Method and apparatus for securing communication between an access point and a network controller

US 8,073,428 B2
Filed: 09/22/2007
Issued: 12/06/2011
Est. Priority Date: 09/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method of securing communication between an access point that operates using licensed wireless frequencies covering a short-range distance and a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the network controller and the access point, the network controller for communicatively coupling the access point to the core network, the method comprising:

at the access point, establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is sent from a plurality of user equipments (UEs) to the access point over a wireless air interface;

after establishing the particular secure tunnel, intercepting a plurality of initial non access stratum (NAS) messages at the access point, each initial NAS message sent from one of the plurality of UEs towards the core network; and

in response to intercepting each particular initial NAS message, communicatively coupling a UE corresponding to the particular initial NAS message to the network controller using the particular secure tunnel,wherein the plurality of UEs are communicatively coupled to the access point through the wireless air interface.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments are implemented in a communication system that includes a first wireless communication system and a second wireless communication system that includes a Femtocell access point (FAP) and a network controller that can communicatively couple the FAP to the first wireless communication system. In some embodiments, the network controller can communicatively couple to the first wireless communication system through a UTRAN Iu interface. In some embodiments, the FAP can communicatively couple to a user equipment using a short-range licensed wireless frequency. Some embodiments provide method of securing communication between the FAP and the network controller. The method establishes a secure tunnel between the FAP and the network controller. The method communicatively couples the FAP and several user equipments (UEs) to the network controller by using the secure tunnel. The UEs are communicatively coupled to the FAP through an air interface.

418 Citations

21 Claims

1. A method of securing communication between an access point that operates using licensed wireless frequencies covering a short-range distance and a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the network controller and the access point, the network controller for communicatively coupling the access point to the core network, the method comprising:
- at the access point, establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is sent from a plurality of user equipments (UEs) to the access point over a wireless air interface;
  
  after establishing the particular secure tunnel, intercepting a plurality of initial non access stratum (NAS) messages at the access point, each initial NAS message sent from one of the plurality of UEs towards the core network; and
  
  in response to intercepting each particular initial NAS message, communicatively coupling a UE corresponding to the particular initial NAS message to the network controller using the particular secure tunnel,wherein the plurality of UEs are communicatively coupled to the access point through the wireless air interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the secure tunnel is an IPSec tunnel.
  - 3. The method of claim 1, wherein the plurality of UEs are communicatively coupled to the access point using a licensed wireless frequency.
  - 4. The method of claim 1, wherein the network controller is communicatively coupled to the core network through a universal mobile telecommunication system (UMTS) terrestrial radio access network (UTRAN) Iu interface.
  - 5. The method of claim 1 further comprising routing messages received from the plurality of UEs over the wireless air interface to the network controller over the particular secure tunnel.
  - 6. The method of claim 1, wherein the access point is a Femtocell access point (FAP).
  - 7. The method of claim 6, wherein the second communication system is a Femtocell communication system.
  - 8. The method of claim 1, wherein said access point produces a service region of the second communication system with a short-range distance of tens of meters, wherein said service region is smaller than a macro cell service region of the licensed radio access network.

9. A method of securing communication between an access point that operates using licensed wireless frequencies covering a short-range distance and a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the network controller and the access point, the network controller for communicatively coupling the access point to the core network, the method comprising:
- at the access point, establishing a particular secure tunnel between the access point and the network controller to protect user plane traffic between the access point and the network controller, wherein said user plane traffic is sent from a plurality of user equipments (UEs) to the access point over a wireless air interface;
  
  after establishing the particular secure tunnel, intercepting a plurality of initial non access stratum (NAS) messages at the access point, each initial NAS message sent from one of the plurality of UEs towards the core network; and
  
  in response to intercepting each particular initial NAS message, communicatively coupling a UE corresponding to the particular initial NAS message to the network controller using the particular secure tunnel,wherein the plurality of UEs are communicatively coupled to the access point through the wireless air interface.
- View Dependent Claims (10)
- - 10. The method of claim 9, wherein the plurality of UEs are communicatively coupled to the access point using a licensed wireless frequency.

11. A non-transitory computer readable storage medium storing a computer program for execution by an access point that operates using licensed wireless frequencies covering a short-range distance, the computer program for securing communications with a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and the network controller, the network controller for communicatively coupling the access point to the core network, the computer program comprising:
- a set of instructions for establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is exchanged between a plurality of user equipments (UEs) and the access point over a wireless air interface;
  
  a set of instructions for intercepting a plurality of non access stratum (NAS) messages sent from the plurality of UEs towards the core network;
  
  a set of instructions for communicatively coupling the plurality of UEs to the network controller using the particular secure tunnel in response to intercepting the NAS messages from the plurality of UEs; and
  
  a set of instructions for communicatively coupling the plurality of UEs to the access point through said licensed wireless frequencies.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer readable storage medium of claim 11, wherein the secure tunnel is an IPSec tunnel.
  - 13. The non-transitory computer readable storage medium of claim 11, wherein the network controller is communicatively coupled to the core network through a universal mobile telecommunication system (UMTS) terrestrial radio access network (UTRAN) Iu interface.
  - 14. The non-transitory computer readable storage medium of claim 11, wherein the computer program further comprises a set of instructions for routing messages received from the plurality of UEs over the wireless air interface to the network controller over the particular secure tunnel.

15. A non-transitory computer readable storage medium storing a computer program for execution by an access point that operates using licensed wireless frequencies covering a short-range distance, the computer program for securing communications with a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and the network controller, the network controller for communicatively coupling the access point to the core network, the computer program comprising:
- a set of instructions for establishing a particular secure tunnel between the access point and the network controller to protect user plane traffic between the access point and the network controller, wherein said user plane traffic is sent from a plurality of user equipments (UEs) to the access point over a wireless air interface;
  
  a set of instructions for intercepting a plurality of non access stratum (NAS) messages sent from the plurality of UEs towards the core network;
  
  a set of instructions for communicatively coupling the plurality of UEs to the network controller using the particular secure tunnel in response to intercepting the NAS messages from the plurality of UEs; and
  
  a set of instructions for communicatively coupling the plurality of UEs to the access point through said licensed wireless frequencies.

16. A non-transitory computer readable storage medium storing a computer program for execution by an access point that operates using licensed wireless frequencies covering a short-range distance, the computer program for securing communications with a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and the network controller, the network controller for communicatively coupling the access point to the core network, the computer program comprising:
- a set of instructions for establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is originated from the access point;
  
  a set of instructions for intercepting a plurality of non access stratum (NAS) messages sent from a plurality of user equipments (UEs) towards the core network;
  
  a set of instructions for communicatively coupling the plurality of UEs to the network controller using the particular secure tunnel in response to intercepting the NAS messages from the plurality of UEs; and
  
  a set of instructions for communicatively coupling the plurality of UEs to the access point through said licensed wireless frequencies.

17. A method of securing communication between an access point that operates using licensed wireless frequencies covering a short-range distance and a network controller in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the network controller and the access point, the network controller for communicatively coupling the access point to the core network, the method comprising:
- at the access point, establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is originated from the access point;
  
  after establishing the particular secure tunnel, intercepting a plurality of initial non access stratum (NAS) messages at the access point, each initial NAS message sent from one of a plurality of user equipments (UEs) towards the core network; and
  
  in response to intercepting each particular initial NAS message, communicatively coupling a UE corresponding to the particular initial NAS message to the network controller using the particular secure tunnel,wherein the plurality of UEs are communicatively coupled to the access point through a wireless air interface.

18. An access point that operates using licensed wireless frequencies with short-range coverage in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and a network controller, the network controller for communicatively coupling the access point to the core network, the access point comprising:
- a first module to implement protocols for facilitating communications with the network controller by establishing a particular secure tunnel between the access point and the network controller to protect user plane traffic between the access point and the network controller, wherein said user plane traffic is sent from a plurality of user equipments (UEs) to the access point over an air interface;
  
  a second module for intercepting a plurality of initial non access stratum (NAS) messages after the particular secure tunnel is established, each initial NAS message sent from one of the plurality of UEs towards the core network;
  
  a third module to implement protocols for facilitating communications with the plurality of UEs by communicatively coupling the UEs to the network controller using the particular secure tunnel; and
  
  electronic circuitry for implementing said first, second, and third modules.
- View Dependent Claims (19)
- - 19. The access point of claim 18, wherein the secure tunnel is an IPSec tunnel.

20. An access point that operates using licensed wireless frequencies with short-range coverage in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and a network controller, the network controller for communicatively coupling the access point to the core network, the access point comprising:
- a first module to implement protocols for facilitating communications with the network controller by establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is sent from a plurality of user equipments (UEs) to the access point over an air interface;
  
  a second module for intercepting a plurality of initial non access stratum (NAS) messages after the particular secure tunnel is established, each initial NAS message sent from one of the plurality of UEs towards the core network;
  
  a third module to implement protocols for facilitating communications with the plurality of UEs by communicatively coupling the UEs to the network controller using the particular secure tunnel; and
  
  electronic circuitry for implementing said first, second, and third modules.

21. An access point that operates using licensed wireless frequencies with short-range coverage in a communication system comprising (i) a first communication system comprising a core network and a licensed radio access network and (ii) a wireless second communication system comprising the access point and a network controller, the network controller for communicatively coupling the access point to the core network, the access point comprising:
- a first module to implement protocols for facilitating communications with the network controller by establishing a particular secure tunnel between the access point and the network controller to protect signaling traffic between the access point and the network controller, wherein said signaling traffic is originated from the access point;
  
  a second module for intercepting a plurality of initial non access stratum (NAS) messages after the particular secure tunnel is established, each initial NAS message sent from one of a plurality of user equipments (UEs) towards the core network, wherein the plurality of UEs are communicatively coupled to the access point using said licensed wireless frequencies;
  
  a third module to implement protocols for facilitating communications with a plurality of UEs by communicatively coupling the UEs to the network controller using the particular secure tunnel; and
  
  electronic circuitry for implementing said first, second, and third modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ribbon Communications Operating Company, Inc. (Ribbon Communications, Inc.)
Original Assignee
Kineto Wireless Incorporated (Ribbon Communications, Inc.)
Inventors
Khetawat, Amit, Markovic, Milan, Gallagher, Michael D., Tao, Patrick, Gupta, Rajeev
Primary Examiner(s)
Edouard, Patrick
Assistant Examiner(s)
PEREZ, JULIO R

Application Number

US11/859,770
Publication Number

US 20080076393A1
Time in Patent Office

1,536 Days
Field of Search

455/411, 455/439, 455/461, 370/252, 370/465, 370/328, 370/389, 370/342, 713/168, 713/176
US Class Current

455/411
CPC Class Codes

H04W 16/16   for PBS [Private Base Stati...

H04W 84/045   using private Base Stations...

H04W 88/08   Access point devices

H04W 92/12   between access points and a...

Method and apparatus for securing communication between an access point and a network controller

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

418 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for securing communication between an access point and a network controller

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

418 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others