WO2019012470A1 - Systems and methods for providing computer program code between network entities in a wireless system and the execution thereof - Google Patents

Systems and methods for providing computer program code between network entities in a wireless system and the execution thereof Download PDF

Info

Publication number
WO2019012470A1
WO2019012470A1 PCT/IB2018/055152 IB2018055152W WO2019012470A1 WO 2019012470 A1 WO2019012470 A1 WO 2019012470A1 IB 2018055152 W IB2018055152 W IB 2018055152W WO 2019012470 A1 WO2019012470 A1 WO 2019012470A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer program
program code
functions
network entity
network
Prior art date
Application number
PCT/IB2018/055152
Other languages
French (fr)
Inventor
Jari Arkko
Michael Eriksson
Göran RUNE
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2019012470A1 publication Critical patent/WO2019012470A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • H04W8/12Mobility data transfer between location registers or mobility servers

Definitions

  • the present disclosure relates to a wireless system such as, e.g., a cellular communications system.
  • a method of operation of a first network entity in a wireless system comprises providing, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
  • the second network entity is enabled to execute the computer program code to perform one or more functions for the client device or the group of client devices in the wireless system.
  • the computer program code is for providing the one or more functions for the particular client device. Further, in some embodiments, the computer program code is for providing the one or more functions for the particular client device.
  • the wireless system is a cellular communications system
  • the particular client device is a particular wireless device
  • the first network entity is a first core network entity in a home network of the wireless device within the cellular communications system
  • the second network entity is a second core network entity in a visited network of the wireless device within the cellular communications system.
  • the computer program code is for providing the one or more functions for the particular group of client devices.
  • the particular group of client devices is identified by a group identity.
  • the particular group of client devices is a group of client devices having a packet data session with a particular data network.
  • the wireless system is a cellular
  • the particular group of client devices is a group of wireless devices served by the cellular communications system
  • the first network entity is a first core network entity in a home network of the particular group of wireless devices within the cellular communications system
  • the second network entity is a second core network entity in a visited network of the particular group of wireless devices within the cellular communications system.
  • the computer program code uses one or more internal Application Programming Interfaces (APIs) in the second network entity. In some embodiments, the computer program code uses one or more interfaces between the visited network and the home network. In some embodiments, the computer program code uses one or more interfaces either in the second network entity or the visited network that control functionality in the wireless device or the group of wireless devices.
  • APIs Application Programming Interfaces
  • the second network entity is an access server in a core network of the visited network within the cellular communications system.
  • the second network entity is an Access and Mobility Management Function (AMF) in a Fifth Generation (5G) core network of the visited network within the cellular communications system.
  • AMF Access and Mobility Management Function
  • the first network entity is an authentication server.
  • the authentication server is a 5G Authentication Server Function (AUSF).
  • the one or more functions comprise one or more functions conventionally performed by an authentication server.
  • the one or more functions comprise one or more functions conventionally performed by a Home Subscriber Server (HSS) in a Long Term Evolution (LTE) network.
  • HSS Home Subscriber Server
  • LTE Long Term Evolution
  • the one or more functions comprise: one or more functions related to real-time billing; one or more functions related to: control of local resources; Quality of Service (QoS), radio parameters, mobility, and/or parental filtering; one or more functions related to termination of a communication session of the particular wireless device or termination of communication sessions of the particular group of wireless devices; and/or one or more functions related to communication with the particular wireless device or the particular group of wireless devices.
  • QoS Quality of Service
  • the one or more functions comprise: one or more functions related to real-time billing; one or more functions related to: control of local resources; Quality of Service (QoS), radio parameters, mobility, and/or parental filtering; one or more functions related to termination of a communication session of the particular wireless device or termination of communication sessions of the particular group of wireless devices; and/or one or more functions related to communication with the particular wireless device or the particular group of wireless devices.
  • QoS Quality of Service
  • the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device.
  • the one or more functions normally performed in the home network of the particular wireless device comprise one or more functions related to real-time billing, one or more control plane functions, and/or one or more data plane functions.
  • the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device or in association with communication sessions of the particular group of wireless devices.
  • a first network entity for a wireless system is adapted to provide, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
  • a first network entity for a wireless system comprises a network interface, one or more processors, and memory comprising instructions executable by the one or more processors whereby the first network entity is operable to provide, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
  • a method of operation of a second network entity in a wireless system comprises receiving, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code.
  • the method further comprises loading the computer program code and executing the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
  • the computer program code is for providing the one or more functions for the particular client device.
  • the wireless system is a cellular communications system
  • the particular client device is a particular wireless device
  • the first network entity is a first core network entity in a home network of the wireless device within the cellular communications system
  • the second network entity is a second core network entity in a visited network of the wireless device within the cellular communications system.
  • the computer program code is for providing the one or more functions for the particular group of client devices.
  • the particular group of client devices is identified by a group identity.
  • the particular group of client devices is a group of client devices having packet data sessions with a particular data network.
  • the wireless system is a cellular
  • the particular group of client devices is a group of wireless devices served by the cellular communications system
  • the first network entity is a first core network entity in a home network of the particular group of wireless devices within the cellular communications system
  • the second network entity is a second core network entity in a visited network of the particular group of wireless devices within the cellular communications system.
  • the computer program code uses one or more internal APIs in the second network entity. In some embodiments, the computer program code uses one or more interfaces between the visited network and the home network. In some embodiments, the computer program code uses one or more interfaces either in the second network entity or the visited network that control functionality in the wireless device or the group of wireless devices.
  • the second network entity is an access server in a core network of the visited network within the cellular communications system. In some embodiments, the second network entity is an AMF in a 5G core network of the visited network within the cellular communications system.
  • the first network entity is an authentication server. In some embodiments, the authentication server is a 5G AUSF. In some embodiments, the one or more functions comprise one or more functions conventionally performed by an authentication server. In some embodiments, the one or more functions comprise one or more functions conventionally performed by a HSS in a LTE network.
  • the one or more functions comprise: one or more functions related to real-time billing; one or more functions related to control of local resources, QoS, radio parameters, mobility, and/or parental filtering; one or more functions related to termination of a communication session of the particular wireless device or termination of communication sessions of the particular group of wireless devices; and/or one or more functions related to communication with the particular wireless device or the particular group of wireless devices.
  • the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device.
  • the one or more functions normally performed in the home network of the particular wireless device comprise one or more functions related to real-time billing, one or more control plane functions, and/or one or more data plane functions.
  • the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device or in association with communication sessions of the particular group of wireless devices.
  • a second network entity for a wireless system is adapted to receive, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code.
  • the second network entity is further adapted to load the computer program code and execute the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
  • a second network entity for a wireless system comprises a network interface, one or more processors, and memory comprising instructions executable by the one or more processors whereby the second network entity is operable to receive, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code. Via execution of the instructions by the one or more processors, the second network entity is further operable to load the computer program code and execute the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
  • Figure 1 illustrates authentication and control of users in a
  • Figure 2 illustrates one example system in which embodiments of the present disclosure may be implemented
  • Figure 3 illustrates the operation of the system of Figure 2 according to some embodiments of the present disclosure
  • Figure 4 illustrates one example of a roaming architecture of a Fifth Generation (5G) cellular communication system in which embodiments of the present disclosure may be implemented.
  • 5G Fifth Generation
  • FIG. 5 through 7 illustrate example embodiments of a network node. Detailed Description
  • Radio Node As used herein, a "radio node” is either a radio access node or a wireless device.
  • Radio Access Node As used herein, a "radio access node” or “radio network node” is any node in a Radio Access Network (RAN) of a cellular communications network that operates to wirelessly transmit and/or receive signals.
  • a radio access node include, but are not limited to, a base station (e.g., a New Radio (NR) base station (gNB) in a Third Generation Partnership Project (3GPP) Fifth Generation (5G) NR network or an enhanced or evolved Node B (eNB) in a 3GPP Long Term Evolution (LTE) network), a high- power or macro base station, a low-power base station (e.g., a micro base station, a pico base station, a home eNB, or the like), and a relay node.
  • a base station e.g., a New Radio (NR) base station (gNB) in a Third Generation Partnership Project (3GPP) Fifth Generation (5G) NR network or an enhanced or evolved Node B (eNB)
  • a core network entity is an entity in a core network.
  • a core network entity is an entity that implements a function in the Evolved Packet Core (EPC) network (e.g., a Mobility Management Entity (MME), a Packet Data Network Gateway (P-GW), or the like) or a network function in the 5GC network (e.g., an Access and Mobility
  • EPC Evolved Packet Core
  • MME Mobility Management Entity
