The present disclosure relates generally to wireless networks, and in particular, inspecting data transferred over a wireless network to determine a charging and/or policy treatment.
In order to increase revenue, a mobile network operator (MNO) can attempt to increase the number of their subscribers. However, as population network connectivity reaches saturation, this may be difficult, resulting in competition from other MNOs that drives down prices and, ultimately, decreases revenue for the MNO.
For a better understanding of aspects of the various implementations described herein and to show more clearly how they may be carried into effect, reference is made, by way of example only, to the accompanying drawings.
In accordance with common practice the various features illustrated in the drawings may not be drawn to scale. Accordingly, the dimensions of the various features may be arbitrarily expanded or reduced for clarity. In addition, some of the drawings may not depict all of the components of a given system, method or device. Finally, like reference numerals may be used to denote like features throughout the specification and figures.
Numerous details are described herein in order to provide a thorough understanding of illustrative implementations shown in the drawings. However, the drawings merely show some example aspects of the present disclosure and are therefore not to be considered limiting. Those of ordinary skill in the art will appreciate from the present disclosure that other effective aspects and/or variants do not include all of the specific details described herein. Moreover, well-known systems, methods, components, devices and circuits have not been described in exhaustive detail so as not to unnecessarily obscure more pertinent aspects of the implementations described herein.
Various implementations disclosed herein include apparatuses, systems, and methods for inspecting data to determine a charging treatment. The method includes receiving, from a user equipment, first data including a request for content and sending, to a content provider system, the first data including the request for content. The method includes receiving, from the content provider system, second data including the requested content. The method includes inspecting the first data or the second data to determine the charging treatment for the requested content. The method includes sending, to the user equipment, the second data including the requested content while applying the charging treatment to the selected content.
As network connectivity of the general population reaches saturation, MNOs can attempt to increase their revenue by methods other than obtaining new subscribers. For example, an MNO can attempt to increase revenue by increasing the subscription cost per subscriber. In various implementations, an MNO can attempt to increase subscription cost per subscriber by offering content (such as video, audio, entertainment, etc.) provided by a content provider over the MNO's network.
In various implementations, the MNO provides the content to the subscriber (e.g., via an app) and charges the subscriber directly for content consumption (and network usage) while also reimbursing the content provider for use of their content. In various implementations, the content provider provides the content (e.g., via an app) and charges the subscriber directly for content consumption while also reimbursing the MNO for use of their network. In various implementations, the MNO transports the content free-of-charge (so-called “zero rating”) while recovering costs through bit-rate control of the content.
Tracking content consumption in order to implement these charging schemes (and others) can be difficult. In some embodiments, the app itself tracks the content consumed by the subscriber and reports back to the MNO (and/or the content provider) the bandwidth consumed. However, various such embodiments are not reliable as MNOs charging functions, do not scale well, and are not easy to integrate with existing charging functions. Further, such embodiments do not provide security capabilities for revenue protection, as the app can be manipulated by a user intent on fraud.
Accordingly, in various implementations, metadata associated with the content is passed in the form of a token from the content provider to the MNO. The MNO interprets the token as specifying a charging (and/or policy) treatment to be applied to the flow associated with the content.
The core network 110 and the content provider system 120 are coupled via a network 101. In various implementations, the network 101 includes any public or private LAN (local area network) and/or WAN (wide area network), such as an intranet, an extranet, a virtual private network, and/or portions of the Internet.
The core network 110 is coupled to an access node 130 that provides wireless network access to a user equipment 140 (e.g., a smartphone, a tablet, a laptop, etc.). Although
The core network 110 includes a network gateway 114 that serves as the interface for the core network 110 and the network 101. In various implementations, the network gateway 114 includes a PGW (PDN [packet data network] gateway). In various implementations, the network gateway 114 includes a GGSN (GPRS [general packet radio service] support node).
The core network 110 includes an access node gateway 113 that serves as a router for data from the network 101 to the access node 130. In various implementations, the access node gateway 113 includes an SGW (serving gateway). In various implementations, the access node gateway 113 includes an SGSN (serving GPRS support node).
The core network 110 includes a controller 111 and storage 112. The controller 111 serves to control high-level operation of the core network 110 through signaling messages (e.g., to the access node gateway 113 and/or the network gateway 114). In various implementations, the controller 111 includes an MME (mobile management entity). In various implementations, the storage 112 includes an HSS (home subscriber server) that stores information about the core network's subscribers.
Although certain components of the core network 110 are illustrated in
The network gateway 114 includes a policy/charging module 115 that inspects data incoming from the network 101 and applies policy and charging rules to the data. In various implementations, the policy/charging module includes a PCEF (policy and charging enforcement function). In various implementations, the policy/charging module 115 is controlled by a PCRF (policy and charging rules function) of the core network 110, separate from the network gateway 114.
The content provider system 120 includes a user plane 121 and a control plane 122. The control plane 122 communicates, via the network 101, with the user equipment 140, enabling the user equipment 140 to retrieve content. In various implementations, the control plane 122 provides a program guide (e.g., an EPG [electronic program guide] that lists video titles (live or VOD [video on demand]) that can be retrieved by the user equipment 140. In various implementations, the user equipment 140 authenticates with the control plane 122 and a subscriber profile stored by the content provider system 120 is used to provide an indication as to which content the user equipment 140 can retrieve. The user plane 121 receives requests for content from the user equipment 140 and, if properly authenticated, provides the content to the user equipment 140.
When the content provider system 120 receives a selection of content (e.g., a video title) from the user equipment 140, the control plane 121 provides an authenticated token to the user equipment 140 to be used by the user equipment 140 in requesting the content from the user plane 122.
In various implementations, the token 200 includes a charging field 240 that includes a value that indicates the charging treatment that the core network 110 is to apply to the flow including the selected content. The charging treatment can specify, for example, a cost to be charged a subscriber associated with the user equipment 140 and/or a cost to be charged to the content provider managing the content provider system 120. In various implementations, the charging treatment can specify a type of usage data to be stored, e.g., a time connected or a bandwidth used, that can be correlated to a cost by the core network 110, a component thereof (such as a the policy/charging module 115), or a separate billing system of the MNO.
In various implementations, the token 200 includes a policy field 250 that includes a value that indicates a policy treatment that the core network 110 is to apply to the flow including the selected content. The policy treatment can specify, for example, a QoS (quality of service) the core network 110 is to provide the flow.
In various implementations, the charging field 240 (and/or policy field 250) is generated on a per subscriber basis, the charging and/or policy treatment being selected by the control plane 121 based on subscriber properties (e.g., a media plan associated with an account logged into by the user equipment 140) and metadata of the selected content (e.g., whether the selected content is included in the media plan).
Although certain fields of the token 200 are illustrated in
The method 300 begins with a user equipment sending a selection of content to a content provider system (e.g., to the control plane 121 of the content provider system 120 of
The method 300 continues with the content provider system, in response to receiving the selection of content, sending a token to the user equipment. In various implementations, the token has the properties (including, but not limited to, the fields) of the token 200 of
The method 300 continues with the user equipment sending a request for the selected content, including the token, to the content provider system (e.g., the user plane 122 of the content provider system 120 of
In block 333, the core network (e.g., the network gateway 114 of the core network 110 of
In various implementations, the core network further determines a user identifier based on the token. In various implementations, the token includes a user identifier field that includes a value identifying the user equipment. If the core network determines that the user identifier based on the token fails to match a user identifier of the user equipment known to the core network, the core network does not send (in block 335) the data including the request for the selected content to the content provider system and/or does not send (in block 345, described below) the data including the selected content to the user equipment. Accordingly, the core network implements security technology to prevent a malicious user from having unauthorized access to services from the content provider system via tampering with the user equipment and impersonating a no-cost or low-cost token.
The method 300 continues with the content provider system, in response to receiving the request for the selected content, sending the selected content (now also “the requested content”) to the user equipment. Accordingly, in block 340, the core network receives, from the content provider system, data including the selected content and, in block 345, the core network sends, to the user equipment, the data including the selected content. In sending the selected content to the user equipment, the core network applies the charging and/or policy treatment to the data including the selected content. For example, in applying a charging treatment, the core network can store information regarding a cost to be charged a subscriber associated with the user equipment and/or a cost to be charged to the content provider managing the content provider system for forwarding the selected content from the content provider system to the user equipment. As another example, in applying a charging treatment, the core network can store a specified type of usage data, e.g., a time connected or a bandwidth used, that can be correlated to a cost by the core network, a component thereof (such as a the policy/charging module), or a separate billing system of the MNO. As another example, in applying a policy treatment, the core network can send the data including the selected content with a QoS indicated by the policy treatment.
In various implementations, such as when traffic over the network is encrypted with TLS (transport layer security), the core network is unable to inspect data to detect the token (as in block 333 of
The method 400 begins with a user equipment sending a selection of content to a content provider system (e.g., to the control plane 121 of the content provider system 120 of
The method 400 continues with the content provider system, in response to receiving the selection of content, sending a token to the user equipment. In various implementations, the token has the properties (including, but not limited to, the fields) of the token 200 of
The method 400 continues with the user equipment sending a request for the selected content, including the token, to the content provider system (e.g., the user plane 122 of the content provider system 120 of
In various implementations, the token is processed by the content provider system (e.g., the user plane 121 of the content provider system 120 of
The method 400 continues with the content provider system, in response to receiving the request for the selected content, sending the selected content (now also “the requested content”) to the user equipment. Accordingly, in block 440, the core network receives, from the content provider system, data including the selected content and, in block 445, the core network sends, to the user equipment, the data including the selected content.
In block 443, the core network (e.g., the network gateway 114 of the core network 110 of
In various implementations, the label includes two bytes for the charging value and/or policy value (included in the charging field and/or policy field of the token and a four-byte HMAC (hash-based message authentication code) signature calculated by applying a cryptographic hash function to the charging value and/or policy value and the packet payload (in order to prevent policy forging by mechanical attachment of the option field to a different packet) and, then, truncating the result to the first four bytes.
In sending the selected content to the user equipment (in block 445), the core network applies the charging and/or policy treatment to the data including the selected content. For example, in applying a charging treatment, the core network can store information regarding a cost to be charged a subscriber associated with the user equipment and/or a cost to be charged to the content provider managing the content provider system for forwarding the selected content from the content provider system to the user equipment. As another example, in applying a charging treatment, the core network can store a specified type of usage data, e.g., a time connected or a bandwidth used, that can be correlated to a cost by the core network, a component thereof (such as a the policy/charging module), or a separate billing system of the MNO. As another example, in applying a policy treatment, the core network can send the data including the selected content with a QoS indicated by the policy treatment.
The method 500 begins, in block 510, with the core network receiving, from a user equipment, first data including a request for content. The method 500 continues, in block 520, with the core network sending, to a content provider system, second data including the requested content.
The method 500 continues, in block 530, with the core network receiving, from the content provider system, second data including the requested content.
The method 500 continues, in block 540, with the core network inspecting the first data or the second data to determine a charging treatment for the requested content. In various implementations, the first data further includes a token indicating the charging treatment and inspecting the first data or the second data includes detecting the token in the first data and determining the charging treatment based on the token. In various implementations, the token further indicates a user identifier associated with the user equipment usable to validate the request for content. In various implementations, the core network validates the request for the content based on the user identifier. In various implementations, the content provider system validates the request for content based on the user identifier.
In various implementations, inspecting the first data or the second data includes detecting a label indicating the charging treatment in an unencrypted portion of the second data and determining the charging treatment based on the label. In various implementations, the unencrypted portion of the second data includes a TCP header.
The method 500 continues, at block 550, with the core network sending, to the user equipment, the second data including the requested content while applying the charging treatment to the requested content.
In various implementations, applying the charging treatment comprises storing information regarding a cost to be charged a subscriber associated with the user equipment and/or a cost to be charged (or reimbursed) to the content provider managing the content provider system. In various implementations, applying the charging treatment comprises storing a type of usage data specified by the charging treatment, e.g., a time connected or a bandwidth used, that can be correlated to a cost by the core network, a component thereof (such as a the policy/charging module), or a separate billing system of the MNO.
In various implementations, the charging treatment indicates a cost to be charged to the subscriber and a cost to be reimbursed to the content provider. In various implementations, the charging treatment indicates a cost to be charged to the content provider to reimburse the MNO for use of the core network. In various implementations, the charging treatment indicates a type of usage data to be stored, e.g., a time connected or a bandwidth used, that can be correlated to a cost by the core network, a component thereof (such as a the policy/charging module), or a separate billing system of the MNO.
In various implementations, in addition to inspecting the first data or the second data to determine the charging treatment, the core network inspects the first data or the second data to determine a policy treatment for the requested content and sends the second data to the user equipment according the policy treatment. In various implementations, sending the second data to the user equipment according the policy treatment includes sending the second data (e.g., content data) to the user equipment according to a specified quality-of-service. For example, in various implementations, data indicative of the policy treatment is sent to an access node by way of a controller and the access node provides (or enforces) the specified quality-of-service.
In some implementations, the communication buses 604 include circuitry that interconnects and controls communications between system components. The memory 606 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM or other random access solid state memory devices; and, in some implementations, include non-volatile memory, such as one or more magnetic disk storage devices, optical disk storage devices, flash memory devices, or other non-volatile solid state storage devices. The memory 606 optionally includes one or more storage devices remotely located from the CPU(s) 602. The memory 606 comprises a non-transitory computer readable storage medium. Moreover, in some implementations, the memory 606 or the non-transitory computer readable storage medium of the memory 606 stores the following programs, modules and data structures, or a subset thereof including an optional operating system 630 and a network gateway module 640. In some implementations, one or more instructions are included in a combination of logic and non-transitory memory. The operating system 630 includes procedures for handling various basic system services and for performing hardware dependent tasks. In some implementations, the network gateway module 640 is configured to connect user equipment to a network. To that end, the network gateway module 640 includes an interface module 641 and an inspection module 642.
In some implementations, the interface module 641 is configured to receive, from a user equipment, first data including a request for content. To that end, the interface module 641 includes a set of instructions 641a and heuristics and metadata 641b. In some implementations, the interface module 641 is further configured to send, to a content provider system, the first data including the request for content. In some implementations, the interface module 641 is further configured to receive, from the content provider system, second data including the requested content. In some implementations, the inspection module 642 is configured to inspect the first data or the second data to determine a charging treatment for the requested content. To that end, the inspection module 642 includes a set of instructions 642a and heuristics and metadata 62b. In some implementations, the interface module 641 is further configured to send, to the user equipment, the second data including the requested content while applying the charging treatment to the requested content.
Although the network gateway module 640, the interface module 641, and the inspection module 642 are illustrated as residing on a single computing device 600, it should be understood that in other embodiments, any combination of the network gateway module 640, the interface module 641, and the inspection module 642 can reside in separate computing devices in various implementations. For example, in some implementations, each of the network gateway module 640, the interface module 641, and the inspection module 642 reside on a separate computing device.
Moreover,
The present disclosure describes various features, no single one of which is solely responsible for the benefits described herein. It will be understood that various features described herein may be combined, modified, or omitted, as would be apparent to one of ordinary skill. Other combinations and sub-combinations than those specifically described herein will be apparent to one of ordinary skill, and are intended to form a part of this disclosure. Various methods are described herein in connection with various flowchart steps and/or phases. It will be understood that in many cases, certain steps and/or phases may be combined together such that multiple steps and/or phases shown in the flowcharts can be performed as a single step and/or phase. Also, certain steps and/or phases can be broken into additional sub-components to be performed separately. In some instances, the order of the steps and/or phases can be rearranged and certain steps and/or phases may be omitted entirely. Also, the methods described herein are to be understood to be open-ended, such that additional steps and/or phases to those shown and described herein can also be performed.
Some or all of the methods and tasks described herein may be performed and fully automated by a computer system. The computer system may, in some cases, include multiple distinct computers or computing devices (e.g., physical servers, workstations, storage arrays, etc.) that communicate and interoperate over a network to perform the described functions. Each such computing device typically includes a processor (or multiple processors) that executes program instructions or modules stored in a memory or other non-transitory computer-readable storage medium or device. The various functions disclosed herein may be embodied in such program instructions, although some or all of the disclosed functions may alternatively be implemented in application-specific circuitry (e.g., ASICs or FPGAs) of the computer system. Where the computer system includes multiple computing devices, these devices may, but need not, be co-located. The results of the disclosed methods and tasks may be persistently stored by transforming physical storage devices, such as solid state memory chips and/or magnetic disks, into a different state.
The disclosure is not intended to be limited to the implementations shown herein. Various modifications to the implementations described in this disclosure may be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other implementations without departing from the spirit or scope of this disclosure. The teachings of the invention provided herein can be applied to other methods and systems, and are not limited to the methods and systems described above, and elements and acts of the various embodiments described above can be combined to provide further embodiments. Accordingly, the novel methods and systems described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the methods and systems described herein may be made without departing from the spirit of the disclosure. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the disclosure.