Abstract: The present invention relates to mobile data communications in general, and more specifically, the present invention describes a route optimization technique requiring no awareness of the Mobile IP protocol by a Correspondent Node when forwarding traffic using the shortest path between a Mobile Node and the Correspondent Node in a visiting domain. The invention describes the management of route entries, network address translations and firewall filters in order to provide a secure, yet, flexible deployment of Mobile IP route optimization. Specific considerations are described for the case of separate Foreign Agent and co-located care-of address respectively.

Abstract: The present invention describes a network-based mobile workgroup system allowing a selected set of users from two or more mobile virtual private networks to form an extranet workgroup in a secure manner. The invention is based on the limited private address scenario, which entitles mobile nodes having private, possibly overlapping, addresses as defined in RFC 1918, while home and foreign agents have public IP addresses. Each home agent is dedicated to one mobile virtual private network (M-VPN), while a foreign agent may be shared by multiple M-VPNs. The system also entails a mobile service manager that has a public IP address and a set of mobile nodes that all have a UFQDN (user fully qualified domain name) within the overall mobile workgroup system. The main benefits, compared to existing solution for extranet workgroup creation, are that extranets can be created despite overlapping address realms. Even fine-granular workgroups within the extranet can be created with any set of users from any set of M-VPNs.

Abstract: A network-based mobile workgroup system has considerably wider appeal and application than normal virtual private networks in that it provides seamless mobility across a number of access technologies at the same time as it offers a granular security separation down to workgroup level. The mobile workgroup system is an access management system for mobile users with VPN and firewall functionality inbuilt. The mobile user can access the mobile workgroup system over a set of access technologies and select server resources and correspondent nodes to access pending their workgroup membership approvals. All workgroup policy rules are defined in a mobile service manager and pushed down to one or more mobile service routers for policy enforcement. The mobile service router closest to the mobile client, and being part of the mobile virtual private network, performs regular authentication checks of the mobile client during service execution.

Abstract: The present invention relates to a method for decoupling a Mobile IP home network from its Mobile IP Home Agent with support for roaming on the intranet as well as the Internet. The normal operation of the IGP is assumed, and a static route for a Mobile Address aggregate is used to distribute Mobile IP addresses in the IGP.

Abstract: The present invention relates to method for a Mobile Node (3) to acquire a Home Address that will be maintained while roaming between a home network (4) and a foreign network (7), where the home address is acquired dynamically from a centralized server (2) maintaining a pool of addresses, and where a Home Agent (1) allocates the address on behalf of the Mobile Node (3) from the centralized server (2), using a unique identifier provided by the Mobile Node (3).