Method and system for bearer authorization in a wireless communication network

US 7,506,362 B2
Filed: 06/27/2001
Issued: 03/17/2009
Est. Priority Date: 06/27/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

creating an authorization binding information in a control function of an application layer of a wireless communication network;

allocating a control function identifier representative of the actual address of the control function in the wireless communication network and incorporating the identifier into the authorization binding information;

transmitting a created authorization binding information to a terminal device having access to the wireless communication network; and

carrying out the bearer authorization for the terminal device through a transport layer of the wireless communication network by deriving the actual address of the control function from which the authorization binding information has originated in the wireless communication network based on the control function identifier included in the authorization binding information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method and a system for bearer authorization in a wireless communication network, including the creation of an authorization binding information (AUTN) in a control function (PCF) of an application layer of the wireless communication network, the allocation of a control function identifier representative of the actual address of the control function in the wireless communication network and incorporating said identifier into the authorization binding information, the transmission of the so created authorization binding information to a terminal device (UE) having access to the wireless communication network, and the bearer authorization proceeding from the terminal device through a transport layer of the wireless communication layer by deriving the actual address of the control function from which the authorization binding function has originated based on the control function identifier included in the authorization binding information. In this manner, inherent security risks involved in sending the actual control function address to a terminal device or User Equipment are eliminated, and the authorization binding information is reduced in size.

12 Citations

43 Claims

1. A method, comprising:
- creating an authorization binding information in a control function of an application layer of a wireless communication network;
  
  allocating a control function identifier representative of the actual address of the control function in the wireless communication network and incorporating the identifier into the authorization binding information;
  
  transmitting a created authorization binding information to a terminal device having access to the wireless communication network; and
  
  carrying out the bearer authorization for the terminal device through a transport layer of the wireless communication network by deriving the actual address of the control function from which the authorization binding information has originated in the wireless communication network based on the control function identifier included in the authorization binding information.

2. A system, comprising:
- means for creating an authorization binding information in a control function provided in an application layer of a wireless communication network;
  
  means for allocating a control function identifier representative of the actual address of the control function in the wireless communication network and for incorporating the identifier into the authorization binding information;
  
  means for transmitting a created authorization binding information to a terminal device having access to the wireless communication network; and
  
  means for carrying out the bearer authorization for the terminal device through a transport layer of the wireless communication network by deriving the actual address of the control function from which the authorization binding information has originated in the wireless communication network based on the control function identifier included in the authorization binding information.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. A system according to claim 2, wherein:
    - the identifier is a numerical integer value selected from a predetermined range of values.
  - 4. A system according to claim 2, wherein:
    - the authorization binding information comprises an authorization token the creation of which is initiated by a proxy call state control function in a core network transmitting authorization information to one of a plurality of policy control functions in the wireless communication network.
  - 5. A system according to claim 4, wherein:
    - the policy control function sends the created authorization token back to the proxy call state control function, the proxy call state control function forwards the token to the terminal device, the terminal device passes the token to a serving general packet radio service support node within the core network, and the serving general packet radio service support node passes the token to a gateway general packet radio service support node within the core network.
  - 6. A system according to claim 5, wherein:
    - the gateway general packet radio service support node derives the actual policy control function address in the wireless communication network from the policy control function identifier included in the authorization token and requests authorization from the policy control function having the derived actual address.
  - 7. A system according to claim 6, wherein:
    - the gateway general packet radio service support node carrying out the address derivation using an access point specific list of policy control function identifiers and corresponding addresses.

8. A system, comprising:
- device configured to create an authorization binding information in a control function provided in an application layer of a wireless communication network;
  
  device configured to allocate a control function identifier representative of the actual address of the control function in the wireless communication network and for incorporating the identifier into the authorization binding information;
  
  device configured to transmit a created authorization binding information to a terminal device having access to the wireless communication network; and
  
