Patent Application
20210168633
The present invention generally relates to the field of wireless communication and wireless data network architecture. More specifically, the present invention relates to methods, circuits, devices, systems and functionally associated computer executable code to support data services provided by one or more edge data service providers/applications running on edge computing resources, integral or otherwise functionally associated with a Radio Access Network (RAN) segment of a wireless communication network, to one or more wireless communication devices communicatively coupled to the wireless communication network through the RAN segment.
Since 2009, when for the first time the volume of data traffic over mobile network exceeded that of voice traffic, mobile data has more or less tripled each year in volume, thus taking over more and more of the mobile traffic in volume. In order to meet demand for low latency data services, Edge computing and Edge computing clouds are becoming part of the mobile network architecture standard.
Edge Computing is a new concept in Software Defined Networking and Virtualization Technology. The edge computing paradigm is focused on moving compute and storage to the edge of the network and connecting UEs to applications residing on these edge platformers or on enterprise networks, without the need to pass the traffic through the network core. Edge Computing solutions, be it Mobile Edge Computing (MEC), Open Edge Computing (OEC), Fog, CORD and Open CORD or any other concept of Software Defined Networking and Virtualization Technology at the edge, present an opportunity to provide new and exciting services to end users, including those associated with enterprise clouds.
Mobile communication network Edge computing enables a variety of services, including location based services. Additionally, as new ways of determining or estimating, with good precision, a location of each wireless communication device communicatively coupled to the network becomes possible, new opportunities to provide a wider variety of business oriented location based services are emerging.
There are different scenarios and use cases in which a communication network owner, be it a mobile operator, an enterprise or other, would like to create a service granularity for different groups of users at the edge of the network, enabling it to differentiate not only which services are available/accessible for each user, but also add additional accessibility features based for example on location, and also group UEs for different services. To support such a capability, the identity of each UE needs to be available in the RAN, but the 3GPP standardization prohibits sensitive user information such as IMEI, IMSI, MSISDN numbers to be passed down the mobile network beyond the EPC, thus this information can't be used in the RAN for UE identification.
Accordingly, there is a need for improved methods, circuits, device and systems for supporting edge data services. Accordingly, there is a need for improved methods, circuits, device and systems for providing an edge data service with identifying information about a mobile communication device (UE) connected to the network edge serviced by the edge data service.
The present invention includes methods, circuits, devices, systems and functionally associated computer executable code to support data services provided by one or more edge data service providers/applications running on edge computing resources, integral or otherwise functionally associated with a Radio Access Network (RAN) segment of a wireless communication network, to one or more wireless communication devices communicatively coupled to the wireless communication network through the RAN segment.
Embodiments of the present invention include methods of enabling a consistent user identity for UE's inside the RAN of mobile networks regardless of the transient properties of the UE's (such as IP and teid) and without revealing the UE's IMSI, MSISDN and IMEI information inside the RAN. Embodiments of the present invention overcome a UE identification limitation resulting from the 3GPP standardization prohibition on sensitive user information, such as IMEI, IMSI, MSISDN numbers, to be passed down the mobile network beyond the EPC. This this information can't be used in the RAN for UE identification, the present invention uses tokenization to convey various UE related information to the RAN and edge data services running therein.
Embodiments of the present invention enable a Network Operator to create a service granularity that can differentiate not only which services are available/accessible for each user/UE, but also add additional accessibility features based for example on location, and group UE's for access to/from specific edge hosted or otherwise related services and capabilities.
Embodiments of the present invention define a universal traceable identifier (UTID) which may be a hash string that may be generated by an edge gateway (EG), or a tokenizer contained therein, using a UE's personal information (IMSI, MSISDN, IMEI etc.) and some secret key. The UTIDs may be passed from the EG to different edge servers (ESs) located within the network edge environment of a RAN or RAN segment. The UTID may be passed as part of a data token generated by the EG tokenizer. UTIDs may be used by ES's as required to identify specific users/UE's and to configure edge connectivity/routing and edge data services for each specific UE based on the specific UE's user group affiliations and or based on the UE's unique identity.
According to further embodiments, each EG may maintain a table which associates different UE with different user permission groups (UPG's). A UPG, generated by an EG according to embodiments, may be a set of integers, representing the UE's permission group memberships/affiliations. The ESs, or data routing modules associated therewith, may use the different UPG values to steer/route specific data traffic passing through. The ES may perform UE data routing according to routing rules within a routing rule table accessible to the ES, and which table correlates UE user groups with routing policies for data from UE's associated with different user groups.
