Internet protocol traffic filter for a mobile radio network
First Claim
1. An IP traffic filter for a mobile radio network that provides both voice and data services for one or more mobile stations when present in said mobile radio network, comprising:
- a database for storing access privileges of said mobile stations for accessing one or more remote hosts, and access privileges of said remote hosts for accessing said mobile stations, said database including a plurality of entries respectively associated with mobile stations present in the network, each said entry indicative of an access privilege associated with the corresponding mobile station, said database including a plurality of data storage locations coupled to one another and distributed across the network to permit each said entry to travel through the network with the corresponding mobile station; and
a processor for routing data to and from said mobile stations from and to said remote hosts, the processor further for accessing said database to determine access privileges, and for denying or allowing access in response to a determined access privilege and wherein said database can be altered both from said mobile stations and from said remote hosts.
1 Assignment
0 Petitions
Accused Products
Abstract
An Internet Protocol traffic filter is provided for a mobile radio network. A database stores access privileges of the mobile station for accessing a remote host, and access privileges of the remote host for accessing the mobile station. A processor receives data from the mobile station addressed to a remote host. The processor accesses the database to determine whether the mobile station is allowed to access the remote host, and denies access if access is unauthorized. Otherwise, the processor sends the data to the remote host if access is authorized. The processor also receives data from a remote host, and determines whether the remote host is allowed to access the mobile station. The processor denies access to the mobile station if the remote host is unauthorized. Otherwise, the processor connects the remote host to the mobile station if access is authorized.
43 Citations
25 Claims
-
1. An IP traffic filter for a mobile radio network that provides both voice and data services for one or more mobile stations when present in said mobile radio network, comprising:
-
a database for storing access privileges of said mobile stations for accessing one or more remote hosts, and access privileges of said remote hosts for accessing said mobile stations, said database including a plurality of entries respectively associated with mobile stations present in the network, each said entry indicative of an access privilege associated with the corresponding mobile station, said database including a plurality of data storage locations coupled to one another and distributed across the network to permit each said entry to travel through the network with the corresponding mobile station; and
a processor for routing data to and from said mobile stations from and to said remote hosts, the processor further for accessing said database to determine access privileges, and for denying or allowing access in response to a determined access privilege and wherein said database can be altered both from said mobile stations and from said remote hosts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for filtering IP traffic originating from one or more mobile stations when present in a mobile radio network, wherein said mobile network handles both voice and data, comprising the steps of:
-
maintaining a database comprising access rights of said mobile stations for accessing one or more remote hosts, said database including a plurality of entries respectively associated with mobile stations present in the network, each said entry indicative of an access right associated with the corresponding mobile station;
the database entries traveling through the network and residing in a plurality of locations in the database as their associated mobile stations travel through the network;
receiving data sent from one of said mobile stations to one of said remote hosts;
using the database to determine access rights of said one mobile station to access said one remote host;
denying access to said one remote host if said access is unauthorized;
forwarding said data to said one remote host if said access is authorized; and
providing a means by which said database can be altered both from said mobile stations and from said remote hosts. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
receiving an identity of said one mobile station;
receiving an IP address of said one remote host; and
receiving an IP address associated with said one mobile station.
-
-
12. The method of claim 11, wherein the step of receiving said identity of said one mobile station comprises receiving an IMSI number associated with said one mobile station.
-
13. The method of claim 11, wherein said using step comprises comparing the IP address of said one remote host against a list of allowed destination hosts provided in one of said database entries associated with said one mobile station.
-
14. The method of claim 11, wherein said using step comprises comparing said IP address of said one remote host against a list of disallowed destination hosts provided in one of said database entries associated with said one mobile station.
-
15. The method of claim 11, wherein said using step comprises comparing said identity of said one mobile station against a group of said database entries indicative of mobile station membership in a virtual network.
-
16. The method of claim 10, wherein said maintaining step comprises creating as part of said database a local copy of said access rights associated with each of said mobile stations present in said mobile radio network.
-
17. The method of claim 16, wherein said using step includes using said local copy of said access rights.
-
18. A method for filtering IP traffic directed to one or more mobile stations when present in a mobile radio network capable of transmitting both voice and data from one or more remote hosts, comprising the steps of:
-
maintaining a database comprising access rights of said remote hosts for accessing said mobile stations, said database including a plurality of entries respectively associated with mobile stations present in the network, each said entry indicative of an access right of a remote host to access the corresponding mobile station;
the database entries traveling through the network and residing in a plurality of locations in the database as their associated mobile stations travel through the network;
receiving from one of said remote hosts data addressed to one of said mobile stations;
using the database to determine access rights of said one remote host to access said one mobile station;
denying access to said one mobile station if access to said one mobile station by said one remote host is unauthorized;
otherwise sending the data from said one remote host to said one mobile station if said access to said one mobile station by said one remote host is authorized; and
providing a means by which said database can be altered both from said mobile stations and from said remote hosts. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification