Abstract: The present invention relates to a method of arranging the transmission of packet data in a system comprising a mobile terminal, a wireless local network and a mobile network. End-to-end service related parameters are signalled via a separate signalling element. A resource authorization identifier is transmitted to the mobile network via the local network. Authorization is requested from the signalling element on the basis of the resource authorization identifier. A tunnel between the mobile terminal and the mobile network is bound to the end-to-end data flow of the mobile terminal on the basis of an authorization from the signalling element and tunnel identification information identifying the tunnel.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication centre. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: Handoff of a communication session in a wireless network is presented in a wireless network interface including a terminal device having a first address (ADD1) and a second address (ADD2) in which an ongoing communication session between the terminal device and an associated first access point (AP1) in the wireless network uses the first address (ADD1) and upon detecting the need for handover of the terminal device to a second access point (AP2) in the wireless network establishes a communication session between the terminal device and an associated second access point (AP2) using the second address (ADD2). The invention includes hardware component and software application implementation.

Abstract: Disclosed is a method providing secure mobility for a terminal in a mobile system comprising at least two IP based sub-networks. The method comprises to detect a change of the IP based sub-network by the terminal. The connection parameters of the terminal are updated so as to be connected with a new IP based sub-network. Further, the security requirements of the new IP based sub-network are detected, and the security associations of the terminal to the new IP based sub-network are adapted to the security requirements of the new IP based sub-network.

Abstract: A method for load balancing in a telecommunications system supporting Mobile IP, the system including at least one mobile node and at least one home agent. The home agent mainly supporting the mobility of the mobile node is defined as the primary home agent and one or more secondary home agents are added to the telecommunications system. Packets destined for the mobile node are transmitted, when needed, via one or more secondary home agents.

Abstract: The invention proposes a method for handling authentication requests in a network, wherein the authentication requests may have different types, the method comprising the steps of determining (S1, S3, S4) types of the authentication requests, and applying (S5-S7) a policy for handling the received authentication requests based on the determined types of authentication requests. The invention also proposes a corresponding network control element and a computer program product.

Abstract: A mobile internet protocol regional paging network 10 includes a paging foreign agent for handling a regional registration of a mobile node visiting a paging area, which includes internet protocol subnetworks. In operation, the mobile node periodically can provide an idle mode request to the paging foreign agent to enter an idle mode so as to deactivate one or more components for energy-saving purposes and reduce active communication with the mobile internet protocol regional paging network. The invention provides a small and link-layer independent extension to Mobile Internet Protocol with Regional Registrations to support power-constrained operation in the mobile nodes and to reduce routing state information in the visited domain. The extension allows a Mobile Node to enter a power saving Idle Mode during which its location is known with the coarse accuracy defined by a Paging Area. The mobile node and the visited domain may optionally agree on time slots used for Agent Advertisements and paging.

Abstract: The invention allows utilizing Generic Authentication Architecture for Mobile Internet Protocol key distribution. A Generic Authentication Architecture bootstrapping is performed between a mobile terminal device and a Bootstrapping Server Function. In an embodiment a resulting Bootstrapping Transaction Identifier is sent to a Home Agent which uses it to obtain a Home Agent specific key to be used in authenticating a Mobile Internet Protocol Registration Request.

Abstract: The invention relates to a method of arranging roaming in a telecommunications system comprising a local network, at least one public land mobile network, and a terminal equipment. In the telecommunications system, public land mobile network identifiers and network element identifiers linked therewith are defined. These public land mobile network identifiers and the network element identifiers linked therewith are transmitted to the terminal equipment. The terminal equipment selects a public land mobile network by means of a comparison of the received public land mobile network identifiers and public land mobile network identifiers stored in the terminal equipment. Access is arranged for the terminal equipment via the local network to the network element determined by the network element identifier linked with the identifier of the selected public land mobile network.

Abstract: A method of selecting the serving network element in a telecommunications network. Mobility agents or routers transmit attribute information on one or more network elements in advertising messages to at least one mobile node. This information is used in the mobile node for selecting the serving network element.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication center. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: The invention relates to a method of arranging roaming in a telecommunications system comprising a local network, at least one public land mobile network, and a terminal equipment. In the telecommunications system, public land mobile network identifiers and network element identifiers linked therewith are defined. These public land mobile network identifiers and the network element identifiers linked therewith are transmitted to the terminal equipment. The terminal equipment selects a public land mobile network by means of a comparison of the received public land mobile network identifiers and public land mobile network identifiers stored in the terminal equipment. Access is arranged for the terminal equipment via the local network to the network element determined by the network element identifier linked with the identifier of the selected public land mobile network.

Abstract: The invention relates to a method for distinguishing clients in a communication system comprising at least one wireless access network and at least one wired access network. The wireless access network comprise means for connecting wireless clients in communication to the wireless access network. Wired access network comprise means for connecting wired clients in communication to the wired access network. Communication system comprise means for communicating between the access network and the wired access network. In the method a resolution request message is transmitted to the communication system indicating a client to be examined, the message is received in at least one other node. A decision whether a resolution reply message is to be transmitted to the communication system is performed on the basis of a resolution reply message.

Abstract: A system and method for the implementation of a proxy smart card application in a mobile telephone. The mobile telephone receives a smart card related message from a remote terminal. If the smart card related message is related to a function implemented by electronic device software within the mobile telephone, the electronic device software processes the message. If the smart card related message is not related to a function implemented by the electronic device software, the message is transmitted to the smart card.

Abstract: A network including a user equipment for accessing at least one of wireless local area network interworking services and third generation partnership project network services. The network also includes at least one third generation partnership project network for providing the third generation partnership project network services to the user equipment. The network further includes an access network for connecting the user equipment to the third generation partnership project network and for providing the wireless local area network interworking services. During network authentication, the user equipment provides a network access identifier including wireless local area network scenario information and an impostor is prevented from modifying the network access identifier during a response from the user equipment to the at least one third generation partnership project network implementing an authentication mechanism.

Abstract: A method, program product and system of selecting a wireless local area network (WLAN) using split user equipment. The method comprising the following steps: a first user equipment obtains relevant network selection parameters from a second user equipment and obtains an undecorated root network access identifier from the second user equipment, the first user equipment performs network discovery and selection, and, upon initiation of final EAP authentication, the first user equipment decorates said network access identifier and transmits it to the WLAN.

Abstract: A method of providing authentication in a wireless network including sending, from a terminal to a wireless network a request for access authorization. The method includes transmitting from a server a return message. The return message is composed using a default sequence number value. The method includes initiating a resynchronization procedure based on receipt of the return message by the terminal and storing a sequence number in the terminal and in the server; and sending from the server, an authentication continuation message to the terminal.

Abstract: The present invention relates to a method and system for providing access from a first network (30) to a service of a second network, wherein an authentication signaling is used to transfer a service selection information to the second network (70). Based on the service selection information, a connection can be established to access the desired service. Thereby, cellular packet-switched services can be accessed over networks which do not provide a context activation procedure or corresponding control plane signaling function.

Abstract: A method, program product and system of preventing or limiting the number of simultaneous sessions in a wireless local area network (WLAN). The method includes: determining whether subscriber terminal information has been changed between an old session and a new session, maintaining a connection with the old session if the subscriber terminal information has not changed, and establishing and authenticating the new session and disconnecting the old session if the subscriber terminal information has changed. A medium access control (MAC) address and a WLAN radio network identification can be compared between the old session and the new session to determine whether subscriber terminal information has been changed.

Abstract: Method for storing data in the memory (1.2) of an electronic device (1), wherein the data to be stored is encrypted with an encryption key (Ks). The electronic device (1) is provided with an identification card (2) equipped with a cryptographic algorithm and an individual identifier (ID). In the electronic device (1), at least one seed value (RAND1, RAND2, RAND3) is generated, and the at least one seed value is transmitted to the identification card (2). The cryptographic algorithm is performed on the identification card (2), with the seed value (RAND1, RAND2, RAND3) being used as the input, wherein at least one derived value (Kc1, Kc2, Kc3) is produced in the algorithm. The at least one derived value (Kc1, Kc2, Kc3) is transmitted to the electronic device (1), wherein the at least one derived value (Kc1, Kc2, Kc3) is used in the formation of the encryption key (Ks). The invention also relates to an electronic device (1), module, and computer software product.