[go: up one dir, main page]

WO2013004905A1 - Trusted wireless local area network access - Google Patents

Trusted wireless local area network access Download PDF

Info

Publication number
WO2013004905A1
WO2013004905A1 PCT/FI2012/050684 FI2012050684W WO2013004905A1 WO 2013004905 A1 WO2013004905 A1 WO 2013004905A1 FI 2012050684 W FI2012050684 W FI 2012050684W WO 2013004905 A1 WO2013004905 A1 WO 2013004905A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
packet data
access point
data network
network gateway
Prior art date
Application number
PCT/FI2012/050684
Other languages
French (fr)
Inventor
Gabor Bajko
Basavaraj Patil
Original Assignee
Nokia Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Corporation filed Critical Nokia Corporation
Publication of WO2013004905A1 publication Critical patent/WO2013004905A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0022Control or signalling for completing the hand-off for data sessions of end-to-end connection for transferring data sessions between adjacent core network technologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • TECHNICAL FIELD The exemplary and non-limiting embodiments of this invention relate generally to wireless communication systems, methods, devices and computer programs and, more specifically, relate to providing trusted wireless local area network access for a user equipment operable in a cellular communications network and in a wifi network.
  • 3G third generation (e.g., GSM cellular)
  • 4G fourth generation (e.g., LTE (long term evolution) cellular)
  • WiFi wireless local area network
  • IEEE Institute of Electrical and Electronics Engineers
  • the PDN connectivity service is provided by an EPS bearer in the case of GTP -based S5/S8, and by an EPS bearer concatenated with IP connectivity between the Serving GW and PDN GW in the case of PMIP-based S5/S8.
  • a problem relates to a need to provide mobility to a 3GPP UE, even when the UE switches from 3G/4G access to wifi access.
  • the wifi AP to which the UE associates needs to set up a GTP/PMIP tunnel to the same APN (PDN-GW) to which the UE was connected while using the 3G/4G access.
  • PDN-GW APN
  • the wifi AP is a 'trusted' anchor point (it has the necessary AAA interface to the home operator's infrastructure) and the AP+PDN-GW infrastructure somehow learns the preferred (currently used) APN address of the UE.
  • 3GPP TS 23.234 deals with the I-WLAN case, where the AP is an 'untrusted' network element, i.e., the UE is not authenticated using IEEE 802. lx but uses IPSec to the GW.
  • the wifi AP is considered to be 'trusted', and thus the UE would authenticate using IEEE 802. lx.
  • the IEEE 802. lx standard manages port-based network access. It basically authenticates devices attached to a local area network (LAN) port by initiating a connection and requesting login details. Access is prevented if authentication fails.
  • IEEE 802. lx provides dynamically varying encryption keys. IEEE 802. lx attaches the EAP to both wired and wireless LAN media, and supports multiple authentication methods.
  • the exemplary embodiments of this invention provide a method that comprises sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point; receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • the exemplary embodiments of this invention provide an apparatus that comprises at least one data processor and at least one memory including computer program code.
  • the at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to send an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point, to receive from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • the exemplary embodiments of this invention provide an apparatus that comprises means for sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; means, responsive to authenticating the user equipment with a home network of the user equipment through the wifi access point, for receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and means for continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • the exemplary embodiments of this invention provide a method that comprises receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network; authenticating the user equipment with a home network of the user equipment through the wifi access point; sending from the access point an identification of the user equipment to the identified packet data network gateway; receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • the exemplary embodiments of this invention provide an apparatus that comprises at least one data processor and at least one memory including computer program code.
  • the at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to receive from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network, to authenticate the user equipment with a home network of the user equipment through the wifi access point; to send from the access point an identification of the user equipment to the identified packet data network gateway; to receive from the identified packet data network gateway an IP address assigned for use by the user equipment; and to inform the user equipment of the assigned IP address and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • the exemplary embodiments of this invention provide an apparatus that comprises means for receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network; means for authenticating the user equipment with a home network of the user equipment through the wifi access point; means for sending from the access point an identification of the user equipment to the identified packet data network gateway; means for receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and means for informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • IP internet protocol
  • Figure 1 depicts a call flow message diagram that illustrates the exemplary embodiments of this invention.
  • Figure 2A is a simplified block diagram of a device or apparatus that can represent any one of the UE, AP, PCRF, PDN-GW, AAA Server and the HSS shown in Figure 1.
  • Figure 2B is a simplified block diagram that shows the UE in greater detail.
  • Figure 2C is a simplified block diagram that shows the AP in greater detail.
  • Figures 3 and 4 are each a logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention.
  • the exemplary embodiments of this invention pertain to making a wifi access as a 'trusted' access from the 3GPP point of view. This involves the UE associating to the WPA2-enabled wifi AP and being able to use its SIM credentials (EAP-SIM, EAP-AKA) to authenticate to the Home Network via the AP, and providing the AP with the preferred APN FQDN (PDN-GW address) where the wifi AP is to set up a GTP/PMIP tunnel.
  • SIM credentials EAP-SIM, EAP-AKA
  • PDN-GW address the preferred APN FQDN
  • FIG. 1 For showing a call flow amongst a UE 10, a trusted WLAN access network 12 (also referred to as the AP 12), a PCRF 14, a PDN-GW 16, an AAA server 18 and a HSS 20 in accordance with the exemplary embodiments of this invention.
  • the UE 10 is connected to some particular PDN- GW 16 via, for example, a 3G or a 4G access system, and is operating with an already assigned IP address. Assume then further that the UE 10 is to handover (HO) to the wifi network. In this case of particular interest to this invention the UE 10 sends its preferred APN address (e.g., an IP address or FQDN of the PDN-GW 16) to the AP 12 in the EAP-REQ (step 2). This can be done, for example, as a vendor specific extension to the EAP-REQ.
  • APN address e.g., an IP address or FQDN of the PDN-GW 16
  • the AP 12 can then subsequently initiate message 3 A to the PDN-GW 16 over the S2a interface. This can be done at any time after the AP 12 receives the message at step 2 from the UE 10. As an implementation dependent feature the AP 12 (as is shown in Figure 1) may wait to send the message 3 A until after it receives message 5 from the AAA server 18 over the STa interface (indicating a successful authentication of the UE 10), although this is not necessary. As shown the authentication / authorization of the UE 10 occurs at step 4, and the result of the authentication / authorization (success/failure) is sent from the AAA server 18 to the AP 12 at step 5.
  • Messages 2 through 8 form a part of the standard IEEE 802. lx procedure and do not interleave with the messages 3A, 3B, 3C.
  • the message exchange at step 1 (ANQP Query, ANQP Response) is performed for the purpose of discovering a roaming partner list by the UE 10. If the PLMN of the UE 10 is not in the returned list the UE 10 will not be able to authenticate with its home network through this particular wifi AP 12.
  • the UE 10 may issue a DHCP Request (step 10) and obtain its IP address from the AP 12 in the step 11 DHCP Response.
  • This IP address originates from the PDN-GW 16 and is received by the AP 12 from the PDN-GW 16 in step 3 C (S2a PMIP BA/GTP Response) .
  • step 3 C is not yet completed by the time the DHCP Request is received by the AP 12 in step 10, then the AP 12 may choose to not answer the DHCP Request (thereby letting the UE DHCP Request time out and causing the DHCP Request to be resent by the UE 10).
  • IP traffic of the UE 10 is now conveyed through the GTP/PMIP tunnel between the previously used PDN-GW 16 (the one used before the hand over from the 3G/4G access network) and the AP 12, and via the secured wifi link between the AP 12 and the UE 10.
  • step 9 when the AP 12 receives the IP address in step 3C it can issue a Unicast RA (step 9) to the UE 10 immediately to inform the UE 10 of the IP address. If the UE 10 receives the Unicast RA it should not then send the DHCP request.
  • the ANQP Response in step 1 may have an indication set to inform the UE 10 whether a stateless (i.e., RA) or a statefull (i.e., DHCP) IP address configuration is in use at the particular AP 12. If the stateless indication is received the UE 10 is informed that it can expect to receive the Unicast RA in Step 9, or it can issue a Router Solicitation in order to receive the RA immediately. If the statefull indication is received the UE 10 is informed that it needs to instead send the DHCP Request in step 10 (and that it will then receive the DHCP Response in step 11).
  • a stateless (i.e., RA) or a statefull (i.e., DHCP) IP address configuration is in use at the particular AP 12. If the stateless indication is received the UE 10 is informed that it can expect to receive the Unicast RA in Step 9, or it can issue a Router Solicitation in order to receive the RA immediately. If the statefull indication is received the UE
  • step 9 the UE 10 generates the DHCP Request in step 10 (step 9 is considered to not be applicable in this case) it can include a new DHCP option in the DHCP Request, where the new DHCP option contains the preferred APN address of the UE 10.
  • the AP 12 receives the preferred APN address it initiates message 3A to the so- identified PDN-GW 16 to obtain the IP address of the UE 10 and set up the appropriate tunnel.
  • the AP 12 obtains the IP address from the PDN-GW in step 3C it can generate the DHCP Response to the UE (stepl 1).
  • the sending of DHCP options in DHCP Requests is a standard DHCP client procedure, and this embodiment of the invention advantageously extends this procedure to send the preferred APN address of the UE 10 to the AP 12.
  • the use of this embodiment implies that the AP 12 obtains the APN address later in time (step 10) than step 2.
  • the AP 12 After initiating message 3 A to the PDN-GW 16 it may take some time to receive message 3C from the PDN-GW 16. This may cause the DHCP Request (step 10) to time out at the UE 10 resulting in the DHCP Request having to be resent, which can result in some delay in configuring the IP wifi interface and having data (IP traffic) to begin flowing once more.
  • the IP address received by the UE 10 in step 9 or step 11 may not be the same IP address that the UE 10 was using when connected via the 3G/4G access network.
  • the PDN-GW 16 may allocate a different IP address and return the different IP address to the AP 12 for use by the UE 10 in the wifi network.
  • the PDN-GW 16 can construct a mapping table that associates the newly allocated IP address with the previous IP address the UE 10 was using while on the 3G/4G network.
  • FIG 2A is a simplified block diagram of a device or apparatus that can represent any one of the UE 10, AP 12, PCRF 14, PDN-GW 16, AAA server 18 and the HSS 20 shown in Figure 1.
  • each of these devices can be assumed to include at least one computer or data processor (DP) 20, at least one non-transitory storage device, e.g., memory (MEM) 22 that stores at least one set of program instructions (PROG) 24 that are executable by the data processor 20.
  • Each device also includes at least one and typically several interfaces (I/Fs) 26 connected with the data processor 20, shown for example as IF 26A and IF26B.
  • I/Fs interfaces
  • both interfaces are wireless interfaces (e.g., radio frequency transmitter/receiver (transceiver) pairs 26A, 26B, where one is configured to communicate with a 3G or 4G radio access network via at least one first antenna Al and one is configured to communicate with the wifi AP 12.
  • wireless interfaces e.g., radio frequency transmitter/receiver (transceiver) pairs 26A, 26B, where one is configured to communicate with a 3G or 4G radio access network via at least one first antenna Al and one is configured to communicate with the wifi AP 12.
  • the AP 12 includes one wireless interface (radio frequency transmitter/receiver (transceiver) pair 26C, that is configured to communicate with the UE 10 via at least one antenna Al and at least one other interface configured to communicate with, for example, the AAA Server 18 (an STa interface, shown as the interface 26A), and the PDN-GW 16 (an S2a interface, shown as the interface 26B).
  • wireless interface radio frequency transmitter/receiver (transceiver) pair 26C
  • the AAA Server 18 an STa interface, shown as the interface 26A
  • PDN-GW 16 an S2a interface, shown as the interface 26B
  • the program 24 is assumed to include program instructions that, when executed by the associated data processor 20, enable the device to operate in accordance with the exemplary embodiments of this invention as was discussed above.
  • the exemplary embodiments of this invention may be implemented at least in part by computer software executable by the data processors 20 of at least the UE 10, the AP 12 and the PDN-GW 16, or by hardware, or by a combination of software and hardware (and firmware).
  • the various embodiments of the UE 10 can include, but are not limited to, cellular phones, smart phones, personal digital assistants (PDAs) having wireless communication capabilities, portable and tablet-based computers having wireless communication capabilities, image capture devices such as digital cameras having wireless communication capabilities, gaming devices having wireless communication capabilities, music storage and playback appliances having wireless communication capabilities, Internet appliances permitting wireless Internet access, as well as portable units or terminals that incorporate combinations of such functions.
