Patent application title: Multi-modem communication using virtual identity modules
IPC8 Class: AH04M1500FI
Class name: Network credential usage
Publication date: 2019-05-16
Patent application number: 20190149667
Communication apparatus includes an interface to a plurality of wireless
modems and bonding circuitry, which is configured to receive multiple
virtual identities in the apparatus, to load respective ones of the
received virtual identities into one or more of the wireless modems, and
to communicate over the air by simultaneously transmitting or receiving a
data stream over at least the two or more of the wireless modems. Systems
and methods for such communication are provided, as well.
1. Communication apparatus, comprising: at least one modem interface,
configured for association with at least first and second physical
wireless modems; and bonding circuitry, which is configured to receive,
using the at least one modem interface, via the first physical wireless
modem, a set of authentication data, for use in registration of the
second physical wireless modem in a communication network, wherein the
bonding circuitry is configured to communicate over the air by
multiplexing of a data stream over at least the first and second physical
wireless modems simultaneously.
2. The apparatus according to claim 1, and comprising the first physical wireless modem, which is contained integrally within the apparatus.
3. The apparatus according to claim 2, wherein the second physical wireless modem is external to the apparatus.
4. The apparatus according to claim 1, where the set of authentication data comprises credentials, authentication keys and encryption strings necessary for registration, authentication and subsequent encryption and decryption of communications.
5. The apparatus according to claim 4, wherein the credentials include one or more items of data, selected from a list of items consisting of access point names (APNs), dialing strings, user names and passwords, codes that may be needed to unlock or relock a subscriber identity module (SIM), Hypertext Markup Language (HTML)-based access data, and Internet Protocol (IP) addresses.
6. The apparatus according to claim 1, wherein the bonding circuitry is configured to select the authentication data so as to optimize a set of identities used by the apparatus in communicating over the air.
7. The apparatus according to claim 6, wherein the set of identities is selected so as to optimize at least one operational objective, selected from a group of operational objectives consisting of a current desired performance, a current connectivity performance, a desired transmission quality, and a cost-performance criterion.
8. The apparatus according to claim 1, wherein the bonding circuitry is configured to modify a set of identities used in communicating over the air during operation of the apparatus.
9. The apparatus according to claim 1, wherein the bonding circuitry is configured to modify a set of identities used in communicating over the air in response to a mobility of the apparatus.
10. The apparatus according to claim 1, wherein the bonding circuitry is configured to transmit a video data stream by multiplexing video data over at least the first and second physical wireless modems simultaneously.
11. The apparatus according to claim 10, wherein the bonding circuitry is configured to be connected to at least one video camera so as to receive the video data therefrom.
12. The apparatus according to claim 1, wherein the bonding circuitry is configured to be connected to and transmit the data stream from multiple different data devices concurrently.
13. The apparatus according to claim 1, wherein the bonding circuitry is configured to receive, via one of the first and second physical wireless modems, a further set of authentication data, and to authenticate one of the physical wireless modems using the further set of the authentication data.
14. The apparatus according to claim 13, wherein the bonding circuitry is configured to apply the further set of the authentication data to the first physical wireless modem.
15. The apparatus according to claim 13, wherein the two or more physical wireless modems include at least a third physical wireless modem, and wherein the bonding circuitry is configured authenticate the third physical wireless modem using the further set of the authentication data.
16. The apparatus according to claim 15, wherein the bonding circuitry is configured, after authenticating the third physical wireless modem, to multiplex a further data stream over the second and third physical wireless modems simultaneously.
17. The apparatus according to claim 15, wherein the bonding circuitry is configured to activate and authenticate the third physical wireless modem immediately in response to detection of an event of interest.
18. The apparatus according to claim 13, wherein the bonding circuitry is configured to decide, at each point during operation of the apparatus, how many and which sets of authentication data to use.
19. The apparatus according to claim 13, wherein the bonding circuitry is configured to request and receive sets of authentication data from multiple different servers.
20. The apparatus according to claim 19, wherein the multiple different servers include at least first and second servers, which are respectively associated with different, first and second network operators.
21. The apparatus according to claim 19, wherein the bonding circuitry is configured, in requesting the sets of authentication data, to specify a required number and properties of the sets of authentication data to be downloaded to the apparatus.
22. The apparatus according to claim 1, wherein the bonding circuitry is configured to select one or more sets of authentication data so as to minimize a latency in receiving further authentication data.
23. The apparatus according to claim 1, wherein the bonding circuitry is configured to multiplex the data stream over at least the first and second physical wireless modems while the first and second physical wireless modems communicate over two different wireless networks.
24. The apparatus according to claim 23, wherein the bonding circuitry is configured to select the set of authentication data responsively to qualities of service offered by the wireless networks.
25. The apparatus according to claim 24, wherein the bonding circuitry is configured to select the sets of authentication data so as to match the qualities of service to characteristics of the data stream that is to be transmitted or received by the apparatus.
26. The apparatus according to claim 1, wherein the bonding circuitry is configured to multiplex the data stream over at least the first and second physical wireless modems while the first and second physical wireless modems communicate over a single wireless network.
27. The apparatus according to claim 1, and comprising a connection to a physical subscriber identity module (SIM), wherein the bonding circuitry is configured to communicate initially with at least one server using the first physical wireless modem in which an identity from the physical SIM is applied in order to download the set of the authentication data from the at least one server.
28. The apparatus according to claim 1, wherein the bonding circuitry is configured for SIM-less operation.
29. The apparatus according to claim 1, wherein at least one of the physical wireless modems is a cellular modem, and at least another of the physical wireless modems is configured for wireless local area network communication.
