Adapting Network Policies Based on Device Service Processor Configuration

US 20140059640A9
Filed: 09/20/2011
Published: 02/27/2014
Est. Priority Date: 03/02/2009
Status: Active Grant

First Claim

Patent Images

1. A network system, comprising:

one or more network elements configured to receive a device credential from an end-user device; and

a service processor authentication and management system configured to;

obtain service processor authentication information, andusing the service processor authentication information, facilitate execution of an end-user device service processor authentication procedure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are various embodiments to prevent, detect, or take action in response to the moving a device credential from one device to another, the improper configuration of a service processor, a missing service processor, or the tampering with a service processor in device-assisted services (DAS) systems.

Citations

31 Claims

1. A network system, comprising:
- one or more network elements configured to receive a device credential from an end-user device; and
  
  a service processor authentication and management system configured to;
  
  obtain service processor authentication information, andusing the service processor authentication information, facilitate execution of an end-user device service processor authentication procedure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The network system recited in claim 1, wherein at least one of the one or more network elements is an AAA, an HLR, a PCRF, an access network authentication system, an admission system, or a log-in system.
  - 3. The network system recited in claim 1, wherein at least one of the one or more service policy enforcement elements is a gateway, a router, a GGSN, a SGSN, a proxy, a charging element, or a notification trigger element.
  - 4. The network system recited in claim 1, wherein authenticating the service processor on the end-user device comprises verifying that the service processor is present and configured in an expected manner.
  - 5. The network system recited in claim 1, further comprising one or more service policy enforcement elements configured to implement an access network service policy associated with the device credential, and wherein the service processor authentication and management system is further configured to cause the access network service policy associated with the device credential to be executed as a first network portion of an access network service when the end-user device service processor authentication procedure is successful.
  - 6. The network system recited in claim 1, further comprising one or more service policy enforcement elements configured to implement an access network service policy associated with the device credential, and wherein the service processor authentication and management system is further configured to cause the access network service policy associated with the device credential to be executed as a second network portion of an access network service when the end-user device service processor authentication procedure is unsuccessful.
  - 7. The network system recited in claim 1, wherein the device credential is information from a SIM card, information from a soft SIM, information from a universal SIM, an IMSI, a wireless modem identifier, a phone number, an IMEI, an MEID, a MAC address, an IP address, a secure device identifier, or a device secure communication encryption key.
  - 8. The network system recited in claim 1, wherein the service processor authentication and management system is further configured to:
    - associate a first device credential with a first end-user device;
      
      determine whether a received device credential, associated with an authenticating end-user device, is the first device credential;
      
      determine whether the authenticating end-user device is the first end-user device;
      
      enforce a first access network control policy when the received device credential is the first device credential and the authenticating end-user device is the first end-user device; and
      
      enforce a second access network control policy when the received device credential is not the first device credential or the authenticating end-user device is not the first end-user device.
  - 9. The network system recited in claim 8, wherein the second access network control policy differs from the first access network control policy in one or more of a network access privilege, an allowable network destination, a service usage accounting or billing policy, a service usage rate, a service speed or quality, an allowed access network, a user notification, a roaming policy or permission, effect on a device operation.
  - 10. The network system recited in claim 8, wherein the first end-user device comprises a properly-configured service processor.
  - 11. The network system recited in claim 8, wherein the second end-user device does not include a properly-configured service processor.
  - 12. The network system recited in claim 8, wherein the second access network control policy is configured to suspend or block network access by the authenticating end-user device.

13. An end-user device, comprising:
- a modem for enabling the end-user device to access available network data services over an access network;
  
  one or more device credential sources configured to store a device credential; and
  
  a service processor configured to;
  
  enforce a device-based portion of a wireless access network service policy; and
  
  communicate with a network-based service controller to provide service processor authentication information configured to assist the network-based service controller in authenticating the service processor.
- View Dependent Claims (14, 15)
- - 14. The end-user device recited in claim 13, wherein the service processor authentication information is the device credential.
  - 15. The end-user device recited in claim 13, wherein the device credential is information from a SIM card, information from a soft SIM, information from a universal SIM, an IMSI, a wireless modem identifier, a phone number, an IMEI, an MEID, a MAC address, an IP address, a secure device identifier, or a device secure communication encryption key.

16. A network system, comprising:
- memory configured to store a trusted usage data report associated with an end-user device; and
  
  one or more network elements configured to;
  
  receive a usage data report from the end-user device;
  
  obtain the trusted usage data report associated with the end-user device; and
  
  reconcile the usage data report from the end-user device and the trusted usage data report associated with the end-user device.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The network system recited in claim 16, wherein the trusted usage data report associated with the end-user device is generated by a network element.
  - 18. The network system recited in claim 16, wherein the trusted usage data report associated with the end-user device is generated by an end-user device software or firmware agent in a secure execution environment.
  - 19. The network system recited in claim 18, wherein the trusted usage data report associated with the end-user device is received from a good customer feedback source.
  - 20. The network system recited in claim 19, wherein the good customer feedback source is a website or server that tracks one or more of a number of visits by the end-user device, a number of transactions associated with the end-user device, an amount of business generated in association with the end-user device, an amount of data communicated by or to the end-user device, or another measure of the end-user device'"'"'s interaction with the website or server.
  - 21. The network system recited in claim 16, wherein the network-generated usage data report associated with the end-user device is a flow data record.
  - 22. The network system recited in claim 16, wherein the one or more network elements are further configured to credit a user account associated with the end-user device based on reconciling the usage data report from the end-user device and the network-generated usage data report associated with the end-user device.

23. A network system, comprising:
- one or more network elements configured to;
  
  receive a data usage report associated with an end-user device from a good customer feedback source, andbased on the data usage report from the good customer feedback source, reduce a bulk data usage amount associated with a user account.

24. A network system, comprising:
- one or more network elements configured to detect a service usage indication associated with an end-user device; and
  
  a service controller configured to;
  
  determine that a device credential is intended to be associated with a service processor on the end-user device;
  
  receive the service usage indication associated with the end-user device;
  
  detect a specified condition; and
  
  declare a service processor integrity violation upon detecting the specified condition.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The network system recited in claim 24, wherein the specified condition is that the service controller is unable to complete a service processor authentication procedure.
  - 26. The network system recited in claim 24, wherein the service controller is further configured to receive a device-originated service usage indication from the service processor, and wherein the specified condition is that the service usage indication is inconsistent with the device-originated service usage indication.
  - 27. The network system recited in claim 24, wherein the service controller is further configured to receive a device-originated service usage indication from the service processor, and wherein the specified condition is that either the service usage indication or the device-originated service usage indication is inconsistent with a service usage policy.
  - 28. The network system recited in claim 24, wherein the device credential is information from a SIM card, information from a soft SIM, information from a universal SIM, an IMSI, a wireless modem identifier, a phone number, an IMEI, an MEID, a MAC address, an IP address, a secure device identifier, or a device secure communication encryption key.
  - 29. The network system recited in claim 24, wherein at least one of the one or more network elements is a GGSN, an SGSN, a charging gateway, a AAA function, an HLR, a router, or a server.
  - 30. The network element recited in claim 24, wherein the service usage indication associated with the end-user device is one or more of a start accounting message, a stop accounting message, a charging data record, a flow data record, or a service usage measure.
  - 31. The network element recited in claim 25, wherein the service controller is unable to complete the service processor authentication procedure when the service processor does not communicate with the service controller within a predetermined amount of time after the service controller receives the service usage indication associated with the end-user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Headwater Research LLC (Greg Raleigh)
Original Assignee
Headwater Partners I LLC (Greg Raleigh)
Inventors
Raleigh, Gregory G., Lavine, James

Granted Patent

US 8,832,777 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 41/0816   the condition being an adap...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5025   by proactively reacting to ...

H04M 15/00   Arrangements for metering, ...

H04M 15/58   based on statistics of usag...

H04M 2215/0188   Network monitoring; statist...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 24/10   Scheduling measurement repo...

H04W 4/24   Accounting or billing

H04W 8/18   Processing of user or subsc...

Adapting Network Policies Based on Device Service Processor Configuration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Adapting Network Policies Based on Device Service Processor Configuration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links