WO2021089903A1 - Fourniture de service de fonction modem - Google Patents

Fourniture de service de fonction modem Download PDF

Info

Publication number
WO2021089903A1
WO2021089903A1 PCT/FI2019/050787 FI2019050787W WO2021089903A1 WO 2021089903 A1 WO2021089903 A1 WO 2021089903A1 FI 2019050787 W FI2019050787 W FI 2019050787W WO 2021089903 A1 WO2021089903 A1 WO 2021089903A1
Authority
WO
WIPO (PCT)
Prior art keywords
tethering
wireless device
authentication token
authentication
service
Prior art date
Application number
PCT/FI2019/050787
Other languages
English (en)
Inventor
Ling Yu
György WOLFNER
Hans HÖHNE
Anja Jerichow
Tero Henttonen
Bo Holm BJERRUM
Lianghai JI
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to PCT/FI2019/050787 priority Critical patent/WO2021089903A1/fr
Publication of WO2021089903A1 publication Critical patent/WO2021089903A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/61Time-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Definitions

  • Various example embodiments relate to tethering service provision.
  • tethering may be provided by wireless local area network (WLAN) hotspots, where a user device may set up a WLAN AP for other WLAN STAs.
  • WLAN wireless local area network
  • a tethering node may provide local service to other nodes in the vicinity in ad-hoc fashion and without requesting permission from operators who to provide internet connectivity to.
  • Tethering is particularly interesting in unlicensed spectrum, where users can set up cells without having to acquire a license for the spectrum.
  • the tethering services may be of interest also for licensed spectrum, which may be used e.g. to offload the operator deployed cellular network capacity by allowing UEs to offer tethering services on licensed spectrum band that is not used by the on-site cellular network deployed by the operator.
  • a method for a wireless device comprising: receiving a tethering authentication configuration from a network node, generating an authentication token on the basis of the authentication configuration and location information indicative of current location of the wireless device configured to operate as a tethering node, transmitting to the network node a request message comprising the authentication token for authorizing a tethering service for one or more tethered devices, and establishing a session for the tethering service for the one or more tethered devices in response to a response message from the network node indicative of authorization of the tethering service.
  • a method for a network node comprising: transmitting a tethering authentication configuration to a wireless device, receiving from the wireless device a request message comprising an authentication token for authorizing a tethering service for one or more tethered devices, the authentication token being based on the authentication configuration and location information indicative of current location of the wireless device configured to operate as a tethering node for the one or more tethered devices, performing authorization of the tethering service on the basis of the received authentication token, and transmitting to the wireless device a response message indicative of authorization of the tethering service.
  • an apparatus comprising at least one processor, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus at least to carry out features in accordance with the first or second aspect, or any embodiment thereof.
  • a computer program and a computer-readable medium, or a non-transitory computer-readable medium configured, when executed in a data processing apparatus, to carry out features in accordance with the first and/or second aspect, or an embodiment thereof
  • FIGURE 1 illustrates an example communications system in accordance with at least some embodiments
  • FIGURES 2 and 3 illustrate methods in accordance with at least some embodiments
  • FIGURE 4 is a signalling example in accordance with at least some embodiments.
  • FIGURE 5 illustrates an example apparatus capable of supporting at least some embodiments.
  • FIG. 1 illustrates a simplified example of a system.
  • the system comprises a wireless device (WD) 10, such as a user equipment (UE).
  • WD wireless device
  • UE user equipment
  • 3GPP Third Generation Partnership Project
  • the term user equipment/UE is to be understood broadly to cover various mobile/wireless terminal devices, mobile stations and devices for user communication and/or machine type or IoT communication.
  • the WD 10 is a constrained UE device, lacking some capabilities over a conventional or fully-equipped UE.
  • the system comprises a mobile network, which may comprise an access network (AN) 20 and a core network (CN) 30.
  • the AN 20 may be a cellular or public land mobile network (PLMN) based access network, such as a 3 GPP 5G (or another generation) (radio) access network.
  • PLMN public land mobile network
  • a wireless connection may be provided for the wireless device 10 in a cell or coverage area 24 by (access) network node 22, such as a NodeB, evolved NodeB (eNB), Next Generation (NG) NodeB (gNB), a base station, an access point, or other suitable wireless/radio access network device or system.
  • the network node 22 may be configured to provide a wireless connection to the wireless device 10 in licensed spectrum.
  • the access network 20 (and the node(s) 22 thereof) is connected to further node(s) of the network 30, such as a Next Generation core network, Evolved Packet Core (EPC), or another type of core network / network management element.
  • the WD 10 may be configured to connect a non-public network (NPN).
  • NPN non-public network
  • the NPN may comprise a cellular or non-cellular access network with access network node(s), such as an access point (AP) of an IEEE 802.11 based network or other non-3GPP access network, without however limiting to these examples.
  • the access network 20 is an NPN access network, which may be a private company network, for example.
  • the NPN may comprise an NPN core network, which may comprise a set of appropriate core network functions.
  • the NPN may be a standalone NPN (SNPN), i.e. operated by an NPN operator and not relying on network functions provided by a PLMN, or a public network integrated NPN, i.e. a non-public network deployed with the support of a PLMN.
