WO2019113940A1

WO2019113940A1 - Techniques for detecting fake cells in wireless communications

Info

Publication number: WO2019113940A1
Application number: PCT/CN2017/116466
Authority: WO
Inventors: Shiau-He Tsai; Bhanu Kiran JANGA; Sohrab AHMAD; Jun Deng; Jie Mao; Ling Hang; Ajit Gupta
Original assignee: Qualcomm Incorporated
Priority date: 2017-12-15
Filing date: 2017-12-15
Publication date: 2019-06-20

Abstract

Aspects of the present disclosure describe detecting, by a user equipment (UE), fake cells in wireless communications. For example, the UE can determine invalid operator Public Land Mobile Network (PLMN) identifier (ID) combinations in system broadcast; determine illogical mobility configurations in system broadcast, and can perform special non-access-stratum (NAS) /Radio Resource Control (RRC) handling of attach/area-crossing tracking area update (TAU) requests.

Description

TECHNIQUES FOR DETECTING FAKE CELLS IN WIRELESS COMMUNICATIONS

BACKGROUND

Aspects of the present disclosure relate generally to wireless communication systems, and more particularly, to detecting fake cells in wireless communications.

Wireless communication systems are widely deployed to provide various types of communication content such as voice, video, packet data, messaging, broadcast, and so on. These systems may be multiple-access systems capable of supporting communication with multiple users by sharing the available system resources (e.g., time, frequency, and power) . Examples of such multiple-access systems include code-division multiple access (CDMA) systems, time-division multiple access (TDMA) systems, frequency-division multiple access (FDMA) systems, and orthogonal frequency-division multiple access (OFDMA) systems, and single-carrier frequency division multiple access (SC-FDMA) systems.

These multiple access technologies have been adopted in various telecommunication standards to provide a common protocol that enables different wireless devices to communicate on a municipal, national, regional, and even global level. For example, fourth generating (4G) and/or fifth generation (5G) wireless communications technologies have been, or are being, developed to expand and support diverse usage scenarios and applications with respect to current mobile network generations. An example of a 4G network can include a third generation partnership project (3GPP) long term evolution (LTE) network.

In wireless networks, a problem may exist where a fake cell can be provided to exploit the security vulnerabilities in older wireless radio access technologies (e.g., 2G) and disrupt wireless communications for a user equipment (UE) in a current radio access technology (e.g., 4G/LTE and beyond) and/or to obtain confidential information from the UEs. A fake cell can refer to a cell implemented by a party that is not a valid cellular operator. In one example, a fake cell can cause denial-of-service (DoS) to a user equipment (UE) by removing support for 4G (or beyond) technology. In another example, a fake cell can cause the UE to select or reselect to an older, less secure radio access technology (e.g., a 2G cell) , for instance via biased selection/reselection criteria, where the 2G cell is the same as or is associated with the fake cell. Once the UE is biased to operate in the 2G technology, for example, the fake cell may continue to deny 4G or beyond service and/or may exploit further security vulnerabilities.

Thus, there is an opportunity for improvement in wireless communication technologies.

SUMMARY

The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.

According to an example, a method and apparatus for detecting, by a user equipment (UE) , fake cells in wireless communications is provided. The method and apparatus includes receiving, at a UE, at least one system information block (SIB) from a network entity associated with a first cell, the at least one SIB including a plurality of network identifiers corresponding to two or more network operators associated with the network entity, determining whether the two or more network operators correspond to a mutually exclusive combination of network operators for the network entity, wherein the mutually exclusive combination of network operators includes a first network operator that cannot be concurrently configured with at least a second network operator at the network entity, and barring a cell selection procedure or a reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity.

According to an example, a method and apparatus for detecting, by a UE, fake cells in wireless communications is provided. The method and apparatus includes receiving, at a UE, at least one SIB from a first network entity associated with a first cell, the at least one SIB including mobility configuration information indicating one or more parameters for use by the UE to perform a cell reselection procedure to a second cell, determining whether the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell, and barring a cell selection procedure or a cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

According to an example, a method and apparatus for detecting, by a UE, fake cells in wireless communications is provided. The method and apparatus includes performing, by a UE, a consecutive number of attach procedures to a first cell associated with a network entity, determining whether a non-access-stratum (NAS) response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity, adding an Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (E-UTRAN) cell global identifier associated with the first cell of the first network entity to a barred list based on a determination that the NAS response message is not received in response to the consecutive number of procedures to the first cell associated with the first network entity, the barred list including one or more network entities with one or more cells barred from being selected or reselected, and performing a subsequent attach procedure to at least a second cell different from first cell.

To the accomplishment of the foregoing and related ends, the one or more aspects comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative features of the one or more aspects. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed, and this description is intended to include all such aspects and their equivalents.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosed aspects will hereinafter be described in conjunction with the appended drawings, provided to illustrate and not to limit the disclosed aspects, wherein like designations denote like elements, and in which:

FIG. 1 illustrates an example of a wireless communication system, in accordance with various aspects of the present disclosure;

FIG. 2 is a block diagram illustrating an example of a UE, in accordance with various aspects of the present disclosure;

FIG. 3 is a flow chart illustrating an example of a first method for establishing a connection with a cell, in accordance with various aspects of the present disclosure;

FIG. 4 is a flow chart illustrating an example of a second method for establishing a connection with a cell, in accordance with various aspects of the present disclosure;

FIG. 5 is a flow chart illustrating an example of a third method for establishing a connection with a cell, in accordance with various aspects of the present disclosure; and

FIG. 6 is a block diagram illustrating an example of a MIMO communication system including a base station and a UE, in accordance with various aspects of the present disclosure.

DETAILED DESCRIPTION

Various aspects are now described with reference to the drawings. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more aspects. It may be evident, however, that such aspect (s) may be practiced without these specific details.

The described features generally relate to enabling a user equipment (UE) to detect and avoid a fake cell in a wireless network. A fake cell can refer to a cell implemented by a party that is not a valid cellular operator, such as disrupting wireless communications of the UE, and/or obtaining confidential information from the UE, etc. For example, a fake cell can broadcast system information defined for use in a wireless technology, such as third generation partnership project (3GPP) long term evolution (LTE) , to advertise wireless communications services, and can provide a mechanism for UEs to attach to the fake cell, such as a random access channel (RACH) for performing RACH procedures, etc. Thus, UEs can connect to the fake cell, and the fake cell can cause a denial of service (DoS) by preventing the UE from accessing valid LTE radio access technology (RAT) service, by removing LTE parameters from the UE and/or by biasing the UE to select or reselect to an earlier RAT (e.g., 2G) having lesser security protocols than current RATs (e.g., 4G/LTE and beyond) .

