Patent Application
20230413145
Example embodiments of the present disclosure generally relate to the field of telecommunication, and in particular, to a terminal device, a set of access network devices, a set of core network device, methods, apparatuses and a computer readable storage medium for switching over without disconnection of access network.
Non-seamless wireless local area network (WLAN) offload (NSWO) is based on the principle that a terminal device connects to a WLAN network and authenticates with an authentication procedure with an Authentication Server Function (AUSF) via a NSWO network function (NSWOF). After the successful authentication, the terminal device is not registered in the 3GPP network at this point in time and has no Non-Access Stratum (NAS) or user plane connectivity to the 5G core network (5GC). However, if the terminal device needs to perform a 5G registration via this WLAN at a later time, such registration and access procedures of the terminal device may need to be optimized.
In general, example embodiments of the present disclosure provide a solution for switching over without disconnection of access network.
In a first aspect, there is provided a first apparatus of a terminal device. The first apparatus of a terminal device comprises at least one processor; and at least one memory including computer program codes; the at least one memory and the computer program codes being configured to, with the at least one processor, cause the first apparatus to: receive an internal indication of the switchover from a second apparatus of the terminal device separable from the first apparatus; switch from a first context associated with the first traffic to a second context associated with the second traffic; and send a response to the second apparatus of the terminal device to indicate that the switching is completed.
In a second aspect, there is provided a second apparatus of a terminal device. The second apparatus of a terminal device comprises at least one processor; and at least one memory including computer program codes. The processor is configured to cause the second apparatus to: determine a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point; transmit an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point; and establish a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In a third aspect, there is provided a first access point. The first access point comprising: a processor; and a transceiver communicatively coupled to the processor. The processor is configured to cause the first access point to: receive, from a terminal device, a first indication protected by a first key for a connection between the terminal device and the first access point; decrypt the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point; and transmit a second indication of the switchover to the second access point.
In a fourth aspect, there is provided a second access point. The second access point comprising: a processor; and a transceiver communicatively coupled to the processor. The processor is configured to cause the second access point to: receive, from a first access point, an indication of a switchover by a terminal device from a first traffic associated with the first access point to a second traffic associated with the second access point, a first connection between the terminal device and the first access point being protected by a first key; and establish a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In a fifth aspect, there is provided a method performed by a first apparatus of a terminal device. The method comprises: receiving an internal indication of the switchover from a second apparatus of the terminal device; and switching, from a first context associated with the first traffic to a second context associated with the second traffic; and sending, a response to the second apparatus of the terminal device to indicate that the switching is completed.
In a sixth aspect, there is provided a method performed by a second apparatus of a terminal device. The method comprises: determining a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point; transmitting, an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point; and establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In a seventh aspect, there is provided a method performed by a first access point. The method comprises: receiving a first indication protected by a first key for a connection between the terminal device and the first access point; decrypting the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point; and transmitting a second indication of switchover to the second access point.
In an eighth aspect, there is provided a method performed by a second access point. The method comprises: receiving an indication of a switchover by a terminal device from a first traffic associated with the first access point to a second traffic associated with the second access point, a first connection between the terminal device and the first access point being protected by a first key; and establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In a ninth aspect, there is provided an apparatus. The apparatus comprising: means for receiving, at a first apparatus of a terminal device, an internal indication of the switchover from a second apparatus of the terminal device; and means for switching, from a first context associated with the first traffic to a second context associated with the second traffic; and means for sending, a response to the second apparatus of the terminal device to indicate that the switching is completed.
In a tenth aspect, there is provided an apparatus. The apparatus comprising: means for determining, at a second apparatus of a terminal device, a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point; means for transmitting, an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point; and means for establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In an eleventh aspect, there is provided an apparatus. The apparatus comprising: means for receiving, at a first access point from a terminal device, a first indication protected by a first key for a connection between the terminal device and the first access point; means for decrypting the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point; and means for transmitting a second indication of switchover to the second access point.
In a twelfth aspect, there is provided an apparatus. The apparatus comprising: means for receiving, at a second access point from a first access point, an indication of a switchover by a terminal device from a first traffic associated with the first access point to a second traffic associated with the second access point, a first connection between the terminal device and the first access point being protected by a first key; and means for establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In a thirteenth aspect, there is provided a non-transitory computer readable medium comprising program instructions for causing an apparatus to perform at least the method in the fifth, sixth, seventh, and eighth aspects.
