Abstract: System and method embodiments are provided for extending Access Network Discovery and Selection Function (ANDSF) with Access Network Query Protocol (ANQP) server capability. An embodiment method for network discovery and selection (NDS) includes receiving, at an ANQP proxy, query for network discovery information from a user equipment (UE), forwarding the query to an ANDSF including an indication for a service provider associated with a domain of users, receiving information associated with the service provider from the ANDSF, and forwarding the information associated with the service provider to the UE.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: A method for operating a first communications device includes transmitting a provisioned network list to an access router, and receiving a logical router interface address for each network in the provisioned network list. The method also includes transmitting a first message to one of the logical router interface addresses corresponding to a first selected network, receiving a first address prefix for a first gateway router of the first selected network, and transmitting a first packet to a second communications device, the first packet including the first address prefix as a source prefix.

Abstract: An apparatus comprising a node comprising an access controller (AC) and an authentication, authorization and accounting (AAA) proxy (AAA-P), wherein the AC is configured to manage authentication for a user equipment (UE), and wherein the AAA-P is configured to exchange authentication information related to the UE with an AAA server. Included is a network component comprising at least one processor configured to implement a method comprising establishing a first tunnel with a home gateway (HG), wherein the HG communicates wirelessly with a UE, and establishing a second tunnel between the UE and a Network Access Server (NAS). Also included is a network component comprising at least one processor configured to implement a method comprising receiving a Pairwise Master Key (PMK) from an AAA mediator (AAA-M), and authenticating a UE using the PMK.

Abstract: A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network.

Abstract: A method comprising encapsulating a message with a tunnel header comprising an access identifier associated with a network entity. Also included is an apparatus comprising an access node (AN) configured to communicate with a residential gateway (RG) via the access network, wherein the AN is configured to encapsulate a router solicitation (RS) with a header comprising an access identifier associated with the RG, and send the encapsulated RS to an Internet Protocol (IP) edge, wherein the AN is configured to receive a router advertisement (RA), and wherein the AN is configured to forward the RA to the RG associated with the access identifier.

Abstract: A system comprising an access node (AN) coupled to a plurality of service providers (SPs) and a host and configured to forward a plurality of services between the SPs and the host using a plurality of first connections between the AN and the host and a plurality of second connections between the AN and the SPs, and a router gateway (RG) positioned between the host and the AN and coupled to the AN via an access line that comprises the first connections, wherein the AN translates a plurality of first identifiers for the first connections to a plurality of second identifiers for the second connections to route the services appropriately between the host and the SPs over the first connections and the corresponding second connections.

Abstract: An apparatus comprising a local mobility anchor (LMA) configured to forward a flow to a mobile node (MN) via a first mobile access gateway (MAG) in a first network and via a second MAG in a second network, and to bind the flow to the second MAG from the first MAG, wherein the first MAG is configured to manage the MN mobility in the first network and the second MAG is configured to manage the MN mobility in the second network, wherein the first MAG sends a binding update comprising a flow description information to the LMA, and wherein the LMA replies to the binding update with a binding acknowledgement.

Abstract: A system for link-independent multihoming in a network having heterogeneous access network technologies is disclosed, providing such multihoming in a manner transparent to IP connections. The system of the present invention provides constructs and methods for: discovering and selecting a multihoming server; selecting a primary media access control (MAC) address; associating multiple link addresses with a MAC address; and forwarding packets via the multihoming server based on certain defined policies.

Abstract: A method comprising sending a dynamic host configuration protocol (DHCP) message comprising an Identity Association for Prefix Delegation (IA_PD) Prefix option comprising a Internet Protocol version 6 (IPv6) prefix and a length of the IPv6 prefix to a device having a media access control (MAC) address, receiving from the device a packet comprising a source MAC address and a source IPv6 address, and dropping the packet when the MAC address is equal to the source MAC address and the leftmost bits of the source IPv6 address defined by the length are not equal to the IPv6 prefix.