For example, the fourth-generation (4G) cellular network, although significantly improved in security over previous generations, may still have the vulnerability that a UE cannot actively validate the network under certain scenarios. For example, when a UE updates its presence upon entering a new tracking area and receives a network response indicating anomaly, it may not able to authenticate its counterpart. Another example is that there may not be a defined UE mechanism to determine reliability of system configuration for mobility towards previous generations (albeit this may not be essential for acquiring 4G services) . It may be possible, in this regard, for UEs to lose 4G services because of fake base station/cell encounters.

The detrimental effect from accessing unsafe network can manifest in UE’s loss of 4G service (referred to as a downgrade attack) , and the subsequent UE exposure to rogue 2G base stations, which the 2G specifications enable to operate without security and which can gain illicit control over the UE. One way for the unsafe network to accomplish this is with a DoS attack at the NAS layer, which can force the UE to remove 4G parameters. Another example of DoS is that the fake cell can provide the UE with extremely biased 4G-to-2G reselection configuration in the system broadcast information.

The NAS DoS attack can exhibit multiple levels of sophistication, such as (1) no response to UE’s NAS TAU request (e.g., either no lower-layer connection setup or a bare connection setup without any NAS signaling) or (2) sending identity request in response to NAS TAU followed by rejection (or lower-layer redirect) , where the UE can either (1) remove 4G from its radio access technology (RAT) list after five failed TAUs in a row, or (2) is down-graded/redirected to 2G. In an example, the biased reselection configuration can be characterized either by (1) limited 4G mobility (e.g., no intra-4G reselection at all or intra-frequency only) , or (2) biased 4G-to-2G parameters (e.g., any 2G cell is qualified for reselection with equal or higher priorities than 4G) . Aspects are described herein for improving UE capability for detecting potentially fake cells, and/or barring connection thereto.

Accordingly, the present solution provides one or more techniques at the access stratum (AS) and/or at the non-access stratum (NAS) layer of the UE that can be used to counteract these attacks, and to effectively maintain valid 4G services at the UE.

For example, one technique includes identifying invalid network operator combinations in system information broadcasts, which can be an indication of a fake cell. For instance, an invalid network operator combination may be detected when a cell advertises support for two or more different operators that typically do not share base stations.

In another example, one technique includes identifying illogical mobility configuration information in system information broadcasts, which can be an indication of a fake cell. For instance, illogical mobility configuration information may include either configurations biased towards previous RAT generations, and/or configurations that set up a “mobility trap” that keep the UE from selecting or reselecting to a legitimate newer RAT cell.

In a further example, one technique includes performing special NAS/RRC handling of attach/area-crossing TAU procedures to avoid downgrading service and/or to avoid a mobility trap.

For instance, as the fake cells are typically not truly connected to a backend cellular network, the fake cells may not be able to sufficiently satisfy a TAU procedure performed by the UE. As such, a number of failed TAU requests may be indicative the UE being attached to a fake cell. The same may be true for performing home public land mobile network (HPLMN) attach requests. Accordingly, in one example of the present techniques, the UE can be configured to perform a number of non-access stratum (NAS) requests of a NAS procedure before determining to not support LTE communications (at least for a period of time) . Such NAS procedures may include substantially any procedure performed at a NAS layer as part of establishing communications with a cell, such as a TAU procedure, a HPLMN attach procedure, etc. Occurrence of sequential failed NAS requests in such procedures can be relatively rare, and thus can be used to detect possible connection to the fake cell. As described herein, a UE can perform the NAS procedure with a cell, and where a number of NAS requests fail, the UE can consider the cell to be a fake cell, can bar connections to the cell, and can attempt to connect to a different cell. This can avoid the UE falling into a DoS of the fake cell, falling back to a 2G cell, which may be indicated by the fake cell and may be another fake cell for the purpose of compromising information on the UE, etc.

Thus, the UE can be configured to use the techniques described herein individually, or in any combination, to avoid a fake cell.

The described features will be presented in more detail below with reference to FIGS. 1-6.

As used in this application, the terms “component, ” “module, ” “system” and the like are intended to include a computer-related entity, such as but not limited to hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components can reside within a process and/or thread of execution and a component can be localized on one computer and/or distributed between two or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. The components can communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets, such as data from one component interacting with another component in a local system, distributed system, and/or across a network such as the Internet with other systems by way of the signal.

Techniques described herein may be used for various wireless communication systems such as CDMA, TDMA, FDMA, OFDMA, SC-FDMA, and other systems. The terms “system” and “network” may often be used interchangeably. A CDMA system may implement a radio technology such as CDMA2000, Universal Terrestrial Radio Access (UTRA) , etc. CDMA2000 covers IS-2000, IS-95, and IS-856 standards. IS-2000 Releases 0 and A are commonly referred to as CDMA2000 1X, 1X, etc. IS-856 (TIA-856) is commonly referred to as CDMA2000 1xEV-DO, High Rate Packet Data (HRPD) , etc. UTRA includes Wideband CDMA (WCDMA) and other variants of CDMA. A TDMA system may implement a radio technology such as Global System for Mobile Communications (GSM) . An OFDMA system may implement a radio technology such as Ultra Mobile Broadband (UMB) , Evolved UTRA (E-UTRA) , IEEE 802.11 (Wi-Fi) , IEEE 802.16 (WiMAX) , IEEE 802.20, Flash-OFDM ^TM, etc. UTRA and E-UTRA are part of Universal Mobile Telecommunication System (UMTS) . 3GPP Long Term Evolution (LTE) and LTE-Advanced (LTE-A) are new releases of UMTS that use E-UTRA. UTRA, E-UTRA, UMTS, LTE, LTE-A, and GSM are described in documents from an organization named “3rd Generation Partnership Project” (3GPP) . CDMA2000 and UMB are described in documents from an organization named “3rd Generation Partnership Project 2” (3GPP2) . The techniques described herein may be used for the systems and radio technologies mentioned above as well as other systems and radio technologies, including cellular (e.g., LTE) communications over a shared radio frequency spectrum band. The description below, however, describes an LTE/LTE-A system for purposes of example, and LTE terminology is used in much of the description below, although the techniques are applicable beyond LTE/LTE-A applications (e.g., to 5G networks or other next generation communication systems) .

The following description provides examples, and is not limiting of the scope, applicability, or examples set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the scope of the disclosure. Various examples may omit, substitute, or add various procedures or components as appropriate. For instance, the methods described may be performed in an order different from that described, and various steps may be added, omitted, or combined. Also, features described with respect to some examples may be combined in other examples.

Various aspects or features will be presented in terms of systems that can include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems can include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. A combination of these approaches can also be used.

FIG. 1 illustrates an example of a wireless communication system 100 in accordance with various aspects of the present disclosure. The wireless communication system 100 may include one or more base stations 105, one or more UEs 115, and a core network 130. One or more of the base stations 105 may include functionality for performing AS and NAS procedures with one or more UEs 115, enabling the UEs 115 to communicate within the network and/or via the core network 130 and/or redirecting UEs 115 to fallback networks (e.g., 2G networks in circuit switched fallback or other fallback where LTE is not available) , etc. In addition to thee valid base stations 105, wireless communication system 100 may include one or more fake base stations or fake cells 150 that may broadcast system information advertising wireless communication services to one or more UEs 115, but without providing backend connectivity to the core network 130. As described, for example, the fake cell 150 can be capable of initiating a DoS attack for LTE services on connected UEs 115, redirecting UEs 115 to a rogue early RAT (e.g., 2G) for exploiting security vulnerabilities of 2G, etc. To counteract such fake cells 150, one or more UEs 115 can include a communicating component 240 for establishing a communication link 125 with one or more cells of a base station 105 (or communication link 152 with fake cell 150) , detecting whether the cell is a fake cell, and possibly barring further connections with the cell. This technique can help to prevent DoS attacks, and/or other security vulnerability exploitation, on the UE 115 by the fake cell 150, as is explained below in more detail.

The core network 130 may provide user authentication, access authorization, tracking, internet protocol (IP) connectivity, and other access, routing, or mobility functions. The base stations 105 may interface with the core network 130 through backhaul links 132 (e.g., S1, etc. ) . The base stations 105 may perform radio configuration and scheduling for communication with the UEs 115, or may operate under the control of a base station controller (not shown) . In various examples, the base stations 105 may communicate, either directly or indirectly (e.g., through core network 130) , with one another over backhaul links 134 (e.g., X2, etc. ) , which may be wired or wireless communication links.

The base stations 105 may wirelessly communicate with the UEs 115 via one or more base station antennas. Each of the base stations 105 may provide communication coverage for a respective geographic coverage area 110. In some examples, base stations 105 may be referred to as a network entity, a base transceiver station, a radio base station, an access point, a radio transceiver, a NodeB, eNodeB (eNB) , Home NodeB, a Home eNodeB, or some other suitable terminology. The geographic coverage area 110 for a base station 105 may be divided into sectors making up only a portion of the coverage area (not shown) . The wireless communication system 100 may include base stations 105 of different types (e.g., macro or small cell base stations) . There may be overlapping geographic coverage areas 110 for different technologies.

In some examples, the wireless communication system 100 may be or include a Long Term Evolution (LTE) or LTE-Advanced (LTE-A) network. The wireless communication system 100 may also be a next generation network, such as a 5G wireless communication network. In LTE/LTE-A networks, the term evolved node B (eNB) , gNB, etc. may be generally used to describe the base stations 105, while the term UE may be generally used to describe the UEs 115. The wireless communication system 100 may be a heterogeneous LTE/LTE-A network in which different types of eNBs provide coverage for various geographical regions. For example, each eNB or base station 105 may provide communication coverage for a macro cell, a small cell, or other types of cell. The term “cell” is a 3GPP term that can be used to describe a base station, a carrier or component carrier associated with a base station, or a coverage area (e.g., sector, etc. ) of a carrier or base station, depending on context.

A macro cell may cover a relatively large geographic area (e.g., several kilometers in radius) and may allow unrestricted access by UEs 115 with service subscriptions with the network provider.

A small cell may include a lower-powered base station, as compared with a macro cell, that may operate in the same or different (e.g., licensed, unlicensed, etc. ) frequency bands as macro cells. Small cells may include pico cells, femto cells, and micro cells according to various examples. A pico cell, for example, may cover a small geographic area and may allow unrestricted access by UEs 115 with service subscriptions with the network provider. A femto cell may also cover a small geographic area (e.g., a home) and may provide restricted access by UEs 115 having an association with the femto cell (e.g., UEs 115 in a closed subscriber group (CSG) , UEs 115 for users in the home, and the like) . An eNB for a macro cell may be referred to as a macro eNB, gNB, etc. An eNB for a small cell may be referred to as a small cell eNB, a pico eNB, a femto eNB, or a home eNB. An eNB may support one or multiple (e.g., two, three, four, and the like) cells (e.g., component carriers) .

The communication networks that may accommodate some of the various disclosed examples may be packet-based networks that operate according to a layered protocol stack and data in the user plane may be based on the IP. A packet data convergence protocol (PDCP) layer can provide header compression, ciphering, integrity protection, etc. of IP packets. A radio link control (RLC) layer may perform packet segmentation and reassembly to communicate over logical channels. A media access control (MAC) layer may perform priority handling and multiplexing of logical channels into transport channels. The MAC layer may also use HARQ to provide retransmission at the MAC layer to improve link efficiency. In the control plane, the radio resource control (RRC) protocol layer may provide establishment, configuration, and maintenance of an RRC connection between a UE 115 and the base stations 105. The RRC protocol layer may also be used for core network 130 support of radio bearers for the user plane data. At the physical (PHY) layer, the transport channels may be mapped to physical channels.

The UEs 115 may be dispersed throughout the wireless communication system 100, and each UE 115 may be stationary or mobile. A UE 115 may also include or be referred to by those skilled in the art as a mobile station, a subscriber station, a mobile unit, a subscriber unit, a wireless unit, a remote unit, a mobile device, a wireless device, a wireless communications device, a remote device, a mobile subscriber station, an access terminal, a mobile terminal, a wireless terminal, a remote terminal, a handset, a user agent, a mobile client, a client, or some other suitable terminology. A UE 115 may be a cellular phone, a personal digital assistant (PDA) , a wireless modem, a wireless communication device, a handheld device, a tablet computer, a laptop computer, a cordless phone, a wireless local loop (WLL) station, an entertainment device, a vehicular component, or the like. A UE may be able to communicate with various types of base stations and network equipment including macro eNBs, small cell eNBs, relay base stations, and the like.