  • Public network integrated NPNs can be enabled using network slicing.
  • the core network 30 may comprise various network functions (NFs) 32, 34.
  • a network function in the present application may refer to an operational and/or physical entity, without limiting to 5G network functions.
  • the network function may be a specific network node or element, or a specific function or set of functions carried out by one or more entities, such as virtual network elements or physical network nodes. Examples of such network functions include an access control or management function, mobility management or control function, session management or control function, interworking, data management or storage function, authentication function, data storage function, or a combination of one or more of these functions.
  • There may be an authenticator network function configured to authenticate the WD 10.
  • There may be an authentication information provider network function configured to provide authentication information for wireless device authentication.
  • the core network 30 and the network functions 32, 34 comprise 3GPP 4G and/or 5G core network functions, some of which are illustrated below.
  • H(e)NB is a network element that connects User Equipment via its radio interface to operator’s core network.
  • the term H(e)NB refers to both Home NodeB (HNB) and Home eNodeB (HeNB), when both are meant without distinction.
  • UP User plane
  • CP control plane
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • the SMF controls one or more User Plane Functions (UPF) for handling user plane path of packet data unit (PDU) sessions for the UE.
  • the AMF may comprise termination of radio access network CP N2 interface, registration management, connection management, reachability management, mobility management, access authentication, access authorization, Security Anchor Functionality (SEAF), Security Context Management (SCM), and support of N2 interface for non-3GPP access.
  • SEAF Security Anchor Functionality
  • SCM Security Context Management
  • Authentication Server Function AUSF communicates with the AMF over N12 reference point.
  • USB Universal Subscriber Identity Module
  • the AUSF handles authentication request for 3 GPP and non-3GPP access.
  • Unified Data Management UDM is connected to the AUSF over N13 reference point and to the AMF over N8 reference point.
  • the UDM may store subscriber and authentication data for the subscriber (represented by USIM) and may comprise support for generation of 3 GPP authentication credentials, user identification handling, access authorization based on subscription data (e.g. roaming restrictions), serving network function registration, subscription management, without limiting to these functionalities.
  • Authentication credential Repository and Processing Function stores the same long-term key K, as stored in universal SIM (USIM) of a UE used for generating the authentication credentials for authenticating the UE towards PLMN core network.
  • the WD 10 may be configured to operate as a tethering node/device for a tethered device 12, such as a UE.
  • Tethering refers herein generally to sharing of a wireless connection of a tethering device to another (tethered) device connected to the tethering device.
  • the tethering device 10 may comprise one or more other transceivers configured to operate other RAT(s) for local or short-range connectivity, such as a 3GPP new radio access technology (N-RAT) transceiver, a WLAN transceiver, or a Bluetooth transceiver.
  • the transceiver may be controlled to provide a tethering service for the tethered device 12.
  • the WD 10 may be configured to establish a tethering cell 14 via licensed or non- licensed spectrum for the tethered device (TD) 12, referring generally to a local coverage or connectivity area provided by the tethering device (which may in some cases be provided by a non-cellular radio access technology (RAT), e.g. by non-3GPP access).
  • TD tethered device
  • the tethering cell may be provided by a short- range or local area connection, for example.
  • the tethering service may be generated by the same or another transceiver and RAT than the transceiver and RAT applied for communication between the wireless device and the network node.
  • a tethering service for the tethered device 12 is operated on a licensed spectrum.
  • the operator may not be willing to allow the tethering device 10 to activate the tethering service autonomously at any time and location due to potential interference with other cells that are deployed in proximity by the operator on the same licensed spectrum.
  • An improved tethering service establishment procedure has now been developed, in which location-based tethering service needs to be authorized by network, on the basis of location-dependent authentication token. The procedure facilitates improved interference management. For example, a network operator is better able to control and manage the activation of the tethering services on a licensed spectrum in certain location, during preferred time periods, and with certain configurations.
  • Figure 2 illustrates a method for tethering service establishment and authorization according to some embodiments.
  • the method may be applied by an apparatus or wireless device configured to operate as a tethering device, such by the wireless device 10, or a controller or module thereof.
  • the method comprises receiving 210 a tethering authentication configuration from a network node, such as a node of the AN 20 or CN 30 (e.g. configured to perform the network function 34).
  • the tethering authentication configuration refers generally to configuration information for at least generating an authentication token by the requesting wireless device for tethering service authorization by an authorizing network.
  • the tethering authentication configuration may comprise location related or dependent information for authorizing location dependent or specific tethering service for the wireless device.
  • An authentication token is generated 220 on the basis of the authentication configuration and location information indicative of current location of the wireless device, configured to operate as a tethering node.