It is to be understood that the summary section is not intended to identify key or essential features of embodiments of the present disclosure, nor is it intended to be used to limit the scope of the present disclosure. Other features of the present disclosure will become easily comprehensible through the following description.
Some example embodiments will now be described with reference to the accompanying drawings, in which:
Throughout the drawings, the same or similar reference numerals represent the same or similar elements.
Principle of the present disclosure will now be described with reference to some example embodiments. It is to be understood that these embodiments are described only for the purpose of illustration and help those skilled in the art to understand and implement the present disclosure, without suggesting any limitation as to the scope of the disclosure. The disclosure described herein can be implemented in various manners other than the ones described below.
In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.
References in the present disclosure to “one embodiment,” “an embodiment,” “an example embodiment,” and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.
It shall be understood that although the terms “first” and “second” etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the listed terms.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises”, “comprising”, “has”, “having”, “includes” and/or “including”, when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/or combinations thereof.
As used in this application, the term “circuitry” may refer to one or more or all of the following:
This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
As used herein, the term “communication network” refers to a network following any suitable communication standards, such as Long Term Evolution (LTE), LTE-Advanced (LTE-A), Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), Narrow Band Internet of Things (NB-IoT) and so on. Furthermore, the communications between a terminal device and a network device in the communication network may be performed according to any suitable generation communication protocols, including, but not limited to, the fourth generation (4G), 4.5G, the future fifth generation (5G) communication protocols, and/or any other protocols either currently known or to be developed in the future. Embodiments of the present disclosure may be applied in various communication systems. Given the rapid development in communications, there will of course also be future type communication technologies and systems with which the present disclosure may be embodied. It should not be seen as limiting the scope of the present disclosure to only the aforementioned system.
As used herein, the term “network function” refers to a function in 5G core network, including at least one of Network Slice Selection Function (NSSF), Network Exposure Function (NEF), Network Repository Function (NRF), Policy Control Function (PCF), Unified Data Management (UDM), Application Function (AF), Non-seamless wireless local area network offload network function (NSWOF), trusted non-3GPP gateway function (TNGF), Authentication Server Function (AUSF), Access and Mobility Management Function (AMF), Session Management Function (SMF), and User Plane Function (UPF).
The term “terminal device” refers to any end device that may be capable of wireless communication. By way of example rather than limitation, a terminal device may also be referred to as a communication device, user equipment (UE), a Subscriber Station (SS), a Portable Subscriber Station, a Mobile Station (MS), or an Access Terminal (AT). The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, voice over IP (VoIP) phones, wireless local loop phones, a tablet, a wearable terminal device, a personal digital assistant (PDA), portable computers, desktop computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, vehicle-mounted wireless terminal devices, wireless endpoints, mobile stations, laptop-embedded equipment (LEE), laptop-mounted equipment (LME), USB dongles, smart devices, wireless customer-premises equipment (CPE), an Internet of Things (IoT) device, a watch or other wearable, a head-mounted display (HMD), a vehicle, a drone, a medical device and applications (for example, remote surgery), an industrial device and applications (for example, a robot and/or other wireless devices operating in an industrial and/or an automated processing chain contexts), a consumer electronics device, a device operating on commercial and/or industrial wireless networks, and the like. In the following description, the terms “terminal device”, “communication device”, “terminal” may be used interchangeably.
NSWO is based on the principle that a terminal device connects to a WLAN network and authenticates with an authentication procedure with an AUSF via a NSWOF. After the successful authentication, the terminal device is not registered in the 3GPP network at this point in time and has no NAS or user plane connectivity to the 5GC. However, if the terminal device wants to perform a 5G registration via this WLAN at a later time, assuming the WLAN broadcasts a 5GC connectivity, then the UE must first disconnect from the WLAN and then reconnect to the WLAN using the 5G registration via trusted non-3GPP access procedure. Such registration and access procedures of the terminal device may need to be optimized.
Disconnecting from the WLAN and then reconnecting to the same WLAN in order to perform 5G registration is not a good behavior, since the service needs to be interrupted. It is noted that the above mentioned WLAN network and the trusted Non-3GPP access network are just two examples of networks between which a terminal device may need to switch over. It is thus understood that if a terminal device is to switch between any two or more networks, there may be similar problems to that discussed above with reference to the WLAN network and the trusted Non-3GPP access network.