According to embodiments of the present invention, as exchange of information between the ES and the EG, may be triggered upon detection of a new Radio Access Bearer (RAB) issued to a UE connecting to the wireless communication network. The exchange may include a UE token query from the SE using the RAB identifier of the connecting UE. The exchange may also include a response by the EG including respective UTID and UPG information for the connecting UE associated with the RAB identifier, and optionally one or more IP addresses assigned to the UE by a network element.
Embodiments of the present invention may include a communication network having at least one network core with one or more network elements to perform each of one or more network management functions, including to management of wireless communication device (User Equipment—UE) related information. The exemplary network may also include at least one network edge, also known as computing edge, segment integral of otherwise functionally associated with a Radio Access Network portion of said communication network. The edge segment may include: (a) one or more wireless access nodes to which a UE associated with the network can communicatively couple; and (b) at least one edge computing resource to provide one or more edge data services to a communicatively coupled UE. A network edge gateway between said network core and said network edge segment may include a tokenizer to generate, using UE specific information, UE specific tokens and to send the UE specific tokens to the at least one edge computing resource.
A communication network according to embodiments of the present invention may include at least one edge computing resource with an edge server to manage data routing between a UE connected to said wireless access nodes, one or more edge data services and said network core. The edge server may adjust data routing for a given UE connected to an associated wireless network access node responsive to user permissions group (UPG) data contained in a token associated with the UE. The edge server may further include a data routing module which routes data for a given UE connected to an associated wireless network access node, either to said network core or to specific edge data services, responsive to user permissions group (UPG) data contained in a token associated with the given UE.
According to further embodiments, the edge server may include: (a) a Radio Access Bearer (RAB) detector which captures a RAB identifier associated with a UE that connected to a wireless network access node; and (b) a query generator to send a UE token request said edge gateway based on the captured RAB identifier to. The edge server may also include an Edge Data Service Manager to activate, configure or deny edge data services for a given UE connected to a wireless access node of said network based either on UPG data or a unique identifier of the UE extracted from a token associated with the UE. The Edge Data Service Manager may be adapted to pass the UPG and UE identifier data for the given UE to one or more edge data services. According to embodiments, one or more edge data services may be adapted to adjust services provided to a given UE based on UPG or on UE identifier data received for the given UE. The
According to embodiments, a UE specific token for a given UE includes, or is otherwise associated with, an universal traceable identifier (UTID) which enables an edge data service running on the at least one edge computing resource to determine identification information related to an account of the given UE. A UE specific token for a given UE may include user permission group (UPG) information relating to an account associated with the given UE and is usable by an edge data service running on the at least one edge computing resource to activate, configure or deny data service to the given UE.
According to embodiments, a tokenizer generates UE specific token for a given UE when the UE communicatively couples to a wireless access node of a network edge segment and a Radio Access Bearer (RAB) is initiated or otherwise assigned to the UE. The tokenizer may generate a token responsive to receiving a query from an edge server, wherein the query may include a Fully Qualified Tunnel Endpoint Identifier (F-TEID) allocated to the given UE upon RAB initiation. According to embodiments, the UE specific token may include identification of one or more public IP addressed allocated to the given EU by a network core element.
According to embodiments, two or more edge data services may use a UE specific token associated with a given UE to coordinate services provided to the given UE. Of the the edge data services may be a group attributes data source, such as a data table which stores data routing policies to be applied data from and to UE's associated with specific user groups.
The subject matter regarded as the invention is particularly pointed out and distinctly claimed in the concluding portion of the specification. The invention, however, both as to organization and method of operation, together with objects, features, and advantages thereof, may best be understood by reference to the following detailed description when read with the accompanying drawings in which:
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as “processing”, “computing”, “calculating”, “determining”, or the like, may refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities within the computing system's registers and/or memories into other data similarly represented as physical quantities within the computing system's memories, registers or other such information storage, transmission or display devices.
In addition, throughout the specification discussions utilizing terms such as “storing”, “hosting”, “caching”, “saving”, or the like, may refer to the action and/or processes of ‘writing’ and ‘keeping’ digital information on a computer or computing system, or similar electronic computing device, and may be interchangeably used. The term “plurality” may be used throughout the specification to describe two or more components, devices, elements, parameters and the like.
Some embodiments of the invention, for example, may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment including both hardware and software elements. Some embodiments may be implemented in software, which includes but is not limited to firmware, resident software, microcode, or the like.
