Abstract: It is provided a method, comprising monitoring if a tunnel to a terminal via an untrusted network is to be established, wherein the tunnel is set up only if the terminal is authenticated and authorized; requesting, if the tunnel is to be established, the authentication and authorization and an information on a location of the terminal; providing the information on the location received in response to the request to a gateway.

Abstract: Access mode selection based on user equipment selected access network identity may be useful, for example, with respect to the authentication in third generation partnership project (3GPP) networks of subscribers attaching to a trusted wireless local area network (WLAN) access network (TWAN). A method of access mode selection can include informing, in a request, an authentication server regarding at least one access mode for a user equipment. The method can also include selecting a mode of the at least one access mode to use with respect to the user equipment based on a response received from the authentication server in response to the request.

Abstract: The present invention relates to a method, apparatus, system, and computer program product, in which a unique identifier of a node of a network is used to request from a database location-dependent information for a device attached to said node. An identifier of at least one server serving an area in which said device is located is then retrieved by using said location-dependent information.

Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.

Abstract: Apparatus, method, system and computer program product for server failure handling A mechanism for a first apparatus is described. The mechanism comprising receiving, from a first apparatus, a first authentication request comprising an user identity and an identity of said first apparatus, wherein said first apparatus being capable for provide authentication related service with respect to said user identity; determining if a third apparatus, originally associated with said user identity for providing authentication related service, is available for providing said service; registering said first apparatus as the server associated with said user identity for providing authentication related service, if said third apparatus is not available; sending a response to said first apparatus to acknowledge the first authentication request.

Abstract: It is provided a method, comprising monitoring if a tunnel to a terminal via an untrusted network is to be established, wherein the tunnel is set up only if the terminal is authenticated and authorized; requesting, if the tunnel is to be established, the authentication and authorization and an information on a location of the terminal; providing the information on the location received in response to the request to a gateway.

Abstract: Systems, methods, apparatuses, and computer program products for the indication of full configuration in handover signaling are provided. For example, an indication of “full configuration” and/or “no full configuration” may be included in handover signaling over X2 and/or S1 interface to a source eNB.

Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.

Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.

Abstract: Apparatus, method, system and computer program product for server failure handling A mechanism for a first apparatus is described. The mechanism comprising receiving, from a first apparatus, a first authentication request comprising an user identity and an identity of said first apparatus, wherein said first apparatus being capable for provide authentication related service with respect to said user identity; determining if a third apparatus, originally associated with said user identity for providing authentication related service, is available for providing said service; registering said first apparatus as the server associated with said user identity for providing authentication related service, if said third apparatus is not available; sending a response to said first apparatus to acknowledge the first authentication request.

Abstract: It is provided a method, comprising providing a non 3GPP network access to a user equipment (S10); connecting an apparatus performing the method via an interface to a packet data network gateway of a packet core network (S20); indicating, to the packet data network gateway via the interface, an indication whether the non 3GPP network access is a trusted access (S30).

Abstract: Access mode selection based on user equipment selected access network identity may be useful, for example, with respect to the authentication in third generation partnership project (3GPP) networks of subscribers attaching to a trusted wireless local area network (WLAN) access network (TWAN). A method of access mode selection can include informing, in a request, an authentication server regarding at least one access mode for a user equipment. The method can also include selecting a mode of the at least one access mode to use with respect to the user equipment based on a response received from the authentication server in response to the request.

Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.

Abstract: The present invention relates to a method, apparatus, system, and computer program product, in which a unique identifier of a node of a network is used to request from a database location-dependent information for a device attached to said node. An identifier of at least one server serving an area in which said device is located is then retrieved by using said location-dependent information.