A. Field of the Invention
Systems and methods consistent with principles of the invention relate generally to wireless communication, and more particular, to GPRS data transmitted wirelessly.
B. Description of Related Art
A General Packet Radio Service (GPRS) network provides mobile computing and telephony users with packet-switched connections to data networks. A subscriber with a mobile station may connect to other mobile stations or packet data networks to send and receive information. Conventionally, the information sent over the GPRS network is broken up into packets. A packet includes a header and a payload. The header may include instructions and information, such as error checking information, and source and destination addresses. The payload includes data that is to be delivered to the destination.
FIG. 1 illustrates a conventional GPRS network 100 used to connect one or more mobile stations 115a-115e (“mobile stations 115”) to a packet data network, such as the Internet 173. One of mobile stations 115 may connect to a Serving GPRS Support Node (SGSN) 123, typically through a base station subsystem (not shown). A conventional base station subsystem is used to authenticate and track the mobile stations and manage connections. A public land mobile network (PLMN) may have multiple mobile stations and multiple SGSNs within its network. Packets may be transferred transparently between the mobile station and the Internet through GPRS network tunnels using a GPRS Tunneling Protocol (“GTP”) (i.e., GTP tunnels). A GTP tunnel is dynamically created between supporting nodes (e.g., SGSN and GGSN (Gateway GPRS Support Node)) in the GPRS network. As shown in FIG. 1, one or more GTP tunnels 135 may be used to provide connection paths between a SGSN 123 and GGSN 152. Typically, one GTP tunnel 135 is created per GPRS user at any time. GTP tunnels 135 are typically identified by an associated GPRS user's IP address and each provides a given active GPRS user a path for communicating with zero to many hosts (i.e., servers) on the packet data network (e.g., Internet 173). Encapsulation adds additional address and control information to packets received at the entrance to a GTP tunnel, allowing the packets to be routed from the GTP tunnel start point to the GTP tunnel endpoint without intermediary systems having to inspect the data contained in the pre-encapsulated packet. The encapsulated packet may be decapsulated once the packet reaches the GTP tunnel endpoint system (e.g., GGSN 152). In a conventional GPRS system, packets received from a mobile station at an SGSN 123 are encapsulated and pass through GTP 135 tunnel to GGSN 152. Any number of routing/network components (not shown) may be interposed between the SGSNs and the GGSN.
A generic network firewall is a device that separates yet bridges networks. Network firewalls filter network traffic, forwarding legitimate traffic while otherwise processing suspect traffic (e.g., dropping suspect traffic). A GTP firewall is a generic network firewall that supports the GTP protocol. In the GPRS network, one or more GTP firewalls may be provided at the Gn or Gp interface in the network. For example in FIG. 1, between SGSN 123 and GGSN 152 is a Gn interface. A GTP firewall 141 at the Gn interface may be used to filter packets that are sent to, and received by, SGSN 123. GTP firewall 141 may be used to ensure that the base station subsystems and other system components beyond the SGSN are not vulnerable in the event of compromise of GGSN 152. GTP firewall 141 may inspect packets sent through the interface and apply policies to support the security of SGSN 123. GTP firewall 141 may be configured to inspect tunnel traffic. Further, because of its position between the SGSN and GGSN, GTP firewall 141 has visibility to the creation and tear down of GTP tunnels.
GGSN 152 sends packets to and receives packets from the packet data network through an interface (Gi), on which a Gi firewall 161 may be supported. Gi firewall 161 may filter packets sent to/from Internet 173 before allowing the packets to continue on to GGSN 152. Gi firewall 161 therefore may provide some protection for GGSN 152 against unsolicited traffic and attacks.
As noted above, mobile stations 115 may access information from Internet 173 in addition to contacting other mobile stations. To receive packets from an Internet site, each of mobile station 115 typically needs an IP address to inform the sender where to route the packets. Not all mobile stations within a PLMN access Internet 173 at one time, allowing for each PLMN to use a small pool of IP addresses, often fewer IP addresses than mobile stations in the network. Individual mobile stations may be dynamically assigned PLMN IP addresses as necessary to support requested communications. After communications are complete, the assigned IP addresses may be reused by other subscribers (e.g., other mobile stations). When a subscriber wishes to access Internet 173, the subscriber uses one of mobile stations 115 to contact SGSN 123 and is assigned one of the IP addresses from the pool. The assigned IP address is identified with the particular mobile station and used in the pre-encapsulated packet header for all packets associated with the given user. A GTP tunnel is created from an associated SGSN 123 to GGSN 152 to allow the communication of packets from the mobile station to the external network. Encapsulation of packets occurs and data may pass from/to the mobile stations to/from the external network (e.g., Internet 173). Once a mobile station ends its connection, a GTP tunnel disconnect event occurs. The IP address associated with the mobile station may be returned to the IP address pool where the address may be reassigned to another of mobile stations 115.
In conventional GPRS networks, GGSN 152 may track the GPRS usage or Internet 173 access for each of mobile stations 115. Typically the GPRS usage is tracked according to incoming and outgoing packet traffic rather than time spent on the network. The incoming and outgoing packets may be assigned to the IP address in the packet header that corresponds to one of mobile stations 115 using the IP address at the time of transmission.
In addition to tracking GPRS usage, some government agencies may require the ability to track the content of GPRS network data. Lawful interception of GPRS data may be used by government agencies to facilitate, for example, crime prevention activities.