Access management for wireless communication

US 9,167,505 B2
Filed: 10/06/2008
Issued: 10/20/2015
Est. Priority Date: 10/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method of communication, comprising:

receiving, at an access point, a message relating to a request by an access terminal to access the access point, wherein the message comprises an International Mobile Subscriber Identity (IMSI) associated with the access terminal;

sending, by the access point, the IMSI associated with the access terminal to a network node;

determining, by a hardware processor, a second identifier associated with the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another; and

determining whether the access terminal is allowed to receive service from the access point based on the second identifier and at least one identifier associated with the access point.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon.

Citations

77 Claims

1. A method of communication, comprising:
- receiving, at an access point, a message relating to a request by an access terminal to access the access point, wherein the message comprises an International Mobile Subscriber Identity (IMSI) associated with the access terminal;
  
  sending, by the access point, the IMSI associated with the access terminal to a network node;
  
  determining, by a hardware processor, a second identifier associated with the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another; and
  
  determining whether the access terminal is allowed to receive service from the access point based on the second identifier and at least one identifier associated with the access point.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the second identifier comprises a permanent identifier.
  - 3. The method of claim 1, wherein:
    - the second identifier identifies at least one closed subscriber group that the access terminal may access; and
      
      the at least one identifier associated with the access point comprises a closed subscriber group identifier associated with the access point.
  - 4. The method of claim 3, wherein the network node determines whether the closed subscriber group associated with the access point is on a list of identifiers associated with the access terminal.
  - 5. The method of claim 1, wherein the determination of the second identifier comprises receiving the second identifier identifying the plurality of access points from the network node.
  - 6. The method of claim 1, wherein:
    - the network node makes the determination of whether the access terminal is allowed to receive service from the access point;
      
      the message comprises a request from an access point for authenticating the access terminal; and
      
      the method further comprises sending, to the access point, a message indicative of the determination of whether the access terminal is allowed to receive service from the access point.
  - 7. The method of claim 1, wherein the access point makes the determination of whether the access terminal is allowed to receive service from the access point.
  - 8. The method of claim 7, wherein the at least one identifier associated with the access point is received from a network node.
  - 9. The method of claim 7, wherein the determination of whether the access terminal is allowed to receive service from the access point comprises:
    - sending the second identifier and the at least one identifier associated with the access point to a network node; and
      
      receiving, from the network node, an indication of whether the access terminal is allowed to receive service from the access point.
  - 10. The method of claim 1, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.
  - 11. The method of claim 1, wherein the plurality of access points further comprise at least one of a NodeB, an eNodeB, and a radio network controller (RNC).

12. An apparatus for communication, comprising:
- means for receiving, at an access point, a message relating to a request by an access terminal to access the access point, wherein the message comprises an International Mobile Subscriber Identity (IMSI) associated with the access terminal;
  
  means for sending, by the access point, the IMSI associated with the access terminal to a network node;
  
  means for determining, by a hardware processor, a second identifier associated with the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another; and
  
  means for determining whether the access terminal is allowed to receive service from the access point based on the second identifier and at least one identifier associated with the access point.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The apparatus of claim 12, wherein the second identifier comprises a permanent identifier.
  - 14. The apparatus of claim 12, wherein:
    - the second identifier identifies at least one closed subscriber group that the access terminal may access; and
      
      the at least one identifier associated with the access point comprises a closed subscriber group identifier associated with the access point.
  - 15. The apparatus of claim 12, wherein the determination of the second identifier comprises receiving the second identifier identifying the plurality of access points from the network node.
  - 16. The apparatus of claim 12, wherein:
    - the network node makes the determination of whether the access terminal is allowed to receive service from the access point;
      
      the message comprises a request from an access point for authenticating the access terminal; and
      
      the apparatus further comprising means for sending, to the access point, a message indicative of the determination of whether the access terminal is allowed to receive service from the access point.
  - 17. The apparatus of claim 12, wherein the access point makes the determination of whether the access terminal is allowed to receive service from the access point.
  - 18. The apparatus of claim 17, wherein the at least one identifier associated with the access point is received from a network node.
  - 19. The apparatus of claim 17, wherein the determination of whether the access terminal is allowed to receive service from the access point comprises:
    - sending the second identifier and the at least one identifier associated with the access point to a network node; and
      
      receiving, from the network node, an indication of whether the access terminal is allowed to receive service from the access point.
  - 20. The apparatus of claim 12, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