Example embodiments of the present disclosure provide a mechanism to solve the above discussed issues. The inventor finds that if the terminal device connects to a first network (for example, a WLAN network) based on a first authentication mechanism, such as the NSWO authentication; then the terminal device can perform a registration with a second network (for example, the trusted Non-3GPP access 5G registration) via this first network later, without having to disconnect and then re-connect to the first network again. This way, the service may not be interrupted through the example embodiments of the present disclosure. More particularly, some example embodiments of the present disclosure can simplify the process of trusted Non-3GPP access 5G registration, without interruption of the services. Principles and some example embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings.
The communication system 100 includes 5G core network functions NSSF 101, NEF 102, NRF 103, PCF 104, UDM 105, AF 106, NSWOF 107, TNGF 108, AUSF 109, AMF 110, SMF 111, UPF 114. The communication system 100 also includes a terminal device (TD) 112, a radio access network (RAN) 113, and a data network (DN) 115. According to example embodiments of the present disclosure, some network functions are directly related with the present disclosure, such as the TNGF 108, NSWOF 107, AMF 110, and AUSF 109. Those skilled in the art can understand that other network functions such as AMF 110 can also work in the switching process or after the switching.
First, the USIM part comprises a special software application that provides various functions like providing identifier and authentication of the user's subscription, security key generations, etc. The USIM comprises a tamper resistant secure hardware component, e.g., Universal Integrated Circuit Card (UICC). Second, the ME part denotes the wireless device comprising of hardware and software needed to communicate with the network. The ME may for example be a mobile phone, or smart phone, which can obtain network service when a USIM is inserted into it.
According to example embodiments of the present disclosure, in the process flow 150, the terminal device 112 comprises a first apparatus 113 and a second apparatus 114. The first apparatus may be a USIM, and the second apparatus may be a ME. A first access point 115 may be a WLAN AP, and a second access point 116 may be a trusted non-3GPP access point (TNAP).
According to example embodiments of the present disclosure, in step 117, the second apparatus 114 determines a switchover from a first traffic associated with the first access point 115 to a second traffic associated with the second access point 116. The ME determines a switchover from a NSWO WLAN offload traffic associated with the WLAN AP to a TNAP traffic associated with the TNAP. In step 118, the second apparatus 114 sends an internal indication of the switchover to the first apparatus 113 of the terminal device separable from the second apparatus 114. The ME sends a GET IDENTITY message with “NSWO switch over indication” to the USIM. In step 119, the first apparatus 113 switches from a first context associated with the first traffic to a second context associated with the second traffic. The USIM switches the context from “SUCI 5G NSWO context” to “SUCI context”. In step 120, the first apparatus 113 sends a response to the second apparatus 114 to indicate that the switching is completed. The USIM sends response with SUCI associated with the TNAP to the ME. In step 121, the second apparatus 114 transmits a first indication of the switchover to the first access point 115, the indication being protected by a first key for a first connection between the terminal device and the first access point. The ME transmits a layer two (L2) message to the WLAN AP. The L2 message contains AN-parameters, NAS packet data unit (NAS-PDU), and “NSWO switch over indication” protected by WLAN keys. In step 122, the first access point 115 decrypts the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point. The WLAN AP decrypts the L2 message. In step 123, the first access point 115 transmits a second indication of the switchover to the second access point 116. The WLAN AP transmits the content of the decrypted L2 message to the TNAP. In step 124, establish a second connection between the terminal device and the second access point, the second connection being protected by a second key. Based on a TNAP key, a trusted non-3GPP access authentication is performed among the USIM, the ME, the WLAN AP, the TNAP.
According to example embodiments of the present disclosure, the TD 112 comprises a first apparatus and a second apparatus, or a USIM 201 and a ME 202. A first access point, or a WLAN AP 203, a second access point, or a TNAP 204 and the TNGF 108 may be implement in a same device 205. WLAN AP 203 and TNAP 204 are associated with the RAN 113 in
According to example embodiments of the present disclosure, in step 206, The TD 112 establishes a WLAN connection between the ME 202 and the WLAN AP 203, using procedures such as specified in IEEE 802.11. Step 207 is a NSWO authentication. After successful NSWO authentication, in step 208, the ME 202 derives WLAN keys from a master key. in step 209, the WLAN AP 203 derives the WLAN keys from the master key. In step 210, the TD 112 connects to WLAN access, route specific IP flows via the WLAN access without traversing the 3GPP core network. This way, the service is offloaded to the WLAN. Steps 206, 207, 208, 209, 210 are with NSWO authentication, and the USIM 201 uses Subscription Concealed Identifier (SUCI) 5G NSWO context.