  • PDAs personal digital assistants
  • portable and tablet-based computers having wireless communication capabilities
  • image capture devices such as digital cameras having wireless communication capabilities
  • gaming devices having wireless communication capabilities
  • music storage and playback appliances having wireless communication capabilities
  • Internet appliances permitting wireless Internet access, as well as portable units or terminals that incorporate combinations of such functions.
  • the computer-readable memory 22 may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, random access memory, read only memory, programmable read only memory, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory.
  • the data processor 20 may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multi-core processor architectures, as non-limiting examples.
  • the exemplary embodiments of this invention provide a method, apparatus and computer program(s) to enable and enhance the handover of a user equipment from a cellular IP connection to a wifi IP connection.
  • FIG. 3 is a logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention.
  • a method performs, at Block 3 A, a step of sending an identification of a packet data network gateway, that is currently used for sending and receiving IP traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network.
  • a wifi access point associated with a wifi network.
  • Block 3B there is a step of authenticating the user equipment with its Home Network through the wifi access point.
  • Block 3C there is a step of receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway.
  • Block 3D there is a step of continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • FIG. 4 is another logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention.
  • a method performs, at Block 4A, a step of receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving IP traffic by the user equipment via a cellular network.
  • Block 4B there is a step of authenticating the user equipment with its Home Network through the wifi access point.
  • Block 4C there is a step of sending from the access point an identification of the user equipment to the identified packet data network gateway.
  • Block 4D there is a step of receiving from the identified packet data network gateway an IP address assigned for use by the user equipment.
  • receiving from the identified packet data network gateway an IP address assigned for use by the user equipment.
  • receiving from the identified packet data network gateway an IP address assigned for use by the user equipment.
  • receiving from the identified packet data network gateway an IP address assigned for use by the user equipment.
  • receiving from the identified packet data network gateway an IP address assigned for use by the user equipment.
  • Block 4E there is a step of informing the user equipment of the assigned IP address and continuing the sending and receiving IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • the method as in the preceding paragraph further comprising sending the user equipment an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
  • the exemplary embodiments also encompass a non-transitory computer-readable medium that contains software program instructions, where execution of the software program instructions by at least one data processor results in performance of operations that comprise execution of the method of either Figure 3 or Figure 4.
  • FIG. 3 and 4 may be viewed as method steps, and/or as operations that result from operation of computer program code, and/or as a plurality of coupled logic circuit elements constructed to carry out the associated function(s).
  • the exemplary embodiments of this invention also encompass an apparatus that comprises a processor and a memory including computer program code.
  • the memory and computer program code are configured to, with the processor, cause the apparatus at least to send an identification of a packet data network gateway, that is currently used for sending and receiving IP traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; to authenticate the user equipment with its Home Network through the wifi access point, to receive from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway, and to continue the sending and receiving IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • the exemplary embodiments of this invention further encompass another apparatus that comprises a processor and a memory including computer program code.
  • the memory and computer program code are configured to, with the processor, cause the apparatus at least to receive from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving IP traffic by the user equipment via a cellular network; to authenticate the user equipment with its Home Network through the wifi access point, to send from the access point an identification of the user equipment to the identified packet data network gateway; to receive from the identified packet data network gateway an IP address assigned for use by the user equipment; and to inform the user equipment of the assigned IP address and to continue the sending and receiving of the IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
  • the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof.
  • some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto.
  • firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto.
  • While various aspects of the exemplary embodiments of this invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
  • the integrated circuit, or circuits may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor or data processors, a digital signal processor or processors, baseband circuitry and radio frequency circuitry that are configurable so as to operate in accordance with the exemplary embodiments of this invention.
  • connection or coupling means any connection or coupling, either direct or indirect, between two or more elements, and may encompass the presence of one or more intermediate elements between two elements that are “connected” or “coupled” together.
  • the coupling or connection between the elements can be physical, logical, or a combination thereof.
  • two elements may be considered to be “connected” or “coupled” together by the use of one or more wires, cables and/or printed electrical connections, as well as by the use of electromagnetic energy, such as electromagnetic energy having wavelengths in the radio frequency region, the microwave region and the optical (both visible and invisible) region, as several non- limiting and non-exhaustive examples.
  • message types and associated message information elements e.g., ANQP Query, S2a PMIP BU/GTP Create Session, S2a PMIP BA/GTP Response, DHCP Request, DHCP Response, Unicast RA, etc.
  • ANQP Query e.g., S2a PMIP BU/GTP Create Session
  • S2a PMIP BA/GTP Response e.g., DHCP Request, DHCP Response, Unicast RA, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The exemplary embodiments of this invention provide in one aspect a method that includes sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point; receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point. Apparatus for performing the method are also disclosed, as are wireless network methods and apparatus to perform the method.