21. An apparatus for communication, comprising:
- a communication controller configured to receive a message relating to a request by an access terminal to access an access point, wherein the message comprises an International Mobile Subscriber Identity (IMSI) associated with the access terminal, wherein the communication controller is further configured to send the IMSI associated with the access terminal to a network node; and
  
  an access controller, comprising hardware, configured to determine a second identifier associated with the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another, and to determine whether the access terminal is allowed to receive service from the access point based on the second identifier and at least one identifier associated with the access point.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The apparatus of claim 21, wherein the second identifier comprises a permanent identifier.
  - 23. The apparatus of claim 21, wherein:
    - the second identifier identifies at least one closed subscriber group that the access terminal may access; and
      
      the at least one identifier associated with the access point comprises a closed subscriber group identifier associated with the access point.
  - 24. The apparatus of claim 21, wherein:
    - a network node makes the determination of whether the access terminal is allowed to receive service from the access point;
      
      the message comprises a request from an access point for authenticating the access terminal; and
      
      the communication controller is further configured to send, to the access point, a message indicative of the determination of whether the access terminal is allowed to receive service from the access point.
  - 25. The apparatus of claim 21, wherein the access point makes the determination of whether the access terminal is allowed to receive service from the access point.

26. A computer-program product, comprising:
- a non-transitory computer-readable medium comprising codes for causing a computer to;
  
  receive, at an access point, a message relating to a request by an access terminal to access the access point, wherein the message comprises an International Mobile Subscriber Identity (IMSI) associated with the access terminal;
  
  send, by the access point, the IMSI associated with the access terminal to a network node;
  
  determine a second identifier associated with the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another; and
  
  determine whether the access terminal is allowed to receive service from the access point based on the second identifier and at least one identifier associated with the access point.
- View Dependent Claims (27)
- - 27. The computer-program product of claim 26, wherein the second identifier comprises a permanent identifier.

28. A method of communication, comprising:
- receiving, by a network node comprising a hardware processor, a request from an access point for authenticating an access terminal; and
  
  sending, to the access point, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The method of claim 28, wherein the at least one identifier comprises a closed subscriber group identifier.
  - 30. The method of claim 28, further comprising determining the at least one identifier based on a permanent identifier associated with the access terminal, the method further comprising determining the permanent identifier based on a temporary identifier associated with the access terminal.
  - 31. The method of claim 30, wherein the determination of the permanent identifier comprises sending the temporary identifier to a network node and receiving the permanent identifier from the network node.
  - 32. The method of claim 28, further comprising receiving the at least one identifier to the access point.
  - 33. The method of claim 28, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.
  - 34. The method of claim 28, wherein the plurality of access points further comprise at least one of a NodeB, an eNodeB, and a radio network controller (RNC).

35. An apparatus for communication, comprising:
- means for receiving, at a network node, a request from an access point for authenticating an access terminal; and
  
  means for sending, to the access point, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The apparatus of claim 35, wherein the at least one identifier comprises a closed subscriber group identifier.
  - 37. The apparatus of claim 35, further comprising means for determining the at least one identifier based on a permanent identifier associated with the access terminal, and for determining the permanent identifier based on a temporary identifier associated with the access terminal.
  - 38. The apparatus of claim 37, wherein the determination of the permanent identifier comprises sending the temporary identifier to a network node and receiving the permanent identifier from the network node.
  - 39. The apparatus of claim 35, wherein the means for receiving is configured to receive the at least one identifier to the access point.
  - 40. The apparatus of claim 35, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

41. An apparatus for communication, comprising:
- a communication controller at a network node, comprising hardware, configured to receive a request from an access point for authenticating an access terminal; and
  
  an access controller configured to send, to the access point, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on a an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (42, 43, 44)
- - 42. The apparatus of claim 41, wherein the at least one identifier comprises a closed subscriber group identifier.
  - 43. The apparatus of claim 41, wherein the access controller is further configured to determine the at least one identifier based on a permanent identifier associated with the access terminal, and to determine the permanent identifier based on a temporary identifier associated with the access terminal.
  - 44. The apparatus of claim 41, wherein the communication controller is further configured to receive the at least one identifier to the access point.

