NETWORK NODE AND METHOD TO CONTROL ROUTING OR BYPASSING OF DEPLOYED TRAFFIC DETECTION FUNCTION NODES

US 20120246325A1
Filed: 10/28/2011
Published: 09/27/2012
Est. Priority Date: 03/22/2011
Status: Active Grant

First Claim

Patent Images

1. A network node that participates in an Internet Protocol-Connectivity Access Network (IP-CAN) session establishment within a telecommunications network, the network node configured to:

receive a user privacy policy of an end user, wherein the user privacy policy indicates whether or not data flows to and from a user equipment used by the end user are to be routed through a traffic detection function (TDF) node; and

utilize the user privacy policy during the IP-CAN session establishment to assign an IP address to the end user, wherein the assigned IP address ensures that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network is described herein which can control, through subscriber profile data and/or policy preconfigured control data, whether deep packet inspection for data flow/s for an Internet Protocol-Connectivity Access Network (IP-CAN) session established by an end user should take place, or not, according to a defined “User Privacy Policy”, and, in the former case, to which traffic detection function (TDF) node the data flow(s) should be directed.

Citations

24 Claims

1. A network node that participates in an Internet Protocol-Connectivity Access Network (IP-CAN) session establishment within a telecommunications network, the network node configured to:
- receive a user privacy policy of an end user, wherein the user privacy policy indicates whether or not data flows to and from a user equipment used by the end user are to be routed through a traffic detection function (TDF) node; and
  
  utilize the user privacy policy during the IP-CAN session establishment to assign an IP address to the end user, wherein the assigned IP address ensures that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The network node of claim 1, further configured to:
    - ensure the data flows to and from the user equipment are routed through the same TDF node when the user privacy policy indicates that the data flows to and from the user equipment are to be routed through a TDF node.
  - 3. The network node of claim 1, wherein the user privacy policy is received from a Home Subscriber Server (HSS) or an Authentication Authorization Accounting Server (AAA), and wherein the user privacy policy indicates whether the end user is to be assigned an IP address which is associated with an Access Point Name (APN) or a separate IP address pool in which no TDF node is deployed or is associated with another APN or a separate IP address pool in which a TDF node is deployed.
  - 4. The network node of claim 1, further configured to:
    - partition an Access Point Name (APN) into separate IP address pools where one IP address pool has IP addresses that bypass a TDF node and another IP address pool has IP addresses that do not bypass a TDF node; and
      
      assign an IP address to the end user from one of the separate IP address pools to enforce the user privacy policy, wherein the assigned IP address is a source IP address which ensures that the data flows are routed or not through a TDF node depending on the user privacy policy.
  - 5. The network node of claim 1, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy points to a particular service Access Point Name (APN) which either has a TDF node deployed in a path or does not have a TDF node deployed in the path depending on the user privacy policy.
  - 6. The network node of claim 1, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy defines and points to a set of local predefined Policy and Charging Enforcement Function (PCEF) configuration data to be used for IP address allocation/IP configuration and subsequent routing with respect to a TDFs.
  - 7. The network node of claim 1, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy provides a TDF bypass indication.
  - 8. The network node of claim 1, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy has a permit unrestricted indicator which is used when a TDF node cannot be bypassed, and wherein the permit unrestricted indicator indicates that a TDF node is to bypass enforcement actions on the data flows to and from the user equipment.
  - 9. The network node of claim 1, wherein the user privacy policy is conveyed by an access-accept message which is received from a Policy and Charging Rules Function (PCRF) which acted as a Radius or Diameter proxy and interfaced with an Authentication Authorization Accounting Server (AAA), and wherein the access-accept message indicates an Access Point Name (APN) which is to be used when assigning the IP address to ensure that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.
  - 10. The network node of claim 1, wherein the user privacy policy is conveyed by an access-accept message which is received from a Policy and Charging Rules Function (PCRF) which acted as a Radius or Diameter proxy and interfaced with an Authentication Authorization Accounting Server (AAA), and wherein the access-accept message indicates a local IP pool which is to be used when assigning the IP address to ensure that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.

11. A method implemented by a network node that participates in an Internet Protocol-Connectivity Access Network (IP-CAN) session establishment within a telecommunications network, the method comprising the steps of:
- receiving a user privacy policy of an end user, wherein the user privacy policy indicates whether or not data flows to and from a user equipment used by the end user are to be routed through a traffic detection function (TDF) node; and
  
  utilizing the user privacy policy during the IP-CAN session establishment to assign an IP address to the end user, wherein the assigned IP address ensures that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising the step of ensuring the data flows to and from the user equipment are routed through the same TDF node when the user privacy policy indicates that the data flows to and from the user equipment are to be routed through a TDF node.
  - 13. The method of claim 11, wherein the user privacy policy is received from a Home Subscriber Server (HSS) or an Authentication Authorization Accounting Server (AAA), and wherein the user privacy policy indicates whether the end user is to be assigned an IP address which is associated with an Access Point Name (APN) or a separate IP address pool in which no TDF node is deployed or is associated with another APN or a separate IP address pool in which a TDF node is deployed.
  - 14. The method of claim 11, further comprising the steps of:
    - partitioning an Access Point Name (APN) into separate IP address pools where one IP address pool has IP addresses that bypass a TDF node and another IP address pool has IP addresses that do not bypass a TDF node; and
      
      assigning an IP address to the end user from one of the separate IP address pools to enforce the user privacy policy, wherein the assigned IP address is a source IP address which ensures that the data flows are routed or not through a TDF node depending on the user privacy policy.
  - 15. The method of claim 11, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy points to a particular service Access Point Name (APN) which either has a TDF node deployed in a path or does not have a TDF node deployed in the path depending on the user privacy policy.
  - 16. The method of claim 11, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy defines and points to a set of local predefined Policy and Charging Enforcement Function (PCEF) configuration data to be used for IP address allocation/IP configuration and subsequent routing with respect to a TDFs.
  - 17. The method of claim 11, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy provides a TDF bypass indication.
  - 18. The method of claim 11, wherein the user privacy policy is received from a Policy and Charging Rules Function (PCRF), and wherein the user privacy policy has a permit unrestricted indicator which is used when a TDF node cannot be bypassed, and wherein the permit unrestricted indicator indicates that a TDF node is to bypass enforcement actions on the data flows to and from the user equipment.
  - 19. The method of claim 11, wherein the user privacy policy is conveyed by an access-accept message which is received from a Policy and Charging Rules Function (PCRF) which acted as a Radius or Diameter proxy and interfaced with an Authentication Authorization Accounting Server (AAA), and wherein the access-accept message indicates an Access Point Name (APN) which is to be used when assigning the IP address to ensure that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.
  - 20. The method of claim 11, wherein the user privacy policy is conveyed by an access-accept message which is received from a Policy and Charging Rules Function (PCRF) which acted as a Radius or Diameter proxy and interfaced with an Authentication Authorization Accounting Server (AAA), and wherein the access-accept message indicates a local IP pool which is to be used when assigning the IP address to ensure that the data flows to and from the user equipment are routed or not through a TDF node depending on the user privacy policy.

21. A network node that participates in an Internet Protocol-Connectivity Access Network (IP-CAN) session establishment within a telecommunications network, the network node configured to:
- receive a request for IP-CAN bearer establishment of an user equipment;
  
  send an indication of IP-CAN session establishment to a Policy and Charging Rules Function (PCRF), wherein the PCRF interfaces with a Subscription Profile Repository (SPR) to obtain subscriber related information including a user privacy policy which indicates whether or not data flows to and from the user equipment are to be routed through a traffic detection function (TDF) node; and
  
  receive an acknowledgment message from the PCRF, wherein the acknowledgment message includes a configuration option profile which is dependent upon the user privacy policy and defines and points to a set of local predefined PCEF configuration to be used for IP address allocation/IP configuration and subsequent routing of the data flows to and from the user equipment.
- View Dependent Claims (22)
- - 22. The network node of claim 21, wherein the network node is a gateway-Policy and Charging Enforcement Function (PCEF).

23. A method implemented by a network node that participates in an Internet Protocol-Connectivity Access Network (IP-CAN) session establishment within a telecommunications network, the method comprising the steps of:
- receiving a request for IP-CAN bearer establishment of an user equipment;
  
  sending an indication of IP-CAN session establishment to a Policy and Charging Rules Function (PCRF), wherein the PCRF interfaces with a Subscription Profile Repository (SPR) to obtain subscriber related information including a user privacy policy which indicates whether or not data flows to and from the user equipment are to be routed through a traffic detection function (TDF) node; and
  
  receiving an acknowledgment message from the PCRF, wherein the acknowledgment message includes a configuration option profile which is dependent upon the user privacy policy and defines and points to a set of local predefined PCEF configuration to be used for IP address allocation/IP configuration and subsequent routing of the data flows to and from the user equipment.
- View Dependent Claims (24)
- - 24. The method of claim 23, wherein the network node is a gateway-Policy and Charging Enforcement Function (PCEF).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Pancorbo Marcos, Maria Belen, Segura, Louis

Granted Patent

US 9,686,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 12/1407   Policy-and-charging control...

H04L 43/00   Arrangements for monitoring...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

NETWORK NODE AND METHOD TO CONTROL ROUTING OR BYPASSING OF DEPLOYED TRAFFIC DETECTION FUNCTION NODES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK NODE AND METHOD TO CONTROL ROUTING OR BYPASSING OF DEPLOYED TRAFFIC DETECTION FUNCTION NODES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links