It is often necessary to impose special communication policies on network communications passing to or from a particular communication device. For example, when a person acquires a new cellular telephone or other communication device, it may be necessary to initially establish a network service account for the device. To do so, the first time the device attempts network communication, network infrastructure may “hotline” or redirect the device to a provisioning server, which may then interact with the device and its user to establish a service account before allowing the device to engage in further network communication. A similar process may occur when a person attempts to connect with the Internet using a personal computer in a hotel room, where network infrastructure may redirect the user to a local payment collection site before allowing the user to access the Internet.
As another example, when a prepaid or “account balance” subscriber engages in network communication, it may be necessary to route communications by the subscriber through a prepaid accounting platform, to facilitate appropriately decrementing the subscriber's account balance. To do so, when the device attempts network communication, network infrastructure may route the communication to an account balance server, and the server may then route the communication to its destination and begin decrementing the subscriber's account balance. When the communication ends, the server may then stop decrementing the subscriber's account balance.
As still another example, it may be necessary to impose various access control rules on communications to or from a communication device. For instance, to prevent a person from accessing particular network content, blacklist data may specify network addresses that the person's communication device is not permitted to access, or whitelist data may specify the only network addresses that the person's communication device is permitted to access. When the device attempts network communication, network infrastructure may then determine based on the access control rules whether to allow or block the communication, and perhaps whether to hotline the device to another network address.
As yet another example, it may be necessary to report communications by a communication device or to trigger other communication in response to communication by a particular device or person. For instance, when a person's communication device attempts network communication, network infrastructure may be set to detect the communication and to responsively transmit a message to another person or entity, to notify another person or entity of the attempted communication, to seek authorization for the attempted communication, to track the communication for billing or other purposes, or to engage in some other designated communication.
And as yet a further example, it may be necessary to modify communications in various ways (beyond changing destination addresses) during transit. For instance, as a request for content is being conveyed from a client device to a content server, it may be necessary to add user or network information to the request, so that the content server will receive the user or network information together with the request. Similarly, as content is being conveyed from a content server to a client device, it may be necessary to modify the content in some manner, such as to add pricing information in conjunction with links to content for instance. Numerous other examples of special communication policies exist as well or will be developed in the future.
One way to impose special communication policies with respect to communications to or from a communication device is to run specialized program logic at a network access gateway through which such communications pass. In particular, the access gateway may include or have access to a profile data that indicates policies to apply for various communication devices. When the gateway receives a communication to or from a particular communication device, the gateway may then reference the profile data to determine the applicable communication policy (i.e., one or more policies) and may then impose that policy. For instance, the gateway may determine that the device is not yet provisioned for service (e.g., no profile exists yet) and therefore that the device should be hotlined to a provisioning server.
Alternatively, the network access gateway could be dynamically provisioned with policy logic for a particular communication device when the device attempts network connection with the gateway. For instance, when the device first attempts to establish a network connection (e.g., data link layer connection) with the gateway, the device may provide the gateway with a device ID such as a Media Access Control (MAC) ID or the like. The gateway may then transmit an “Access Request” message (typically according to the Remote Authentication Dial-In User Service (RADIUS) protocol) to an authentication, authorization, and accounting (AAA) server, seeking permission to grant the device access to the network. Upon receipt of the Access Request, the AAA server may then reference profile data to determine the applicable policy and may then transmit an Access Accept message to the gateway, specifying within the Access Accept message the applicable policy. The gateway may then apply the specified policy with respect to communications to or from the device. For instance, if the policy is to hotline the device, the gateway may hotline the device.
With the growing mobility of communication devices, however, it can be difficult or costly to program all network access gateways to carry out these functions. Consequently, an improvement is desired.