  device configured to carry out the bearer authorization for the terminal device through a transport layer of the wireless communication network by deriving the actual address of the control function from which the authorization binding information has originated in the wireless communication network based on the control function identifier included in the authorization binding information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system according to claim 8, wherein:
    - the identifier is a numerical integer value selected from a predetermined range of values.
  - 10. The system according to claim 8, wherein:
    - the authorization binding information comprises an authorization token the creation of which is initiated by a proxy call state control function in a core network transmitting authorization information to one of a plurality of policy control functions in the wireless communication network.
  - 11. The system according to claim 8, wherein:
    - the policy control function is configured to send the created authorization token back to the proxy call state control function, the proxy call state control function forwards the token to the terminal device, the terminal device passes the token to a serving general packet radio service support node within the core network, and the serving general packet radio service support node passes the token to a gateway general packet radio service support node within the core network.
  - 12. The system according to claim 8, wherein:
    - the gateway general packet radio service support node is configured to derive the actual policy control function address in the wireless communication network form the policy control function identifier included in the authorization token and requests authorization from the policy control function having the derived actual address.
  - 13. The system according to claim 12, wherein:
    - the gateway general packet radio service support node is configured to carry out the address derivation using an access point specific list of policy control function identifiers and corresponding addresses.

14. An apparatus, comprising:
- means for receiving from a wireless communication network an authorization binding information with a control function identifier representative of an actual address of a control function of an application layer of said wireless communication network; and
  
  means for dispatching said authorization binding information with said control function identifier through a transport layer to said wireless communication network during bearer establishment,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

15. An apparatus, comprising:
- means for carrying out a bearer authorization for a terminal device through a transport layer of a wireless communication network; and
  
  means for deriving an actual address of a control function of an application layer of said wireless communication network, from which an authorization binding information has originated in said wireless communication network based on a control function identifier included in a received authorization binding information,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

16. An apparatus, comprising:
- means for creating an authorization binding information in a control function of an application layer of a wireless communication network;
  
  means for allocating a control function identifier representative of an actual address of said control function in said wireless communication network and for incorporating said identifier into said authorization binding information; and
  
  means for transmitting a created authorization binding information to a terminal device having access to said wireless communication network.

17. An apparatus, comprising:
- a receiver configured to receive from a wireless communication network an authorization binding information with a control function identifier representative of an actual address of a control function of an application layer of said wireless communication network; and
  
  a dispatcher configured to dispatch said authorization binding information with said control function identifier through a transport layer to said wireless communication network during a bearer establishment,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. An apparatus according to claim 17, wherein the control function identifier is configured to take a numerical integer value selected from a predetermined range of values.
  - 19. An apparatus according to claim 17, wherein the authorization binding information comprises an authorization token, the creation of which is initiated by transmitting authorization information from a proxy call state control function in the wireless communication network to one of a plurality of policy control functions in the wireless communication network.
  - 20. An apparatus according to claim 19, wherein the authorization token is sent to the proxy call state control function and forwarded by the proxy call state control function to a terminal device.
  - 21. An apparatus according to claim 17, wherein the authorization binding information is received from a terminal device by a node in the transport layer.
  - 22. An apparatus according to claim 21, wherein the node is a serving general packet radio service node, and the authorization binding information is further passed from the serving general packet radio service node to a gateway general packet radio service support node in the transport layer.
  - 23. An apparatus according to claim 21, wherein the node is configured to derive the actual control function address in the wireless communication network from the control function identifier incorporated in the authorization binding information.
  - 24. An apparatus according to claim 23, wherein the node is configured to request authorization from the control function comprising the derived actual address.
  - 25. An apparatus according to claim 23, wherein the node is configured to carry out the address derivation using an access point specific list of control function identifiers and corresponding addresses.

26. An apparatus, comprising:
- a bearer authorizer configured to carry out a bearer authorization for a terminal device through a transport layer of a wireless communication network by deriving an actual address of a control function of an application layer of said wireless communication network, from which an authorization binding information has originated in said wireless communication network based an a control function identifier included in a received authorization binding information,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

27. An apparatus, comprising:
- a creator configured to create an authorization binding information in a control function of an application layer of a wireless communication network;
  
  an allocator configured to allocate a control function identifier representative of an actual address of said control function in said wireless communication network and to incorporate said identifier into said authorization binding information; and
  
  a transmitter configured to transmit a created authorization binding information to a terminal device having access to said wireless communication network.

