| WO1997048210A1 | 1997-12-18 | |||
| WO1995027942A1 | 1995-10-19 | |||
| WO1997048246A1 | 1997-12-18 |
| EP0483547A1 | 1992-05-06 |
| 1. | Procedure to establish a data connection with a mobile terminal (104) in a digital mobile network (101), at which the mobile network (101) is connected to data processing resources in a local network (102), c h a r a c t e r i s e d in that the data processing resources perform the steps: allocation (202) of a local network address to the mobile terminal (104), allocation (202) of a unique network address to the mobile terminal (104), determination of a relation between the local network address and the unique network address, reception (206) of a request for a data connection to the unique network address, establishing (210) of a data connection to the unique network address, at which the set up (210) is performed depending on the relation between the local and the unique network address. |
| 2. | Procedure as claimed in patent claim 1, further c h a r a c t e r i s e d in that at least the step to allocate the mobile terminal (104) a local network address is preceded by, and performed depending on, a step (201) that includes a detection of activation of the mobile terminal (104). |
| 3. | Procedure as claimed in any of the patent claims 12, at which request for data connection includes a request for at least one appointed type of data connection, further c h a r a c t e r i s e d in that it also includes the step: determination (207) of whether the mobile terminal (104) is accessible for a data connection of the appointed type, and that the step to set up (210) the data connection to the unique network address also is made dependent on the accessibility. |
| 4. | Procedure as claimed in patent claim 3, further c h a r a c t e r i s e d in that the determination (207) of whether the mobile terminal (104) is accessible for a data connection includes the step: comparison of the appointed type of data connection with a list of accessible types of data connections, and that the determination (207) is made dependent on the comparison. |
| 5. | Procedure as claimed in any of the patent claims 14, further c h a r a c t e r i s e d in that is also includes the step: identification (207) of an origin for request for a data connection, and that the set up (210) of the data connection is performed depending on the origin. |
| 6. | Procedure as claimed in patent claim 5, further c h a r a c t e r i s e d in that identification of an origin for request for a data connection includes the step: comparison (207) of the identified origin with a list (300) over origins, the request of which about set up of data connection shall be allowed, and that the set up (210) is made depending on the comparison. |
| 7. | Procedure as claimed in patent claim 6, further c h a r a c t e r i s e d in that the comparison of the origin with the list (300) over allowed origins includes the steps: collection of a password from the origin, comparison (208) of the collected password with a list of passwords (306) associated with different origins, and that the set up (210) is made depending on the comparison. |
| 8. | Procedure as claimed in any of the patent claims 17, further c h a r a c t e r i s e d in that it includes the step: storing of request for a data connection to the unique network address, at which the storing is made depending on the relation between the local and the unique network address. |
| 9. | Procedure as claimed in patent claim 8, further c h a r a c t e r i s e d in that it includes the step: deletion of the stored request for the data connection, at which the deletion is made depending on a predetermined measure of time. |
| 10. | Device capable to set up a data connection with a mobile terminal (104) in a digital mobile network, at which the mobile network (101) is in connection with data processing resources in a local network, c h a r a c t e r i s e d in: device (107) for allocation of a local network address to the mobile terminal (104), device (111) for allocation of a unique network address to the mobile terminal (104), device (111) for determination of a relation between the local network address and the unique network address, devices (111,112) for reception of a request for a data connection to the unique network address, device (112) for establishing of a data connection to the unique network address depending on the relation between the local and the unique network address. |
| 11. | Device as claimed in patent claim 1C, further c h a r a c t e r i s e d in that at least the device (107), for allocating the mobile terminal (104) a local network address, includes devices for detection of activation of the mobile terminal (104). |
| 12. | Device as claimed in any of the patent claims 1011, at which request for data connection includes a request for at least one appointed type of data connection, further c h a r a c t e r i s e d in: device (112) for determination of whether the mobile terminal (104) is accessible for a data connection of the appointed type. |
| 13. | Device as claimed in patent claim 12, further c h a r a c t e r i s e d in that the device (112) for determination of whether the mobile terminal (104) is accessible for a data connection includes: device for comparison of the appointed type of data connection with a list (300) of accessible types of data connections. |
| 14. | Device as claimed in any of the patent claims 1013, further c h a r a c t e r i s e d in: device (112) for identification of an origin for request for a data connection. |
| 15. | Device as claimed in patent claim 14, further c h a r a c t e r i s e d in: device (112) for comparison of the identified origin with a list over origins, the request of which about set up of data connection shall be allowed. |
| 16. | Device as claimed in patent claim 15, further c h a r a c t e r i s e d in: device (112) for collection of a password from the origin, device (112) for comparison of the collected password with a list over passwords associated with different origins. |
| 17. | Device as claimed in any of the patent claims 1016, further c h a r a c t e r i s e d in: device (112) for storing of request for a data connection to the unique network address. |
| 18. | Device as claimed in patent claim 17, further c h a r a c t e r i s e d in: device (112) for deletion of the stored request for the data connection. |
TECHNICAL FIELD The present invention relates to procedures and devices for control of data connections with a user terminal in a digital mobile communication network.
BACKGROUND In order to meet an increasing demand for data communication, the development of digital mobile communication systems has been forced in a direction to make possible more or less direct set up of mobile terminals to the Internet. An example of this is the so called General Packet Radio Service (GPRS).
GPRS is a data service within the frames of the mobile communication standard GSM and is, as the name implies, a packet switching data service, which essentially makes possible for users of mobile terminals in GSM-networks to communicate with resources on the Internet according to standardised data communication protocols. Within the field of the present invention, communication according to Internet Protocol (IP) is of special interest.
The IP-standard stipulates that data communication shall be made in form of addressed packets, IP packets, which are transmitted from a transmitting computer to a receiving computer via a non-predetermined route through a network of computers in between that connects the transmitting computer and the receiving computer. Owing to exactly the fact that the IP-packets do not follow a predetermined route, all computers in between in the connecting network
must read and interpret the address of each of the IP- packets that are passing to find out whether the addressee is just the reading computer. This is a designed characteristic of the way to communicate according to the IP-standard. Even if it apparently implies a large amount of unnecessary processing of data packets, it among other things implies an advantage that the transmission of data packets with a high degree of security will function independent of breaks in parts of the network located in between.
Connection of mobile data terminals, which are given possibility to communicate by means of the IP-protocol on the other hand results in that an important aspect must be considered: the mobility itself of the terminal.
The mobility certainly implies well known advantages, but the resources that need to be at hand in order to transmit information via a radio interface, in relation to transmission via a terrestrial interface, are usually much more limited and by that more expensive. To regard a mobile data terminal as a part of an IP-network consequently means that the utilisation of the radio resources should be carefully considered. There consequently is an interest to minimise not wanted data traffic to the mobile terminal.
Further, the mobility has the self-evident effect that the terminals not always are within range of communication in the radio network. A terminal can from time to time be in very different locations, connected to different radio networks, where the accumulation of other mobile terminals can be of very different size. This results in that the, according to the IP-standard, limited IP-address space limits the number of simultaneously, to the radio network, connected mobile terminals.
With the above presented background, it consequently is a general problem to, with an efficient utilisation of resources, make possible set up of data connections with a mobile data terminal in a mobile network.
DESCRIPTION OF THE INVENTION One aim of the present invention is to present a solution of a problem with efficient utilisation of resources at set up of data connections with a mobile data terminal in a mobile network.
The invention presents a procedure and a device that, with their respective characteristics, describe how control of set up of data connections with the mobile terminal solves this problem.
In some more details are shown a procedure and a device to establish a data connection with a mobile terminal in a digital mobile network, at which the mobile network is in connection with data processing resources in a local network. The procedure includes steps that are performed by the data processing resources. These steps include: -allocation of a local network address to the mobile terminal, -allocation of a unique network address to the mobile terminal, -determination of a relation between the local network address and the unique network address, -reception of a request for a data connection to the unique network address, -set up of a data connection to the unique network address, at which the set up is performed depending on the relation between the local and the unique network address.
An advantage of the invention is that it makes possible direct connection of a mobile data terminal to an external data network, such as Internet without being limited by the to the number limited address space dictated by the IP- standard.
One more advantage with the invention is that it makes possible for a user to, in a cost efficient way, utilise a mobile terminal for set up to, for instance, Internet. This is owing to that data traffic directed to the mobile terminal can be filtered already before the resource demanding radio interface, for instance by the characteristics of authentication of an incoming request according to the invention.
BRIEF DESCRIPTION OF FIGURES Figure 1 shows a schematic drawing of interconnected networks including devices according to the invention.
Figure 2 shows a flow chart over a procedure according to the invention.
Figure 3 shows schematically a table with information that is used according to the invention.
PREFERRED EMBODIMENTS Three interconnected digital communication networks 101, 120,103 are showing Figure 1. A mobile network 101 is capable of managing data communication according to the within the GSM standardised data management service General Packet Radio Service (GPRS). The mobile network 101 is, as other networks in Figure 1, very schematically illustrated.
This is intentionally, because data transmission generally in these types of data networks are regularised by standards such as GSM and IP, and consequently are well known by the expert.
Connected to the mobile network 101 is a number of communication units. A first mobile terminal 104 and a second mobile terminal 106, as well as a service node 117.
The mobile terminals are, as is well known within the field, connected via radio interface 131,132. Because this example is illustrated by a GPRS-network 101, it is implied that the radio interfaces 131,132 between the mobile terminals 104,106 and the mobile network 101 comply with the GSM-standard. The service node 117, which also serves according to the GPRS-standard, has the task to, among other things, control the access of mobile terminals to the mobile network 101, and to keep track of where the mobile terminals 104,106 are geographically.
Connected to the mobile network 101 is a local data communication network 102 to which a number of resources for processing of data are connected. The function of these units will be further discussed below, in connection with a procedure according to the invention. In addition to the resources, there are to the local network 102 a local data terminal 118 connected. Implied is that communication between the different units complies with the, within the field well known, IP-standard.
The local data communication network 102 is interconnected with an external data communication network 103, which in this example can implicitly be Internet, but can of course be further local networks or mobile networks. To the external data communication network 103 an external data terminal 105 is connected in, within the field, well known way according to the IP-protocol.
As a general overview of the embodiments that are presented here can be said that the invention is related to data connections, both between the first mobile terminal 104 and the external data terminal 105, and between the first mobile terminal 104 and the local data terminal 118, as well as between the first 104 and the second 106 mobile terminal. The main characteristics of the invention are essentially related to functions in the units that are interconnected in the local network 102.
The mobile network 101 and the local network 102 are interconnected by an interconnection unit 107, which in GPRS is called"Gateway GPRS Support Node (GGSN)", the main function of which is to forward/transmit IP data traffic between external networks and GPRS-networks, such as the mobile network 101. The interconnection unit 107 is also capable of forwarding/transmitting information about whether a mobile terminal 104,106 is activated or not. In this example is also shown that the interconnection unit 107 has one more function in so far that a part of an address manager 109 is incorporated.
The address manager 109 operates according to the IP- standard"Dynamic Host Configuration Protocol (DHCP)"and has as its main task to, in co-operation with a corresponding address manager 113 in the local network, transmit configuration information between units in the IP- based local network 102. An example of configuration information that is used in the present invention is so called local IP-addresses, as will be discussed further in connection with a procedure illustrated in the Figures 2 and 3.
The local network 102 and the external network 103 are in connection with each other via a firewall unit 108. The firewall unit 108 includes a number of functions, two of
which are indicated in the Figure. An address translator 111 as, for instance, is specified in the IP-standard in a Network Address Translator (NAT) and a so called application proxy 115.
The address translator 111 has knowledge of a table that contains addresses in pairs to the units connected to the local network 102. On the one hand the local address, allocated the units for instance by the address manager 113, and on the other a unique address accessible in the external network 103. The address translator transmits IP- traffic to and from the communicating units in such a way that request about data connections to the unique addresses of the units are translated into request about connections with the corresponding local addresses of the units.
The application proxy 115 functions as a filter for all traffic between the local network 102 and the external network 103. The filtering is made, as is known within the field, on application level so the proxy 115 easily can analyse which type of traffic that wants to go between the networks 102,103 and, by means of suitable filtering conditions, let pass and stop not wanted data traffic.
An example of a procedure according to the invention now will be described with reference to a flow chart in Figure 2, the device in Figure 1, and a detailed illustration of a table in Figure 3.
In an activation step 201 a GPRS-user activates the first mobile terminal 104 with the intention to set up a data connection with the external network 103. The first mobile terminal 104 signals via the first radio interface 131 and via the mobile network 101 to the service node 117. The service node 117 signals further to the interconnection
unit 108 that the GPRS-user wants connection to the local network 102.
In an address allocation step 202, the interconnection unit 108 has received the signal about wanted data connection, after which the address manager exchanges signals with the corresponding address manager 113 in the local network 102.
This exchange between the address management units 109,113 results in that the first mobile terminal 104 is allocated one, for the local network 102, local address. This address is only applicable within the local network 102 and in the mobile network 101.
In a connection step 203, a connection is set up with a service node for GPRS-users 112 (AGS-node 112). The connection is established according to the IP-standard and is made by means of software in the mobile terminal 104 that for instance can be of the type World Wide Web interface (WWW-interface).
In an authentication step 204 is made, according to well known procedures, an exchange of, for instance, passwords between the users of the mobile terminal and the AGS-node.
This of course in order to ensure that the GPRS-user has permission to establish connection to the local network 102. Conditions for the connection to be allowed, that is positive authentication, can for instance be dependent on whether the user has a GPRS-subscription or has paid his/her GPRS-subscription bill etc.
In a service list step 205, the GPRS-user creates or retrieves, for instance still connected via a WWW- interface, a list or table with information regarding access to the GPRS-user. More specifically, access relates to, for instance, conditions for the possibilities of external users to communicate with the GPRS-user s
terminal. Terminal 3 illustrates an example of such a list or table 300.
As is shown in Figure 3, the local address 301 that has been allocated the mobile terminal 104 in the address allocation step 202 is connected to the table. Further, the table 300 contains lines 302, which contain access conditions that are entered, or retrieved from previously stored tables, by the GPRS-user. Each of the lines 302 contains information regarding the conditions of an external user to establish a data connection with a GPRS- user s address 301.
In a first column 303 in the table 300 is stored the address to an intended external user, which, according to the IP-standard, suitable is in form of an IP-address for the external user's terminal 105.
In a second column 304 in the table 300 is stored a designation of a service, which the intended external user shall be allowed to use. Examples of such services, which more generally can be designated type of data connection, is IP telephony, exchange of text messages and IQC etc. The representation in the table for the different types of data connections can of course be of various kind, in plain language or encoded.
In a third column 305 in the table 300 is stored conditions, which can be associated with a service.
Examples of conditions are upper limit of the amount of data that shall be allowed to be exchanged between the external terminal 105 and the GPRS-user's terminal 104, and time limiting conditions that for instance allow connections between certain indicated strokes of the clock.
In the same way as for the information about the services in the second column 304, the representation of the
conditions are of optional nature, plain language or encoded.
In a fourth column 306 in the table 300 are stored passwords for use in a coming authentication step (208 in Figure 2). The passwords are encoded in a suitable way according to previously known technology.
Referring back to Figure 2, the procedure will continue with a reception step 206. In the reception step 206 the AGS-node 112 receives a request about a data connection with the GPRS-user's terminal 104 from the external user's terminal 105, or the second GPRS-user's mobile terminal 106. A request for connection includes at least the address for the requesting terminal 105, and information about which type of service or connection that is wanted.
Examples of types of connections, or services, have been discussed above in connection with Figure 3. A detailed description of the content in a request is beyond the scope of this invention and is supposed to be of already known nature provided by the IP-standard.
In an analysis step 207 the in the reception step 207 received request for data connection is processed by comparisons being made with information stored in the table (300 in Figure 3). For instance is a requested type of data connection analysed by information in the second column (304 in Figure 3) of the table, to make it possible determine whether the requesting terminal 105,104 has access to the requested service or type of data connection.
Further check can be made by condition information in the third column (305 in Figure 3).
Further, this analysis step includes a check of whether the mobile terminal 104 still is connected to the local network 102. If such a check results in that connection is lacking,
the received request can be stored during a predetermined time in order to, on a later occasion, be analysed again when the mobile terminal 104 again is in contact with the local network 102.
In connection with this analysis 207 is further performed an authentication in an authentication step 208, at which password information in the table (300 in Figure 3) is compared with one by the external user given password.
After the analysis of the request for data connection, is determined in a determination step 209 whether the requesting terminal 104,105 shall be allowed to, in a set up step 210, establish the requested data connection and by that utilise a requested service. The set up and exchange itself of data in the connection is made in, within the field, well known way and is consequently not described in detail within the frame of the present invention.