  • the location information may be received from locally accessible memory, such a cell id of the currently registered cell 24 or a neighboring cell of the WD 10, or from a positioning sensor, such as a Global Positioning Service (GPS) sensor.
  • GPS Global Positioning Service
  • the authentication token is for authorizing a tethering service requested by the wireless device and may also be referred to as tethering service authentication token.
  • the authentication token may thus be location-specific, and may be generated on the basis of current location of the wireless device as an input to an authentication token generation algorithm or unit. Also other inputs may be used, in accordance with the tethering authentication configuration and/or other control parameters, such as current time.
  • a request message comprising the authentication token is transmitted 230 to the network node for authorizing a tethering service for one or more tethered devices.
  • a session for the tethering service is established 240 for the one or more tethered devices in response to a response message from the network node indicative of (successfully performed) authorization of the tethering service.
  • the WD 10 may proceed with establishment of PDU session with the core network 30 to be applied at least for data transfer of the tethered device 12. The WD 10 may further continue with or establish local data transfer session to provide the tethering cell for the tethered device 12.
  • Figure 3 illustrates a method for tethering service establishment and authorization according to some embodiments.
  • the method may be applied by an apparatus controlling a tethering service, such by (an access or core) network function or node of a mobile network, or a controller or module thereof.
  • the method comprises transmitting 310 a tethering authentication configuration to a wireless device, such as the WD 10 performing the method of Figure 2.
  • the tethering authentication configuration may be provisioned to the wireless device e.g. upon attaching to the network (AN and/or CN) or upon another trigger, such as a request from the wireless device.
  • a request message comprising an authentication token for authorizing a tethering service for one or more tethered devices is received 320 from the wireless device.
  • the authentication token is based on the authentication configuration and location information indicative of current location of the wireless device configured to operate as a tethering node for the one or more tethered devices.
  • Authorization of the tethering service is performed 330 on the basis of the received authentication token.
  • the authorization may be performed in accordance with policy and/or rules configured in the network node and associated with the authentication configuration.
  • a response message indicative of authorization of the tethering service is transmitted 340 to the wireless device.
  • block 210 may be preceded with a tethering request from a device to be tethered, which may trigger the wireless device requesting for the tethering authentication configuration.
  • tethering request may be received between blocks 210 and 220 or between blocks 220 and 230.
  • the authorization based on the authentication token may be unsuccessful or rejected, for example due failed checking or verification of the authentication token or based on the network (load) status in proximity to the location of the wireless device.
  • the network node may thus in block 340 transmit a response message indicative of rejection of the request.
  • the wireless device does not activate the tethering service as requested in its current location.
  • the wireless device thus does not proceed to block 240 and with the establishment of the tethering service, but may instead indicate refusal of the tethering service to the other device 12.
  • the method thus enables location-dependent tethering service and authorization thereof.
  • location-dependent tethering service and authorization thereof.
  • the WD 10 may receive a tethering request 402 from a tethered device TD 12.
  • the tethering wireless device 10 may generate 404 the tethering authentication token based on the authentication configuration 400 received from a network node and real-time location information of the wireless device.
  • the wireless device may transmit 230 the authentication token to the network node when it requests the tethering service, e.g. by a tethering authorization request message 406.
  • the network node of the presently disclosed embodiments may be AUSF, AMF, or SMF.
  • the tethering authentication configuration 400 may be provided 210, 310 to the WD during UE registration procedure, for example.
  • the tethering authentication request 406 and response 410 may be included in PDU session establishment messages, such as PDU session establishment request from UE (via RAN) and further to AMF and PDU session establishment accept from the AMF.
  • the network may alternatively be some other appropriately configured network node or network function, and the tethering related information may be included in some other new or already message between an UE and mobile network node.
  • the network node may perform authorization 408 of the requested tethering service on the basis of the received authentication token.
  • the network node may derive location information of the tethering wireless device on the basis of the received authentication token.
  • the derived location information may be applied to determine whether the tethering authorization request should be accepted or rejected.
  • the tethering service may be allowed in certain geographical areas and/or cells of the mobile network, but denied in certain other areas and/or cells.
  • the network node may maintain location- dependent tethering service authorization control information which is applied in block 330, 408 to determine if the received request is approved or rejected.
  • Such control information may be tethering-service specific and/or specific to a set of (tethering or tethered) wireless devices.
  • the tethering service authorization control information may be dynamically adapted, in some embodiments on the basis of network status, predefined configuration parameters, authorized operator input, and/or other affecting parameters.