The communication links 125 shown in wireless communication system 100 may carry UL transmissions from a UE 115 to a base station 105, or downlink (DL) transmissions, from a base station 105 to a UE 115. The downlink transmissions may also be called forward link transmissions while the uplink transmissions may also be called reverse link transmissions. Each communication link 125 may include one or more carriers, where each carrier may be a signal made up of multiple sub-carriers (e.g., waveform signals of different frequencies) modulated according to the various radio technologies described above. Each modulated signal may be sent on a different sub-carrier and may carry control information (e.g., reference signals, control channels, etc. ) , overhead information, user data, etc. The communication links 125 may transmit bidirectional communications using frequency division duplex (FDD) (e.g., using paired spectrum resources) or time division duplex (TDD) operation (e.g., using unpaired spectrum resources) . Frame structures may be defined for FDD (e.g., frame structure type 1) and TDD (e.g., frame structure type 2) .

In aspects of the wireless communication system 100, base stations 105 or UEs 115 may include multiple antennas for employing antenna diversity schemes to improve communication quality and reliability between base stations 105 and UEs 115. Additionally or alternatively, base stations 105 or UEs 115 may employ multiple input multiple output (MIMO) techniques that may take advantage of multi-path environments to transmit multiple spatial layers carrying the same or different coded data.

Wireless communication system 100 may support operation on multiple cells or carriers, a feature which may be referred to as carrier aggregation (CA) or multi-carrier operation. A carrier may also be referred to as a component carrier (CC) , a layer, a channel, etc. The terms “carrier, ” “component carrier, ” “cell, ” and “channel” may be used interchangeably herein. A UE 115 may be configured with multiple downlink CCs and one or more uplink CCs for carrier aggregation. Carrier aggregation may be used with both FDD and TDD component carriers.

Turning now to FIGS. 2-5, aspects of the present disclosure are depicted with reference to one or more components (e.g., in FIG. 2) and one or more methods (e.g., in FIGS. 3-5) that the UE 115 may perform to detect and avoid a fake cell 150. Although the operations described below in FIGS. 3 -5 are presented in a particular order and/or as being performed by an example component, it should be understood that the ordering of the actions and the components performing the actions may be varied, depending on the implementation. Moreover, it should be understood that the following actions, functions, and/or described components may be performed by a specially-programmed processor, a processor executing specially-programmed software or computer-readable media, or by any other combination of a hardware component and/or a software component capable of performing the described actions or functions.

Referring to FIG. 2, a block diagram includes components of UE 115 in a portion of the wireless communications system 100, where the UEs 115 include example components as described in the present disclosure that are configured to detect and avoid fake cells 150.

In an aspect, the UE 115 in FIG. 2 may include one or more processors 205 and/or memory 202 that may operate in combination with a communicating component 240 to perform the functions, methods (e.g., method 300 of FIG. 3, method 400 of FIG. 4, method 500 of FIG. 5) , etc., presented in the present disclosure to detect and avoid fake cells 150. In accordance with the present disclosure, the communicating component 240 may include one or more components for establishing a communication link or other connection with a cell, detecting whether the cell is a fake cell, possibly barring further connection to the cell by the UE 115, etc.

In an example, a fake eNB or fake cell 150 is set up to lure UEs to camp on the fake cell 150 so that a DoS or theft of confidential information may be performed. One signature of a fake eNB is broadcasting combinations of operator Public Land Mobile Network (PLMN) IDs that never have any shared base station agreements. For example, it is not possible to have China Mobile and China Unicom/Telecom shared base stations. In an instance, UEs 115 can obtain a pre-loaded or over-the-air (OTA) dynamic programmable list, such as in modem software, to filter out eNBs that are broadcasting invalid operator PLMN ID combinations. As such, UEs 115 can check the list, thereby preventing the UE 115 from camping on those cells associated with the fake eNBs.

Accordingly, in one implementation, for instance, the communicating component 240 may include an operator combination determination component 242, which may be configured to receive at least one SIB from a network entity associated with a first cell, the at least one SIB including a plurality of network identifiers corresponding to two or more network operators associated with the network entity. The operator combination determination component 242 is further operable to determine whether the two or more network operators correspond to a mutually exclusive combination of network operators for the network entity, wherein the mutually exclusive combination of network operators includes a first network operator that cannot be concurrently configured with at least a second network operator at the network entity. Based on this comparison, the operator combination determination component 242 is further operable to bar a cell selection procedure or a reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity.

In contrast, based on this comparison, the communicating component 240 and/or the operator combination determination component 242 may perform the cell selection procedure or the cell reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators do not correspond to the mutually exclusive combination of network operators for the network entity.

In an additional or alternative aspect, the communicating component 240 and/or the operator combination determination component 242 may receive an allowed network operator combination list for the network entity, the allowed network operator combination list including one or more allowed combinations of network operators for the network entity. For example, to determine whether the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity, the operator combination determination component 242 may determine whether the two or more network operators correspond to any of the one or more allowed combinations of network operators for the network entity according to the allowed network operator combination list.

In another additional or optional aspect, the communicating component 240 and/or the operator combination determination component 242 may receive a barred network operator combination list for the network entity, wherein the barred network operator combination list including one or more of the mutually exclusive combination of network operators for the network entity. For example, in determining whether the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity, the operator combination determination component 242 may determine whether the two or more network operators correspond to any of the one or more of the mutually exclusive combinations of network operators for the network entity according to the barred network operator combination list.

In an aspect, the plurality of network operator identifiers correspond to Public Land Mobile Network (PLMN) identifiers.

In an aspect, barring the cell selection or reselection procedure to the first cell associated with the network entity further comprises adding the network entity to a barred list including one or more network entities with one or more cells barred from being selected or reselected.

In another example, a fake eNB is not set up to serve the UEs properly, but instead may downgrade the UEs from LTE to GSM, or intercept or otherwise acquire the UE’s subscription/hardware identity information. Therefore, the fake eNB’s mobility configurations in system broadcast information is either biased towards previous generations, or sets up a “mobility trap” that keeps UEs from going to a legitimate cell. In a commercial network that is not designed for lab experiments or enclave services, the UE can counteract by barring these cells according to knowledge of its SIM policy and operator service if illogical mobility configuration is found in a cell’s system broadcast information. In an instance, some examples of illogical mobility configurations include, but are not limited to neither intra-frequency nor inter-frequency reselection is allowed in system broadcast information; cells of certain supplemental/auxiliary bands (e.g. B40) are configured without inter-frequency neighbors; an inter-frequency reselection target cell is found to have no reciprocal inter-frequency neighbor information that allows UEs to reselect back to current or previous serving cell, depending on the information block is read before or after reselection happens; and 4G cells are configured with lower priority than GSM cells and the qualifying GSM received signal strength for reselection is set to a level that is close to or lower than practically achievable GSM sensitivity level.

