NETWORK ACCESS RESTRICTION

TECHNOLOGICAL FIELD

[0001] A method, apparatus and computer program product are provided for service network access restriction at an application server utilizing service access parameters.

BACKGROUND

[0002] In order to have increased and efficient control over their networks and the services running on those networks and to comply with governmental regulatory requirements for some third party and native services, such as voice over WiFi service, telecommunications providers are developing new mechanisms for supporting service network access restriction.

BRIEF SUMMARY

[0003] Current telecommunication systems do not provide granularity and specific access restrictions towards third party and native services. Instead, they rely on rejecting a service network registration request at core network services or forcing user equipment to change registration related information if a registration attempt is unsuccessful.

[0004] Methods, apparatuses, and computer program products are therefore provided in accordance with certain example embodiments in order to provide service network access restriction at an application server. Some embodiments restrict service network access using service access parameters.

[0005] In an example embodiment, a method is provided for service network access restriction at an application server. The method includes receiving a service registration request for a user equipment service from a core network function. The method also includes performing a service access restriction at the application server and determining a service access parameter is not met. The method further includes restricting a network access to the service.

[0006] The method of an example embodiment may also cause transmission of a service access restriction message in relation to access to the service by the user equipment. In one embodiment, the method also includes starting the service access restriction at the application server by initiating a timer to delay a user equipment registration procedure until receiving the registration success message. In this embodiment, restricting the network access to the service includes causing transmission of a network registration error message to the core network function and causing

transmission of a user equipment registration error message to the user equipment. In an embodiment in which the network registration error message includes a service restriction indication, the method may also include receiving one or more network access restriction parameters from the core network function for the service and causing transmission of the network access restriction parameters to the user equipment.

[0007] The method of an example embodiment also includes causing transmission of a registration notification to the user equipment. The registration notification includes an alternative service registration method for a network access. The method of this embodiment further includes receiving an alternative service registration request for a user equipment service from a core network function. In one example embodiment, the service registration request includes a request from a voice over WiFi service, the service access parameter includes a location age requirement, the alternative service registration method for the network access includes a voice over a mobile network service, and the alternative service registration request includes a request from the voice over a mobile network service. The method of an example embodiment also includes determining the service access parameter is met and allowing the network access to the service by causing transmission of a network registration success message to the core network function and causing transmission of a user equipment registration success message to the user equipment.

[0008] In another example embodiment, an apparatus is provided for service network access restriction at an application server. The apparatus includes at least one processor and at least one memory including computer program code with the at least one memory and the computer program code configured to, with the processor, cause the apparatus to receive a service registration request for a user equipment service from a core network function. The at least one memory and the computer program code are configured to, with the processor, cause the apparatus to perform a service access restriction at the application server and to determine a service access parameter is not met. The at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to restrict a network access to the service.

[0009] The at least one memory and the computer program code are further configured to, with the processor, cause the apparatus of an example embodiment to cause transmission of a service access restriction message in relation to access to the service by the user equipment. To start the service access restriction at the application server, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus of an example embodiment to initiate a timer to delay a user equipment registration procedure until receiving the registration success message. In order to restrict the network access to the service, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus of an example embodiment to cause transmission of a network registration error message to the core network function and to cause transmission of a user equipment registration error message to the user equipment. In an embodiment in which the network registration error message includes a service restriction indication, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to receive one or more network access restriction parameters from the core network function for the service and to cause transmission of the network access restriction parameters to the user equipment.

[0010] The at least one memory and the computer program code are further configured to, with the processor, cause the apparatus of an example embodiment to cause transmission of a registration notification to the user equipment. The registration notification includes an alternative service registration method for a network access. The at least one memory and the computer program code are also configured to, with the processor, cause the apparatus of this example embodiment to receive an alternative service registration request for a user equipment service from a core network function. In an example embodiment, the service registration request includes a request from a voice over WiFi service, the service access parameter includes a location age requirement, the alternative service registration method for the network access includes a voice over a mobile network service, and the alternative service registration request includes a request from the voice over a mobile network service. The at least one memory and the computer program code are further configured to, with the processor, cause the apparatus of an example embodiment to determine the service access parameter is met and to allow the network access to the service by causing transmission of a network registration success message to the core network function and causing transmission of a user equipment registration success message to the user equipment.

[0011] In a further example embodiment, a non-transitory computer-readable storage medium is provided for service network access restriction at an application server. The non-transitory computer-readable storage medium stores program code instructions that, when executed, cause an apparatus to receive a service registration request for a user equipment service from a core network function. The program code instructions also cause the apparatus to perform a service access restriction at the application server and to determine a service access parameter is not met. The program code instructions further cause the apparatus to restrict a network access to the service.

[0012] The program code instructions of an example embodiment also cause the apparatus to cause transmission of a service access restriction message in relation to access to the service by the user equipment. In one embodiment, the program code instructions further cause the apparatus to start the service access restriction at the application server by initiating a timer to delay a user equipment registration procedure until receiving the registration success message. In this example embodiment, restricting the network access to the service further includes causing transmission of a network registration error message to the core network function and causing transmission of a user equipment registration error message to the user equipment. In an embodiment in which the network registration error message includes a service restriction indication, the program code instructions further cause the apparatus to receive one or more network access restriction parameters from the core network function for the service and to cause transmission of the network access restriction parameters to the user equipment.

[0013] The program code instructions of an example embodiment further cause the apparatus to cause transmission of a registration notification to the user equipment. The registration notification includes an alternative service registration method for a network access. In this example embodiment, the program code instructions also cause the apparatus to receive an alternative service registration request for a user equipment service from a core network function. In an example embodiment, the service registration request includes a request from a voice over WiFi service, the service access parameter includes a location age requirement, the alternative service registration method for the network access includes a voice over a mobile network service, and the alternative service registration request includes a request from the voice over a mobile network service. In an example embodiment, the program code instructions further cause the apparatus to determine the service access parameter is met and to allow the network access to the service by causing transmission of a network registration success message to the core network function and causing transmission of a user equipment registration success message to the user equipment. [0014] In yet another example embodiment, an apparatus is provided for service network access restriction at an application server. The apparatus includes means for receiving a service registration request for a user equipment service from a core network function. The apparatus also includes means for performing a service access restriction at the application server and means for determining a service access parameter is not met.

The apparatus further includes means for restricting a network access to the service.

[0015] The apparatus of an example embodiment may also include means for causing transmission of a service access restriction message in relation to access to the service by the user equipment. In one embodiment, the apparatus also includes means for starting the service access restriction at the application server by initiating a timer to delay a user equipment registration procedure until receiving the registration success message. In this embodiment, the means for restricting the network access to the service includes means for causing transmission of a network registration error message to the core network function and means for causing transmission of a user equipment registration error message to the user equipment. In an embodiment in which the network registration error message includes a service restriction indication, the apparatus may also include means for receiving one or more network access restriction parameters from the core network function for the service and means for causing transmission of the network access restriction parameters to the user equipment.

[0016] The apparatus of an example embodiment also includes means for causing transmission of a registration notification to the user equipment. The registration notification includes an alternative service registration method for a network access. The apparatus of this embodiment further includes means for receiving an alternative service registration request for a user equipment service from a core network function. In one example embodiment, the service registration request includes a request from a voice over WiFi service, the service access parameter includes a location age requirement, the alternative service registration method for the network access includes a voice over a mobile network service, and the alternative service registration request includes a request from the voice over a mobile network service. The apparatus of an example embodiment also includes means for determining the service access parameter is met and means for allowing the network access to the service by causing transmission of a network registration success message to the core network function and causing transmission of a user equipment registration success message to the user equipment. BRIEF DESCRIPTION OF THE DRAWINGS

[0017] Having thus described certain example embodiments of the invention in general terms, reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:

[0018] Figure 1 is a networked system in accordance with an example embodiment of the present disclosure;

[0019] Figure 2 is a block diagram of an application server apparatus configured in accordance with an example embodiment of the present disclosure;

[0020] Figures 3 -5 and 7-8 are flowcharts illustrating methods for service network access restriction at an application server in accordance with certain example

embodiments of the present disclosure; and

[0021] Figures 6 and 9-10 are flowcharts illustrating service network access restriction in a networked system in accordance with certain example embodiments of the present disclosure.

DETAILED DESCRIPTION

[0022] Some embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all, embodiments of the invention are shown. Indeed, various embodiments of the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like reference numerals refer to like elements throughout. As used herein, the terms“data,”“content,”“information,” and similar terms may be used interchangeably to refer to data capable of being transmitted, received and/or stored in accordance with embodiments of the present invention. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.

[0023] Additionally, as used herein, the term‘circuitry’ refers to (a) hardware-only circuit implementations (e.g., implementations in analog circuitry and/or digital circuitry); (b) combinations of circuits and computer program product(s) comprising software and/or firmware instructions stored on one or more computer readable memories that work together to cause an apparatus to perform one or more functions described herein; and (c) circuits, such as, for example, a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation even if the software or firmware is not physically present. This definition of‘circuitry’ applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term‘circuitry’ also includes an implementation comprising one or more processors and/or portion(s) thereof and accompanying software and/or firmware. As defined herein, a“computer-readable storage medium,” which refers to a physical storage medium (e.g., volatile or non-volatile memory device), may be differentiated from a“computer-readable transmission medium,” which refers to an electromagnetic signal.

[0024] Methods, apparatuses, and computer program products are provided in accordance with example embodiments to provide service network access restriction at an application server as described herein.

[0025] For example, telecommunication network providers would like to restrict third party and native services such as, voice over WiFi access, in certain cases or under certain conditions. Due to network architecture restrictions, one place, sometimes considered the best place, to implement these third party service access restrictions is at an application server or telephony application server (TAS). The application server is responsible for the network connectivity of services running on user equipment. For example, the application server is responsible for connecting voice services, such as voice over long term evolution (VoLTE) and voice over wifi (Vo WiFi). In some examples, the application server implements some restrictions for voice services, such as barring supplementary services. However, other access services and restriction services may be employed. Regardless, the application server may be efficiently used to implement network connectivity restrictions.

[0026] An example of a third party service which may be restricted is voice over WiFi services. For example, if the geo-location of a user’s equipment has not been updated for at least a certain period of time, the telecommunications provider may desire to restrict network access to the voice over WiFi service, until the geo-location of the user has been updated. While geo-location is utilized herein by way of example of the location information, other types of location information may be utilized including location information provided by rich communication services (RCS) or web real time

communication (WebRTC). Additionally, some governmental regulators may also require that some services be restricted according to an assortment of parameters.

[0027] In this example, a goal of checking of location age information is to limit the usage of internet protocol multimedia subsystems via a wireless local area network voice service to a certain location area, such as to avoid location spoofing. Therefore, the available location information must not be older than a threshold that defines information that is considered to be still“trusted information”. The trusted location information is considered to be relatively recently received either user provided location information (UPLI) (session internet protocol (SIP) headers carrying the access type and/or the last known circuit switched (CS) location) or network provided location information (NPLI) (retrieval of location from the 3 ^rd generation partnership project (3GPP) home location register or home subscription server (HSS)).

[0028] In one example, when a user remains at one location, the users’ user equipment (UE) would periodically update location information. Thus, the age of location

information is younger than the time that the user arrived at the current location. However, if a user moves to another location and the geo-location information is not updated, the available information gets older and cannot be considered as trusted information. As described according to the methods herein, because this geo-location information cannot be trusted anymore since it is outdated, the voice over WiFi service’s network access request is rejected.

[0029] Figure 1 is a networked system 100 in accordance with an example

embodiment of the present disclosure. Figure 1 specifically illustrates User Equipment (UE) 102, which may be in communication with an Application Server or Telephony Application Server (TAS) 104 and, in turn, in communication with Core Network Services (CNS) 106. Core network services may include serving call session control function (S- CSCF) 602 and HSS 603 as shown in Figure 6, S-CSCF 904 and HSS 905 as shown in Figure 9, and/or S-CSCF 1004 and HSS 1005 as shown in Figure 10. Also, while not shown in Figure 1, the AS 104 may also include services and/or hardware to communicate with the UE 102 such as proxy call session control function P-CSCF 601 as shown in Figure 6, P-CSCF 903 as shown in Figure 9, and P-CSCF 1001 as shown Figure 10.

Additionally, while not shown in Figure 1, the AS 104 may utilize intermediate services and/or hardware to communicate with the UE 102 such as a packet gateway (PGW) 901 and authentication, authorization, and accounting function (AAA) 902 as shown in Figure 9.

[0030] Turning now to Figure 2, an example of a TAS 104 is depicted that may be embodied as a TAS apparatus including processing circuitry 200 as configured in accordance with an example embodiment of the present disclosure. As described below in conjunction with Figures 3-10, the TAS 104 of an example embodiment may be configured to perform the functions described herein. In any instance, the TAS 104 may more generally be embodied by a computing device, such as a server, a personal computer, a computer workstation or other type of computing device including those functioning as network equipment. Regardless of the manner in which the TAS 104 is embodied, the apparatus of an example embodiment may be configured as shown in Figure 2 so as to include, be associated with or otherwise be in communication with processing circuitry 200 including, for example, a processor 202 and a memory device 204 and, in some embodiments, and/or a communication interface 206.

[0031] In the processing circuitry 200, the processor 202 (and/or co-processors or any other circuitry assisting or otherwise associated with the processor) may be in

communication with the memory device 204 via a bus for passing information among components of the TAS 104. The memory device may include, for example, one or more volatile and/or non-volatile memories. In other words, for example, the memory device may be an electronic storage device (e.g., a computer readable storage medium) comprising gates configured to store data (e.g., bits) that may be retrievable by a machine (e.g., a computing device like the processor). The memory device may be configured to store information, data, content, applications, instructions, or the like for enabling the apparatus to carry out various functions in accordance with an example embodiment of the present invention. For example, the memory device could be configured to buffer input data for processing by the processor. Additionally or alternatively, the memory device could be configured to store instructions for execution by the processor.

[0032] The TAS 104 may, in some embodiments, be embodied in various computing devices as described above. However, in some embodiments, the apparatus may be embodied as a chip or chip set. In other words, the apparatus may comprise one or more physical packages (e.g., chips) including materials, components and/or wires on a structural assembly (e.g., a baseboard). The structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon. The apparatus may therefore, in some cases, be configured to implement an embodiment of the present invention on a single chip or as a single“system on a chip.” As such, in some cases, a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.

[0033] The processor 202 may be embodied in a number of different ways. For example, the processor may be embodied as one or more of various hardware processing means such as a coprocessor, a microprocessor, a controller, a digital signal processor (DSP), a processing element with or without an accompanying DSP, or various other circuitry including integrated circuits such as, for example, an ASIC (application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like. As such, in some embodiments, the processor may include one or more processing cores configured to perform independently. A multi-core processor may enable multiprocessing within a single physical package. Additionally or alternatively, the processor may include one or more processors configured in tandem via the bus to enable independent execution of instructions, pipelining and/or multithreading.

[0034] In an example embodiment, the processor 202 may be configured to execute instructions stored in the memory device 204 or otherwise accessible to the processor. Alternatively or additionally, the processor may be configured to execute hard coded functionality. As such, whether configured by hardware or software methods, or by a combination thereof, the processor may represent an entity (e.g., physically embodied in circuitry) capable of performing operations according to an embodiment of the present disclosure while configured accordingly. Thus, for example, when the processor is embodied as an ASIC, FPGA or the like, the processor may be specifically configured hardware for conducting the operations described herein. Alternatively, as another example, when the processor is embodied as an executor of instructions, the instructions may specifically configure the processor to perform the algorithms and/or operations described herein when the instructions are executed. However, in some cases, the processor may be a processor of a specific device (e.g., an encoder and/or a decoder) configured to employ an embodiment of the present invention by further configuration of the processor by instructions for performing the algorithms and/or operations described herein. The processor may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor.

[0035] In embodiments that include a communication interface 206, the

communication interface may be any means such as a device or circuitry embodied in either hardware or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in

communication with the TAS 104, such as UE, radio access network, core network services, an application server/function, a database or other storage device, etc. In this regard, the communication interface may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network. Additionally or alternatively, the communication interface may include the circuitry for interacting with the antenna(s) to cause transmission of signals via the antenna(s) or to handle receipt of signals received via the antenna(s). In some environments, the communication interface may alternatively or also support wired communication. As such, for example, the communication interface may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms.

[0036] Referring now to Figure 3, the operations performed, such as by the TAS 104 of Figure 2 which may be embodied by or in association with processing circuitry 200, are illustrated in order to provide service network access restriction at an application server (TAS). As shown in block 302 of Figure 3, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for receiving a service registration request for a user equipment service from a core network function. For example, as shown in operations 610, 612 and 616 in Figure 6, a SIP

Register request is received via WiFi from UE 102 by P-CSCF 601 and by S-CSCF 602. This in turn causes a SIP register request to be sent from the S-CSCF 602 to the TAS 104 in operation 616. In one example, this SIP request may be a request for a voice over WiFi service. While demonstrated in Figure 6 as a SIP register request via WiFi, the service registration request may comprise any third party service or user equipment native service. Other examples of this process are shown in Figure 9 as operations 910, 912, and 916 and in Figure 10 as operations 1010, 1012, and 1016. While described herein with references to a SIP REGISTER request for VoWifi, SIP Register requests can be used for any SIP services, not only for VoWiFi. Similarly, the access type could be any access, such as fixed access or a specific type of cellular access. In some examples, each SIP network element in the internet protocol (IP) multimedia subsystem (IMS) may make modifications to the service registration request, such as adding, removing or changing parameters of the request.

[0037] As shown in block 304 of Figure 3, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for performing a service access restriction at the application server. For example, as shown in Figure 6 as operation 614, the TAS 104 may start or initiate a service access restriction. In some examples, the service access restriction delays registration, such as by initiating a timer delay to delay the registration of the UE, such as the registration of UE 102 with core network services such as HSS 603 as shown in Figure 6. This process is further described in relation to Figure 5. As also shown in Figure 6, the core network services may allow a registration of the third party service (e.g., a SIP register via WiFi), but the TAS 104 may be configured to restrict the access according to a given policy.

[0038] As shown in block 306 of Figure 3, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for determining a service access parameter is not met. In some examples, the service access parameter may comprise a location age requirement for the UE 102. For example, if the user’s geo-location has not been updated in a certain period of time (e.g., 30 minutes) the service access parameter is not met and the network access is restricted. In some examples, the user’s location is checked with both (initial) registration and (e.g.

periodical) re-registrations. If a recent subscriber location is received (e.g., a 2 ^nd generation (2G)/3 ^rd generation (3G) location is received due to new registration to circuit switched/packet switched network), the voice services via VoWiFi are also accepted (until the certain threshold time is exceeded).

[0039] As shown in block 308 of Figure 3, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for restricting a network access to the third party service. For example, as shown in operation 618 of Figure 6 the TAS 104 may restrict network access to UE 102 by returning a SIP 4xx error message, as shown in operation 620. This in turn causes S-CSCF 602 to transmit a SIP 4xx error message to the UE through the P-CSCF 601 as shown in operations 622 and 624 and further described in relation to Figure 5.

[0040] Referring now to Figure 4, the operations performed, such as by the TAS 104 of Figure 2 which may be embodied by or in association with processing circuitry 200, are illustrated in order to further provide service network access restriction at an application server (TAS). As shown in block 402 of Figure 4, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for causing transmission of a service access restriction message to the service on the user equipment. For example, the TAS 104 may transmit a message to the UE 102 which may indicate to a user that they should either use a different service or perform a function that satisfies the service access restriction. For example, the message may indicate to a user to utilize a different voice service, such as voice over long term evolution (LTE) and/or update the location age of the UE 102. In some examples, the core network services may select appropriate cause codes and other additional information to be included in the service access restriction message to influence user equipment behavior. [0041] As shown in block 404 of Figure 4, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for determining the service access parameter is met. For example, if after the first

determination that the service access parameter is not met, TAS 104 may determine that the service access parameter is met. For example, if a user updates their location age information by updating the geo-location of the UE 102, the service access parameter may be updated and the TAS 104 may then determine that the service access parameter has been met.

[0042] As shown in block 406 of Figure 4, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for allowing the network access to the service. Allowing the network access may be performed by the processes shown in blocks 408 and 410.

[0043] As shown in block 408 of Figure 4, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202, communication interface 206 or the like, for causing transmission of a network registration success message to the core network function.

[0044] As shown in block 410 of Figure 4, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202, communication interface 206, or the like, for causing transmission of a user equipment registration success message to the user equipment. For example, as shown in operation 618 of Figure 6 the TAS 104 may restrict network access to UE 102 by returning a SIP 200 success message, as shown in operation 620. This in turn causes S-CSCF 602 to transmit a SIP 200 success message to the UE through the P-CSCF 601 as shown in operations 622 and 624. In some examples, this completes the registration process and allows the service to access the network. For example, the voice over WiFi call may proceed and be placed over the network.

[0045] Referring now to Figure 5, the operations performed, such as by the TAS 104 of Figure 2 which may be embodied by or in association with processing circuitry 200, are illustrated in order to provide service network access restriction at an application server (TAS). As shown in block 502 of Figure 5, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for initiating a timer to delay a user equipment registration procedure until receiving the registration success message. In some examples, this timer may be delayed enough to allow for the service network access restriction to be determined. If an error is detected and/or the timer expires, then an error response may be transmitted to the user’s user equipment. In some examples, the timer may comprise a five second or a ten second timer.

[0046] As shown in block 504 of Figure 5, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for causing transmission of a network registration error message to the core network function. See, for example, operation 620 in Figure 6. In some examples, the network registration error message comprises a service restriction indication which provides the core network functions with information about the registration error.

[0047] As shown in block 506 of Figure 5, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for causing transmission of a user equipment registration error message to the user equipment. See, for example, operations 622 and 624 in Figure 6. In some examples, the user equipment registration error message may include standard SIP error codes and additional information.

[0048] Referring now to Figure 7, the operations performed, such as by the TAS 104 of Figure 2 which may be embodied by or in association with processing circuitry 200, are illustrated in order to provide another method for service network access restriction at an application server (TAS). The operations described herein are also shown in relation to Figure 9, which provides an additional example of a method for service network access restriction that both delays the registration as described above in conjunction with Figure 6 and that re-uses the P-CSCF re-selection mechanism for WiFi-based restriction in an effort to force re-establishment and registration using VoLTE. For example, operations 910, 912, 916, and 918 may be substantially similar to operations 610, 612, 614, and 616, respectively, of Figure 6. As shown in operation 920, S-CSCF 904 may inform HSS 905 that the service is access restricted. The TAS 104 may also be configured to inform the HSS 905 that the service is access restricted. The HSS 905 and/or S-CSCF 904 may then determine network access restriction parameters from the core network functions and may transmit the restrictions to network components such as AAA 902 as shown in operation 924. The network access restriction parameters may include instructions and rules that when implemented by other network components avoid several re-registration-attempts from user equipment, such as user equipment 102. For example, a timer value may be instituted to avoid reattempts by the UE 102 to reattempt connecting to voice over WiFi services. The network access restrictions parameters may also provide for a user to take actions to select the other available access type (such as switching on a WiFi Access Point, updating the geo-location, etc.).

[0049] Referring back to Figure 7 and as shown in block 702, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for receiving one or more network access restriction parameters from the core network function for the service. For example, as shown in operation 930, the S- CSCF 904 may transmit a sip notify message to the P-CSCF 903.

[0050] As shown in block 704 of Figure 7, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for causing transmission of the network access restriction parameters to the user equipment. For example, as shown in operation 932, the P-CSCF 903 may transmit the network access restriction parameters to the UE 102. In some examples, AAA 902 and PGW 901 may utilize the network access restriction parameters in conjunction with the UE 102, to stop the UE 102 attempting to use the restricted third party service and connect to the network via another connection method. For example, as shown in operations 934-940, the UE 102, PGW 901 and AAA 902, may cease to attempt connection for voice over WiFi and instead connect via a voice over a mobile network service such as a voice over a long term evolution (LTE) service.

[0051] Referring now to Figure 8, the operations performed, such as by the TAS 104 of Figure 2 which may be embodied by or in association with processing circuitry 200, are illustrated in order to provide another example of a method for service network access restriction at an application server (TAS). The operations described herein are also shown in relation to Figure 10, which provides an additional example of a method for service network access restriction by adding a payload, e.g., an extensible markup language (xml) payload to a SIP response in order to provide information concerning the restriction to the user. For example, operations 1010, 1012, 1014, and 1018, and 1020 may be substantially similar to operations 610, 612, 614, and 616, respectively, of Figure 6. In this regard, in order to avoid an instance in which the subscription to registration event package is not yet ready, a delay may be introduced as described above in conjunction with Figure 6. As shown by operation 1024, the UE 102 may also subscribe to a registration event package. In this example, the registration event package procedure is finalized before receiving the result of the WiFi access restriction mechanism, thus the SIP NOTIFY message in operation 1028 may be used to inform the UE of information concerning the restriction including informing the end user or the user of UE 102 of the restrictions. In one embodiment, the UE supports subscribing to the registration event package so as to trigger an event when a specific SIP response with a specific payload, e.g., an xml payload, is received. The payload, such as the xml payload, can include information regarding the network originating restriction and, in some instance, instructions, such as instructions regarding a subsequent attempt to connect via WiFi after having connected via another access network, such as VoLTE, 2G, 3G or the like. By way of example, the payload, such as the xml payload, may define a timer value that, in turn, defines the length of time that the UE is to wait prior to again attempting to gain access, thereby avoiding repeated re-registration attempts by the UE and encouraging the user to utilize other access options.

[0052] Referring back to Figure 8 and as shown in block 802, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for causing transmission of a registration notification to the user equipment, wherein the registration notification includes an alternative service registration method for a network access. See, for example, operation 1028 of Figure 10.

[0053] As shown in block 804 of Figure 8, the apparatus of this example embodiment includes means, such as the processing circuitry 200, the processor 202 or the like, for receiving an alternative service registration request for a user equipment service from a core network function.

[0054] As further shown in Figure 10, the UE 102 may automatically select an alternative service according to the network access restriction parameters. For example, the UE may automatically attempt to connect via voice over FTE and transmit a service registration request to the TAS 104.

[0055] As described herein methods, apparatuses, and computer program products are provided in accordance with certain example embodiments in order to provide for service network access restriction at an application server. The example embodiments described herein provide for restricting a third party or native service at an application server and thus providing efficient and effective control over third party and native service network utilization.

[0056] As described above, Figures 3, 4, 5, 7, and 8 illustrate flowcharts of an apparatus, method, and computer program product according to example embodiments of the invention. It will be understood that each block of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by various means, such as hardware, firmware, processor, circuitry, and/or other devices associated with execution of software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory device 204 of an apparatus employing an embodiment of the present invention and executed by processing circuitry 200, e.g., a processor 202, of the apparatus. As will be appreciated, any such computer program instructions may be loaded onto a computer or other programmable apparatus (e.g., hardware) to produce a machine, such that the resulting computer or other programmable apparatus implements the functions specified in the flowchart blocks. These computer program instructions may also be stored in a computer-readable memory that may direct a computer or other

programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture, the execution of which implements the function specified in the flowchart blocks. The computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide operations for implementing the functions specified in the flowchart blocks.

[0057] Accordingly, blocks of the flowcharts support combinations of means for performing the specified functions and combinations of operations for performing the specified functions for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.

[0058] In some embodiments, certain ones of the operations above may be modified or further amplified. Furthermore, in some embodiments, additional optional operations may be included. Modifications, additions, or amplifications to the operations above may be performed in any order and in any combination.

[0059] Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.