Abstract: In a second group of embodiments, an electronic device that provides a virtual Bluetooth gateway is described. During operation, the electronic device may receive a first packet associated with a second electronic device and that has an Internet Protocol (IP)-compatible format (such as a JavaScript Object Notation or JSON format). Then, the electronic device may de-encapsulate a second packet from the first packet, where the second packet is compatible with a Bluetooth communication protocol. Next, the electronic may provide the second packet. Note that the electronic device may not include a physical Bluetooth radio, such as dedicated hardware for a physical Bluetooth radio. Instead, the electronic device may include a virtual Bluetooth device that communicates with the second electronic device via the virtual Bluetooth gateway. This virtual Bluetooth device may have the capabilities of a physical Bluetooth radio (without the dedicated hardware).

Abstract: An electronic device (such as an IoT controller) that distributes a link key is described. During operation, while an administrator is logged in, the electronic device may receive the link key using a secure widget, where the link key may facilitate secure communication via a link. Then, the electronic device may generate an access key, and may generate an encrypted version of the link key based at least in part on the access key and the link key, where the access key enables access to the link key based at least in part on the encrypted version of the link key. Next, the electronic device may store the link key, the access key and/or the encrypted version of the link key in a trusted envelope or partition in the memory with encryption. Moreover, when the administrator logs out, the electronic device may disable access to the trusted envelope.

Abstract: An electronic device (such as an access point or an eNodeB) that selectively provides prioritized communication is described. During operation, the electronic device may receive one or more packets or frames from a second electronic device using a communication protocol. Then, the electronic device may determine device-specific information based at least in part on a device profile associated with the communication protocol and/or a communication history of the second electronic device. Next, based on the determined device-specific information, the electronic device may assign additional data traffic associated with the second electronic device to a queue in a set of queues, where queues in the set of queues have different priorities, and where the queue provides a predefined latency of communication with the second electronic device corresponding to a priority of the queue.

Abstract: In a second group of embodiments, an electronic device that provides a virtual Bluetooth gateway is described. During operation, the electronic device may receive a first packet associated with a second electronic device and that has an Internet Protocol (IP)-compatible format (such as a JavaScript Object Notation or JSON format). Then, the electronic device may de-encapsulate a second packet from the first packet, where the second packet is compatible with a Bluetooth communication protocol. Next, the electronic may provide the second packet. Note that the electronic device may not include a physical Bluetooth radio, such as dedicated hardware for a physical Bluetooth radio. Instead, the electronic device may include a virtual Bluetooth device that communicates with the second electronic device via the virtual Bluetooth gateway. This virtual Bluetooth device may have the capabilities of a physical Bluetooth radio (without the dedicated hardware).

Abstract: An electronic device (such as an IoT controller) that distributes a link key is described. During operation, while an administrator is logged in, the electronic device may receive the link key using a secure widget, where the link key may facilitate secure communication via a link. Then, the electronic device may generate an access key, and may generate an encrypted version of the link key based at least in part on the access key and the link key, where the access key enables access to the link key based at least in part on the encrypted version of the link key. Next, the electronic device may store the link key, the access key and/or the encrypted version of the link key in a trusted envelope or partition in the memory with encryption. Moreover, when the administrator logs out, the electronic device may disable access to the trusted envelope.

Abstract: An electronic device (such as an access point or an eNodeB) that selectively provides prioritized communication is described. During operation, the electronic device may receive one or more packets or frames from a second electronic device using a communication protocol. Then, the electronic device may determine device-specific information based at least in part on a device profile associated with the communication protocol and/or a communication history of the second electronic device. Next, based on the determined device-specific information, the electronic device may assign additional data traffic associated with the second electronic device to a queue in a set of queues, where queues in the set of queues have different priorities, and where the queue provides a predefined latency of communication with the second electronic device corresponding to a priority of the queue.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: A method and system for supporting mobile routers in Internet Protocol version 6 (IPv6) is provided. A mobile router obtains a care-of-address associated with an address configuration. The mobile router registers the care-of-address with a home agent. A bi-directional tunnel is established between the mobile router and the home agent. Packets are then forwarded via the bi-directional tunnel.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: The invention proposes a system for authenticating and authorizing network services comprising: a mobile device being adapted to, upon receipt of an information message indicating at least one network access type, determine the network access type, to create a start message containing at least a user identity, and to encapsulate the start message in an authentication message compatible with the access network identified in the information message, and an access controller for reading the encapsulated message from the mobile and forwarding the encapsulated message to an authentication server identified in the encapsulated message. The invention also proposes a corresponding method for authenticating and authorizing network services, and an access control device, a subscriber device and a router device.