According to example embodiments of the present disclosure, in step 211, the ME 202 determines a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point. The ME 202 determines a switchover from a NSWO WLAN offload traffic associated with the WLAN AP 203 to a TNAP traffic associated with the TNAP 204, without disconnection and re-connecting again, where the TD 112 needs to be authenticated once again by a 5G system (5GS).
According to example embodiments of the present disclosure, in step 212, the second apparatus of the terminal device sends an internal indication of the switchover to a first apparatus of the terminal device separable from the second apparatus. The ME 202 sends a GET IDENTITY message with “NSWO switch over indication” to the USIM 201. In step 213, the first apparatus switches from a first context associated with the first traffic to a second context associated with the second traffic. The USIM 213 switches the context from “SUCI 5G NSWO context” to “SUCI context”. In step 214, the first apparatus sends a response to the second apparatus of the terminal device to indicate that the switching is completed. The USIM 201 sends response with SUCI associated with the TNAP 204 to the ME 202.
According to example embodiments of the present disclosure, in step 215, the second apparatus transmits an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point. The ME 202 transmits a layer two (L2) message to the WLAN AP 203. The L2 message contains AN-parameters, NAS packet data unit (NAS-PDU), and “NSWO switch over indication” protected by WLAN keys.
According to example embodiments of the present disclosure, in step 216, the first access point decrypts the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point. The WLAN AP 203 decrypts the L2 message.
According to example embodiments of the present disclosure, in step 217, the first access point transmits a second indication of the switchover to the second access point. The WLAN AP 203 transmits the content of the decrypted L2 message to the TNAP 204.
According to example embodiments of the present disclosure, in step 218, the second access point forwards the second indication of the switchover to a gateway function. The TNAP 204 forwards the content of the decrypted L2 message to the TNGF 108.
According to example embodiments of the present disclosure, in step 219, establish a second connection between the terminal device and the second access point, the second connection being protected by a second key. Based on a TNAP key, a trusted non-3GPP access authentication is performed among the USIM 201, the ME 202, the WLAN AP 203, the TNAP 204, the TNGF 108, the DN 115, and a set of core network functions such as AMF 110 and AUSF 109. Optionally, after NAS connection is accepted, or Standalone Architecture (SA) has been established, the terminal device shall stop the WLAN key based message protection.
According to example embodiments of the present disclosure, in step 220, the gateway function transmits to the second access point, an indication of stopping encryption performed by the first access point for the terminal device. The TNGF 108 informs the WLAN AP 203 to stop the WLAN key based encryption because Internet Protocol Security (IPsec) based security has been established between the TD 112 and the TNGF 108. The indication is transmitted from the TNGF 108 to the TNAP 204 in step 220, then is forwarded to the WLAN AP 203 in step 221.
According to example embodiments of the present disclosure, according to the flow chart in
According to example embodiments of the present disclosure, the USIM 201, ME 202, WLAN AP 203, TNAP 204, TNGF 108, DN 115, NSWOF 107, AMF 110, and AUSF 109 in
According to example embodiments of the present disclosure, in step 301, the first access point synchronizes with the second access point. The WLAN AP 203 synchronizes with the TNAP 204.
According to example embodiments of the present disclosure, in step 302, the second access point transmits an Extensible Authentication Protocol (EAP) request to the first access point. The TNAP 204 transmits an EAP request with identity to the WLAN AP 203. All messages between the WLAN AP 203 and the ME 202 are WLAN key protected, the WLAN keys are derived during NSWO. These keys will be used till new keys are derived in trusted non-3GPP access authentication keys derivation phase. In step 303, the WLAN AP 203 transmits the EAP request to the ME 202.
According to example embodiments of the present disclosure, in step 304, the second apparatus transmits an indication of the switchover to the first access point. The ME 202 transmits an EAP response with identity to the WLAN AP 203. In step 305 and 306, the EAP response is transmitted from the WLAN AP 203 to the TNAP 204, then to the TNGF 108.
According to example embodiments of the present disclosure, according to the flow chart in
At block 401, the first apparatus of the terminal device receives an internal indication of the switchover from a second apparatus of the terminal device separable from the first apparatus. At block 402, the first apparatus of the terminal device switches from a first context associated with the first traffic to a second context associated with the second traffic. At block 403, the first apparatus of the terminal device sends a response to the second apparatus of the terminal device to indicate that the switching is completed. In this manner, the first apparatus of the terminal device can switch from the first context to the second context, without disconnection with the access network, and without interrupt of the service.