28. A computer program product embodied on a computer readable medium, said computer program product is configured to performa process comprising:
- receiving from a wireless communication network an authorization binding information with a control function identifier representative of an actual address of a control function of an application layer of said wireless communication network; and
  
  dispatching said authorization binding information with said control function identifier through a transport layer to said wireless communication network during bearer establishment,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

29. A computer program product embodied on a computer readable medium, said computer program product being configured to perform a process comprising:
- carrying out a bearer authorization for a terminal device through a transport layer of a wireless communication network by deriving an actual address of a control function of an application layer of said wireless communication network, from which an authorization binding information has originated in said wireless communication network based an a control function identifier included in a received authorization binding information,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

30. A computer program product embodied on a computer readable medium, said computer program product being configured to perform a process comprising:
- creating an authorization binding information in a control function of an application layer of a wireless communication network;
  
  allocating a control function identifier representative of an actual address of a control function in said wireless communication network and incorporating said identifier into said authorization binding information; and
  
  transmitting a created authorization binding information to a terminal device having access to said wireless communication network.

31. A method, comprising:
- creating an authorization binding information in a control function of an application layer of a wireless communication network;
  
  allocating a control function identifier representative of an actual address of the control function in wireless communication network and incorporating the identifier into the authorization binding information; and
  
  transmitting a created authorization binding information to a terminal device having access to the wireless communication network.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. A method according to claim 31, wherein:
    - the identifier takes a numerical integer value selected from a predetermined range of values.
  - 33. A method according to claim 31, wherein:
    - the authorization binding information comprises an authorization token, the creation of which is initiated by transmitting authorization information from a proxy call state control function in the wireless communication network to one of a plurality of policy control functions in the wireless communication network.
  - 34. A method according to claim 33, wherein:
    - the created authorization token is sent to the proxy call state control function and forwarded by the proxy call state control function to the terminal device.
  - 35. A method according to claim 31, wherein:
    - the authorization binding information is received from the terminal device by a node in the transport layer.
  - 36. A method according to claim 35, wherein:
    - the node is a serving general packet radio service support node, and the authorization binding information is further passed from the serving general packet radio service support node to a gateway general packet radio service support node in the transport layer.
  - 37. A method according to claim 35, wherein:
    - the node derives the actual control function address in the wireless communication network from the control function identifier incorporated in the authorization binding information.
  - 38. A method according to claim 37, wherein:
    - the node requests authorization from the control function having the derived actual address.
  - 39. A method according to claim 37, wherein:
    - the address derivation is carried out by the node using an access point specific list of control function identifiers and corresponding addresses.
  - 40. A method according to claim 39, wherein:
    - gateway general packet radio service support node derives the actual policy control function address in the wireless communication network from the policy control function identifier included in the authorization token and requests authorization from the policy control function having the derived actual address.
  - 41. A method according to claim 40, wherein:
    - the address derivation is carried out by the gateway general packet radio service support node using an access point specific list of policy control function identifiers and corresponding addresses.

42. A method, comprising:
- carrying out a bearer authorization for a terminal device through a transport layer of a wireless communication network by deriving an actual address of a control function of an application layer of said wireless communication network, from which an authorization binding information has originated in the wireless communication network based on a control function identifier included in a received authorization binding information,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

43. A method, comprising:
- receiving from a wireless communication network an authorization binding information with a control function identifier representative of an actual address of a control function of an application layer of said wireless communication network; and
  
  dispatching said authorization binding information with said control function identifier through a transport layer to said wireless communication network during a bearer establishment,wherein said authorization binding information is created in said control function and said identifier is incorporated into said authorization binding information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Solutions and Networks US LLC (Nokia Corporation)
Inventors
Hurtta, Tuija
Primary Examiner(s)
Revak, Christopher A

Application Number

US10/344,104
Publication Number

US 20040073686A1
Time in Patent Office

2,820 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

H04L 63/08 for authentication of entit...

Method and system for bearer authorization in a wireless communication network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

43 Claims

Specification

Use Cases

Quick Links

Others

Method and system for bearer authorization in a wireless communication network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

43 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others