WO2018057521A1 - Wireless local area network integration with internet protocol security tunnel - Google Patents

Wireless local area network integration with internet protocol security tunnel Download PDF

Info

Publication number
WO2018057521A1
WO2018057521A1 PCT/US2017/052286 US2017052286W WO2018057521A1 WO 2018057521 A1 WO2018057521 A1 WO 2018057521A1 US 2017052286 W US2017052286 W US 2017052286W WO 2018057521 A1 WO2018057521 A1 WO 2018057521A1
Authority
WO
WIPO (PCT)
Prior art keywords
segw
request message
addition request
lwip
enb
Prior art date
Application number
PCT/US2017/052286
Other languages
English (en)
French (fr)
Inventor
Alexander Sirotkin
Original Assignee
Intel IP Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel IP Corporation filed Critical Intel IP Corporation
Priority to DE112017003741.7T priority Critical patent/DE112017003741T5/de
Publication of WO2018057521A1 publication Critical patent/WO2018057521A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Definitions

  • the present disclosure relates to the field of wireless networks. More particularly, the present disclosure relates to the apparatus, systems, and methods for establishment of long term evolution wireless local area network integration with intemet protocol security tunnel.
  • IP internet protocol
  • SeGW SeGW to an evolved NodeB (eNB) associated with the UE.
  • eNB evolved NodeB
  • LWIP-SeGW internet protocol security tunnel security gateway
  • Figure 1 illustrates an example network architecture, according to various embodiments.
  • Figure 2 illustrates another example network architecture, according to various embodiments.
  • Figure 3A illustrates an example setup request message representation, according to various embodiments.
  • Figure 3B illustrates an example setup response message representation, according to various embodiments.
  • Figure 3C illustrates an example setup failure message representation, according to various embodiments.
  • Figure 4 illustrates an example procedure for requesting setup of an interface, according to various embodiments.
  • Figure 5 illustrates an example procedure for responding to an interface setup request, according to various embodiments.
  • Figure 6A illustrates an example addition request message representation, according to various embodiments.
  • Figure 6B illustrates an example addition request acknowledge message representation, according to various embodiments.
  • Figure 6C illustrates an example addition request reject message representation, according to various embodiments.
  • Figure 7 illustrates an example procedure for requesting establishment of a long term evolution wireless local area network radio level integration with internet protocol security tunnel (LWIP) bearer for a user equipment (UE).
  • LWIP internet protocol security tunnel
  • Figure 8 illustrates an example procedure for responding to an LWIP bearer establishment request, according to various embodiments.
  • Figure 9 illustrates example components of an electronic device, according to various embodiments.
  • Figure 10 illustrates example hardware resources, according to various embodiments.
  • FIG. 11 illustrates example interfaces of baseband circuitry in accordance with some embodiments.
  • an apparatus of an evolved NodeB may include a memory device and a processor coupled to the memory device.
  • the memory device may store an identity of a user equipment (UE) that is to set up an internet protocol security (IPsec) tunnel with a long term evolution wireless local area network radio level integration with IPsec tunnel security gateway (LWIP-SeGW)
  • IPsec internet protocol security
  • LWIP-SeGW IPsec tunnel security gateway
  • the processor may generate an addition request message that includes the identity of the UE, wherein the addition request message is to facilitate establishment of the IPsec tunnel.
  • the processor may further cause the addition request message to be transmitted to the LWIP-SeGW.
  • phrase “A and/or B” means (A), (B), or (A and B).
  • phrase “A, B, and/or C” means (A), (B), (C), (A and B), (A and C), (B and C), or (A, B and C).
  • circuitry may refer to, be part of, or include an
  • circuitry may be implemented in, or functions associated with the circuitry may be implemented by, one or more software or firmware modules.
  • circuitry may include logic, at least partially operable in hardware.
  • FIG. 1 illustrates an example network architecture 200, according to various embodiments.
  • the architecture 200 may include a mobility management entity (MME), a serving gateway (S-GW), or some combination thereof (which is collectively referred to as "the MME 202" herein).
  • MME mobility management entity
  • S-GW serving gateway
  • the MME 202 may be implemented in a core network, which may be an evolved packet cord (EPC) network, a NextGen Packet Core (NPC) network, or some other type of core network. Further, the MME 202 may be similar in function to the control plane of legacy Serving General Packet Radio Service (GPRS) Support Nodes (SGSN).
  • GPRS General Packet Radio Service
  • SGSN legacy Serving General Packet Radio Service
  • the MME 202 may manage mobility aspects in access such as gateway selection and tracking area list management.
  • the architecture 200 may further include an evolved NodeB (eNB) 204.
  • the eNB 204 may be coupled to the MME 202 and may communicate with the MME 202.
  • the eNB 204 may include one or more of the features of an electronic device 100 (see Fig. 9).
  • the architecture 200 may further include a security gateway (SeGW) 206.
  • SeGW security gateway
  • SeGW 206 may be coupled to the eNB 204 and may communicate with the eNB 204.
  • the SeGW 206 may be a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW).
  • LWIP-SeGW internet protocol security tunnel security gateway
  • the SeGW 206 may be implemented by one or more of the elements of the hardware resources 1000 (see Fig. 10).
  • the architecture 200 may further include a wireless local area network (WLAN) 208.
  • the WLAN 208 may be coupled to the SeGW 206 and may communicate with the SeGW 206.
  • the WLAN 208 may be implemented by one or more of the elements of hardware resources 1000 (see Fig. 10).
  • the architecture 200 may further include a user equipment (UE) 210.
  • the UE 210 may be coupled to the eNB 204 via a long term evolution (LTE) connection and may communicate with the eNB 204 via the LTE connection.
  • the UE 210 may further be coupled to the WLAN 208 via a WLAN connection and may communicate with the WLAN 208 via the WLAN connection.
  • the UE 210 may include one or more of the features of the electronic device 100 (see Fig. 9).
  • the UE 210 may be capable of establishing, in cooperation with one or more other components of the architecture 200, an internet protocol security (IPsec) tunnel with the SeGW 206 via the WLAN 208.
  • IPsec internet protocol security
  • the IPsec tunnel from the UE 210 may terminate at the SeGW 206.
  • the UE 210 may transmit one or more communication packets to the SeGW 206 via the IPsec tunnel, wherein the SeGW 206 may provide the communication packets to the eNB 204.
  • the UE 210 and/or the WLAN 208 may encrypt the communication packets transmitted from the UE 210 that are being transmitted via the IPsec tunnel to the SeGW 206.
  • the SeGW 206 may receive the encrypted communication packets transmitted via the IPsec tunnel and decrypt the communication packets.
  • the SeGW 206 may transmit the decrypted communication packets to the eNB 204. Further, the SeGW 206 may receive
  • the communication packets may be decrypted by the UE 210 and/or the WLAN 208.
  • the IPsec tunnel as implemented by the encrypting and decrypting of the communication packets, may provide security for information communicated between the UE 210 and the eNB 204 via the WLAN 208.
  • FIG. 2 illustrates another example network architecture 300, according to various embodiments.
  • the architecture 300 may include one or more of the features of the architecture 200.
  • the architecture 300 may include the MME 202, the eNB 204, the SeGW 206, the WLAN 208, and the UE 210.
  • the architecture 300 may implement the couplings and operations described above in relation to the architecture 300.
  • the architecture 300 may illustrate an interface 302 between the eNB 204 and the SeGW 206, which, while being included in the architecture 200, may not have been clearly illustrated in the architecture 200.
  • the interface 302 may couple the eNB 204 and the SeGW 206 and may provide for communication between the eNB 204 and the SeGW 206.
  • the interface 302 may be a standardized interface.
  • the interface 302 may be an Xi interface, an Xw interface, an X2 interface, or another similar interface.
  • the interface 302 may have a communication protocol and may be set up via a setup procedure as described further in relation to Figures 3A, 3B, and 3C.
  • the interface 302 may include a control plane, a user plane, or some combination thereof.
  • the interface 302 may be utilized for communication between the eNB 204 and the SeGW 206, including communication of the decrypted communication packets from the IPsec tunnel.
  • FIG 3A illustrates an example setup request message representation 400, according to various embodiments.
  • the setup request message representation 400 may indicate information elements included in a setup request message transmitted from an eNB (such as the eNB 204 (Fig. 1)) to a SeGW (such as the SeGW 206 (Fig. 1)). It is to be understood that references to an element being included in the setup request message representation 400 throughout this disclosure indicate that the element is included in the setup request message transmitted from the eNB to the SeGW.
  • the setup request message representation 400 may include an indication of a message type 402 and an indication of global eNB identifier 404 for the eNB that transmitted the setup request message.
  • the indication of the message type 402 may uniquely identify the setup request message.
  • the indication of the global eNB identifier 404 may indicate a global identifier to uniquely identify the eNB globally, for example, anywhere in the world.
  • the global eNB identifier 404 may be constructed from an identity of a public land mobile network (PLMN) to which the eNB belongs and an eNB identifier, which identifies the eNB within its PLMN.
  • PLMN public land mobile network
  • the SeGW may be able to communicate with the eNB by addressing communications with the global eNB identifier.
  • the setup request message may be transmitted as part of a procedure for setting up an interface between the eNB and the SeGW.
  • the procedure may be an interface access point setup procedure.
  • the procedure for setting up the interface may convey relevant information between the eNB and the SeGW for setting up the interface and/or may define one or more features of the interface.
  • the interface may be an Xi interface. In other embodiments, the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some combination thereof.
  • FIG. 3B illustrates an example setup response message representation 430, according to various embodiments.
