BACKGROUND

Field

[0001] The present application relates generally to acquiring access to a data network and more specifically to systems, methods, and devices for secure toll-free application data network access.

Description of Related Technology

[0002] In many telecommunication systems, the operators of a network control who can access the network as well as the degree of access permitted. The access may be controlled by a subscription. The subscription is generally an agreement between a user and a network operator. The agreement typically includes payment for access.

[0003] As devices become more robust, the content available for display via the devices also increases. The devices may process more data in a faster way to provide enhanced user experiences. For example, some smartphones are capable of downloading high-definition video content via a cellular/LTE/3G connection for display on the smartphone.

[0004] While the devices may be consuming more data, the users must account for the increased data obtained via the network. To help curb the overall network impact, some network operators have introduced limited data plans. These limited plans allow a fixed quantity of data access for a device. Should a particular device consume more than the plan amount, the user of such a device is either cutoff from further access or permitted additional access at an extra, perhaps, cost.

[0005] Furthermore, some devices are available without a data plan. Such devices may be configured to execute applications such as a video or music player. These devices may attach to a data network using a Wi-Fi network, but, due to the lack of a contract, are unable to access the data network via cellular/LTE/3G connections.

[0006] Accordingly, devices, systems, and methods for permitting secure toll-free application data network access on an application-by-application basis are desirable.

SUMMARY OF CERTAIN INNOVATIVE ASPECTS

[0007] In one innovative aspect, there is a device for providing data connectivity. The device includes a memory storing data connectivity policy information for an application associated with a service provider. The data connectivity policy information includes a registered traffic policy and an unregistered traffic policy. The registered traffic policy includes a traffic identifier and a registered traffic quantity. The unregistered traffic policy includes an unregistered traffic quantity. The device further includes a receiver configured to receive, via a data connection to a telecommunication network, data from an instance of the application installed on a device. The device also includes a usage monitor configured to maintain a first quantity indicative of registered data received via the data connection based on the received data and the registered traffic policy. The usage monitor is further configured to maintain a second quantity indicative of unregistered data communicated via the data connection based on the received data and the unregistered traffic policy. The device further includes a connection manager. The connection manager is configured to close the data connection when the first quantity exceeds the registered traffic quantity. The connection manager is also configured to close the data connection when the second quantity exceeds the unregistered traffic quantity.

[0008] In another innovative aspect, there is a method of providing data connectivity. The method includes storing, via a memory, data connectivity policy information for an application associated with a service provider. The data connectivity policy information includes a registered traffic policy and an unregistered traffic policy. The registered traffic policy includes a traffic identifier and a registered traffic quantity. The unregistered traffic policy includes an unregistered traffic quantity. The method also includes receiving, via a data connection to a telecommunication network, data from an instance of the application installed on a device. The method further includes maintaining, via an electronic device, a first quantity indicative of registered data received via the data connection based on the received data and the registered traffic policy. The method further includes maintaining a second quantity indicative of unregistered data communicated via the data connection based on the received data and the unregistered traffic policy. The method includes closing the data connection when the first quantity exceeds the registered traffic quantity. The method also includes closing the data connection when the second quantity exceeds the unregistered traffic quantity. In a further innovative aspect, there is a computer-readable storage medium comprising instructions executable by a processor of an apparatus. The instructions cause the apparatus to perform the method of providing data connectivity described above. [0009] The systems, methods, and devices of the invention each have several aspects, no single one of which is solely responsible for its desirable attributes. Without limiting the scope of this invention as expressed by the claims which follow, some features will now be discussed briefly. After considering this discussion, and particularly after reading the section entitled "Detailed Description" one will understand how the features of this invention provide advantages that include secure toll-free cross carrier data network access.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010] FIG. 1 is a functional block diagram of an example communication network system.

[0011] FIG. 2 is a functional block diagram of an example of a communication device.

[0012] FIG. 3 is a functional block diagram of an example of an application wrapper.

[0013] FIG. 4 is a functional block diagram of an example wholesale server.

[0014] FIG. 5 is a message diagram for provisioning a toll-free application.

[0015] FIG. 6 is a message diagram for obtaining a wholesale data connection.

[0016] FIG. 7 is a message diagram for secure communication of data via a wholesale data connection.

[0017] FIG. 8 is a message diagram for obtaining a wholesale data connection from a partner network.

[0018] FIG. 9 is a message diagram for transmitting data via a wholesale data connection from a partner network.

[0019] FIG. 10 is a message diagram for terminating a wholesale data connection.

[0020] FIG. 11 is a process flow diagram for an example method of secure data transmission.

[0021] FIG. 12 is a process flow diagram for an example method of secure wholesale data communication.

DETAILED DESCRIPTION OF CERTAIN ILLUSTRATIVE EMBODIMENTS

[0022] In one aspect, an architecture comprising a first application operable to request data connection to a telecommunication network in a client/server mode is provided. The architecture also includes a wrapper for the first application and operable to detect triggering of the first application (or intercept first request for data from server), send an authorization request to a billing server in the telecommunication network, the authorization comprising an application identifier and an operator identifier for requesting special handling of the first application data connection from the operator, and, upon receipt of an authorization from the billing server, authorizing data connection to the network from the first application.

[0023] Some network operators may find a benefit in partnering with companies to offer toll-free (e.g., no charge) or discounted connectivity for applications. For example, the companies may offer prepaid applications that would allow a user to access and use an application for a certain amount of time or data, even in a roaming situation.

[0024] The experience to the user may be transparent. The systems and methods described herein provide the management of the toll-free connectivity without the need for user interaction. This is achieved in-part via an application wrapper that is associated with a regular application. The wrapper is generally arranged to detect triggering of the application. Once triggered, the wrapper may send a request to the network to identify a specific billing plan for the application. The wrapper may receive authorization from the network and execute the application normally under the specific billing plan for the application. The wrapper may report monitored data usage for the application to the network. Through the use of wrapper, the billing of the application may not be charged to the user or charged at a discounted rate.

[0025] As one example, consider a content provider like "MegaSports." MegaSports may develop an application which may execute on mobile devices but requires access to a data network to obtain the content. MegaSports may negotiate a global wholesale data access deal with network provider like SuperTelco. The deal may specify various data access limits for traffic associated with the wrapped application. Examples of these limits may include one or more of a maximum data limit, per data unit (e.g., byte, megabyte, gigabyte) price, and geographic coverage, service level agreements (SLAs) on mobile, fixed, per user limits, etc. SuperTelco may provide an API/wrapper to MegaSports' application. MegaSports can distribute the application through multiple distribution channels including application stores, SIM cards, hardware attachment (e.g., earphones, sensor, etc.), and the like. When a customer of SuperTelco tries to use the MegaSports application, SuperTelco may identify the application traffic as related to MegaSports and manage the session until the negotiated quota expires. This may include refraining from billing the user for application traffic for the MegaSports application.

[0026] When some user is accessing a partner network, such as OtherTelco, the application data connectivity requests may be routed to SuperTelco to validate access (e.g., via APIs). Once validated SuperTelco can provide OtherTelco with SLAs and per user quota limits. OtherTelco may manage the end user session including allowing traffic to and from the MegaSports application based on the provided information. Upon completion of a user session or another designated time, OtherTelco may send a clearance request to SuperTelco. The clearance request may include the amount owed to OtherTelco for allowing the application traffic for the MegaSports application. SuperTelco may then settle the charges to OtherTelco.