  • P-GW Packet Data Network Gateway
  • AMF Management Function
  • SMF Session Management Function
  • PCF Policy Control Function
  • a core network entity may be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function instantiated on an appropriate platform, e.g., a cloud infrastructure.
  • Wireless Device As used herein, a “wireless device” is any type of device that has access to (i.e., is served by) a cellular communications network by wirelessly transmitting and/or receiving signals to a radio access node(s). Some examples of a wireless device include, but are not limited to, a User Equipment device (UE) in a 3GPP network and a Machine Type Communication (MTC) device.
  • UE User Equipment device
  • MTC Machine Type Communication
  • Network Node is any node that is either part of the RAN or a node that implements a core network entity (e.g., a core network node or a node implementing a core network function).
  • a core network entity e.g., a core network node or a node implementing a core network function.
  • the embodiments disclosed herein relate to 5G core networks, but is also valid in a more general case of any access networks consisting of a "visited” network and a "home network,” or even a “Network Access Server” and a “central control point.” Aspects of this disclosure also extend beyond the core network, into various control aspects in the RAN.
  • Figure 1 illustrates an example Authentication, Authorization, and Accounting (AAA) arrangement in LTE and other networks and a possible 5F AAA (or Service-Based Architecture (SBA)) arrangement if the same architecture is adopted for 5G.
  • AAA Authentication, Authorization, and Accounting
  • 5F AAA Service-Based Architecture
  • the example in Figure 1 shows a typical network access arrangement that is found in most public access networks, such as cellular networks. This model is in use in the LTE generation of those networks, for instance, and is a possible arrangement also for the 5G generation.
  • the example shows specific 5G nodes including a client (e.g., a 5G UE), an access server (e.g., a 5G Access and Mobility Function (AMF) in a visited network or similarly a MME in a conventional LTE network), and an authentication server (e.g., a 5G
  • a client e.g., a 5G UE
  • an access server e.g., a 5G Access and Mobility Function (AMF) in a visited network or similarly a MME in a conventional LTE network
  • an authentication server e.g., a 5G
  • AUSF Authentication Server Function
  • HSS Home Subscriber Server
  • AUSF Authentication Server Function
  • SWn the SWn interface from non-3GPP networks
  • 5G the arrangements are similar to those in conventional LTE, but some of the interfaces are replaced from "legacy" protocols such as Diameter to more modern, web-based tools that can be used to build what 3GPP calls a "service-based architecture.” Nevertheless, the same functions reside in these networks, no matter what protocols are used.
  • the key function in the arrangement of Figure 1 is having a local access network (e.g., a visited network) ask a home network that knows the user (i.e., the subscriber) to perform authentication and decide to authorize the user's device to be used in the visited network.
  • this function is typically amended to provide a number of additional functions, e.g., set Quality of Service (QoS) parameters, keep a real-time count of the user's prepaid time remaining, provide location information that can be used in various ways, etc.
  • QoS Quality of Service
  • IP Internet Protocol
  • IMS Internet Multimedia call System
  • IP Internet Protocol
  • SIP Session Initiation Protocol
  • WebRTC One of the ways that Internet-based multimedia calls are handled today.
  • WebRTC calls are made from browsers, with the help of JavaScript programs running in the browser. What has been standardized for WebRTC are the APIs that these programs use, and the transmission of media from one user to another. But compared to the IMS model, there's far less specification of how the network and services work. There is no need, as most functions can be left to the server to implement in a way that it finds appropriate.
  • Systems and methods disclosed herein enable home network functions (e.g., LTE HSS or 5G AUSF) to transmit programs back to the visited network, e.g., as part of the AAA exchange associated with, for instance, subscriber authentication. These programs are then run in an environment that provides both access back to the home network in a manner that the program chooses (e.g., Hypertext Transfer Protocol (HTTP)) and control of local resources and functions associated with the user in question via APIs.
  • HTTP Hypertext Transfer Protocol
  • control of local resources e.g., QoS, radio parameters, and functions (e.g., mobility, parental filtering, etc.)
  • the solution includes three components: Ability to pass programs from a home network to a visited network.
  • This could be, for instance, JavaScript or other suitable language, passed as part of a traditional AAA exchange in an attribute, or as part of a Representational State Transfer (REST) -based API between home and visited networks.
  • REST Representational State Transfer
  • a JavaScript program could be passed merely as a fragment of code that is allowed to load additional modules, or a single reference to a program file that exists at a given Uniform Resource Locator (URL).
  • URL Uniform Resource Locator
  • the programs are allowed to do specific things and only those specific things.
  • the program may only need communication with the home network, communication with the UE, and use of the API functions only for the user and session that prompted the running of the program.
  • the programs are executed in an environment similar to NodeJS, but with some restrictions on what the programs are allowed to do or how much processing capacity can be used, and some new capabilities as well (see item 3 below).
  • APIs for basic functions that would enable control of the session and the user's traffic. For instance, the following set of API functions may be provided:
  • sandbox environment could allow sessions established to addresses specified in the visited-home network
  • IP version 6 IP version 6
  • ID the address prefix and the default interface Identifier
  • the execution environment could provide an API to a communications service such as NodeJS's HTTP module to the program,
  • the program could set various QoS parameters for the session.
  • the program could also set what treatment is needed for the packets belonging to the session, e.g., it could control whether mobility is needed to preserve IP addresses and Transmission Control Protocol (TCP) sessions as the device moves.
  • TCP Transmission Control Protocol
  • RAN and eNBs a central conflict between the Internet's use of more encryption and operator networks has been that, without understanding what is inside the packets, prioritization of traffic is difficult. If the home network is the content provider, or has a contract with the content provider, then providing traffic prioritization code to run in the visited network is one way of easing some of these issues.
  • the program can run during the entire length of the session and could, for instance, issue a command to terminate the session should that be needed for some reason. Only the session associated with the program can be terminated in this manner, not other sessions in the same network.
  • FIG. 2 illustrates one example system 10 in which embodiments of the present disclosure may be implemented.
  • the system 10 includes a client device 12 (e.g., a UE), an access server 14 (e.g., a 5G AMF), and an authentication server 16 (e.g., a 5G AUSF).
  • a client device 12 e.g., a UE
  • an access server 14 e.g., a 5G AMF
  • an authentication server 16 e.g., a 5G AUSF
  • the access server 14 is in a visited network of the client device 12 and the authentication server 16 is in a home network of the client device 12, where the visited network may include other network nodes/functions in addition to the access server 14 and the home network may include other network nodes/functions in addition to the authentication server 16.
  • the authentication server 16 provides computer program code (e.g., JavaScript code in the illustrated example) to the access server 14, e.g., during an AAA exchange (step 100).
  • the authentication server 16 may provide the computer program code to the access server 14 in any suitable manner.
  • the authentication server 16 provides the full computer program code to the access server 14.
  • the authentication server 16 provides a computer program fragment to the access server 14, where the computer program fragment is executed by the access server 14 to obtain the full computer program code (e.g., one or more additional modules) from a remote source (e.g., the authentication server 16).
  • the authentication server 16 provides a reference or link (e.g., a URL) to the computer program code that is used by the access server 14 to obtain the full computer program code from a remote source.
  • the computer program code is user- specific (i.e., specific for the particular user or client device 12). For instance, for one user, a program may be sent to monitor whether the user's prepaid account runs to zero. For another user, a program changing the way that the user's packets are routed is run, e.g., to insert a parental control filter.
  • the computer program code is, at least in some embodiments, for providing one or more functions for (i.e., related to) a particular user or client device 12.
  • the access server 14 loads the computer program code, e.g., into a sandbox (i.e., into a protected computing environment such as, e.g., a NodeJS in the case of the use of JavaScript) and executes the computer program code to thereby provide one or more functions (steps 102 and 104).
  • a sandbox i.e., into a protected computing environment such as, e.g., a NodeJS in the case of the use of JavaScript
  • interfaces e.g., APIs
  • APIs are utilized to enable the computer program code to access resources of the access server 14 and to communicate with the authentication server 16, as described above.
  • the interfaces may include one or more internal APIs of the access server 14, one or more interfaces of the visited network used to communicate with the home network (e.g., used to communicate with the authentication server 16 in the home network), and/or one or more interfaces of the access server 14 and/or the visited network that control functionality in the client device 12.
  • the one or more functions can be any desired functions such as, e.g., one or more functions that would normally be performed by the authentication server (e.g., by the 5G AUSF or LTE HSS).
  • Some non-limiting examples include real-time billing functions (e.g., counting an amount of data traffic sent or received by the client device 12, and tracking a currently remaining pre-paid amount of data for the client device 12), control of local resources at the access server 14, control of a QoS of a communication session of the client device 12, control of one or more radio parameters for a radio communication link (e.g., a radio bearer) between the client device 12 and an associated radio access network (e.g., a 5G radio access network), control of one or more mobility functions, parental filtering, termination of the communication session of the user of the client device 12 upon the occurrence of a given condition, communication with the client device 12, and/or the like.
  • real-time billing functions e.g., counting an amount of data traffic sent or received by the client device 12, and tracking a currently remaining pre-paid amount of data for the client device 12
  • control of local resources at the access server 14 control of a QoS of a communication session of the client device 12
  • the computer program code is user-specific. In other words, the computer program code is for performing one or more functions for a particular client device 12. However, in some other embodiments, the computer program code is user group specific. In other words, the computer program code is for performing one or more functions for a particular group of client devices 12.
  • the group of client devices 12 may be identified by a group identifier (e.g., an Evolved Packet System (EPS) Encrypted Mobile Subscriber Identity (EMSI)), identified by a Data Network Name (DNN) or the like for a data network to which the group of client devices 12 communicates, or the like.
  • EPS Evolved Packet System
  • EMSI Encrypted Mobile Subscriber Identity
  • DNN Data Network Name
