[go: up one dir, main page]

HK1173866B - Network node, mobility information server, wtru and method - Google Patents

Network node, mobility information server, wtru and method Download PDF

Info

Publication number
HK1173866B
HK1173866B HK13100814.9A HK13100814A HK1173866B HK 1173866 B HK1173866 B HK 1173866B HK 13100814 A HK13100814 A HK 13100814A HK 1173866 B HK1173866 B HK 1173866B
Authority
HK
Hong Kong
Prior art keywords
access
wtru
network
access network
mobility
Prior art date
Application number
HK13100814.9A
Other languages
Chinese (zh)
Other versions
HK1173866A1 (en
Inventor
亚伦.G.卡尔顿
那拉扬.P.门诺
迪巴舍希.帕卡亚斯塔
Original Assignee
美商内数位科技公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 美商内数位科技公司 filed Critical 美商内数位科技公司
Publication of HK1173866A1 publication Critical patent/HK1173866A1/en
Publication of HK1173866B publication Critical patent/HK1173866B/en

Links

Abstract

The present invention discloses a network node, a mobility information server, a WTRU and a method. An Application Server Autonomous Access (ASAA) system for providing autonomous access to a wireless infrastructure by devices employing different types of access technology. The system includes a server, having an associated data storage device, for storing at least one policy, and a plurality of subnetworks, coupled to server, provide access to the server. The plurality of subnetworks employ at least two different types of access technology. A plurality of wireless transmit/receive units (WTRUs) are wirelessly coupled to at least one of the sub-networks. The server monitors the wireless coupling and, depending upon the at least one policy, switches the WTRU between different ones of the subnetworks.

Description

Network node, mobility information server, WTRU and method
The application is a divisional application of the Chinese patent application with the application number of 200480033159.8, the application date of 2004, 11/12/2004 and the name of 'application server autonomous access system between networks with different forms of access technologies'.
Technical Field
The present invention relates to wireless communication systems, and more particularly, to a system that allows access to an infrastructure by devices using different types of access technologies.
Background
The current technology allows different types of wireless and wireline access networks to serve clients, while support for mobility interworking between different access technologies, e.g., second and third generation (2G/3G) wireless networks, CDMA2000 networks, Wireless Local Area Networks (WLAN)/bluetooth networks, is very limited at the Radio Access Network (RAN) level, and standardization efforts are made in the area of WLAN and global standards for mobile unit (GSM)/Universal Mobile Telecommunications System (UMTS) interworking, however, the defined mechanisms are addressing mobility between these networks within the radio access domain, which efforts are solely directed to separating decision criteria into their plans in the wireless (i.e., radio access network RAN), thus, there is a need for a mechanism by which an "application level" can span different access networks so that seamless mobility and interaction between the systems can be achieved.
Disclosure of Invention
The present invention is directed to solving the interoperability problem associated with the prior art. The present invention relates to an Application Server Autonomous Access (ASAA) system, which combines different forms of wireless and wired access networks, and allows a potential non-Public LAN Mobile Network (non-Public LAN Mobile Network) to provide services to three-party service providers of clients based on user location, behavior factors, and charging criteria, and the like, and combines location, service, and routing information when a user roams between different forms of access networks, and further, the ASAA server does not provide user-resilient call routing and active push services (push services) through appropriate technical networks based on policies such as user location, behavior factors, and charging criteria, and the architecture of the ASAA server allows different forms of services to be provided to the user based on the same plan, in essence, this architecture allows a three-party service provider to obtain significant revenue from (and away from) wide area PLMN networks (e.g., GSM/UMTS and COMA2000 networks).
The present invention provides a method implemented in at least one network node of providing wireless telecommunication services, the method comprising: maintaining a mobility policy and a list of a plurality of access networks capable of being connected by a wireless transmit/receive unit (WTRU), wherein the plurality of access networks includes a first access network including a first access technology and a second access network including a second access technology different from the first access technology; communicating with the WTRU via the first access network using Internet Protocol (IP); acquiring a permanent identity of the WTRU; sending mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the permanent identity; and communicating with the WTRU via the second access network using IP in response to the transition of the WTRU from the first access network to the second access network.
The present invention provides a network node configured to provide wireless telecommunication services, the network node comprising: for maintaining a mobility policy and a list of a plurality of access networks capable of being connected by a wireless transmit/receive unit (WTRU), wherein the plurality of access networks includes a first access network including a first access technology and a second access network including a second access technology different from the first access technology; means for communicating with the WTRU via the first access network using Internet Protocol (IP); means for obtaining a permanent identity of the WTRU; means for sending mobility-related information regarding the first and second access networks to the WTRU based on the mobility policy and the permanent identity; and means for communicating with the WTRU via the second access network using IP in response to the transition of the WTRU from the first access network to the second access network.
The present invention provides a method implemented in at least one network node of providing wireless telecommunication services, the method comprising: maintaining a mobility policy and a list of a plurality of access networks capable of being connected by a wireless transmit/receive unit (WTRU), wherein at least two of the plurality of access networks are based on different access technologies; communicating with the WTRU via a first access network using Internet Protocol (IP); acquiring a permanent identity of the WTRU; sending mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the permanent identity; and communicating with the WTRU via a second access network using IP in response to a transition of the WTRU from the first access network to the second access network, wherein at least one of the first access network and the second access network is included in the list of the plurality of access networks.
The present invention provides a network node configured to provide wireless telecommunication services, the network node comprising: means for maintaining mobility policies and a list of a plurality of access networks capable of being connected by a wireless transmit/receive unit (WTRU), wherein at least two of the plurality of access networks are based on different access technologies; means for communicating with the WTRU via a first access network using Internet Protocol (IP); means for obtaining a permanent identity of the WTRU; means for sending mobility-related information regarding the first and second access networks to the WTRU based on the mobility policy and the permanent identity; and means for communicating with the WTRU via a second access network using IP in response to a transition of the WTRU from the first access network to the second access network, wherein at least one of the first access network and the second access network is included in the list of the plurality of access networks.
The invention provides a method implemented in a mobility information server, comprising the following steps: communicating with a wireless transmit/receive unit (WTRU) via a first access network of a first access technology type using Internet Protocol (IP); transmitting mobility-related information to the WTRU; and on a condition that the WTRU transitions from the first access network of the first access technology type to a second access network of a second access technology type, communicating with the WTRU via the second access network of the second access technology type using IP, wherein the second access technology type is different from the first access technology type.