Abstract: Methods and system for simplified Protocol for Carrying Authentication for Network Access (sPANA) are disclosed. In the broadband architecture such as Broadband forum or WiMAX forum, a Network Access server (NAS) is one IP hop away from a user. Therefore, it is possible to relax the need in PANA to obtain an IP address prior to authentication. A PANA client (PaC) may use an unspecified IP address (e.g. 0.0.0.0 in TPv4) as a source address for authentication. A PANA Authentication Agent (PAA) may use an IP broadcast address as a network layer destination address (e.g. oxffffffff). The present invention defines PANA Attribute-Value Pairs (AVPs) and procedures that allow a Challenge-Handshake Authentication Protocol (CHAP) exchange to occur in PANA. The PANA CHAP support may facilitate smooth migration from Point-to-Point Protocol (PPP) sessions to IP sessions in a DSL Broadband network environment. The sPANA can be desirably compatible with the PANA.

Abstract: An apparatus comprising a supplicant proxy port authorization entity (PAE) configured to communicate with a user equipment (UE) and a network, wherein the supplicant proxy PAE causes a communication path to forward or block communications between the UE and the network. Included is a network component comprising at least one processor configured to implement a method comprising authenticating a UE with a network using an Institute of Electrical and Electronics Engineers (IEEE) 802.1X protocol, and exchanging a secure key with the UE using an IEEE 802.1 AF protocol. Also included is a method comprising authenticating a user UE configured for a first authentication protocol with a network configured for a second authentication protocol using a port entity configured for the first authentication protocol and the second authentication protocol, and securing the UE's access to the network by completing a security key agreement using the first authentication protocol.

Abstract: An apparatus comprising a node comprising an access controller (AC) and an authentication, authorization and accounting (AAA) proxy (AAA-P), wherein the AC is configured to manage authentication for a user equipment (UE), and wherein the AAA-P is configured to exchange authentication information related to the UE with an AAA server. Included is a network component comprising at least one processor configured to implement a method comprising establishing a first tunnel with a home gateway (HG), wherein the HG communicates wirelessly with a UE, and establishing a second tunnel between the UE and a Network Access Server (NAS). Also included is a network component comprising at least one processor configured to implement a method comprising receiving a Pairwise Master Key (PMK) from an AAA mediator (AAA-M), and authenticating a UE using the PMK.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: A telecommunications network component comprising a processor configured to implement a method comprising: receiving a data stream, establishing a virtual connection with a destination through one of a plurality of networks, and configuring the data packets for transportation to the destination over the virtual connection, wherein the data packets follow the virtual connection through the carrier network so long as a rerouting condition is not detected. Also disclosed is a method of routing order sensitive data, comprising: providing a connection to a plurality of carrier networks, establishing a plurality of pseudo-wires through the carrier networks, transmitting an order specific data over one of the pseudo-wires, and multi-homing to detect a rerouting condition on one of the pseudo-wires.

Abstract: A system for link-independent multihoming in a network having heterogeneous access network technologies is disclosed, providing such multihoming in a manner transparent to IP connections. The system of the present invention provides constructs and methods for: discovering and selecting a multihoming server; selecting a primary media access control (MAC) address; associating multiple link addresses with a MAC address; and forwarding packets via the multihoming server based on certain defined policies.

Abstract: A method of multicast access control in an IP multicast system is disclosed. The method provides a distributed architecture separating a session control in a service stratum from an access control in a transport stratum.

Abstract: A telephony network that includes a signaling system that provides intelligent network services. The signaling system includes a service control point that interfaces with an application database. The application database includes subscriber defined applications that are associated with an application code. The signaling system includes a service switching point in communication with the service control point through one or more signaling transfer points. Subscribers to the service may communicate through voice traffic and applications over a call connection. The applications may reside in the application database or in a subscriber. A subscriber may utilize a network computer to retrieve platform independent applications and associated initiate applications for execution in a highly secure environment.