30. The apparatus according to claim 29, wherein the first physical wireless modem is configured for wireless local area network communication, and wherein the bonding circuitry is configured to communicate initially with at least one server over a wireless local area network using the first physical wireless modem in order to download the set of the authentication data from the at least one server.
31. The apparatus according to claim 1, wherein the first physical wireless modem is configured for satellite communication, and wherein the bonding circuitry is configured to communicate initially with at least one server over a satellite link using the first physical wireless modem in order to download the set of the authentication data from the at least one server.
32. The apparatus according to claim 1, wherein the bonding circuitry is configured, in response to a change in one or more factors, to download at least one further set of authentication data and to apply the at least one further set of the authentication data to at least one of the physical wireless modems.
33. The apparatus according to claim 32, wherein the bonding circuitry is configured, in response to the change in the one or more factors, to release at least one of the sets of the authentication data.
34. The apparatus according to claim 1, wherein the bonding circuitry is configured to receive an incoming data stream over at least one of the first and second physical wireless modems.
35. The apparatus according to claim 34, wherein the bonding circuitry is configured to receive the incoming data stream over the first and second physical wireless modems simultaneously.
36. The apparatus according to claim 35, wherein the incoming data stream is multiplexed over the first and second physical wireless modems, and the bonding circuitry is configured to reassemble the multiplexed data stream into a single output data stream.
37. A method for communication, comprising: providing a bonding device that includes at least one modem interface, configured for association with at least first and second physical wireless modems; receiving, from at least one server using the at least one modem interface via the first physical wireless modem to the bonding device, a set of authentication data; registering the second physical wireless modem in a communication network using the set of authentication data; and communicating over the air by multiplexing a data stream over at least the first and second physical wireless modems simultaneously.
38. The method according to claim 37, wherein the method comprises receiving, via one of the first and second physical wireless modems, a further set of authentication data, and authenticating one of the physical wireless modems using the further set of the authentication data.
39. The method according to claim 38, wherein authenticating the one of the physical wireless modems comprises applying the further set of the authentication data to the first physical wireless modem.
40. The method according to claim 38, wherein the two or more physical wireless modems include at least a third physical wireless modem, and wherein authenticating the one of the physical wireless modems comprises authenticating the third physical wireless modem using the further set of the authentication data.
41. The method according to claim 40, wherein the method comprises, after authenticating the third physical wireless modem, multiplexing a further data stream over the second and third physical wireless modems simultaneously.
42. A communication system, comprising: at least one server, configured to maintain and distribute to clients multiple different sets of authentication data; and at least one bonding communication device, which comprises at least one modem interface, configured for association with at least first and second physical wireless modems, and bonding circuitry, which is configured to receive from the server, via the first physical wireless modem, a set of authentication data for use in registration of the second physical wireless modem in a communication network, wherein the bonding communication device is configured to communicate over the air by multiplexing a data stream over at least the first and second physical wireless modems simultaneously.
43. The system according to claim 42, wherein the at least one bonding communication device comprises multiple bonding communication devices, which are operative in a common location, and wherein the at least one server is configured to distribute the sets of authentication data so as to spread traffic in the common location among multiple different carriers.
CROSS-REFERENCE TO RELATED APPLICATIONS
 This application is a continuation of U.S. patent application Ser. No. 15/602,132, filed May 23, 2017, which is a continuation of U.S. patent application Ser. No. 15/156,354, filed May 17, 2016 (now U.S. Pat. No. 9,692,913), which is a continuation of U.S. patent application Ser. No. 14/362,134, filed Jun. 2, 2014 (now U.S. Pat. No. 9,379,756), in the national phase of PCT Patent Application PCT/IB2013/053843, which claims the benefit of U.S. Provisional Patent Application 61/648,091, filed May 17, 2012, which is incorporated herein by reference.
FIELD OF THE INVENTION
 The present invention relates generally to network communications, and particularly to systems and methods for communication over cellular networks and other credentials-based communication networks.
 In wireless communication networks, such as cellular networks, a single communication channel may be insufficient to provide the performance required by certain users, such as sufficient bandwidth, mobility, full territorial coverage, sustainability of performance, and uplink capacity. To address this problem, U.S. Pat. No. 7,948,933, whose disclosure is incorporated herein by reference, describes a virtual broadband transmitting unit, in which a stream generator generates multiple data streams from an incoming media datastream. A transmission manager controls upload of the data streams via multiple modems over corresponding transmission channels to at least one wireless communication network (such as a cellular network). The data streams are reassembled into a single media stream at the receiver.
 U.S. Patent Application Publication 2011/0269456 describes systems and methods of managing concurrent access using different network identities in a wireless apparatus with a shared baseband hardware implementation. Data obtained by concurrently utilizing the baseband device with different network identities. The identities may be associated with a physical subscriber identity module (SIM), also referred to as a "subscriber integrated module," or a virtual SIM (VSIM).
 A SIM is an integrated circuit embedded on a small, removable card, which is used in most mobile telephones. The SIM contains a unique serial number and an international mobile subscriber identity (IMSI), corresponding to the telephone number, as well as codes used in security authentication and ciphering, along with other critical information. The equivalents in cellular UMTS and CDMA networks are sometimes called UICC and R-USIM, respectively. Examples of other equivalents and names of corresponding entities in other sorts of networks are ISIM (IP multimedia SIM), and USIM. SIMs may also sometimes be used in satellite networks, such as BGAN Inmarsat, Thuraya, Iridium and VSAT, as well as in some WiFi networks. A VSIM serves the same purpose as a conventional SIM card, except that the SIM card itself is held in a remote server, rather than in the mobile modem, and the corresponding identity data (including the IMSI and any security information needed for proper operation) are provided to the modem as and when required.