The present invention provides a mobility information server, including: means for communicating with a wireless transmit/receive unit (WTRU) via a first access network of a first access technology type using Internet Protocol (IP); means for transmitting mobility-related information to the WTRU; and means for communicating with the WTRU via a second access network of a second access technology type using IP on a condition that the WTRU transitions from the first access network of the first access technology type to the second access network of the second access technology type, wherein the second access technology type is different from the first access technology type.
The present invention provides a method implemented in a wireless transmit/receive unit (WTRU), the method comprising: the WTRU communicating with a mobility information server via a first access network of a first access technology type using Internet Protocol (IP); the WTRU receiving mobility-related information from the mobility information server; the WTRU transitioning from the first access network of the first access technology type to a second access network of a second access technology type based on the mobility-related information, wherein the second access technology type is different from the first access technology type; and the WTRU communicating with the mobility information server via the second access network of the second access technology type using IP.
The present invention provides a wireless transmit/receive unit (WTRU) comprising: means for communicating with a mobility information server via a first access network of a first access technology type using Internet Protocol (IP); means for receiving mobility-related information from the mobility information server; means for switching from the first access network of the first access technology type to a second access network of a second access technology type based on the mobility-related information, wherein the second access technology type is different from the first access technology type; and means for communicating with the mobility information server via the second access network of the second access technology type using IP.
Drawings
FIG. 1: a diagram of an ASAA network performed in accordance with the present invention is shown;
FIG. 2: is a diagram showing the relationship between a WTRU, an ASAA server, and an access network;
FIG. 3: a diagram showing an ASAA network implementation of a remote video media function in accordance with the present invention;
FIG. 4: is a schematic diagram showing a remote control connection of a camera device performed in accordance with the present invention;
FIG. 5: is a schematic diagram showing a remote control operation of a camera apparatus performed according to an embodiment of the present invention;
FIG. 6: a diagram illustrating a personal lock and key device providing secure communication over an ASAA network in accordance with a particular aspect of the present invention is shown;
FIG. 7: is a block diagram showing the operational functions of the personal lock and key device of figure 6; and
FIG. 8: a diagram illustrating the interoperability of the personal lock and key device of figure 6 with a terminal, or WTRU application is shown.
Detailed Description
As used herein, the term "wireless transmit/receive unit (WTRU)" includes, but is not limited to, a user equipment, mobile station, fixed or mobile subscriber unit, pager, or any other type of device capable of operating in a wireless environment, and the term "base station" includes, but is not limited to, a node-B, location controller, access point, or any other type of interfacing device in a wireless environment, and further, an "Access Point (AP)" is a device, or means, that provides wireless access for devices to establish a wireless connection with a LAN and to establish a portion of a Wireless LAN (WLAN) station, if the AP is a fixed device on a WLAN, the AP is one that transmits and receives data, and if the WLAN itself has a connection to the network, the AP allows a WTRU to connect to a network.
In accordance with the present invention, wireless telecommunication services are provided to at least one WTRU by identifying at least a plurality of wireless access networks capable of providing wireless connections with the WTRU, a server is capable of communicating with the plurality of wireless access networks, and a state of the WTRU is determined in terms of the ability to establish a radio connection with one or more of the wireless access networks, and the server establishes a server communication link with the WTRU of a wireless access network with which the WTRU has the ability to establish a radio connection and uses the communication link to establish communication between the WTRUs, and the server communication link is then used to establish communication between the WTRUs and another destination through one of the access networks.
The ASAA server incorporates subscriber user location, service, and routing information, and routes calls and push services (push-services) to the appropriate network serving a user based on policy profile (policy profile) including, for example, location, technical network capabilities (technical network capabilities), behavior factors, and charging criteria (tariffing criteria), using IP-based technologies (e.g., SIP) to support inter-technology convergence (inter-technology convergence).
Fig. 1 is a diagram of a network environment 11 illustrating an exemplary relationship between an ASAA server 12, network service entities, and a WTRU13 in accordance with the present invention. The ASAA network 11 implemented in accordance with the present invention integrates various technology networks such as 3G wide area PLMNs (e.g., UMTS and CDMA 2000), private area networks (WPANs) such as official (office) and campus (campus) networks (e.g., WLAN, bluetooth, IEEE 80211, IEEE802.15, and ZigBee), and private SOHO networks (e.g., WLAN, bluetooth, IEEE802.15, and ZigBee), and further, in addition to the network environment 11 and the ASAA server 12, a public switched telephone network or public data network (PSTN/PON)14, and a Public Land Mobile Network (PLMN)15 are depicted in the drawings.
While certain protocols, such as IEEE802.15, are described, suitable protocols may be used within the scope of the present invention, and these are described for purposes of example, and thus other communication technologies and protocols, such as ZigBee, UWB, and IrOA, are also contemplated for carrying out the concepts of the present invention.