Accordingly, in another implementation, for example, the communicating component 240 may include a mobility configuration determination component 244, which may be configured to receive and evaluate at least one SIB from a first network entity associated with a first cell, the at least one SIB including mobility configuration information indicating one or more parameters for use by the UE to perform a cell reselection procedure to a second cell. For example, the mobility configuration determination component 244 may determine whether the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell. Based on this evaluation, the mobility configuration determination component 244 may bar a cell selection procedure or a cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

In contrast, based on this evaluation, the communicating component 240 and/or the mobility configuration determination component 244 may perform the cell selection procedure or the cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is not configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

In an aspect, the second cell is associated with a second network entity different from the first network entity. In another aspect, the second cell is associated with the first network entity.

In an aspect, the mobility configuration information bars at least one of an intra-frequency cell reselection procedure or an inter-frequency cell reselection procedure. In a further aspect, the mobility configuration information includes one or more parameters for a configuration of a plurality of bands without inter-frequency neighbors. In a further aspect, the mobility configuration information includes one or more parameters barring a reselection back to a current cell or a previous serving cell from the first cell. In a further aspect, the mobility configuration information includes one or more parameters configuring a first set of cells associated with a first Radio Access Technology (RAT) with a higher priority than a second set of cells associated with a second RAT, wherein the second RAT is newer than the first RAT.

In an aspect, in barring the cell selection or reselection procedure to the first cell associated with the first network entity, the mobility configuration determination component 244 may add the first network entity to a barred list including one or more network entities with one or more cells barred from being selected or reselected.

In an example, a programmable number X of specific-type home-PLMN attach/area-crossing TAUs in a row may occur, where X is an integer, such as a number designated by a 3GPP specification as a maximum number of attach/area-crossing TAU procedures. When the mobility configuration determination component 244 is operating as described herein, e.g., effectively turning on special handling under the USIM, and after the UE performs the X consecutive attach/area-crossing TAUs in a home PLMN cell but receives no NAS response (discounting identity request) , the mobility configuration determination component 244 causes the NAS to (1) maintain a flag “cell_in_probation” during those X times for RRC, (2) add the cell’s E-UTRAN cell global identifier to the barred cell list for Camped Normally state, and (3) extend UE’s stay in 4G for one more try of attach/area-crossing-TAU without checking the said “specific-type” if not all cells are barred or unqualified for cell selection.

In a further example, if the NAS does not receive any NAS response (discounting identity request) but receives a TAU reject with any of the following (causes that only invalidate UE’s 4G subscription) : Cause #7 –EPS services not allowed; Cause #14 –EPS services not allowed in this PLMN; Cause #42 –Severe network failure; then the mobility configuration determination component 244 causes the UE to add the cell’s E-UTRAN cell global identifier to the barred cell list for Camped Normally state, and to extend the UE’s stay in 4G for one more try (or another designated extra number of tries) of attach/area-crossing-TAU without checking the said “specific-type” if not all cells are barred or unqualified for cell selection.

In an example, when the special handling operations of the mobility configuration determination component 244 is turned on, the RRC calls the NAS for the flag “cell_in_probation. ” If the flag is set to TRUE, the RRC shall ignore LTE to GSM redirection and stay in LTE via a normal release cell selection. In another example, when the special handling operations of the mobility configuration determination component 244 is turned on, the NAS maintains the flag “cell_in_probation” as follows:

· The flag “cell_in_probation” is set to FALSE by default.

· When attach or area-crossing TAU is triggered, NAS sets “cell_in_probation” to TRUE. NAS will set “cell_in_probation” to FALSE (1) when NAS receives a message that is neither identity request nor TAU reject or (2) after RRC calls NAS for “cell_in_probation” value upon connection release by eNB.

· When NAS T3x40 timer expires with failed RRC connection and NAS initiate the next area-crossing TAU attempt (with no change to T3411) , the TAU counter increases by 1 and “cell_in_probation” remains TRUE. If RRC indicates cell reselection, NAS resets counter X to 1 and the flag “cell_in_probation” to FALSE.

· After RRC connection release calls NAS for “cell_in_probation” value, NAS shall reset the flag “cell_in_probation” back to FALSE.

In another implantation, which may be alternative or in addition to the above-noted implementations, the communicating component 240 may include a NAS determination component 246, which may be configured to perform a consecutive number of attach procedures to a first cell associated with a network entity and, based on the response (s) , determine whether or not it is dealing with a fake cell 150. For example, , the NAS determination component 246 may be configured to determine whether a NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity, to add an E-UTRAN cell global identifier associated with the first cell of the first network entity to a barred list based on a determination that the NAS response message is not received in response to the consecutive number of procedures to the first cell associated with the first network entity, the barred list including one or more network entities with one or more cells barred from being selected or reselected, and to perform a subsequent attach procedure to at least a second cell different from first cell.

In an aspect, the attach procedures correspond to at least one of a specific-type home-PLMN attach request or an area-crossing NAS tracking area update (TAU) request.

In an aspect, for example, the communicating component 240 and/or the NAS determination component 246 may determine whether the consecutive number of attach procedures satisfy a maximum threshold number of attach procedures. For example, determining whether the NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity further comprises determining whether the NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity and based on a determination that the consecutive number of attach procedures satisfy the maximum threshold number of attach procedures.

In an aspect, performing the consecutive number of attach procedures to the first cell associated with the network entity further comprises performing the consecutive number of attach procedures to the first cell associated with the network entity while maintaining a cell probation flag indicating a redirection from a first RAT to a second RAT.

In an aspect, for example, the communicating component 240 and/or the NAS determination component 246 may determine whether at least one tracking area update (TAU) rejection message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity. For example, adding the E-UTRAN cell global identifier associated with the first cell of the first network entity to the barred list based on a determination that the NAS response message is not received in response to the one or more consecutive number of procedures to the first cell associated with the first network entity further comprises adding the E-UTRAN cell global identifier associated with the first cell of the first network entity to the barred list based on a determination that the at least one TAU rejection message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity.

In an aspect, the at least one TAU rejection message includes information indicating at least one or more of an Evolved Packet System (EPS) service is not allowed, EPS service is not allowed for a PLMN associated with the first cell, or a severe network failure.