45. A computer-program product, comprising:
- a non-transitory computer-readable medium comprising codes for causing a computer to;
  
  receive, at a network node, a request from an access point for authenticating an access terminal; and
  
  send, to the access point, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (46)
- - 46. The computer-program product of claim 45, wherein the at least one identifier comprises a closed subscriber group identifier.

47. A method of communication, comprising:
- sending, by an access point comprising hardware, a request for authenticating an access terminal to a network node; and
  
  receiving from the network node, in response to the request, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (48, 49, 50, 51, 52, 53)
- - 48. The method of claim 47, wherein the plurality of access points further comprise at least one of a NodeB, an eNodeB, and a radio network controller (RNC).
  - 49. The method of claim 47, further comprising determining whether the access terminal is allowed to receive service from the access point based on the at least one identifier.
  - 50. The method of claim 49, wherein the at least one identifier comprises a closed subscriber group identifier.
  - 51. The method of claim 49, wherein:
    - the at least one identifier identifies a closed subscriber group that the access terminal may access; and
      
      the determination comprises determining whether the at least one identifier matches a closed subscriber group identifier associated with the access point.
  - 52. The method of claim 47, wherein the request is sent based on a determination that the access terminal is not listed in a local access list of the access point.
  - 53. The method of claim 47, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

54. An apparatus for communication, comprising:
- means for sending, by an access point, a request for authenticating an access terminal to a network node; and
  
  means for receiving from the network node, in response to the request, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (55, 56, 57, 58, 59)
- - 55. The apparatus of claim 54, further comprising means for determining whether the access terminal is allowed to receive service from the access point based on the at least one identifier.
  - 56. The apparatus of claim 55, wherein the at least one identifier comprises a closed subscriber group identifier.
  - 57. The apparatus of claim 55, wherein:
    - the at least one identifier identifies a closed subscriber group that the access terminal may access; and
      
      the determination comprises determining whether the at least one identifier matches a closed subscriber group identifier associated with the access point.
  - 58. The apparatus of claim 54, wherein the request is sent based on a determination that the access terminal is not listed in a local access list of the access point.
  - 59. The apparatus of claim 54, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

60. An apparatus for communication, comprising:
- an access controller configured to send, by an access point comprising hardware, a request for authenticating an access terminal to a network node; and
  
  a communication controller configured to receive from the network node, in response to the request, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (61, 62, 63)
- - 61. The apparatus of claim 60, wherein the access controller is further configured to determine whether the access terminal is allowed to receive service from the access point based on the at least one identifier.
  - 62. The apparatus of claim 61, wherein:
    - the at least one identifier identifies a closed subscriber group that the access terminal may access; and
      
      the determination comprises determining whether the at least one identifier matches a closed subscriber group identifier associated with the access point.
  - 63. The apparatus of claim 60, wherein the request is sent based on a determination that the access terminal is not listed in a local access list of the access point.

64. A computer-program product, comprising:
- a non-transitory computer-readable medium comprising codes for causing a computer to;
  
  send, by an access point, a request for authenticating an access terminal to a network node; and
  
  receive from the network node, in response to the request, at least one identifier that identifies a plurality of access points that comprise at least one base station and that are physically remote from one another from which the access terminal is allowed to receive at least one service, wherein the at least one identifier is determined based on an International Mobile Subscriber Identity (IMSI) associated with the access terminal, and wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point.
- View Dependent Claims (65)
- - 65. The computer-program product of claim 64, wherein the computer-readable medium further comprises codes for causing the computer to determine whether the access terminal is allowed to receive service from the access point based on the at least one identifier.

66. A method of communication, comprising:
- configuring an access point with an International Mobile Subscriber Identity (IMSI) of an access terminal, wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point;
  
  obtaining a second identifier of the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another, wherein the obtaining comprises;
  
  sending the IMSI of the access terminal to a network node; and
  
  receiving the second identifier of the access terminal from the network node as a result of sending the IMSI;
  
  receiving a message requesting access by the access terminal; and
  
  determining, at the access point, whether to allow the requested access based on the second identifier.
- View Dependent Claims (67, 68, 69, 70)
- - 67. The method of claim 66, wherein the plurality of access points further comprise at least one of a NodeB, an eNodeB, and a radio network controller (RNC).
  - 68. The method of claim 66, wherein the second identifier comprises an electronic serial number or an international mobile subscriber identity.
  - 69. The method of claim 66, wherein the determination comprises:
    - sending the second identifier to a network node; and
      
      receiving, as a result of sending the second identifier, an indication as to whether to allow the requested access.
  - 70. The method of claim 66, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

71. An apparatus for communication, comprising:
- means for configuring an access point with an International Mobile Subscriber Identity (IMSI) of an access terminal, wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point;
  
  means for obtaining a second identifier of the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another, wherein the means for obtaining comprises;
  
  means for sending the IMSI of the access terminal to a network node; and
  
  means for receiving the second identifier of the access terminal from the network node as a result of sending the IMSI;
  
  means for receiving a message requesting access by the access terminal; and
  
  means for determining, at the access point, whether to allow the requested access based on the second identifier.
- View Dependent Claims (72, 73, 74)
- - 72. The apparatus of claim 71, wherein the second identifier comprises an electronic serial number or an international mobile subscriber identity.
  - 73. The apparatus of claim 71, wherein the determination comprises:
    - sending the second identifier to a network node; and
      
      receiving, as a result of sending the second identifier, an indication as to whether to allow the requested access.
  - 74. The apparatus of claim 71, wherein the access point is restricted to not provide, for at least one other access terminal, at least one of the group consisting of:
    - signaling, data access, registration, and service.

75. An apparatus for communication, comprising:
- a provisioning controller, comprising hardware, configured to configure an access point with an International Mobile Subscriber Identity (IMSI) of an access terminal, wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point;
  
  an access controller configured to obtain a second identifier of the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another, wherein the access controller is further configured to;
  
  send the IMSI of the access terminal to a network node; and
  
  receive the second identifier of the access terminal from the network node as a result of sending the IMSI; and
  
  a communication controller configured to receive a message requesting access by the access terminal;
  
  wherein the access controller is further configured to determine, at the access point, whether to allow the requested access based on the second identifier.
- View Dependent Claims (76)
- - 76. The apparatus of claim 75, wherein the second identifier comprises an electronic serial number or an international mobile subscriber identity.

77. A computer-program product, comprising:
- a non-transitory computer-readable medium comprising codes for causing a computer to;
  
  configure an access point with an International Mobile Subscriber Identity (IMSI) of an access terminal, wherein the IMSI is received at the access point in a message relating to a request by the access terminal to access the access point;
  
  obtain a second identifier of the access terminal based on the IMSI, wherein the second identifier identifies a plurality of access points that comprise at least one base station and that are physically remote from one another, wherein to obtain the second identifier, the computer-readable medium further comprises codes for causing the computer to;
  
  send the IMSI of the access terminal to a network node; and
  
  receive the second identifier of the access terminal from the network node as a result of sending the IMSI;
  
  receive a message requesting access by the access terminal; and
  
  determine, at the access point, whether to allow the requested access based on the second identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Gupta, Rajarshi, Palanigounder, Anand, Ulupinar, Fatih, Horn, Gavin B., Agashe, Parag A., Chen, Jen Mei, Deshpande, Manoj M., Balasubramanian, Srinivasan, Nanda, Sanjiv, Song, Osok
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US12/246,383
Publication Number

US 20090094680A1
Time in Patent Office

2,570 Days
Field of Search

726/3, 726/7, 455/410, 455/411, 709/220, 709/230, 713/153
US Class Current

1/1
CPC Class Codes

H04L 63/104   Grouping of entities

H04W 12/062   Pre-authentication

H04W 12/08   Access security

H04W 48/02   Access restriction performe...

H04W 48/08   Access restriction or acces...

H04W 48/14   using user query or user de...

H04W 8/26   Network addressing or numbe...

H04W 84/045   using private Base Stations...

Access management for wireless communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

77 Claims

Specification

Solutions

Use Cases

Quick Links

Access management for wireless communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

77 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links