Description

TRUSTED WIRELESS LOCAL AREA NETWORK ACCESS
TECHNICAL FIELD: The exemplary and non-limiting embodiments of this invention relate generally to wireless communication systems, methods, devices and computer programs and, more specifically, relate to providing trusted wireless local area network access for a user equipment operable in a cellular communications network and in a wifi network. BACKGROUND:
This section is intended to provide a background or context to the invention that is recited in the claims. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented or described. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims in this application and is not admitted to be prior art by inclusion in this section.
The following abbreviations that may be found in the specification and/or the drawing figures are defined as follows:
3 GPP third generation partnership project
3G third generation (e.g., GSM cellular)
4G fourth generation (e.g., LTE (long term evolution) cellular)
AAA authentication, authorization and accounting
AKA authentication and key agreement
ANQP access network query protocol
AP access point
APN access point name
BA binding acknowledgement
BU binding update
DHCP dynamic host configuration protocol (RFC3315)
EAP extensible authentication protocol (RFC3748)
EPC evolved packet core
EPS evolved packet system
FQDN fully qualified domain name
GPRS general packet radio service
GTP GPRS tunneling protocol
GW gateway
HSS home subscriber server
IP internet protocol
IPSec internet protocol security I-WLAN interworking wireless local area network
NAI network access identifier
PBA proxy mobile internet protocol BA
PBU proxy mobile internet protocol BU
PCRF policy and charging rules function
PDN packet data network
PLMN public land mobile network
PMIP proxy mobile internet protocol
PSK pre-shared key
RA router advertisement
S2a interface between PDN-GW and trusted non-3 GPP IP access
STa interface between 3 GPP AAA server and trusted non-3 GPP IP access
SIM subscriber identity module
UE user equipment
WLAN wireless local area network
WPA2 wifi protected access 2 (IEEE 802.1 li)
WiFi (wifi) technology allows an electronic device to exchange data wirelessly (using radio waves) over a computer network, including high-speed Internet connections. WiFi can be considered as being embodied as wireless local area network (WLAN) devices based generally on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 or, more generally, IEEE 802. lx.
For E-UTRAN access to the EPC the PDN connectivity service is provided by an EPS bearer in the case of GTP -based S5/S8, and by an EPS bearer concatenated with IP connectivity between the Serving GW and PDN GW in the case of PMIP-based S5/S8.
A problem relates to a need to provide mobility to a 3GPP UE, even when the UE switches from 3G/4G access to wifi access. In order to accomplish this the wifi AP to which the UE associates needs to set up a GTP/PMIP tunnel to the same APN (PDN-GW) to which the UE was connected while using the 3G/4G access.
However, this is only possible if the wifi AP is a 'trusted' anchor point (it has the necessary AAA interface to the home operator's infrastructure) and the AP+PDN-GW infrastructure somehow learns the preferred (currently used) APN address of the UE.
General reference can be made to 3GPP TS 23.234 VIO.0.0 (2011-03) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3 GPP system to Wireless Local Area Network (WLAN) interworking; System description (Release 10), as well as to 3 GPP TR 23.852 VO.2.0 (2011-05) Technical Report 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on S2a Mobility based On GTP & WLAN access to EPC (SaMOG); Stage 2 (Release 11).
The specification 3GPP TS 23.234 deals with the I-WLAN case, where the AP is an 'untrusted' network element, i.e., the UE is not authenticated using IEEE 802. lx but uses IPSec to the GW. In the technical report 3GPP TR 23.852 the wifi AP is considered to be 'trusted', and thus the UE would authenticate using IEEE 802. lx.
The IEEE 802. lx standard manages port-based network access. It basically authenticates devices attached to a local area network (LAN) port by initiating a connection and requesting login details. Access is prevented if authentication fails. In addition to providing authentication and control of user traffic to a protected network, IEEE 802. lx provides dynamically varying encryption keys. IEEE 802. lx attaches the EAP to both wired and wireless LAN media, and supports multiple authentication methods.
BRIEF SUMMARY OF EXAMPLES OF EMBODIMENTS OF THIS INVENTION:
In one non- limiting aspect thereof the exemplary embodiments of this invention provide a method that comprises sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point; receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
In another non-limiting aspect thereof the exemplary embodiments of this invention provide an apparatus that comprises at least one data processor and at least one memory including computer program code. The at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to send an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point, to receive from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point. In yet another non- limiting aspect thereof the exemplary embodiments of this invention provide an apparatus that comprises means for sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; means, responsive to authenticating the user equipment with a home network of the user equipment through the wifi access point, for receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and means for continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
In another non-limiting aspect thereof the exemplary embodiments of this invention provide a method that comprises receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network; authenticating the user equipment with a home network of the user equipment through the wifi access point; sending from the access point an identification of the user equipment to the identified packet data network gateway; receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
In a still further non-limiting aspect thereof the exemplary embodiments of this invention provide an apparatus that comprises at least one data processor and at least one memory including computer program code. The at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to receive from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network, to authenticate the user equipment with a home network of the user equipment through the wifi access point; to send from the access point an identification of the user equipment to the identified packet data network gateway; to receive from the identified packet data network gateway an IP address assigned for use by the user equipment; and to inform the user equipment of the assigned IP address and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point. In yet one further non-limiting aspect thereof the exemplary embodiments of this invention provide an apparatus that comprises means for receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network; means for authenticating the user equipment with a home network of the user equipment through the wifi access point; means for sending from the access point an identification of the user equipment to the identified packet data network gateway; means for receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and means for informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
BRIEF DESCRIPTION OF THE DRAWINGS:
The foregoing and other aspects of the exemplary embodiments of this invention are made more evident in the following Detailed Description, when read in conjunction with the attached Drawing Figures, wherein:
Figure 1 depicts a call flow message diagram that illustrates the exemplary embodiments of this invention. Figure 2A is a simplified block diagram of a device or apparatus that can represent any one of the UE, AP, PCRF, PDN-GW, AAA Server and the HSS shown in Figure 1.
Figure 2B is a simplified block diagram that shows the UE in greater detail. Figure 2C is a simplified block diagram that shows the AP in greater detail.
Figures 3 and 4 are each a logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention.
DETAILED DESCRIPTION:
The exemplary embodiments of this invention pertain to making a wifi access as a 'trusted' access from the 3GPP point of view. This involves the UE associating to the WPA2-enabled wifi AP and being able to use its SIM credentials (EAP-SIM, EAP-AKA) to authenticate to the Home Network via the AP, and providing the AP with the preferred APN FQDN (PDN-GW address) where the wifi AP is to set up a GTP/PMIP tunnel.
Reference is made to Figure 1 for showing a call flow amongst a UE 10, a trusted WLAN access network 12 (also referred to as the AP 12), a PCRF 14, a PDN-GW 16, an AAA server 18 and a HSS 20 in accordance with the exemplary embodiments of this invention.
In the illustrated call flow it can be assumed that the UE 10 is connected to some particular PDN- GW 16 via, for example, a 3G or a 4G access system, and is operating with an already assigned IP address. Assume then further that the UE 10 is to handover (HO) to the wifi network. In this case of particular interest to this invention the UE 10 sends its preferred APN address (e.g., an IP address or FQDN of the PDN-GW 16) to the AP 12 in the EAP-REQ (step 2). This can be done, for example, as a vendor specific extension to the EAP-REQ.
Once the AP 12 receives the APN address it can then subsequently initiate message 3 A to the PDN-GW 16 over the S2a interface. This can be done at any time after the AP 12 receives the message at step 2 from the UE 10. As an implementation dependent feature the AP 12 (as is shown in Figure 1) may wait to send the message 3 A until after it receives message 5 from the AAA server 18 over the STa interface (indicating a successful authentication of the UE 10), although this is not necessary. As shown the authentication / authorization of the UE 10 occurs at step 4, and the result of the authentication / authorization (success/failure) is sent from the AAA server 18 to the AP 12 at step 5.
Messages 2 through 8 form a part of the standard IEEE 802. lx procedure and do not interleave with the messages 3A, 3B, 3C.
The message exchange at step 1 (ANQP Query, ANQP Response) is performed for the purpose of discovering a roaming partner list by the UE 10. If the PLMN of the UE 10 is not in the returned list the UE 10 will not be able to authenticate with its home network through this particular wifi AP 12.
After the 4 Way Handshake in step 8 and the establishment of the secure wifi connection between the UE 10 and the AP 12 (again, a standard 802. lx procedure), the UE 10 may issue a DHCP Request (step 10) and obtain its IP address from the AP 12 in the step 11 DHCP Response. This IP address originates from the PDN-GW 16 and is received by the AP 12 from the PDN-GW 16 in step 3 C (S2a PMIP BA/GTP Response) . If step 3 C is not yet completed by the time the DHCP Request is received by the AP 12 in step 10, then the AP 12 may choose to not answer the DHCP Request (thereby letting the UE DHCP Request time out and causing the DHCP Request to be resent by the UE 10). The end result is that IP traffic of the UE 10 is now conveyed through the GTP/PMIP tunnel between the previously used PDN-GW 16 (the one used before the hand over from the 3G/4G access network) and the AP 12, and via the secured wifi link between the AP 12 and the UE 10.
Note that when the AP 12 receives the IP address in step 3C it can issue a Unicast RA (step 9) to the UE 10 immediately to inform the UE 10 of the IP address. If the UE 10 receives the Unicast RA it should not then send the DHCP request.
As an enhancement to the foregoing procedures the ANQP Response in step 1 , or the EAP- Success in step 7, may have an indication set to inform the UE 10 whether a stateless (i.e., RA) or a statefull (i.e., DHCP) IP address configuration is in use at the particular AP 12. If the stateless indication is received the UE 10 is informed that it can expect to receive the Unicast RA in Step 9, or it can issue a Router Solicitation in order to receive the RA immediately. If the statefull indication is received the UE 10 is informed that it needs to instead send the DHCP Request in step 10 (and that it will then receive the DHCP Response in step 11). As an alternative embodiment consider the case where messages 1-8 are standard messages and no APN address is sent to the AP 12 in step 2. When the UE 10 generates the DHCP Request in step 10 (step 9 is considered to not be applicable in this case) it can include a new DHCP option in the DHCP Request, where the new DHCP option contains the preferred APN address of the UE 10. Once the AP 12 receives the preferred APN address it initiates message 3A to the so- identified PDN-GW 16 to obtain the IP address of the UE 10 and set up the appropriate tunnel. Once the AP 12 obtains the IP address from the PDN-GW in step 3C it can generate the DHCP Response to the UE (stepl 1). In general the sending of DHCP options in DHCP Requests is a standard DHCP client procedure, and this embodiment of the invention advantageously extends this procedure to send the preferred APN address of the UE 10 to the AP 12. However, the use of this embodiment implies that the AP 12 obtains the APN address later in time (step 10) than step 2. After initiating message 3 A to the PDN-GW 16 it may take some time to receive message 3C from the PDN-GW 16. This may cause the DHCP Request (step 10) to time out at the UE 10 resulting in the DHCP Request having to be resent, which can result in some delay in configuring the IP wifi interface and having data (IP traffic) to begin flowing once more.
It can be noted that the IP address received by the UE 10 in step 9 or step 11 may not be the same IP address that the UE 10 was using when connected via the 3G/4G access network. For example, in step 3B the PDN-GW 16 may allocate a different IP address and return the different IP address to the AP 12 for use by the UE 10 in the wifi network. However, the PDN-GW 16 can construct a mapping table that associates the newly allocated IP address with the previous IP address the UE 10 was using while on the 3G/4G network.
Figure 2A is a simplified block diagram of a device or apparatus that can represent any one of the UE 10, AP 12, PCRF 14, PDN-GW 16, AAA server 18 and the HSS 20 shown in Figure 1. Basically, each of these devices can be assumed to include at least one computer or data processor (DP) 20, at least one non-transitory storage device, e.g., memory (MEM) 22 that stores at least one set of program instructions (PROG) 24 that are executable by the data processor 20. Each device also includes at least one and typically several interfaces (I/Fs) 26 connected with the data processor 20, shown for example as IF 26A and IF26B. For example, and as is shown in Figure 2B , for the UE 10 both interfaces are wireless interfaces (e.g., radio frequency transmitter/receiver (transceiver) pairs 26A, 26B, where one is configured to communicate with a 3G or 4G radio access network via at least one first antenna Al and one is configured to communicate with the wifi AP 12. via at least one second antenna A2 Also by example, and as is shown in Figure 2C, the AP 12 includes one wireless interface (radio frequency transmitter/receiver (transceiver) pair 26C, that is configured to communicate with the UE 10 via at least one antenna Al and at least one other interface configured to communicate with, for example, the AAA Server 18 (an STa interface, shown as the interface 26A), and the PDN-GW 16 (an S2a interface, shown as the interface 26B).
The program 24 is assumed to include program instructions that, when executed by the associated data processor 20, enable the device to operate in accordance with the exemplary embodiments of this invention as was discussed above. In general, the exemplary embodiments of this invention may be implemented at least in part by computer software executable by the data processors 20 of at least the UE 10, the AP 12 and the PDN-GW 16, or by hardware, or by a combination of software and hardware (and firmware).
The various embodiments of the UE 10 can include, but are not limited to, cellular phones, smart phones, personal digital assistants (PDAs) having wireless communication capabilities, portable and tablet-based computers having wireless communication capabilities, image capture devices such as digital cameras having wireless communication capabilities, gaming devices having wireless communication capabilities, music storage and playback appliances having wireless communication capabilities, Internet appliances permitting wireless Internet access, as well as portable units or terminals that incorporate combinations of such functions.
The computer-readable memory 22 may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory devices, random access memory, read only memory, programmable read only memory, flash memory, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processor 20 may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multi-core processor architectures, as non-limiting examples.
The various data processors, memories, programs, transceivers and interfaces depicted in Figures 2A. 2B and 2C can all be considered to represent means for performing operations and functions that implement the several non-limiting aspects and embodiments of this invention. Further, it should be appreciated that the several devices, components, sub-systems and the like depicted in Figures 2A, 2B and 2C, separately and in combination, may be viewed as representing various means for implementing the exemplary embodiments of this invention. It should also be appreciated the details of the construction of these various devices can vary widely and, in many cases, can be implementation- specific.
Based on the foregoing it should be apparent that the exemplary embodiments of this invention provide a method, apparatus and computer program(s) to enable and enhance the handover of a user equipment from a cellular IP connection to a wifi IP connection.
Figure 3 is a logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention. In accordance with these exemplary embodiments a method performs, at Block 3 A, a step of sending an identification of a packet data network gateway, that is currently used for sending and receiving IP traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network. At Block 3B there is a step of authenticating the user equipment with its Home Network through the wifi access point. At Block 3C there is a step of receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway. At Block 3D there is a step of continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
The method as shown in Figure 3, where the identification of a packet data network gateway is sent in an EAP-Request/Response/Identity message sent from the user equipment. The method as shown in Figure 3, where the identification of the packet data network gateway is sent in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
The method as shown in Figure 3, where the IP address is received from the wifi access point in a unicast router advertisement, or where the IP address is received from the wifi access point in a dynamic host configuration protocol response received after sending a dynamic host configuration protocol request to the wifi access point.
The method as in the preceding paragraph, where the user equipment receives from the wifi access point an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
Figure 4 is another logic flow diagram that illustrates the operation of a method, and a result of execution of computer program instructions, in accordance with the exemplary embodiments of this invention. In accordance with these exemplary embodiments a method performs, at Block 4A, a step of receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving IP traffic by the user equipment via a cellular network. At Block 4B there is a step of authenticating the user equipment with its Home Network through the wifi access point. At Block 4C there is a step of sending from the access point an identification of the user equipment to the identified packet data network gateway. At Block 4D there is a step of receiving from the identified packet data network gateway an IP address assigned for use by the user equipment. At Block 4E there is a step of informing the user equipment of the assigned IP address and continuing the sending and receiving IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point. The method as shown in Figure 4, where the identification of a packet data network gateway is received in an EAP-Request/Response/Identity message sent from the user equipment.
The method as shown in Figure 4, where the identification of the packet data network gateway is received in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
The method as shown in Figure 4, where the user equipment is informed of the assigned IP address in a unicast router advertisement or in a dynamic host configuration protocol response sent after receiving a dynamic host configuration protocol request from the user equipment.
The method as in the preceding paragraph, further comprising sending the user equipment an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
The method as shown in Figure 4, where the identification of a packet data network gateway is sent to the identified packet data network gateway in an S2a PMIP BU/GTP Create Session message, and where the IP address assigned for use by the user equipment is received from the identified packet data network gateway in an S2a PMIP BA/GTP Response message.
The exemplary embodiments also encompass a non-transitory computer-readable medium that contains software program instructions, where execution of the software program instructions by at least one data processor results in performance of operations that comprise execution of the method of either Figure 3 or Figure 4.
The various blocks shown in Figures 3 and 4 may be viewed as method steps, and/or as operations that result from operation of computer program code, and/or as a plurality of coupled logic circuit elements constructed to carry out the associated function(s). As such, the exemplary embodiments of this invention also encompass an apparatus that comprises a processor and a memory including computer program code. The memory and computer program code are configured to, with the processor, cause the apparatus at least to send an identification of a packet data network gateway, that is currently used for sending and receiving IP traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; to authenticate the user equipment with its Home Network through the wifi access point, to receive from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway, and to continue the sending and receiving IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
The exemplary embodiments of this invention further encompass another apparatus that comprises a processor and a memory including computer program code. The memory and computer program code are configured to, with the processor, cause the apparatus at least to receive from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving IP traffic by the user equipment via a cellular network; to authenticate the user equipment with its Home Network through the wifi access point, to send from the access point an identification of the user equipment to the identified packet data network gateway; to receive from the identified packet data network gateway an IP address assigned for use by the user equipment; and to inform the user equipment of the assigned IP address and to continue the sending and receiving of the IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
In general, the various exemplary embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. For example, some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although the invention is not limited thereto. While various aspects of the exemplary embodiments of this invention may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
It should thus be appreciated that at least some aspects of the exemplary embodiments of the inventions may be practiced in various components such as integrated circuit chips and modules, and that the exemplary embodiments of this invention may be realized in an apparatus that is embodied as an integrated circuit. The integrated circuit, or circuits, may comprise circuitry (as well as possibly firmware) for embodying at least one or more of a data processor or data processors, a digital signal processor or processors, baseband circuitry and radio frequency circuitry that are configurable so as to operate in accordance with the exemplary embodiments of this invention.
Various modifications and adaptations to the foregoing exemplary embodiments of this invention may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings. However, any and all modifications will still fall within the scope of the non-limiting and exemplary embodiments of this invention.
For example, while the exemplary embodiments have been described above in the context of certain types of standardized systems, e.g., IEEE 802. lx and WPA2 (IEEE 802.1 li), it should be appreciated that the exemplary embodiments of this invention are not limited for use with only these particular types of wireless communication standards. It should be noted that the terms "connected," "coupled," or any variant thereof, mean any connection or coupling, either direct or indirect, between two or more elements, and may encompass the presence of one or more intermediate elements between two elements that are "connected" or "coupled" together. The coupling or connection between the elements can be physical, logical, or a combination thereof. As employed herein two elements may be considered to be "connected" or "coupled" together by the use of one or more wires, cables and/or printed electrical connections, as well as by the use of electromagnetic energy, such as electromagnetic energy having wavelengths in the radio frequency region, the microwave region and the optical (both visible and invisible) region, as several non- limiting and non-exhaustive examples.
Further, the various names used for the described message types and associated message information elements (e.g., ANQP Query, S2a PMIP BU/GTP Create Session, S2a PMIP BA/GTP Response, DHCP Request, DHCP Response, Unicast RA, etc.) not intended to be limiting in any respect, as these message types and associated message information elements may be identified by any suitable names.
Furthermore, some of the features of the various non- limiting and exemplary embodiments of this invention may be used to advantage without the corresponding use of other features. As such, the foregoing description should be considered as merely illustrative of the principles, teachings and exemplary embodiments of this invention, and not in limitation thereof.

Claims

What is claimed is: 1. A method comprising:
sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network;
in response to authenticating the user equipment with a home network of the user equipment through the wifi access point;
receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and
continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
2. The method of claim 1 , where the identification of a packet data network gateway is sent in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
3. The method of claim 1 , where the identification of the packet data network gateway is sent in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
4. The method as in any one of claims 1-3, where the IP address is received from the wifi access point in a unicast router advertisement.
5. The method as in claim 3, where the IP address is received from the wifi access point in a dynamic host configuration protocol response received after sending the dynamic host configuration protocol request to the wifi access point.
6. The method as in any one of claims 4 and 5, where the user equipment receives from the wifi access point an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
7. A non-transitory computer-readable medium that contains software program instructions, where execution of the software program instructions by at least one data processor results in performance of operations that comprise execution of the method of any one of claims 1-6.
8. An apparatus, comprising:
at least one data processor; and at least one memory including computer program code, where the at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to send an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network; in response to authenticating the user equipment with a home network of the user equipment through the wifi access point, to receive from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
9. The apparatus as in claim 8, where the identification of a packet data network gateway is sent in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
10. The apparatus as in claim 8, where the identification of the packet data network gateway is sent in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
11. The apparatus as in any one of claims 8-10, where the IP address is received from the wifi access point in a unicast router advertisement.
12. The apparatus as in claim 10, where the IP address is received from the wifi access point in a dynamic host configuration protocol response received after sending the dynamic host configuration protocol request to the wifi access point.
13. The apparatus as in any one of claims 11 and 12, where the user equipment receives from the wifi access point an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
14. An apparatus, comprising:
means for sending an identification of a packet data network gateway, that is currently used for sending and receiving internet protocol (IP) traffic by a user equipment via a cellular network, to a wifi access point associated with a wifi network;
means, responsive to authenticating the user equipment with a home network of the user equipment through the wifi access point, for receiving from the access point an IP address that is assigned to the user equipment by the identified packet data network gateway; and
means for continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
15. The apparatus of claim 14, where the identification of a packet data network gateway is sent in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
16. The apparatus of claim 14, where the identification of the packet data network gateway is sent in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
17. The apparatus as in any one of claims 14-16, where the IP address is received from the wifi access point in a unicast router advertisement.
18. The apparatus as in claim 16, where the IP address is received from the wifi access point in a dynamic host configuration protocol response received after sending the dynamic host configuration protocol request to the wifi access point.
19. The apparatus as in any one of claims 17 and 18, where the means for receiving receives from the wifi access point an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
20. A method, comprising:
receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network;
authenticating the user equipment with a home network of the user equipment through the wifi access point;
sending from the access point an identification of the user equipment to the identified packet data network gateway;
receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and
informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
21. The method as in claim 20, where the identification of a packet data network gateway is received in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
22. The method as in claim 20, where the identification of the packet data network gateway is received in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
23. The method as in any of claims 20-22, where the user equipment is informed of the assigned IP address in a unicast router advertisement.
24. The method as in any of claims 20-22, where the user equipment is informed of the assigned IP address in a dynamic host configuration protocol response sent after receiving a dynamic host configuration protocol request from the user equipment.
25. The method as in any of claims 20-22, further comprising sending the user equipment an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
26. The method as in claim 20, where the identification of a packet data network gateway is sent to the identified packet data network gateway in an S2a PMIP BU/GTP Create Session message, and where the IP address assigned for use by the user equipment is received from the identified packet data network gateway in an S2a PMIP BA/GTP Response message.
27. A non-transitory computer-readable medium that contains software program instructions, where execution of the software program instructions by at least one data processor results in performance of operations that comprise execution of the method of any one of claims 20-26.
28. An apparatus, comprising:
at least one data processor; and
at least one memory including computer program code, where the at least one memory and computer program code are configured, with the at least one data processor, to cause the apparatus at least to receive from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network, to authenticate the user equipment with a home network of the user equipment through the wifi access point; to send from the access point an identification of the user equipment to the identified packet data network gateway; to receive from the identified packet data network gateway an IP address assigned for use by the user equipment; and to inform the user equipment of the assigned IP address and to continue the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
29. The apparatus as in claim 28, where the identification of a packet data network gateway is received in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
30. The apparatus as in claim 28, where the identification of the packet data network gateway is received in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
31. The apparatus as in any of claims 28-30, where the user equipment is informed ofthe assigned IP address in a unicast router advertisement.
32. The apparatus as in any of claims 28-30, where the user equipment is informed ofthe assigned IP address in a dynamic host configuration protocol response sent after receiving a dynamic host configuration protocol request from the user equipment.
33. The apparatus as in any of claims 28-30, further comprising sending the user equipment an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
34. The apparatus as in claim 28, where the identification of a packet data network gateway is sent to the identified packet data network gateway in an S2a PMIP BU/GTP Create Session message, and where the IP address assigned for use by the user equipment is received from the identified packet data network gateway in an S2a PMIP BA/GTP Response message.
35. An apparatus, comprising:
means for receiving from a user equipment at a wifi access point of a wifi network an identification of a packet data network gateway that is currently used for sending and receiving internet protocol (IP) traffic by the user equipment via a cellular network;
means for authenticating the user equipment with a home network of the user equipment through the wifi access point;
means for sending from the access point an identification of the user equipment to the identified packet data network gateway;
means for receiving from the identified packet data network gateway an IP address assigned for use by the user equipment; and
means for informing the user equipment of the assigned IP address and continuing the sending and receiving of IP traffic through a tunnel established, using the assigned IP address, between the identified packet data network gateway and the user equipment via the wifi access point.
36. The apparatus as in claim 35, where the identification of a packet data network gateway is received in an extensible authentication protocol (EAP)-Request/Response/Identity message sent from the user equipment.
37. The apparatus as in claim 35 where the identification of the packet data network gateway is received in a dynamic host configuration protocol request subsequent to the step of authenticating the user equipment.
38. The apparatus as in any of claims 35-37, where the user equipment is informed ofthe assigned IP address in a unicast router advertisement.
39. The apparatus as in any of claims 35-37, where the user equipment is informed ofthe assigned IP address in a dynamic host configuration protocol response sent after receiving a dynamic host configuration protocol request from the user equipment.
40. The apparatus as in any of claims 35-37, further comprising sending the user equipment an indication as whether to expect to receive the unicast router advertisement or to instead send the dynamic host configuration protocol request.
41. The apparatus as in claim 35, where the identification of a packet data network gateway is sent to the identified packet data network gateway in an S2a PMIP BU/GTP Create Session message, and where the IP address assigned for use by the user equipment is received from the identified packet data network gateway in an S2a PMIP BA/GTP Response message.
PCT/FI2012/050684 2011-07-07 2012-06-29 Trusted wireless local area network access WO2013004905A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201161505248P 2011-07-07 2011-07-07
US61/505,248 2011-07-07

Publications (1)

Publication Number Publication Date
WO2013004905A1 true WO2013004905A1 (en) 2013-01-10

Family

ID=47436579

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2012/050684 WO2013004905A1 (en) 2011-07-07 2012-06-29 Trusted wireless local area network access

Country Status (1)

