Packet filtering for emergency service access in a packet data network communication system

US 7,539,186 B2
Filed: 03/31/2003
Issued: 05/26/2009
Est. Priority Date: 03/31/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method for communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:

receiving an emergency call attach request from the user device) the emergency call attach request including an identity for the user device;

determining whether the identity for the user device is a valid identity for the packet data network communication system;

in the event that the identity for the user device is not a valid identity for the packet data network communication system;

setting a level of service access for the user device to emergency service access only,granting the emergency call attach request,establishing a PDP context for an emergency call,assigning an interim IP address to the user device for emergency service access only, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for the emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one device used to provide communication for emergency services in response to the emergency call;

receiving data packets directed to the interim IP address while the PDP context for IP emergency call is active;

determining source IP addresses for the received data packets;

in the event that a received data packet includes a source IP address which corresponds to the at least one authorized IP address, routing the received data packet to the interim IP address;

in the event that a received data packet includes a source IP address which does not correspond to the at least one authorized IP address, redirecting the received data packet to a third party to thereby prohibit communication between the interim IP address and unauthorized source IP addresses while the PDP context for the emergency call is active; and

upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that the identity for the user device is not a valid identity for the packet data network communication system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus method of filtering packet data for an anonymous user device in a packet data network communication system includes a first step of initiating a call from an anonymous user device on a home network. A next step includes assigning an interim identity and interim IP address to the user device. A next step includes determining a level of service access of the data packets from the user device. A next step includes mapping the level of service access of the user device to the IP address. A next step includes defining permissible routing identities per the level of service access. A next step includes routing the data packets of the call along with the associated IP address to only those location addresses from the defining step.

Citations

22 Claims

1. A method for communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:
- receiving an emergency call attach request from the user device) the emergency call attach request including an identity for the user device;
  
  determining whether the identity for the user device is a valid identity for the packet data network communication system;
  
  in the event that the identity for the user device is not a valid identity for the packet data network communication system;
  
  setting a level of service access for the user device to emergency service access only,granting the emergency call attach request,establishing a PDP context for an emergency call,assigning an interim IP address to the user device for emergency service access only, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for the emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one device used to provide communication for emergency services in response to the emergency call;
  
  receiving data packets directed to the interim IP address while the PDP context for IP emergency call is active;
  
  determining source IP addresses for the received data packets;
  
  in the event that a received data packet includes a source IP address which corresponds to the at least one authorized IP address, routing the received data packet to the interim IP address;
  
  in the event that a received data packet includes a source IP address which does not correspond to the at least one authorized IP address, redirecting the received data packet to a third party to thereby prohibit communication between the interim IP address and unauthorized source IP addresses while the PDP context for the emergency call is active; and
  
  upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that the identity for the user device is not a valid identity for the packet data network communication system.
- View Dependent Claims (2, 3, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the at least one authorized IP address is limited to IP addresses corresponding to emergency call centers.
  - 3. The method of claim 1, wherein the step of assigning comprises:
    - assigning an interim IP address to the user device from a stored list of interim IP addresses.
  - 5. The method of claim 1, wherein the identity for the user device includes at least part of an International Mobile Equipment Identity (IMEI) code stored within the user device.
  - 6. The method of claim 1, wherein the packet data network communication system utilizes a General Packet Radio Service (GPRS) protocol and wherein an Emergency Packet Data Network (E-PDN) isolates emergency traffic from non emergency traffic in the packet data network communication system.
  - 7. The method of claim 1, further comprising:
    - receiving additional data packets from the user device while the PDP context for the emergency call is active;
      
      determining destination IP addresses forte additional received data packets;
      
      in the event that an additional received data packet includes a destination IP address which corresponds to the at least one authorized IP address, routing the additional received data packet to the destination IP address; and
      
      in the event that an additional received data packet includes a destination IP address which does not correspond to the at least one authorized IP address, redirecting the additional received data packet to a third party to thereby prohibit communication between the interim IP address and unauthorized destination IP addresses while the PDP context for the emergency call is active.
  - 8. The method of claim 1, wherein the packet data network communication system utilizes a Universal Mobile Telephone Service (UMTS) protocol and wherein an Emergency Packet Data Network (E-PDN) isolates emergency traffic from non emergency traffic in the packet data network communication system.

4. A method for communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:
- receiving an emergency call attach request from the user device, the emergency call attach request including an identity for the user device;
  
  determining whether the identity for the user device is a valid identity for the packet data network communication system;
  
  in the event that the identity for the user device is not a valid identity for the packet data network communication system;
  
  setting a level of service access for the user device to emergency service access only,granting the emergency call attach request,establishing a PDP context for an emergency call,assigning an interim IP address to the user device for emergency service access only, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for The emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one device used to provide communication for emergency services in response to the emergency call;
  
  receiving data packets from the user device while the PDP context for the emergency call is active;
  
  determining destination IP addresses for the received data packets;
  
  in the event that a received data packet includes a destination IP address which corresponds to the at least one authorized IP address, routing the received data packet to the destination IP address;
  
  in the event that a received data packet includes a destination IP address which does not correspond to the at least one authorized IP address, blocking the received data packet from being delivered to the destination IP address to thereby prohibit communication between the interim IP address and unauthorized destination IP addresses while the PDP context for the emergency call is active; and
  
  upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that the identity for the user device is not a valid identity for the packet data network communication system.
- View Dependent Claims (9)
- - 9. The method of claim 4, further comprising:
    - receiving additional data packets directed to the interim IP address while the PDP context for the emergency call is active;
      
      determining source IP addresses for the additional received data packets;
      
      in the event that an additional received data packet includes a source IP address which corresponds to the at least one authorized IP address, routing the additional received data packet to the interim IP address; and
      
      in the event that an additional received data packet includes a source IP address which does not correspond to the at least one authorized IP address, blocking the additional received data packet from being delivered to the interim IP address to thereby prohibit communication between the interim IP address and unauthorized source IP addresses while the PDP context for the emergency call is active.

10. A method for communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:
- receiving an emergency call attach request from the user device, the emergency call attach request including an identity for the user device;
  
  determining whether the identity for the user device is a valid identity for the packet data network communication system;
  
  in the event that the identity for the user device is not a valid identity for the packet data network communication system;
  
  setting a level of service access for the user device to emergency service access only,granting the emergency call attach request,establishing a PDP context for an emergency call,assigning an interim IP address to the user device for emergency service access only, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for the emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one device used to provide communication for emergency services in response to the emergency call;
  
  receiving data packets from the user device while the PDP context for the emergency call is active;
  
  determining destination IP addresses for the received data packets;
  
  in the event that a received data packet includes a destination IP address which corresponds to the at least one authorized IP address, routing the received data packet to the destination IP address;
  
  in the event that a received data packet includes a destination IP address which does not correspond to the at least one authorized IP address, redirecting to a third party the received data packet to thereby prohibit communication between the interim IP address and unauthorized destination IP addresses while the PDP context for the emergency call is active; and
  
  upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that The identity (hr the user device is not a valid identity for the packet data network communication system.

11. A method for communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:
- receiving an emergency call attach request from the user device, the emergency call attach request including an identity for the user device;
  
  determining whether the identity for the user device is a valid identity for the packet data network communication system;
  
  in the event that the identity for the user device is not a valid identity for the packet data network communication system;
  
  setting a level of service access for the user device to emergency service access only,granting the emergency call attach request,establishing a PDP context for an emergency call,assigning an interim IP address to the user device for emergency service access only, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for the emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one device used to provide communication for emergency services in response to the emergency call;
  
  receiving data packets directed to the interim IP address while the PDP context for the emergency call is active;
  
  determining source IP addresses for the received data packets;
  
  in the event that a received data packet includes a source IP address which corresponds to the at least one authorized IP address, routing the received data packet to the interim IP address;
  
  in the event that a received data packet includes a source IP address which does not correspond to the at least one authorized IP address, blocking the received data packet from being delivered to the interim IP address to thereby prohibit communication between the interim IP address and unauthorized source IP addresses while the PDP context for the emergency call is active; and
  
  upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that the identity for the user device is not a valid identity for the packet data network communication system.

12. A method of communicating data packets for an anonymous user device in a packet data network communication system, the method comprising:
- receiving an emergency call attach request from the user device, the emergency call attach request including an identity for the user device;
  
  determining whether the identity for the user device is a valid identity for the packet data network communication system;
  
  in the event that the identity for the user device is not a valid identity for the packet data network communication system;
  
  granting the emergency call after each request,requesting and receiving an interim identity from the user device, the interim identity having been generated by the user device,establishing a PDP context for an emergency call,setting a level of service access for the user device to emergency service access only,assigning an interim IP address to the user device for emergency service access only,associating the interim IP address with the interim identity generated by the user device,mapping the level of service access of the user device to the interim IP address, anddetermining at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active, wherein the PDP context for the emergency call remains active through a predetermined callback period and wherein the at least one authorized IP address corresponds to at least one emergency calling center;
  
  receiving data packets directed to the interim IP address while the PDP context for the emergency call is active;
  
  determining source IP addresses for the received data packets;
  
  in the event that a received data packet includes a source IP address which corresponds to an IP address of an emergency calling center, routing the received data packets to the interim IP address;
  
  in the event that a received data packet includes a source IP address which does not correspond to an IP address of an emergency calling center, restricting delivery of the received data packets to the interim IP address to thereby prohibit communication between the interim IP address and unauthorized source IP addresses while the PDP context for the emergency call is active;
  
  receiving additional data packets from the user device while the PDP context for the emergency call is active;
  
  determining destination IP addresses for the additional received data packets;
  
  in the event that an additional received data packet includes a destination IP address which corresponds to an IP address of an emergency calling center, routing the additional received data packets to the destination IP address;
  
  in the event that an additional received data packet includes a destination IP address which does not correspond to an IP address of an emergency calling center, restricting delivery of the additional received data packets to the destination IP address to thereby prohibit communication between the interim IP address and unauthorized destination IP addresses while the PDP context for the emergency call is active; and
  
  upon termination of the PDP context for the emergency call, prohibiting communication of data packets to or from the user device in the event that the identity for the user device is not a valid identity for the packet data network communication system.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the step of restricting delivery of the received data packets further comprises redirecting the received data packets for review by a third party.
  - 14. The method of claim 12, wherein the step of restricting delivery of the received data packets further comprises:
    - blocking the received data packets from being delivered to the interim IP address.
  - 15. The method of claim 12, further comprising:
    - determining a level of service for the received data packets; and
      
      blocking the received data packets from being delivered to the interim IP address in the event that the level of service for the received data packets is a level of service other than emergency service access.
  - 16. The method of claim 12, wherein the steps of routing the received data packets and restricting delivery of the received data packets are performed by a packet filter that is separate from a Gateway GPRS Service Node (GGSN) of the packet data network communication system.

17. A packet data communication system that facilitates emergency communications by an anonymous user device, the communication system comprising:
- a home packet data network operable to;
  
  receive an emergency call attach request from the user device,determine whether the emergency call attach request includes a valid identity of the user device for use on the home packet data network,request and receive an interim identity from the user device and set a level of service access for the user device to emergency service access only in the event that the emergency call attach request does not include a valid identity for use on the home packet data network,establish a PDP context for an emergency call responsive to the emergency call attach request wherein the PDP context for the emergency call remains active through a predetermined callback period, andprohibit communication of data packets to or from the user device upon termination of the PDP context for the emergency call in the event that the emergency call attach request does not include a valid identity for use on the home packet data network;
  
  an emergency packet data network coupled to the home packet data network, the emergency packet data network being operable to;
  
  assign an interim IP address to the user device for emergency service access only and associate the interim IP address with the interim identity of the user device,determine at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active,route to the at least one authorized IP address data packets that include the interim IP address and are received while the PDP context for the emergency call is active; and
  
  route to the interim IP address data packets that include the at least one authorized IP address and are received while the PDP context for the emergency call is active; and
  
  a packet filter coupled to at least one of the home packet data network and the emergency packet data network, the packet filter operable while the PDP context for the emergency call is active to pass only those data packets that include both the interim IP address and the at least one authorized IP address and to at least block all data packets that include the interim IP address but not the at least one authorized IP address to thereby prohibit communication between the interim IP address and unauthorized IP addresses while the PDP context for the emergency call is active.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The packet data communication system of claim 17, wherein the packet filter is further operable to redirect blocked data packets for review by a third party.
  - 19. The packet data communication system of claim 17, wherein the at least one authorized IP address corresponds to at least one emergency calling center.
  - 20. The packet data communication system of claim 17, wherein the home packet data network includes a Gateway GPRS Service Node (GGSN) mid wherein the packet filter is separate from the GGSN of the home packet data network.
  - 21. The packet data communication system of claim 17, wherein the home packet data network includes a Gateway GPRS Service Node (GGSN) mid wherein the emergency packet data network is contained within the GGSN of the home packet data network.

22. A packet data communication system that facilitates emergency communications, the communication system comprising:
- an anonymous user device;
  
  a home packet data network operable to;
  
  receive an emergency call attach request from the user device,determine whether the emergency call attach request includes a valid identity of the user device for use on the home packet data network,request and receive an interim identity from the user device and set a level of service access for the user device to emergency service access only in the event that the emergency call attach request does not include a valid identity for use on the home packet data network,establish a PDP context for an emergency call responsive to the emergency call attach request, wherein the PDP context for the emergency call remains active through a predetermined callback period, andprohibit communication of data packets to or from the user device upon termination of the PDP context for the emergency call in the event that the emergency call attach request does not include a valid identity for use on the home packet data network;
  
  an emergency packet data network coupled to the home packet data network, the emergency packet data network being operable to;
  
  assign an interim IP address to the user device for emergency service access only and associate the interim IP address with the interim identity of the user device,determine at least one authorized IP address that is permitted to send data packets to and receive data packets from the interim IP address while the PDP context for the emergency call is active,route to the at least one authorized IP address data packets that include the interim IP address and are received while the PDP context for the emergency call is active, androute to the interim IP address data packets that include the at least one authorized IP address and are received while the PDP context for the emergency call is active; and
  
  a packet filter coupled to at least one of the home packet data network and the emergency packet data network, the packet filter operable while the PDP context for the emergency call is active to pass only those data packets that include both the interim IP address and the at least one authorized IP address and to at least block all data packets that include the interim IP address but not the at least one authorized IP address to thereby prohibit communication between the interim IP address and unauthorized IP addresses while the PDP context for the emergency call is active.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Pecen, Mark E., Aerrabotu, Naveen, Zhao, Yilin
Primary Examiner(s)
LY, ANH VU H

Application Number

US10/403,946
Publication Number

US 20040190522A1
Time in Patent Office

2,248 Days
Field of Search

370/230, 370/231, 370/235, 370/310.1, 370/313, 370/328, 370/389, 370/392, 370/395.2, 455/403, 455/404, 455/405, 455/410, 455/411
US Class Current

370/389
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 61/50   Address allocation

H04L 63/0227   Filtering policies mail mes...

H04L 63/0421   Anonymous communication, i....

H04L 63/0853   using an additional device,...

H04W 4/90   Services for handling of em...

H04W 76/50   for emergency connections

H04W 8/26   Network addressing or numbe...

H04W 80/00   Wireless network protocols ...

Packet filtering for emergency service access in a packet data network communication system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Packet filtering for emergency service access in a packet data network communication system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links