 For example, Implementa (Hannover, Germany) provides a "Virtual SIM Platform," in which SIM cards are stored and managed in central SIM Storages and remotely utilized by mobile terminals. A single SIM card from the storages can be allocated to a mobile terminal by means of software commands. Mobile terminals with allocated Virtual SIM cards are said to behave just as if the SIM card was inserted physically in the terminal.
 Embodiments of the present invention that are described hereinbelow provide systems and methods for multi-channel wireless communications that take advantage of virtual identity capabilities.
 There is therefore provided, in accordance with an embodiment of the present invention, communication apparatus, which includes an interface to a plurality of wireless modems. Bonding circuitry is configured to receive multiple virtual identities in the apparatus, to load respective ones of the received virtual identities into one or more of the wireless modems, and to communicate over the air by simultaneously transmitting or receiving a data stream over at least the two or more of the wireless modems.
 There is also provided, in accordance with an embodiment of the present invention, A method for communication, which includes providing a bonding device that includes an interface to a plurality of wireless modems. Multiple virtual identities are received from a server to the bonding-performing device, and respective ones of the received virtual identities are loaded into two or more of the wireless modems. Communication is carried out over the air by simultaneously transmitting or receiving a data stream over at least the two or more of the wireless modems.
 There is additionally provided, in accordance with an embodiment of the present invention, communication system, which includes at least one server, configured to maintain and distribute to clients multiple different virtual identities for communicating over wireless networks. At least one bonding-performing communication device includes an interface to a plurality of wireless modems and is configured to receive one or more virtual identities from the at least one server, to load respective ones of the downloaded virtual identities into a wireless modem, and to communicate over the air by simultaneously transmitting or receiving a data stream over at least the two or more of the wireless modems.
 The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:
BRIEF DESCRIPTION OF THE DRAWINGS
 FIG. 1 is a block diagram that schematically illustrates a wireless communication system, in accordance with an embodiment of the present invention;
 FIG. 2 is a block diagram that schematically shows details of a bonding communication device, in accordance with an embodiment of the present invention; and
 FIG. 3 is a flow chart that schematically illustrates a method for operation of a bonding communication system using virtual identities, in accordance with an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
 The process of multiplexing a data stream over two or more wireless channels, served by different, respective wireless modems, is referred to herein as "bonding" of the channels. The above-mentioned U.S. Pat. No. 7,948,933 enables this sort of bonding, including bonding of channels carried by different networks; but the scheme described in this patent requires that each wireless modem have its own SIM. (The term "SIM" is used herein to refer to any and all sorts of secure hardware modules that can be inserted in a wireless modem and contain the identification information necessary for the modem to authenticate itself and operate on a given network.)
 Embodiments of the present invention that are described hereinbelow provide devices, methods and systems that use VSIMs in a multi-SIM communication system, so that identities of a group of bonded modems, and thus the networks over which the modems are able to communicate, can be selected and replaced by software operations, both in advance and during operation. The term "identity" refers to the set of data--usually provided by a SIM--by which the modem identifies and authenticates itself to a network. This identity may include credentials and information for use in protocol encryption and decryption, which may be used as is or used in calculation. The identity data may be used for identification and authentication not only at session initiation, but also for ongoing communication during the session itself, in a periodic manner or in response to a network poll or inquiry.
 The term "virtual identity" is used herein to refer to identity data that are provided to a communication device in electronic form rather than being hard-programmed into a physically-connected SIM card or module, such as the data provided by the sorts of virtual SIMs (VSIMs) that are mentioned above in the Background section. The provision of such a virtual identity can obviate the need for a hardware SIM in the device to provide needed identity data.
 Embodiments of the present invention are applicable to substantially all uses of SIMs and equivalents, in cellular, satellite, WiFi and other networks that uses SIMs or similar physical identity mechanisms, and can therefore use VSIM, as well.
 When using VSIMs in multi-SIM communication devices, optimization can be achieved as to the cost and performance of the communication in each session and overall cost and performance for service and network operators (including MVNOs, MNOs, Satcom operators, virtual identity service providers, bonding service providers, etc.) and customers, depending on multiple criteria. For example, only the necessary number of VSIMs may be used in each portion of a communication session, according to desired performance and/or quality of service (QoS), the actual performance of each VSIM in use and each additional VSIM, determined at each location and at each point in time. Such utilization and optimization may save costs to customers, network operators or both, as well as reduce the overhead and load on cellular networks. The present embodiments offer the means to perform these tasks of VSIM utilization and optimization in such multi-SIM communication system in any direction (uplink and/or downlink), especially (but not exclusively) for Internet data traffic.
 In the disclosed embodiments, communication apparatus includes multiple wireless modem drivers, managers or actual modems, along with bonding circuitry, which transmits and receives data streams over any combination of the associated wireless modems at each point in time. The bonding circuitry downloads one or more virtual identities from at least one server to the apparatus, and then loads respective virtual identities into at least some of the connected wireless modems. The bonding circuitry and/or the server are thus able to select optimal identities to use in the apparatus at any point in time, based on current desired performance, current connectivity performance, and/or rules defined by business logic in order to give the desired transmission quality at minimal cost, thus optimizing cost-performance criteria. Utilization of the identities may be modified (again subject to rules of business logic), by adding, removing, and/or replacing the identities as appropriate during operation of the apparatus.