The one or more processors 205 may include a modem 220 that uses one or more modem processors. The various functions related to the communicating component 240, and/or its sub-components, may be included in modem 220 and/or processor 205 and, in an aspect, can be executed by a single processor, while in other aspects, different ones of the functions may be executed by a combination of two or more different processors. For example, in an aspect, the one or more processors 205 may include any one or any combination of a modem processor, or a baseband processor, or a digital signal processor, or a transmit processor, or a transceiver processor associated with transceiver 270, or a system-on-chip (SoC) . In particular, the one or more processors 205 may execute functions and components included in the communicating component 240. In another example, communicating component 240, or sub-components thereof, may operate at one or more communication layers, such as physical layer or L1, MAC layer or L2, a PDCP/RLC layer or L3, etc., to establish and/or terminate connections to the cells, detect fake cells based on messages from higher layers (e.g., a NAS layer) , etc.

In some examples, the communicating component 240 and each of the sub-components may comprise hardware, firmware, and/or software and may be configured to execute code or perform instructions stored in a memory (e.g., a computer-readable storage medium, such as memory 202 discussed below) . Moreover, in an aspect, the UE 115 in FIG. 2 may include an RF front end 290 and transceiver 270 for receiving and transmitting radio transmissions to, for example, base stations 105. The transceiver 270 may coordinate with the modem 220 to receive signals that include packets (e.g., and/or one or more related PDUs) . RF front end 290 may be connected to one or more antennas 273 and can include one or more switches 292, one or more amplifiers (e.g., PAs 294 and/or LNAs 291) , and one or more filters 293 for transmitting and receiving RF signals on uplink channels and downlink channels. In an aspect, the components of the RF front end 290 can connect with transceiver 270. The transceiver 270 may connect to one or more of modem 220 and processors 205.

The transceiver 270 may be configured to transmit (e.g., via transmitter (TX) radio 275) and receive (e.g., via receiver (RX) radio 280) wireless signals through antennas 273 via the RF front end 290. In an aspect, the transceiver 270 may be tuned to operate at specified frequencies such that the UE 115 can communicate with, for example, base stations 105. In an aspect, for example, the modem 220 can configure the transceiver 270 to operate at a specified frequency and power level based on the configuration of the UE 115 and communication protocol used by the modem 220.

The UE 115 in FIG. 2 may further include a memory 202, such as for storing data used herein and/or local versions of applications or communicating component 240 and/or one or more of its sub-components being executed by processor 205. Memory 202 can include any type of computer-readable medium usable by a computer or processor 205, such as RAM, ROM, tapes, magnetic discs, optical discs, volatile memory, non-volatile memory, and any combination thereof. In an aspect, for example, memory 202 may be a computer-readable storage medium that stores one or more computer-executable codes defining communicating component 240 and/or one or more of its sub-components. Additionally or alternatively, the UE 115 may include a bus 211 for coupling one or more of the RF front end 290, the transceiver 274, the memory 202, or the processor 205, and to exchange signaling information between each of the components and/or sub-components of the UE 115.

In an aspect, the processor (s) 205 may correspond to one or more of the processors described in connection with the UE in FIG. 4. Similarly, the memory 202 may correspond to the memory described in connection with the UE in FIG. 4.

FIG. 3 illustrates a flow chart of an example of a method 300 for connecting to cells in a wireless network.

At Block 302, method 300 includes receiving, at a UE, at least one SIB from a network entity associated with a first cell, the at least one SIB including a plurality of network identifiers corresponding to two or more network operators associated with the network entity. In an aspect, communicating component 240 and/or operator combination determination component 242, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can receive at least one SIB from a network entity associated with a first cell, the at least one SIB including a plurality of network identifiers corresponding to two or more network operators associated with the network entity.

At Block 304, method 300 includes determining whether the two or more network operators correspond to a mutually exclusive combination of network operators for the network entity, wherein the mutually exclusive combination of network operators includes a first network operator that cannot be concurrently configured with at least a second network operator at the network entity. In an aspect, communicating component 240 and/or operator combination determination component 242, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can determine whether the two or more network operators correspond to a mutually exclusive combination of network operators for the network entity, wherein the mutually exclusive combination of network operators includes a first network operator that cannot be concurrently configured with at least a second network operator at the network entity.

At 306, method 300 includes barring a cell selection procedure or a reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity. In an aspect, communicating component 240 and/or operator combination determination component 242, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can bar a cell selection procedure or a reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity.

At 308, method 300 includes performing the cell selection procedure or the cell reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators do not correspond to the mutually exclusive combination of network operators for the network entity. In an aspect, communicating component 240 and/or operator combination determination component 242, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can perform the cell selection procedure or the cell reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators do not correspond to the mutually exclusive combination of network operators for the network entity.

FIG. 4 illustrates a flow chart of an example of a method 400 for connecting to cells in a wireless network.

At Block 402, method 400 includes receiving, at a UE, at least one SIB from a first network entity associated with a first cell, the at least one SIB including mobility configuration information indicating one or more parameters for use by the UE to perform a cell reselection procedure to a second cell. In an aspect, communicating component 240 and/or mobility configuration determination component 244, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can receive at least one SIB from a first network entity associated with a first cell, the at least one SIB including mobility configuration information indicating one or more parameters for use by the UE to perform a cell reselection procedure to a second cell.

At Block 404, method 400 includes determining whether the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell. In an aspect, communicating component 240 and/or mobility configuration determination component 244, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can determine whether the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

At Block 406, method 400 includes barring a cell selection procedure or a cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell. In an aspect, communicating component 240 and/or mobility configuration determination component 244, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can bar a cell selection procedure or a cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

At Block 408, method 400 includes performing the cell selection procedure or the cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is not configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell. In an aspect, communicating component 240 and/or mobility configuration determination component 244, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can perform the cell selection procedure or the cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is not configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.

FIG. 5 illustrates a flow chart of an example of a method 500 for connecting to cells in a wireless network.

At Block 502, method 500 includes performing, by a UE, a consecutive number of attach procedures to a first cell associated with a network entity. In an aspect, communicating component 240 and/or NAS determination component 246, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can perform a consecutive number of attach procedures to a first cell associated with a network entity.

At Block 504, method 500 includes determining whether a NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity. In an aspect, communicating component 240 and/or NAS determination component 246, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can determine whether a NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity.