[0027] One non-limiting advantage of the described aspects is the ability to provide a data rich application in way that does not require the user to pay for accessing. The bargain of receiving the user's usage data in exchange for free data access subsidized by the application provider may be an attractive bargain.

[0028] A further non-limiting advantage of the described aspects is the transparency to the user and the application provider. In part because the application wrapper forms a contain within which the application can execute, the functions of the application may be monitored and enhanced to provide the toll-free experience without the need for further user or application provider configurations.

[0029] Another non-limiting advantage of the described aspects is the application can access a network controlled by a wholesale network operator who has negotiated the wrapped application with the application provider. The application may also access a network controlled by a partner network operator (e.g., roaming). In such implementations, the partner may allow the application toll-free access and instead of charging the user, the partner can reconcile the cost of the access with the wholesale operator. Furthermore, devices without a traditional cellular data plan may use aspects described to use a data rich application.

[0030] It may be desirable, in some implementations, to provide secure toll-free access. One security challenge in providing free access exists in identifying traffic accessed via a wrapped application but not hosted by the application provider. For example, an application may support viewing arbitrary webpages through the wrapped application. While communication with the wrapped application provider can be determined a priori, maintaining a list of all webpages which may be accessed via the wrapped application can be difficult and resource intensive. One non-limiting advantage of the features described is avoidance of the need to know all types of traffic associated with a wrapped application.

[0031] Another security risk in providing toll-free access is spoofing. Spoofing generally refers to a situation where traffic from a first application is altered such that it appears to be coming from a second application. Spoofing of the wrapped application may be possible in some circumstances. In such circumstances, the toll-free access may be provided for content which the wrapped application provider does not wish to sponsor.

[0032] To address the spoofing and arbitrary content problems, as part of the provisioning process, respective limits for registered traffic (e.g., application provider addresses; content type; transmission time; location; etc.) and non-registered traffic (e.g., all other traffic) may be associated with the wrapped application. As traffic is received via a wholesale connection for a wrapped application, the data is inspected to determine first whether it is registered or non-registered traffic. If registered, the quantity of data is deducted from the allowable data amount specified during provisioning for registered traffic. If non-registered, the quantity of data is deducted from the allowable amount specified during provisioning for non-registered traffic. Accordingly, a wrapped application provider can agree to sponsor a limited quantity of arbitrary traffic which may be generated as content viewed through the wrapped application. However, by providing a limit, the sponsor can reduce the risk of sponsoring traffic from a spoofed application.

[0033] Enforcement of the limits may be achieved through collaboration between the communication device executing the instance of the wrapped application and the network providing the connectivity. Such a hybrid approach provides at least two points to verify that the intended connectivity is provided to the intended applications.

[0034] In one implementation of the collaborative secure communication, the device agent may be configured to act as the primary counter of traffic by maintaining a count of bits sent and received for an application. The device agent may also be configured to check the content (e.g., URL) browsed in the context of the application. The context can include pre-defined toll-free content specified by the operator and/or application provider. The device may notify the network when the amount of data communicated outside the pre-defined context. In some implementations, the device may synchronize usage information with one or more of a service provider, network operator, or the like. [0035] The operator may be configured to allow either the application provider or the operator to specify one or more quotas for registered and unregistered traffic. These quotas may be provided to the device running the application for additional enforcement of the limits. In some implementations, the device simply reports the amount of data and the URL associated for each. In such implementations, the operator may then determine when the quota limits are reached for a given application based on the provisioning rules for the application. In some implementations, the device may be configured to delete the application if the amount of excessive non-registered traffic is greater than an overboard threshold. For instance, a texting application may, even for the heaviest user, consume 10 MB per day. If an instance of the application is identified which consumes 1GB of data in a day (e.g., grossly larger than the heaviest typical user), the instance of the application may be deleted or otherwise prevented from connecting to the network.

[0036] Various aspects of the novel systems, apparatuses, and methods are described more fully hereinafter with reference to the accompanying drawings. The teachings disclosure may, however, be embodied in many different forms and should not be construed as limited to any specific structure or function presented throughout this disclosure. Rather, these aspects are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Based on the teachings herein one skilled in the art should appreciate that the scope of the disclosure is intended to cover any aspect of the novel systems, apparatuses, and methods disclosed herein, whether implemented independently of or combined with any other aspect of the invention. For example, an apparatus may be implemented or a method may be practiced using any number of the aspects set forth herein. In addition, the scope of the invention is intended to cover such an apparatus or method which is practiced using other structure, functionality, or structure and functionality in addition to or other than the various aspects of the invention set forth herein. It should be understood that any aspect disclosed herein may be embodied by one or more elements of a claim.

[0037] Although particular aspects are described herein, many variations and permutations of these aspects fall within the scope of the disclosure. Although some benefits and advantages of the preferred aspects are mentioned, the scope of the disclosure is not intended to be limited to particular benefits, uses, or objectives. Rather, aspects of the disclosure are intended to be broadly applicable to different data access technologies, system configurations, networks, and transmission protocols, some of which are illustrated by way of example in the figures and in the following description of the preferred aspects. The detailed description and drawings are merely illustrative of the disclosure rather than limiting, the scope of the disclosure being defined by the appended claims and equivalents thereof.

[0038] FIG. 1 is a functional block diagram of an example communication network system. The system 100 includes a communication device 200. The communication device 200 may be an electronic communication device such as a mobile phone, a smart phone, a tablet computer, a personal computer, a game console, a set-top box, or other communication device configured to transmit/receive data.

[0039] The communication device 200 may include an application 112. An application may generally refer to an installed capability for the communication device 200. Example applications include a web browser, a movie viewer, a music player, a newsreader, a document editor, or other functional additions to the communication device 200. The application 112 may be installed on the communication device 200 by the manufacturer, a network operator providing service for the device, and/or a user of the communication device 200. The application 112 may be installed once hardware is attached to the communication device 200. For example, attaching a sensor to the communication device 200 may cause the execution/installation of the application 112. The installation may be performed at the time of manufacture, via over the air provisioning, via storage coupled to the communication device 200 such as a SIM card, or other suitable installation means.

[0040] The application 112 may be wrapped by a wrapper 300. The wrapper 300 may be considered a container for the application 112. The application 112 may be executable without a wrapper, but the wrapper 300 may provide additional functionality for the application 112 without requiring the application developer to know the details of the wrapper 300 interface. For example, an application developer may generate a new interactive game. Standing alone, the application may request network access for playing the game. In a wrapped mode, the application may request network access via the wrapper 300 for playing the game. The wrapper 300 may intercept the network access request and perform additional processing related thereto as will be described in further detail below.

[0041] The communication device 200 may be configured to access a network 130 via an access point 120. The access point 120 may be a Wi-Fi access point, a cellular access point, an LTE or other 3G access point, a radio access point, a wired access point (e.g., Ethernet), or other network portal. Accordingly, the network 130 may be a packet switched network, a public network, a wide-area network, a private area network, a mesh network, a cellular network, a radio network, a local area network, or other such communication network configured to transmit and receive data between devices.

[0042] The access point 120 may be configured to permit certain communication devices access to the network 130. The access point 120 may perform authorization for the communication device before allowing access to the network 130. The communication device 200 may provide information to the access point 120 which may be used to determine whether or not to allow the communication device 200 to access the network 130. The access point 120 is generally associated with a service provider. The service provider is the entity which determines who may access the network 130. For example, a telecommunications company may construct a radio tower access point to allow customers with a valid subscription to access a network. In such cases, the telecommunications company may wish to limit or otherwise control who can access the network.

[0043] FIG. 1 shows a wholesale operator server 400 in data communication with the network 130. The wholesale operator server 400 is configured to provide access on a wholesale basis. The wholesale operator server 400 may receive information regarding communication devices and/or applications which are allocated an amount of network access. Accordingly, when an application requests access via the access point 120, the access point 120 may inquire with the wholesale operator server 400 as to whether the application and/or communication device is authorized for wholesale access. In the event the application and or communication device is not authorized, the access point 120 may fall back on a standard subscription determination for the communication device 200. For example, a determination as to whether the communication device 200 has a valid subscription may be performed.

[0044] The wholesale operator server 400 is in further communication with a billing server 150. The billing server 150 is configured to receive information regarding access for the wholesale operator server 400. Where the access point 120 is operated by an entity other than the wholesale operator, the operator of the network access point may request compensation for allowing the communication device 200 and/or the application 112 to access the network. The billing server 150 may be configured to facilitate this reimbursement by reconciling the usage authorized by the wholesale operator server 400 with the operator of the network access point. In some implementations, the billing server 150 may be configured to generate a billing request to a third-party such as the application developer. The billing request may indicate an amount requested. In some implementations, the billing server 150 may be configured to generate a billing request to an account associated with the communication device 200.

[0045] The wholesale operator server 400 is further configured to communicate with a packet inspector 160. As shown in FIG. 1, the packet inspector 160 is in direct communication with the wholesale operator server 400. In some implementations, the packet inspector 160 may be coupled via the network to the wholesale operator server 400. In some implementations, the packet inspector 160 may be integrated as part of the wholesale operator server 400.

[0046] The packet inspector 160 is configured to receive a packet of data and identify characteristics of the packet. Characteristics which the packet inspector 160 can identify include source address, destination address, source URL, destination URL, packet size, packet length, packet transmission time, application generating the packet, and the like. The packet inspector 160 may be configured to transmit an inspection report including one or more of the characteristics identified. In some implementations, the packet inspector 160 may provide several services. For example, a service designed to accept the packet and return the application identifier for the application generating the packet may be included. As another example, a service designed to accept the packet and one or more inspection rules and return a Boolean value indicating whether the packet is permitted may be included.

[0047] The wholesale operator server 400 is also shown to be in data communication with an access controller 170. As shown in FIG. 1, the access controller 170 is in direct communication with the wholesale operator server 400. In some implementations, the access controller 170 may be coupled via the network 130 to the wholesale operator server 400. In some implementations, the access controller 170 may be integrated as part of the wholesale operator server 400.

[0048] The access controller 170 is configured to control access to the wholesale operator server 400 and functions provided thereby. For example, the access controller 170 may provide authorization for a wrapped application to connect to the network via the wholesale operator server 400. In some implementations, the access controller 170 may transmit the control information via the network 130 to the access point 120. The access point 120 may then adjust the connection with the communication device 200 according to the control information. For example, if the wrapped application 112 has exceeded a quantity of toll-free access, the access controller 170 may transmit a message to the access point 120 to terminate the toll-free connection with the wrapped application 112.

[0049] FIG. 1 also includes a partner operator server 180. The partner operator server 180 generally refers to an operator who does not have a negotiated data connectivity policy for the wrapped application. The partner may provide toll-free access to the wrapped application through an agreement (e.g., charge-back agreement) with the wholesale operator. This agreement and subsequent authorization may be achieved through messages transmitted from the partner operator server 180 and the wholesale operator server 400 via the network 130. The authorization messaging will be described in further detail below.

[0050] The partner operator server 180 may be configured to communicate with the packet inspector 160 as described above. In some implementations, the partner operator server 180 may be coupled with or include a partner packet inspector (not shown). The partner operator server 180 may be configured to communicate with the access controller 170. In some implementations, the partner operator server 180 may be coupled with a different access controller than the access controller 170 associated with the wholesale operator serve 400.

[0051] The system 100 shown further includes an application provider 185. The application provider 185 is an entity that provides the application which will be wrapped. The application provider 185 may be coupled with the network 130. The application may be provided via the network 130 such as through an Internet download or an application store. In some implementations, the application provider 185 may provide the application to the wholesale operator server 400 for wrapping and/or distribution. The application provider 185 may also establish the data connectivity policy for the application via the network 130. FIG. 1 shows an optional communication path directly from the application provider 185 to the wholesale operator server 400. Such a direct communication path may be used to provide the application to the wholesale operator for wrapping and/or establish the connectivity policy. The connectivity policy may include a quantity of data for registered addresses which will be accessible through the wrapped application as well as a quantity of data for non- registered address which will be accessible through the wrapped application. In some implementations, the connectivity policy may include a total quantity of data permitted for the application along with a non-registered percentage identifying a percent of total data which may be accessible through the wrapped application. Further details of the provisioning process are provided below.

[0052] FIG. 2 is a functional block diagram of an example of a communication device. When implemented as a device hosting a wrapped application, the communication device 200 may include circuitry for performing the main functions of a mobile phone, such as a mobile smart-phone, a tablet computer, a laptop computer, gaming console, set-top-box, personal computer, or the like.

[0053] The communication device 200 may include one or more antennas 202 and a transceiver unit 204 for the transmission and reception of wireless signals; output hardware 206 such as an audio unit, a microphone, and/or a display screen; a clock 208; a power source 210 (e.g., battery, solar panel, wired power connection); a memory 212, input hardware 214 such as a keypad or touchscreen for receiving a user input, a GPS unit for indicating the geographical location of the device, a wired network connection (e.g., Ethernet port); and a processor 216. Some output hardware 212 such as a display screen may include a touch sensitive screen. Accordingly, some output hardware 212 may provide input functionality and some input hardware 214 may provide output functionality. The memory 212 may include one or more memory circuits including non-volatile memory circuits (e.g., EEPROM, FLASH, etc.).

[0054] Depending on the capabilities of the communication device 200 and the supporting telecommunication networks the communication device 200 can also provide a range of voice and data communication services. As non-limiting examples the communication device 200 provides telephone network based communication services including voice, multimedia and text messaging, as well as other data exchange capabilities, enabling Internet access and email exchange, for example.

[0055] The communication device 200 may be configured to exchange data via a 3G network with remote servers such as a wholesale operator server and/or an application provider, and to enable data exchange enabling Internet access (e.g., data network). The communication device 200 is operable to have applications or widgets installed, such as, but not limited to social networking applications or email applications, for example, which when executed may exchange data with the remote servers. Each application or widget installed on the communication device 200 may have an associated graphical user interface. [0056] The communication device 200 may also include one or more applications 218. The communication device 200 may further include one or more wrapped applications 220. A wrapped application 220 is distinguishable from an application in that communications to/from the wrapped application 220 are exchanged via an application wrapper.

[0057] FIG. 3 is a functional block diagram of an example of an application wrapper. The application wrapper 300 includes a connection detector 302. The connection detector is configured to detect connection activity for the wrapped application 220. Connection activity may include a request for a connection, a request to transmit information via a connection, termination of a connection, reset of a connection, or other data communication connection activities.

[0058] The connection detector 302 may be configured to detect connection activity based on the application communications received from the wrapped application 220. The connection detector 302 may be configured to generate a message identifying the connection activity and transmit this information via a bus 324.

[0059] A connection manager 304 may obtain the message identifying the connection activity. If the message identifies a request for a new connection, the connection manager 304 may cause the initiation of the connection. Once a connection is established, the connection manager 304 may be configured to maintain the connection on behalf of the wrapped application 220.

[0060] As part of establishing a connection, the connection manager 304 may be configured to establish a toll-free connection. The connection manager 304 may transmit an authentication request via an authentication transceiver 306. The authentication request may be transmitted to a wholesale operator server. The authentication request includes an identifier for the application and the wholesale operator associated with the application.

[0061] The authentication transceiver 306 may receive the authentication response. The authentication response may include an authentication token for a wholesale data connection. The token may be used for subsequent communications to or from the application to indicate the authorization status for the connection. The authentication response may also include a data connectivity policy including one or more of a data transmission amount, a receive data amount, a data connection duration, and a policy expiration time. [0062] The authentication response may indicate a wholesale connection is not available. In such situations, the connection manager may attempt to establish a connection based on subscription information for the device.

[0063] A configuration manager 308 may be included in the wrapper 300. The configuration manager 308 may include one or more parameters for the wrapper 300 and/or the wrapped application 220. For example, the configuration manager 308 may receive wrapped application configuration information via the transceiver 204. The wrapped application configuration information may identify a network address for the wholesale operator server, information to be included in the authorization request, information regarding the data connectivity policy, applying copy protections for the application or associated data stored for the application, enabling/disabling device features during application execution (e.g., screen shot, camera, microphone), or other parameter(s) to adjust the function of the wrapper 300 and/or the wrapped application 220.

[0064] One non-limiting advantage of the configuration manager 308 is the ability to remotely adjust the wrapper 300 and/or the wrapped application 220. Such control may be useful for providing bug fixes, disabling rogue devices/applications, or dynamically adjusting operational aspects of the wrapped application 220 without requiring a reinstallation or affirmative action on behalf of a user of the device.

[0065] The wrapper 300 may also include a virtual private network adapter 310. The virtual private network adapter 310 may be included to provide secure communication between the wrapped application 220 and the network 130. Upon establishing a connection, the virtual private network adapter 310 may be used for application communications. The virtual private network adapter 310 may be used only for authentication. In some implementations, it may be desirable to use the virtual private network adapter 310 for application data communications as well. For example, if the application is a banking application, the application developer may determine that certain transactions utilize the virtual private network adapter 310.

[0066] As information flows through the established connection, a data meter 312 is configured to monitor information for the authorized data connection. Information which may be collected includes a data transmission amount, a data received amount, a data connection duration, a destination of data transmitted, a source of data received, one or more data request messages, one or more data response messages, and a time at which the authorized data connection was established. The data meter 312 may also time stamp each element of information to identify when the metered value was collected.

[0067] A usage analyzer 316 may be configured to process the information collected by the data meter 312. Such processing may include calculating usage information for an authorized data connection. The usage analyzer 316 may also be configured to compare the usage information with the data connectivity policy. For example if the number of bytes of data for the wrapped application 220 exceeds a quantity specified in the data connectivity policy, the usage analyzer may generate a message indicating the policy amounts have been exceeded. The usage analyzer 316 may receive a list of registered addresses for the application and/or data limits for registered and non- registered traffic. To assist in the analysis of packets of data, the usage analyzer 316 may be configured to transmit the packet to the packet inspector 160. The usage analyzer 316 may be further configured to collect application specific analytics such as the time spent on given location within the application, buttons pressed, application performance, and the like. In some implementations, the application configuration may specify the aspects to analyze.

[0068] This message may be received by an event processor 320. The event processor 320 may be configured to instruct the wrapper 300 and/or the wrapped application 220 to take one or more actions based on the received event. Events may include usage events, such as exceeding the authorized data connectivity policy. Events may include device events such as powering down, low battery, incoming phone call, termination of a phone call, initialization of an application, termination of an application, device locking, device unlocking, and the like. An example of an action may be for the connection manager 304 to terminate a connection upon detection of exceeding the authorized data connectivity policy. In some implementations, the event processor 320 may be configured to transmit event information to a third-party. For example, a wrapped application to keep track of where a child's smartphone is located may detect movement into an area of interest (e.g., into a 'restricted' area, at a specific time, etc.). This event may cause the transmission of a text message or email message to another device (e.g., the parent's smartphone) in addition to transmitting application data to the application provider. In the case of an email message, because the wrapped application may provide toll-free access, the application may receive data connectivity to send this potentially life-saving message. [0069] Another example of an action may be to transmit a report of the usage analyzer 316. A sync engine 318 may be configured to provide such an update of usage information for the wrapped application 220. The sync engine 318 may obtain the usage information from the usage analyzer 316, prepare the information for transmission, and send the usage transmission. The sync engine 318 may be configured to transmit such usage information based on an event, and or the periodic schedule. For example, the sync engine 318 may be configured to transmit a report of usage every five minutes. The usage report may include the authorization token, an application identifier, an operator identifier, and a device identifier.

[0070] An error monitor 322 is included to detect errors raised by the application and or the wrapper 300. The error monitor 322 may generate an error report. This error report may be transmitted to the wholesale server operator via the sync engine 318. The error report may include the authorization token, an application identifier, and operator identifier, a device identifier, and information related to the error raised.

[0071] The wrapper 300 shown in FIG. 3 receives device information. The device information may include one of power or network bandwidth available to the device, a location identifier indicating a geospatial location of the device, a device identifier uniquely identifying the device, and a user identifier. Examples of device information include a device operating system identifier, an operating system version, and device events and/or errors. The device information is made available to the elements of the wrapper 300 for further processing. For example, the sync engine 318 may be configured to defer transmitting usage reports when device resources are limited (e.g., low bandwidth, low power).

[0072] The bus 324 may couple the above described elements for the wrapper 300. The bus 324 may be a data bus, communication bus, or other bus mechanism to enable the various components of the wrapper 300 to exchange information. It will further be appreciated that while different elements have been shown, multiple elements may be combined into a single element, such as the data meter 312 and the event processor 320.

[0073] FIG. 4 is a functional block diagram of an example wholesale server. The wholesale server 400 is configured to manage the provisioning of wholesale data access (e.g., toll-free or subsidized access) for wrapped applications. The management includes receiving applications for wrapped distributions, receiving configuration for the application data policy, providing the authentication and application data policy, and, when the application is made available through partner operator networks, providing an authorization interface and reconciliation interface for the partner operators.

[0074] The wholesale server 400 may include one or more antennas (not shown) and a transceiver 402 for the transmission and reception of wireless signals; a processor 404; a memory 406; a clock 408; and a power source 410 (e.g., battery, solar panel, wired power connection). In some implementations, the wholesale server 400 includes a wired network connection (e.g., Ethernet port, fiber optic data port).

[0075] The wholesale server 400 includes an authentication and authorization circuit 420. The authentication and authorization circuit 420 is configured to receive wholesale authorization requests and generate an appropriate response. The authentication and authorization circuit 420 may be configured to parse the authorization request to identify the information upon which the authorization determination will be made. The authentication and authorization circuit 420 may then compare the information included in the authorization request with information included in the memory 406. For example, if the authorization request includes an application identifier, the authentication and authorization circuit 420 may look up a data policy associated with the application identifier. This information may then be included in the authorization response.

[0076] The authentication and authorization circuit 420 maybe further configured to generate an authentication token to indicate the authorization determination. The authorization token may be generated only when the request is authorized. In some implementations, the token may be generated for all requests (e.g., authorized or unauthorized).

[0077] The wholesale server 400 shown in FIG. 4 includes a wrapped application accounting circuit 430. The wrapped application accounting circuit 430 is configured to reconcile usage for the wrapped applications. For example, the application accounting circuit 430 may be configured to periodically (e.g., daily, weekly, hourly, monthly) communicate with the billing server. The application accounting circuit 430 may transmit indicators to exclude the toll-free application data usage from individual subscriber's bills. The application accounting circuit 430 may be further configured to reconcile usage fees associated to the wrapped application incurred via partner operators. In this situation, the application accounting circuit 430 may receive a request for wrapped application data provided via the partner operator and generate a response. The response may include an automatic clearing transaction identifier associated with a funds transfer to the partner operator. The response may include additional status information such as disputed amounts, discrepancy amounts, and the like. The application and accounting circuit 430 may further generate billing information for the application provider. For example, if the application provider has agreed to pay a fixed amount per wrapped application deployed, the application and accounting circuit 430 may collect this information, such as from the memory 406, and generate an appropriate billing request (e.g., via the billing server) for transmission to the application provider.

[0078] The wholesale server 400 shown in FIG. 4 includes a wrapped application report processor 440. The wrapped application report processor 440 is configured to generate reports illustrating aspects of the wrapped application. The reports may be summary reports such as total number of users or total quantity of data utilized. The reports may include aggregations such as by date/time, by device type, by user, by device, by location, by network used for data access, by application version number, and the like.

[0079] The wrapped application report processor 440 reports may be based on the information collected by a wholesale usage monitor 450. The wholesale usage monitor 450 is configured to receive the usage information from a wrapped application. The wholesale usage monitor 450 may store the received information in the memory 406. In some implementations, the wholesale usage monitor 450 may be configured to inspect packet data received from a wrapped application and generate usage information. The packet inspector 160 may be consulted to generate the usage information.

[0080] The wholesale server 400 shown in FIG. 4 includes an application provisioning module 460. The application provisioning module 460 is configured to obtain configuration information for wrapped applications such as the data connectivity policy. The application provisioning module 460 may also receive the unwrapped application from the application provider and apply the wrapper. Once provisioned, the wrapped application may be published or otherwise made available to devices via, for example, the application provisioning module 460.

[0081] FIG. 5 is a message diagram for provisioning a toll-free application. The message flow of FIG. 5 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein.

[0082] Messaging 505 is performed between the application provider 185 and the application provisioning module 460 to establish a secure connection. Establishing a secure connection may be desirable to prevent tampering with the application that will be provided for wrapping. For example, tampering may include a man-in-the-middle attack. In some implementations, the messaging 505 may include providing physical media including the application such as a DVD-ROM or disk drive which do not need network connectivity.

[0083] Messaging 510 is performed to upload the application to the application provisioning module 460. The application provisioning module 460 may perform initial processing on the received application such as virus scanning, application size verification, formatting, decryption, hash checking, and the like. The received application may be stored in a memory associated with the application provisioning module 460.

[0084] Messaging 515 is performed to establish one or more registered traffic authorizations for the wrapped application. A registered traffic authorization can include a quantity of data authorized for an identifiable traffic characteristic. For example, 100 megabytes of traffic to or from a particular location (e.g., top-level domain). In some implementations, the location may include a wild-card or regular expressions to allow permutations of locations to be captured in one rule. As another example, an authorization may allow 1GB of traffic of certain content type(s) (e.g., high-definition video, voice chat, etc.).

[0085] Similar messaging 520 is performed to establish an un-registered traffic authorization for the wrapped application. An un-registered traffic authorization may identify a quantity of unidentifiable data allowed for the application. The un-registered traffic authorization may be specified as a quantity (e.g., 100 MB, 20K, etc.). The unregistered traffic authorization may be specified as a percentage (e.g., 20% of registered traffic authorization data; 20% in excess of registered traffic authorization data; etc.).

[0086] The application provisioning module 460 wraps the uploaded application via message 525. In some implementations, wrapping the application may include adding the authorization(s) for the application into the wrapped application.

[0087] Once wrapped, via message 530, the wrapped application is published for download and/or installation. In some implementations, the publication may be to a location of the application provisioning module 460. In some implementations, the publication may be to a network location other than the application provisioning module 460 such as an FTP site, an application store, a webserver, or the like. [0088] Message 535 is transmitted from the application provisioning module 460 to the wrapper 300 for the application installed on communication devices indicating the traffic authorizations. As the process shown in FIG. 5 may be specifying new authorizations for existing applications, the updates should be propagated to the wrapped applications previously installed. The message 535 may be transmitted over the air to the communication device including the wrapped application.

[0089] Message 540 is transmitted to the packet inspector 160 to provide the registration information for the application. The registration information includes the packet characteristics which will be monitored for the application. The packet inspector 160 may establish filters to monitor the traffic for the identified application according to the registration information.

[0090] When an application requires data connectivity, several scenarios may arise. In one scenario, the application provider has negotiated data access with a wholesale operator who is also the operator of the network the device executing the application is attached. In this scenario, the network operator has direct access to the wholesale operator server. In a second scenario, the application provider has negotiated data access with the wholesale operator. However the application/device may be attached to a network operated by another network operator. In some implementations, this may be referred to as roaming. In this second scenario, the application may be considered roaming when attempting to access a data network through a connection operated by someone other than the wholesale operator. The message flow diagrams below provide example message flows for establishing a connection and communicating application data in the example scenarios discussed above.

[0091] FIG. 6 is a message diagram for obtaining a wholesale data connection. The message flow of FIG. 6 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein. The message flow of FIG. 6 illustrates obtaining a wholesale data connection via a network which is controlled by the wholesale operator.

[0092] Messaging 650 between the application provider 185 and the wholesale operator server 400 may be performed to provision the application as discussed above in FIG. 5. [0093] Once installed and executed, the wrapped application 220 may transmit a connection request to the wrapper 300 via message 652. The wrapper 300 may transmit a message 654 via the access point 120 requesting authorization for wholesale access for the wrapped application 220. The authorization request may include an application identifier and an identifier for the wholesale operator. In some implementations the authorization request may include additional information such as a device identifier, a location identifier, or a user identifier indicative of a user of the application.

[0094] The access point 120 may identify the authorization request as a wholesale authorization request. The identification may be based on the application identifier and/or the identifier for the wholesale operator. In some implementations, the authorization request message may be of a distinguishable type. In such implementations, the message type may indicate the destination of the authorization request. The access point 120 may be configured to allow such traffic to pass through to the wholesale operator server 400. In some implementations, the access point 120 may track such requests and include the bandwidth used for further reimbursement from the wholesale operator.

[0095] The access point 120 may transmit a message 656 to the wholesale operator server 400 including the authorization request. The wholesale operator server 400 via message 658 may perform an authorization. The authorization may be based on the information included in the authorization request. For example, if the application is executed on a device located within a retail location, wholesale access may be granted free of charge to the device. However if the device travels outside the retail location, limited wholesale access may be granted. The limit may be based on quantity of data, time of day, proximity to the retail location, or other factor.

[0096] A message 660 sent from the wholesale operator server 400 to the access point 120 includes the authorization response. The authorization response includes an authorization token. The authorization token may be used to identify the authorization determination for the authorization request, as discussed above. The authorization response may also include a data connectivity policy as discussed above.

[0097] The access point 120 may transmit the authorization response via message 662 to the wrapper 300. Based on the authorization response, the wrapper 300 via message 664 may manage the connections. Managing the connections may include establishing the connection, closing the connection, resetting a connection, or the like. In some implementations, the connection manager 304 may be configured to manage the connections. Message 666 is transmitted from the wrapper 300 to the wrapped application 220 indicating the connection response. If authorized, the connection response may include an indication that a wholesale data connection has been established.

[0098] Having established a wholesale data connection, the wrapped application 220 may begin using the connection to send and receive data.

[0099] FIG. 7 is a message diagram for communicating data via a wholesale data connection. The message flow of FIG. 7 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein. The message flow of FIG. 7 illustrates application communication via a wholesale data connection through a network which is controlled by the wholesale operator.

[00100] A message 750 may include application data. The message 750 may be transmitted from the wrapped application 220 to the wrapper 300.

[00101] The wrapper 300 via message 752 may monitor, meter, log, or otherwise process the application data. For example, packets of data may be examined to determine if the packet is associated with one of the registered characteristics specified in the data connection policy for the application. Presuming the application data does not violate the data connection policy, message 754 is transmitted from the wrapper 300 to the access point 120 including the application data. The access point 120 may transmit the application data directly to the application provider 185 via message 756. In some implementations, the application data may be transmitted to another service provider (not shown). For example, the application may access content (e.g., multimedia, images, text) hosted by a third-party.

[00102] Message 758 includes an application response. The application response shown in FIG. 7 is transmitted from the application provider 185 to the access point 120.

[00103] Some access points may be aware that the connection is a wholesale data connection. For example if the access point 120 is maintained by the wholesale operator, the access point 120 may optionally meter, monitor, log, or otherwise process the application response. At message 760, the packet inspector meters, monitors, logs, or otherwise processes the application data and/or application response in accordance with the connectivity policy for the wrapped application (e.g., registered characteristics).

[00104] Assuming the access point 120 is not exercising control or otherwise terminating the connection (e.g., because the connection has exceeded the authorized limits), the application response is transmitted via a message 762 from the access point 120 to the wrapper 300. The wrapper 300 at message 764 will again meter, monitor, log, or otherwise process the application response data. This may include counting the number of bytes received, identifying the content received, logging any errors obtained, and the like.

[00105] If the wrapper 300 determines the authorized data policy has not been exceeded, message 766 includes the application response and is transmitted from the wrapper 300 to the wrapped application 220. In the event the data policy has been exceeded, the wrapper 300 may be configured to transmit a message indicating such a state to the application. In this case, the wrapper 300 may also terminate the connection.

[00106] In some implementations, the wrapper 300 may be configured to periodically report the usage data such as to the wholesale operator server 400. The report may include an identification of the application, data monitored or logged, errors, wrapped application configuration (e.g., settings, version number), or other information related to the wrapped application 220. In some implementations, the wrapped application usage monitor 450 may be configured to compare the reported usage to the usage identified by the wholesaler operator server 400. Discrepancies of a predetermined magnitude may be used as a trigger to identify illicit applications.

[00107] FIG. 8 is a message diagram for obtaining a wholesale data connection from a partner network. The message flow of FIG. 8 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein. The message flow of FIG. 8 illustrates obtaining a wholesale data connection via a network which is controlled by a partner operator who is different than the wholesale operator.

[00108] Messaging 850 between the application provider 185 and the wholesale operator server 400 may be performed to publish the application. In one implementation, the application provider 185 may generate a binary application. The application may then be uploaded to the wholesale operator server 400 such as via HTTP, HTTPS, FTP, or other communication protocol. Upon publishing the application, the wholesale operator server 400 may apply a wrapper 300 to the binary provided by the application provider 185. The publication may be to an application store, a website, or other distribution location/mechanism.

[00109] As part of the messaging 850, the application provider 185 may also specify a wholesale agreement with the wholesale operator server 400. For example a news application provider may negotiate 10 MB of use per user per day for an application to be provided by the wholesale operator server 400.

[00110] One or more messages 852 may be exchanged between the wholesale operator server 400 and the partner network server 180 to establish a partner traffic policy. The partner traffic policy provides criteria to the partner network server 180 to indicate that application traffic for a wrapped application should be permitted without additional subscription. For example the partner traffic policy may include a wholesale operator identifier and an application identifier. These two elements may be used to identify wrapped application communications and provide a zero rating for data connections for the identified application and operator through the partner network server 180. In some implementations, the registered characteristics may also be provided to the partner network server 180. The registrations may be used by the partner network server 180 to configure a partner network packet inspector. In some implementations, the policy may simply include information to allow the partner network server 180 to access the packet inspector 160. In such implementations, the partner network server 180 may exchange messages with the packet inspector 160 to identify registered network traffic.

[00111] The wrapped application 220 may transmit a connection request to the wrapper 300 via message 854. The wrapper 300 may transmit a message 856 to the access point 120 including an authorization request for wholesale access for the wrapped application 220. The authorization request may include an application identifier and an identifier for the wholesale operator. In some implementations the authorization request may include additional information such as a device identifier, a location identifier, or a user identifier indicative of a user of the application.

[00112] The partner network server 180 via message 860 may attempt to authorize the application and/or device. For example, the partner network server 180 may determine a particular device is included on a blacklist based on the information included in the authorization request and therefore will not authorize the device/application to access their network. The authorization may also include authorizing based on previously obtained authorization information from the wholesale operator server 400. In such an implementation, the partner network server 180 may be configured to store data connectivity policy information for specific application and wholesale operator. The partner may use the stored data connectivity policy information to authorize the connection for the application.

[00113] In the message flow shown in FIG. 8, the partner network server 180 via message(s) 860 may perform the initial authorization (e.g., determine the request is not black-listed) to determine the request is authorized for limited purpose of communicating with the wholesale operator server 400. As shown however, the partner network server 180 may transmit a message 862 to the wholesale operator server 400 including the authorization request. The authorization request may be the same as transmitted via message 858. In some implementations, the authorization request included in the message 862 may include additional information such as an identifier of the partner network server 180.

[00114] The wholesale operator server 400 via message 864 may perform an authorization. The authorization may be based on the information included in the authorization request received from the partner network server 180. For example, if the application is executed on a device is located within a retail location, wholesale access may be granted free of charge to the device/application. However if the device travels outside the retail location, limited wholesale access may be granted. The limit may be based on quantity of data, time of day, or other factor. The authorization may also consider the partner network server 180 through which the request was sent. For example, the wholesale agreement between the wholesale operator and the application provider 185 may be a value based agreement (e.g., $5.00 of service per user per day). In such an implementation, the cost of access may differ between partners. The partner network identifier may be used to identify a cost basis for access which may be included in the authorization determination.

[00115] FIG. 8 shows a message 868 sent from the wholesale operator provider to the partner network server 180 including the authorization response. The authorization response includes an authorization token. The authorization token may be used to identify the authorization determination for the authorization request. The authorization determination may be no wholesale access, partial access, or full access. The authorization response may also include a data connectivity policy as discussed above. The authorization response may include data connectivity policy cache information. The data connectivity policy cache information may indicate whether the data connectivity policy information for the specified application may be cached by the partner network server 180 and, if so, how long. This cached information may be used for subsequent authorization such as message 860 discussed above.

[00116] A message 870 sent from the partner network server 180 to the access point 120 includes an authorization response. In some implementations, the authorization response included in message 870 may be the same as the authorization response received in message 868 from the wholesale operator server 400. In some implementations, the authorization response is generated based on the authorization response received in message 868 from the wholesale operator server 400. The authorization response of message 870 includes the authorization token. The authorization token may be used to identify the authorization determination for this application/device. The authorization response may also include a data connectivity policy as discussed above.

[00117] The access point 120 may transmit the authorization response via message 872 to the wrapper 300. Based on the authorization response, the wrapper 300 via message 874 may manage the connections. Managing the connections may include establishing the connection, closing the connection, resetting a connection, or the like. In some implementations, the connection manager 304 may be configured to manage the connections. Message 876 is transmitted from the wrapper 300 to the wrapped application 220 indicating the connection response. If authorized, the connection response may include an indication that a wholesale data connection has been established.

[00118] Having established a wholesale data connection through the partner operator, the wrapped application 220 may begin using the partner operated connection to send and receive data.

[00119] FIG. 9 is a message diagram for transmitting data via a wholesale data connection from a partner network. The message flow of FIG. 9 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein. The message flow of FIG. 9 illustrates application communication via a wholesale data connection through a network which is not controlled by the wholesale operator (e.g., a partner operator).

[00120] A message 950 may include application data. The message 950 may be transmitted from the wrapped application 220 to the wrapper 300.

[00121] The wrapper 300 via message 952 may monitor, meter, log, or otherwise process the application data. Presuming the application data does not violate the data connection policy, message 954 is transmitted from the wrapper 300 to the access point 120 including the application data. The access point 120 is configured to transmit the application data to the partner network server 180 via message 956. The application data may include the authorization token to identify the prior connectivity permission granted to the application/device. A validation of the authorization token included in the application data may be performed by the partner operator. If the token is valid (e.g., associated with a previously authorized connection; not expired; etc.), the transmission may be permitted. If the token is not recognized or is expired, the authorization shown in FIG. 8 may be repeated to obtain a new authorization token.

[00122] In the case where the application data is authorized, the partner operator transmits the application data to the application provider 185 via message 958. In some implementations, the application data may be transmitted to another service provider (not shown). For example, the application may access content (e.g., multimedia, images, text) hosted by a third-party.

[00123] Message 960 includes an application response. The application response shown in FIG. 9 is transmitted from the application provider 185 to the partner operator server 180. The partner operator server 180, at message 962, meters, monitors, logs or otherwise processes the application data and/or response. The partner operator serve 180 may apply the registered traffic rules included in the data policy for the application. The partner operator server 180 may seek reimbursement for the data transmitted for the application. Accordingly, the partner operator server 180 may store information related to the application data transmitted and/or received via its network for the application. The information may include a time of transmission, a quantity of data transmitted, a type of data transmitted, the application identifier, a device identifier for the device hosting the application, user information, or other data which can be used to effectively identify the source and/or quantity of data traffic for the application.

[00124] Message 964 and message 966 transmit the application response from the partner operator server 180 to the wrapper 300 via the access point 120. The wrapper 300 at message 968 will meter, monitor, log, or otherwise process the application response data. This may include counting the number of bytes received, identifying the content received, logging any errors obtained, and the like. The wrapper 300 may apply the registered traffic rules provisioned for the wrapped application. Not shown is the periodic reporting of the usage data to the wholesale operator provider. The report may include an identification of the application, data monitored or logged, errors, wrapped application configuration (e.g., settings, version number), partner operator used for the connection, or other information related to the wrapped application 220.

[00125] Assuming the data connectivity policy has not been exceeded, the wrapper 300 may then transmit the application response to the wrapped application 220 via message 970.

[00126] Messaging 972 between the partner operator server 180 and the wholesale operator server 400 may be performed to reconcile the usage for the wrapped application 220. As discussed, the partner operator and the wholesale operator may have negotiated terms of access for the application. The terms may include a quantity of data (e.g., per user, per application, for the wholesale operator) or a value of data (e.g., maximum cost). The reconciliation process may include identifying the cost of service provided by the partner operator and generating a request for the amount. The basis for the cost may also be included in the request. The wholesale operator may compare the usage reported by the wrapper 300 with the usage reported by the partner operator. Any discrepancies may be handled through subsequent messaging between the partner operator server 180 and the wholesale operator server 400 or via a manual process. Although not shown in FIG. 9, the billing server 150 may be included in the reconciliation process.

[00127] FIG. 10 is a message diagram for terminating a wholesale data connection. The message flow of FIG. 10 shows messages exchanged between several entities which may be included in a communication system. For ease of explanation, the number of entities shown has been limited. However, it will be understood that additional entities may be added or multiple entities combined consistent with the description herein.

[00128] One cause for terminating the wholesale data connection is when the amount of registered traffic exceeds the provisioned amount for the wrapped application. Another cause for terminating the connection may be when the amount of non- registered traffic exceeds the provisioned amount for the wrapped application. [00129] The termination may be identified by the packet inspector 160. In some implementations the termination may be initiated from the wholesale or partner server (e.g., network side). In some implementations, the communication device 200 may initiate the termination.

[00130] The process shown in FIG. 10 begins with the packet inspector 160 monitoring traffic at message 1062. The traffic may be application data or response traffic submitted by or transmitted to the wrapped application 220. As the packet inspector 160 may be utilized by either the provider server or the wrapper 300, the message flow is applicable to either network or device initiated termination.

[00131] The packet inspector 160 may identify that the connection for the wrapped application 220 exceeds one or more authorized condition. The packet inspector 160 may transmit a message 1064 to the access controller 170 indicating the authorization for the connection has been exceeded. In some implementations, the packet inspector 160 may utilize another entity to perform the ultimate authorization determination such as the usage analyzer 316 on the communication device 200 or the wholesale usage monitor 450 described above.

[00132] The access controller 170 may then determine whether the communication device 200 is currently attached to the wholesale operator's network (e.g., home network) or roaming to a partner network. The access controller 170 sends a message 1066 to the access point 120 servicing the wrapped application. The message 1066 indicates the current toll-free connection for the wrapped application 220 should be terminated.

[00133] In the implementation shown in FIG. 10, the access point 120 transmits a disconnect message 1068 to the wrapper 300. The disconnect message 1068 closes the current toll-free data connection for the wrapped application 220. In some implementations, the disconnect message 1068 may provide a "save" option. For example, if the provider of the wrapped application has agreed to provide additional data at a discounted rate, the disconnect message 1068 may include the offer to save the connection and continue communications in accordance with the offered service level. In such implementations, the connection is not immediately closed for the wrapped application 220. However, if no response is received to the offer after a period of time or if the offer is declined, the connection is closed.

[00134] Messaging 1070 may be performed to clean up the toll free connection. Where the application was connected to a partner network, the clean-up may include transmitting usage information from the partner network server 180 to the wholesale operator server 400. Although shown as a message within the access point 120, the clean-up messaging may also include transmitting an indication of the termination to other operator and/or network entities. For example, the application provider may receive a message indicating the connection has been closed.

[00135] Via messaging 1072, an alternate connection may be obtained for the wrapped application 220. For example, a standard data plan connection may be initiated for the wrapped application 220. In this way, the wrapped application 220 will begin using a subscribed data plan associated with the communication device 200. Establishing the alternate connection may include performing handoff procedures as the wholesale/toll-free connection may be provided via a different radio technology than the standard data plan for the communication device 200. In some implementations, the alternate connection may include the message exchanges to obtain the "save" option discussed above.

[00136] FIG. 11 is a process flow diagram for an example method of secure data transmission. The method shown in FIG. 11 may be implemented via a communication device such as the communication device shown in FIG. 2. The method shown in FIG. 11 may be implemented via an operator server such as a wholesale provider server or a partner operator server as shown and described above.

[00137] At block 1102, traffic authorization rules are obtained for the wholesale connection. The rules may be provided to the communication device 200 as part of the wrapped application. The rules may be transmitted to the communication device 200 as part of establishing the wholesale connection. In server-side implementations, the rules may be provided from the application provisioning module 460. The traffic authorization rules include the authorization limits such as the quantities of registered and un-registered traffic permitted for the connection.

[00138] At block 1104, data is received via the wholesale connection. The data may be received at the communication device 200 from the access point 120. The data may be received at an operator network from the wrapped application 220. The data may be received via wired or wireless connections or a combination thereof.

[00139] At block 1106, a quantity of data received is determined. As shown in FIG. 11, the quantity of data received is indicated by the variable d. The quantity of data received may be determined through consultation with the packet inspector 160. The quantity may be identified using bits, bytes, kilobyte, megabytes, octets or other unit of data size. The quantity may be identified using lengths such as packet length, message transmission time, or the like.

[00140] At decision block 1108, a determination is made as to whether the received data is associated with a registered destination or an unregistered destination. The determination may be performed by the packet inspector 160. The determination process may include obtaining the identified registrations for the wrapped application based on an application identifier included in the received data. Once the registrations are identified, the received packet is inspected according to the registration rules. The registration rules may identify fields and expected values which would indicate a match. For example, one rule may indicate a network address (e.g., URL; IP address). If the destination or source for the packet matches the network address, the packet is deemed registered. As another example, a rule may identify content type (e.g., video). The identification may be based on interrogation of a data field included in the packet (e.g., header content-type field). If the packet includes the identified content type, the packet is deemed registered. As discussed above, the rules may include wild-card or regular expressions to permit flexible matches.

[00141] If the data is registered, at block 1110 a quantity of registered data for the current connection is obtained. As shown in FIG. 11 , the quantity of data received is indicated by the variable r. The quantity may be stored in a memory associated with the device receiving the data. The quantity may be provided by the communication device or by the operator server providing the connection. The quantity may be identified using bytes, kilobyte, megabytes, octets or other unit of data size. The quantity may be identified using lengths such as packet length, message transmission time, or the like.

[00142] At block 1112, a registered data limit is obtained for the application. The registered data limit, as shown in FIG. 11, is represented by the variable rdl. The registered data limit may be obtained once such as when the connection is authorized and stored for the duration of the connection. The registered data limit may be obtained periodically during the life of the connection. In such implementations, changes to the limits provisioned during an active connection may receive the most current registration limit.

[00143] The process shown in FIG. 11 illustrates a single registered data limit. However, it will be understood that multiple registered data limits may be applied for a wrapped application. For example, the application provider may wish to provide an unlimited quantity of access to their store (e.g., commerce) site and limit the access to high definition content. Accordingly, two registration rules may be associated with the wrapped application, one providing unlimited access to traffic to/from the address of the store and a limited quantity of access to content type video.

[00144] At decision block 1114, a determination is made as to whether the received data and previously received data are equal to or exceeds the registered data limit. If so, the process continues to block 1116 to terminate the connection. The termination may be performed as shown in FIG. 10. If the registered data limit is not met, the process continues to block 1118 where communication is maintained via the wholesale connection. The process may return to block 1104 to receive additional data via the wholesale connection as described above.

[00145] Returning to decision block 1108, if the data received is for an unregistered type, at block 1140 a quantity of unregistered data for the current connection is obtained. As shown in FIG. 11 , the quantity of unregistered data received is indicated by the variable u. The quantity may be stored in a memory associated with the device receiving the data. The quantity may be provided by the communication device or by the operator server providing the connection. The quantity may be identified using bytes, kilobyte, megabytes, octets or other unit of data size. The quantity may be identified using lengths such as packet length, message transmission time, or the like.

[00146] At block 1142, an unregistered data limit is obtained for the application. The unregistered data limit, as shown in FIG. 11 , is represented by the variable udl. The unregistered data limit may be obtained once such as when the connection is authorized and stored for the duration of the connection. The unregistered data limit may be obtained periodically during the life of the connection. In such implementations, changes to the limits provisioned during an active connection may receive the most current limit.

[00147] At decision block 1146, a determination is made as to whether the received data and previously received data are equal to or exceeds the unregistered data limit. If so, the process continues to block 1148 to terminate the connection. The termination may be performed as shown in FIG. 10. If the unregistered data limit is not met, the process continues to block 1118 where communication is maintained via the wholesale connection. The process may return to block 1104 to receive additional data via the wholesale connection as described above.

[00148] FIG. 12 is a process flow diagram for an example method of secure wholesale data communication. The method shown in FIG. 12 may be implemented in whole or in part via a communication device such as the communication device 200 shown in FIG. 2 or the wrapper 300 shown in FIG. 3. In some implementations, the method may be implemented in whole or in part by a provider server such as the wholesale operator server 400 shown in FIG. 4.

[00149] As used herein, the term "determining" encompasses a wide variety of actions. For example, "determining" may include calculating, computing, processing, deriving, investigating, looking up (e.g., looking up in a table, a database or another data structure), ascertaining and the like. Also, "determining" may include receiving (e.g., receiving information), accessing (e.g., accessing data in a memory) and the like. Also, "determining" may include resolving, selecting, choosing, establishing and the like. Further, a "channel width" as used herein may encompass or may also be referred to as a bandwidth in certain aspects.

[00150] As used herein, a phrase referring to "at least one of a list of items refers to any combination of those items, including single members. As an example, "at least one of: a, b, or c" is intended to cover: a, b, c, a-b, a-c, b-c, and a-b-c.

[00151] The various operations of methods described above may be performed by any suitable means capable of performing the operations, such as various hardware and/or software component(s), circuits, and/or module(s). Generally, any operations illustrated in the Figures may be performed by corresponding functional means capable of performing the operations.

[00152] The various illustrative logical blocks, modules and circuits described in connection with the present disclosure may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array signal (FPGA) or other programmable logic device (PLD), discrete gate or transistor logic, discrete hardware components or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any commercially available processor, controller, microcontroller or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.

[00153] In one or more aspects, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD- ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Thus, in some aspects computer readable medium may comprise non-transitory computer readable medium (e.g., tangible media). In addition, in some aspects computer readable medium may comprise transitory computer readable medium (e.g., a signal). Combinations of the above should also be included within the scope of computer-readable media.

[00154] The methods disclosed herein comprise one or more steps or actions for achieving the described method. The method steps and/or actions may be interchanged with one another without departing from the scope of the claims. In other words, unless a specific order of steps or actions is specified, the order and/or use of specific steps and/or actions may be modified without departing from the scope of the claims.

[00155] Software or instructions may also be transmitted over a transmission medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of transmission medium.

[00156] Further, it should be appreciated that modules and/or other appropriate means for performing the methods and techniques described herein can be downloaded and/or otherwise obtained by a device as applicable. For example, such a device can be coupled to a server to facilitate the transfer of means for performing the methods described herein. Alternatively, various methods described herein can be provided via storage means (e.g., RAM, ROM, a physical storage medium such as a compact disc (CD) or floppy disk, etc.), such that a device can obtain the various methods upon coupling or providing the storage means to the device. Moreover, any other suitable technique for providing the methods and techniques described herein to a device can be utilized.

[00157] It is to be understood that the claims are not limited to the precise configuration and components illustrated above. Various modifications, changes and variations may be made in the arrangement, operation and details of the methods and apparatus described above without departing from the scope of the claims.

[00158] While the foregoing is directed to aspects of the present disclosure, other and further aspects of the disclosure may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow.