Invention for User Profile, Policy, and PMIP Key Distribution in a Wireless Communication Network

Communications / By

Invented by Jun Wang, Arungundram MAHENDRAN, Vidya Narayanan, Qualcomm Inc

The market for User Profile, Policy, and PMIP Key Distribution in a Wireless Communication Network Wireless communication networks have become an integral part of our daily lives, connecting people and devices seamlessly. As the demand for wireless connectivity continues to grow, so does the need for efficient and secure network management solutions. User profile, policy, and PMIP (Proxy Mobile IPv6) key distribution are crucial components of a wireless communication network, and the market for these services is expanding rapidly. User profile management involves maintaining and updating user information, preferences, and access rights within a network. It allows network operators to personalize services and ensure a seamless user experience. With the proliferation of smartphones, tablets, and IoT devices, the market for user profile management is witnessing significant growth. Companies offering user profile management solutions are focusing on providing scalable, cloud-based platforms that can handle large volumes of user data efficiently. Policy management is another critical aspect of wireless communication networks. It involves defining and enforcing rules and regulations for network access, bandwidth allocation, and quality of service. Policy management solutions enable network operators to prioritize traffic, manage network congestion, and ensure fair usage policies. The market for policy management is driven by the increasing demand for bandwidth-intensive applications such as video streaming, online gaming, and virtual reality. Companies offering policy management solutions are investing in advanced analytics and machine learning technologies to optimize network performance and enhance user satisfaction. PMIP key distribution is a security mechanism that enables secure communication between mobile devices and the network infrastructure. It ensures that only authorized devices can access the network and protects against unauthorized access and data breaches. With the rise in cyber threats and the need for secure communication, the market for PMIP key distribution solutions is experiencing significant growth. Companies offering PMIP key distribution solutions are focusing on developing robust encryption algorithms, authentication mechanisms, and secure key management systems. The market for user profile, policy, and PMIP key distribution in wireless communication networks is highly competitive, with several established players and new entrants vying for market share. Key players in the market include network equipment vendors, software solution providers, and system integrators. These companies are investing in research and development to develop innovative solutions that address the evolving needs of wireless communication networks. The market is also witnessing collaborations and partnerships between network operators and solution providers to offer integrated solutions that combine user profile, policy, and PMIP key distribution functionalities. This trend is driven by the increasing complexity of wireless communication networks and the need for comprehensive management solutions. In conclusion, the market for user profile, policy, and PMIP key distribution in wireless communication networks is witnessing rapid growth due to the increasing demand for personalized services, efficient network management, and secure communication. Companies offering these solutions are investing in advanced technologies and strategic partnerships to stay competitive in this evolving market. As wireless communication networks continue to evolve, the demand for user profile, policy, and PMIP key distribution solutions is expected to grow further, presenting lucrative opportunities for market players.

The Qualcomm Inc invention works as follows

A PMIP network node may be adapted to: (a) provide wireless network connectivity to an authentication peer via a first access node. (b) provide a PMIP key to both ends of a tunnel between the first network node and a PMIP network node used to provide communications to the authentication node. A PMIP node can be configured to: (a) provide wireless connectivity to an authentication node via a network access point; (b) send a PMIP secret to both ends of the PMIP tunnel that connects the first access point to the PMIP node providing communications to the authentication node; or (c) give the PMIP secret to a PMIP node associated with the first access point.

Background for User Profile, Policy, and PMIP Key Distribution in a Wireless Communication Network

In the evolution of wireless communication networks in 3GPP2, a type of network is called an ultra-mobile broadband (UMB). It is designed to improve the CDMA2000 standard for the next generation of applications and requirements. UMB packet data networks rely on Internet (TCP/IP), running over next-generation radio systems. They are intended to be more efficient, and capable of offering more services than technologies they replace. UMB, which is intended as a fourth generation (4G) technology, uses an underlying TCP/IP networking system with low latency and high bandwidth. High level services, such as voice, are then built on top. “The much higher bandwidth (compared to previous generations) and lower latencies allow the use of different application types which were previously impossible while still delivering high quality voice services (or even better quality).

UBM networks use a less centralised management of their network access nodes (also known as evolved bases stations, or eBS). Such access nodes, for example, may perform the same functions of a base station (BS), base station controllers (BSC) or base stations in a CDMA system. This more distributed network architecture causes several problems when trying to keep an access terminal (AT)’s network access identifier(NAI) secure.

The NAI or its equivalent is sent over the air by the terminal to the packet data service node (PDSN), which uses it as an authentication code, accounting report and/or for policy retrieval. It is insecure to transmit the NAI through the air.

In an UMB network the NAI does not get sent over the air. Depending on the EAP methods used, the NAI of an access terminal may not be visible to the authenticator. It is sometimes called anonymous NAI. “How to authenticate an AT when implementing anonymous NAI” is a problem.

In a UMB Network, the User Profile and the quality of service (QoS), User Profile are sent to the session-reference network controller (SRNC) by the local and home authentication authorization and accounting (LAAA/HAAA), via successful access authentication. The User Profile must also be sent to the access gateway (AGW), e.g. via IP services authorization. There is a problem in sending the User Profile to AGW when implementing anonymous NAI.

If a PMIPv4 Tunnel is used to connect an eBS to AGW in a UMB Network, then the MNHA key must be sent both to eBS as well as AGW. The problem is how to send the key for the PMIPv4 between eBS-AGW to the SRNC/AGW.

Therefore, it is necessary to find a solution for these problems when implementing anonymous NAI in a UMB Network.

A method is provided that can be used in an authentication server of a wireless communication system to secure a primary user’s key. A wireless authentication peer sends an access authentication request. The secondary user key associated with the primary user identification of the wireless authentication peer is used to generate a secondary user identifier. The secondary user key is provided to the authenticator that is associated with the authentication peers. The primary user identifier can be used to retrieve information about the user profile. The information about the user profile can be sent to an authenticator.

The communication network can include at least one Ultra Mobile Broadband network (UMB), WiMAX network or Long Term Evolution network (LTE). The authentication server can be an entity that provides authentication, authorization and accounting (AAA), while the authentication peer may be a wireless terminal (AT). The authenticator can be a session-reference network controller (SRNC), associated with a wireless access terminal (AT), in a UMB compatible network. “The serving base station can be colocated with the SRNC.

The secondary user identification may be a number generated randomly that is then associated with the primary identifier. The secondary user identification may be the same as the primary user identification. The secondary user ID may be a part of the primary user ID.

The authentication server includes a processing circuit that can: (a), receive an access authentication from a wireless peer authentication peer, (b) create a secondary user identification associated with a primary authentication peer user ID; (c), provide the secondary authentication peer user ID to an authenticator; (d), retrieve user profile data based on the primary authentication peer user identity; and (e), provide the user profile data to the authenticator.

The authentication server can also include a communication interface that is able to communicate with at least one Ultra Mobile Broadband compatible network (UMB), WiMAX compatible networks, or Long Term Evolution compatible networks. The authentication server can be an authentication authorization and accounting entity (AAA) and the authentication peer can be a wireless terminal (AT). The authentication server may be a session-reference network controller (SRNC), associated with a wireless access terminal (AT) on an Ultra Mobile Broadband compatible network. The primary user identifier can be a network access identifier for the wireless terminal. The secondary user identification may be (a), a randomly generated value that is then associated with the primary identifier or (b), a function of primary identifier.

The authentication server also includes: (a), means to receive an access authentication request for a wireless authentication peers; (b), means to generate a secondary user identification associated with a primary identifier of the wireless authentication peers; (c), means to provide the secondary user identification to an authenticator that is associated with the authentication partner; (d), means to retrieve user profile data based on the primary identifier, and/or (e), means to provide the user profile data to the authenticator.

The computer program is operational on a server that secures a primary identifier. When executed by a processor, the processor: (a), receives an access authentication request for a wireless authentication peers; (b), generates a secondary identifier associated to a primary identifier of the wireless authentication peers; (c), provides the secondary identifier to a authenticator associated with an authentication peer. (d) retrieves user profile data based on the primary identifier.

An authentication server also provides a method for distributing information about user profiles and/or policies within a communications network. A peer authentication that is attempting to communicate via a network access node must be authenticated. The user profile information for the authentication peers is retrieved, and then sent to the network gateway node which facilitates communications with the authentication peers. The user profile data is sent to a network gateway node that facilitates communication for the authentication peer. “The authentication server can be an entity that performs authentication, authorization and accounting (AAA), which is a part of the communication system.

In one example, the sending of the user profile to the gateway node on the network may involve having the authenticator for a communication network send the information. In another example of sending the user profiles to the gateway node, the authentication server can send the information. User profile information can include at least one user profile, a user policy, a quality of service for he user profile and communication services provided by the authentication peer.

The method can also include: (a), sending a request for a primary user identification from the network node to the PCRF; (b), sending a request to the authentication service from the PCRF; (c), sending a response from the authentication to the PCRF, including the requested primary identifier, (d), obtaining at the PCRF a user policy using the primary identifier, and/or (e), sending the user policy to the network node from the PCRF.

The authenticator can be a session-reference network controller (SRNC), associated with a basestation serving the authentication peer, in an Ultra Mobile Broadband compatible network. And the confidential identifier could be a wireless access terminal’s network access ID.

The authentication server includes a processing circuit that is adapted to (a) authenticate a peer that is attempting to establish communication via a first access node on the network; (b) retrieve the user profiles associated with that peer;(c) send that information to a gateway node which facilitates communication for that peer; or (d) to an authenticator who facilitates communications with that peer; (0) receive the request for a primary user identification from a PCRF, wherein that primary user ID is associated uniquely with

Therefore, an authentication server comprises: (a) a means for authenticating a peer that is seeking to establish communication via a first access node on the network; (b), a means for retrieving the user profiles associated with that peer; c) a means for sending that information to a gateway node, which facilitates communication for the peer; d) a means for sending that information to an authenticator, who facilitates communications for that peer; and/or f) a means for

The computer program is able to provide user information. When executed by a processor, it causes the processor to perform the following actions: (a), authenticate an authentication peers seeking to establish communication via a first access node on the network; (b), retrieve user profile data associated with the peer;(c) send user profile data to a gateway node which facilitates communication for the peer; or (d) send user profile to an authenticator who facilitates communications for authentication peer. (e) receive the primary user identification request from PCRF

Click here to view the patent on Google Patents.