At Block 506, method 500 includes adding an E-UTRAN cell global identifier associated with the first cell of the first network entity to a barred list based on a determination that the NAS response message is not received in response to the consecutive number of procedures to the first cell associated with the first network entity, the barred list including one or more network entities with one or more cells barred from being selected or reselected. In an aspect, communicating component 240 and/or NAS determination component 246, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can add E-UTRAN cell global identifier associated with the first cell of the first network entity to a barred list based on a determination that the NAS response message is not received in response to the consecutive number of procedures to the first cell associated with the first network entity, the barred list including one or more network entities with one or more cells barred from being selected or reselected.

At Block 508, method 500 includes performing a subsequent attach procedure to at least a second cell different from first cell. In an aspect, communicating component 240 and/or NAS determination component 246, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can perform a subsequent attach procedure to at least a second cell different from first cell.

At Block 510, method 500 includes not performing a subsequent attach procedure to at least a second cell different from first cell. In an aspect, communicating component 240 and/or NAS determination component 246, e.g., in conjunction with processor (s) 205, memory 202, transceiver 270, etc., can be prevented/barred from performing a subsequent attach procedure to at least a second cell different from first cell.

FIG. 6 is a block diagram of a MIMO communication system 600 including a base station 105 and a UE 115. The MIMO communication system 600 may illustrate aspects of the wireless communication system 100 described with reference to FIG. 1. The base station 105 may be an example of aspects of the base station 105 described with reference to FIGS. 1-2. The base station 105 may be equipped with

antennas

634 and 635, and the UE 115 may be equipped with

antennas

652 and 653. In the MIMO communication system 600, the base station 105 may be able to send data over multiple communication links at the same time. Each communication link may be called a “layer” and the “rank” of the communication link may indicate the number of layers used for communication. For example, in a 2x2 MIMO communication system where base station 105 transmits two “layers, ” the rank of the communication link between the base station 105 and the UE 115 is two.

At the base station 105, a transmit (Tx) processor 620 may receive data from a data source. The transmit processor 620 may process the data. The transmit processor 620 may also generate control symbols or reference symbols. A transmit MIMO processor 630 may perform spatial processing (e.g., precoding) on data symbols, control symbols, or reference symbols, if applicable, and may provide output symbol streams to the transmit modulator/

demodulators

632 and 633. Each modulator/demodulator 632 through 633 may process a respective output symbol stream (e.g., for OFDM, etc. ) to obtain an output sample stream. Each modulator/demodulator 632 through 633 may further process (e.g., convert to analog, amplify, filter, and upconvert) the output sample stream to obtain a DL signal. In one example, DL signals from modulator/

demodulators

632 and 633 may be transmitted via the

antennas

634 and 635, respectively.

The UE 115 may be an example of aspects of the UEs 115 described with reference to FIGS. 1-2. At the UE 115, the

UE antennas

652 and 653 may receive the DL signals from the base station 105 and may provide the received signals to the modulator/

demodulators

654 and 655, respectively. Each modulator/demodulator 654 through 655 may condition (e.g., filter, amplify, down convert, and digitize) a respective received signal to obtain input samples. Each modulator/demodulator 654 through 655 may further process the input samples (e.g., for OFDM, etc. ) to obtain received symbols. A MIMO detector 656 may obtain received symbols from the modulator/

demodulators

654 and 655, perform MIMO detection on the received symbols, if applicable, and provide detected symbols. A receive (Rx) processor 658 may process (e.g., demodulate, deinterleave, and decode) the detected symbols, providing decoded data for the UE 115 to a data output, and provide decoded control information to a processor 680, or memory 682.

The processor 680 may in some cases execute stored instructions to instantiate a communicating component 240 (see e.g., FIGS. 1-2) .

On the uplink (UL) , at the UE 115, a transmit processor 664 may receive and process data from a data source. The transmit processor 664 may also generate reference symbols for a reference signal. The symbols from the transmit processor 664 may be precoded by a transmit MIMO processor 666 if applicable, further processed by the modulator/demodulators 654 and 655 (e.g., for SC-FDMA, etc. ) , and be transmitted to the base station 105 in accordance with the communication parameters received from the base station 105. At the base station 105, the UL signals from the UE 115 may be received by the

antennas

634 and 635, processed by the modulator/

demodulators

632 and 633, detected by a MIMO detector 636 if applicable, and further processed by a receive processor 638. The receive processor 638 may provide decoded data to a data output and to the processor 640 or memory 642.

The components of the UE 115 may, individually or collectively, be implemented with one or more ASICs adapted to perform some or all of the applicable functions in hardware. Each of the noted modules may be a means for performing one or more functions related to operation of the MIMO communication system 400. Similarly, the components of the base station 105 may, individually or collectively, be implemented with one or more ASICs adapted to perform some or all of the applicable functions in hardware. Each of the noted components may be a means for performing one or more functions related to operation of the MIMO communication system 400.

The above detailed description set forth above in connection with the appended drawings describes examples and does not represent the only examples that may be implemented or that are within the scope of the claims. The term “example, ” when used in this description, means “serving as an example, instance, or illustration, ” and not “preferred” or “advantageous over other examples. ” The detailed description includes specific details for the purpose of providing an understanding of the described techniques. These techniques, however, may be practiced without these specific details. In some instances, well-known structures and apparatuses are shown in block diagram form in order to avoid obscuring the concepts of the described examples.

Information and signals may be represented using any of a variety of different technologies and techniques. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, computer-executable code or instructions stored on a computer-readable medium, or any combination thereof.

The various illustrative blocks and components described in connection with the disclosure herein may be implemented or performed with a specially-programmed device, such as but not limited to a processor, a digital signal processor (DSP) , an ASIC, a FPGA or other programmable logic device, a discrete gate or transistor logic, a discrete hardware component, or any combination thereof designed to perform the functions described herein. A specially-programmed processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A specially-programmed processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, multiple microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.

The functions described herein may be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software executed by a processor, the functions may be stored on or transmitted over as one or more instructions or code on a non-transitory computer-readable medium. Other examples and implementations are within the scope and spirit of the disclosure and appended claims. For example, due to the nature of software, functions described above can be implemented using software executed by a specially programmed processor, hardware, firmware, hardwiring, or combinations of any of these. Features implementing functions may also be physically located at various positions, including being distributed such that portions of functions are implemented at different physical locations. Also, as used herein, including in the claims, “or” as used in a list of items prefaced by “at least one of” indicates a disjunctive list such that, for example, a list of “at least one of A, B, or C” means A or B or C or AB or AC or BC or ABC (i.e., A and B and C) .

Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage medium may be any available medium that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code means in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL) , or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, include compact disc (CD) , laser disc, optical disc, digital versatile disc (DVD) , floppy disk and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above are also included within the scope of computer-readable media.

The previous description of the disclosure is provided to enable a person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the common principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Furthermore, although elements of the described aspects and/or embodiments may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated. Additionally, all or a portion of any aspect and/or embodiment may be utilized with all or a portion of any other aspect and/or embodiment, unless stated otherwise. Thus, the disclosure is not to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

A method of wireless communications, comprising:

receiving, at a user equipment (UE) , at least one system information block (SIB) from a network entity associated with a first cell, the at least one SIB including a plurality of network identifiers corresponding to two or more network operators associated with the network entity;

determining whether the two or more network operators correspond to a mutually exclusive combination of network operators for the network entity, wherein the mutually exclusive combination of network operators includes a first network operator that cannot be concurrently configured with at least a second network operator at the network entity; and

barring a cell selection procedure or a reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity.
The method of claim 1, further comprising performing the cell selection procedure or the cell reselection procedure to the first cell associated with the network entity based on a determination that the two or more network operators do not correspond to the mutually exclusive combination of network operators for the network entity.
The method of claim 1, further comprising receiving an allowed network operator combination list for the network entity, the allowed network operator combination list including one or more allowed combinations of network operators for the network entity.
The method of claim 3, wherein determining whether the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity further comprises determining whether the two or more network operators correspond to any of the one or more allowed combinations of network operators for the network entity according to the allowed network operator combination list.
The method of claim 1, further comprising receiving barred network operator combination list for the network entity, the barred network operator combination list including one or more of the mutually exclusive combination of network operators for the network entity.
The method of claim 5, wherein determining whether the two or more network operators correspond to the mutually exclusive combination of network operators for the network entity further comprises determining whether the two or more network operators correspond to any of the one or more of the mutually exclusive combinations of network operators for the network entity according to the barred network operator combination list.
The method of claim 1, wherein the plurality of network operator identifiers correspond to Public Land Mobile Network (PLMN) identifiers.
The method of claim 1, wherein barring the cell selection or reselection procedure to the first cell associated with the network entity further comprises adding the network entity to a barred list including one or more network entities with one or more cells barred from being selected or reselected.
A method of wireless communications, comprising:

receiving, at a user equipment (UE) , at least one system information block (SIB) from a first network entity associated with a first cell, the at least one SIB including mobility configuration information indicating one or more parameters for use by the UE to perform a cell reselection procedure to a second cell;

determining whether the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell; and

barring a cell selection procedure or a cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.
The method of claim 9, further comprising performing the cell selection procedure or the cell reselection procedure to the first cell associated with the first network entity based on a determination that the mobility configuration information is not configured to prevent the UE from reselecting to at least the second cell after camping on to the first cell.
The method of claim 9, wherein the second cell is associated with a second network entity different from the first network entity.
The method of claim 9, wherein the second cell is associated with the first network entity.
The method of claim 9, wherein the mobility configuration information bars at least one of an intra-frequency cell reselection procedure or an inter-frequency cell reselection procedure.
The method of claim 9, wherein the mobility configuration information includes one or more parameters for a configuration of a plurality of bands without inter-frequency neighbors.
The method of claim 9, wherein the mobility configuration information includes one or more parameters barring a reselection back to a current cell or a previous serving cell from the first cell, wherein the one or more parameters correspond to at least one of an intra-frequency neighbor configuration included in a SIB3 or an intra-frequency reselection flag included in a SIB1.
The method of claim 9, wherein the mobility configuration information includes one or more parameters configuring a first set of cells associated with a first Radio Access Technology (RAT) with a higher priority than a second set of cells associated with a second RAT, wherein the second RAT is newer than the first RAT, wherein a qualifying signal level for the second RAT is below a threshold.
The method of claim 9, wherein barring the cell selection or reselection procedure to the first cell associated with the first network entity further comprises adding the first network entity to a barred list including one or more network entities with one or more cells barred from being selected or reselected.
A method of wireless communications, comprising:

performing, by a user equipment (UE) , a consecutive number of attach procedures to a first cell associated with a network entity;

determining whether a non-access-stratum (NAS) response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity;

adding an Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (E-UTRAN) cell global identifier associated with the first cell of the first network entity to a barred list based on a determination that the NAS response message is not received in response to the consecutive number of procedures to the first cell associated with the first network entity, the barred list including one or more network entities with one or more cells barred from being selected or reselected; and

performing a subsequent attach procedure to at least a second cell different from first cell.
The method of claim 18, wherein the attach procedures correspond to at least one of a specific-type home-Public Land Mobile Network (PLMN) attach request or an area-crossing NAS tracking area update (TAU) request.
The method of claim 18, further comprising determining whether the consecutive number of attach procedures satisfy a maximum threshold number of attach procedures; and

wherein the determining whether the NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity further comprises determining whether the NAS response message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity and based on a determination that the consecutive number of attach procedures satisfy the maximum threshold number of attach procedures.
The method of claim 18, wherein performing the consecutive number of attach procedures to the first cell associated with the network entity further comprises performing the consecutive number of attach procedures to the first cell associated with the network entity while maintaining a cell probation flag indicating a redirection from a first Radio Access Technology (RAT) to a second RAT is on hold.
The method of claim 18, further comprising determining whether at least one tracking area update (TAU) rejection message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity; and

wherein adding the E-UTRAN cell global identifier associated with the first cell of the first network entity to the barred list based on a determination that the NAS response message is not received in response to the one or more consecutive number of procedures to the first cell associated with the first network entity further comprises adding the E-UTRAN cell global identifier associated with the first cell of the first network entity to the barred list based on a determination that the at least one TAU rejection message is received in response to any of the consecutive number of attach procedures to the cell associated with the first network entity.
The method of claim 22, wherein the at least one TAU rejection message includes information indicating at least one or more of an Evolved Packet System (EPS) service is not allowed, EPS service is not allowed for a Public Land Mobile Network (PLMN) associated with the first cell, or a severe network failure.
An apparatus for wireless communication, comprising:

a transceiver for communicating in a wireless network via one or more antennas;

a memory configured to store instructions; and

one or more processors communicatively coupled with the transceiver and the memory, wherein the one or more processors are configured to:

perform the method of one or more of claims 1-23.
An apparatus for wireless communications, comprising:

means for performing the method of one or more of claims 1-23.
A computer-readable medium, comprising code executable by one or more processors for wireless communications, comprising:

code for performing the method of one or more of claims 1-23.