  • the setup response message representation 430 may indicate information elements included in a setup response message transmitted from an SeGW (such as the SeGW 206 (Fig. 1)) to an eNB (such as the eNB 204 (Fig. 1)) in response to the setup request message represented by the setup request message representation 400 (Fig. 3A).
  • the setup response message may be transmitted based on successful setup of an interface associated with the setup request message. It is to be understood that references to an element being included in the setup response message representation 430 throughout this disclosure indicates that the element is included in the setup response message transmitted from the SeGW to the eNB.
  • the setup response message representation 430 may include an indication of a message type 432 and an indication of global eNB identifier 434 for the eNB from which the setup request message was received.
  • the indication of the message type 432 may uniquely identify the setup response message.
  • the indication of the global eNB identifier 434 may indicate a global identifier to uniquely identify the eNB globally, for example, anywhere in the world.
  • the global eNB identifier 434 may be constructed from an identity of a public land mobile network (PLMN) to which the eNB belongs and an eNB identifier, which identifies the eNB within its PLMN.
  • PLMN public land mobile network
  • the SeGW may be able to communicate with the eNB by addressing communications with the global eNB identifier.
  • the setup response message representation 430 may further include an indication of an external IP address 436.
  • the indication of the external IP address 436 may indicate an external IP address that UEs may utilize to communicate with the SeGW. In particular, the UEs may address communications to the external IP address to communicate with the SeGW. Further, the external IP address may be an externally routable IP address of the SeGW reachable from a WLAN side by the UEs.
  • the indication of the external IP address 436 may include a bit string with a value between 1 and 160. In some embodiments, the indication of the external IP address 436 may be the external IP address for the SeGW.
  • the setup response message may be transmitted as part of a procedure for setting up an interface between the eNB and the SeGW.
  • the procedure may be an interface access point setup procedure.
  • the procedure for setting up the interface may convey relevant information between the eNB and the SeGW for setting up the interface and/or may define one or more features of the interface.
  • the interface may be an Xi interface. In other embodiments, the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some combination thereof.
  • Providing the indication of the external IP address 436 may provide the eNB with the IP address of the SeGW used for WLAN communication by the UEs.
  • Providing the IP address of the SeGW to the eNB may be beneficial over legacy systems where the IP address of the SeGW was pre- provisioned (such as by using operations and management (OAM)), which is not ideal.
  • OAM operations and management
  • FIG 3C illustrates an example setup failure message representation 460, according to various embodiments.
  • the setup failure message representation 460 may indicate information elements included in a setup failure message transmitted from an SeGW (such as the SeGW 206 (Fig. 1)) to an eNB (such as the eNB 204 (Fig. 1)) in response to the setup request message represented by the setup request message representation 400 (Fig. 3A).
  • the setup failure message may be transmitted based on a failure to set up an interface associated with the setup request message. It is to be understood that references to an element being included in the setup failure message representation 460 throughout this disclosure indicates that the element is included in the setup failure message transmitted from the SeGW to the eNB.
  • the setup failure message representation 460 may include an indication of a message type 462.
  • the indication of the message type 462 may uniquely identify the setup failure message.
  • the setup failure message representation 460 may further include an indication of cause 464, an indication of time to wait 466, an indication of criticality diagnostics 468, or some combination thereof.
  • the indication of cause 464 may indicate a reason for failure of the interface setup.
  • the indication of time to wait 466 may indicate a time that the eNB should wait before transmitting a subsequent setup request message. In particular, the indication of time to wait 466 may indicate a minimum waiting time that the eNB should wait before transmitting the subsequent setup request message.
  • the indication of criticality diagnostics 468 may be included when parts of the setup request message have not been comprehended or were missing, when the setup request message included logical errors, or some combination thereof.
  • the indication of criticality diagnostics 468 may include information about which parts of the setup request message were not comprehended, were missing, included logical errors, or some combination thereof.
  • the setup failure message may be transmitted as part of a procedure for setting up an interface between the eNB and the SeGW.
  • the procedure may be an interface access point setup procedure.
  • the procedure for setting up the interface may convey relevant information between the eNB and the SeGW for setting up the interface and/or may define one or more features of the interface.
  • the interface may be an Xi interface. In other embodiments, the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some combination thereof.
  • Figure 4 illustrates an example procedure 500 for requesting set up of an interface, according to various embodiments.
  • the procedure 500 may be performed by an eNB, such as the eNB 204 (Fig. 1).
  • the eNB may generate a setup request message.
  • baseband circuitry (such as the baseband circuitry 104 (Fig. 9)) of the eNB may generate the setup request message.
  • the setup request message may include one or more of the features described in relation to the setup request message representation 400 (Fig. 3A).
  • the setup request message may include an indication of a message type (such as the indication of the message type 402 (Fig. 3A)) and/or an indication of a global eNB identifier (such as the indication of the global eNB identifier 404 (Fig. 3A)).
  • the eNB may transmit the setup request message.
  • the eNB may transmit the setup request message to a SeGW, such as the SeGW 206 (Fig. 1).
  • the baseband circuitry of the eNB may cause the setup request message to be transmitted to the SeGW via network interface circuitry (such as the network interface circuitry described in relation to Figure 9).
  • the eNB may determine whether the interface was set up by the SeGW.
  • the baseband circuitry of the eNB may determine whether the interface was set up by the SeGW.
  • the eNB may determine whether the interface was set up based on a message received from the SeGW in response to the setup request message.
  • the message received from the SeGW may be a setup response message (such as the setup response message represented by the setup response message representation 430 (Fig. 3B)) or a setup failure message (such as the setup failure message represented by the setup failure message representation 460 (Fig. 3C)).
  • the eNB may determine that setup of the interface failed.
  • the procedure 500 may return to stage 502 in response to determining that the setup of the interface failed.
  • the eNB may delay returning to stage 502 by a minimum of a time indicated within the indication of the time to wait. Further, in some embodiments, the procedure 500 may return to stage 504 (instead of stage 502) and may transmit the setup request message previously generated. In other embodiments, the procedure 500 may terminate in response to identifying the setup failure message.
  • the eNB may determine that setup of the interface was successful.
  • the procedure 500 may proceed to stage 508 in response to determining that the setup of the interface was successful.
  • the eNB may identify an external IP address (such as the external IP address indicated by the indication of the external IP address 436 in the setup response message representation 430 (Fig. 3B)) included in the setup response message.
  • the baseband circuitry of the eNB may identify the external IP address.
  • the eNB may transmit the external IP address to one or more UEs (such as the UE 210 (Fig. 1)).
  • the eNB may transmit the external IP address via radio resource control (RRC) to the UEs.
  • RRC radio resource control
  • the baseband circuitry of the eNB may cause the external IP address to be transmitted to the UEs via radio frequency (RF) circuitry (such as the RF circuitry 106 (Fig. 9)).
  • RF radio frequency
  • Figure 5 illustrates an example procedure 600 for responding to an interface setup request, according to various embodiments.
  • the procedure 600 may be performed by an SeGW, such as the SeGW 206 (Fig. 1).
  • the SeGW may identify a setup request message received from an eNB, such as the eNB 204 (Fig. 1).
  • one or more processors such as the processors 1010 (Fig. 10) of the SeGW may identify the setup request message.
  • the setup request message may include one or more of the features described in relation to the setup request message representation 400 (Fig. 3A).
  • the setup request message may include an indication of a message type (such as the indication of the message type 402 (Fig. 3A)) and/or an indication of a global eNB identifier (such as the indication of the global eNB identifier 404 (Fig. 3A)).
  • the SeGW may attempt to set up an interface (such as an Xi interface, an Xw interface, and/or an X2 interface) associated with the setup request message.
  • the processors of the SeGW may attempt to set up the interface. Attempting to set up the interface may include determining whether parts of the received setup request message cannot be comprehended, parts of the received setup request message are missing, the received setup request message includes logical errors, or some combination thereof. If the SeGW sets up the interface successfully, the procedure 600 may proceed to stage 606. However, if the SeGW fails to set up the interface, the procedure 600 may proceed to stage 610.
  • the SeGW may generate a setup response message.
  • the processors of the SeGW may generate the setup response message.
  • the setup response message may include one or more of the features described in relation to the setup response message representation 430 (Fig. 3B).
  • the SeGW may transmit the setup response message to the eNB from which the setup request message was received.
  • the processors of the SeGW may cause the setup response message to be transmitted to the eNB via communication resources (such as the communication resources 1030 (Fig. 10)) of the SeGW.
  • the SeGW may generate a setup failure message.
  • the processors of the SeGW may generate the setup failure message.
