Authentication failure handling for access to services through untrusted wireless networks

US 10,263,984 B2
Filed: 09/22/2016
Issued: 04/16/2019
Est. Priority Date: 09/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method to control service access for a wireless communication device, the method comprising:

by the wireless communication device;

establishing an encrypted connection with an evolved packet data gateway (ePDG) server through a non-third generation partnership project (non-3GPP) wireless access network;

requesting access to a particular service of a third generation partnership project (3GPP) cellular wireless network via the ePDG server and the non-3GPP wireless access network;

receiving an authentication failure message from the ePDG server, the authentication failure message comprising a specific error indication mapped by the ePDG server based on an error code received from an authentication server of the 3GPP cellular wireless network;

determining a failure cause based at least in part on the specific error indication of the authentication failure message; and

disallowing retry attempts to request access to the particular service until one or more criteria are satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

21 Citations

View as Search Results

20 Claims

1. A method to control service access for a wireless communication device, the method comprising:
- by the wireless communication device;
  
  establishing an encrypted connection with an evolved packet data gateway (ePDG) server through a non-third generation partnership project (non-3GPP) wireless access network;
  
  requesting access to a particular service of a third generation partnership project (3GPP) cellular wireless network via the ePDG server and the non-3GPP wireless access network;
  
  receiving an authentication failure message from the ePDG server, the authentication failure message comprising a specific error indication mapped by the ePDG server based on an error code received from an authentication server of the 3GPP cellular wireless network;
  
  determining a failure cause based at least in part on the specific error indication of the authentication failure message; and
  
  disallowing retry attempts to request access to the particular service until one or more criteria are satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the wireless communication device requests access to the particular service of the 3GPP cellular wireless network by at least attempting to establish a secure tunnel to an access point name (APN).
  - 3. The method of claim 2, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the APN.
  - 4. The method of claim 2, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the particular service of the 3GPP cellular wireless network.
  - 5. The method of claim 2, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the APN or to the particular service of the 3GPP cellular wireless network via the non-3GPP wireless access network.
  - 6. The method of claim 1, wherein the authentication failure message comprises an Internet Key Exchange Version 2 (IKEv2) message indicating the particular service is not available to the wireless communication device for a geographic location at which the wireless communication device is operating.
  - 7. The method of claim 1, wherein the one or more criteria are satisfied based at least in part on a network-specified back-off time period following each retry attempt.
  - 8. The method of claim 1, wherein the one or more criteria are satisfied based at least in part on changes to security credentials of a Subscriber Identity Module (SIM) for the wireless communication device.
  - 9. The method of claim 1, wherein the one or more criteria are satisfied based at least in part on the wireless communication device changing its geographic location by a pre-configured measure.
  - 10. The method of claim 1, wherein the one or more criteria are satisfied based on the wireless communication device requesting access to the particular service via a different non-3GPP wireless access network.

11. A wireless communication device comprising:
- one or more antennas,wireless circuitry communicatively coupled to the one or more antennas and to processing circuitry; and
  
  the processing circuitry comprising one or more processors and a storage medium storing instructions that, when executed on the one or more processors, cause the wireless communication device to;
  
  establish an encrypted connection with an evolved packet data gateway (ePDG) server through a non-third generation partnership project (non-3GPP) wireless access network;
  
  request access to a particular service of a third generation partnership project (3GPP) cellular wireless network via the ePDG server and the non-3GPP wireless access network;
  
  receive an authentication failure message from the ePDG server, the authentication failure message comprising a specific indication mapped by the ePDG server based on an error code received from an authentication server of the 3GPP cellular wireless network;
  
  determine a failure cause based at least in part on the specific error indication of the authentication failure message; and
  
  disallow retry attempts to request access to the particular service until one or more criteria are satisfied.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The wireless communication device of claim 11, wherein the wireless communication device requests access to the particular service of the 3GPP cellular wireless network by at least attempting to establish a secure tunnel to an access point name (APN).
  - 13. The wireless communication device of claim 12, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the APN.
  - 14. The wireless communication device of claim 12, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the particular service of the 3GPP cellular wireless network.
  - 15. The wireless communication device of claim 12, wherein the authentication failure message from the ePDG server indicates to the wireless communication device that the wireless communication device is not allowed access to the APN or to the particular service of the 3GPP cellular wireless network via the non-3GPP wireless access network.
  - 16. The wireless communication device of claim 11, wherein the authentication failure message comprises an Internet Key Exchange Version 2 (IKEv2) message indicating the particular service is not available to the wireless communication device for a geographic location at which the wireless communication device is operating.
  - 17. The wireless communication device of claim 11, wherein the one or more criteria are satisfied based at least in part on a network-specified back-off time period following each retry attempt.
  - 18. The wireless communication device of claim 11, wherein the one or more criteria are satisfied based at least in part on changes to security credentials of a Subscriber Identity Module (SIM) for the wireless communication device.
  - 19. The wireless communication device of claim 11, wherein the one or more criteria are satisfied based at least in part on the wireless communication device changing its geographic location by a pre-configured measure.

20. An apparatus configurable for operation in a wireless communication device, the apparatus comprising:
- processing circuitry including a processor and a memory storing instructions that, when executed by the processor, cause the wireless communication device to;
  
  establish an encrypted connection with an evolved packet data gateway (ePDG) server through a non-third generation partnership project (non-3GPP) wireless access network;
  
  request access to a particular service of a third generation partnership project (3GPP) cellular wireless network via the ePDG server and the non-3GPP wireless access network;
  
  receive an authentication failure message from the ePDG server, the authentication failure message comprising a specific error indication mapped by the ePDG server based on an error code received from an authentication server of the 3GPP cellular wireless network;
  
  determine a failure cause based at least in part on the specific error indication of the authentication failure message; and
  
  disallow retry attempts to request access to the particular service until one or more criteria are satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Kiss, Krisztian, Pauly, Thomas F., Singh, Ajoy K., Malthankar, Rohan C., Yerrabommanahalli, Vikram Bhaskara, Rivera-Barreto, Rafael L.
Primary Examiner(s)
Holder, Bradley

Application Number

US15/273,165
Publication Number

US 20170094512A1
Time in Patent Office

936 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 63/162   at the data link layer

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 4/16   Communication-related suppl...

H04W 76/18   Management of setup rejecti...

H04W 84/02   Hierarchically pre-organise...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 88/06   adapted for operation in mu...

Y02D 30/00   Reducing energy consumption...

Authentication failure handling for access to services through untrusted wireless networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication failure handling for access to services through untrusted wireless networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links