  • the WD 10 may be cryptographically authenticated by the network node before entering block 330, to verify an identity of the WD (or a subscriber using the WD). Such authentication may be performed already in connection with registering or attaching to the wireless network 20, 30 or the network node. Such authentication may be applied as a precondition for transmitting the tethering authentication configuration to the WD.
  • 3GPP 4G or 5G AKA procedure may be applied to authenticate the UE comprising universal subscriber identity module (USIM) application with appropriate credentials for the authentication.
  • USIM universal subscriber identity module
  • Lower-layer security procedures including also encryption over the radio interface
  • the network node may receive location information of the wireless device applied in connection with the authorization 330, 408 outside the request message 320, 406 and the authentication token.
  • the network node may receive cell ID information of the current cell originating from a gNB or eNB of the AN 20.
  • the WD 10 may report its location to the network node separately from the authentication token and/or the request message 230, 406.
  • the network node may transmit a tethering authorization response 410. If the tethering service is authorized, the WD 10 may establish a tethering session 412 with the tethered device.
  • the WD may also establish a data transfer session with the network node or another entity of the network configured to provide a data transfer service for a tethering wireless device (not shown).
  • a location-dependent tethering cell may be configured by the wireless device 10 for the tethered device(s) 12 in accordance with the location-dependent authorization, on the basis of the information in the tethering authentication configuration and/or the response message.
  • the tethering wireless device may be enabled, with different tethering service identifiers or authentication tokens, to set up tethering cells dependent on the authorization(s) that it holds for different locations or types of locations.
  • Providing tethering service authorization based on location not only has the advantage of making sure that an end-user-deployed node is not disturbing cell planning, e.g. for HeNB, but it also allows to provide different service levels to end users wishing to set up cells. For example, some users might want or be permitted to operate larger cells for more users in many places all the time, while other users may want or be permitted to tether only a single device in specific locations at specific times.
  • the authorization of the ongoing tethering service needs to be refreshed or re performed.
  • the network node and/or wireless device 10 may be configured to perform re authorization of the tethering service in response to reaching a threshold trigger, such as a predefined time interval and/or location distance threshold value.
  • the tethering wireless device 10 may be requested/configured to update or refresh its authentication token periodically, or this may be triggered by an event, to allow the network node to determine whether the tethering service can be continued or not.
  • the updating may be performed, and the new/updated authentication token generated similarly and on the basis of the same (or reconfigured information) as for the initial authorization.
  • a tethering service lifetime may be configured in the wireless device 10 or the network node, e.g. configured to perform the NF 34.
  • the wireless device 10 may be configured to generate a new authentication token upon reaching a threshold value for authentication token update or refreshment, which may be associated with the tethering service lifetime.
  • the wireless device 10 may transmit a tethering service re-establishment or refreshment request with the new authentication token to the network node upon such internal trigger, or the network node (or another network entity) may trigger this by a re establishment or refreshment request.
  • the network node transmits to the wireless device a security configuration for the tethering service in response to the tethering service authorization.
  • the security configuration may be included in the response message 240, 340, 410, or transmitted separately.
  • the security configuration may comprise parameters affecting or for controlling security level of the tethering service.
  • the security configuration indicates timing for the wireless device to update or refresh the authentication token to the network node.
  • the security configuration may configure a pattern for the tethering wireless device to connect the network node for refreshing the tethering service authorization by a new authentication token, for example.
  • the tethering authentication configuration comprises an authentication token generator or a reference to an authentication token generator.
  • the wireless device 10 may apply the authentication token generator to generate 220 the authentication token based on the real-time location information.
  • the authentication token generator may, alternatively or in addition to generating the (initial) authentication token, be applied for refreshing or updating the tethering service authorization.
  • the new authentication token generated from updated authentication token generator may be needed when the tethering service authorization is refreshed based on e.g. a refreshment pattern configured by the tethering authentication configuration.
  • the authorization may thus terminate and may need to be re-established.
  • the authorization may be valid for a predetermined geographical area and/or for a predetermined time period.
  • the tethering service may be authorized in one or more cells, e.g. the coverage area 24 of the node 22.
  • the tethering authentication configuration (or the security configuration) may comprise authorization validity information, such parameter(s) indicative of the geographical area and/or time.
  • such spatial and/or temporal parameter(s) may be determined in block 330, 408 and included the response message 240, 340, 410.