  • the setup failure message may include one or more of the features described in relation to the setup failure message representation 460 (Fig. 3C).
  • the SeGW may transmit the setup failure message to the eNB from which the setup request message was received.
  • the processors of the SeGW may cause the setup failure message to be transmitted to the eNB via the communication resources of the SeGW.
  • FIG 6A illustrates an example addition request message representation 700, according to various embodiments.
  • the addition request message representation 700 may indicate information elements included in an addition request message transmitted from an eNB (such as the eNB 204 (Fig. 1)) to an SeGW (such as the SeGW 206 (Fig. 1)). It is to be understood that references to an element being included in the addition request message representation 700 throughout this disclosure indicates that the element is included in the addition request message transmitted from the eNB to the SeGW.
  • the addition request message representation 700 may include an indication of a message type 702 and an indication of eNB UE XiAP ID 704.
  • the indication of the message type 702 may uniquely identify the addition request message.
  • the indication of the eNB UE XiAP ID 704 may allow the SeGW, and/or the one or more other components within the network (such as the eNB 204 (Fig. 1), the UE 210 (Fig. 1), the MME/S-GW 202 (Fig. 1), and the WLAN 208 (Fig. 1)), to differentiate between messages associated with different UEs.
  • the eNB UE XiAP ID 704 may uniquely identify a UE over an interface, such as the Xi interface, the Xw interface, and/or the X2 interface.
  • the eNB may assign the eNB UE XiAP ID associated with the indication of the eNB UE XiAP ID 704.
  • the addition request message representation 700 may further include an indication of a UE identity 706.
  • the indication of the UE identity 706 may indicate a UE that is to set up an IPsec tunnel with the SeGW.
  • the indication of the UE identity 706 may be a wireless local area network (WLAN) medium access control (MAC) address of the UE.
  • WLAN wireless local area network
  • MAC medium access control
  • the UE may be linked to the eNB that transmits the addition request message via a long term evolution (LTE) connection.
  • LTE long term evolution
  • the eNB may determine that WLAN connectivity with the SeGW is available to the UE and/or that it may be beneficial to the UE to utilize the WLAN connectivity.
  • the eNB may determine that it would be beneficial to the UE to utilize the WLAN connectivity if the eNB is receiving a high load of traffic via LTE, a connection of the UE via the WLAN connectivity provides a strong/good connection (which may be determined based on a quality measurement received by the eNB from the UE), or some combination thereof.
  • the eNB may initiate the addition request message in response to determining that it would be beneficial to the UE to utilize the WLAN connectivity.
  • the addition request message representation 700 may further include an indication of IPsec security information 708.
  • the indication of IPsec security information 708 may include security information for an LWIP IPsec tunnel.
  • the indication of IPsec security information 708 may include information for determining, by the SeGW, that the UE is authorized to connect with the SeGW.
  • the indication of IPsec security information 708 may include one or more security keys that may be used by the SeGW to authenticate the UE when the UE attempts to set up the IPsec tunnel.
  • the addition request message representation 700 may further include an indication of general packet radio service tunneling protocol (GTP) tunnel endpoint information.
  • the indication of the GTP tunnel endpoint information may identify a transport bearer for user plane traffic.
  • the GTP tunnel endpoint information may include an IP address, which may be used for user plane traffic.
  • the IP address may be a transport layer address.
  • the GTP endpoint information may further include a GTP tunnel endpoint identifier.
  • the GTP tunnel endpoint identifier may be used for the user plane transport.
  • the user plane traffic may operate within a user plane protocol on an interface, wherein the user plane protocol may be similar to the legacy user plane protocol for X2 and/or Xw interfaces.
  • the user plane interface may be unspecified.
  • Ethernet or any other layer-2 protocol may be used, exploiting the fact that the SeGW is likely to reside in close proximity to the eNB.
  • the addition request message may be transmitted as part of a procedure for establishing an IPsec tunnel between the UE and the SeGW, which may be referred to as an addition request procedure.
  • the procedure may be performed by the eNB prior to sending LWIP information (including the WLAN mobility set and the SeGW IP address) to the UE using radio resource control (RRC).
  • RRC radio resource control
  • the WLAN mobility set may be a set of one or more WLAN access points for utilization by the UE.
  • the SeGW IP address may be an IP address for the SeGW that the UE may utilize to communicate with the SeGW.
  • the SeGW may accept or reject the procedure, using an addition acknowledgment message (as described further in relation to Figure 6B) or an addition reject message (as described further in relation to Figure 6C).
  • the addition request message may carry the indication of the UE identity 706 (which may be the UE identity) and the indication of the IP security information (which may be the IPsec security information (e.g., the security key)) to be used during establishment of the IPsec tunnel.
  • the eNB may notify the SeGW about UEs that are expected to attempt to set up an IPsec tunnel to the SeGW.
  • the eNB notifying the SeGW about the UEs may reduce the burden of detecting rogue UEs (e.g., UEs not authorized to set up an IPsec tunnel to the SeGW), which may attempt (and fail eventually) to set up an IPsec tunnel.
  • the eNB notifying the SeGW about the UEs may further provide stronger security than legacy systems with IPsec tunnel implementations that were unaware of the UEs that are expected to attempt to set up the IPsec tunnel.
  • the SeGW disclosed herein may block attempts to set up IPsec tunnels via unauthorized UEs, which may be attacks to the network, such as attempting to steal data from the network.
  • the addition request message may be transmitted from the eNB to the SeGW via an interface.
  • the interface may be an Xi interface. In other embodiments, the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some
  • FIG 6B illustrates an example addition request acknowledge message representation 730, according to various embodiments.
  • the addition request acknowledge message representation 730 may indicate information elements included in an addition request acknowledgement message transmitted from an SeGW (such as the SeGW 206 (Fig. 1)) to an eNB (such as the eNB 204 (Fig. 1)). It is to be understood that references to an element being included in the addition request acknowledge message representation 730 throughout this disclosure indicates that the element is included in the addition request acknowledge message transmitted from the SeGW to the eNB.
  • the addition request acknowledge message may indicate that the SeGW received the addition request message from the eNB and may be able to set up the IPsec tunnel with the UEs.
  • the addition request acknowledge message representation 730 may include an indication of a message type 732 and an indication of eNB UE XiAP ID 734.
  • the indication of the message type 732 may uniquely identify the addition request
  • the indication of the eNB UE XiAP ID 734 may allow the SeGW, and/or one or more other components within the network (such as the eNB 204 (Fig. 1), the UE 210 (Fig. 1), the MME/S-GW 202 (Fig. 1), and the WLAN 208 (Fig. 1)), to differentiate between messages associated with different UEs.
  • the eNB UE XiAP ID 734 may uniquely identify a UE over an interface, such as the Xi interface, the Xw interface, and/or the X2 interface.
  • the eNB may assign the eNB UE XiAP ID associated with the indication of the eNB UE XiAP ID 734.
  • the eNB UE XiAP ID indicated by the indication of the eNB UE XiAP ID 734 may have the same value as the eNB UE XiAP ID indicated by the indication of the eNB UE XiAP ID 704 (Fig. 6A).
  • the addition request acknowledge message representation 730 may further include an indication of LWIP-SeGW UE XiAP ID 736.
  • the indication of the LWIP-SeGW UE XiAP ID 736 may allow the SeGW, and/or one or more other components within the network (such as the eNB 204 (Fig. 1), the UE 210 (Fig. 1), the MME/S-GW 202 (Fig. 1), and the WLAN 208 (Fig. 1)), to differentiate between messages associated with different UEs.
  • the indication of the LWIP-SeGW UE XiAP ID 736 may differentiate between messages transmitted between the SeGW and different UEs.
  • the LWIP-SeGW UE XiAP ID 736 may uniquely identify a UE and may be utilized for the duration of the IPsec tunnel.
  • the SeGW may assign the LWIP-SeGW UE XiAP ID associated with the indication associated with the LWIP-SeGW UE XiAP ID 736.
  • the addition request acknowledge message may be transmitted as part of a procedure for establishing an IPsec tunnel between the UE and the SeGW, which may be referred to as an addition request procedure.
  • the procedure may be performed by the eNB prior to sending LWIP information (including the WLAN mobility set and the SeGW IP address) to the UE using radio resource control (RRC).
  • RRC radio resource control
  • the addition request acknowledge message may indicate that the SeGW accepted the procedure for establishing the IPsec tunnel.
  • the addition request acknowledge message may be transmitted from the SeGW to the eNB via an interface.
  • the interface may be an Xi interface.
  • the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some combination thereof.
  • Figure 6C illustrates an example addition request reject message representation 760, according to various embodiments.
  • representation 760 may indicate information elements included in an addition request reject message transmitted from a SeGW (such as the SeGW 206 (Fig. 1)) to an eNB (such as the eNB 204 (Fig. 1)). It is to be understood that references to an element being included in the addition request reject message representation 760 throughout this disclosure indicates that the element is included in the addition request reject message transmitted from the SeGW to the eNB.
  • the addition request reject message may indicate that the SeGW received the addition request message from the eNB and that the request to allow the UE to set up the IPsec tunnel has failed.
  • the addition request reject message representation 760 may include an indication of a message type 762 and an indication of eNB UE XiAP ID 764.
  • the indication of the message type 762 may uniquely identify the addition request reject message.
  • the indication of the eNB UE XiAP ID 764 may allow the SeGW, and/or the one or more other components within the network (such as the eNB 204 (Fig. 1), the UE 210 (Fig. 1), the MME/S-GW 202 (Fig. 1), and the WLAN 208 (Fig. 1)), to differentiate between messages associated with different UEs.
  • the eNB UE XiAP ID 764 may uniquely identify a UE over an interface, such as the Xi interface, the Xw interface, and/or the X2 interface.
  • the eNB may assign the eNB UE XiAP ID associated with the indication of the eNB UE XiAP ID 764.
  • the eNB UE XiAP ID indicated by the indication of the eNB UE XiAP ID 764 may have the same value as the eNB UE XiAP ID indicated by the indication of the eNB UE XiAP ID 704 (Fig. 6A).
  • the addition request reject message representation 760 may further include one or more indications (such as an indication of cause 766 and/or an indication of criticality diagnostics 768) that may be related to the failure of the request to allow the UE to set up the IPsec tunnel.
  • the indication of cause 766 may indicate a reason for failure of the interface setup.
  • the indication of criticality diagnostics 768 may be included when parts of the setup request message have not been comprehended or were missing, when the setup request message included logical errors, or some combination thereof.
  • the indication of criticality diagnostics 768 may include information about which parts of the setup request message were not comprehended, were missing, included logical errors, or some combination thereof.
  • the addition request rej ect message may be transmitted as part of a procedure for establishing an IPsec tunnel between the UE and the SeGW, which may be referred to as an addition request procedure.
  • the procedure may be performed by the eNB prior to sending LWIP information (including the WLAN mobility set and the SeGW IP address) to the UE using radio resource control (RRC).
  • RRC radio resource control
  • the addition request reject message may indicate that the SeGW rejected the request for establishing the IPsec tunnel.
  • the addition request rej ect message may be transmitted from the SeGW to the eNB via an interface.
  • the interface may be an Xi interface.
  • the interface may be any other interface, such as an Xw interface and/or an X2 interface.
  • the interface may include a control plane, a user plane, or some combination thereof.
  • Figure 7 illustrates an example procedure 800 for requesting establishment of an LWIP bearer for a UE (such as the UE 210 (Fig. 1)), according to various embodiments.
  • the procedure 800 may be performed by an eNB, such as the eNB 204 (Fig. 1).
  • the eNB may generate an addition request message.
  • a baseband circuitry such as the baseband circuitry 104 (Fig. 9)
  • the addition request message may include one or more of the features described in relation to the addition request message representation 700 (Fig. 6A).
  • the addition request message may include an indication of a message type (such as the indication of the message type 702 (Fig.
  • an indication of eNB UE XiAP ID such as the indication of eNB UE XiAP ID 704 (Fig. 6A)
  • an indication of UE identity such as the indication of UE identity 706 (Fig. 6A)
  • an indication of IPsec security information such as the indication of IPsec security information 708 (Fig. 6A)
  • the eNB may transmit the addition request message.
  • the eNB may transmit the addition request message to a SeGW, such as the SeGW 206 (Fig. 1).
  • the baseband circuitry of the eNB may cause the addition request message to be transmitted to the SeGW via network interface circuitry (such as the network interface circuitry described in relation to Figure 9).
  • the eNB may determine whether the addition request has been accepted.
  • the baseband circuitry of the eNB may determine whether the addition request has been accepted.
  • the eNB may determine whether the addition request has been accepted based on a message received from the SeGW.
  • the message received from the SeGW may be an addition request acknowledge message (such as the addition request acknowledge message represented by the addition request acknowledge message representation 730 (Fig. 6B)) or an addition request reject message (such as the addition request reject message represented by the addition request reject message representation 760 (Fig. 6C)).
  • the eNB may determine that the addition request was rej ected.
  • the baseband circuitry of the eNB may determine that the addition request was rejected.
  • the procedure may return to stage 802 in response to determining that the addition request was rejected.
  • the eNB may delay returning to stage 802 for a certain period of time.
  • the procedure 800 may return to stage 804 (instead of stage 802) and may transmit the addition request message previously generated.
  • the procedure 800 may terminate in response to determining that the addition request was rej ected.
  • the eNB may determine that the addition request was accepted.
  • the baseband circuitry of the eNB may determine that the addition request was accepted.
  • the procedure may proceed to stage 808 in response to determining that the addition request was accepted.
  • the eNB may transmit LWIP information to the UE.
  • the LWIP information may include a WLAN mobility set and an SeGW IP address.
  • the WLAN mobility set may be a set of one or more WLAN access points for utilization by the UE.
  • the SeGW IP address may be an IP address for the SeGW that the UE may utilize to communicate with the SeGW.
  • the eNB may transmit the LWIP information to the UE via RRC.
  • Figure 8 illustrates an example procedure 900 for responding to an LWIP bearer establishment request, according to various embodiments.
  • the procedure 900 may be performed by an SeGW, such as the SeGW 206 (Fig. 1).
  • the SeGW may identify an addition request message received from an eNB, such as the eNB 204 (Fig. 1).
  • one or more processors such as the processors 1010 (Fig. 10) of the SeGW may identify the addition request message.
  • the addition request message may include one or more of the features described in relation to the addition request message representation 700 (Fig. 6A).
  • the addition request message may include an indication of a message type (such as the indication of the message type 702 (Fig. 6A)), an indication of eNB UE XiAP ID (such as the indication of the eNB UE XiAP ID 704 (Fig. 6A)), an indication of an UE identity (such as the indication of the UE identity 706 (Fig. 6A)), an indication of IPsec security information (such as the indication of IPsec security information 708 (Fig. 6A)), or some combination thereof.
  • a message type such as the indication of the message type 702 (Fig. 6A)
  • the SeGW may determine whether to accept the addition request associated with the addition request message.
  • the processors of the SeGW may determine whether to accept the addition request. Determining whether to accept the addition request may include determining whether parts of the received addition request message cannot be comprehended, parts of the received addition request message are missing, the addition request message includes logical errors, or some combination thereof. If the SeGW determines to accept the addition request, the procedure 900 may proceed to stage 906. However, if the SeGW determines to reject the addition request, the procedure 900 may proceed to stage 910. In stage 906, the SeGW may generate an addition request acknowledge message. In some embodiments, the processors of the SeGW may generate the addition request acknowledge message.
  • the addition request acknowledge message may include one or more of the features described in relation to the addition request acknowledge message representation 730 (Fig. 6B).
  • the SeGW may transmit the addition request acknowledge message to the eNB from which the addition request message was received.
  • the processors of the SeGW may cause the addition request acknowledge message to be transmitted to the eNB via communication resources (such as the communication resources 1030 (Fig. 1)) of the SeGW.
  • the SeGW may generate an addition request reject message.
  • the processors of the SeGW may generate the addition request reject message.
  • the addition request reject message may include one or more of the features described in relation to the addition request reject message representation 760 (Fig. 6C).
  • the SeGW may transmit the addition request reject message to the eNB from which the addition request message was received.
  • the processors of the SeGW may cause the addition request reject message to be transmitted to the eNB via the communication resources of the SeGW.
  • Figure 9 illustrates example components of an electronic device, according to various embodiments. Embodiments described herein may be implemented into a system using any suitably configured hardware and/or software.
  • Figure 9 illustrates, for one embodiment, example components of an electronic device 100.
  • the electronic device 100 may be, implement, be incorporated into, or otherwise be a part of a user equipment (UE), an evolved NodeB (eNB), and/or some other electronic device, such as the SeGW 206 (Fig. 1).
  • the electronic device 100 may include application circuitry 102, baseband circuitry 104, radio frequency (RF) circuitry 106, front-end module (FEM) circuitry 108 and one or more antennas 110, coupled together at least as shown.
  • RF radio frequency
  • FEM front-end module
  • the electronic device 100 may also include network interface circuitry (not shown) for communicating over a wired interface (for example, an X2 interface, an SI interface, and the like).
  • a wired interface for example, an X2 interface, an SI interface, and the like.
  • the application circuitry 102 may include one or more application processors.
  • the application circuitry 102 may include circuitry such as, but not limited to, one or more single-core or multi-core processors 102a.
  • the processor(s) 102a may include any combination of general-purpose processors and dedicated processors (e.g., graphics processors, application processors, etc.).
  • the processors 102a may be coupled with and/or may include computer-readable media 102b (also referred to as "CRM 102b,” “memory 102b,” “storage 102b,” or “memory /storage 102b”) and may be configured to execute instructions stored in the CRM 102b to enable various applications and/or operating systems to run on the system.
  • the baseband circuitry 104 may include circuitry such as, but not limited to, one or more single-core or multi-core processors.
  • the baseband circuitry 104 may include one or more baseband processors and/or control logic to process baseband signals received from a receive signal path of the RF circuitry 106 and to generate baseband signals for a transmit signal path of the RF circuitry 106.
  • Baseband circuity 104 may interface with the application circuitry 102 for generation and processing of the baseband signals and for controlling operations of the RF circuitry 106.
  • the baseband circuitry 104 may include a second generation (2G) baseband processor 104a, third generation (3G) baseband processor 104b, fourth generation (4G) baseband processor 104c, and/or other baseband processor(s) 104d for other existing generations, generations in development or to be developed in the future (e.g., fifth generation (5G), 6G, etc.).
  • the baseband circuitry 104 e.g., one or more of baseband processors 104a-d
  • the radio control functions may include, but are not limited to, signal modulation/demodulation, encoding/decoding, radio frequency shifting, and the like.
  • modulation/demodulation circuitry of the baseband circuitry 104 may include Fast-Fourier Transform (FFT), precoding, and/or constellation mapping/demapping functionality.
  • FFT Fast-Fourier Transform
  • encoding/decoding circuitry of the baseband circuitry 104 may include convolution, tail-biting convolution, turbo, Viterbi, and/or Low Density Parity Check (LDPC) encoder/decoder functionality.
  • LDPC Low Density Parity Check
  • Embodiments of modulation/demodulation and encoder/decoder functionality are not limited to these examples and may include other suitable functionality in other embodiments.
  • the baseband circuitry 104 may include elements of a protocol stack such as, for example, elements of an evolved universal terrestrial radio access network (E-UTRAN) protocol including, for example, physical (PHY), media access control (MAC), radio link control (RLC), packet data convergence protocol (PDCP), and/or radio resource control (RRC) elements.
  • E-UTRAN evolved universal terrestrial radio access network
  • a central processing unit (CPU) 104e of the baseband circuitry 104 may be configured to run elements of the protocol stack for signaling of the PHY, MAC, RLC, PDCP and/or RRC layers.
  • the baseband circuitry may include one or more audio digital signal processor(s) (DSP) 104f.
  • the audio DSP(s) 104f may include elements for
  • the baseband circuitry 104 may further include computer-readable media 104g (also referred to as “CRM 104g,” “memory 104g,” “storage 104g,” or “CRM 104g”).
  • CRM 104g may be used to load and store data and/or instructions for operations performed by the processors of the baseband circuitry 104.
  • CRM 104g for one embodiment may include any combination of suitable volatile memory and/or non-volatile memory.
  • the CRM 104g may include any combination of various levels of memory /storage including, but not limited to, read-only memory (ROM) having embedded software instructions (e.g., firmware), random access memory (e.g., dynamic random access memory (DRAM)), cache, buffers, etc.
  • ROM read-only memory
  • DRAM dynamic random access memory
  • the CRM 104g may be shared among the various processors or dedicated to particular processors.
  • Components of the baseband circuitry 104 may be suitably combined in a single chip, a single chipset, or disposed on a same circuit board in some embodiments.
  • some or all of the constituent components of the baseband circuitry 104 and the application circuitry 102 may be implemented together, such as, for example, on a system on a chip (SOC).
  • SOC system on a chip
  • the baseband circuitry 104 may provide for communication compatible with one or more radio technologies.
  • the baseband circuitry 104 may support communication with an E-UTRAN and/or other wireless metropolitan area networks (WMAN), a wireless local area network (WLAN), a wireless personal area network (WPAN).
  • WMAN wireless metropolitan area networks
  • WLAN wireless local area network
  • WPAN wireless personal area network
  • Embodiments in which the baseband circuitry 104 is configured to support radio communications of more than one wireless protocol may be referred to as multi-mode baseband circuitry.
  • RF circuitry 106 may enable communication with wireless networks using modulated electromagnetic radiation through a non-solid medium.
  • the RF circuitry 106 may include switches, filters, amplifiers, etc., to facilitate the communication with the wireless network.
  • RF circuitry 106 may include a receive signal path that may include circuitry to down-convert RF signals received from the FEM circuitry 108 and provide baseband signals to the baseband circuitry 104.
  • RF circuitry 106 may also include a transmit signal path that may include circuitry to up- convert baseband signals provided by the baseband circuitry 104 and provide RF output signals to the FEM circuitry 108 for transmission.
  • the RF circuitry 106 may include a receive signal path and a transmit signal path.
  • the receive signal path of the RF circuitry 106 may include mixer circuitry 106a, amplifier circuitry 106b and filter circuitry 106c.
  • the transmit signal path of the RF circuitry 106 may include filter circuitry 106c and mixer circuitry 106a.
  • RF circuitry 106 may also include synthesizer circuitry 106d for synthesizing a frequency for use by the mixer circuitry 106a of the receive signal path and the transmit signal path.
  • the mixer circuitry 106a of the receive signal path may be configured to down-convert RF signals received from the FEM circuitry 108 based on the synthesized frequency provided by synthesizer circuitry 106d.
  • the amplifier circuitry 106b may be configured to amplify the down-converted signals and the filter circuitry 106c may be a low-pass filter (LPF) or band-pass filter (BPF) configured to remove unwanted signals from the down-converted signals to generate output baseband signals.
  • LPF low-pass filter
  • BPF band-pass filter
  • Output baseband signals may be provided to the baseband circuitry 104 for further processing.
  • the output baseband signals may be zero-frequency baseband signals, although this is not a requirement.
  • mixer circuitry 106a of the receive signal path may comprise passive mixers, although the scope of the embodiments is not limited in this respect.
  • the mixer circuitry 106a of the transmit signal path may be configured to up-convert input baseband signals based on the synthesized frequency provided by the synthesizer circuitry 106d to generate RF output signals for the FEM circuitry 108.
  • the baseband signals may be provided by the baseband circuitry 104 and may be filtered by filter circuitry 106c.
  • the filter circuitry 106c may include a low-pass filter (LPF), although the scope of the embodiments is not limited in this respect.
  • the mixer circuitry 106a of the receive signal path and the mixer circuitry 106a of the transmit signal path may include two or more mixers and may be arranged for quadrature downconversion and/or upconversion, respectively.
  • the mixer circuitry 106a of the receive signal path and the mixer circuitry 106a of the transmit signal path may include two or more mixers and may be arranged for image rejection (e.g., Hartley image rejection).
  • the mixer circuitry 106a of the receive signal path and the mixer circuitry 106a of the transmit signal path may be arranged for direct downconversion and/or direct upconversion, respectively.
  • the mixer circuitry 106a of the receive signal path and the mixer circuitry 106a of the transmit signal path may be configured for super-heterodyne operation.
  • the output baseband signals and the input baseband signals may be analog baseband signals, although the scope of the embodiments is not limited in this respect.
  • the output baseband signals and the input baseband signals may be digital baseband signals.
  • the RF circuitry 106 may include analog-to-digital converter (ADC) and digital-to-analog converter (DAC) circuitry and the baseband circuitry 104 may include a digital baseband interface to communicate with the RF circuitry 106.
  • ADC analog-to-digital converter
  • DAC digital-to-analog converter
  • a separate radio integrated circuit (IC) circuitry may be provided for processing signals for each spectrum, although the scope of the embodiments is not limited in this respect.
  • the synthesizer circuitry 106d may be a fractional -N synthesizer or a fractional N/N+l synthesizer, although the scope of the embodiments is not limited in this respect, as other types of frequency synthesizers may be suitable.
  • synthesizer circuitry 106d may be a delta-sigma synthesizer, a frequency multiplier, or a synthesizer comprising a phase-locked loop with a frequency divider.
  • the synthesizer circuitry 106d may be configured to synthesize an output frequency for use by the mixer circuitry 106a of the RF circuitry 106 based on a frequency input and a divider control input.
  • the synthesizer circuitry 106d may be a fractional N/N+l synthesizer.
  • frequency input may be provided by a voltage controlled oscillator (VCO), although that is not a requirement.
  • VCO voltage controlled oscillator
  • Divider control input may be provided by either the baseband circuitry 104 or the application circuitry 102 depending on the desired output frequency.
  • a divider control input (e.g., N) may be determined from a look-up table based on a channel indicated by the application circuitry 102.
  • Synthesizer circuitry 106d of the RF circuitry 106 may include a divider, a delay- locked loop (DLL), a multiplexer and a phase accumulator.
  • the divider may be a dual modulus divider (DMD) and the phase accumulator may be a digital phase accumulator (DP A).
  • the DMD may be configured to divide the input signal by either N or N+l (e.g., based on a carry out) to provide a fractional division ratio.
  • the DLL may include a set of cascaded, tunable, delay elements, a phase detector, a charge pump and a D-type flip-flop.
  • the delay elements may be configured to break a VCO period up into Nd equal packets of phase, where Nd is the number of delay elements in the delay line.
  • Nd is the number of delay elements in the delay line.
  • synthesizer circuitry 106d may be configured to generate a carrier frequency as the output frequency, while in other embodiments, the output frequency may be a multiple of the carrier frequency (e.g., twice the carrier frequency, four times the carrier frequency) and used in conjunction with quadrature generator and divider circuitry to generate multiple signals at the carrier frequency with multiple different phases with respect to each other.
  • the output frequency may be a LO frequency (fLO).
  • the RF circuitry 106 may include an IQ/polar converter.
  • FEM circuitry 108 may include a receive signal path that may include circuitry configured to operate on RF signals received from one or more antennas 110, amplify the received signals and provide the amplified versions of the received signals to the RF circuitry 106 for further processing.
  • FEM circuitry 108 may also include a transmit signal path that may include circuitry configured to amplify signals for transmission provided by the RF circuitry 106 for transmission by one or more of the one or more antennas 110.
  • the FEM circuitry 108 may include a TX/RX switch to switch between transmit mode and receive mode operation.
  • the FEM circuitry 108 may include a receive signal path and a transmit signal path.
  • the receive signal path of the FEM circuitry may include a low-noise amplifier (LNA) to amplify received RF signals and provide the amplified received RF signals as an output (e.g., to the RF circuitry 106).
  • the transmit signal path of the FEM circuitry 108 may include a power amplifier (PA) to amplify input RF signals (e.g., provided by RF circuitry 106), and one or more filters to generate RF signals for subsequent transmission (e.g., by one or more of the one or more antennas 1 10).