 Typically, the server or servers maintain a pool of heterogeneous virtual identities having different, respective characteristics, and the virtual identities that are to be downloaded are selected based on these characteristics. The selection may be performed by the apparatus that is to receive the virtual identities or by the server, or by the two entities in concert. The downloaded virtual identities may belong to different cellular carriers on at least two different wireless networks, so that the data stream is multiplexed over these different wireless networks. Alternatively, a number of the VSIMs may belong to a single network and operator, such as in areas where there is insufficient cost/performance benefit from other operators, including (but not limited to) areas and/or times without coverage by other networks and/or operators, or when such performance is too costly, or in cases in which the single network selected is sufficient to provide the desired performance. In some cases, as described below, at least one of the modems may use an actual physical identity (SIM). Additionally or alternatively, the apparatus may access and use wireless networks of other types, such as satellite networks and/or wireless local networks.
 As noted above, selection of the virtual identities to be downloaded to the apparatus typically depends on the desired performance and the qualities of services provided by the different cellular carriers in the location of the apparatus, such as the bandwidth, reliability, latency, priority, sustainability, jittery behavior, modem types, antenna support, GPS location, serving cell IDs, and/or cost of the available services, as well as user or operator preferences, commercial terms and obligations, marketing preferences, operations preferences and other business logic. These considerations may change during the session due to device mobility, interference, networks conditions, and other reasons, and the selection of VSIMs to use may change adaptively during the session, as well, as described below. Cost and tariffs taken into account in virtual identity selection may include all direct and indirectly-related charges, as well as calculated expenses. A variety of algorithms and procedures may be applied in deciding, at each point during the operation of the apparatus, how many and which virtual identities to download and use.
 FIG. 1 is a block diagram that schematically illustrates a wireless communication system 20, in accordance with an embodiment of the present invention. In system 20, a bonding communication device 22 (referred to hereinafter simply as a "bonding device") communicates over a network 24 with a destination 26. Only a single bonding device and destination are shown and described here for the sake of simplicity, but in practice there are typically multiple bonding devices and multiple destinations in communication concurrently (or switching from one to another). The disclosed embodiments will relate only to transmission of data from bonding device 24 to destination 26, but in general destination 26 may also transmit over at least one wireless channel to the bonding device (and may in some applications transmit simultaneously over multiple bonded channels). Extension of the components and methods that are described hereinbelow from the single bonding device 22 to these sorts of more complex scenarios is straightforward, as will be apparent to those skilled in the art.
 Although network 24 is shown in FIG. 1 as a single entity, in practice network 24 typically comprises components of multiple different, interconnected networks. Bonding device 22 transmits or receives data simultaneously over multiple, parallel wireless channels, which may be carried by two or more different cellular carriers 28, 30 (i.e., via two or more different cellular networks at the same time). (The term "simultaneously" is used in the present description and in the claims to indicate that multiple parallel connections are open for data transmission via different modems at the same time. Since the exact timing of transmission is controlled by the actual modems and networks, the actual data transmission itself may not occur at precisely the same time via the different modems. Furthermore, at various points in time, for various durations and due to various reasons, only a subset of the modems may be selected for use or actually be in use, while the others are used only minimally or not at all, or even shut down, returned to use, etc.) These cellular networks may use different technologies and standards, such as GSM, CDMA, LTE, and any other wireless communication technology with suitable data carrying capabilities, including both existing technologies and new technologies that have not yet been commercially deployed. Additionally or alternatively, one or more of modems 42 may access channels carried by networks of other types, such as wireless local area networks (WLANs) 31 and satellite networks 29, as well as wireline networks, such as via cable modems or xDSL modems, and virtual identities may be downloaded to such modems, as well (such as to a satellite or WLAN modem), to the extent required. The data transmitted by the bonding device may reach destination 26 via wired networks and/or via the same wireless networks that are directly accessed by the bonding device. Device 22 may include all or some of the modems that it uses inside, as an integral part of the device. Additionally or alternatively, device 22 may be connected to any number of such modems externally via wires or even wirelessly (such as over WiFi, Bluetooth, NFC, Zigbee or other local networks).
 Hence, bonding device 22 may comprise special-purpose, dedicated hardware circuits for channel bonding, or it may perform the bonding functions described herein using standard hardware components under the control of software for this purpose, or it may use a combination of standard and special-purpose hardware and software components. In software-based implementation, bonding device 22 itself may comprise a smartphone, tablet, desktop, laptop or any other suitable general-purpose or special-purpose computing and communication device, running the appropriate software to perform the functions that are described herein. For the sake of simplicity, all of these various alternatives are referred to as bonding communication devices (or simply "bonding devices") and are represented by device 22 in the description and the drawings.
 Bonding device 22 may use its bonding capabilities and the facilities of network 24 to transmit substantially any sort of data, but the large bandwidth afforded by bonding multiple channels is particularly useful in high-speed data streaming. For example, in the pictured embodiment, bonding device 22 is connected to a video camera 32 and uploads real-time high-quality video (and typically audio) data to destination 26. In this case, destination 26 may be a server belonging to a broadcast company, which then distributes the video and audio media to viewers. Additionally or alternatively, bonding device 22 may be connected to a computing device 32, such as laptop, tablet, smartphone, desktop computer or router, for example. As mentioned earlier, destination 26 may transmit downlink data to device 22, in applications, for example, such as high QoS-applications benefitting from such bonding, including video streaming for viewing by one or more end-users connected to the device 22.
 To open each cellular channel that it is to use, bonding device 22 (including, as explained above, internal modems and any externally-connected modems, which are the actual physical entities required to present their identities) is generally required to present identity data of the type required by the wireless carrier over which the channel is to be opened. In conventional cellular communication devices, this identity data is contained in a SIM, and bonding device 22 may contain one or more such physical, hardware SIMs for use in opening an initial channel to network 24, as described in greater detail hereinbelow. Alternatively, an external proxy device 38, such as a cellular telephone with a physical SIM and suitable software for interoperation with bonding device 22, may be used to access network 24 and, via the network, a SIM server 34 in order to obtain SIM-related data. Further alternatively, the initial access may be carried out using virtual identity data stored by the bonding device or through a network, such as a LAN, satellite, WLAN, or wireline network, that does not require such identity credentials.
 Once an initial channel has been opened to network 24, bonding device 22 uses this channel to access at least one SIM server 34 in order to download one or more virtual identities (also referred to as VSIMs) from a SIM array 36 that is maintained by server 34. Server and client hardware and software for this purpose that are known in the art, such as those offered by Implementa, as noted above in the Background section, may be incorporated into server 34 and bonding device 22 to support these operations. (To access most cellular networks, device 22 will need to access server 34 repeatedly in order to request and receive information from an assigned SIM in array 36.) Typically, bonding device 22 is preconfigured with the network address (such as an Internet Protocol [IP] or HTML-based address) of server 34 or receives the address when it first accesses network 24. Although only a single SIM server and SIM array are shown in the figure, multiple SIM servers and SIM arrays may be deployed at the same or different network locations for reliability and redundancy, ease of access per territory or country, as well as by different network operators, each holding some of the desired VSIMs, or for other reasons. Bonding device 22 may use these virtual identities in establishing additional wireless channels to network 24. Details of these operations are described with reference to the figures that follow.
 FIG. 2 is a block diagram that schematically shows details of bonding communication device 22, in accordance with an embodiment of the present invention. This diagram is simplified to show the components of the bonding device that are involved in handling modem identities. Some of the remaining functions of the bonding device may be implemented, for example, in the manner described in the above-mentioned U.S. Pat. No. 7,948,933.
 Bonding control logic 40 receives an input data stream, for example from camera 32 or from computing device 33, and distributes the stream via one or more data buses 43 to one or more modem interfaces 41 for multiplexed transmission by multiple wireless modems 42 over network 24. (By the same token, modems 42 may pass incoming data from network 24 to bonding control logic 40 for reassembly into a single output data stream. Furthermore, multiple data devices, such as camera 32 and computing device 33, may be connected and work with bonding device 22 concurrently.) As noted earlier, modems 42 may be configured to operate in accordance with the same or different network technologies, such as GSM, CDMA, and LTE, and are capable of communicating simultaneously over the same or different cellular networks. Optionally, device 22 may comprise or be connected to one or more modems configured for operation on networks of other sorts, such as WLAN, Bluetooth.TM., satellite networks or wireline-based networks.
 Logic 40 monitors transmission conditions and decides which and how many of modems 42 to use for data transmission at any given time. For example, logic 40 may assess the data bandwidth required to carry the multiplexed data stream and may thus decide whether to use only a single modem, when bandwidth requirements are low, or multiple modems. Logic 40 may monitor the network conditions encountered by each of modems 42 in order to decide which modem (or equivalently, which network or networks) to use at any given time. Logic 40 may also report such performance, conditions, desired performance, performance statistics, performance gaps, and other data or preferences to a SIM controller 44 via a control link 51 and receive from it information and instructions.
 Bonding control logic 40 and SIM controller 44 (possibly together with ancillary components) are referred to herein collectively as bonding circuitry 39. The functions of logic 40 and controller 44 may be performed by dedicated hardware circuits, or they may be implemented in software on a programmable processor. This latter sort of implementation is appropriate for embodiments in which bonding is performed by existing general-purpose computing and communication devices, such as a smartphone or a tablet, desktop or laptop computer. In this case, bonding circuitry 39 may comprise the existing processor and associate circuits in the computing and communication device.
 In general, as explained earlier, modems 42 may require identity data for authentication and encryption on the respective networks over which they communicate. SIM controller 44 may provide this identity data on demand, drawing it via a data connection 47 from an associated SIM array 46 and via a memory bus 49 from a memory configured as a VSIM repository 50. SIM array 46 typically contains at least one physical SIM 48, although SIM-less models of operation are also possible, as explained below. In some embodiments, physical SIM 48 is used essentially, when outside the home network of the physical SIM, for obtaining credentials of one or more of the VSIMS, in order to minimize roaming charges for use of the physical SIM. VSIM repository 50 contains virtual identity data downloaded from SIM server 34. SIM controller 44 thus supplies any number of respective identities, based on either a physical or a virtual SIM, to each modem 42 that is in operation. In this manner, the data stream may be transmitted by bonding control logic 40 among any number of modems with virtual identities, and possibly one or more modems with "physical identities" drawn from physical SIMs 48.
 Although SIM array 46 is shown in FIG. 2 as a single unit, SIMs 48 in the array may alternatively be distributed, such that some of the physical SIMs are co-located or otherwise associated with specific modems 42 or are otherwise distributed in any other suitable architecture. Further, the functionality of SIM controller 44 itself may be distributed in whole or in part. For example, the functions of SIM controller 44 may be divided so that they resides on microprocessors in or associated with modem interfaces 41, in order to perform functions such as emulating the corresponding physical SIM by creating credentials using the VSIM identity data, or exchanging credentials and VSIM data with other such distributed or centralized SIM controller functions over a control bus 45.