  • the wireless device may provide the tethering service on the basis (and within the limits) of the authorization validity information, and may terminate the tethering service upon a termination condition being met, e.g. upon changing to another cell.
  • the wireless device may be configured or triggered to refresh or re-establish the tethering service via the new cell and with a new authentication token. It may also be possible that new or updated tethering authentication configuration is provided to the wireless device upon change of cell or another trigger to reconfigure the authentication configuration.
  • the response messages of block 240 and 340 may, in addition to (or instead of) the tethering authentication configuration, comprise tethering authorization validity information, such as parameter(s) indicative of the geographical area, time and/or other conditions set for the tethering service by the network node.
  • the tethering wireless device 10 is adapted to control the tethering service in accordance with such received parameter(s).
  • Such parameter(s) may be comprised by the above-indicated security configuration.
  • the authentication token may be indicative of, or comprise a tethering service identifier dependent on the current location of the wireless device 10.
  • the tethering service identifier may be an identifier indicative of or dependent on a network slice.
  • the authentication token may be generated on the basis of time information by the wireless device.
  • the authentication token comprises, or is generated on the basis of a time stamp.
  • the authentication token may be based on information on a serving cell and/or one or more neighbouring cell(s) of the wireless device, such as the cell 14 provided by a local wireless connection by the WD 10.
  • the authentication token may be generated based a cell identifier and/or received signal level(s) of serving and/or neighbouring cells.
  • the request may comprise, or the authentication token may be based on information on a serving cell, such as cell 24 provided by the network node 22, a tethering cell, such as the cell 14 provided by a local wireless connection by the WD 10, and/or the neighbouring cell(s).
  • the authentication token may be indicative of identifier and/or properties of the serving cell, the tethering cell, and/or the neighbouring cell(s).
  • the authentication token is based on received signal level in the tethering cell and/or indication on if the tethering cell is open or closed.
  • the (tethering) wireless device 10 is connected to the network node via a first radio access technology, and the authentication token is generated on the basis of information of one or more other wireless devices connected by the wireless device by a second radio access technology, such as WLAN, BT, or LTE/NR sidelink.
  • the authentication token may be generated based on identifier(s) or properties of such other wireless device(s) known by the network node, e.g. 3GPP UEs, connected to the WD 10, e.g. based on one or more of a name, address, and location of the other wireless device(s).
  • the authentication token is generated on the basis of RF ID checkpoint information received by the wireless device.
  • RF ID checkpoint information there may be an RF transmitter, fixed or mobile, operating as a checkpoint deployed to transmit the radio signal with a certain identifier.
  • a predetermined radio signal sequence is transmitted by the RF-ID checkpoint.
  • the tethering wireless device may be configured to derive the authentication token on the basis of information indicated by the signal as received from the detected RF-ID checkpoint.
  • the tethering wireless device may be configured to generate the authentication token only if the configured RF-ID checkpoint(s) can be detected.
  • the network node detects a need for reconfiguring the tethering authentication configuration for the wireless device 10 on the basis of the authentication token.
  • the network node may, upon detecting the need for reconfiguration, determine an updated tethering authentication configuration for the wireless device, and transmit the updated tethering authentication configuration to the wireless device.
  • the network node may identify, e.g. based on the authentication token and/or (updated) location information after the authentication token received from the wireless device that the location of the wireless device has changed, and then provide the reconfiguration of the tethering authentication configuration.
  • Such reconfiguration may be a new configuration data element associated with the new location area of the wireless device, for example.
  • the network node may provide the reconfiguration of the tethering authentication configuration every time when the configured authentication token generator has been used to generate the authentication token.
  • the wireless device may store the updated tethering authentication configuration and control the tethering service in accordance with parameters, e.g. adapt the lifetime of the tethering service and/or updating of the authentication token.
  • the authentication configuration comprises indication(s) of type(s) of input(s) for generating the authentication token.
  • the wireless device may in block 220 select the input(s) for an authentication token generator accordingly.
  • the network node may determine to receive location coordinates information instead of cell identifier.
  • the tethering authentication configuration may comprise location-specific mapping information or a table.
  • the authentication configuration comprises a set of location area indicators mapped with service identifiers.
  • Table 1 illustrates a simple example of providing mapping between location- dependent tethering services and associated location areas.
  • the location areas may be defined by coordinates ranges (altitudes and latitudes) and/or cell identifier, for example. It is to be noted that further configuration information may be provided for each tethering service, such as some of the presently disclosed further configuration parameters.
  • the authentication token generator in the wireless device 10 may be configured to generate the authentication token using current location of the wireless device 10 as an input and define a tethering service ID (which may be part of the authentication token) corresponding to a location area entry in Table 1 matching with the current location of the wireless device 10.
  • the tethering service ID may be applied by the network node to authorize and/or authenticate tethering services of different tethering service type and/or tethering configuration.
  • tethering services may be differentiated on the basis of one or more of tethering cell size, maximum number of tethered devices that can be supported, and type of services the tethering service can offer.
  • Such tethering service properties information may be included in the request message 230, 320, 406 or derived based on the authentication token or the service ID.
  • the network node is configured to perform authorization 330, 408 of the tethering service request on the basis of information of other tethering services.
  • the network node may, on the basis of the location information received in the request message, check if there are other active tethering services in proximity to the wireless device 10.
  • the network node may transmit a rejection response message to the wireless device.
  • the wireless device 10 may in the (tethering service/authorization) request message in block 230, 320, 406 (or in a tethering service update or refreshment request) indicate one or more connected other wireless devices, e.g. the device 12, either via a tethering connection or via other RATs, such as WLAN, LTE/NR, or Bluetooth.
  • the network node may, on the basis of this identification information, coordinate the connected devices’ information, such as their location and/or type of services, to determine whether to accept or reject the tethering service activation or refreshment.
  • the network node may transmit a rejection response message, which may be indicative of a tethering service rejection reason and also comprise further associated information.
  • the rejection response message may comprise identification information of one or more other tethering nodes in the proximity to the wireless device.
  • the wireless device may, instead of entering block 240, transmit the identification information to the device 12 being tethered, which may then request tethering service from the identified tethering node.
  • the tethered device(s), such as the device 12 comprises or generates an authentication token, which may be transmitted to the network node for authorization, in the request message 230, 320, 406, or separately.
  • Authorization in block 330, 408 of such further or second authentication or identification token may be required in order to accept the requested tethering service.
  • the tethering wireless device 10 determines permissible maximal cell power during the procedure of activation or refreshment of the tethering service.
  • the wireless device may be pre-provisioned in the tethering authentication configuration by geographical map information which allows matching location areas (with authentication tokens or tethering service identifiers) and maximum allowed transmit powers. The wireless device may then accordingly control its transmission power, to not exceed the maximum power associated with the current location area, for the tethering service (and cell 14). Adjusting maximum transmit powers is useful in scenarios where in some locations it can be expected that more users are active than in other areas.
  • network functions or nodes illustrated above may be shared between two physically separate devices forming one operational entity.
  • virtual networking may involve a process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network.
  • Network virtualization may involve platform virtualization, often combined with resource virtualization.
  • Network virtualization may be categorized as external virtual networking which combines many networks, or parts of networks, into the server computer or the host computer. External network virtualization is targeted to optimized network sharing. Another category is internal virtual networking, which provides network-like functionality to the software containers on a single system.
  • An electronic device comprising electronic circuitries may be an apparatus for realizing at least some embodiments of the present invention.
  • the apparatus may be or may comprise a computer, a laptop, a tablet computer, a cellular phone, a machine to machine (M2M) or an IoT device, a PLMN or NPN access or core network node or any other apparatus provided with mobile communication capability.
  • M2M machine to machine
  • IoT device a PLMN or NPN access or core network node or any other apparatus provided with mobile communication capability.
  • the apparatus carrying out the above-described functionalities is comprised in such a device, e.g. the apparatus may comprise a circuitry, such as a chip, a chipset, a microcontroller, or a combination of such circuitries in any one of the above-described devices.
  • circuitry may refer to one or more or all of the following:
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a wireless device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • Figure 5 illustrates an example apparatus capable of supporting at least some embodiments.
  • a device 500 which may comprise a communications device configured to operate as the wireless device 10 or a node of AN 20 or CN 30, for example.
  • the device may include one or more controllers configured to perform operations in accordance with at least some of the embodiments illustrated above, such as some or more of the features illustrated above in connection with Figures 2 to 4.
  • the device may be configured to operate as the apparatus configured to carry out the method of Figure 2 or 3.
  • a processor 502 which may comprise, for example, a single- or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core.
  • the processor 502 may comprise more than one processor.
  • the processor may comprise at least one application- specific integrated circuit, ASIC.
  • the processor may comprise at least one field-programmable gate array, FPGA.
  • the processor may be means for performing method steps in the device.
  • the processor may be configured, at least in part by computer instructions, to perform actions.
  • the device 500 may comprise memory 504.