Abstract: A system and method for three-party authentication and authorization. The system includes an authorizer that authorizes requestors, a client that makes a request, and a local attendant that provides a conduit through which messages between the client and the authorizer pass. The authorizer, the client, and a peer on which the requested resource may be accessed are each in separate domains. A domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities. A subscriber identity module (SIM) may be used to generate a copy of a key for the client to be used in accessing a requested resource.

Abstract: A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber's authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber's GSM network operator's Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.

Abstract: The invention provides a method for bootstrapping a local authorizer of a non-public access network. The local authorizer is arranged for granting access for a client device to the non-public access network. Therefore, the local authorizer includes a credentials database, which is used in authentication and authorization of the client device during access to services or resources of the non-public network. A secret knowledge of the client device is used for generating at least one set of credentials. The bootstrapping method includes the step of uploading the at least one set of credentials to the credentials database of the local authorizer. This upload is performed by the client device at least at first access of the client device to the non-public network. Then the credentials in the credentials database are used for authentication and authorization of the client device during access to the non-public access network.

Abstract: A method and system for supporting mobile routers in Internet Protocol version 6 (IPv6) is provided. A mobile router obtains a care-of-address associated with an address configuration. The mobile router registers the care-of-address with a home agent. A bi-directional tunnel is established between the mobile router and the home agent. Packets are then forwarded via the bi-directional tunnel.

Abstract: The invention is directed to enabling an serving node and a gateway node to be informed of a new route for a new node or sub-network that has become active behind a Mobile Terminal that can also act as a router. When IP level route injection occurs at the Mobile Terminal, a Modify session profile message causes insertion of a new IP address or prefix at a gateway node related to the new route. Also, the gateway node will update the serving node and the Mobile Terminal with information related to the new route or a proposed new route. The Mobile Terminal and the gateway node can share routing information over a dynamic routing protocol. Additionally, the Mobile Terminal and the gateway node can configure static routing information on routes towards each other. The new route can be added with 24.008 and/or GTP messages when initiated on the Mobile Terminal side for either the dynamic or static case.

Abstract: A mobile internet protocol regional paging network 10 includes a paging foreign agent for handling a regional registration of a mobile node visiting a paging area, which includes internet protocol subnetworks. In operation, the mobile node periodically can provide an idle mode request to the paging foreign agent to enter an idle mode so as to deactivate one or more components for energy-saving purposes and reduce active communication with the mobile internet protocol regional paging network. The invention provides a small and link-layer independent extension to Mobile Internet Protocol with Regional Registrations to support power-constrained operation in the mobile nodes and to reduce routing state information in the visited domain. The extension allows a Mobile Node to enter a power saving Idle Mode during which its location is known with the coarse accuracy defined by a Paging Area. The mobile node and the visited domain may optionally agree on time slots used for Agent Advertisements and paging.

Abstract: The invention relates to a method for distinguishing clients in a communication system comprising at least one wireless access network and at least one wired access network. The wireless access network comprise means for connecting wireless clients in communication to the wireless access network. Wired access network comprise means for connecting wired clients in communication to the wired access network. Communication system comprise means for communicating between the access network and the wired access network. In the method a resolution request message is transmitted to the communication system indicating a client to be examined, the message is received in at least one other node. A decision whether a resolution reply message is to be transmitted to the communication system is performed on the basis of a resolution reply message.

Abstract: A system and method is directed to updating information in a mobile network. A dynamic signaling routing protocol is extended over bi-directional tunneling between a mobile router and its home agent such that information associated with the home agent of the mobile router reflects roaming of the mobile router as it travels from its home network. The information is determined as a function of a characteristic associated with each link of the tunnel between the mobile router and its home agent. In one embodiment, the information includes a cost metric associated with the cost of the tunnel. The information is advertised to another router. The other router employs the information associated with the tunnel to determine a path for communication.