 The virtual identity data supplied by server 34 and stored in repository 50 typically includes the credentials, authentication keys and encryption strings necessary for registration, authentication and subsequent encryption and decryption of communications, and may also include related data, such as APNs, dialing strings, user names and passwords, codes that may be needed to unlock or relock the SIM in question and any other relevant data.
 During the start-up or connection processes of bonding device 22, SIM controller 44 typically allocates physical SIM 48 to one of modems 42 in order to establish an initial connection with network 24. The SIM controller may use the modem with SIM 48 to communicate initially with SIM server 34 in order to download one or more virtual identities from the server to VSIM repository 50. SIM array 46 may contain multiple SIMs of different types (physical or VSIMs), operators, networks and other capabilities and attributes, to allow the SIM controller to choose the optimal SIM set for the current desired performance, location and operating conditions of device 22. Alternatively or additionally, in some cases, the user of device 22 may change the SIM or SIMs in array 46 depending, for example, on the country in which the device is currently located. Further alternatively, as noted earlier, SIM controller 44 may communicate via a proxy link 37 with external proxy 38, which typically contains a physical SIM, and runs suitable software for the initial connection with server 34 during startup of bonding device 22, in which case SIM array 46 may not be needed in the bonding device. As yet another option, SIM controller 44 may save a VSIM in repository 50 even when device 22 is powered down or deactivated and may then use this VSIM to establish the initial network connection the next time the bonding device is activated.
 In an alternative embodiment, one or more of modems 42 may connect directly to a VSIM service offered by respective cellular operators and may thus obtain one or more VSIMs from the operator. The modem in question may connect directly to the operator's server for this purpose using a dial-in number, access point name (APN), HTML-based access, IP address or any other access method provided by the operator. Several VSIMs may be downloaded in this manner and distributed by modem interfaces 41 via control bus 45 to other modems 42. Alternatively, the user may enter an activation code via a user interface of device 22 (not shown) to initiate this sort of process.
 SIM controller 44 and bonding control logic 40 (which are referred to collectively herein as "bonding circuitry") operate in concert to monitor the use of virtual and physical identities in modems 42 and thus to decide which identities should be used at any given time and to add, remove, or replace identities when appropriate. In response to changes in the operational status of bonding device 22, such as desired performance, its location or data load, or the conditions on the networks accessed by the modems, SIM controller 44 may modify the utilization of the virtual identities (VSIMs) among modems 42. In some cases, the SIM controller may choose to download a new virtual identity from server 34 and to load the new virtual identity into at least one of the wireless modems during operation of the bonding device. The VSIM loading and replacement operations in device 22 may be carried out automatically by the bonding circuitry, in a manner that is generally transparent to a user of the device (although these operations may potentially be reflected to the user via a user interface, such as showing data or performance associated with such VSIMs and their networks, and potentially allowing the user to intervene before, during or after such processes). These functions of bonding device 22 are described further hereinbelow with reference to FIG. 3.
 Although logic 40 and controller 44 are shown in FIG. 2, for the sake of conceptual clarity, as two separate functional units, in practice the functions of these components of device 22 may be integrated in a single physical unit, such as an integrated circuit chip or circuit board. Alternatively, these functions may be distributed among multiple separate chips and boards, using control link 51 to exchange information and commands between them. In some embodiments, the bonding circuitry in device 22 may comprises a microprocessor, which is programmed in software to carry out the functions that are described herein. This software may be downloaded to device in electronic form, over a network, for example. Additionally or alternatively, the software may be stored on tangible, non-transitory media, such as optical, magnetic, or electronic memory. Further alternatively or additionally, at least some of the functions of the bonding circuitry may be implemented in hard-wired or programmable hardware logic.
 FIG. 3 is a flow chart that schematically illustrates a method for operation of bonding communication device 22 in system 20, in accordance with an embodiment of the present invention. For the sake of simplicity, this method is described with reference to the system and device configurations that are shown in FIGS. 1 and 2. Alternative embodiments of the present invention, including embodiments that are mentioned herein, provide other designs and modes of operation for a VSIM-based bonding communication device, and the method described below may be adapted, mutatis mutandis, for these alternative embodiments, as well.
 Upon power-up of bonding device 22 or during its connection phase or upon other triggers, SIM controller 44 configures modems 42 for operation, at a start-up step 60. Specifically, the SIM controller may run or spawn a software object in the form of a SIM client to receive and handle the identity data for each active modem.
 As noted earlier, one of these clients may be associated with physical SIM 48, to enable SIM controller 44 to communicate initially over network 24 with SIM server 34. Thereafter, this SIM client may continue to use the physical SIM identity, particularly if the physical SIM in question belongs to a home carrier in the current location of device 22 and can thus support operation of the corresponding modem without incurring roaming charges. Alternatively, SIM controller 44 may use this physical SIM only briefly, for initial download of one or more VSIMs, and may then replace the physical identity with a virtual identity once a suitable VSIM has been downloaded from the server. Subsequent contact with server 34 will then be through a modem using a VSIM. Two or more modems, possibly served by different carriers, may be used for communication with server 34 in order to ensure that communications with the server are maintained even if one of the modems loses network service or suffers from increased communication or channel latency, so that virtual identity data is received with the lowest possible delay, in order to receive virtual identity data while data communication is already taking place (transmission and/or reception).