  • the memory may comprise random- access memory and/or permanent memory.
  • the memory may comprise at least one RAM chip.
  • the memory may comprise solid-state, magnetic, optical and/or holographic memory, for example.
  • the memory may be at least in part comprised in the processor 502.
  • the memory 504 may be means for storing information.
  • the memory may comprise computer instructions that the processor is configured to execute. When computer instructions configured to cause the processor to perform certain actions are stored in the memory, and the device in overall is configured to run under the direction of the processor using computer instructions from the memory, the processor and/or its at least one processing core may be considered to be configured to perform said certain actions.
  • the memory may be at least in part comprised in the processor.
  • the memory may be at least in part external to the device 500 but accessible to the device. For example, input parameters and control parameters affecting operations related to above-illustrated authentication token generation and/or tethering service authorization may be stored in one or more portions of the memory and used to control operation of
  • the device 500 may comprise a transmitter 506.
  • the device may comprise a receiver 508.
  • the transmitter and the receiver may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard.
  • the transmiter may comprise more than one transmitter.
  • the receiver may comprise more than one receiver.
  • the transmitter and/or receiver may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, long term evolution, LTE, 3GPP new radio access technology (N-RAT), IS-95, wireless local area network, WLAN, and/or Ethernet standards, for example.
  • the device 500 may comprise a near-field communication, NFC, transceiver 510.
  • the NFC transceiver may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies.
  • the device 500 may comprise user interface, UI, 512.
  • the UI may comprise at least one of a display, a keyboard, a touchscreen, a vibrator arranged to signal to a user by causing the device to vibrate, a speaker and a microphone.
  • a user may be able to operate the device via the UI, for example to accept incoming telephone calls, to originate telephone calls or video calls, to browse the Internet, to manage digital files stored in the memory 504 or on a cloud accessible via the transmitter 506 and the receiver 508, or via the NFC transceiver 510, and/or to configured control parameters of the device.
  • the device 500 may comprise or be arranged to accept a module 514.
  • the module may comprise, for example, a subscriber identity module, SIM, card or another type of memory or cryptographic module installable in the device 500.
  • the module 514 may comprise information identifying a subscription of a user of device 500.
  • the user identity module 514 may comprise cryptographic information usable to verify the identity of a user of device 500 and/or to facilitate authentication and/or encryption of communicated information.
  • the processor 502 may be furnished with a transmitter arranged to output information from the processor, via electrical leads internal to the device 500, to other devices comprised in the device.
  • a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 504 for storage therein.
  • the transmitter may comprise a parallel bus transmiter.
  • the processor may comprise a receiver arranged to receive information in the processor, via electrical leads internal to the device 500, from other devices comprised in the device 500.
  • a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from the receiver 508 for processing in the processor.
  • the receiver may comprise a parallel bus receiver.
  • the device 500 may comprise further devices not illustrated in Figure 5.
  • the device may comprise at least one digital camera.
  • the device may comprise one or more sensors, such as a sensor for positioning the device for obtaining the location information in some embodiments, e.g. a GPS sensor, an environment sensor or a fingerprint sensor arranged to authenticate, at least in part, a user of the device.
  • the device lacks at least one device described above.
  • some devices may lack the NFC transceiver 510, a display/UI 512, and/or the user identity module 514.
  • the processor 502, the memory 504, the transmitter 506, the receiver 508, the NFC transceiver 510, the UI 512 and/or the user identity module 514 may be interconnected by electrical leads internal to the device 500 in a multitude of different ways.
  • each of the aforementioned devices may be separately connected to a master bus internal to the device, to allow for the devices to exchange information.
  • this is only one example and depending on the embodiment various ways of interconnecting at least two of the aforementioned devices may be selected without departing from the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Selon un aspect donné à titre d'exemple de la présente invention, un procédé est décrit qui comprend : la réception d'une configuration d'authentification de fonction modem en provenance d'un nœud de réseau, la génération d'un jeton d'authentification sur la base de la configuration d'authentification et d'informations d'emplacement indiquant l'emplacement actuel du dispositif sans fil configuré pour fonctionner comme nœud à fonction modem, la transmission, au nœud de réseau, d'un message de demande comprenant le jeton d'authentification pour autoriser un service de fonction modem pour un ou plusieurs dispositifs faisant l'objet de la fonction modem, et l'établissement d'une session pour le service de fonction modem pour le ou les dispositifs faisant l'objet de la fonction modem en réponse à un message de réponse provenant du nœud de réseau indiquant l'autorisation du service de fonction modem.
PCT/FI2019/050787 2019-11-06 2019-11-06 Fourniture de service de fonction modem WO2021089903A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/FI2019/050787 WO2021089903A1 (fr) 2019-11-06 2019-11-06 Fourniture de service de fonction modem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2019/050787 WO2021089903A1 (fr) 2019-11-06 2019-11-06 Fourniture de service de fonction modem

