;
2. The method of claim 1, further comprising:
generating a second configuration profile; and
transmitting the second configuration profile to the WTRU.
3. The method of claim 1, wherein the server is an authentication, authorization, and accounting (AAA) management entity (AAAME), a hypernet controller (HC), a VPN server, or an AAA RADIUS server.
4. The method of claim 1, wherein the VPN status information indicated success, failure, or abort or an ancillary field characterizing success, failure, or abort.
5. The method of claim 1, wherein the VPN status information is inferred from a timer and wherein the association profile is an X.509 certificate.
6. The method of claim 1, wherein the request to associate with the access point is an 802. lx Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) message or an Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) message.
7. The method of claim 1, further comprising:
transmitting an Internet Control Message Protocol (ICMP) message.
8. The method of claim 1, further comprising:
transmitting a quality- of- service (QoS) message, wherein an attribute of the QoS message is based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
9. The method of claim 1, further comprising:
notifying one or more third party gateways of successful association signaling between the WTRU and an access point (AP).
10. The method of claim 1, further comprising:
notifying one of more third party application servers of a successful association between the WTRU and an access point (AP).
11. The method of claim 1, wherein the one or more third party application servers are associated with a social network or an advertising network.
12. The method of claim 1, wherein statistics associated with network operation are collected and used for setting a desired QoS for the WTRU.
13. The method of claim 1, wherein the server is an application server.
14. A wireless transmit/receive unit (WTRU) for load balancing, the WTRU comprising:
a transmitter configured to transmit a request to associate with an access point to a server; and
a receiver configured to receive an association profile from the server;
the receiver further configured to receive a Virtual Private Network (VPN) configuration profile from the server; and
the receiver further configured to receive a second association profile from the server.
15. The WTRU of claim 14, further comprising:
a policy management entity configured to generate an IMCP message based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of the WTRU, a time of day, a day of the week, information associated with current network utilization, or location information.
16. A server for providing controlled handover between networks, the server comprising:
a receiver configured to receive, from a wireless transmit/receive unit (WTRU), a request to associate with an access point;
a processor configured to generate an association profile; and
a transmitter configured to transmit the association profile to the WTRU; the processor further configured to generate a Virtual Private Network (VPN) configuration profile;
the transmitter further configured to transmit the VPN configuration profile to the WTRU;
the receiver further configured to receive VPN status information from the WTRU,
17. The server of claim 16, wherein the processor is further configured to generate a second configuration profile and wherein the transmitter is further configured to transmit the second configuration profile to the WTRU.
18. The server of claim 16, wherein the transmitter is further configured to transmit an Internet Control Message Protocol (I CMP) message.
19. The server of claim 16, wherein the transmitter is further configured to transmit a quality-of-service (QoS) message, wherein an attribute of the QoS message is based on one or more of a cost of using one or more wireless networks, a cost of accessing the one or more wireless networks, a profile of the WTRU, an operating system of the WTRU, a model of the WTRU, a storage capacity of WTRU, a time of day, a day of a week, current network utilization information, or location information.
20. The server of claim 16, wherein the server is a hypernet controller
(HC).
PCT/US2012/071540 2011-12-23 2012-12-22 Method and apparatus for load transfer WO2013096938A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161579761P 2011-12-23 2011-12-23
US61/579,761 2011-12-23

Publications (1)

Publication Number Publication Date
WO2013096938A1 true WO2013096938A1 (en) 2013-06-27

Family

ID=47559727

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/071540 WO2013096938A1 (en) 2011-12-23 2012-12-22 Method and apparatus for load transfer

Country Status (1)

Country Link
WO (1) WO2013096938A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015043674A1 (en) * 2013-09-30 2015-04-02 Nokia Solutions And Networks Oy Method, apparatus and computer program
EP2955878A1 (en) * 2014-06-11 2015-12-16 Gdf Suez Method for managing a virtual private communication channel between a terminal and a server
CN108834102A (en) * 2018-04-18 2018-11-16 西安汇龙科技股份有限公司 The method and system of non-high-speed rail user are identified in LTE high-speed rail private network

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202006007575U1 (en) * 2005-05-11 2006-10-12 Interdigital Technology Corporation, Wilmington System for reselecting an access point

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE202006007575U1 (en) * 2005-05-11 2006-10-12 Interdigital Technology Corporation, Wilmington System for reselecting an access point

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WEILI HUANG ET AL: "The Research of VPN on WLAN", 17 December 2010, COMPUTATIONAL AND INFORMATION SCIENCES (ICCIS), 2010 INTERNATIONAL CONFERENCE ON, IEEE, PAGE(S) 250 - 253, ISBN: 978-1-4244-8814-8, XP031900974 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015043674A1 (en) * 2013-09-30 2015-04-02 Nokia Solutions And Networks Oy Method, apparatus and computer program
EP2955878A1 (en) * 2014-06-11 2015-12-16 Gdf Suez Method for managing a virtual private communication channel between a terminal and a server
FR3022421A1 (en) * 2014-06-11 2015-12-18 Gdf Suez METHOD FOR MANAGING A PRIVATE VIRTUAL COMMUNICATION CHANNEL BETWEEN A TERMINAL AND A SERVER
CN108834102A (en) * 2018-04-18 2018-11-16 西安汇龙科技股份有限公司 The method and system of non-high-speed rail user are identified in LTE high-speed rail private network
CN108834102B (en) * 2018-04-18 2020-11-13 西安汇龙科技股份有限公司 Method and system for identifying non-high-speed rail users in LTE high-speed rail private network

Similar Documents

Publication Publication Date Title
US11089480B2 (en) Provisioning electronic subscriber identity modules to mobile wireless devices
EP3408988B1 (en) Method and apparatus for network access
US9980213B2 (en) Methods, apparatus and systems for wireless network selection
US9398010B1 (en) Provisioning layer two network access for mobile devices
US8756668B2 (en) Dynamic PSK for hotspots
JP5775174B2 (en) Configuring authentication and secure channels for communication handoff scenarios
RU2639696C2 (en) Method, device and system for maintaining activity of access session on 802,1x standard
EP3729872A1 (en) Access network selection
JP2012533920A (en) Method and apparatus for registering with an external network in a wireless network environment
EP3025534B1 (en) Providing telephony services over wifi for non-cellular devices
WO2019227459A1 (en) Methods and nodes for authentication of a tls connection
WO2013096938A1 (en) Method and apparatus for load transfer
TWI592001B (en) System and method for providing telephony services over wifi for non-cellular devices
US11956375B2 (en) Digital letter of approval (DLOA) for device compliance
US20240187257A1 (en) Digital letter of approval (dloa) for device compliance
KR101480706B1 (en) Network system for providing security to intranet and method for providing security to intranet using security gateway of mobile communication network
US20240056302A1 (en) Apparatus, method, and computer program
US20240155347A1 (en) Systems and methods for secure user session at endpoint device over access-restricted cellular network managed by an enterprise
CN116830531A (en) Providing security services via a federation-based network during roaming
WO2016145881A1 (en) Wireless fidelity network establishment method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12815959

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC. EPO FORM 1205A DATED 15.01.15

122 Ep: pct application non-entry in european phase

Ref document number: 12815959

Country of ref document: EP

Kind code of ref document: A1