The PLMN 15 includes a plurality of LANs21-25 depicted as an entertainment store 21 at an airport terminal, an airport terminal 22, an official network 23, a coffee shop 12 providing WLAN services, and a home network 25, and the PLMN 15 also includes macro mobile services 26, including, for example, a 3G device 27 and a SIP device 28, wherein the macro mobile services 26 provide communications via WLAN, BT, and UMTS, and the LNNs21-25 and macro mobile services form access networks, and typical communications via the LANs 21-225 are according to the IP protocol, SIP protocol, or other packet switched protocols, typically using a common channel, and allocating bandwidth as needed.
A plurality of ASAA application servers 41-43 are provided at various locations including WLAN23, home network 25, and the macro mobile services 26, which provide application services through their respective access networks 23, 25, and 26, but may be accessed through other access networks as well.
Further, the WTRU13 is depicted as being capable of communicating with each of the access networks 21-26, and the ASAA server 12 is also capable of establishing a communication link with the WTRU13 by connecting directly or indirectly to each of the networks 21-26 that have established a communication link with the WTRU13, with the services from the ASAA server in this configuration, and the access networks provide access to the user, and thus calls and other interactions between the user and the ASAA server are routed through the access network to which the user is connected, which enables the ASAA server 12 to function as a service platform for delivering services to the user through each of the access networks 21-26.
The WTRU13 is capable of communicating through a variety of services, as provided through the WLAN23, but once connected, the ASAA server 12 may provide management functions directly through the ASAA server 12 to any of the services provided, or may provide routing requests to service the various access networks 21-26 to an access network connected to the WTRU13, and in this configuration, the services may be provided through the ASAA server 12, so the access networks provide access to the WTRU13, and thus calls and other interactions between the user and the ASAA server are routed through the access network to which the WTRU13 is connected.
The ASAA server 12 also includes server functions 61, 62, with the server functions 61, 62 providing management functions for operating the ASAA server 12 and maintaining a database of the location of the WTRU13 and the ability to connect to the access networks 21-26, and the server functions 61, 62 also providing application functions that may be performed by the WTRU through a connection to the access networks 21-26.
The ASAA server 12 provides an anchored interface (anchored interface) to the PSTN/PDN14 for receive/transmit call attempts and routes incoming calls to the access network serving the WTRU based on the WTRU location, and during the sending of incoming calls, the ASAA server 12 calls all possible serving access networks under it that the WTRU13 is configured to serve, the WTRU13 replies with a call response sent over the currently connected serving network, and the ASAA server 12 delivers incoming calls over a serving access network to which the WTRU13 was previously connected.
The WTRU13 may also "force" incoming calls through a particular service access network by appropriately configuring the ASAA server 12 under the identification of the service access network through which the call is being sent to its destination, so that the WTRU13 may control which services are used by specifying the access network.
This architecture extends conventional cellular call and call routing mechanisms to operate across the range of an access network, and in one embodiment, an IP-based application level paging mechanism operating across various access networks helps locate the sending WTRU 13.
One embodiment includes providing a joint interface to allow PSTN/PDN14 to receive calls via the ASAA server 12, and the ASAA server 12 allowing PSTN/PDN14 to receive calls to be made through a single anchor point (anchor point), with the effect that from the user's perspective, radio connection services are provided through the special radio connections for the respective access networks 21-26, wherein the service management, which is the user's interface, can be either the local network 21-26 or the ASAA server 12, so that, as indicated by dashed line 69, the system transfers network management of the user's services and the service management of the user up from the respective networks 21-26 to the ASAA server 12, then, from the user's point of view, the ASAA server 12 becomes a virtual server in which network services are provided through the respective access networks 21-26 of the radio link and, in addition to the radio link, through the ASAA server 12 of services provided to the user, if the operator of the ASAA server 12 is able to obtain wireless services, just as the respective access networks 21-26 provide, the user can achieve service subscription management (service subscription management) through the operator of the ASAA server 12.
This architecture supports mobility of the WTRU13 across multiple access networks and uses the ASAA server 12 to allow user-architecture routing of calls through a given access network, provides a consistent set of supplementary services and features across multiple access networks, resulting in a continuity of user experience despite network changes, and provides a mechanism for consistently providing active push services to the WTRU13 across multiple access networks thereunder.
The ASAA server 12 provides a role in a management function for sending services to the various access networks 21-26, allowing the ASAA server 12 to remain in a common location for user profile data, the user can decide what services to use, and under which physical circumstances, examples of parameters include call steering, service selection by modality, service selection by cost and cost framework, service selection by network ownership, notification of availability of connections to services, user-determined minimum quality of service (QOS), and bandwidth required for special function services, wherein the call handling characteristics data may include voice mail, optional call admission, and "challenging" response, in a similar manner, the ASAA server 12 may also provide the voice mail and other data management services.
Figure 2 is a diagram showing the relationship between a WTRU 81, an ASAA server 83, and access networks 91-95, wherein the WTRU includes circuitry 87 for establishing an RF link, and circuitry 88 for processing data, although some of these functions are integrated circuit functions, and further wherein the WTRU 81 establishes a communication link with the ASAA server 83, but typically the service connection is between the WTRU 81 and one of the serving networks 91-95, and services may communicate through the ASAA server 83, or through the serving network in radio communication with the WTRU 81, or alternatively, services may communicate from a serving network to a serving network that establishes a radio link with the WTRU 81 without passing through the ASAA server 83, in the case of communications supervised by an ASAA server, communications that do not pass through the ASAA server 83, or originate from the ASAA server 83, may still be supervised by the ASAA server 83, so that the actual connection to a particular services network 91-95 is readily apparent to the user, since the processing circuit 88 will handle the data regardless of its source.
In operation, after the media device is powered up, the ASAA application attempts to access the ASAA application server via the 3G PLMN infrastructure, and the registration (reg is t rate ac t ion) results in the regular transmission of location data between the PLMN and the ASAA application server.
The ASAA application server maintains an index of secondary networks (subnetworks) available to the media device and automatically pushes the media device onto those subnetworks during the active duration of the call, or onto user commands immediately following an ASAA system alert, based on policies including user location, behavioral characteristic data, and desired charges, for example.
During the active time of the call, the ASAA server network provides connectivity between the media device and the PSTN/PDN, and depending on ASAA and PLMN subscriptions (e.g., quality of service characteristic data), different levels and types of services may be provided to the media device, again depending on location.
For example, a typical PLMN voice service is not absolutely necessary for a user having a behavioral profile that leaves the user at home or in the office for a significant percentage of the normal time, so that for such a user a simple ASAA (SIP-based) call plan can be applied during times that are not available to the secondary network.
The ASAA system according to the present invention results in several advantages for current systems. The ASAA system combines location, service, and routing information for subscription use at the ASAA server, which allows seamless communication with seamless mobility between different technology networks using a common IP-based plan, routes calls, and pushes services to the appropriate technology network based on policy attribute data, supports a flexible charging plan based on a user's location and technology network selection, and ultimately enables three-party application providers to extract service revenue from the wireless network.
Another advantage of the ASAA server is that the ASAA server can assign a virtual identity to the WTRU, which may be, for example, a user identity, in which method the user identity is made portable across different WTRUs, so that if each WTRU has a unique identity, the ASAA server can communicate with the individual WTRUs based on their identity, e.g., ESN number, the communication of the ASAA server can be responsive to different identities, as selected by the user, which allows a user to "copy (clone)" a WTRU, e.g., a cellular phone, by using the ASAA server, which then can communicate with a different WTRU to provide information related to the identity, so that a user can use a different physical device, this is accomplished by replacing a particular WTRU with its own identity, whereas a plurality of different user IDs may be mapped onto a single device through the ASAA server, which in another example provides an identity proxy service (identity proxy service) for the WTRU.
For example, the user may wish to have a personal mobile phone and a working mobile phone on a trip, but need only carry a single physical device, so instead of using call delivery services, the user can communicate under the supervision of an ASAA network that is capable of communicating with the physical device carried by the user, and because this is under the supervision of the ASAA network, the ASAA server can convert device information, such as phone numbers, or other identification data, according to the information temporarily stored on the database of the ASAA server.
Remote photographic device
Fig. 3 is a diagram of an ASAA network implementation showing a remote video media function in accordance with one aspect of the present invention. As can be seen, the cameras 121-122 are connected by network connections that provide virtual connections to an ASAA server 128, and the physical connections of the cameras 121-122 may be through a LAN, such as wlan 131, or through a WTRU 135 capable of effecting a cellular connection, where the WTRU 135 may be connected through a local connection, such as an IEEE802.15 connection, a separate device connected, either contained within the camera 122 or hardwired, in each case, communication may be achieved and controlled by the ASAA server 128.
Also shown in figure 3 is a PC that is capable of communicating with the ASAA server 128 via the WLAN 131, or via another connection, such as a direct internet connection, similarly, a WTRU149 may be located in a separate location and also communicate with the ASAA server 128, and the ASAA server may provide a virtual identity to the WTRU149 or the camera device 122, as described above.
Fig. 4 is a diagram illustrating a remote control connection of camera devices performed by the ASAA network of fig. 1-3, or by network services, according to an embodiment of the present invention, depicting a one-way image transmission over a two-way link, wherein a camera device 171 includes a camera with associated image processor 172, an image storage device 173, and a transceiver 174, the camera device 171 communicates through an access point 177, and the access point 177 communicates with an ASAA network 181 under the control of an ASAA server 183.
The ASAA network 181 is connected to a user WTRU188 that provides an image via the display 189, and the user WTRU188 is able to control the camera 171 through a communication link established by the camera 171, the access point 177, the ASAA network 181, and the WTRU188, and control may be enabled or disabled through controlled access, which in the case of limited control of the camera 171 may be according to the particular terminal providing the control indication, or requesting output, according to the establishment of a secure connection, or by authentication through a password, or other user information.
The ASAA network 181 provides a registration of the camera device 171 for communication with the camera device 171 and communication with the camera device is achieved through the ASAA network 181 under the supervision of the ASAA server 183, although other network connections (not shown) may be possible, so control and access to the camera device 171 output is achieved in a 4-controlled manner, meaning that for access to the camera device 171 through the ASAA server 183, it must be registered or access granted through the ASAA server 183, and thus an advantage of using the ASAA server 183 is that any user having access to the ASAA network can be provided access to the camera device 171 in accordance with the registration.
In use, if the camera device 171 has limited use for private or public reasons, the control of the camera device 171 is established by an authorized user, the authorized user may be given control of the camera device 171 through the ASAA server 183, and control of the camera device may be performed through the ASAA server, or through a connection authorized by the ASAA server 183, and thus, the camera may be retained for use by a particular individual, e.g., a family member, therefore, while the network connection used by the camera device can be inherently open to external control of browsing, the ASAA server allows owner control while granting broad access to the owner and the owner's authorized persons.
Fig. 5 is a diagram illustrating a remote control operation of the camera device 171 performed by a remote terminal, such as terminal 192, or by the WTRU188, the camera device 171 being controlled remotely by a remote terminal, such as terminal 192, under the supervision of the ASAA server 128 providing control between the terminal 128 or 192 and the camera device 171, and being hosted by the ASAA server 128, either under the supervision of the ASAA server 128, or independently, depending on the media path 195, and further expecting the ASAA server to use media network connections for providing the signals while the instructions are depicted directly between the devices 171, 188, 192 and the ASAA server 128.
Registration with the ASAA server 128 is established by the terminals 188, 192 registering 201, 202 separately for devices accessible by the ASAA server 128, a control request 203 is completed by the terminals and granted at 204, the terminals then open the application 205, 206, in this example camera controlled, followed by instructions, such as rotate instruction 207 and 210, and the terminals may also access the camera output as indicated by media path 195, which is restricted by the ASAA server.
Personal communication lock and key
Communication across a network merges various wired and wireless devices, for example, where security is desired, a separate personal lock and key device is used to provide controlled secure access to communication, services, and data, and according to the present invention, the security is performed by making a wired receiver (WTRU), a terminal under the control of the user, or a public terminal (public terminal) used by the user, a separate personal lock and key device is used, and further the personal lock and key device is capable of providing multiple functions, including:
1. capable of communicating with a security server that provides security data to a server that services users;
2. receiver security enabled by encrypting and decrypting signals processed by a local terminal, or WTRU;
3. can store the cipher information that can be decrypted through the security server;
4. capable of communicating with a plurality of security servers; and
5. cryptographic access and security data can be provided to the server according to the protocol of the server without regard to the security server.
Figure 6 depicts a user of a network environment 300 having a personal lock and key device 301 for providing secure access by connecting through a WTRU (not separately depicted) a computer terminal 311, WTRUs 312, 313, and a portable computer 314. The reason for the personal lock and key device 301 is conveniently that a single device 301 can be used in connection with the various user devices without the need to provide separate equipment for each terminal device 311 and 314, for example where the personal lock and key device 301 is not necessary for operating the terminal device 311 and 314, and conveniently the personal lock and key device 301 can be stacked as it has a restricted profile in terms of physical connection and a restricted user interface if not.
The personal lock and key device 301 may use internally stored data and further security data may be read by the personal lock and key device 301, such as provided by a card device 321, which enables a separate security device to operate in conjunction with the personal lock and key 301 without requiring a direct association between the protocol used by the separate device 321 and the personal lock and key 301, and the personal lock and key 301 is expected to communicate with the separate device 321 and with external services, but in addition to this, does not require sharing a protocol with the separate device 321.
FIG. 7 is a block diagram showing the operational functions of the personal lock and key device 301 of FIG. 6. A wireless communication circuit 361, such as an IEEE802.15, or bluetooth (TM), and an infrared terminal 364 provide communication to a connection bus 371 also having an external terminal connection 376, wherein the connection bus 371 communicates with a logic circuit 381, the logic circuit 381 receives signals transmitted to the connection bus 371 from the wireless communication circuit 361, infrared terminal 364, or external terminal connection 376, the logic circuit 381 provides signals to the connection bus 371 for transmission through the wireless communication circuit 361, infrared terminal 364, or external terminal connection 376, and the logic circuit 381 uses encrypted/decrypted data stored in a memory storage 385 for decrypting or encrypting data transmitted through the connection bus 371.
A card reader circuit 389 receives data from an external card (390, sixth figure) for communication over the connection bus 371 that communicates with the wireless communication circuit 361, infrared terminal 364, or external terminal connection 376, as described above, and the external card reader 389 obtains complete data transfer or provides data for transfer to the logic circuit 381, in the case where the external card reader 389 obtains the complete data transfer, the logic circuit 381 transmits data from the external card reader 389 to the connection bus 371 or from the connection bus 371 to the external card reader 389 upon receipt, as in the case where the external card reader 389 provides data for the logic circuit to transfer, the data is used by the logic circuit 381, to convert data transmitted over the connection bus 371, it is also understood that the logic circuit 381 can also use a combination of data that has been converted externally and transmitted by the external card reader 389 and data converted by the logic circuit 381.
Figure 8 is a diagram showing the interoperability of the personal lock and key device 301 and security services. A local terminal 401 includes an application 405 and a receiver (dongle) 404, wherein the receiver 404 may be a physical receiver, such as a USB, wireless, or other communication device, and this is intended to allow the personal lock and key device 301 to receive data from the local terminal 401 and to transmit data back to the local terminal 401, while the use of an external receiver decryption device (external dongle) is known to those skilled in the art.
The local terminal 401 communicates with a security server 428 via network connections 420, 421, the security server 428 provides encrypted data in cooperation with the personal lock and key device 301, and the security server communicates with the personal lock and key device 301 to provide and receive encrypted data across the network connections 420, 421.
The security server 428 maintains data and provides program services while services may be provided external to the security server 428, as represented by application server 431, and the security server 428 may communicate with the application server via security protocols, which may be the same or different protocols used for the security server 428 to communicate via the local application 401 and the lock and key device 301, as depicted, secure communications between the application server 431 and the security server 428 may also be via a network connection, as depicted at location 421, but since the communication connection is effectively protected between the application server 431 and the security server 428, thus, access is not available from the outside, as represented by dashed line 439, in which the security server stores a user key (keys) and password (passwords) and responds to communication requests by communicating with the personal lock and key device 301, the security server 428 communicates the necessary access information when the personal lock and key device 301 are identified.
For example, the user may access a private directory (e.g., a private name list, customer list, or other confidential data) and, since the directory resides on a server that provides access to the directory only in a secure manner, and therefore does not have a public access to the directory, the user may connect at a public terminal 401 and then request access to the security server 428, the security server 428 provides data that is accessible only through the personal lock and key device 301, and, further, authenticates the user using the personal lock and key device 301 so that data is provided to the user only in the form requested by the user, along with the necessary components presented in a format that is readable only through the personal lock and key device 301, therefore, only the display data selected by the user can be accessed at the public terminal 401 and retrieved only when the personal lock and key device 301 is connected to the receiver end 402, so that the transmitted data cannot be stolen in an unencrypted form at the network connection 420, and only the data provided back to the terminal 401 for partial display, or manipulation, can be detected by access to the terminal 401.
The data may be stored in the security server 428 in the form of a password or may be stored elsewhere, such as at the application server 431, in the illustrated example, if the data is stored at the application server 431, the data is transmitted between the application server 431 and the security server 428 and then transmitted to the public terminal 401 where it is decrypted by the personal lock and key device 301, and wherein the processing of the data may occur at any convenient location, including the public terminal, the application server 431, or the security server 428.
In another example, the protected data is stored in an application service server 431, the user wishes to download a data output to a laptop, the local application 401, and the data output is manipulated or displayed at the laptop 401, so that the user requests the service by providing authentication between the personal lock and key device 301 and the security server 428 in response to providing authentication between themselves, the application service server 431 then provides the service when requested and returns a data output, which is then provided to the user either directly or through the security server 428, wherein the data output may be provided in encrypted form, decryption by the personal lock and key device 301, or provided in unencrypted form when appropriate for the particular form of data, for example if the data output is a name and telephone number derived from a secret list, it is possible that the user does not consider a single name and number to be classified as secret and would rather be locally accessible without limitation.
The security server 428 may be a separate device accessible over a communication link or may be provided as a function of the ASAA server 12, which in the case of the ASAA server 12, may be performed across multiple networks while maintaining secure connections according to the protocols supported by the personal lock and key device 301.
As depicted in fig. 6, the personal lock and key device 301 may use data contained therein or may use data provided by a card device 321, which allows the personal lock and key device 301 to be used as an a-interface between the card device 321 and a local application device 401 (fig. 8), and it is further contemplated that the lock and key device 301 may be conveniently located on at least one other device, such as a WTRU, which enables the lock and key device 301 to communicate via the WTRU to perform its functions.
This ability to connect through a separate device may be useful in situations where a particular device is not able to connect to the lock and key device 301, for example, if a device is not able to connect to the lock and key device 301 but is connected to a WTRU with wireless connectivity, in which case the WTRU is connected to both the lock and key device 301 to enable security and to the device, thus providing a secure wireless connection.
It is possible to include biometric identification functionality in the lock and key device 301 that would require a biometric identification and authentication procedure to limit the lock and key device 301 to the owner, examples of which include a body characteristic reader, voice matching circuitry, or other functionality that uniquely identifies the user, and the biometric identification data may be provided for purposes of using a different device, such as a camera, to match a biometric attribute based on the biometric identification data stored in the individual lock and key device 301.
The personal lock and key device 301 may also be assigned an identity by the security server 428, or alternatively, the security server 428 may assign a virtual identity to a device, such as the public terminal 401, so that the personal lock and key device 301 may communicate therewith.

Claims (19)

1. A method implemented within at least one network node of providing wireless telecommunication services, the method comprising:
maintaining a mobility policy and a list of a plurality of access networks that can be connected by a wireless transmit/receive unit (WTRU), wherein the plurality of access networks includes a first access network and a second access network, the first access network includes a first access technology, and the second access network includes a second access technology different from the first access technology;
communicating with the WTRU via the first access network using Internet protocol, IP;
acquiring a unique identifier of the WTRU;
sending mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the unique identifier; and
communicating with the WTRU via the second access network using IP in response to the transition of the WTRU from the first access network to the second access network.
2. The method of claim 1, wherein the mobility policy is based on location information.
3. The method of claim 1, wherein the mobility policy is based on access network characteristic data information.
4. The method of claim 1, wherein the mobility policy is based on network capability information.
5. The method of claim 1, wherein the mobility-related information is provided to the WTRU via a push service.
6. The method of claim 1, wherein the first access network comprises one of: a wireless local area network WLAN, a wireless private area network WPAN, a universal mobile telecommunications system UMTS for a terrestrial radio access network UTRAN, a code division multiple access CDMA2000 network, a small office/home office SOHO network, a Bluetooth network, an IEEE 802.11 network, an IEEE802.15 network, or a zigbee network.
7. The method of claim 1, wherein the second access network comprises one of: a wireless local area network WLAN, a wireless private area network WPAN, a universal mobile telecommunications system UMTS for a terrestrial radio access network UTRAN, a code division multiple access CDMA2000 network, a small office/home office SOHO network, a Bluetooth network, an IEEE 802.11 network, an IEEE802.15 network, or a zigbee network.
8. A network node configured to provide wireless telecommunication services, the network node comprising:
means for maintaining mobility policies and a list of a plurality of access networks that can be connected by a wireless transmit/receive unit, WTRU, wherein the plurality of access networks includes a first access network including a first access technology and a second access network including a second access technology different from the first access technology;
means for communicating with the WTRU via the first access network using Internet protocol, IP;
means for obtaining a unique identity of the WTRU;
means for sending mobility-related information regarding the first and second access networks to the WTRU based on the mobility policy and the unique identifier; and
means for communicating with the WTRU via the second access network using IP in response to a transition of the WTRU from the first access network to the second access network.
9. A method implemented within at least one network node of providing wireless telecommunication services, the method comprising:
maintaining a mobility policy and a list of a plurality of access networks that can be connected by a wireless transmit/receive unit, WTRU, wherein at least two of the plurality of access networks are based on different access technologies;
communicating with the WTRU via a first access network using Internet protocol, IP;
acquiring a unique identifier of the WTRU;
sending mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the unique identifier; and
communicating with the WTRU via a second access network using IP in response to the transition of the WTRU from the first access network to the second access network,
wherein at least one of the first access network and the second access network is included within a list of the plurality of access networks.
10. A network node configured to provide wireless telecommunication services, the network node comprising:
means for maintaining mobility policies and a list of a plurality of access networks to which a wireless transmit/receive unit (WTRU) is capable of connecting, wherein at least two of the plurality of access networks are based on different access technologies;
means for communicating with the WTRU via a first access network using Internet protocol, IP;
means for obtaining a unique identity of the WTRU;
means for sending mobility-related information regarding the first and second access networks to the WTRU based on the mobility policy and the unique identifier; and
means for communicating with the WTRU via a second access network using IP in response to a transition of the WTRU from the first access network to the second access network,
wherein at least one of the first access network and the second access network is included within a list of the plurality of access networks.
11. A method implemented within a mobility information server, the method comprising:
maintaining a mobility policy and a list of a plurality of access networks that can be connected by a wireless transmit/receive unit, WTRU, wherein the plurality of access networks includes a first access network of a first access technology type and a second access network of a second access technology different from the first access technology;
communicating with the WTRU via the first access network of the first access technology type using Internet protocol, IP;
acquiring a unique identifier of the WTRU;
transmitting mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the unique identification; and
communicating with the WTRU via a second access network of a second access technology type using IP on a condition that the WTRU transitions from the first access network of the first access technology type to the second access network of the second access technology type.
12. The method of claim 11, wherein the mobility information server is an application server autonomous access ASAA server.
13. The method according to claim 11, wherein the mobility related information comprises access network characteristic data information or network capability information.
14. A mobility information server, the mobility information server comprising:
means for maintaining mobility policies and a list of a plurality of access networks that can be connected by a wireless transmit/receive unit, WTRU, wherein the plurality of access networks includes a first access network of a first access technology type and a second access network of a second access technology different from the first access technology;
means for communicating with the WTRU via the first access network of the first access technology type using Internet protocol, IP;
means for transmitting mobility-related information regarding the first access network and the second access network to the WTRU based on the mobility policy and the unique identity of the WTRU; and
means for communicating with the WTRU via a second access network of a second access technology type using IP on a condition that the WTRU transitions from the first access network of the first access technology type to the second access network of the second access technology type.
15. A method implemented in a wireless transmit/receive unit, WTRU, the method comprising:
the WTRU communicating with a mobility information server via a first access network of a first access technology type using Internet protocol, IP;
the WTRU receiving mobility-related information from the mobility information server, wherein the mobility-related information includes information about the first access network and a second access network based on a mobility policy and a unique identity of the WTRU, wherein the mobility information server maintains the mobility policy and a list of a plurality of access networks that can be connected by the WTRU, wherein the plurality of access networks includes a first access network of a first access technology type and a second access network of a second access technology different from the first access technology;
the WTRU transitioning from the first access network of the first access technology type to the second access network of the second access technology type based on the mobility-related information; and
the WTRU communicates with the mobility information server via the second access network of the second access technology type using IP.
16. The method of claim 15, wherein the mobility information server is an application server autonomous access ASAA server.
17. The method of claim 15 further comprising transmitting a unique identity of the WTRU to the mobility information server.
18. The method of claim 15, further comprising receiving the mobility-related information via a push service.
19. A wireless transmit/receive unit, WTRU, comprising:
means for communicating with a mobility information server via a first access network of a first access technology type using internet protocol, IP;
means for receiving mobility-related information from the mobility information server, wherein the mobility-related information includes information about the first access network and a second access network based on a mobility policy and a unique identity of the WTRU, wherein the mobility information server maintains the mobility policy and a list of a plurality of access networks that can be connected by the WTRU, wherein the plurality of access networks includes a first access network of a first access technology type and a second access network of a second access technology different from the first access technology;
means for switching from the first access network of the first access technology type to the second access network of the second access technology type based on the mobility-related information; and
means for communicating with the mobility information server via the second access network of the second access technology type using IP.
HK13100814.9A 2003-11-12 2013-01-18 Network node, mobility information server, wtru and method HK1173866B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US51944003P 2003-11-12 2003-11-12
US60/519,440 2003-11-12
US62309104P 2004-10-28 2004-10-28
US60/623,091 2004-10-28

Publications (2)

Publication Number Publication Date
HK1173866A1 HK1173866A1 (en) 2013-05-24
HK1173866B true HK1173866B (en) 2016-07-15

Family

ID=

Similar Documents

Publication Publication Date Title
TWI391004B (en) System for application server autonomous access across diferent types of access technology networks
KR100704202B1 (en) Wireless LAN Access Authentication System
US8150370B2 (en) Authentication system, authentication method and authentication data generation program
KR101170191B1 (en) Improved subscriber authentication for unlicensed mobile access signaling
WO2009008627A2 (en) A method of establishing fast security association for handover between heterogeneous radio access networks
US20200169885A1 (en) Method and system for supporting security and information for proximity based service in mobile communication system environment
US20060268743A1 (en) Information portable terminal apparatus and wireless communication system
KR101105552B1 (en) Secure roaming between wireless access points
US7136646B1 (en) Method and apparatus for electing an identification confirmation information
HK1173866B (en) Network node, mobility information server, wtru and method
HK1094380A (en) System for application server autonomous access across different types of access technology networks
MXPA06005181A (en) System for application server autonomous access across different types of access technology networks
KR101095481B1 (en) FMC service providing system and method of providing the same