  • PA power amplifier
  • the electronic device 100 may include additional elements such as, for example, a display, a camera, one or more sensors, and/or interface circuitry (for example, input/output (I/O) interfaces or buses) (not shown).
  • the electronic device may include network interface circuitry.
  • the network interface circuitry may be one or more computer hardware components that connect electronic device 100 to one or more network elements, such as one or more servers within a core network or one or more other eNBs via a wired connection.
  • the network interface circuitry may include one or more dedicated processors and/or field programmable gate arrays (FPGAs) to
  • AP application protocol
  • SI AP Stream Control Transmission Protocol
  • SCTP Stream Control Transmission Protocol
  • Ethernet Ethernet
  • PPP Point-to-Point
  • FDDI Fiber Distributed Data Interface
  • the electronic device of Figure 9 may be configured to perform one or more processes, techniques, and/or methods as described herein, or portions thereof.
  • Figure 10 is a block diagram illustrating components, according to some example embodiments, able to read instructions from a machine-readable or computer-readable medium (for example, a non-transitory machine-readable storage medium) and perform any one or more of the methodologies discussed herein.
  • Figure 10 shows a diagrammatic representation of hardware resources 1000 including one or more processors (or processor cores) 1010, one or more memory /storage devices 1020, and one or more communication resources 1030, each of which may be communicatively coupled via a bus 1040.
  • node virtualization for example, network function virtualization (“NFV")
  • a hypervisor 1002 may be executed to provide an execution environment for one or more network slices/sub-slices to utilize the hardware resources 1000.
  • NFV network function virtualization
  • the processors 1010 for example, a CPU, a reduced instruction set computing
  • RISC complex instruction set computing
  • GPU graphics processing unit
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • RFIC radio-frequency integrated circuit
  • the memory /storage devices 1020 may include main memory, disk storage, or any suitable combination thereof.
  • the memory /storage devices 1020 may include, but are not limited to, any type of volatile or non-volatile memory such as dynamic random access memory (“DRAM”), static random-access memory (“SRAM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), Flash memory, solid-state storage, etc.
  • DRAM dynamic random access memory
  • SRAM static random-access memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • Flash memory solid-state storage, etc.
  • the communication resources 1030 may include interconnection or network interface components or other suitable devices to communicate with one or more peripheral devices 1004 or one or more databases 1006 via a network 1008.
  • the communication resources 1030 may include wired communication components (for example, for coupling via a Universal Serial Bus (“USB”)), cellular communication components, near-field communication (“NFC”) components, Bluetooth® components (for example, Bluetooth® Low Energy), Wi-Fi® components, and other communication components.
  • wired communication components for example, for coupling via a Universal Serial Bus (“USB”)
  • USB Universal Serial Bus
  • NFC near-field communication
  • Bluetooth® components for example, Bluetooth® Low Energy
  • Wi-Fi® components and other communication components.
  • Instructions 1050 may comprise software, a program, an application, an applet, an app, or other executable code for causing at least any of the processors 1010 to perform any one or more of the methodologies discussed herein.
  • the instructions 1050 may cause the processors 1010 to perform the operation flow/algorithmic structures or other operations of a SeGW described, for example, in the flows of Figures 5 and/or 8.
  • the instructions 1050 may reside, completely or partially, within at least one of the processors 1010 (for example, within the processor's cache memory), the memory /storage devices 1020, or any suitable combination thereof. Furthermore, any portion of the instructions 1050 may be transferred to the hardware resources 1000 from any
  • the memory of processors 1010, the memory /storage devices 1020, the peripheral devices 1004, and the databases 1006 are examples of computer-readable and machine-readable media.
  • the resources described in Figure 10 may also be referred to as circuitry.
  • communication resources 1030 may also be referred to as communication circuitry 1030.
  • FIG. 11 illustrates example interfaces of baseband circuitry in accordance with some embodiments.
  • the baseband circuitry 104 of FIG. 9 may comprise processors 104a-104e and a memory 104g utilized by said processors.
  • Each of the processors 104a-104e may include a memory interface, XU04A-XU04E, respectively, to send/receive data to/from the memory 104g.
  • the baseband circuitry 104 may further include one or more interfaces to communicatively couple to other circuitries/devices, such as a memory interface XU12 (e.g., an interface to send/receive data to/from memory external to the baseband circuitry 104), an application circuitry interface XU14 (e.g., an interface to send/receive data to/from the application circuitry 102 of FIG. 9), an RF circuitry interface XU16 (e.g., an interface to send/receive data to/from RF circuitry 106 of FIG.
  • a memory interface XU12 e.g., an interface to send/receive data to/from memory external to the baseband circuitry 104
  • an application circuitry interface XU14 e.g., an interface to send/receive data to/from the application circuitry 102 of FIG. 9
  • an RF circuitry interface XU16 e.g., an interface to send/receive data to/from RF circuit
  • a wireless hardware connectivity interface XU18 e.g., an interface to send/receive data to/from Near Field Communication (NFC) components, Bluetooth® components (e.g., Bluetooth® Low Energy), Wi-Fi® components, and other communication components
  • a power management interface XU20 e.g., an interface to send/receive power or control signals to/from power management circuitry of the electronic device 100 of FIG. 9.
  • Example 1 may include an apparatus of an evolved NodeB (eNB), comprising a memory device to store an identity of a user equipment (UE) that is to set up an internet protocol security (IPsec) tunnel with a long term evolution wireless local area network radio level integration with IPsec tunnel security gateway (LWIP-SeGW) and a processor coupled to the memory device, the processor to generate an addition request message that includes the identity of the UE, wherein the addition request message is to facilitate establishment of the IPsec tunnel and cause the addition request message to be transmitted to the LWIP-SeGW.
  • eNB evolved NodeB
  • UE user equipment
  • IPsec internet protocol security
  • LWIP-SeGW IPsec tunnel security gateway
  • Example 2 may include the apparatus of example 1 , wherein the addition request message further includes IPsec security information.
  • Example 3 may include the apparatus of example 2, wherein the IPsec security information includes a security key.
  • Example 4 may include the apparatus of any of the examples 1-3, wherein the addition request message further includes general packet radio service tunneling protocol (GTP) tunnel endpoint information.
  • GTP general packet radio service tunneling protocol
  • Example 5 may include the apparatus of any of the examples 1-3, wherein the IPsec tunnel is to be terminated at the LWIP-SeGW.
  • Example 6 may include the apparatus of any of the examples 1-3, wherein the processor is further to generate long term evolution wireless local area network IPsec (LWIP) tunnel information and cause the LWIP information to be transmitted to the UE after the addition request message has been transmitted.
  • Example 7 may include the apparatus of example 6, wherein the LWIP information includes an indication of a wireless local area network mobility set and an internet protocol address for the LWIP-SeGW.
  • LWIP long term evolution wireless local area network IPsec
  • Example 8 may include an evolved NodeB (eNB), comprising network interface circuitry to communicate with a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW) and baseband circuitry coupled to the network interface circuitry, the baseband circuitry to generate an addition request message that includes an identity of a user equipment (UE) that is to set up an internet protocol security (IPsec) tunnel with the LWIP-SeGW, wherein the addition request message is to facilitate establishment of the IPsec tunnel and cause the network interface circuitry to transmit the addition request message to the LWIP-SeGW.
  • eNB evolved NodeB
  • UE user equipment
  • IPsec internet protocol security
  • Example 9 may include the eNB of example 8, wherein the addition request message further includes IPsec security information.
  • Example 10 may include the eNB of example 9, wherein the IPsec security information includes a security key.
  • Example 1 1 may include the eNB of any of the examples 8-10, wherein the addition request message further includes general packet radio service tunneling protocol (GTP) tunnel endpoint information.
  • GTP general packet radio service tunneling protocol
  • Example 12 may include the eNB of any of the examples 8-10, wherein the IPsec tunnel is to be terminated at the LWIP-SeGW.
  • Example 13 may include the eNB of any of the examples 8-10, further comprising radio frequency (RF) circuitry, wherein the broadband circuitry is further to cause the RF circuitry to transmit long term evolution wireless local area network IPsec tunnel (LWIP) information to the UE after the network interface circuitry has transmitted the addition request message.
  • RF radio frequency
  • Example 14 may include the eNB of example 13, wherein the LWIP information includes an indication of a wireless local area network mobility set and an internet protocol address for the LWIP-SeGW.
  • Example 15 may include one or more computer-readable media having instructions stored thereon that, when executed by baseband circuitry, cause the baseband circuitry to generate an addition request message that includes an identity of a user equipment (UE) that is to set up an internet protocol security (IPsec) tunnel with a long term evolution wireless local area network radio level integration with IPsec tunnel security gateway (LWIP-SeGW), wherein the addition request message is to facilitate establishment of the IPsec tunnel and cause the addition request message to be transmitted to the LWIP-SeGW.
  • IPsec internet protocol security
  • LWIP-SeGW IPsec tunnel security gateway
  • Example 16 may include the one or more computer-readable media of example 15, wherein the addition request message further includes IPsec security information.
  • Example 17 may include the one or more computer-readable media of example 16, wherein the IPsec security information includes a security key.
  • Example 18 may include the one or more computer-readable media of any of the examples 15-17, wherein the addition request message further includes general packet radio service tunneling protocol (GTP) tunnel endpoint information.
  • GTP general packet radio service tunneling protocol
  • Example 19 may include the one or more computer-readable media of any of the examples 15-17, wherein the instructions, when executed by the baseband circuitry, further cause the baseband circuitry to cause long term evolution wireless local area network IPsec tunnel (LWIP) information to be transmitted to the UE after the baseband circuitry has transmitted the addition request message.
  • LWIP long term evolution wireless local area network IPsec tunnel
  • Example 20 may include the one or more computer-readable media of example 19, wherein the LWIP information includes an indication of a wireless local area network mobility set and an internet protocol address for the LWIP-SeGW.
  • Example 21 may include an apparatus of an evolved NodeB (eNB), comprising means for generating an addition request message that includes an identity of a user equipment (UE) that is to set up an internet protocol security (IPsec) tunnel with a long term evolution wireless local area network radio level integration with IPsec tunnel security gateway (LWIP-SeGW), wherein the addition request message is to facilitate establishment of the IPsec tunnel and means for transmitting the addition request message to the LWIP-SeGW.
  • eNB evolved NodeB
  • UE user equipment
  • IPsec internet protocol security
  • LWIP-SeGW IPsec tunnel security gateway
  • Example 22 may include the apparatus of example 21 , wherein the addition request message further includes IPsec security information.
  • Example 23 may include the apparatus of example 22, wherein the IPsec security information includes a security key.
  • Example 24 may include the apparatus of any of the examples 21 -23, wherein the addition request message further includes general packet radio service tunneling protocol (GTP) tunnel endpoint information.
  • GTP general packet radio service tunneling protocol
  • Example 25 may include the apparatus of any of the examples 21 -23, further comprising means for transmitting long term evolution wireless local area network IPsec tunnel (LWIP) information to the UE after the means for transmitting the addition request message has transmitted the addition request message.
  • LWIP long term evolution wireless local area network IPsec tunnel
  • Example 26 may include the apparatus of example 25, wherein the LWIP information includes an indication of a wireless local area network mobility set and an internet protocol address for the LWIP-SeGW.
  • Example 27 may include a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW), comprising communication circuitry to communicate with an evolved NodeB (eNB) and a processor coupled to the communication circuitry, wherein the processor is to identify an identity of a user equipment (UE) within an addition request message received from the eNB via the communication circuitry, wherein the addition request message is to indicate that the UE is to set up an internet protocol security (IPsec) tunnel with the LWIP-SeGW and cause the communication circuitry to transmit an addition request acknowledge message to the eNB in response to the addition request message.
  • LWIP-SeGW long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway
  • Example 28 may include the LWIP-SeGW of example 27, wherein the addition request acknowledge message includes an indication that the LWIP-SeGW has prepared for set up of the IPsec tunnel with the UE.
  • Example 29 may include the LWIP-SeGW of any of the examples 27 or 28, wherein the processor is further to identify an attempt to set up, via the UE, the IPsec tunnel with the LWIP-SeGW, determine that the UE is allowed to set up the IPsec tunnel based on the identity of the UE being identified in the addition request message, and allow the UE to set up the IPsec tunnel based on the determination.
  • Example 30 may include the LWIP-SeGW of example 29, wherein the processor is further to identify IPsec security information within the addition request message and authenticate the UE with the IPsec security information, wherein the allowance of the UE to set up the IPsec tunnel is further based on the authentication of the UE.
  • Example 31 may include the LWIP-SeGW of example 30, wherein the IPsec security information includes a security key, and wherein the authentication of the UE is based on the security key.
  • Example 32 may include the LWIP-SeGW of any of the examples 27 or 28, wherein the processor is further to identify an attempt to set up, via a second UE, an internet protocol security (IPsec) tunnel with the LWIP-SeGW and prevent establishment of the second IPsec tunnel via the second UE based on an identity of the second UE being absent from the addition request message.
  • IPsec internet protocol security
  • Example 33 may include one or more computer-readable media having instructions stored thereon that, when executed by a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP- SeGW), cause the LWIP-SeGW to identify an identity of a user equipment (UE) within an addition request message received from an evolved NodeB (eNB), wherein the addition request message is to indicate that the UE is to set up an internet protocol security (IPsec) tunnel with the LWIP-SeGW, determine that the UE is allowed to set up the IPsec tunnel with the LWIP-SeGW based on the identity of the UE being identified within the addition request message, and allow the UE to set up the IPsec tunnel with the LWIP-SeGW based on the determination.
  • LWIP- SeGW long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway
  • Example 34 may include the one or more computer-readable media of example 33, wherein the instructions, when executed by the LWIP-SeGW, further cause the LWIP- SeGW to identify IPsec security information within the addition request message and authenticate the UE with the IPsec security information, wherein to allow the UE to set up the IPsec tunnel with the LWIP-SeGW is further based on the authentication of the UE.
  • Example 35 may include the one or more computer-readable media of example 34, wherein the IPsec security information includes a security key, and wherein the authentication of the UE is based on the security key.
  • Example 36 may include the one or more computer-readable media of any of the examples 33-35, wherein the instructions, when executed by the LWIP-SeGW, further cause the LWIP-SeGW to identify an attempt to set up a second IPsec tunnel with the LWIP-SeGW via a second UE and prevent establishment of the second IPsec tunnel via the second UE based on an identity of the second UE being absent from the addition request message.
  • Example 37 may include an apparatus, comprising a memory device and a processor coupled to the memory device, the processor to cause a setup request message to be transmitted to a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW), wherein the setup request message requests an external internet protocol (IP) address for the LWIP-SeGW and identify the external IP address for the LWIP-SeGW in a setup response message received from the LWIP-SeGW, wherein the external IP address is to be utilized by one or more user equipments for wireless local area network communication with the apparatus via the LWIP-SeGW.
  • LWIP-SeGW internet protocol security tunnel security gateway
  • Example 38 may include the apparatus of example 37, wherein the processor is to cause the setup request message to be transmitted during an access point setup procedure.
  • Example 39 may include the apparatus of any of the examples 37 or 38, wherein the apparatus is to cause the setup request message to be transmitted to the LWIP-SeGW via network interface circuitry
  • Example 40 may include the apparatus of any of the examples 37 or 38, wherein the processor is further to cause the external IP address to be transmitted to the one or more user equipments.
  • Example 41 may include the apparatus of example 40, wherein the processor is to cause the external IP address to be transmitted to the one or more user equipments via radio frequency circuitry.
  • Example 42 may include the eNB of example 40, wherein the processor is to cause the external IP address to be transmitted via radio resource control.
  • Example 43 may include an evolved NodeB (eNB), comprising network interface circuitry to communicate with a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW) and baseband circuitry coupled to the network interface circuitry, the baseband circuitry to cause the network interface circuitry to transmit a setup request message to the LWIP- SeGW, wherein the setup request message requests an external internet protocol (IP) address for the LWIP-SeGW and identify the external IP address for the LWIP-SeGW in a setup response message received from the LWIP-SeGW, wherein the external IP address is to be utilized by one or more user equipments for wireless local area network communication with the eNB via the LWIP-SeGW.
  • eNB evolved NodeB
  • eNB evolved NodeB
  • LWIP-SeGW internet protocol security tunnel security gateway
  • Example 44 may include the eNB of example 43, wherein the baseband circuitry is to cause the setup request message to be transmitted during an access point setup procedure.
  • Example 45 may include the eNB of any of the examples 43 or 44, further comprising radio frequency (RF) circuitry coupled to the baseband circuitry, wherein the baseband circuitry is further to cause the RF circuitry to transmit the external IP address to the one or more user equipments.
  • RF radio frequency
  • Example 46 may include the eNB of example 45, wherein the RF circuitry is to transmit the external IP address via radio resource control.
  • Example 47 may include a long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway (LWIP-SeGW), comprising communication circuitry to communicate with an evolved NodeB (eNB) and a processor coupled to the communication circuitry, wherein the processor is to identify a setup request message received from the eNB, wherein the setup request message requests an external internet protocol (IP) address for the LWIP-SeGW and cause the
  • LWIP-SeGW long term evolution wireless local area network radio level integration with internet protocol security tunnel security gateway
  • IP internet protocol
  • UEs user equipments
  • WLAN wireless local area network
  • Example 48 may include the LWIP-SeGW of example 47, wherein the communication circuitry is further to provide WLAN connectivity for the one or more UEs, wherein the processor is further to allow the one or more UEs to communicate with the LWIP-SeGW via the WLAN connectivity, the one or more UEs to address the LWIP- SeGW via the external IP address.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/US2017/052286 2016-09-22 2017-09-19 Wireless local area network integration with internet protocol security tunnel WO2018057521A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE112017003741.7T DE112017003741T5 (de) 2016-09-22 2017-09-19 Drahtlose lokalnetzwerkintegration mit internetsicherheitsprotokolltunnel

