Abstract: A network system for authorizing an endpoint node for a communication service includes an operator network and an organization network. The operator network operates to perform a device authorization operation to authorize the endpoint node for a communication session. The organization network operates to facilitate a service authorization operation to authorize the endpoint node for the communication service of the communication session.

Abstract: Providing a multicast service to a mobile node includes receiving a first request to join a multicast group from a first cell site. The first request requests that a first mobile node be permitted to join the multicast group. A first multicast source operable to provide content to the first mobile node is identified. The multicast group and the first multicast source are associated to yield a first group-source combination. A first key is assigned to the first group-source combination, and the first key is provided to the first cell site.

Abstract: Authorizing a mobile node for a service includes receiving at an enforcement point a session initiation invitation from the mobile node. The session initiation invitation comprises an authorization token and a session initiation object. Whether the mobile node is authorized to access a service is determined in accordance with the authorization token. The authorization token is sent to an authorization server if the mobile node is authorized to access the service. The session initiation object is sent to a server to initiate the service if the mobile node is authorized to access the service.

Abstract: Techniques for Mobile IP bulk registration revocation are described herein. According to one embodiment, a first mobile agent of a mobile IP network sends a registration revocation message to a second mobile agent of the mobile IP network. The registration revocation message includes information identifying multiple home IP addresses of multiple mobile nodes whose registrations are to be revoked. In response to the registration revocation, the second mobile agent terminates bindings of services associated with multiple mobile nodes identified by the multiple home IP addresses and sends an acknowledgement message to the first mobile agent. Other methods and apparatuses are also described.

Abstract: In one embodiment, sessions are synced from an active device to a standby device according to a priority. One or more attributes are determined for a plurality of sessions that need to be synced between an active device and a standby device. The attributes may be used to determine a value of syncing a session. A priority for syncing the sessions based on the attributes is then determined. The sessions are then synced based on the priority. For example, a portion of sessions considered to be of a higher priority may be synced before a portion of sessions considered to be of a lower priority. Because the sessions considered of a higher priority are synced first, if a double failure occurs where the active device fails during the syncing process, at least the higher priority sessions have been synced with the standby device and the standby device can take over these sessions.

Abstract: Techniques for negotiating QoS between a foreign agent and a home agent of a Mobile IP network are described herein. According to one embodiment, quality of service (QoS) parameters are extracted from a registration reply message received from a home agent of a home network in response to a registration request message originated from a mobile node coupled to a foreign network. Thereafter, network traffics between the mobile node of the foreign network and the home agent of the home network associated with the mobile node are routed according to at least a portion of the QoS parameters. Other methods and apparatuses are also described.

Abstract: In one embodiment, a security gateway receives an IPSec Initiation (IPSec INIT) request from a client. The security gateway may communicate with a AAA server to authenticate the client. After authentication, the security gateway intercepts a URR Discovery request from the client. The security gateway determines registration information for a response to the registration request. The registration information may be information on where the client can locate a D-GANC. A response is generated using the determined information and sent to the client. The response to the discovery request is performed without communicating with a P-GANC. Accordingly, a security gateway is used to authenticate the client and also to respond to the discovery request. This does not require that a P-GANC function be deployed in a network. Thus, cost and processing power may be saved.

Abstract: Techniques for providing wireless services to mobile subscribers using existing broadband network infrastructures are described herein. In one embodiment, in response to a request received at a gateway device from a mobile subscriber over a radio access network (RAN) for accessing a service provider network, the gateway device authenticates the mobile subscriber for accessing the RAN, where the gateway device interfaces the RAN and the existing broadband network. Upon successfully authenticating the mobile subscriber for accessing RAN, the gateway device accesses a network service provider over the existing network to acquire a network address on behalf of the mobile subscriber optionally using at least a portion of credentials derived from the authentication, where the network address allows the mobile subscriber to access the service provider network. Other methods and apparatuses are also described.

Abstract: An access gateway comprises a processor. The processor is operable to determine a message type of a received packet. The processor is further operable to apply a paging rule. The paging rule is related at least in part to the message type of the received packet. The processor is further operable to determine whether to send a request to transition the mobile device to an active state based on the paging rule. The processor is further operable to send a request, when appropriate, to transition the mobile device to an active state.

Abstract: In one embodiment, while being connected to the network, a security issue may be detected and associated with the device. The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the network. Identification information for the device is added to the blacklist at the authentication server. If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR. Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.

Abstract: A method of handling a mobile endpoint in a wireless network includes routing data for a mobile endpoint through a first base station. The mobile endpoint is wirelessly connected to the first base station and has a first signal strength at the first base station. The method also includes routing data for the mobile endpoint through the first base station and a second base station. The mobile endpoint is wirelessly connected to the first base station and has a second signal strength at the second base station. The second signal strength is above a first level. The method also includes routing data for the mobile endpoint through the second base station. The mobile endpoint is wirelessly connected to the second base station and has a third signal strength at the second base station. The third signal strength is above a second level.

Abstract: A system and method for providing service in a network having a wireless component is disclosed. The system and method comprise receiving a request for a dynamic address from a user node connected to a subscriber station having a convergence sub-layer, providing the dynamic address to the user node, associating the dynamic address with a service flow associated with the subscriber station, and sending data addressed to the dynamic address through the service flow. The dynamic address is based on a subscriber identifier associated with the subscriber station and a client identifier associated with the user node.

Abstract: In one embodiment, techniques provide QoS-aware service flow mapping in an access network. A message is received from an access device at a gateway in the access network. The message includes a traffic flow specification. The traffic flow specification may include packet filter information, which is used to install a packet filter to route traffic to the access device. The gateway creates a session and associates the packet filter with it. When an incoming packet is received at the network device, the packet is matched to the packet filter. The incoming packet is then sent to the access device for the session. The traffic flow specification may also specify QoS parameters that are desired. The QoS parameters may then be applied to the packet sent to the access device. The gateway and access device may negotiate to determine a QoS to apply.

Abstract: Techniques for exchanging capabilities in a wireless network are provided. In one embodiment, a first device receives a capability message over a communication link from a second device in a WiMAX network. The communication link may be between any combination of base stations and gateways. For example, the R4, R6, or R8 interface may be used. Other interfaces may also be appreciated in a WiMAX network. The capability message includes one or more capabilities supported by a second device in the WiMAX network. Capabilities to support are then determined based on the one or more capabilities. These capabilities will be supported by the first device for communications with the second device. The first device is then configured to support the determined capabilities. Accordingly, the first device is dynamically configured based on the capability message received.

Abstract: Techniques for allowing a home agent to provide location/presence-based services are provided. In one embodiment, a point of attachment of an access network receives a discovery request from a mobile node. A mobile node is associated with a home agent in a home network different from the access network. Location/presence-based information is determined at the point of attachment. The location/presence-based information is added to a registration request at the layer 3 protocol layer. The registration request is then sent from the point of attachment to the home agent. When the registration request is received at the home agent, the home agent parses the registration request to determine the location/presence information from the request. The home agent then performs a location/presence service using the location/presence information.

Abstract: In one embodiment, techniques provide quality of service (QoS) for services using a gateway. The techniques include receiving one or more control signaling messages from a subscriber station at the gateway. The gateway is in a signaling path for the subscriber station where the subscriber station communicates through a wireless network. The gateway determines a policy to apply for the service based on the one or more control signaling messages. QoS parameters may be determined for the service based on the policy. For example, QoS parameters are determined for a session that is created for a media stream. The media stream may flow from the subscriber station to a base station to the gateway, and vice versa. The gateway may communicate the QoS parameters to the base station to cause the base station to reserve resources in the wireless network. Accordingly, a session for the subscriber station is created and resources are reserved to provide a QoS for a media stream.

Abstract: An Unlicensed Mobile Access (UMA) network architecture. In a specific embodiment, the network architecture includes a mobile station and an access point in communication with the mobile station. A UMA Controller (UNC) communicates with the access point. A Service GateWay (SGW) communicates with the UMA controller. The SGW includes functionality to route user-plane packets in the UMA. In a more specific embodiment, the functionality includes UNC user-plane functionality offloaded from the UNC to the SGW; Serving GPRS Support Node (SGSN) user-plane functionality; access-authentication functionality sufficient to enable the SGW to enable the SGW to bypass a legacy SGSN control plane; and/or Radio Network Controller (RNC) user-plane functionality sufficient to enable communications between the SGW and the RNC.

Abstract: A system for enhancing functionality of a network. In a specific embodiment, the system employs strategic communications between a network controller and a security gateway. The strategic communications occur via a feedback communications channel between the network controller and the security gateway. The feedback communications channel facilitates transferring security information, such as International Mobile Subscriber Identity (IMSI) and other information, between the network controller and the security gateway. The security information may facilitate enabling the SGW to make intelligent decisions as to how to treat a client communications session. In the specific embodiment, the feedback communications channel includes an intervening Authentication, Authorization, and Accounting (AAA) server that is coupled between the UMA and the network controller.

Abstract: In one embodiment, a first node receives data associated with a mobile node. The mobile node includes a plurality of sessions associated with it. For example, the plurality of sessions may be associated with flows for different services, such as voice over IP. A session for the data is determined out of a plurality of sessions. Labels may be provided that correspond to sessions in the plurality of sessions and a label is then determined for the session. The data is sent to the second node in a packet that includes the label. The packet is sent using a label switched path (LSP) in a multi-protocol label switching (MPLS) network. When the second node receives the data, it uses the label to determine a performance treatment to apply to the data. For example, different labels may correspond to the different sessions and different sessions may be associated with different quality of service (QoS) levels.