Publications (1)

Publication Number Publication Date
WO2021089903A1 true WO2021089903A1 (fr) 2021-05-14

Family

ID=75849564

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2019/050787 WO2021089903A1 (fr) 2019-11-06 2019-11-06 Fourniture de service de fonction modem

Country Status (1)

Country Link
WO (1) WO2021089903A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160149876A1 (en) * 2013-06-28 2016-05-26 Nec Corporation Security for prose group communication
US20170164332A1 (en) * 2014-08-10 2017-06-08 Lg Electronics Inc. Method and device for selecting relay in wireless communication system
US20170272121A1 (en) * 2016-03-15 2017-09-21 Huawei Technologies Co., Ltd. System and method for relaying data over a communication network
US9867220B2 (en) * 2014-07-01 2018-01-09 Microsoft Technology Licensing, Llc Tethering parameters for a tethering connection
US20190110238A1 (en) * 2017-10-05 2019-04-11 Blackberry Limited Authenticating user equipments through relay user equipments

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160149876A1 (en) * 2013-06-28 2016-05-26 Nec Corporation Security for prose group communication
US9867220B2 (en) * 2014-07-01 2018-01-09 Microsoft Technology Licensing, Llc Tethering parameters for a tethering connection
US20170164332A1 (en) * 2014-08-10 2017-06-08 Lg Electronics Inc. Method and device for selecting relay in wireless communication system
US20170272121A1 (en) * 2016-03-15 2017-09-21 Huawei Technologies Co., Ltd. System and method for relaying data over a communication network
US20190110238A1 (en) * 2017-10-05 2019-04-11 Blackberry Limited Authenticating user equipments through relay user equipments

Similar Documents

Publication Publication Date Title
US10932132B1 (en) Efficient authentication and secure communications in private communication systems having non-3GPP and 3GPP access
US11451950B2 (en) Indirect registration method and apparatus
JP6574236B2 (ja) Ueベースのネットワークサブスクリプション管理
US11956626B2 (en) Cryptographic key generation for mobile communications device
WO2021227866A1 (fr) Procédé et appareil d'authentification de réseau, et système
JP7484970B2 (ja) コアネットワーク装置、通信端末、コアネットワーク装置の方法、プログラム、及び通信端末の方法
CN114071452B (zh) 用户签约数据的获取方法及装置
CN113508569A (zh) 用于处理系统信息的方法和节点
WO2019122495A1 (fr) Authentification pour système de communication sans fil
US11576221B2 (en) Systems and methods for network-enabled peer-to-peer communication using multi-access edge computing
CN115412911A (zh) 一种鉴权方法、通信装置和系统
US11343244B2 (en) Method and apparatus for multi-factor verification of a computing device location within a preset geographic area
US20230292115A1 (en) Registering a user equipment to a communication network
US10292187B2 (en) Wireless communication apparatus, server, payment apparatus, wireless communication method, and program
CN113873492A (zh) 一种通信方法以及相关装置
US10051671B2 (en) Terminal device and information processing device
CN115706997A (zh) 授权验证的方法及装置
WO2021089903A1 (fr) Fourniture de service de fonction modem
CN115996378A (zh) 鉴权方法及装置
CN117221884B (zh) 基站系统信息管理方法及系统
CN115320428B (zh) 一种电动汽车充电桩的充电控制方法及装置
US20220264296A1 (en) Enhanced onboarding in cellular communication networks
US11510139B2 (en) AMF node and method thereof
CN116528234B (zh) 一种虚拟机的安全可信验证方法及装置
WO2023147767A1 (fr) Procédé et appareil de vérification de réseau

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19951420

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19951420

Country of ref document: EP

Kind code of ref document: A1