 SIM controller 44 contacts server 34 to request a change in VSIM allocation, at an identity request step 62. Optionally, controller 44 may contact multiple different servers for this purpose, which may be associated with different network operators. In the initial iteration through step 62, the SIM controller will typically request allocation of one or more VSIMs, but subsequent iterations may involve release and/or exchange of VSIMs that were allocated previously. The request at step 62 typically specifies relevant data such as device parameters, the location of bonding device 22, and possibly one or more preferred carriers, so that server 34 can choose the optimal VSIMs to download from array 36. Location information in this context may be provided in the form of GPS coordinates or in coarser granularity, indicating only the country, area code, and/or cell ID in which device 22 is located. In addition, device 22 may carry out connectivity tests (either autonomously or at the request of server 34 or of the user) in order to determine which cellular networks are available at the current location of the device and with what level of performance and features, and may report this information to server 34, as well. Such scanning and performance monitoring may be done and reported both on startup and periodically at predefined times or in response to triggers, such as changes in experienced or monitored performance.
 SIM controller 44 may also specify the number of VSIMs required and any special VSIM properties that may be appropriate. For example, when device 22 needs to transmit with particularly high bandwidth and/or quality of service (QoS), SIM controller 44 may request a "special SIM," which is subject to an enhanced service level agreement (SLA) with a carrier. Typically, cellular network operators charge premium prices for use of such special SIMs, and server 34 will record the cost for billing to the operator of device 22. (Depending on the context in the present description and in the claims, the term "operator" in regard to device 22 may indicate either the actual individual operating the device in the field or an entity, such as a company, on whose behalf, under whose control, and/or at whose expense the device is operated.) Alternatively, SIM controller 44 may be offered a special SIM, which it may approve or reject, possibly subject to user input via the user interface (UI) of device 22.
 In response to the VSIM request from device 22, server 34 maps one or more SIMs from its array 36 to device 22, and delivers the virtual identity information associated with these SIMs to SIM controller 44, at an identity delivery step 64. The mapping depends on various factors, starting with the availability of SIMs in array 36 that are active and have not already been allocated to other bonding devices. Beyond this basic limitation, server 34 will generally select SIMs belonging to carriers in the country in which device 22 is located, in order to avoid roaming charges. Thus, the operator of device 22 will benefit from low-cost, high-quality performance in all countries covered by SIMs in array 36 and will be relieved of the need to switch physical SIMs in the device in order to achieve such performance.
 Among the available carriers, server 34 may choose those that give the best network performance in the current location of device 22, or those that have the lowest associated costs, or may choose the VSIMs to download based on a combination of these criteria. The "best" performance in this context may depend on matching the types and qualities of services (in terms of factors such as technology, bandwidth, error rate, latency, and fluctuations) offered by different cellular carriers, with the particular needs of the user of device 22, such as real-time transmission or reception or bulk file transfer. Optionally, server 34 may factor into the selection process VSIMs that also best suit the specific hardware characteristics of device 22. The relevant information may be stored in a database according to the device ID sent to server 34 from device 22 or from the full set of data sent to it from device 22. This information may include data such as the antenna configurations and spectrum support of modems 42 in the device. Thus, VSIMs may be chosen in a way that optimizes device performance for user needs, device location, network and performance conditions, and other device characteristics simultaneously. This sort of optimization is carried out in software running on server 34 and/or bonding device 22, without the need for user involvement.
 Server 34 and bonding circuitry 39 may select the VSIMs to be allocated to modems 42 based on a wide range of factors, a number of which are mentioned above. More generally, the factors of relevance to the selection of modems may include, for example, device ID; device organization; device capabilities; commercial terms associated with the device, device user or device organization; respective qualities of services experienced by different wireless modems 42; respective qualities of service experienced by different wireless carriers; respective qualities of service monitored by bonding circuitry 39; respective qualities of service expected from or provided by different wireless operators; desired performance; gaps in performance; cost of at least one of the connections, communications, virtual identities or physical identity; capabilities supported by the modems and associated circuitry; marketing criteria; operating criteria; promotional criteria; capabilities supported by networks in the location of bonding device 22; mobility of the bonding device; the current time; current location; applications in use by the bonding device and connected data devices; other devices in that area; performance parameters as seen and provided by the networks; network fraud detection mechanisms; cost and tariffs; data packages; and user input.
 In many cases, server 34 will map VSIMs to each bonding device 22 so that different modems 42 in the device access network 24 via different carriers. As a result, transmission by device 22 will be resistant to failures due to congestion, fluctuations or loss of service by a given carrier. Thus, in mapping SIMs to a device, server 34 will generally attempt to diversify the set of carriers, even if one carrier appears to offer better service than the others.
 Server 34 may consider the cost and tariffs associated with each SIM, such as costs related to quality of service, to usage volume (e.g., KB/month packages), to operator, to special costs such as special time of day, holidays, etc. These costs may be compared to the current actual status of each SIM, such as its monthly usage status (e.g., KB already consumed), as well as to the terms, agreements and charging policies that may exist with the user of each device 22 or group of such devices put together (forming a "device pool" or "data pool" or "data bank").
 It may occur that due to high demand for VSIMs or other reasons, server 34 is unable to provide device 22 with the optimal SIM or set of SIMs from array 36 as and when initially requested by the device. In this case, the server may choose, map and deliver to device 22 a set of SIMs that are less optimal, but still give performance at the desired level or as close as possible to the desired performance level. Later, if more suitable VSIMs become available subsequently, the server may initiate a VSIM swap.
 Generally speaking, in requesting VSIMs at step 62, SIM controller 44 may specify a minimum performance level that it requires. In some cases, the SIM controller may request a set of VSIMs having a certain target performance level, and server 34 may offer a larger number of VSIMs than requested, which may exceed the target performance level. In such cases, SIM controller 44 may select the desired VSIMs from the larger number offered by the server. This approach can be used to provide a sort of electronic market for VSIM services.
 In addition, when there are a number of bonding devices operating in the same location, server 34 may take the SIM allocations of other devices into account in order to spread traffic approximately evenly among the carriers offering service at this location.
 Another factor that server 34 may take into account in mapping SIMs to bonding devices is algorithms that are used by cellular operators to identify fraud, theft and abuse of SIMs, and to block SIMs that appear to have been stolen or hacked. Such algorithms are typically sensitive to utilization patterns in which the current location at which a SIM is used is far away from the last registered location. This sort of pattern may well occur when the same VSIM is used successively by different bonding devices. To avoid blockage of SIMs from array 36, server 34 may choose to reallocate VSIMs to nearby bonding devices or to establish a consistent pattern of VSIM reallocation that will allay algorithmic suspicion.
 When server 34 maps a SIM to device 22, it may also initialize an accounting and billing record in connection with the SIM in question. When server 34 subsequently receives charges from the network operators, it may match the charges to the appropriate bonding device and usage. Use of a special VSIM, as noted above, with enhanced QoS, may be subject to billing at a higher rate, and therefore may require explicit approval from the user of device 22 (via the user interface of the device, for example, or other user interface software) before it is downloaded, as a default option or otherwise. The server may also receive utilization information (in terms of connection time and/or data transfer) from SIM controller 44 for use in generating billing records, as well as for tracking and analysis that may be used in subsequent VSIM mapping decisions. Charge accrual with respect to any given VSIM may stop when device 22 releases the VSIM.
 After receiving VSIMs from server 34, SIM controller 44 may allocate the VSIMs to the appropriate SIM client instances for use by the corresponding modems 42, at an identity allocation step 66. The SIM controller may allocate all of the received VSIMs, or it may hold one or more in reserve in repository 50 for subsequent allocation as and when needed. The number of VSIMs that are downloaded to and used by device 22 will depend on performance parameters and other relevant factors, as explained above, which may also change over time. For example, SIM controller 44 may initially activate only a single modem for low-resolution transmission of video during an initial surveillance phase. When an event of interest is detected (either automatically or by a human observer) in the surveillance video, however, the SIM controller may immediately allocate VSIMs and activate one or more additional modems in order to transmit the input video at full resolution.
 Various sorts of identity information may be distributed at step 66 to modems 42 and/or modem interfaces 41 or may otherwise be applied by bonding controller 40. This identity information may include, for example, the international mobile subscriber identity (IMSI); operator identity; access point name (APN); bandwidth-related information; latency-related information; technology-related information; protocol-related information; error rate; connection user name; connection password; cost information; and network capabilities
 Once VSIMs have been received and allocated by SIM controller 44, bonding device 22 uses modems 42 to communicate with destination 26, at a communication step 68. The VSIM data may optionally be used in this stage for encrypting and decrypting communications. For example, one or more of the VSIM data fields may be used as an encryption key in a symmetrical encryption scheme, and server 34 may then provide the key to destination 26, as well, for use in decryption. The key may thus change each time a VSIM is replaced in device 22, and data from multiple VSIMs that have been downloaded to device 22 may be combined to create a key that provides even more secure encryption.
 SIM controller 44 tracks the status of device 22 and may periodically report status changes to server 34, at a status monitoring step 70. "Status" in this context refers to any or all of the factors that were noted above as being relevant to VSIM mapping and allocation in steps 64 and 66. In response to such a status change, the SIM controller may request a reallocation of VSIMs, which may include adding a new VSIM, relinquishing a VSIM that is no longer needed, or replacing one VSIM with another. Status changes considered at step 70 may relate to conditions including changes in desired performance; connection or disconnection of an external device to or from bonding device 22; a specified status of one of modems 42; a specified connectivity status; encountering a specified performance level or a gap between actual performance and a desired performance level; battery levels; device mobility; network-provided information, such as expected handover start and/or stop; hardware and/or software triggers; associated cost and data package thresholds and status; other devices preemptive considerations; user input; faults; time-related information; and power up and shutdown.
 Various criteria may be applied at step 70 to decide whether to change the VSIM allocation. For example, if device 22 moves out of the service area of a given carrier or the carrier experiences congestion or other network problems, so that modems with VSIMs belonging to this carrier lose performance, server 34 may replace these VSIMs with those of another carrier. Movement itself may be a criterion to add one or more VSIMs for possible backup use, since the risk of service loss in this case is increased. As another example, SIM controller 44 may request one or more additional VSIMs upon receiving an instruction (from the user of device 22 or from a remote source) to increase bandwidth, and may relinquish one or more VSIMs in response to an instruction or other conditions that permit a reduction of transmission bandwidth. The SIM controller may, continuously or periodically, compare the data bandwidth that device 22 is consuming to the total bandwidth available via modems 42 that are currently active, and may use this comparison as a criterion to add one or more VSIMs (when the consumed bandwidth is near the total available) or relinquish VSIMs (when there is a large unused bandwidth margin). Alternatively, this function may be carried out by bonding controller 40 on request from SIM controller 44.
 Bonding device 22 continues operation in this manner for as long as desired, with VSIM reallocation as needed. When the bonding device is powered down or otherwise deactivated, SIM controller 44 notifies server 34, which returns the allocated SIMs to array 36 for reallocation when needed. Optionally, as noted earlier, device 22 may retain data with respect to one or more of the VSIMs for use at startup upon reactivation.
 It will be appreciated that the embodiments described above are cited by way of example, and that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and subcombinations of the various features described hereinabove, as well as variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art.
Comment about this patent or add new information about this topic: