User equipments (UEs), such as smartphones, computers, etc., have become more capable of accessing the Internet and other data networks that communicate using data packets according to the internet protocol (IP). Thus, the Third Generation Partnership Project (3GPP) has begun considering specifications that define how a 3GPP-compliant UE can attach to a 3GPP-compliant evolved packet system (EPS) through a non-3GPP access network and can move between a 3GPP, or cellular, access network and a non-3GPP, or non-cellular, access network connected to an EPS. An EPS typically includes an evolved packet core (EPC) network and an evolved radio access network (RAN). It will be understood that the terms “cellular” and “non-cellular” as used in this application refer to whether or not a network is governed by 3GPP technical specifications, and not necessarily to any geographic characteristics of the radio coverage of the network.
3GPP categorizes non-3GPP access networks as either “non-trusted” or “trusted”, with a non-trusted non-3GPP access network currently being one that has an IP-security (IPsec) tunnel established between the UE and the EPS, and a trusted non-3GPP access network currently being one that does not have an established IPsec tunnel. A trusted non-3GPP access network does not have an established IPsec tunnel because the non-3GPP access network supports sufficient security mechanisms on the access layers. The interface and reference point between a non-trusted non-3GPP access network and a 3GPP EPC network is called S2b, and the interface and reference point between a trusted non-3GPP access network and a 3GPP EPC network is called S2a.
The development of the S2a interface is currently described in 3GPP Technical Report (TR) 23.852, Study on S2a Mobility based on GTP and WLAN Access to EPC (SaMOG), Stage 2 (Release 11). 3GPP TR 23.852 is intended to describe necessary stage 2 message flows to support S2a based on the general packet radio service (CPRS) tunneling protocol (GTP), and mobility between GTP-S5/S8 and GTP-S2a, as well as support for access to the EPS through S2a from a wireless local area network (WLAN), e.g., a WLAN compliant with the IEEE 802.11 standards. It will be understood of course that the S2a interface applies to the proxy mobile IP (PMIP) protocol as well as to the GTP, as described in Clause 16 of 3GPP TS 23.402 v11.2.0, Architecture Enhancements for Non-3GPP Accesses (Release 11) (March 2012), for example.
For UE access through a WLAN to the EPS through S2a, it is currently assumed that the UE and the EPS mutually authenticate through the WLAN, with such authentication specified in Clause 4.9.1 of 3GPP TS 23.402, that the confidentiality and integrity of UE traffic over the WLAN air link can be protected as defined by IEEE 802.11, and that there is a point-to-point link between the UE and a non-3GPP access network GTP peer. WLAN security mechanisms provide the WLAN trusted access to the EPS, e.g., using extensible authentication protocol (EAP) and IEEE 801.1X messaging over the WLAN air link.
FIG. 1A illustrates an example architecture of a network 100 for roaming EPS access through GTP-based S5 and S2a, and FIG. 1B illustrates the network 100 and a general message flow for initial attachment with network-based mobility management over GTP-S2a. FIG. 1A corresponds to FIG. 16.1.1-3 and FIG. 1B corresponds to FIG. 16.2.1-1 of Clause 16 of 3GPP TS 23.402.
As shown in FIGS. 1A, 1B, the network 100 includes a Home Public Land Mobile Network (HPLMN) and a Visited PLMN (VPLMN) that together can be called a 3GPP Network, a user equipment (UE), and a Non-3GPP Access Network. The Non-3GPP Access Network includes a Trusted Non-3GPP Access Network portion that includes an Access Point (AP) and a GTP Peer, and the AP can contain an access network query protocol (ANQP) server supporting communication compliant with the IEEE 802.11u specification. In FIG. 1B, the Trusted Non-3GPP Access Network portion is indicated as a Trusted WLAN Access Network (TWAN). The VPLMN typically includes a 3GPP Access portion, a Serving Gateway (SGW), a PDN gateway (GW), an authentication, authorization, and accounting (AAA) Proxy server, a visitor policy and charging rules function (vPCRF), and a cloud of IP services provided by the VPLMN and Proxy servers to IP services provided by the HPLMN. As the network 100 is depicted in FIG. 1A, the SGW is not used when non-3GPP access is used. The HPLMN includes a Home Subscriber System (HSS), a AAA Server, a home PCRF (hPCRF), and a cloud of IP services provided by the operator of the HPLMN. Interfaces between entities depicted in FIG. 1A are identified by names specified by 3GPP. It will be understood that the VPLMN is included in the 3GPP network only when the UE roams out of its HPLMN, and so the VPLMN is shown in FIG. 1A for completeness.
It will be noted that the parameters signaled in the GTP-S2a message flow are still undergoing standardization (see, e.g., 3GPP TR 23.852). It will also be noted that a respective point-to-point link between each UE and a GTP Peer in the Trusted Non-3GPP Access network is assumed, and that the Trusted Non-3GPP Access network does not do any routing of UE traffic between an AP, such as a Wireless Fidelity (WiFi) AP, in the Trusted Non-3GPP Access network and a GTP Peer. The WiFi AP applies upstream and downstream forced-forwarding between the UE's WiFi air link and the link between the WiFi AP and the GTP Peer, and the GTP Peer applies upstream and downstream forced-forwarding between the WiFi AP-GTP Peer link and the UE's GTP tunnel between the GTP Peer and the PDN GW.
Aspects of communication in the network 100 are described in, for example, U.S. Patent Application Publications No. 2011/0035787 by M. Naslund et al. for “Access through Non-3GPP Access Networks”; No. 20110200007 by Z. Qiang for “Interworking between Systems Using Different IP Mobility Management Protocols”; and No. 2011/0271117 by Z. Qiang for “User Equipment (UE), Home Agent Node (HA), Methods, and Telecommunications System for Home Network Prefix (HNP) Assignment”.
As currently specified by 3GPP in 3GPP TS 23.402, when a UE accesses the EPS through a Trusted Non-3GPP Access network using the S2a interface and EAP Authentication successfully completes, the UE gets one IP address and establishes one PDN connection using a default APN where handover is not performed. The trigger to set up the S2a GTP tunnel is either successful authentication (steps 3-7 in block A in FIG. 1B) or an explicit layer-3 (L3) attach request from the UE (steps 10-14 in block B in FIG. 1B). Each PDN connection is represented by an IP address (or IP prefix) assigned to the UE by a DHCP server. Such operation can be considered overly restrictive because when the UE accesses the EPS using a 3GPP network, the UE can establish multiple PDN connections in parallel, and when the UE accesses the EPS using an S2b interface (not shown), the UE can also establish multiple PDN connections in parallel.
A future UE using the S2a interface may wish to establish multiple PDN connections, and/or to establish a PDN connection using an APN other than the default APN, and/or to handover an existing PDN connection. Collectively, those three features are called advanced S2a-WLAN (advWLAN) features in this application. Such a UE may not wish to establish and be charged for one PDN connection with a default APN without handover as required by 3GPP Release 11. Nevertheless, a UE currently is not aware of network capabilities regarding advWLAN feature support, and so just by performing successful EAP Authentication, a UE may unintentionally establish and be charged for the one PDN connection with a default APN without handover, which is established by a Trusted Non-3GPP Access Network compliant with 3GPP Release 11.
Of course, a network can expect access attempts by a mix of UEs that one or more advWLAN features (which will often be newer UEs), and UEs that do not support those features (which will often be legacy UEs). Moreover, accesses can even be attempted with a mix of networks that support advWLAN features, and networks that do not support those features. It is desirable for a network to provide access and efficient service to both types of UEs, and it is also desirable for a UE to avoid establishing and being charged for one PDN connection with a default APN without handover just by performing successful EAP Authentication.