Abstract: In one embodiment, a method includes receiving a first request to join a conference from a first user device. The location of the first user device is determined. Based on the location of the first user device, the proximity of the first user device relative to endpoints configured to facilitate the conference is identified. A first one of the endpoints that is more proximate to the first user device than other endpoints is selected for handling the conferences.

Abstract: In one embodiment, a method includes receiving a first request to join a conference from a first user device. The location of the first user device is determined. Based on the location of the first user device, the proximity of the first user device relative to endpoints configured to facilitate the conference is identified. A first one of the endpoints that is more proximate to the first user device than other endpoints is selected for handling the conferences.

Abstract: An Unlicensed Mobile Access (UMA) network architecture. In a specific embodiment, the network architecture includes a mobile station and an access point in communication with the mobile station. A UMA Controller (UNC) communicates with the access point. A Service GateWay (SGW) communicates with the UMA controller. The SGW includes functionality to route user-plane packets in the UMA. In a more specific embodiment, the functionality includes UNC user-plane functionality offloaded from the UNC to the SGW; Serving GPRS Support Node (SGSN) user-plane functionality; access-authentication functionality sufficient to enable the SGW to enable the SGW to bypass a legacy SGSN control plane; and/or Radio Network Controller (RNC) user-plane functionality sufficient to enable communications between the SGW and the RNC.

Abstract: Assigning an access terminal identifier to a mobile node includes receiving a request at an access terminal home agent of a radio access network. The request requests an access terminal identifier for the mobile node. An access terminal identifier is assigned to the mobile node. The access terminal identifier identifies a communication session of the mobile node, and is assigned according to an Internet Protocol procedure for assigning an address. The access terminal identifier is provided to the mobile node.

Abstract: Techniques for providing wireless services to mobile subscribers using existing broadband network infrastructures are described herein. In one embodiment, in response to a request received at a gateway device from a mobile subscriber over a radio access network (RAN) for accessing a service provider network, the gateway device authenticates the mobile subscriber for accessing the RAN, where the gateway device interfaces the RAN and the existing broadband network. Upon successfully authenticating the mobile subscriber for accessing RAN, the gateway device accesses a network service provider over the existing network to acquire a network address on behalf of the mobile subscriber optionally using at least a portion of credentials derived from the authentication, where the network address allows the mobile subscriber to access the service provider network. Other methods and apparatuses are also described.

Abstract: A system for facilitating persistent communications between entities in a network. In a specific embodiment, the system is adapted to facilitate fast reauthentication of a client performed by a server, such as an Authentication, Authorization, and Accounting (AAA) server, that is coupled to the client via a load balancer. The system includes a first message to be exchanged between the server and the client, wherein the first message includes a field identifying the server and/or the client. A matching module communicates with or is otherwise incorporated within the load balancer. The matching module includes one or more routines for employing the field to selectively route the first message to the client and/or server. In a more specific embodiment, the server a fast reauthentication module adapted to append the field in the message. The field includes sub-realm information identifying the server.

Abstract: Particular embodiments provide an access gateway that facilitates communication between a plurality of access technologies. The access gateway facilitates data communication with an access terminal through a bearer path. A radio resource manager is configured to provide radio resource management functions for the communications. The radio resource manager is decoupled from the bearer path and provides control of radio transmission characteristics for the bearer path to the gateway. Because the radio resource manager is not in the bearer path, the access gateway may be access technology agnostic. Thus, the access gateway does not need to have access-specific modules based on the radio technology for each bearer path.

Abstract: In one embodiment, a first node receives data associated with a mobile node. The mobile node includes a plurality of sessions associated with it. For example, the plurality of sessions may be associated with flows for different services, such as voice over IP. A session for the data is determined out of a plurality of sessions. Labels may be provided that correspond to sessions in the plurality of sessions and a label is then determined for the session. The data is sent to the second node in a packet that includes the label. The packet is sent using a label switched path (LSP) in a multi-protocol label switching (MPLS) network. When the second node receives the data, it uses the label to determine a performance treatment to apply to the data. For example, different labels may correspond to the different sessions and different sessions may be associated with different quality of service (QoS) levels.

Abstract: Particular embodiments provide an access gateway that facilitates communication between a plurality of access technologies. The access gateway facilitates data communication with an access terminal through a bearer path. A radio resource manager is configured to provide radio resource management functions for the communications. The radio resource manager is decoupled from the bearer path and provides control of radio transmission characteristics for the bearer path to the gateway. Because the radio resource manager is not in the bearer path, the access gateway may be access technology agnostic. Thus, the access gateway does not need to have access-specific modules based on the radio technology for each bearer path.

Abstract: An apparatus for providing mobility in an Internet protocol (IP) network environment is provided that includes a cell site element operable to receive an address resolution protocol (ARP) signal from a base station. The ARP signal is associated with a selected mobile station that can roam between networks. In response to the signal, the cell site element evaluates a table that identifies a plurality of mobile stations and if the selected mobile station is not present in the table, then a mobility registration request is generated and communicated to a next destination.

Abstract: A system for efficiently reauthenticating a client of a network. In a specific embodiment, the system includes an authentication server and a Security GateWay (SGW) in communication with the client. The SGW includes reauthentication information associated with the client. In a more specific embodiment, the authentication server includes an Authentication, Authorization, and Accounting (AAA) server. The SGW further includes one or more routines for employing the reauthentication information to reauthenticate the client. The AAA server performs initial authentication of the client to enable client access to the network, which yields the reauthentication information. The reauthentication information includes one or more keys and/or counters, such as an authorization key, an encryption key, and a master key, which is/are predetermined by the AAA server.

Abstract: Authenticating a registration request from a mobile node includes an authenticator operable to facilitate a communication session for the mobile node. Access authentication to provide the mobile node access to an Internet Protocol (IP) network is facilitated. A mobility key is obtained from the access authentication. A registration request is received from the mobile node, and is authenticated using the mobility key.

Abstract: A system for enhancing functionality of a network. In a specific embodiment, the system employs strategic communications between a network controller and a security gateway. The strategic communications occur via a feedback communications channel between the network controller and the security gateway. The feedback communications channel facilitates transferring security information, such as International Mobile Subscriber Identity (IMSI) and other information, between the network controller and the security gateway. The security information may facilitate enabling the SGW to make intelligent decisions as to how to treat a client communications session. In the specific embodiment, the feedback communications channel includes an intervening Authentication, Authorization, and Accounting (AAA) server that is coupled between the UMA and the network controller.

Abstract: An access gateway comprises a processor. The processor is operable to determine a message type of a received packet. The processor is further operable to apply a paging rule. The paging rule is related at least in part to the message type of the received packet. The processor is further operable to determine whether to send a request to transition the mobile device to an active state based on the paging rule. The processor is further operable to send a request, when appropriate, to transition the mobile device to an active state.

Abstract: In one embodiment, techniques provide QoS-aware service flow mapping in an access network. A message is received from an access device at a gateway in the access network. The message includes a traffic flow specification. The traffic flow specification may include packet filter information, which is used to install a packet filter to route traffic to the access device. The gateway creates a session and associates the packet filter with it. When an incoming packet is received at the network device, the packet is matched to the packet filter. The incoming packet is then sent to the access device for the session. The traffic flow specification may also specify QoS parameters that are desired. The QoS parameters may then be applied to the packet sent to the access device. The gateway and access device may negotiate to determine a QoS to apply.

Abstract: Techniques for security association management on a home and foreign agent are described. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database (SADB) to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first connectivity is terminated is received and the security association entry in the local SADB that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid.

Abstract: Techniques for exchanging capabilities in a wireless network are provided. In one embodiment, a first device receives a capability message over a communication link from a second device in a WiMAX network. The communication link may be between any combination of base stations and gateways. For example, the R4, R6, or R8 interface may be used. Other interfaces may also be appreciated in a WiMAX network. The capability message includes one or more capabilities supported by a second device in the WiMAX network. Capabilities to support are then determined based on the one or more capabilities. These capabilities will be supported by the first device for communications with the second device. The first device is then configured to support the determined capabilities. Accordingly, the first device is dynamically configured based on the capability message received.

Abstract: Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described.

Abstract: A network system for authorizing an endpoint node for a communication service includes an operator network and an organization network. The operator network operates to perform a device authorization operation to authorize the endpoint node for a communication session. The organization network operates to facilitate a service authorization operation to authorize the endpoint node for the communication service of the communication session.

Abstract: In one embodiment, while being connected to the network, a security issue may be detected and associated with the device. The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the network. Identification information for the device is added to the blacklist at the authentication server. If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR. Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.