Furthermore, some embodiments of the invention may take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system. For example, a computer-usable or computer-readable medium may be or may include any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
In some embodiments, the medium may be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Some demonstrative examples of a computer-readable medium may include a semiconductor or solid-state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), any composition and/or architecture of semiconductor based Non-Volatile Memory (NVM), any composition and/or architecture of biologically based Non-Volatile Memory (NVM), a rigid magnetic disk, and an optical disk. Some demonstrative examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read/write (CD-R/W), and DVD.
In some embodiments, a data processing system suitable for storing and/or executing program code may include at least one processor coupled directly or indirectly to memory elements, for example, through a system bus. The memory elements may include, for example, local memory employed during actual execution of the program code, bulk storage, and cache memories which may provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
In some embodiments, input/output or I/O devices (including but not limited to keyboards, displays, pointing devices, etc.) may be coupled to the system either directly or through intervening I/O controllers. In some embodiments, network adapters may be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices, for example, through intervening private or public networks. In some embodiments, modems, cable modems and Ethernet cards are demonstrative examples of types of network adapters. Other functionally suitable components may be used.
Turning now to
UTID's for each UE may be pre-registered on the EG and one or more servers on the Edge. Alternatively, the UTID's may be encoded to securely encapsulate in a secure manner respective UE identification information and the one or more servers may be programmed to extract the encapsulate identification information.
User Permission Group (UGP) information for each UE may be generated based on a coding scheme pre-agreed between the EG and SE, and the UGP information may be bundled with the UTID in a UE specific token.
Turning now to
The information flow between edge gateway and edge data and routing services running on edge computing resources, collectively referable to as edge server, can be better understood in reference to
This UTID, which is a hash string that may is generated by the EG from the UE personal information (IMSI, MSISDN, IMEI etc.) and some secret/shared key. The UTIDs may be passed from the EG to the different ESs. UTIDs may be used by ESs as required to identify specific users. Also passed back to the SE is a UE UPG which is a set of integers, representing the UE's permission group memberships or affiliations. The ESs may use the different UPGs to steer specific traffic passing through the edge segment according to the UE's UPG policies, which policies may be saved on a table integral or otherwise associated with the SE.
There are variant of the information exchange and corresponding edge server actions between embodiments of the present invention relating to: (a) general LTE networks, (b) enterprise in LTE/5G solutions; and (c) general 5G networks:
On the ES side, for generating queries for UTID & UPG upon detection of a new RABs, the ES may monitor the following S1-AP messages:
For operational purposes UPG numbers can be allocated in ranges, with each range for different purposes (different enterprises etc.).
The UPG returned to the ES may be a union of all individual matching results in the data structure.
The second data structure may be a dynamic data structure. The EG may build this data structure according to the following S-11 messages:
Where F-TIEDs, received from the EG during the request, are Key to the table.
The configuration of the required UPGs in the data structure of the EG and the optional traffic steering function in the ESs may be done using a well-defined API or any other way
Turning now to
Turning now to
Functions, operations, components and/or features described herein with reference to one or more embodiments, may be combined or otherwise utilized with one or more other functions, operations, components and/or features described herein with reference to one or more other embodiments, or vice versa. While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.
The present application claims the benefit of U.S. Provisional Patent Application 62/404,228 filed Oct. 2, 2019. The present invention is a continuation in part of U.S. patent application of U.S. patent application Ser. No. 16/442,520 filed Jun. 16, 2019, which in turn is a continuation of U.S. patent application Ser. No. 15/434,259 filed Feb. 16, 2017. The present invention is a continuation in part of U.S. patent application Ser. No. 15/434,536 filed Feb. 16, 2017. U.S. patent application Ser. Nos. 15/434,259 and 15/434,536 both claim the benefit of U.S. Provisional Patent Applications 62/295,522 and 62/295,521 both filed Feb. 16, 2016. The disclosures of each of the abovementioned applications is hereby incorporated herein by reference in its entirety.
| Number | Date | Country | |
|---|---|---|---|
| 62739886 | Oct 2018 | US | |
| 62295521 | Feb 2016 | US | |
| 62295522 | Feb 2016 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 15434259 | Feb 2017 | US |
| Child | 16442520 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 16442520 | Jun 2019 | US |
| Child | 16591560 | US | |
| Parent | 15434536 | Feb 2017 | US |
| Child | 15434259 | US |