Country Link
WO (1) WO2013004905A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015009735A1 (en) * 2013-07-15 2015-01-22 Qualcomm Incorporated System and method to assign an internet protocol address to a mobile device during a handoff
US20150163704A1 (en) * 2013-12-11 2015-06-11 Qualcomm Incorporated Handover from cellular to wlan in integrated network
EP2955940A1 (en) * 2014-06-13 2015-12-16 Telefonaktiebolaget L M Ericsson (PUBL) Mobile network iot convergence
CN106031105A (en) * 2013-12-19 2016-10-12 阿尔卡特朗讯公司 Overload control for trusted wlan access to epc
WO2016184050A1 (en) * 2015-05-20 2016-11-24 中兴通讯股份有限公司 Virtual sim card based wireless access point switching method and system
WO2017143902A1 (en) * 2016-02-26 2017-08-31 中兴通讯股份有限公司 Evolved packet data gateway and cross evolved packet data gateway switching method and system
TWI624163B (en) * 2016-08-03 2018-05-11 Chunghwa Telecom Co Ltd System for controlling IPv6 networking of IoT devices
CN110113737A (en) * 2013-02-21 2019-08-09 三星电子株式会社 Method and apparatus for connecting short-distance wireless communication in the terminal
US10652086B2 (en) 2014-06-13 2020-05-12 Telefonaktiebolaget Lm Ericsson (Publ) Converging IOT data with mobile core networks

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080254768A1 (en) * 2007-04-12 2008-10-16 Stefano Faccin Packet data network connectivity domain selection and bearer setup
WO2009118661A2 (en) * 2008-03-25 2009-10-01 Nortel Networks Limited Method and system for maintaining multiple pdn network connection during inter-technology handover in idle mode
US20100035578A1 (en) * 2008-08-07 2010-02-11 Futurewei Technologies, Inc. Method and System for Interworking Between Two Different Networks
WO2010092764A1 (en) * 2009-02-13 2010-08-19 パナソニック株式会社 Gateway connection method, gateway connection control system, and user equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080254768A1 (en) * 2007-04-12 2008-10-16 Stefano Faccin Packet data network connectivity domain selection and bearer setup
WO2009118661A2 (en) * 2008-03-25 2009-10-01 Nortel Networks Limited Method and system for maintaining multiple pdn network connection during inter-technology handover in idle mode
US20100035578A1 (en) * 2008-08-07 2010-02-11 Futurewei Technologies, Inc. Method and System for Interworking Between Two Different Networks
WO2010092764A1 (en) * 2009-02-13 2010-08-19 パナソニック株式会社 Gateway connection method, gateway connection control system, and user equipment

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113737A (en) * 2013-02-21 2019-08-09 三星电子株式会社 Method and apparatus for connecting short-distance wireless communication in the terminal
CN110113737B (en) * 2013-02-21 2021-12-21 三星电子株式会社 Method and apparatus for connecting short-range wireless communication in terminal
CN105379329B (en) * 2013-07-15 2018-11-23 高通股份有限公司 System and method for assigning internet protocol address to mobile device during switching
WO2015009735A1 (en) * 2013-07-15 2015-01-22 Qualcomm Incorporated System and method to assign an internet protocol address to a mobile device during a handoff
CN105379329A (en) * 2013-07-15 2016-03-02 高通股份有限公司 System and method to assign an internet protocol address to a mobile device during a handoff
US9392494B2 (en) 2013-07-15 2016-07-12 Qualcomm Incorporated Systems and methods for reduced latency during initial link setup
US9693266B2 (en) 2013-07-15 2017-06-27 Qualcomm Incorporated System and method to assign an internet protocol address to a mobile device during a handoff
CN105830492A (en) * 2013-12-11 2016-08-03 高通股份有限公司 Switching from Cellular to WLAN in Integrated Networks
US20150163704A1 (en) * 2013-12-11 2015-06-11 Qualcomm Incorporated Handover from cellular to wlan in integrated network
CN105830492B (en) * 2013-12-11 2020-04-28 高通股份有限公司 Method, apparatus and medium for handover from cellular to WLAN in an integrated network
WO2015089323A1 (en) * 2013-12-11 2015-06-18 Qualcomm Incorporated Handover from cellular to wlan in integrated network
CN106031105A (en) * 2013-12-19 2016-10-12 阿尔卡特朗讯公司 Overload control for trusted wlan access to epc
CN106031105B (en) * 2013-12-19 2020-04-24 诺基亚技术有限公司 Overload control for trusted WLAN access to EPC
US10645611B2 (en) 2013-12-19 2020-05-05 Alcatel Lucent Overload control for trusted WLAN access to EPC
US10652086B2 (en) 2014-06-13 2020-05-12 Telefonaktiebolaget Lm Ericsson (Publ) Converging IOT data with mobile core networks
EP2955940A1 (en) * 2014-06-13 2015-12-16 Telefonaktiebolaget L M Ericsson (PUBL) Mobile network iot convergence
WO2016184050A1 (en) * 2015-05-20 2016-11-24 中兴通讯股份有限公司 Virtual sim card based wireless access point switching method and system
WO2017143902A1 (en) * 2016-02-26 2017-08-31 中兴通讯股份有限公司 Evolved packet data gateway and cross evolved packet data gateway switching method and system
TWI624163B (en) * 2016-08-03 2018-05-11 Chunghwa Telecom Co Ltd System for controlling IPv6 networking of IoT devices

Similar Documents

Publication Publication Date Title
US11411616B2 (en) Trusted WLAN connectivity to 3GPP evolved packet core
US10798767B2 (en) Method and apparatus for relaying user data between a secure connection and a data connection
US10581816B2 (en) External authentication support over an untrusted network
WO2013004905A1 (en) Trusted wireless local area network access
US11622268B2 (en) Secure communication method and secure communications apparatus
US20170289883A1 (en) Emergency services handover between untrusted wlan access and cellular access
JP2017538345A (en) Method, apparatus and system
WO2011137928A1 (en) Packet data network connection with non-transparent interworking mode
US9641531B2 (en) Node and a method for enabling network access authorization
US11109219B2 (en) Mobile terminal, network node server, method and computer program
US20240056804A1 (en) Method, apparatus and computer program
US20240155439A1 (en) Securing communications at a change of connection
US20240305982A1 (en) Secure authentication and identification in trusted non-3gpp access networks
WO2024104246A1 (en) Communication method and communication apparatus
JP6189389B2 (en) Support for external authentication over untrusted networks
RU2575682C2 (en) External authentication support via unsecured network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12807798

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12807798

Country of ref document: EP

Kind code of ref document: A1