In some embodiments, a first traffic is associated with a first access point. Alternatively or additionally, the second traffic is associated with a second access point. Alternatively or additionally, the first context comprises a subscription concealed identifier (SUCI) 5G non-seamless wireless local area network (WLAN) offload (NSWO) context. Alternatively or additionally, the second context comprises a SUCI context. Alternatively or additionally, the response comprises a SUCI associated with the second access point. This way, the first apparatus of the terminal device can switch from a NSWO context to a SUCI context, without disconnection with the access network, and without interrupt of the service.
In some embodiments, the first apparatus further establishes a second connection between the terminal device and the second access point. This way, the first apparatus of the terminal device can switch from the first connection to the second connection.
In some embodiments, the first apparatus comprises a Universal Subscriber Identity Module (USIM). Alternatively or additionally, the second apparatus of the terminal device comprises a mobile equipment (ME) module of the terminal device. Alternatively or additionally, the first access point comprises a WLAN access point (AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first traffic comprises a NSWO traffic. Alternatively or additionally, the second traffic comprises a TNAP traffic. This way, the terminal device can switch from the NSWO traffic to the TNAP traffic, without disconnection with the access network, and without interrupt of the service.
At block 501, the second apparatus of the terminal device determines a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point. At block 502, the second apparatus of the terminal device transmits an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point. At block 503, the second apparatus of the terminal device establishes a second connection between the terminal device and the second access point, the second connection being protected by a second key. In this manner, the terminal device can switch from the first traffic to the second traffic, without disconnection with the access network, and without interrupt of the service.
In some embodiments, the second apparatus comprises a mobile equipment (ME) of the terminal device. Alternatively or additionally, the indication of the switchover is transmitted via a layer 2 (L2) message. This way, the terminal device can switch from the first traffic to the second traffic, without disconnection with the access network, and without interrupt of the service.
In some embodiments, the indication of the switchover comprises a non-seamless wireless local area network (WLAN) offload (NSWO) switch over indication. This way, the terminal can switch from the NSWO traffic to the TNAP traffic, without disconnection with the access network, and without interrupt of the service.
In some embodiments, the L2 message further comprises a non-access stratum (NAS) packet data unit (PDU). This way, service over NAS layer will not be interrupted.
In some embodiments, in order to establish the second connection, the second apparatus can perform, based on the second key, a trusted non-3GPP access authentication among a subscriber identity module of the terminal device, the ME module of the terminal device, the first access point, the second access point, a gateway function, a data network, and a set of core network functions. This way, the authentication of trusted non-3GPP access authentication can be completed, without disconnection of the access network, and without interruption of the service.
In some embodiments, the second apparatus may send an internal indication of the switchover to a first apparatus of the terminal device separable from the second apparatus. Then, the second apparatus can receive a response from the first apparatus of the terminal device to indicate that the switching is completed. This way, the second apparatus can make the first apparatus to switch from SUCI 5G NSWO context to SUCI 5G context, without disconnection with the access network.
In some embodiments, in order to send the internal indication, after transmitting the indication of the switchover to the first access point, the second apparatus may send the internal indication. This way, the second apparatus can inform the switchover to the first access point first, then request for indication from the first apparatus, without discussion of the access network.
In some embodiments, after receiving the response from the first apparatus, the second apparatus can transmit the indication of the switchover to the first access point. This way, the second apparatus can get the response of indication from the first apparatus first, then inform the switchover to the first access point, without discussion of the access network.
In some embodiments, the first apparatus comprises a Universal Subscriber Identity Module (USIM). Alternatively or additionally, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first traffic comprises a NSWO traffic. Alternatively or additionally, the second traffic comprises a TNAP traffic. Alternatively or additionally, the first key comprises a WLAN key. Alternatively or additionally, the second key comprises a TNAP key. This way, the terminal device can switch from the NSWO traffic protected by the WLAN key to the TNAP traffic protected by the TNAP key, without discussion of the access network, and without service interruption.
At block 601, the first access point receives, from a terminal device, a first indication protected by a first key for a connection between the terminal device and the first access point. At block 602, the first access point decrypts the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point. At block 603, the first access point transmits a second indication of the switchover to the second access point. In this manner, the first access point can be informed to switch over from the first traffic to the second traffic, without discussion of the access network, and without service interruption.
In some embodiments, the second indication of the switchover comprises contents of the first indication. In this way, the content of the first indication can be got and transmitted to the second access point, to inform the switchover.
In some embodiments, the first access point can further synchronize with the second access point, receive an identity request from the second access point, send the identity request to a mobile equipment (ME) module of the terminal device, receive an identity response from the ME module of the terminal device, and send the identity response to the second access point. This way, the first access point can help to switch over from the first traffic to the second traffic with the terminal. And the terminal can keep connection in the switchover.
In some embodiments, the identity request comprises an Extensible Authentication Protocol (EAP) request. Alternatively or additionally, the identity response comprises an EAP response. This way, the identity request and response can be transmitted more reliably.
In some embodiments, the first access point may further perform, based on a second key, a trusted non-3GPP access authentication with a subscriber identity module of the terminal device, a mobile equipment (ME) module of the terminal device, the second access point, a gateway function, a data network, and a set of core network functions; and receive, from the second access point, an indication of stopping encryption performed by the first access point for the terminal device. This way, the first access point can complete the trusted non-3GPP access authentication process with a second key, and informs the terminal device to stop encryption with WLAN key.
In some embodiments, the second key comprises a TNAP key. Alternatively or additionally, and the gateway function comprises a trusted non-3GPP gateway function (TNGF). This way, the first access point can help to switch over from the first traffic to the second traffic with the terminal device. And the terminal device can keep connection with the access network in the switchover.
In some embodiments, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first indication is transmitted via a layer 2 (L2) message. Alternatively or additionally, the first key comprises a WLAN key. This way, the terminal device can switch from a NSWO traffic to a TNAP traffic, and keep connection with the access network in switchover.
At block 701, the second access point receives, from a first access point, an indication of a switchover by a terminal device from a first traffic associated with the first access point to a second traffic associated with the second access point, a first connection between the terminal device and the first access point being protected by a first key. At block 702, the second access point establishes a second connection between the terminal device and the second access point, the second connection being protected by a second key. This way, the second access point can help the terminal device to switch from the first traffic to the second traffic, without disconnection of the access network.
In some embodiments, in order to establish the second connection, the second access point can perform, based on the second key, a trusted non-3GPP access authentication with a subscriber identity module of the terminal device, a mobile equipment (ME) module of the terminal device, the first access point, a gateway function, a data network, and a set of core network functions. This way, the second access point can complete the second connection with the terminal device, without disconnection with the access network.
In some embodiments, in order to establish the second connection, upon transmitting an indication of the switchover to a gateway function, the second access point can establish the second connection between the terminal device and the second access point. This way, the second access point can help the terminal device to establish the second connection, without disconnection with the access network.
In some embodiments, the second access point may further synchronize with the first access point, transmit an Extensible Authentication Protocol (EAP) request to the first access point, receive an EAP response from the first access point, and transmit the EAP response to a gateway function. In this manner, the switch over can be more reliable.
In some embodiments, the gateway function comprises a trusted non-3GPP gateway function (TNGF). This way, the second traffic can be established via the TNGF.
In some embodiments, for the sake of establishing the second connection, after transmitting the EAP response to the gateway function, the second access point may establish the second connection between the terminal device and the second access point. This way, the second traffic can be established more reliable.
In some embodiments, after establishing the second connection between the terminal device and the second access point, the second access point may receive, from a gateway function, an indication of stopping encryption performed by the first access point for the terminal device. Then, the second access point can transmit the indication to the first access point. This way, the second access point can inform the first access point to finish encryption with the first key.
In some embodiments, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the second key comprises a TNAP key. Alternatively or additionally, the indication of the switchover comprises layer 2 (L2) message contents. This way, the terminal device can switch from the NSWO traffic to the TNAP traffic, without disconnection of the access network, and without service interruption.
In some embodiments, an apparatus capable of performing the method 400 (for example, the first apparatus in the terminal device) may comprise means for receiving, an internal indication of the switchover from a second apparatus of the terminal device; and means for switching, from a first context associated with the first traffic to a second context associated with the second traffic; and means for sending, a response to the second apparatus of the terminal device to indicate that the switching is completed.
In some example embodiments, a first traffic is associated with a first access point, the second traffic is associated with a second access point. Alternatively or additionally, the first context comprises a subscription concealed identifier (SUCI) 5G non-seamless wireless local area network (WLAN) offload (NSWO) context. Alternatively or additionally, the second context comprises a SUCI context. Alternatively or additionally, the response comprises a SUCI associated with the second access point.
In some example embodiments, the apparatus further comprises: means for establishing a second connection between the terminal device and the second access point.
In some example embodiments, the apparatus comprises a Universal Subscriber Identity Module (USIM). Alternatively or additionally, the second apparatus of the terminal device comprises a mobile equipment (ME) module of the terminal device. Alternatively or additionally, the first access point comprises a WLAN access point (AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first traffic comprises a NSWO traffic. Alternatively or additionally, the second traffic comprises a TNAP traffic.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 400. In some embodiments, the means comprises at least one processor; and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
In some embodiments, an apparatus capable of performing the method 500 (for example, the second apparatus in the terminal device) may comprise means for determining, a switchover from a first traffic associated with a first access point to a second traffic associated with a second access point; means for transmitting, an indication of the switchover to the first access point, the indication being protected by a first key for a first connection between the terminal device and the first access point; and means for establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In some example embodiments, the apparatus comprises a mobile equipment (ME) of the terminal device. Alternatively or additionally, the indication of the switchover is transmitted via a layer 2 (L2) message.
In some example embodiments, the indication of the switchover comprises a non-seamless wireless local area network (WLAN) offload (NSWO) switch over indication.
In some example embodiments, the L2 message further comprises a non-access stratum (NAS) packet data unit (PDU).
In some example embodiments, the means for establishing the second connection comprises: means for performing, based on the second key, a trusted non-3GPP access authentication among a subscriber identity module of the terminal device, the ME module of the terminal device, the first access point, the second access point, a gateway function, a data network, and a set of core network functions.
In some example embodiments, the apparatus further comprises: means for sending an internal indication of the switchover to a first apparatus of the terminal device separable from the apparatus; and means for receiving a response from the first apparatus of the terminal device to indicate that the switching is completed.
In some example embodiments, the means for sending the internal indication comprises: means for in response to transmitting the indication of the switchover to the first access point, causing the apparatus to send the internal indication.
In some example embodiments, the apparatus further comprises: means for in response to receiving the response from the first apparatus, transmitting the indication of the switchover to the first access point.
In some example embodiments, the first apparatus comprises a Universal Subscriber Identity Module (USIM). Alternatively or additionally, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first traffic comprises a NSWO traffic. Alternatively or additionally, the second traffic comprises a TNAP traffic. Alternatively or additionally, the first key comprises a WLAN key. Alternatively or additionally, the second key comprises a TNAP key.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 500. In some embodiments, the means comprises at least one processor; and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
In some embodiments, an apparatus capable of performing the method 600 (for example, the first access point) may comprise means for receiving, from a terminal device, a first indication protected by a first key for a connection between the terminal device and the first access point; means for decrypting the first indication based on the first key to determine a switchover by the terminal device from a first traffic associated with the first access point to a second traffic associated with a second access point; and means for transmitting a second indication of switchover to the second access point.
In some example embodiments, the second indication of the switchover comprises contents of the first indication.
In some example embodiments, the apparatus further comprises: means for synchronizing with the second access point; receive an identity request from the second access point; means for sending the identity request to a mobile equipment (ME) module of the terminal device; means for receiving an identity response from the ME module of the terminal device; and means for sending the identity response to the second access point.
In some example embodiments, the identity request comprises an Extensible Authentication Protocol (EAP) request. Alternatively or additionally, the identity response comprises an EAP response.
In some example embodiments, the apparatus further comprises: means for performing, based on a second key, a trusted non-3GPP access authentication with a subscriber identity module of the terminal device, a mobile equipment (ME) module of the terminal device, the second access point, a gateway function, a data network, and a set of core network functions; and means for receiving, from the second access point, an indication of stopping encryption performed by the first access point for the terminal device.
In some example embodiments, the second key comprises a TNAP key. Alternatively or additionally, the gateway function comprises a trusted non-3GPP gateway function (TNGF).
In some example embodiments, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the first indication is transmitted via a layer 2 (L2) message. Alternatively or additionally, the first key comprises a WLAN key.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 600. In some embodiments, the means comprises at least one processor; and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
In some embodiments, an apparatus capable of performing the method 700 (for example, the second access point) may comprise means for receiving, from a first access point, an indication of a switchover by a terminal device from a first traffic associated with the first access point to a second traffic associated with the second access point, a first connection between the terminal device and the first access point being protected by a first key; and means for establishing a second connection between the terminal device and the second access point, the second connection being protected by a second key.
In some example embodiments, the means for establishing the second connection comprises: means for performing, based on the second key, a trusted non-3GPP access authentication with a subscriber identity module of the terminal device, a mobile equipment (ME) module of the terminal device, the first access point, a gateway function, a data network, and a set of core network functions.
In some example embodiments, the means for establishing the second connection comprises: means for in response to transmitting an indication of the switchover to a gateway function, establishing the second connection between the terminal device and the second access point.
In some example embodiments, the apparatus further comprises: means for synchronizing with the first access point; means for transmitting an Extensible Authentication Protocol (EAP) request to the first access point; means for receiving an EAP response from the first access point; and means for transmitting the EAP response to a gateway function.
In some example embodiments, the gateway function comprises a trusted non-3GPP gateway function (TNGF).
In some example embodiments, the means for establishing the second connection comprises: means for in response to transmitting the EAP response to the gateway function, establishing the second connection between the terminal device and the second access point.
In some example embodiments, the apparatus further comprises: means for in response to establishing the second connection between the terminal device and the second access point, receiving, from a gateway function, an indication of stopping encryption performed by the first access point for the terminal device; and means for transmitting the indication to the first access point.
In some example embodiments, the first access point comprises a wireless local area network access point (WLAN AP). Alternatively or additionally, the second access point comprises a trusted non-3GPP access point (TNAP). Alternatively or additionally, the second key comprises a TNAP key. Alternatively or additionally, the indication of the switchover comprises layer 2 (L2) message contents.
In some embodiments, the apparatus further comprises means for performing other steps in some embodiments of the method 700. In some embodiments, the means comprises at least one processor; and at least one memory including computer program code, the at least one memory and computer program code configured to, with the at least one processor, cause the performance of the apparatus.
The communication module 840 is for bidirectional communications. The communication module 840 has at least one antenna to facilitate communication. The communication interface may represent any interface that is necessary for communication with other network elements.
The processor 810 may be of any type suitable to the local technical network and may include one or more of the following: general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) and processors based on multicore processor architecture, as non-limiting examples. The device 800 may have multiple processors, such as an application specific integrated circuit chip that is slaved in time to a clock which synchronizes the main processor.
The memory 820 may include one or more non-volatile memories and one or more volatile memories. Examples of the non-volatile memories include, but are not limited to, a Read Only Memory (ROM) 824, an electrically programmable read only memory (EPROM), a flash memory, a hard disk, a compact disc (CD), a digital video disk (DVD), and other magnetic storage and/or optical storage. Examples of the volatile memories include, but are not limited to, a random access memory (RAM) 822 and other volatile memories that will not last in the power-down duration.
A computer program 830 includes computer executable instructions that are executed by the associated processor 810. The program 830 may be stored in the ROM 824. The processor 810 may perform any suitable actions and processing by loading the program 830 into the RAM 822.
The embodiments of the present disclosure may be implemented by means of the program 830 so that the device 800 may perform any process of the disclosure as discussed with reference to
In some example embodiments, the program 830 may be tangibly contained in a computer readable medium which may be included in the device 800 (such as in the memory 820) or other storage devices that are accessible by the device 800. The device 800 may load the program 830 from the computer readable medium to the RAM 822 for execution. The computer readable medium may include any types of tangible non-volatile storage, such as ROM, EPROM, a flash memory, a hard disk, CD, DVD, and the like.
Generally, various embodiments of the present disclosure may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. Some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device. While various aspects of embodiments of the present disclosure are illustrated and described as block diagrams, flowcharts, or using some other pictorial representations, it is to be understood that the block, apparatus, system, technique or method described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.
The present disclosure also provides at least one computer program product tangibly stored on a non-transitory computer readable storage medium. The computer program product includes computer-executable instructions, such as those included in program modules, being executed in a device on a target real or virtual processor, to carry out the method 400, 500, 600 or 700 as described above with reference to
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowcharts and/or block diagrams to be implemented. The program code may execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present disclosure, the computer program codes or related data may be carried by any suitable carrier to enable the device, apparatus or processor to perform various processes and operations as described above. Examples of the carrier include a signal, computer readable medium, and the like.
The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable medium may include but not limited to an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of the computer readable storage medium would include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the present disclosure, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in the context of separate embodiments may also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments separately or in any suitable sub-combination.
Although the present disclosure has been described in languages specific to structural features and/or methodological acts, it is to be understood that the present disclosure defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202241035291 | Jun 2022 | IN | national |
