Today, more and more access-network operators (ANO) deliver personalized access services in addition to general access services. Exemplary personalized services at an access point can include: spam filtering, antivirus services, filtering access to certain content servers, control access to different restricted IP networks, data optimization, etc.
A subscriber of such a network can purchase one or more sets of the personalized services. Consequently, to deliver a personalized set of access services to a certain subscriber, a complex system and method configuration is needed. The necessity for the complex system and method configuration is at least partly due to the variety type of services, subscribers, demands or preferences of subscribers, types of subscriber equipment (SE), etc. When subscribers have access to multiple services and/or to different restricted IP networks with a variety of types of SE, the network configuration becomes complex.
The network system and method becomes even more complex when an ANO (access-network operator) offers on-line purchasing of services, features, etc., or on-line changing of the personalized set of access services by using a “Call-Center” or a “Self-Care” web-site, for example. An exemplary Call-Center or Self-Care server can enable a subscriber to modify his/her personal set of access services, thus forcing a change in the SE configuration and/or network configuration. Managing, supporting and provisioning of such changes can result in higher costs for providing service, provisioning and management of frequent updates, troubleshooting and technical support for subscribers. Furthermore, such support and flexibility can be considerably time consuming and result in significant administration cost, etc.
Exemplary access network operators can be: a cellular operator, a cable TV operator, a Public Land Mobile Network (PLMN) operator, a Public Switched Telephone Network (PSTN) operator, etc. Throughout the disclosure, the above-listed types of access-networks may be used interchangeably and the cellular network can be used as a representative example of an access network. Exemplary SE (subscriber equipment) can be: mobile telephones, cellular telephones, smart phones, such as but not limited to IPHONE (a trademark of Apple computers Inc), PDA's (Personal Digital Assistants), laptops, notebooks, personal computers, or other computing device with communication capabilities. In the disclosure, the above-listed types of SE may be used interchangeably and the term mobile telephones can be used as a representative example of a generic type of SE.
In a common cellular packet switched network, such as a General Packet Radio Service (GPRS) network, a Gateway GPRS Support Node (GGSN) can act as a gateway between the GPRS network and an Internet Protocol (IP) network. When a subscriber located in the GPRS network wishes to have wireless attachment, connectivity or otherwise communicative coupling to a data network, such as but not limited to, an IP network, the Gateway GPRS Support Node (GGSN) can be the gateway for translating between protocols used over the two networks. The term attachment, communicatively coupled, connected, connectivity, or the like refer to the ability for two devices, systems or elements to share communications and may or may not include a physical and/or dedicated connection and, the term attachment may be used throughout to generically described a communication path between two devices, systems, etc.
When a subscriber wishes to establish an IP session, his/her SE transmits a data session activation message toward an access server at a cellular access-network operator (ANO), for example. The data session activation message is used to attach or communicatively connect or couple an SE to a cellular access network. An exemplary access server can be a Serving GPRS Support Node (SGSN). An exemplary Internet session activation message can include a subscriber ID, such as an International Mobile Subscriber Identity (IMSI) or a Mobile Station International Subscriber Directory Number (MSISDN), and information on the SE capabilities, etc. The SGSN can be the gateway for allowing or denying access (attachment).
Typical methods that are commonly used for allocating access services can include authenticating the SE based on a subscriber name and a password, for example. However, such a method can result in configuration problems and require a subscriber to take certain actions, such as configuring their own SE. Requiring the user to take such actions can be time consuming and in some situations, the subscriber may simply not be sophisticated enough to take such actions.
Another typical method that is used today for providing different sets of access services to different subscribers utilizes an access-point name (APN). In such techniques, each subscriber is provided with an APN from an operator. The APN reflects or is associated with a set of access services that the subscriber can receive or is authorized to utilize. In such access networks, an attachment message will typically include the subscriber's APN number.
After validating, the subscriber's rights or authorizations, such as is typically accomplished by employing the use of a Home Location Register (HLR) and/or an Authentication Authorization and Accounting server (AAA), a public IP address for accessing the Internet is allocated to the SE. The allocated public IP address is then used during the current session. A typical ANO has a pool of public IP addresses that can be allocated. The pool of public IP addresses can be divided into groups of public IP addresses and each group can be associated with a set of access services to be executed on a data communication session. Some ANO may allocate a private IP address to an incoming packet. The private IP address can be allocated based on an associate APN. When the packet leaves the access network the private IP address is replaced with a public IP address based by a network address translation (NAT), for example.
To deliver the large variety of sets of services to appropriate subscribers who purchase those sets, an exemplary access network operator can utilize one or more routers. The routers operate to intercept the data traffic between the subscribers and the external network, such as the Internet or some other network, and then route the packets to the appropriate set of services according to the set of services that the subscriber is entitled to use or access. As an example, a router can be configured to route packets from a subscriber to the Internet, and vice versa, via a certain set of services based at least in part on the public IP address utilized in the transmitted packets and the type of the application of the session. A few non-limiting examples of routers that can be utilized include the Service Control Engine (SCE) product line manufactured by CISCO, or Content Inspection Director (CID) product line manufactured by RADWARE or the BIG-IP manufactured by F5, etc. Alternatively, or in addition, a chain of routers can be used with each router being located at the egress of a service, and configured to route the data packets toward a next service according to public IP address associated with the data packets and a routing table. Consequently, a multiple routers/equipment is needed to supply the various services for each APN.
As the technology quickly advances, new personal services are created. Several complications are encountered during typical operations because new personal services are frequently added. When new services are added, the operator needs to be frequently updated regarding the new services. In addition, routing tables associating the public IP addresses and the set of access services need to be updated with the new services and changes the groups of IP addresses also need to be updated. The relationship between the numbers of sets of services for each new added service is a permutation relation not a linear relation, thus the up-dating process is a long and complicated effort.
Furthermore, this method is limited to a certain number of combinations of services because the pool of public IP addresses of the ANO is limited. Because the number of public IP address in each group is limited, the number of subscribers with similar access services and similar APN that can be served simultaneously is also limited. Furthermore, changing the access services that a subscriber can purchase and/or changing the personalized set of services and/or the SE can also require changing the configuration of the routers and/or changing the APN at the SEs and/or the groups in the pool of the public IP addresses.