Patent Grant
8781483
This disclosure relates to controlling access to private access points for wireless networking.
Cellular wireless communications systems are designed to serve many access terminals distributed in a large geographic area by dividing the area into cells, as shown in
The 1xEV-DO protocol has been standardized by the Telecommunication Industry Association (TIA) as TIA/EIA/IS-856, “CDMA2000 High Rate Packet Data Air Interface Specification,” 3GPP2 C.S0024-0, Version 4.0, Oct. 25, 2002, which is incorporated herein by reference. Revision A to this specification has been published as TIA/EIA/IS-856A, “CDMA2000 High Rate Packet Data Air Interface Specification,” 3GPP2 C.S0024-A, Version 2.0, July 2005. Revision A is also incorporated herein by reference. Revision B to this specification has been published as TIA/EIA/IS-856-B, 3GPP2 C.S0024-B and is also incorporated herein by reference. Other wireless communication protocols may also be used.
In general, in one aspect, an invitation to use a personal access point to access a wireless network is transmitted to an access terminal. An indication that the invitation has been accepted is received and the personal access point is authorized to provide the access terminal with access to the network.
Implementations may include one or more of the following features. The invitation uniquely identifies the base station. Authorizing the personal access point to provide the access terminal with access to the network includes adding the access terminal to a list of access terminals authorized to access the network through the personal base station. A second indication withdrawing acceptance of the invitation is received and the personal access point is deauthorized from providing the access terminal with access to the network. An identification of the personal access point is added to a list of access points the access terminal is authorized to use to access the wireless network. A second indication is received withdrawing acceptance of the invitation, and the identification of the personal access point is removed from the list of access points the access terminal is authorized to use to access the wireless network. Transmitting the invitation includes transmitting a text message conveying the invitation. Receiving the indication includes receiving a text message conveying the indication. Receiving the second indication includes receiving a text message conveying the second indication. After an expiration time, the personal access point is deauthorized from providing the access terminal with access to the network. The expiration time is associated with the invitation. The expiration time is included in the indication that the invitation has been accepted. Transmitting the invitation includes generating a token and transmitting the token to the access terminal, and receiving the indication that the invitation has been accepted includes receiving a message from the access terminal including a second token corresponding to the result of performing a mathematical operation on the first token.
In general, in one aspect, an invitation to use a personal access point to access a wireless network is transmitted to an access terminal. Before an expiration time passes, an indication that the invitation has been accepted is received, and the personal access point is authorized to provide the access terminal with access to the network.
In general, in one aspect, an invitation to use a personal access point to access a wireless network is transmitted to an access terminal, an indication that the invitation has been accepted is received, it is confirmed that the indication was received from the access terminal, and the personal access point is authorized to provide the access terminal with access to the network.
Implementations may include one or more of the following features. The confirming includes, in response to receiving the indication that the owner of the access terminal has accepted the invitation, transmitting a confirmation message to the access terminal and receiving a message in response to the confirmation message. The confirming includes, in response to receiving the indication that the owner of the access terminal has accepted the invitation, generating a token and transmitting the token to the access terminal, and receiving a message based on the token from the access terminal. Receiving the message based on the token includes receiving a message including a second token corresponding to the result of performing a mathematical operation on the first token.
In general, in one aspect, at an access terminal, an invitation to use a personal access point to access a wireless network is received, an instruction to accept the invitation is received from an operator of the access terminal, and an acceptance of the invitation is communicated.
Implementations may include one or more of the following features. Communicating the acceptance of the invitation includes performing a mathematical operation on a first token associated with the invitation to form a second token and transmitting the second token to a source of the invitation. Communicating the acceptance of the invitation includes transmitting an indication that the operator accepts the invitation, receiving a first token, performing a mathematical operation on the first token to form a second token, and transmitting the second token to a source of the first token. An identification of the personal access point is added to a list of access points maintained in a memory of the access terminal. Receiving the instruction includes accessing a memory of the access terminal in which the instruction is stored.
In general, in one aspect, a text message is received that includes instructions for controlling access to a component of a wireless network, and the instructions are automatically implemented.
Advantages include providing the user of an access terminal the ability to control which personal access the access terminal uses to access the wireless network, increasing security. The authenticity of the user's authorization can be confirmed. Malicious users are prevented from using personal access points to intercept others' information.
Other aspects may include these and other features and aspects, alone and in other combinations, expressed as apparatus, methods, program products, means for performing functions, and systems, and in other ways.
Other features and advantages will be apparent from the description and the claims.
Referring to
In some examples, as shown in
When an authorized access terminal 206 is present inside the home (or anywhere within range of the private access point 202), it may use the private access point 202 rather than a regular cellular radio network access point such as access point 108 to place or receive voice calls and data connections, even if the access terminal is otherwise within the cell 102 for that access point 108. We sometimes refer to the standard access point 108 as a macro access point or macro BTS to distinguish it from a private access point, as it provides direct access to the wider RAN.
A neighboring home 210 may have its own private access point 212 connected to its cable modem 214 for use by its owner's access terminal 216. One respect in which a private access point deployment may be different from traditional radio network deployment is that neighboring private access points are intended to operate independently, in part because real-time communications is difficult between neighboring private access points. one respect in which the intended private access point deployment may also be different from a WiFi® deployment is that private access points are intended to operate in a licensed spectrum. Some details and examples are discussed in co-pending applications Ser. No. 11/640,501, titled Provisioning Private Access Points for Wireless Networking, and Ser. No. 11/640,503, titled Configuring Preferred User Zone Lists for Private Access Points for Wireless Networking, both filed Dec. 15, 2006, and incorporated here by reference.
Access lists of authorized access terminals for each private access point can be configured on a central server and distributed to the private access points. Information to locate and access the private access points can be distributed to access terminals using an over-the-air parameter administration (OTAPA) system. Access terminals may also retrieve access information from the configuration server themselves.
In a traditional cellular network, the network informs the access terminals about which access points are available to them, and software in the access terminals decides which of the available access points the access terminal should use. Because personal access points are not under the physical control of the network operator, such access points may be maliciously modified (e.g., by their owners) to inappropriately monitor or intercept calls made by access terminals that are using the access points to access the network. The system described below can prevent interception and other bad acts by giving access terminal operators control over which access points their access terminals use to access the network.
As shown in
In the example of
If the user accepts the invitation, the cell phone 302 sends an acceptance 312 back to the SMS application server 306. The acceptance may simply be a reply SMS message with no new content, or it may include additional information. The additional information may include a time limit that the cell phone's operator wants to place on the acceptance, or whether it is a permanent acceptance or the owner wants the opportunity to accept or decline an invitation every time he uses the access point 300. In cases where the invitation is sent directly to the user's cell phone 302 from the access point 300, the acceptance may still be sent to the SMS application server 306 so that, for example, the network operator can maintain control over which access terminals use which access points. For example, the network operator may not trust personal access points to maintain their own access controls. In some examples, the user of the cell phone 302 may have pre-configured the phone to automatically accept some or all invitations. In some examples, the user may be required to not only affirmatively accept an invitation but to provide a password or some other authentication before doing so.
Upon receiving the acceptance 312, the SMS application server 306 communicates an authorization 314 to the access point 300 or to the other network components 304. The authorization may be an instruction to add the cell phone 302 to a list of access terminals that are authorized to use the access point 300. This list is referred to as an access list. The access list may be stored at the access point itself or at another network component. Maintaining control of which access terminals may use a given personal access point at a location other than the access point itself has the advantage of preventing the access point's owner from modifying the access list so that the access point will provide access to access terminals that it is not authorized to serve.
In some examples, the SMS application server 306 does not make the determination that the authorization should be issued. Instead, the SMS application server 306 relays the details of the acceptance (or the acceptance itself) to another network component to make that determination. The authorization 314 may also be communicated to the cell phone 302, for example, to confirm that the acceptance 312 was validated and it is now authorized to use the access point 300. Control of whether the user's cell phone 302 (and other access terminals) can use the personal access point 300 (and other similar access points) may be maintained in several ways. Lists may be maintained indicating which access terminals may use a given access point, which access points may service a given access terminal, or conditions under which a given access terminal may use a given access point. Such lists may be maintained on the access terminals, the access points, or on other network components. For example, a list of which access terminals to provide with network access may be maintained on the personal access point 300. If the network operator does not want to maintain the list at the personal access point (e.g., because it does not trust access points it does not directly control or because it is too costly or difficult to update lists on access points), it may maintain such a list at the radio network controller or at some other component of the network.
Once the access point 300 has been authorized to provide the cell phone 302 with access to the network, control and data signals 316 and 318 are passed between the cell phone 302 and the access point 300 and between the access point 300 and the other network components 304.
In some examples, an expiration time 328 is associated with the invitation 310 or authorization 314. The expiration time may be a time within which the user of the cell phone 302 must accept the invitation or it may be a time at which the authorization will end, with or without a limit on when the invitation is accepted. The user of the cell phone 302 may also withdraw his acceptance of the invitation by sending a withdrawal message 320. This message could be a SMS message sent in reply to the original invitation 310, if the cell phone 302 retained a copy of it, or it could be an original message, for example, one identifying the access point 300 by name and including a command to stop using that access point. In response to an express withdrawal or the expiration of a time limit or other condition, the SMS server 306 or another network component 304 will send a deauthorization command 322 to tell the access point 300, cell phone 302, or any other network components that need to know that the access point 300 is no longer authorized to serve the cell phone 302. As with the authorization 314, the deauthorization 322 may originate from network components 304 other than the SMS application server 306.
In some examples, the authenticity of the acceptance 312 received from the access terminal may be verified. This may be used to prevent malicious operators of personal access points from spoofing the acceptance message. As shown in
Although the techniques described above employ the 1xEV-DO air interface standard, the techniques are also applicable to other CDMA and non-CDMA air interface technologies in which messages can be passed between access terminals and other network components.
The techniques described herein can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. The techniques can be implemented as a computer program product, i.e., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable storage device, for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple computers. A computer program can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
Method steps of the techniques described herein can be performed by one or more programmable processors executing a computer program to perform functions of the invention by operating on input data and generating output. Method steps can also be performed by, and apparatus of the invention can be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit). Modules can refer to portions of the computer program and/or the processor/special circuitry that implements that functionality.
Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in special purpose logic circuitry.
To provide for interaction with a user, the techniques described herein can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer (e.g., interact with a user interface element, for example, by clicking a button on such a pointing device). Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
The techniques described herein can be implemented in a distributed computing system that includes a back-end component, e.g., as a data server, and/or a middleware component, e.g., an application server, and/or a front-end component, e.g., a client computer having a graphical user interface and/or a Web browser through which a user can interact with an implementation of the invention, or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet, and include both wired and wireless networks.
The computing system can include clients and servers. A client and server are generally remote from each other and typically interact over a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
Other embodiments are within the scope of the following claims and other claims to which the applicant may be entitled. The following are examples for illustration only and not to limit the alternatives in any way. The techniques described herein can be performed in a different order and still achieve desirable results.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6529491 | Chang et al. | Mar 2003 | B1 |
| 6711144 | Kim et al. | Mar 2004 | B1 |
| 6731618 | Chung et al. | May 2004 | B1 |
| 6741862 | Chung et al. | May 2004 | B2 |
| 6781999 | Eyuboglu et al. | Aug 2004 | B2 |
| 7170871 | Eyuboglu et al. | Jan 2007 | B2 |
| 7200391 | Chung et al. | Apr 2007 | B2 |
| 7242958 | Chung et al. | Jul 2007 | B2 |
| 7277446 | Abi-Nassif et al. | Oct 2007 | B1 |
| 7299278 | Ch'ng | Nov 2007 | B2 |
| 7558356 | Pollman et al. | Jul 2009 | B2 |
| 7558588 | To et al. | Jul 2009 | B2 |
| 7603127 | Chung et al. | Oct 2009 | B2 |
| 7899706 | Stone et al. | Mar 2011 | B1 |
| 20020196749 | Eyuboglu et al. | Dec 2002 | A1 |
| 20030100311 | Chung et al. | May 2003 | A1 |
| 20030100320 | Ranjan | May 2003 | A1 |
| 20050213555 | Eyuboglu et al. | Sep 2005 | A1 |
| 20050228723 | Malik | Oct 2005 | A1 |
| 20050243749 | Mehrabanzad et al. | Nov 2005 | A1 |
| 20050245279 | Mehrabanzad et al. | Nov 2005 | A1 |
| 20060067422 | Chung | Mar 2006 | A1 |
| 20060067451 | Pollman et al. | Mar 2006 | A1 |
| 20060074765 | Crawford et al. | Apr 2006 | A1 |
| 20060121916 | Aborn et al. | Jun 2006 | A1 |
| 20060126509 | Abi-Nassif et al. | Jun 2006 | A1 |
| 20060159045 | Ananthaiyer et al. | Jul 2006 | A1 |
| 20060184997 | La Rotonda et al. | Aug 2006 | A1 |
| 20060240782 | Pollman et al. | Oct 2006 | A1 |
| 20060291420 | Ng | Dec 2006 | A1 |
| 20060294241 | Cherian et al. | Dec 2006 | A1 |
| 20070026884 | Rao | Feb 2007 | A1 |
| 20070058628 | Palnati et al. | Mar 2007 | A1 |
| 20070077948 | Sharma et al. | Apr 2007 | A1 |
| 20070097916 | Eyuboglu et al. | May 2007 | A1 |
| 20070115896 | To et al. | May 2007 | A1 |
| 20070140172 | Garg et al. | Jun 2007 | A1 |
| 20070140184 | Garg et al. | Jun 2007 | A1 |
| 20070140185 | Garg et al. | Jun 2007 | A1 |
| 20070140218 | Nair et al. | Jun 2007 | A1 |
| 20070155329 | Mehrabanzad et al. | Jul 2007 | A1 |
| 20070220573 | Chiussi et al. | Sep 2007 | A1 |
| 20070230419 | Raman et al. | Oct 2007 | A1 |
| 20070238442 | Mate et al. | Oct 2007 | A1 |
| 20070238476 | Sharma et al. | Oct 2007 | A1 |
| 20070242648 | Garg et al. | Oct 2007 | A1 |
| 20070248042 | Harikumar et al. | Oct 2007 | A1 |
| 20080003988 | Richardson | Jan 2008 | A1 |
| 20080013488 | Garg et al. | Jan 2008 | A1 |
| 20080062925 | Mate et al. | Mar 2008 | A1 |
| 20080065752 | Ch'ng et al. | Mar 2008 | A1 |
| 20080069020 | Richardson | Mar 2008 | A1 |
| 20080069028 | Richardson | Mar 2008 | A1 |
| 20080076398 | Mate et al. | Mar 2008 | A1 |
| 20080117842 | Rao | May 2008 | A1 |
| 20080119172 | Rao et al. | May 2008 | A1 |
| 20080120417 | Harikumar et al. | May 2008 | A1 |
| 20080139203 | Ng et al. | Jun 2008 | A1 |
| 20080146232 | Knisely | Jun 2008 | A1 |
| 20080151843 | Valmikam et al. | Jun 2008 | A1 |
| 20080159236 | Ch'ng et al. | Jul 2008 | A1 |
| 20080162924 | Chinitz et al. | Jul 2008 | A1 |
| 20080162926 | Xiong et al. | Jul 2008 | A1 |
| 20080195741 | Wynn et al. | Aug 2008 | A1 |
| 20080253550 | Ch'ng et al. | Oct 2008 | A1 |
| 20080254792 | Ch'ng | Oct 2008 | A1 |
| 20090029728 | Shen et al. | Jan 2009 | A1 |
| 20090034440 | Samar et al. | Feb 2009 | A1 |
| 20090082020 | Ch'ng et al. | Mar 2009 | A1 |
| 20090088155 | Kim | Apr 2009 | A1 |
| 20090116445 | Samar et al. | May 2009 | A1 |
| 20090154447 | Humblet | Jun 2009 | A1 |
| 20090156165 | Raghothaman et al. | Jun 2009 | A1 |
| 20090156195 | Humblet | Jun 2009 | A1 |
| 20090156218 | Garg et al. | Jun 2009 | A1 |
| 20090163202 | Humblet et al. | Jun 2009 | A1 |
| 20090163216 | Hoang et al. | Jun 2009 | A1 |
| 20090163238 | Rao et al. | Jun 2009 | A1 |
| 20090164547 | Ch'ng et al. | Jun 2009 | A1 |
| 20090168766 | Eyuboglu et al. | Jul 2009 | A1 |
| 20090168788 | Den et al. | Jul 2009 | A1 |
| 20090170440 | Eyuboglu et al. | Jul 2009 | A1 |
| 20090170475 | Ch'ng et al. | Jul 2009 | A1 |
| 20090170520 | Jones | Jul 2009 | A1 |
| 20090170547 | Raghothaman et al. | Jul 2009 | A1 |
| 20090172169 | Ramaswamy et al. | Jul 2009 | A1 |
| 20090172397 | Kim | Jul 2009 | A1 |
| 20090186626 | Raghothaman et al. | Jul 2009 | A1 |
| 20090262697 | To et al. | Oct 2009 | A1 |
| 20090327713 | Marin et al. | Dec 2009 | A1 |
| 20100272100 | Buckley | Oct 2010 | A1 |
| Number | Date | Country |
|---|---|---|
| 0643543 | Aug 1994 | EP |
| 2452688 | Mar 2009 | GB |
| 2461444 | Jan 2010 | GB |
| WO2008128040 | Oct 2008 | WO |
| Entry |
|---|
| International Search Report and Written Opinion mailed Sep. 15, 2008 in corresponding PCT application No. PCT/US2008/060030 (26 pages). |
| International Preliminary Report on Patentability mailed Oct. 22, 2009 in corresponding PCT application No. PCT/US2008/060030 (11 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024, version 2, Oct. 27, 2000 (441 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024-A, version 2, Jul. 2005 (1227 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024-B, version 1, Apr. 2006 (1623 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024-B, version 2, Mar. 2007 (1627 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024, version 4, Oct. 25, 2002 (548 pages). |
| 3rd Generation Partnership Project 2 “3GPP2”, “cdma2000 High Rate Packet Data Interface Specification”, C.S0024-A, version 1, Mar. 2004 (1083 pages). |
| Examination Report from corresponding United Kingdom application No. GB0918096.9 mailed Aug. 19, 2011 (2 pages). |
| Response to Examination Report from corresponding United Kingdom application No. GB0918096.9 mailed May 5, 2011, filed on Jul. 4, 2011, 10 pages. |
| Examination Report from corresponding United Kingdom application No. GB0918096.9 mailed May 5, 2011 (3 pages). |
| Number | Date | Country | |
|---|---|---|---|
| 20080254792 A1 | Oct 2008 | US |
