With the increase in availability and use of services, such as IP multimedia services, that has occurred since third generation telecommunications networks were introduced, user entities (UEs) often require the use of multiple simultaneous accesses to such networks. This involves the UE requesting multiple simultaneous IP-CAN sessions. However, the networks and/or services often require, or make use of, different access technologies.
The Third Generation Project Partnership (3GPP) is standardizing an Evolved Packet Core (EPC) concept that will converge different access network technologies into a common core network. As part of this EPC architecture UEs can be provided with multiple Packet Data Network (PDN) connectivity capabilities so that the UE can use multiple access networks simultaneously. In addition, EPC will provide IP flow mobility, meaning that a UE can move active flows from one access network to another.
The most prominent global mobility protocol in the EPC network will be the Common Management Information Protocol, CMIP (Dual Stack Mobile IPv6, DSMIPv6) protocol. This will be used for non-3GPP accesses over the reference point S2c. 3GPP is also standardizing an Access Network Discovery and Selection Function (ANDSF), used to provide a UE with information about the access technologies that the UE is allowed to use, or should be using for particular applications, and access priorities. These are referred to as Inter Mobility Policies or IP Flow Policies, which can be accessed by the ANDSF, and include a list of accesses that the UE can use, which accesses the UE should be using for specific applications, and in which priority order. For example the Inter Mobility Policies may specify that all video application traffic should first use a Long Term Evolution, LTE, access and if LTE is not available then WLAN but never 2G or 3G accesses. These Inter Mobility Policies are high level policies that dictate what accesses the UE should use for particular application flows. To use the Inter Mobility Policies, the UE needs to calculate filter rules from them and these filter rules are then installed into the network's Policy and Charging Control (PCC) architecture.
Current activities in 3GPP are ongoing to standardize the multi-PDN connectivity and IP flow mobility. As part of this activity, and as stated in 3GPP TS 23.261 (“IP flow mobility and seamless WLAN offload”), 3GPP will specify how filter rules, that are needed to route specific traffic flows via specified accesses, are installed into the EPC network by the UE. The UE will have the capability to send filter rules to its Home Agent (HA) that normally resides in the Packet Data Network Gateway (PDN-GW). These filter rules are either calculated by the UE from the Inter Mobility Policy set provided by the ANDSF, or by manual configuration. The HA will then forward these filter rules to the PCC architecture that will create an IP-CAN session based on the filter rule set.
According to the 3GPP Technical Specification, TS 23.261, the multi-PDN connectivity and IP flow mobility specified provides the UE with control as to what filter rules are installed for the UE in the core network at any given time. This means that, as currently specified, the UE is in charge of calculating the filter rules from the Inter Mobility Policies provided by the network operator, and the UE will send these rules inside CMIP signals to the network where they will be installed into the PCC architecture without any verification.
A problem with this arrangement is that because the UE has control over the filter rules, it can therefore control the behaviour of the core network by simply updating filter rules with CMIP signalling. Even though CMIP signalling is protected with the IPsec security protocol, there remains the possibility that attackers could set filter rules in the PCC architecture that consume resources from other users. Even bigger problems can arise with wrongly-configured and active UEs in the network. For example, a large number of poorly behaving UEs accessing the network could end up deteriorating the capabilities of the whole network by installing filter rules that are clearly wrong or totally contrary to the policies of the network operator. As the architecture is currently defined, no verification is required that the filter rules generated by the UE comply with the Inter Mobility Policies provided by the operator or the EPC network. There is no operator control over filter rules what so ever!
The present invention has been conceived with the foregoing in mind.