Methods and apparatus to support location specific control of access to services through untrusted wireless networks

What is claimed is: 1 . A method to control service access for a wireless communication device, the method comprising: by the wireless communication device: establishing an encrypted connection with a server through a non-3GPP wireless access network; establishing an authenticated connection with the server through the non-3GPP wireless access network; providing geographic location information for the wireless communication device to the server; requesting access to one or more services provided through one or more access point names (APNs) to the server; and receiving an indication to allow or disallow access to at least one of the one or more services and/or to the one or more APNs based at least in part on the provided geographic location information. 2 . The method as recited in claim 1 , wherein the geographic location information is provided to the server by the wireless communication device as an attribute in an Internet Key Exchange Version 2 (IKEv2) protocol message. 3 . The method as recited in claim 2 , wherein the IKEv2 protocol message comprises a configuration request message sent during an authentication phase before authentication of the server by the wireless communication device is complete. 4 . The method as recited in claim 2 , wherein the IKEv2 protocol message comprises an informational notification message sent after authentication of the server by the wireless communication device is complete. 5 . The method as recited in claim 1 , wherein the server comprises an evolved packet data gateway (ePDG) associated with a wireless service provider. 6 . The method as recited in claim 5 , wherein the indication to allow or disallow access comprises a notification message from the ePDG that disallows establishment of at least one Internet Protocol Security (IPSec) tunnel to at least one of the one or more APNs. 7 . The method as recited in claim 1 , wherein the server comprises an Internet Protocol Multimedia Subsystem (IMS) server associated with a wireless service provider. 8 . The method as recited in claim 7 , wherein the geographic location information is provided to the IMS server by the wireless communication device in a Session Initiation Protocol (SIP) registration message. 9 . The method as recited in claim 7 , wherein the indication to allow or disallow access comprises a SIP message denying registration of the wireless communication device for the at least one of the one or more services. 10 . The method as recited in claim 7 , wherein the indication to allow or disallow access comprises a SIP message to start a network-initiated deregistration procedure for the at least one of the one or more services after successful registration of the wireless communication device. 11 . The method as recited in claim 1 , wherein the indication to allow or disallow access comprises a notification that disallows access to at least one service via the non-3GPP wireless access network based on the geographic location information provided by the wireless communication device. 12 . The method as recited in claim 11 , wherein the indication to allow or disallow access further comprises an indication of an alternative connection through which the wireless communication device can access the at least one service. 13 . The method as recited in claim 12 , wherein the alternative connection comprises a connection via a cellular wireless access network of a wireless service provider. 14 . The method as recited in claim 1 , wherein the geographic location information comprises a mobile country code (MCC) and/or a mobile network code (MNC). 15 . The method as recited in claim 1 , wherein the geographic location information comprises longitude and latitude information derived from a global positioning system (GPS) receiver of the wireless communication device. 16 . The method as recited in claim 1 , wherein the geographic location information comprises wireless local area network (WLAN) access point (AP) location data. 17 . A wireless communication device comprising one or more processors and a storage medium storing instructions that, when executed on the one or more processors, cause the wireless device to establish an encrypted connection with a server through a non-3GPP wireless access network; establish an authenticated connection with the server through the non-3GPP wireless access network; provide geographic location information for the wireless communication device to the server; request access to one or more services provided through one or more access point names (APNs) to the server; and receive an indication to allow or disallow access to at least one of the one or more services and/or to the one or more APNs based at least in part on the provided geographic location information. 18 . The wireless communication device of claim 17 , wherein geographic location information is provided to the server by the wireless communication device as configuration attribute in an Internet Key Exchange Version 2 (IKEv2) protocol informational notification message sent after authentication of the server by the wireless communication device is complete. 19 . The wireless communication device of claim 17 , wherein the indication to allow or disallow access to at least one of the one or more services and/or to the one or more APNs comprises notification to disallow access to a first service and to allow access to a second service. 20 . A non-transitory computer-readable medium storing instructions that, when executed by one or more processors of a wireless communication device, cause the wireless communication device to: establish an encrypted connection with a server through a non-3GPP wireless access network; establish an authenticated connection with the server through the non-3GPP wireless access network; provide geographic location information for the wireless communication device to the server; request access to one or more services provided through one or more access point names (APNs) to the server; and receive an indication to allow or disallow access to at least one of the one or more services and/or to the one or more APNs based at least in part on the provided geographic location information.