System and method for secure provisioning of a mobile station from a provisioning server using IWF-based IP address translation

US 6,775,285 B1
Filed: 02/09/2000
Issued: 08/10/2004
Est. Priority Date: 02/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. For use in association with a wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, an interworking function unit capable of transferring data between said wireless network and an Internet protocol (IP) data network coupled to said wireless network, said interworking function unit comprising:

a protocol conversion controller capable of receiving from said wireless network a first plurality of data packets, wherein said first plurality of data packets are generated by a first one of said plurality of mobile stations and are formatted according to a first protocol associated with said wireless network, and converting said first plurality of data packets to a plurality of IP data packets formatted according to an Internet protocol associated with said IP data network; and

a first security controller for preventing unprovisioned mobile stations from accessing said IP data network through said wireless network, wherein said first security controller is capable of receiving at least one of said plurality of IP data packets and replacing an original IP packet header of said at least one IP data packet with a replacement IP packet header comprising an IP address of a selected one of at least one provisioning server coupled to said IP data network and controlled by an operator of said wireless network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed an interworking function unit for transferring data between a wireless network and an Internet protocol (IP) data network coupled to the wireless network. The interworking function unit comprises a protocol conversion controller that receives incoming data packets from the wireless network, wherein the incoming data packets are generated by a first mobile station and are formatted according to a protocol associated with the wireless network. The interworking function unit converts the incoming data packets to IP data packets formatted according to an Internet protocol of the IP data network. The interworking function unit also comprises a first security controller for preventing unprovisioned mobile stations from accessing the IP data network through the wireless network. The first security controller receives the IP data packets and replaces each original IP packet header with a replacement IP packet header containing the IP address of a provisioning server.

Citations

20 Claims

1. For use in association with a wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, an interworking function unit capable of transferring data between said wireless network and an Internet protocol (IP) data network coupled to said wireless network, said interworking function unit comprising:
- a protocol conversion controller capable of receiving from said wireless network a first plurality of data packets, wherein said first plurality of data packets are generated by a first one of said plurality of mobile stations and are formatted according to a first protocol associated with said wireless network, and converting said first plurality of data packets to a plurality of IP data packets formatted according to an Internet protocol associated with said IP data network; and
  
  a first security controller for preventing unprovisioned mobile stations from accessing said IP data network through said wireless network, wherein said first security controller is capable of receiving at least one of said plurality of IP data packets and replacing an original IP packet header of said at least one IP data packet with a replacement IP packet header comprising an IP address of a selected one of at least one provisioning server coupled to said IP data network and controlled by an operator of said wireless network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The interworking function unit as set forth in claim 1 further comprising a second security controller capable of determining that said first mobile station is unprovisioned.
  - 3. The interworking function unit as set forth in claim 2 wherein said second security controller is disposed in said protocol conversion controller.
  - 4. The interworking function unit as set forth in claim 2 wherein said second security controller is disposed in said first security controller.
  - 5. The interworking function unit as set forth in claim 2 wherein said second security controller determines that said first mobile station is unprovisioned according to one of:
6. The interworking function unit as set forth in claim 1 wherein said first security controller selects said at least one provisioning server by selecting said IP address in said replacement IP packet header according to a load spreading algorithm.
7. The interworking function unit as set forth in claim 6 further comprising a memory associated with said first security controller capable of storing load statistics associated with said at least one provisioning server.
8. The interworking function unit as set forth in claim 7 wherein said first security controller selects a least busy one of said at least one provisioning server according to said load statistics.

9. A wireless network comprising:
- a plurality of base stations capable of communicating with a plurality of mobile stations; and
  
  an interworking function unit capable of transferring data between said wireless network and an Internet protocol (IP) data network coupled to said wireless network, said interworking function unit comprising;
  
  a protocol conversion controller capable of receiving from said wireless network a first plurality of data packets, wherein said first plurality of data packets are generated by a first one of said plurality of mobile stations and are formatted according to a first protocol associated with said wireless network, and converting said first plurality of data packets to a plurality of IP data packets formatted according to an Internet protocol associated with said IP data network; and
  
  a first security controller for preventing unprovisioned mobile stations from accessing said IP data network through said wireless network, wherein said first security controller is capable of receiving at least one of said plurality of IP data packets and replacing an original IP packet header of said at least one IP data packet with a replacement IP packet header comprising an IP address of a selected one of at least one provisioning server coupled to said IP data network and controlled by an operator of said wireless network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The wireless network as set forth in claim 9 further comprising a second security controller capable of determining that said first mobile station is unprovisioned.
  - 11. The wireless network as set forth in claim 10 wherein said second security controller is disposed in said protocol conversion controller.
  - 12. The wireless network as set forth in claim 10 wherein said second security controller is disposed in said first security controller.
  - 13. The wireless network as set forth in claim 10 wherein said second security controller determines that said first mobile station is unprovisioned according to one of:
14. The wireless network as set forth in claim 9 wherein said first security controller selects said at least one provisioning server by selecting said IP address in said replacement IP packet header according to a load spreading algorithm.
15. The wireless network as set forth in claim 14 further comprising a memory associated with said first security controller capable of storing load statistics associated with said at least one provisioning server.
16. The wireless network as set forth in claim 15 wherein said first security controller selects a least busy one of said at least one provisioning server according to said load statistics.

17. For use in an interworking function unit associated with a wireless network, the wireless network comprising a plurality of base stations capable of communicating with a plurality of mobile stations, a method of preventing unprovisioned mobile stations from accessing an Internet protocol (IP) data network coupled to the wireless network, the method comprising the steps of:
- receiving from the wireless network a first plurality of data packets, wherein the first plurality of data packets are generated by a first one of the plurality of mobile stations and are formatted according to a first protocol associated with the wireless network;
  
  converting the first plurality of data packets to a plurality of IP data packets formatted according to an Internet protocol associated with the IP data network; and
  
  replacing an original IP packet header of at least one IP data packet with a replacement IP packet header comprising an IP address of a selected one of at least one provisioning server coupled to the IP data network and controlled by an operator of the wireless network.
- View Dependent Claims (18, 19, 20)
- - 18. The method as set forth in claim 17 including the further step of selecting the at least one provisioning server by selecting the IP address in the replacement IP packet header according to a load spreading algorithm.
  - 19. The method as set forth in claim 18 wherein the step of selecting selects a least busy one of the at least one provisioning server.
  - 20. The method as set forth in claim 17 including the further step of determining whether the first mobile station is provisioned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Moles, Bryan J., Herle, Sudhindra P.
Primary Examiner(s)
Nguyen, Steven
Assistant Examiner(s)
SHAND, ROBERTA A

Application Number

US09/501,468
Time in Patent Office

1,644 Days
Field of Search

370/310.1, 370/310.2, 370/328, 370/331, 370/338, 370/352, 370/389, 370/392, 370/461, 370/466, 455/422.1, 455/426, 455/435.1, 455/445, 455/455, 455/502, 455/554, 455/555, 455/490, 713/201
US Class Current

370/392
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 67/04   specially adapted for termi...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 88/16   Gateway arrangements

System and method for secure provisioning of a mobile station from a provisioning server using IWF-based IP address translation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure provisioning of a mobile station from a provisioning server using IWF-based IP address translation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links