  • the access server 14 obtains the computer program code, a fragment of the computer program code, or a reference to the computer program code for performing one or more functions for a particular group of client devices 12. Note that this may be performed once for the group or performed separately for each client device 12 in the group. For instance, a reference to the computer program code may be obtained in step 100. If the access server 14 has already downloaded the respective computer program code, e.g., for another client device 12 in the group, the access server 14 may not download the computer program code again. Once the computer program code is obtained and loaded, the computer program code is executed. The access server 14 may execute a separate instance of the computer code for each client device 12 in the group, e.g. in the case that the function(s) are user, or device, specific or may execute a single instance of the computer code for the group, e.g. in the case that the function(s) are group specific.
  • the authentication server 16 e.g., 5G AUSF
  • the access server 14 e.g., 5G AMF
  • the systems and methods disclosed herein can be extended to provide computer program code from a first network entity (e.g., a first core network entity), e.g. in a home network of a client device 12 or a group of client devices 12 to a second network entity (e.g., a second core network entity), e.g.
  • the function(s) may be any function(s) that would normally be performed in the home network for the client device 12 or the group of client devices 12 if the client device 12 or the group of client devices 12 was/were in the home network rather than the visited network.
  • the function(s) may be any policy or charging functions (e.g., billing, etc.), control plane functions (e.g., mobility related functions, etc.), and/or data plane functions (e.g., QoS, termination, packet filtering, parental controls, etc.).
  • Figure 4 is a block diagram that is reproduced from 3GPP Technical Specification (TS) 23.501 v15.1 .0 that illustrates the 5G roaming architecture.
  • the AUSF in the home network i.e., the Home Public Land Mobile Network (HPLMN)
  • HPLMN Home Public Land Mobile Network
  • the embodiments described herein can be extended to any of the interfaces (e.g., the N31 interface, the N24 interface, the N8 interface, the N16 interface, and/or the N9 interface) between the HPLMN and the Visited Public Land Mobile Network (VPLMN), e.g., to thereby provide computer program code to be executed by the respective network function in the VPLMN, e.g., in order to perform one or more functions that would normally be performed by the respective network function in the HPLMN.
  • the interfaces e.g., the N31 interface, the N24 interface, the N8 interface, the N16 interface, and/or the N9 interface
  • VPLMN Visited Public Land Mobile Network
  • Figure 5 is a schematic block diagram of a network node 18 (e.g., the access server 14 or the authentication server 16) according to some
  • the network node 18 is a physical network node that implements a core network entity such as the access server 14 (e.g., 5G AMF) or the authentication server 16 (e.g., 5G AUSF).
  • the network node 18 includes one or more processors 20 (e.g., Central Processing Units (CPUs), Application Specific Integrated Circuits
  • ASICs Digital Signal Processors
  • DSPs Digital Signal Processors
  • FPGAs Field Programmable Gate Arrays
  • memory 22 and/or the like
  • network interface(s) 24 In some embodiments, the functionality of the network node 18 (specifically the
  • functionality of the access server 14 or the authentication server 16) described above may be fully or partially implemented in software that is, e.g., stored in the memory 22 and executed by the processor(s) 20.
  • Figure 6 is a schematic block diagram that illustrates a virtualized embodiment of the network node 18 (e.g., the access server 14 or the
  • a "virtualized" network node 18 is a network node 18 in which at least a portion of the functionality of the network node 18 is implemented as a virtual component (e.g., via a virtual machine(s) executing on a physical processing node(s) in a network(s)).
  • the network node 18 includes one or more processing nodes 26 coupled to or included as part of a network(s) 28.
  • Each processing node 26 includes one or more processors 30 (e.g., CPUs, ASICs, DSPs, FPGAs, and/or the like), memory 32, and a network interface 34.
  • functions 36 of the network node 18 are implemented at the one or more processing nodes 26 (e.g., distributed across multiple processing nodes 26) in any desired manner.
  • some or all of the functions 36 of the network node 18 described herein are implemented as virtual components executed by one or more virtual machines implemented in a virtual environment(s) hosted by the processing node(s) 26.
  • a computer program including instructions which, when executed by the at least one processor 20, 30 causes the at least one processor 20, 30 to carry out the functionality of the network node 18 or a processing node 26 according to any of the embodiments described herein is provided.
  • a carrier containing the aforementioned computer program product is provided.
  • the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 22, 32).
  • FIG. 7 is a schematic block diagram of the network node 18 (e.g., the access server 14 or the authentication server 16) according to some other embodiments of the present disclosure.
  • the network node 18 includes one or more modules 38, each of which is implemented in software.
  • the module(s) 38 provide the functionality of the network node 18 described herein (e.g., the functionality of the access server 14 or the authentication server 16 as described herein, e.g., with respect to Figures 2, 3, and 4).
  • the functionality of the network node 18 described herein e.g., the functionality of the access server 14 or the authentication server 16 as described herein, e.g., with respect to Figures 2, 3, and 4.
  • Embodiment 1 A method of operation of a network node (16, 18), comprising: providing (100), to an access server (14), a computer program code; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code, the computer program code to be loaded and executed by the access server (14) to provide one or more functions.
  • Embodiment 2 The method of embodiment 1 wherein the computer program code uses interfaces within the network in which the access server (14) resides to provide at least one of the one or more functions.
  • Embodiment 3 The method of embodiment 2 wherein the interfaces comprise one or more internal APIs in the access server (14).
  • Embodiment 4 The method of embodiment 2 wherein the interfaces comprise one or more interfaces in the visited network.
  • Embodiment 5 The method of embodiment 2 wherein the interfaces comprise one or more interfaces either in the access server (14) or the visited network that control functionality in a client device (12).
  • Embodiment 6 The method of any one of embodiments 1 to 5 wherein the access server (14) is an access server in a core network of a cellular communications system.
  • Embodiment 7 The method of any one of embodiments 1 to 5 wherein the access server (14) is an AMF in a 5G core network.
  • Embodiment 8 The method of embodiment 6 or 7 wherein the access server (14) is in a visited network of an associated client device (12).
  • Embodiment 9 The method of embodiment 8 wherein the network node (16, 18) is a network node (18) in which an authentication server (16) is implemented, the authentication server (16) being in a home network of the associated client device (12).
  • Embodiment 10 The method of embodiment 9 wherein the
  • Embodiment 1 1 The method of embodiment 9 or 10 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server (e.g., conventionally performed by a LTE HSS).
  • Embodiment 12 The method of any one of embodiments 1 to 1 1 wherein the computer program code is user or client device specific.
  • Embodiment 13 The method of embodiment 12 wherein the one or more functions comprise one or more functions performed in association with a communication session of a respective user or client device (12).
  • Embodiment 14 A network node (16, 18) adapted to perform the method of any one of embodiments 1 to 13.
  • Embodiment 15 A network node (16, 18) comprising: a network interface (24); one or more processors (20); and memory (22) comprising instructions executable by the one or more processors (20) whereby the network node (16, 18) is operable to perform the method of any one of embodiments 1 to 9.
  • Embodiment 16 A network node (16, 18) comprising: one or more modules (38) operable to perform the method of any one of embodiments 1 to 13.
  • Embodiment 17 A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of embodiments 1 to 13.
  • Embodiment 18 A carrier containing the computer program of embodiment 17, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
  • Embodiment 19 A method of operation of a network node (14, 18), comprising: receiving (100), from another network node (16, 18), a computer program code, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code; loading (102) the computer program code; and executing (104) the computer program code to thereby provide one or more functions.
  • Embodiment 20 The method of embodiment 19 wherein the computer program code uses interfaces within the network in which the network node (14, 18) resides to provide at least one of the one or more functions.
  • Embodiment 21 The method of embodiment 20 wherein the interfaces comprise one or more internal APIs in the network node (14, 18).
  • Embodiment 22 The method of embodiment 20 wherein the interfaces comprise one or more interfaces in the visited network.
  • Embodiment 23 The method of embodiment 20 wherein the interfaces comprise one or more interfaces either in the network node (14, 18) or the visited network that control functionality in a client device (12).
  • Embodiment 24 The method of any one of embodiments 19 to 23 wherein the network node (14, 18) is a network node (18) implementing an access server (14) in a core network of a cellular communications system.
  • Embodiment 25 The method of embodiment 24 wherein the access server (14) is an AMF in a 5G core network.
  • Embodiment 26 The method of embodiment 24 or 25 wherein the access server (14) is in a visited network of an associated client device (12).
  • Embodiment 27 The method of embodiment 26 wherein the other network node (16, 18) is a network node (18) in which an authentication server (16) is implemented, the authentication server (16) being in a home network of the associated client device (12).
  • Embodiment 28 The method of embodiment 27 wherein the authentication server (16) is a 5G AUSF.
  • Embodiment 29 The method of embodiment 27 or 28 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server (e.g., conventionally performed by a LTE HSS).
  • an authentication server e.g., conventionally performed by a LTE HSS.
  • Embodiment 30 The method of any one of embodiments 19 to 29 wherein the computer program code is user or client device specific.
  • Embodiment 31 The method of embodiment 30 wherein the one or more functions comprise one or more functions performed in association with a communication session of a respective user or client device (12).
  • Embodiment 32 A network node (14, 18) adapted to perform the method of any one of embodiments 19 to 31 .
  • Embodiment 33 A network node (14, 18) comprising: a network interface (24); one or more processors (20); and memory (22) comprising instructions executable by the one or more processors (20) whereby the network node (14, 18) is operable to perform the method of any one of embodiments 19 to 31 .
  • Embodiment 34 A network node (14, 18) comprising: one or more modules (38) operable to perform the method of any one of embodiments 19 to 31 .
  • Embodiment 35 A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of embodiments 19 to 31.
  • Embodiment 36 A carrier containing the computer program of embodiment 35, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Systems and methods are disclosed herein for providing computer program code to a network entity (14) to enable the network entity to perform one or more functions, e.g., for a particular client device or a particular group of wireless devices. In some embodiments, a method of operation of a first network entity (16) in a wireless system comprises providing, to a second network entity (14), a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code (100). In this manner, the second network entity is enabled to execute the computer program code to perform the one or more functions for the client device or the group of client devices in the wireless system (104).

Description

SYSTEMS AND METHODS FOR PROVIDING COMPUTER PROGRAM CODE BETWEEN NETWORK ENTITIES IN A WIRELESS SYSTEM AND THE
EXECUTION THEREOF Related Applications
[0001 ] This application claims the benefit of provisional patent application serial number 62/532,81 1 , filed July 14, 2017, the disclosure of which is hereby incorporated herein by reference in its entirety. Technical Field
[0002] The present disclosure relates to a wireless system such as, e.g., a cellular communications system.
Background
[0003] The Third Generation Partnership Project (3GPP) is working on Fifth Generation (5G), and one of the planned changes it to implement a so-called Service-Based Architecture (SBA). This is currently being specified in 3GPP SA2 group, in the 5G core network architecture document 23.501 (see overall 5G architecture: 3GPP Technical Specification (TS) 23.501 V1 .0.0: 3rd Generation Partnership Project; Technical Specification Group Services and System
Aspects; System Architecture for the 5G System; Stage 2 (Release 15) and overall 5G procedures: 3GPP TS 23.502 VO.4.0: 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects;
Procedures for the 5G System; Stage 2 (Release 15)). The idea behind SBA is that a number of the interfaces within the core network (including roaming interfaces) are changed from legacy telecom style to modern, web-based Application Programming Interfaces (APIs). The details of these APIs are being worked on, and these details matter as different ways of using web technology will result in large differences in how flexible, easy to secure, future-proof, or efficient 5G core systems will be. Summary
[0004] Systems and methods are disclosed herein for providing computer program code to a network entity to enable the network entity to perform one or more functions, e.g., for a particular client device or a particular group of wireless devices. In some embodiments, a method of operation of a first network entity in a wireless system comprises providing, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code. In this manner, the second network entity is enabled to execute the computer program code to perform one or more functions for the client device or the group of client devices in the wireless system.
[0005] In some embodiments, the computer program code is for providing the one or more functions for the particular client device. Further, in some
embodiments, the wireless system is a cellular communications system, the particular client device is a particular wireless device, the first network entity is a first core network entity in a home network of the wireless device within the cellular communications system, and the second network entity is a second core network entity in a visited network of the wireless device within the cellular communications system.
[0006] In some other embodiments, the computer program code is for providing the one or more functions for the particular group of client devices. Further, in some embodiments, the particular group of client devices is identified by a group identity. In some other embodiments, the particular group of client devices is a group of client devices having a packet data session with a particular data network. In some embodiments, the wireless system is a cellular
communications system, the particular group of client devices is a group of wireless devices served by the cellular communications system, the first network entity is a first core network entity in a home network of the particular group of wireless devices within the cellular communications system, and the second network entity is a second core network entity in a visited network of the particular group of wireless devices within the cellular communications system.
[0007] In some embodiments, the computer program code uses one or more internal Application Programming Interfaces (APIs) in the second network entity. In some embodiments, the computer program code uses one or more interfaces between the visited network and the home network. In some embodiments, the computer program code uses one or more interfaces either in the second network entity or the visited network that control functionality in the wireless device or the group of wireless devices.
[0008] In some embodiments, the second network entity is an access server in a core network of the visited network within the cellular communications system. In some embodiments, the second network entity is an Access and Mobility Management Function (AMF) in a Fifth Generation (5G) core network of the visited network within the cellular communications system.
[0009] In some embodiments, the first network entity is an authentication server. In some embodiments, the authentication server is a 5G Authentication Server Function (AUSF). In some embodiments, the one or more functions comprise one or more functions conventionally performed by an authentication server. In some embodiments, the one or more functions comprise one or more functions conventionally performed by a Home Subscriber Server (HSS) in a Long Term Evolution (LTE) network. In some embodiments, the one or more functions comprise: one or more functions related to real-time billing; one or more functions related to: control of local resources; Quality of Service (QoS), radio parameters, mobility, and/or parental filtering; one or more functions related to termination of a communication session of the particular wireless device or termination of communication sessions of the particular group of wireless devices; and/or one or more functions related to communication with the particular wireless device or the particular group of wireless devices.
[0010] In some embodiments, the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device. In some embodiments, the one or more functions normally performed in the home network of the particular wireless device comprise one or more functions related to real-time billing, one or more control plane functions, and/or one or more data plane functions.
[0011 ] In some embodiments, the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device or in association with communication sessions of the particular group of wireless devices.
[0012] In some embodiments, a first network entity for a wireless system is adapted to provide, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
[0013] In some embodiments, a first network entity for a wireless system comprises a network interface, one or more processors, and memory comprising instructions executable by the one or more processors whereby the first network entity is operable to provide, to a second network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
[0014] Systems and methods are disclosed herein for obtaining computer program code at a network entity to enable the network entity to perform one or more functions, e.g., for a particular client device or a particular group of wireless devices. In some embodiments, a method of operation of a second network entity in a wireless system comprises receiving, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code. The method further comprises loading the computer program code and executing the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
[0015] In some embodiments, the computer program code is for providing the one or more functions for the particular client device. In some embodiments, the wireless system is a cellular communications system, the particular client device is a particular wireless device, the first network entity is a first core network entity in a home network of the wireless device within the cellular communications system, and the second network entity is a second core network entity in a visited network of the wireless device within the cellular communications system.
[0016] In some embodiments, the computer program code is for providing the one or more functions for the particular group of client devices. In some embodiments, the particular group of client devices is identified by a group identity. In some other embodiments, the particular group of client devices is a group of client devices having packet data sessions with a particular data network. In some embodiments, the wireless system is a cellular
communications system, the particular group of client devices is a group of wireless devices served by the cellular communications system, the first network entity is a first core network entity in a home network of the particular group of wireless devices within the cellular communications system, and the second network entity is a second core network entity in a visited network of the particular group of wireless devices within the cellular communications system.
[0017] In some embodiments, the computer program code uses one or more internal APIs in the second network entity. In some embodiments, the computer program code uses one or more interfaces between the visited network and the home network. In some embodiments, the computer program code uses one or more interfaces either in the second network entity or the visited network that control functionality in the wireless device or the group of wireless devices.
[0018] In some embodiments, the second network entity is an access server in a core network of the visited network within the cellular communications system. In some embodiments, the second network entity is an AMF in a 5G core network of the visited network within the cellular communications system. [0019] In some embodiments, the first network entity is an authentication server. In some embodiments, the authentication server is a 5G AUSF. In some embodiments, the one or more functions comprise one or more functions conventionally performed by an authentication server. In some embodiments, the one or more functions comprise one or more functions conventionally performed by a HSS in a LTE network. In some embodiments, the one or more functions comprise: one or more functions related to real-time billing; one or more functions related to control of local resources, QoS, radio parameters, mobility, and/or parental filtering; one or more functions related to termination of a communication session of the particular wireless device or termination of communication sessions of the particular group of wireless devices; and/or one or more functions related to communication with the particular wireless device or the particular group of wireless devices.
[0020] In some embodiments, the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device. In some embodiments, the one or more functions normally performed in the home network of the particular wireless device comprise one or more functions related to real-time billing, one or more control plane functions, and/or one or more data plane functions.
[0021 ] In some embodiments, the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device or in association with communication sessions of the particular group of wireless devices.
[0022] In some embodiments, a second network entity for a wireless system is adapted to receive, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code. The second network entity is further adapted to load the computer program code and execute the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
[0023] In some embodiments, a second network entity for a wireless system comprises a network interface, one or more processors, and memory comprising instructions executable by the one or more processors whereby the second network entity is operable to receive, from a first network entity, a computer program code for providing one or more functions for a particular client device or a particular group of client devices, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code. Via execution of the instructions by the one or more processors, the second network entity is further operable to load the computer program code and execute the computer program code to thereby provide the one or more functions for the particular client device or the particular group of client devices.
Brief Description of the Drawings
[0024] The accompanying drawing figures incorporated in and forming a part of this specification illustrate several aspects of the disclosure, and together with the description serve to explain the principles of the disclosure.
[0025] Figure 1 illustrates authentication and control of users in a
conventional access network;
[0026] Figure 2 illustrates one example system in which embodiments of the present disclosure may be implemented;
[0027] Figure 3 illustrates the operation of the system of Figure 2 according to some embodiments of the present disclosure;
[0028] Figure 4 illustrates one example of a roaming architecture of a Fifth Generation (5G) cellular communication system in which embodiments of the present disclosure may be implemented; and
[0029] Figures 5 through 7 illustrate example embodiments of a network node. Detailed Description
[0030] The embodiments set forth below represent information to enable those skilled in the art to practice the embodiments and illustrate the best mode of practicing the embodiments. Upon reading the following description in light of the accompanying drawing figures, those skilled in the art will understand the concepts of the disclosure and will recognize applications of these concepts not particularly addressed herein. It should be understood that these concepts and applications fall within the scope of the disclosure.
[0031] Radio Node: As used herein, a "radio node" is either a radio access node or a wireless device.
[0032] Radio Access Node: As used herein, a "radio access node" or "radio network node" is any node in a Radio Access Network (RAN) of a cellular communications network that operates to wirelessly transmit and/or receive signals. Some examples of a radio access node include, but are not limited to, a base station (e.g., a New Radio (NR) base station (gNB) in a Third Generation Partnership Project (3GPP) Fifth Generation (5G) NR network or an enhanced or evolved Node B (eNB) in a 3GPP Long Term Evolution (LTE) network), a high- power or macro base station, a low-power base station (e.g., a micro base station, a pico base station, a home eNB, or the like), and a relay node.
[0033] Core Network Entity: As used herein, a core network entity is an entity in a core network. In other words, a core network entity is an entity that implements a function in the Evolved Packet Core (EPC) network (e.g., a Mobility Management Entity (MME), a Packet Data Network Gateway (P-GW), or the like) or a network function in the 5GC network (e.g., an Access and Mobility
Management Function (AMF), a Session Management Function (SMF), a Policy Control Function (PCF), or the like). A core network entity may be implemented either as a network element on a dedicated hardware, as a software instance running on a dedicated hardware, or as a virtualized function instantiated on an appropriate platform, e.g., a cloud infrastructure.
[0034] Wireless Device: As used herein, a "wireless device" is any type of device that has access to (i.e., is served by) a cellular communications network by wirelessly transmitting and/or receiving signals to a radio access node(s). Some examples of a wireless device include, but are not limited to, a User Equipment device (UE) in a 3GPP network and a Machine Type Communication (MTC) device.
[0035] Network Node: As used herein, a "network node" is any node that is either part of the RAN or a node that implements a core network entity (e.g., a core network node or a node implementing a core network function).
[0036] The embodiments disclosed herein relate to 5G core networks, but is also valid in a more general case of any access networks consisting of a "visited" network and a "home network," or even a "Network Access Server" and a "central control point." Aspects of this disclosure also extend beyond the core network, into various control aspects in the RAN.
[0037] Traditionally, most access networks have been built to authenticate and control users wishing to access them. This control is typically arranged as shown in Figure 1 . In particular, Figure 1 illustrates an example Authentication, Authorization, and Accounting (AAA) arrangement in LTE and other networks and a possible 5F AAA (or Service-Based Architecture (SBA)) arrangement if the same architecture is adopted for 5G.
[0038] The example in Figure 1 shows a typical network access arrangement that is found in most public access networks, such as cellular networks. This model is in use in the LTE generation of those networks, for instance, and is a possible arrangement also for the 5G generation. The example shows specific 5G nodes including a client (e.g., a 5G UE), an access server (e.g., a 5G Access and Mobility Function (AMF) in a visited network or similarly a MME in a conventional LTE network), and an authentication server (e.g., a 5G
Authentication Server Function (AUSF) in the home network or similarly a Home Subscriber Server (HSS) in conventional LTE), but there are obviously many other arrangements in other networks. In LTE networks, there are multiple other interfaces, such as the SWn interface from non-3GPP networks, that perform similar functions. In 5G, the arrangements are similar to those in conventional LTE, but some of the interfaces are replaced from "legacy" protocols such as Diameter to more modern, web-based tools that can be used to build what 3GPP calls a "service-based architecture." Nevertheless, the same functions reside in these networks, no matter what protocols are used.
[0039] The key function in the arrangement of Figure 1 is having a local access network (e.g., a visited network) ask a home network that knows the user (i.e., the subscriber) to perform authentication and decide to authorize the user's device to be used in the visited network. In addition, this function is typically amended to provide a number of additional functions, e.g., set Quality of Service (QoS) parameters, keep a real-time count of the user's prepaid time remaining, provide location information that can be used in various ways, etc.
[0040] The 3GPP system architecture is being changed to become more based on modern web technologies and Application Programming Interfaces (APIs), and less on traditional telecom protocols. As a part of that change, it makes sense to rethink not merely the underlying protocol details but also the mechanisms used.
[0041] One problem is that the pace of change in traditional AAA interfaces is limited by the speed of standardization. The interface between a visited and home network is necessarily a multi-vendor interface, and if all functions within that interface need to be explicitly standardized, this means that in practice major changes can be done at most once per 18 months - and this does not take into account the time needed by the different vendors to implement standard extensions, which may also take time.
[0042] A quick reaction to the above is to say that all functions must be standardized; otherwise, they cannot work between different vendors' equipment. But on closer inspection, this is actually not true. Consider the web browser environment, for instance, which provides (a) the ability to provide programs from server to client, (b) an environment in the browser where these programs can be executed, and (c) APIs to basic tools that the programs can use. A key observation is that even when the execution environment and APIs are simple, much more complex capabilities can be built on top of them. Further, those capabilities need not all be standardized, as standardization is only needed for the programming language format, execution environment, and the APIs. The high-level functions are something that only the piece of program running in the browser and the server need to agree on. Since the server is run by one organization and provides the program for the browser, this is easy.
[0043] The following is an illustrative example of how this kind of architecture can have an impact. Some years ago, there was a big effort to specify the interfaces between all components in an Internet Protocol (IP) -based Multimedia call System (IMS). This was done on top of a relatively simple IP, Session Initiation Protocol (SIP). That specification effort took a long time but it eventually completed. Today, IMS is in commercial use, but perhaps in smaller scale than initially hoped, and the IMS system as a whole is quite complicated. IMS is mostly used within operator networks, whereas most Internet-based multimedia calls are handled in a different way. One of the ways that Internet-based multimedia calls are handled today is called WebRTC. In WebRTC, calls are made from browsers, with the help of JavaScript programs running in the browser. What has been standardized for WebRTC are the APIs that these programs use, and the transmission of media from one user to another. But compared to the IMS model, there's far less specification of how the network and services work. There is no need, as most functions can be left to the server to implement in a way that it finds appropriate.
[0044] Thus, there is a need for a way of making future 3GPP core networks, which are standardized, more flexible than conventional core networks.
[0045] Another issue is that, in the roaming scenario, there is a fundamental limit in what functions can be provided by the home network when the UE is in a visited network. For instance, providing a QoS setting, making a change in routing, or providing a local service are all things that cannot be usefully done by the home network because the home network is either not seeing the packets or, by the time the home network sees the packets, it is too late to provide the function (e.g., QoS). As such, an ability to perform functions near the user, in the visited network, is essential. This can be done through a standardized protocol interface but, as noted above, it is not a particularly flexible way of doing it. [0046] Systems and methods disclosed herein enable home network functions (e.g., LTE HSS or 5G AUSF) to transmit programs back to the visited network, e.g., as part of the AAA exchange associated with, for instance, subscriber authentication. These programs are then run in an environment that provides both access back to the home network in a manner that the program chooses (e.g., Hypertext Transfer Protocol (HTTP)) and control of local resources and functions associated with the user in question via APIs.
[0047] Given this basic capability, operators can then implement various functions on top, such as:
· real-time billing facilities in the way that they choose
• control of local resources, QoS, radio parameters, and functions (e.g., mobility, parental filtering, etc.)
• termination of the user's session upon a given condition
• communication with the user's device
These are obviously just examples; the functions that could be built are not limited by this list.
[0048] As long as the APIs in the visited network are simple but powerful, operators can implement an essentially unlimited set of high-level functions on top, without needing AAA protocol interface standardization or coordination with the visited network operator. The APIs that are needed for this need to be standardized, but are much simpler than the high-level functions. That is, they should provide basic capabilities such as managing sessions or affecting routing for some data flows, but still be sufficiently powerful to build high-level functions on.
[0049] This will result in a faster evolution of the cellular network services and reduce the overall need for coordination. While coordination on many things is good, binding service development and innovation within the cellular network to only progress at the pace of standards is quite limiting. The slower pace of cellular network development may also lead to a better position by competitors attempting to use other technologies.
[0050] The solution includes three components: Ability to pass programs from a home network to a visited network. This could be, for instance, JavaScript or other suitable language, passed as part of a traditional AAA exchange in an attribute, or as part of a Representational State Transfer (REST) -based API between home and visited networks. As an example, a JavaScript program could be passed merely as a fragment of code that is allowed to load additional modules, or a single reference to a program file that exists at a given Uniform Resource Locator (URL).
Ability to execute those programs in the visited network. There also needs to be a "sandbox" where the programs are allowed to do specific things and only those specific things. For instance, the program may only need communication with the home network, communication with the UE, and use of the API functions only for the user and session that prompted the running of the program. In some embodiments, the programs are executed in an environment similar to NodeJS, but with some restrictions on what the programs are allowed to do or how much processing capacity can be used, and some new capabilities as well (see item 3 below).
Suitable APIs for basic functions that would enable control of the session and the user's traffic. For instance, the following set of API functions may be provided:
o Communication with the home network. For instance, the
sandbox environment could allow sessions established to addresses specified in the visited-home network
communication. In the NodeJS environment, programs could be allowed to use the HTTP module, for instance, to establish these communications.
o Communication with the user's device associated with the
session. For instance, the program could be provided the device's IP address, or a communication channel could be opened up on top of or as in-band in the existing radio interface protocols. In IP version 6 (IPv6), one would communicate the address prefix and the default interface Identifier (ID)
communicated to the device, as specified in Request for Comments (RFC) 3316). Again, the execution environment could provide an API to a communications service such as NodeJS's HTTP module to the program,
o Control of resources allocated for the session or the device. For instance, the program could set various QoS parameters for the session. The program could also set what treatment is needed for the packets belonging to the session, e.g., it could control whether mobility is needed to preserve IP addresses and Transmission Control Protocol (TCP) sessions as the device moves.
o Detailed treatment of packets or flows within the radio network (RAN and eNBs). For instance, a central conflict between the Internet's use of more encryption and operator networks has been that, without understanding what is inside the packets, prioritization of traffic is difficult. If the home network is the content provider, or has a contract with the content provider, then providing traffic prioritization code to run in the visited network is one way of easing some of these issues.
o Control of the session. The program can run during the entire length of the session and could, for instance, issue a command to terminate the session should that be needed for some reason. Only the session associated with the program can be terminated in this manner, not other sessions in the same network.
With these capabilities, more complex functions could be built, e.g., combining user interfaces in the terminal, programs running at the visited network, and databases at the home network. [0051 ] In this regard, Figure 2 illustrates one example system 10 in which embodiments of the present disclosure may be implemented. As illustrated, the system 10 includes a client device 12 (e.g., a UE), an access server 14 (e.g., a 5G AMF), and an authentication server 16 (e.g., a 5G AUSF). In one
embodiment, the access server 14 is in a visited network of the client device 12 and the authentication server 16 is in a home network of the client device 12, where the visited network may include other network nodes/functions in addition to the access server 14 and the home network may include other network nodes/functions in addition to the authentication server 16.
[0052] The operation of the system 10 of Figure 2 is illustrated in Figure 3. As illustrated, the authentication server 16 provides computer program code (e.g., JavaScript code in the illustrated example) to the access server 14, e.g., during an AAA exchange (step 100). As discussed above, the authentication server 16 may provide the computer program code to the access server 14 in any suitable manner. For example, in some embodiments, the authentication server 16 provides the full computer program code to the access server 14. In some other embodiments, the authentication server 16 provides a computer program fragment to the access server 14, where the computer program fragment is executed by the access server 14 to obtain the full computer program code (e.g., one or more additional modules) from a remote source (e.g., the authentication server 16). In some other embodiments, the authentication server 16 provides a reference or link (e.g., a URL) to the computer program code that is used by the access server 14 to obtain the full computer program code from a remote source. Further, at least in some embodiments, the computer program code is user- specific (i.e., specific for the particular user or client device 12). For instance, for one user, a program may be sent to monitor whether the user's prepaid account runs to zero. For another user, a program changing the way that the user's packets are routed is run, e.g., to insert a parental control filter. Thus, the computer program code is, at least in some embodiments, for providing one or more functions for (i.e., related to) a particular user or client device 12. [0053] The access server 14 loads the computer program code, e.g., into a sandbox (i.e., into a protected computing environment such as, e.g., a NodeJS in the case of the use of JavaScript) and executes the computer program code to thereby provide one or more functions (steps 102 and 104). Note that interfaces (e.g., APIs) are utilized to enable the computer program code to access resources of the access server 14 and to communicate with the authentication server 16, as described above. The interfaces may include one or more internal APIs of the access server 14, one or more interfaces of the visited network used to communicate with the home network (e.g., used to communicate with the authentication server 16 in the home network), and/or one or more interfaces of the access server 14 and/or the visited network that control functionality in the client device 12. The one or more functions can be any desired functions such as, e.g., one or more functions that would normally be performed by the authentication server (e.g., by the 5G AUSF or LTE HSS). Some non-limiting examples include real-time billing functions (e.g., counting an amount of data traffic sent or received by the client device 12, and tracking a currently remaining pre-paid amount of data for the client device 12), control of local resources at the access server 14, control of a QoS of a communication session of the client device 12, control of one or more radio parameters for a radio communication link (e.g., a radio bearer) between the client device 12 and an associated radio access network (e.g., a 5G radio access network), control of one or more mobility functions, parental filtering, termination of the communication session of the user of the client device 12 upon the occurrence of a given condition, communication with the client device 12, and/or the like.
[0054] In the discussion above, at least in some embodiments, the computer program code is user-specific. In other words, the computer program code is for performing one or more functions for a particular client device 12. However, in some other embodiments, the computer program code is user group specific. In other words, the computer program code is for performing one or more functions for a particular group of client devices 12. The group of client devices 12 may be identified by a group identifier (e.g., an Evolved Packet System (EPS) Encrypted Mobile Subscriber Identity (EMSI)), identified by a Data Network Name (DNN) or the like for a data network to which the group of client devices 12 communicates, or the like. In this regard, in step 100 of Figure 3, the access server 14 obtains the computer program code, a fragment of the computer program code, or a reference to the computer program code for performing one or more functions for a particular group of client devices 12. Note that this may be performed once for the group or performed separately for each client device 12 in the group. For instance, a reference to the computer program code may be obtained in step 100. If the access server 14 has already downloaded the respective computer program code, e.g., for another client device 12 in the group, the access server 14 may not download the computer program code again. Once the computer program code is obtained and loaded, the computer program code is executed. The access server 14 may execute a separate instance of the computer code for each client device 12 in the group, e.g. in the case that the function(s) are user, or device, specific or may execute a single instance of the computer code for the group, e.g. in the case that the function(s) are group specific.
[0055] While the discussion above focuses on embodiments in which the authentication server 16 (e.g., 5G AUSF) provides the computer program code to the access server 14 (e.g., 5G AMF), the present disclosure is not limited thereto. In general, the systems and methods disclosed herein can be extended to provide computer program code from a first network entity (e.g., a first core network entity), e.g. in a home network of a client device 12 or a group of client devices 12 to a second network entity (e.g., a second core network entity), e.g. in a visited network of the client device 12 or the group of client devices 12, where the second network entity executes the computer program code to provide one or more functions for (i.e., in relation to) that client device 12 or group of client devices 12. In general, the function(s) may be any function(s) that would normally be performed in the home network for the client device 12 or the group of client devices 12 if the client device 12 or the group of client devices 12 was/were in the home network rather than the visited network. For example, the function(s) may be any policy or charging functions (e.g., billing, etc.), control plane functions (e.g., mobility related functions, etc.), and/or data plane functions (e.g., QoS, termination, packet filtering, parental controls, etc.).
[0056] In this regard, Figure 4 is a block diagram that is reproduced from 3GPP Technical Specification (TS) 23.501 v15.1 .0 that illustrates the 5G roaming architecture. In the embodiments described above, the AUSF in the home network (i.e., the Home Public Land Mobile Network (HPLMN)) provides the computer program code (or the fragment or a reference to the computer program code) to the AMF over the N12 interface. However, the embodiments described herein can be extended to any of the interfaces (e.g., the N31 interface, the N24 interface, the N8 interface, the N16 interface, and/or the N9 interface) between the HPLMN and the Visited Public Land Mobile Network (VPLMN), e.g., to thereby provide computer program code to be executed by the respective network function in the VPLMN, e.g., in order to perform one or more functions that would normally be performed by the respective network function in the HPLMN.
[0057] Figure 5 is a schematic block diagram of a network node 18 (e.g., the access server 14 or the authentication server 16) according to some
embodiments of the present disclosure. In this example, the network node 18 is a physical network node that implements a core network entity such as the access server 14 (e.g., 5G AMF) or the authentication server 16 (e.g., 5G AUSF). As illustrated, the network node 18 includes one or more processors 20 (e.g., Central Processing Units (CPUs), Application Specific Integrated Circuits
(ASICs), Digital Signal Processors (DSPs), Field Programmable Gate Arrays (FPGAs), and/or the like), memory 22, and a network interface(s) 24. In some embodiments, the functionality of the network node 18 (specifically the
functionality of the access server 14 or the authentication server 16) described above may be fully or partially implemented in software that is, e.g., stored in the memory 22 and executed by the processor(s) 20.
[0058] Figure 6 is a schematic block diagram that illustrates a virtualized embodiment of the network node 18 (e.g., the access server 14 or the
authentication server 16) according to some embodiments of the present disclosure. As used herein, a "virtualized" network node 18 is a network node 18 in which at least a portion of the functionality of the network node 18 is implemented as a virtual component (e.g., via a virtual machine(s) executing on a physical processing node(s) in a network(s)). As illustrated, the network node 18 includes one or more processing nodes 26 coupled to or included as part of a network(s) 28. Each processing node 26 includes one or more processors 30 (e.g., CPUs, ASICs, DSPs, FPGAs, and/or the like), memory 32, and a network interface 34.
[0059] In this example, functions 36 of the network node 18 (e.g., the functions of the access server 14 or the functions of the authentication server 16) described herein are implemented at the one or more processing nodes 26 (e.g., distributed across multiple processing nodes 26) in any desired manner. In some particular embodiments, some or all of the functions 36 of the network node 18 described herein are implemented as virtual components executed by one or more virtual machines implemented in a virtual environment(s) hosted by the processing node(s) 26.
[0060] In some embodiments, a computer program including instructions which, when executed by the at least one processor 20, 30 causes the at least one processor 20, 30 to carry out the functionality of the network node 18 or a processing node 26 according to any of the embodiments described herein is provided. In some embodiments, a carrier containing the aforementioned computer program product is provided. The carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 22, 32).
[0061 ] Figure 7 is a schematic block diagram of the network node 18 (e.g., the access server 14 or the authentication server 16) according to some other embodiments of the present disclosure. The network node 18 includes one or more modules 38, each of which is implemented in software. The module(s) 38 provide the functionality of the network node 18 described herein (e.g., the functionality of the access server 14 or the authentication server 16 as described herein, e.g., with respect to Figures 2, 3, and 4). [0062] While not being limited thereto, some example embodiments of the present disclosure are provided below.
[0063] Embodiment 1 : A method of operation of a network node (16, 18), comprising: providing (100), to an access server (14), a computer program code; a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code, the computer program code to be loaded and executed by the access server (14) to provide one or more functions.
[0064] Embodiment 2: The method of embodiment 1 wherein the computer program code uses interfaces within the network in which the access server (14) resides to provide at least one of the one or more functions.
[0065] Embodiment 3: The method of embodiment 2 wherein the interfaces comprise one or more internal APIs in the access server (14).
[0066] Embodiment 4: The method of embodiment 2 wherein the interfaces comprise one or more interfaces in the visited network.
[0067] Embodiment 5: The method of embodiment 2 wherein the interfaces comprise one or more interfaces either in the access server (14) or the visited network that control functionality in a client device (12).
[0068] Embodiment 6: The method of any one of embodiments 1 to 5 wherein the access server (14) is an access server in a core network of a cellular communications system.
[0069] Embodiment 7: The method of any one of embodiments 1 to 5 wherein the access server (14) is an AMF in a 5G core network.
[0070] Embodiment 8: The method of embodiment 6 or 7 wherein the access server (14) is in a visited network of an associated client device (12).
[0071 ] Embodiment 9: The method of embodiment 8 wherein the network node (16, 18) is a network node (18) in which an authentication server (16) is implemented, the authentication server (16) being in a home network of the associated client device (12).
[0072] Embodiment 10: The method of embodiment 9 wherein the
authentication server (16) is a 5G AUSF. [0073] Embodiment 1 1 : The method of embodiment 9 or 10 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server (e.g., conventionally performed by a LTE HSS).
[0074] Embodiment 12: The method of any one of embodiments 1 to 1 1 wherein the computer program code is user or client device specific.
[0075] Embodiment 13: The method of embodiment 12 wherein the one or more functions comprise one or more functions performed in association with a communication session of a respective user or client device (12).
[0076] Embodiment 14: A network node (16, 18) adapted to perform the method of any one of embodiments 1 to 13.
[0077] Embodiment 15: A network node (16, 18) comprising: a network interface (24); one or more processors (20); and memory (22) comprising instructions executable by the one or more processors (20) whereby the network node (16, 18) is operable to perform the method of any one of embodiments 1 to 9.
[0078] Embodiment 16: A network node (16, 18) comprising: one or more modules (38) operable to perform the method of any one of embodiments 1 to 13.
[0079] Embodiment 17: A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of embodiments 1 to 13.
[0080] Embodiment 18: A carrier containing the computer program of embodiment 17, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
[0081 ] Embodiment 19: A method of operation of a network node (14, 18), comprising: receiving (100), from another network node (16, 18), a computer program code, a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code; loading (102) the computer program code; and executing (104) the computer program code to thereby provide one or more functions. [0082] Embodiment 20: The method of embodiment 19 wherein the computer program code uses interfaces within the network in which the network node (14, 18) resides to provide at least one of the one or more functions.
[0083] Embodiment 21 : The method of embodiment 20 wherein the interfaces comprise one or more internal APIs in the network node (14, 18).
[0084] Embodiment 22: The method of embodiment 20 wherein the interfaces comprise one or more interfaces in the visited network.
[0085] Embodiment 23: The method of embodiment 20 wherein the interfaces comprise one or more interfaces either in the network node (14, 18) or the visited network that control functionality in a client device (12).
[0086] Embodiment 24: The method of any one of embodiments 19 to 23 wherein the network node (14, 18) is a network node (18) implementing an access server (14) in a core network of a cellular communications system.
[0087] Embodiment 25: The method of embodiment 24 wherein the access server (14) is an AMF in a 5G core network.
[0088] Embodiment 26: The method of embodiment 24 or 25 wherein the access server (14) is in a visited network of an associated client device (12).
[0089] Embodiment 27: The method of embodiment 26 wherein the other network node (16, 18) is a network node (18) in which an authentication server (16) is implemented, the authentication server (16) being in a home network of the associated client device (12).
[0090] Embodiment 28: The method of embodiment 27 wherein the authentication server (16) is a 5G AUSF.
[0091 ] Embodiment 29: The method of embodiment 27 or 28 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server (e.g., conventionally performed by a LTE HSS).
[0092] Embodiment 30: The method of any one of embodiments 19 to 29 wherein the computer program code is user or client device specific.
[0093] Embodiment 31 : The method of embodiment 30 wherein the one or more functions comprise one or more functions performed in association with a communication session of a respective user or client device (12). [0094] Embodiment 32: A network node (14, 18) adapted to perform the method of any one of embodiments 19 to 31 .
[0095] Embodiment 33: A network node (14, 18) comprising: a network interface (24); one or more processors (20); and memory (22) comprising instructions executable by the one or more processors (20) whereby the network node (14, 18) is operable to perform the method of any one of embodiments 19 to 31 .
[0096] Embodiment 34: A network node (14, 18) comprising: one or more modules (38) operable to perform the method of any one of embodiments 19 to 31 .
[0097] Embodiment 35: A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of embodiments 19 to 31.
[0098] Embodiment 36: A carrier containing the computer program of embodiment 35, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
[0099] The following acronyms are used throughout this disclosure.
• 3GPP Third Generation Partnership Project
• 5G Fifth Generation
• AAA Authentication, Authorization, and Accounting
• AMF Access and Mobility Management Function
• API Application Programming Interface
• ASIC Application Specific Integrated Circuit
• AUSF Authentication Server Function
• CPU Central Processing Unit
• DNN Data Network Name
• DSP Digital Signal Processor
• EMSI Encrypted Mobile Subscriber Identity
• eNB Enhanced or Evolved Node B
• EPS Evolved Packet System
• FPGA Field Programmable Gate Array • gNB New Radio Base Station
• HPLMN Home Public Land Mobile Network
• HSS Home Subscriber Server
• HTTP Hypertext Transfer Protocol
• ID Identifier
• IMS Internet Protocol based Multimedia call System
• IP Internet Protocol
• IPv6 Internet Protocol version 6
• LTE Long Term Evolution
• MME Mobility Management Entity
• MTC Machine Type Communication
• NF Network Function
• NR New Radio
• PCF Policy Control Function
• P-GW Packet Data Network Gateway
• QoS Quality of Service
• RAN Radio Access Network
• REST Representational State Transfer
• RFC Request for Comments
• SBA Service-Based Architecture
• SIP Session Initiation Protocol
• SMF Session Management Function
• TCP Transmission Control Protocol
• TS Technical Specification
• UE User Equipment
• URL Uniform Resource Locator
• VPLMN Visited Public Land Mobile Network
[0100] Those skilled in the art will recognize improvements and modifications to the embodiments of the present disclosure. All such improvements and modifications are considered within the scope of the concepts disclosed herein.

Claims

Claims What is claimed is:
1 . A method of operation of a first network entity (16, 18) in a wireless system (10), comprising:
providing (100), to a second network entity (14), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12); a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
2. The method of claim 1 wherein the computer program code is for providing the one or more functions for the particular client device (12).
3. The method of claim 2 wherein:
the wireless system (10) is a cellular communications system;
the particular client device (12) is a particular wireless device (12);
the first network entity (16, 18) is a first core network entity (16, 18) in a home network of the particular wireless device (12) within the cellular
communications system; and
the second network entity (14) is a second core network entity (14) in a visited network of the particular wireless device (12) within the cellular
communications system.
4. The method of claim 1 wherein the computer program code is for providing the one or more functions for the particular group of client devices (12).
5. The method of claim 4 wherein the particular group of client devices (12) is identified by a group identity.
6. The method of claim 4 wherein the particular group of client devices (12) is a group of client devices (12) having packet data sessions with a particular data network.
7. The method of any one of claims 4 to 6 wherein:
the wireless system (10) is a cellular communications system;
the particular group of client devices (12) is a particular group of wireless devices (12) served by the cellular communications system;
the first network entity (16, 18) is a first core network entity (16, 18) in a home network of the particular group of wireless devices (12) within the cellular communications system; and
the second network entity (14) is a second core network entity (14) in a visited network of the particular group of wireless devices (12) within the cellular communications system.
8. The method of claim 3 or 7 wherein the computer program code uses one or more internal Application Programming Interfaces, APIs, in the second network entity (14).
9. The method of any one of claims 3, 7, or 8 wherein the computer program code uses one or more interfaces between a visited network and the home network.
10. The method of any one of claims 3 or 7 - 9 wherein the computer program code uses one or more interfaces either in the second network entity (14) or the visited network that control functionality in the particular wireless device (12) or the particular group of wireless devices (12).
1 1 . The method of any one of claims 3 or 7 - 10 wherein the second network entity (14) is an access server (14) in a core network of the visited network within the cellular communications system.
12. The method of any one of claims 3 or 7 - 10 wherein the second network entity (14) is an Access and Mobility Management Function, AMF, in a Fifth Generation, 5G, core network of the visited network within the cellular
communications system.
13. The method of any one of claims 3 or 7- 12 wherein the first network entity (16, 18) is an authentication server (16).
14. The method of claim 13 wherein the authentication server (16) is a 5G Authentication Server Function, AUSF.
15. The method of claim 13 or 14 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server.
16. The method of claim 13 or 14 wherein the one or more functions comprise one or more functions conventionally performed by a Home Subscriber Server, HSS, in a Long Term Evolution, LTE, network.
17. The method of claim 13 or 14 wherein the one or more functions comprise:
one or more functions related to real-time billing;
one or more functions related to: control of local resources; Quality of Service, QoS; radio parameters; mobility; and/or parental filtering;
one or more functions related to termination of a communication session of the particular wireless device (12) or termination of communication sessions of the particular group of wireless devices (12); and/or
one or more functions related to communication with the particular wireless device (12) or the particular group of wireless devices (12).
18. The method of any one claims 3 or 7 - 14 wherein the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device (12).
19. The method of claim 18 wherein the one or more functions normally performed in the home network of the particular wireless device (12) comprise: one or more functions related to real-time billing;
one or more control plane functions; and/or
one or more data plane functions.
20. The method of claim 18 wherein the one or more functions related to realtime billing comprise counting an amount of data traffic sent or received by the client device, and tracking a currently remaining pre-paid amount of data for the client device.
21 . The method of any one of claims 1 to 20 wherein the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device (12) or in association with communication sessions of the particular group of wireless devices (12).
22. A first network entity (16, 18) for a wireless system (10), the first network entity (16, 18) adapted to:
provide, to a second network entity (14), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12); a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
23. The first network entity (16, 18) of claim 22 wherein the first network entity (16, 18) is further adapted to perform the method of any one of claims 2 to 21 .
24. A first network entity (16, 18) for a wireless system (10), the first network entity (16, 18) comprising:
a network interface (24);
one or more processors (20); and
memory (22) comprising instructions executable by the one or more processors (20) whereby the first network entity (16, 18) is operable to:
provide, to a second network entity (14), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12); a computer program code fragment that, when executed, obtains the computer program code; or a reference to the computer program code.
25. The first network entity (16, 18) of claim 24 wherein, via execution of the instructions by the one or more processors (20), the first network entity (16, 18) is further operable to perform the method of any one of claims 2 to 21 .
26. A method of operation of a second network entity (14, 18) in a wireless system (10), comprising:
receiving (100), from a first network entity (16, 18), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12), a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code;
loading (102) the computer program code; and
executing (104) the computer program code to thereby provide the one or more functions for the particular client device (12) or the particular group of client devices (12).
27. The method of claim 26 wherein the computer program code is for providing the one or more functions for the particular client device (12).
28. The method of claim 27 wherein:
the wireless system (10) is a cellular communications system;
the particular client device (1 2) is a particular wireless device (12);
the first network entity (1 6, 18) is a first core network entity (16, 18) in a home network of the particular wireless device (12) within the cellular
communications system; and
the second network entity (14, 1 8) is a second core network entity (14) in a visited network of the particular wireless device (12) within the cellular communications system.
29. The method of claim 28 wherein the computer program code is for providing the one or more functions for the particular group of client devices (12).
30. The method of claim 29 wherein the particular group of client devices (12) is identified by a group identity.
31 . The method of claim 29 wherein the particular group of client devices (12) is a group of client devices (1 2) having packet data sessions with a particular data network.
32. The method of any one of claims 29 to 31 wherein:
the wireless system (10) is a cellular communications system;
the particular group of client devices (12) is a particular group of wireless devices (12) served by the cellular communications system;
the first network entity (1 6, 18) is a first core network entity (16, 18) in a home network of the particular group of wireless devices (12) within the cellular communications system; and
the second network entity (14, 1 8) is a second core network entity (14) in a visited network of the particular group of wireless devices (12) within the cellular communications system.
33. The method of claim 28 or 32 wherein the computer program code uses one or more internal Application Programming Interfaces, APIs, in the second network entity (14).
34. The method of claim 28, 32, or 33 wherein the computer program code uses one or more interfaces between the visited network and the home network.
35. The method of claim 28 or 32 - 34 wherein the computer program code uses one or more interfaces either in the second network entity (14) or the visited network that control functionality in the particular wireless device (12) or the particular group of wireless devices (12).
36. The method of any one of claim 28 or 32 - 35 wherein the second network entity (14) is an access server (14) in a core network of the visited network within the cellular communications system.
37. The method of any one of claim 28 or 32 - 35 wherein the second network entity (14) is an Access and Mobility Management Function, AMF, in a Fifth Generation, 5G, core network of the visited network within the cellular communications system.
38. The method of any one of claim 28 or 32 - 37 wherein the first network entity (16, 18) is an authentication server (16).
39. The method of claim 38 wherein the authentication server (16) is a 5G Authentication Server Function, AUSF.
40. The method of claim 38 or 39 wherein the one or more functions comprise one or more functions conventionally performed by an authentication server.
41 . The method of claim 38 or 39 wherein the one or more functions comprise one or more functions conventionally performed by a Home Subscriber Server, HSS, in a Long Term Evolution, LTE, network.
42. The method of claim 38 or 39 wherein the one or more functions comprise:
one or more functions related to real-time billing;
one or more functions related to: control of local resources; Quality of Service, QoS; radio parameters; mobility; and/or parental filtering;
one or more functions related to termination of a communication session of the particular wireless device (12) or termination of communication sessions of the particular group of wireless devices (12); and/or
one or more functions related to communication with the particular wireless device (12) or the particular group of wireless devices (12).
43. The method of any one claim 28 or 32 - 39 wherein the one or more functions comprise one or more functions normally performed in the home network of the particular wireless device (12).
44. The method of claim 43 wherein the one or more functions normally performed in the home network of the particular wireless device (12) comprise: one or more functions related to real-time billing;
one or more control plane functions; and/or
one or more data plane functions.
45. The method of any one of claims 26 to 44 wherein the one or more functions comprise one or more functions performed in association with a communication session of the particular wireless device (12) or in association with communication sessions of the particular group of wireless devices (12).
46. The method of any one of claims 26 to 45 wherein executing (104) the computer program code comprises executing (104) the computer program code in a controlled environment in which the computer program code has access to a limited set of application programming interfaces and/or interfaces.
47. A second network entity (14, 18) for a wireless system (10), the second network entity (14, 18) adapted to:
receive, from a first network entity (16, 18), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12), a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code;
load the computer program code; and
execute the computer program code to thereby provide the one or more functions for the particular client device (12) or the particular group of client devices (12).
48. The second network entity (14, 18) of claim 47 wherein the second network entity (14, 18) is further adapted to perform the method of any one of claims 27 to 45.
49. A second network entity (14, 18) for a wireless system (10), the second network entity (14, 18) comprising:
a network interface (24);
one or more processors (20); and
memory (22) comprising instructions executable by the one or more processors (20) whereby the second network entity (14, 18) is operable to:
receive, from a first network entity (16, 18), a computer program code for providing one or more functions for a particular client device (12) or a particular group of client devices (12), a computer program code fragment that, when executed, obtains the computer program code, or a reference to the computer program code;
load the computer program code; and
execute the computer program code to thereby provide the one or more functions for the particular client device (12) or the particular group of client devices (12).
50. The second network entity (14, 18) of claim 49 wherein, via execution of the instructions by the one or more processors (20), the second network entity (14, 18) is further operable to perform the method of any one of claims 27 to 45.
PCT/IB2018/055152 2017-07-14 2018-07-12 Systems and methods for providing computer program code between network entities in a wireless system and the execution thereof WO2019012470A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201762532811P 2017-07-14 2017-07-14
US62/532,811 2017-07-14

Publications (1)

Publication Number Publication Date
WO2019012470A1 true WO2019012470A1 (en) 2019-01-17

Family

ID=63312200

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/055152 WO2019012470A1 (en) 2017-07-14 2018-07-12 Systems and methods for providing computer program code between network entities in a wireless system and the execution thereof

Country Status (1)

Country Link
WO (1) WO2019012470A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6975852B1 (en) * 1999-03-17 2005-12-13 Starhome Gmbh System and method for roaming for prepaid mobile telephone service
US20160337206A1 (en) * 2014-04-03 2016-11-17 Centurylink Intellectual Property Llc System and Method for Implementing Customer Control Point or Customer Portal
GB2542573A (en) * 2015-09-22 2017-03-29 Vodafone Ip Licensing Ltd Network roaming
WO2017144096A1 (en) * 2016-02-25 2017-08-31 Telefonaktiebolaget Lm Ericsson (Publ) Enabling roaming to a visiting communication network of a wireless terminal belonging to a home communication network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6975852B1 (en) * 1999-03-17 2005-12-13 Starhome Gmbh System and method for roaming for prepaid mobile telephone service
US20160337206A1 (en) * 2014-04-03 2016-11-17 Centurylink Intellectual Property Llc System and Method for Implementing Customer Control Point or Customer Portal
GB2542573A (en) * 2015-09-22 2017-03-29 Vodafone Ip Licensing Ltd Network roaming
WO2017144096A1 (en) * 2016-02-25 2017-08-31 Telefonaktiebolaget Lm Ericsson (Publ) Enabling roaming to a visiting communication network of a wireless terminal belonging to a home communication network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Web Real Time Communication (WebRTC) access to IP Multimedia Subsystem (IMS); Stage 2 (Release 12)", 19 December 2013 (2013-12-19), XP050764432, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG2_Arch/Latest_SA2_Specs/Rel-12/> [retrieved on 20131219] *

Similar Documents

Publication Publication Date Title
US11412418B2 (en) Third party charging in a wireless network
US11690005B2 (en) Network slice for visited network
US9479443B2 (en) System and method for transporting information to services in a network environment
US9379931B2 (en) System and method for transporting information to services in a network environment
CN112913212A (en) Control of user plane functions with control plane-user plane separation
US20220095111A1 (en) Flexible authorization in 5g service based core network
KR20150113151A (en) Customizable mobile broadband network system, and method for customizing mobile broadband network
EP3833150A1 (en) User plane security policy implementation method, apparatus, and system
US10341126B2 (en) System and method to facilitate flow identification in a network environment
CN109196893B (en) Network connection configuration method and device
US11240199B2 (en) Service provision in scenarios with network address translation
US20220110023A1 (en) Method, Apparatus, and System for Managing Background Data Transfer Policy
CN111436057B (en) Session management method and device
CN108701278B (en) Method for providing a service to a user equipment connected to a first operator network via a second operator network
KR102509333B1 (en) Method and Apparatus for Session Management
EP3703420B1 (en) Session context processing method, network elements, and terminal device
CN111092842B (en) Information processing method, server, network element and storage medium
US20240089844A1 (en) Providing slice attribute information to user equipment in a mobile network environment
CN109787799B (en) Quality of service (QoS) control method and equipment
WO2019012470A1 (en) Systems and methods for providing computer program code between network entities in a wireless system and the execution thereof
CN116097751A (en) Re-anchoring with SMF reselection
CN114271007A (en) Coordination between wired policy controller and wireless policy controller
WO2024078313A1 (en) Authentication and authorization method and communication apparatus
WO2023160390A1 (en) Communication method and apparatus
WO2024099139A1 (en) Calling method and apparatus, first core network device, and third core network device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18758960

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18758960

Country of ref document: EP

Kind code of ref document: A1