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662398210P 2016-09-22 2016-09-22
US62/398,210 2016-09-22

Publications (1)

Publication Number Publication Date
WO2018057521A1 true WO2018057521A1 (en) 2018-03-29

Family

ID=60002036

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/052286 WO2018057521A1 (en) 2016-09-22 2017-09-19 Wireless local area network integration with internet protocol security tunnel

Country Status (2)

Country Link
DE (1) DE112017003741T5 (de)
WO (1) WO2018057521A1 (de)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923033A (zh) * 2021-10-13 2022-01-11 中能融合智慧科技有限公司 工控网络的透明加密方法、装置、设备及存储介质
WO2023116638A1 (zh) * 2021-12-21 2023-06-29 中兴通讯股份有限公司 切片配置方法、系统、服务器和存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016073113A1 (en) * 2014-11-05 2016-05-12 Intel IP Corporation Apparatus, system and method of communicating between a cellular manager and a user equipment (ue) via a wlan access device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016073113A1 (en) * 2014-11-05 2016-05-12 Intel IP Corporation Apparatus, system and method of communicating between a cellular manager and a user equipment (ue) via a wlan access device

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ERICSSON ET AL: "Introduction of LWIP Support in XwAP", vol. RAN WG3, no. Athens, Greece; 20170213 - 20170217, 5 March 2017 (2017-03-05), XP051232694, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN/Docs/> [retrieved on 20170305] *
ERICSSON: "Information transfer between eNB, WT and UE for LWIP", vol. RAN WG3, no. Athens, Greece; 20170213 - 20170217, 12 February 2017 (2017-02-12), XP051213246, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN3/Docs/> [retrieved on 20170212] *
ERICSSON: "Overview of LTE-WLAN integration supporting legacy WLAN", vol. RAN WG2, no. Malmö, Sweden; 20151005 - 20151009, 4 October 2015 (2015-10-04), XP051005249, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN2/Docs/> [retrieved on 20151004] *
ERICSSON: "Stage two for LWIP", vol. RAN WG2, no. Malta; 20160215 - 20160219, 6 February 2016 (2016-02-06), XP051065859, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_ran/WG2_RL2/TSGR2_93/Docs/> [retrieved on 20160206] *
RICHARD BURBIDGE ET AL: "doc.: IEEE 802.11-16/351r0 Submission March 2016 Liaison from 3GPP on LWA and LWIP Name Company Address Phone email", 11 March 2016 (2016-03-11), XP055382059, Retrieved from the Internet <URL:https://mentor.ieee.org/802.11/dcn/16/11-16-0351-00-0000-liaison-from-3gpp-on-lwa-and-lwip.pptx> [retrieved on 20170615] *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113923033A (zh) * 2021-10-13 2022-01-11 中能融合智慧科技有限公司 工控网络的透明加密方法、装置、设备及存储介质
WO2023116638A1 (zh) * 2021-12-21 2023-06-29 中兴通讯股份有限公司 切片配置方法、系统、服务器和存储介质

Also Published As

Publication number Publication date
DE112017003741T5 (de) 2019-05-09

Similar Documents

Publication Publication Date Title
US11979926B2 (en) Systems, methods, and apparatuses for enabling relay services for user equipment to access 5GC via a residential gateway
TWI707563B (zh) 用於有效率資料傳輸的行動物聯網架構
RU2653059C1 (ru) Передача малых объемов данных в беспроводной коммуникационной сети
EP3771245A1 (de) Datenschutz sowie authentifizierung und autorisierung eines erweiterbaren authentifizierungsprotokolls in mobilfunknetzen
US10809999B2 (en) Secure firmware upgrade for cellular IoT
US10827542B2 (en) Cellular IOT control and user plane switching
US11700604B2 (en) Systems, methods, and devices for PUSCH default beam in multi-panel operation
EP3412057B1 (de) Betrieb eines paketdatenkonvergenzprotokolls (pdcp) in einem transparenten modus
US10327143B2 (en) Apparatus, system and method of communicating between a cellular manager and a user equipment (UE) via a WLAN node
EP3892035A1 (de) Überlastregelung über verschiedene öffentliche mobile landfunknetze
WO2018031110A1 (en) X2 support for enhanced mobility (emob)
TWI751118B (zh) 將不同的無線電接取網路之獨立的、標準化的接取提供至核心網路之技術
WO2018057473A1 (en) Support for session continuity and control plane signaling in multi-radio access technology environments
CN110036658B (zh) Lwip用户平面接口
WO2018057521A1 (en) Wireless local area network integration with internet protocol security tunnel
WO2017099864A1 (en) Standardized access to core networks
TW201717688A (zh) 不使用核心蜂巢式網路的蜂巢式裝置安全連接技術
JP7139527B2 (ja) ハンドオーバ中の経路スイッチ後のロバストヘッダ圧縮インジケーション
WO2017135986A1 (en) Multiple bearer transmission in the uplink for long term evolution and wifi integration
US10880873B2 (en) Support for local access in a cellular and a non-cellular RAN
EP3857744A1 (de) Backhaul-signalisierung zur benachrichtigung und koordination in der ferninterferenzverwaltung

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17778045

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17778045

Country of ref document: EP

Kind code of ref document: A1