Admission of an individual session in a network

US 10,298,580 B2
Filed: 05/31/2016
Issued: 05/21/2019
Est. Priority Date: 06/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method of obtaining access to network resources for a mobile device, the method comprising:

receiving a request, at an authentication and authorization function (AAF), from a Radio Access Network (RAN) device, for access for a mobile device;

authenticating, at the AAF, the mobile device;

responsive to failing authorization to access each of a plurality of virtual networks, authorizing at the AAF, the mobile device to access a limited access service;

wherein authorizing the mobile device to access the limited access service comprises;

requesting authorization from a blacklist authorization function; and

transmitting an authorization message to the RAN device;

wherein the AAF is instantiated in the core network with subscription information supplied by a virtual network operator.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An aspect of the disclosure provides a method for session admission at a node in an infrastructure provider network. The method includes receiving a connection request from a user equipment not associated with a network with which the infrastructure provider network is associated and obtaining from the user equipment, an identification of a service provider with which the infrastructure provider network is associated. Access authorization is then requested from the identified service provider. Embodiments allow such a process to provide government mandated free access, or for some other service provider to pay for the service.

8 Citations

21 Claims

1. A method of obtaining access to network resources for a mobile device, the method comprising:
- receiving a request, at an authentication and authorization function (AAF), from a Radio Access Network (RAN) device, for access for a mobile device;
  
  authenticating, at the AAF, the mobile device;
  
  responsive to failing authorization to access each of a plurality of virtual networks, authorizing at the AAF, the mobile device to access a limited access service;
  
  wherein authorizing the mobile device to access the limited access service comprises;
  
  requesting authorization from a blacklist authorization function; and
  
  transmitting an authorization message to the RAN device;
  
  wherein the AAF is instantiated in the core network with subscription information supplied by a virtual network operator.
- View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the plurality of virtual networks is established through a plurality of core networks each connected to a RAN.
  - 3. The method of claim 1 wherein a RAN is connected to a core network, and the plurality of virtual networks are established through the core network.
  - 7. The method of claim 1 wherein the plurality of virtual networks are established through a network architecture comprising:
    - an infrastructure provider (InP) for providing RAN infrastructure; and
      
      a plurality of telecommunications connectivity service providers (TCSPs) with each TCSP associated with at least one virtual network operator (VNO);
      
      wherein a VNO supplies virtual network services to subscribing customers using a virtual network established by a TCSP.
  - 8. The method of claim 1 wherein the plurality of virtual networks are established through a network architecture comprising:
    - an infrastructure provider (InP) for providing RAN infrastructure;
      
      a telecommunications connectivity service provider (TCSP); and
      
      a plurality of virtual network operators (VNOs);
      
      wherein each of the VNOs supplies virtual network services to subscribing customers using a virtual network established by the TCSP.
  - 9. The method of claim 1 wherein authenticating includes requesting authentication from a third party server.
  - 10. The method of claim 1 wherein authorizing the mobile device to access a limited access service comprises requesting authorization for the mobile device to access a limited access.
  - 11. The method of claim 10 wherein requesting authorization for the mobile device to access a limited access service comprises transmitting a request to a third party server.
  - 12. The method of claim 1 further comprising:
    - in response to the request being a request for an emergency access service, granting access to the emergency access service;
      
      and wherein the limited access service is a non-emergency limited access service.

4. A method of obtaining access to network resources for a mobile device, the method comprising:
- receiving a request, at an authentication and authorization function (AAF), from a Radio Access Network (RAN) device, for access for a mobile device;
  
  authenticating, at the AAF, the mobile device;
  
  responsive to failing authorization to access each of a plurality of virtual networks, authorizing at the AAF, the mobile device to access a limited access service;
  
  wherein authorizing the mobile device to access the limited access service comprises;
  
  requesting authorization from a blacklist authorization function; and
  
  transmitting an authorization message to the RAN devicewherein the AAF is instantiated in the RAN.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4 further comprising receiving an indication of a preferred virtual network from the mobile device.
  - 6. The method of claim 4 further comprising transmitting a list of virtual networks to the mobile device.

13. A method of obtaining authorization for access to network resources for a mobile device in a radio access network (RAN) in a network architecture including the RAN having a first administrative domain, and a VN implemented using a core network having a second administrative domain, the method comprising:
- receiving, at an authentication and authorization function (AAF), a request for access for a mobile device from a node in the first administrative domain of the RAN;
  
  authenticating, at the AAF, the mobile device;
  
  responsive to failing authorization to access the VN, authorizing, at the AAF, the mobile device to access a limited access service supplied by the core network having the second administrative domain;
  
  wherein responsive to failing authorization to access the VN, authorizing the mobile device to access a limited access service comprises;
  
  failing to authorize the mobile device for network access according to a subscriber database of the AAF;
  
  requesting authorization from a blacklist authorization function; and
  
  transmitting an authorization message to the RAN.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 wherein the AAF is instantiated in the RAN with subscription information supplied by a virtual network operator.
  - 15. The method of claim 14 wherein responsive to failing authorization to access the VN, authorizing the mobile device to access a limited access service comprises transmitting a request to a second AAF, the second AAF being located within the core network, and receiving a reply from the second AAF.
  - 16. The method of claim 13 wherein the AAF is instantiated in the core network.

17. A method of providing a third party offered service via a telecommunications connectivity service provider (TCSP), the method comprising:
- receiving, at a third party server, a request from the TCSP for a communication session on behalf of a user without a subscription to a network associated with the TCSP;
  
  requesting authorization, by the third party server, on behalf of the user from a blacklist authorization function;
  
  transmitting, from the third party server, an authorizing response to the TCSP; and
  
  providing, by the third party server, the third party service using the communication session.
- View Dependent Claims (18, 19)
- - 18. The method of providing a third party offered service as claimed in claim 17 further comprising transmitting a message to the TCSP indicating the third party agrees to pay for connection charges.
  - 19. The method of providing a third party offered service as claimed in claim 18 further comprising negotiating with the TCSP for specific connection parameters for the session.

20. A node comprising:
- a processor;
  
  machine readable memory storing machine executable instructions for implementing an authentication and authorization function (AAF) comprising instructions to cause the AAF to;
  
  receive a request, from a Radio Access Network (RAN) device, for access for a mobile device;
  
  authenticate the mobile device; and
  
  responsive to failing authorization to access each of a plurality of virtual networks, authorize the mobile device to access a limited access service;
  
  wherein authorizing the mobile device to access the limited access service comprises;
  
  requesting authorization from a blacklist authorization function; and
  
  transmitting an authorization message to the RAN devicewherein the AAF is instantiated in the core network with subscription information supplied by a virtual network operator.

21. A node for use in a network, the network including a Radio Access Network (RAN) having a first administrative domain and a VN implemented using a core network having a second administrative domain, the node comprising:
- a processor;
  
  machine readable memory storing machine executable instructions for implementing an authentication and authorization function (AAF) comprising instructions to cause the AAF to;
  
  receive a request for access for a mobile device from a node in the first administrative domain of the RAN;
  
  authenticate the mobile device;
  
  responsive to failing authorization to access the VN, authorize the mobile device to access a limited access service supplied by the core network having the second administrative domain;
  
  wherein responsive to failing authorization to access the VN, authorizing the mobile device to access a limited access service comprises;
  
  failing to authorize the mobile device for network access according to a subscriber database of the AAF;
  
  requesting authorization from a blacklist authorization function; and
  
  transmitting an authorization message to the RAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Senarath, Nimal Gamini, Vrzic, Sophie, Zhang, Hang, Dao, Ngoc Dung
Primary Examiner(s)
Sivji, Nizar N

Application Number

US15/169,097
Publication Number

US 20160352734A1
Time in Patent Office

1,085 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/30   Authentication, i.e. establ...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 63/0892   by using authentication-aut...

H04L 63/10   for controlling access to d...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 76/16   Involving different core ne...

Admission of an individual session in a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Admission of an individual session in a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links