Adapting network policies based on device service processor configuration

US 8,832,777 B2
Filed: 09/20/2011
Issued: 09/09/2014
Est. Priority Date: 03/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method performed by a network system, the method comprising:

receiving a device credential from an end-user device communicatively coupled to the network system over a wireless access network;

obtaining a service policy based at least in part on the device credential, the service policy being applicable to the end-user device;

obtaining service processor authentication information associated with a service processor on the end-user device, the service processor comprising one or more device agents at least assisting to implement the service policy; and

using the service processor authentication information, facilitating execution of an end-user device service processor authentication procedure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system, comprising a communication interface enabling the network system to communicate with an end-user device over a wireless access network, and one or more network elements configured to receive a device credential from the end-user device, obtain a service policy based at least in part on the device credential, the service policy being applicable to the end-user device, obtain service processor authentication information associated with a service processor on the end-user device, and using the service processor authentication information, facilitate execution of an end-user device service processor authentication procedure.

874 Citations

33 Claims

1. A method performed by a network system, the method comprising:
- receiving a device credential from an end-user device communicatively coupled to the network system over a wireless access network;
  
  obtaining a service policy based at least in part on the device credential, the service policy being applicable to the end-user device;
  
  obtaining service processor authentication information associated with a service processor on the end-user device, the service processor comprising one or more device agents at least assisting to implement the service policy; and
  
  using the service processor authentication information, facilitating execution of an end-user device service processor authentication procedure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. The method recited in claim 1, wherein the network system comprises an authentication, authorization, and accounting (AAA) server, a home location register (HLR), a policy charging and rules function (PCRF), an access network authentication system, an admission system, a log-in system, or a combination of these.
  - 3. The method recited in claim 1, wherein the network system comprises a service controller, a gateway, a router, a gateway general packet radio service (GPRS) support node (GGSN), a serving GPRS support node (SGSN), a proxy, a charging element, a notification trigger element, or a combination of these.
  - 4. The method recited in claim 1, wherein facilitating execution of the end-user device service processor authentication procedure comprises verifying that the service processor is present and configured in an expected manner.
  - 5. The method recited in claim 1, further comprising executing a first portion of the service policy when the end-user device service processor authentication procedure is successful.
  - 6. The method recited in claim 5, further comprising executing a second portion of the service policy when the end-user device service processor authentication procedure is unsuccessful.
  - 7. The method recited in claim 1, wherein the device credential comprises information from a subscriber identity module (SIM) card, information from a soft SIM, information from a universal SIM, an international mobile subscriber identity (IMSI), a wireless modem identifier, a phone number, an international mobile equipment identity (IMEI), a mobile equipment identifier (MEID), a media access control (MAC) address, an Internet protocol (IP) address, a device identifier, an encryption key, or a combination of these.
  - 8. The method recited in claim 1, wherein the device credential is a first device credential, and wherein the end-user device is a first end-user device, and wherein the service policy is a first access network control policy, and further comprising:
    - associating first device credential with the first end-user device;
      
      determining whether a second device credential, associated with an authenticating end-user device, is the first device credential;
      
      determining whether the authenticating end-user device is the first end-user device;
      
      enforcing the first access network control policy when the second device credential is the first device credential and the authenticating end-user device is the first end-user device; and
      
      enforcing a second access network control policy when the second device credential is not the first device credential or the authenticating end-user device is not the first end-user device.
  - 9. The method recited in claim 8, wherein the second access network control policy differs from the first access network control policy in a network access privilege, an allowable network destination, a service usage accounting or billing policy, a service usage rate, a service speed or quality, an allowed access network, a user notification, a roaming policy or permission, an operation of the end-user device, or a combination of these.
  - 10. The method recited in claim 1, wherein the service processor comprises a client configured to implement at least a portion of the service policy.
  - 11. The method recited in claim 1, wherein the service policy comprises a control policy, a service usage limit, an accounting policy, a billing policy, a notification policy, or a combination of these.
  - 12. The method recited in claim 8, wherein enforcing the second access network control policy comprises suspending or blocking network access by the authenticating end-user device.
  - 13. The method recited in claim 5, wherein executing the first portion of the service policy comprises sending the first portion of the service policy to the service processor.
  - 14. The method recited in claim 6, wherein the second portion of the service policy differs from the first portion of the service policy in a network access privilege, an allowable network destination, a service usage accounting or billing policy, a service usage rate, a service speed or quality, an allowed access network, a user notification, a roaming policy or permission, an effect on a device operation, or a combination of these.
  - 15. The method recited in claim 1, further comprising:
    - receiving a data usage report associated with the end-user device from a good customer feedback source; and
      
      based on the data usage report, adjusting a user account, the user account being associated with the end-user device.
  - 16. The method recited in claim 1, further comprising:
    - receiving a device data usage report from the end-user device;
      
      obtaining a trusted data usage report associated with the end-user device; and
      
      reconciling the device data usage report and the trusted data usage report.
  - 17. The method recited in claim 16, wherein obtaining the trusted data usage report comprises obtaining the trusted data usage report from a network element.
  - 18. The method recited in claim 16, wherein obtaining the trusted data usage report comprises obtaining the trusted data usage report from a software or firmware agent in a secure execution environment on the end-user device.
  - 19. The method recited in claim 16, wherein obtaining the trusted data usage report comprises obtaining the trusted data usage report is from a good customer feedback source.
  - 20. The method recited in claim 19, wherein the good customer feedback source comprises a website or server that tracks a number of visits by the end-user device, a number of transactions associated with the end-user device, an amount of business generated in association with the end-user device, an amount of data communicated by or to the end-user device, a measure of an interaction by the end-user device with the website or server, or a combination of these.
  - 21. The method recited in claim 16, wherein the trusted data usage report comprises a flow data record.
  - 22. The method recited in claim 16, further comprising adjusting a user account associated with the end-user device based on reconciling the device data usage report and the trusted data usage report.
  - 23. The method recited in claim 1, further comprising:
    - detecting a service usage indication associated with the end-user device;
      
      detecting a specified condition; and
      
      declaring a service processor integrity violation based on detecting the specified condition.
  - 24. The method recited in claim 23, wherein the specified condition comprises that the service processor does not communicate with the network system within a predetermined amount of time after the network system detects the service usage indication.
  - 25. The method recited in claim 23, wherein the specified condition comprises that the network system is unable to complete the end-user device service processor authentication procedure.
  - 26. The method recited in claim 23, wherein the service usage indication is a first service usage indication, and further comprising receiving a second service usage indication from the service processor, and wherein the specified condition comprises that the second service usage indication and the first service usage indication are inconsistent.
  - 27. The method recited in claim 23, wherein the service usage indication is a first service usage indication, and further comprising receiving a second service usage indication from the service processor, and wherein the specified condition comprises that either the first service usage indication or the second service usage indication is inconsistent with the service policy.
  - 28. The method recited in claim 16, wherein the device data usage report indicates usage associated with a classification, the classification being one or more device applications, one or more network destinations, one or more network types, one or more sponsored services, one or more background activities, one or more operating system (OS) programs, one or more OS libraries, one or more OS functions, or a combination of these.
  - 29. The method recited in claim 16, wherein the trusted data usage report indicates usage associated with a classification, the classification being one or more device applications, one or more network destinations, one or more network types, one or more sponsored services, one or more background activities, one or more operating system (OS) programs, one or more OS libraries, one or more OS functions, or a combination of these.
  - 30. The method recited in claim 23, wherein the service usage indication comprises a start accounting message, a stop accounting message, a charging data record, a flow data record, a service usage measure, or a combination of these.
  - 31. The method recited in claim 16, wherein the device data usage report comprises information identifying an application, an operating system (OS) function, an OS program, an OS library, a network resource, a web site, a network source, a network destination, a domain, a uniform resource locator (URL), an IP address, a port, a protocol, a socket tuple, a server, a network route, an access point name (APN), a gateway, a proxy, a content source, a sub-network, a quality-of-service (QoS) level, a content type, a background activity, or a combination of these.
  - 32. The method recited in claim 16, wherein the trusted data usage report comprises information identifying an application, an operating system (OS) function, an OS program, an OS library, a network resource, a web site, a network source, a network destination, a domain, a uniform resource locator (URL), an IP address, a port, a protocol, a socket tuple, a server, a network route, an access point name (APN), a gateway, a proxy, a content source, a sub-network, a quality-of-service (QoS) level, a content type, a background activity, or a combination of these.
  - 33. The method recited in claim 18, wherein the software or firmware agent is part of the service processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Headwater Research LLC (Greg Raleigh)
Original Assignee
Headwater Partners I LLC (Greg Raleigh)
Inventors
Raleigh, Gregory G., Lavine, James
Primary Examiner(s)
RUDY, ANDREW J

Application Number

US13/237,827
Publication Number

US 20120096513A1
Time in Patent Office

1,085 Days
Field of Search

709/203, 709/217, 709/223, 709/224, 709/219, 455/405, 455/406, 455/456.1, 455/414.1, 726/1, 726/2, 726/5, 726/6
US Class Current

726/1
CPC Class Codes

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 41/0816   the condition being an adap...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/5003   Managing SLA; Interaction b...

H04L 41/5025   by proactively reacting to ...

H04M 15/00   Arrangements for metering, ...

H04M 15/58   based on statistics of usag...

H04M 2215/0188   Network monitoring; statist...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 24/10   Scheduling measurement repo...

H04W 4/24   Accounting or billing

H04W 8/18   Processing of user or subsc...

Adapting network policies based on device service processor configuration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

874 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Adapting network policies based on device service processor configuration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

874 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links