Abstract: The present invention discloses a methods and systems for securely connecting mobile nodes to an internal private network using IPsec based Virtual Private Network (VPN) technology. The system employs a proxy home agent (PHA) coupled to a home network associated with a mobile node that is located within a secure network, a home agent (HA) that is located outside of the secure network, and a VPN gateway to provide VPN services to a mobile device that changes its current address during the VPN session. The HA and PHA are configured to provide Mobile IP Home Agent functionality through a distributed system.

Abstract: A system and method is directed to updating information in a mobile network. A dynamic signaling routing protocol is extended over bi-directional tunneling between a mobile router and its home agent such that information associated with the home agent of the mobile router reflects roaming of the mobile router as it travels from its home network. The information is determined as a function of a characteristic associated with each link of the tunnel between the mobile router and its home agent. In one embodiment, the information includes a cost metric associated with the cost of the tunnel. The information is advertised to another router. The other router employs the information associated with the tunnel to determine a path for communication.

Abstract: The invention is directed to enabling an serving node and a gateway node to be informed of a new route for a new node or sub-network that has become active behind a Mobile Terminal that can also act as a router. When IP level route injection occurs at the Mobile Terminal, a Modify session profile message causes insertion of a new IP address or prefix at a gateway node related to the new route. Also, the gateway node will update the serving node and the Mobile Terminal with information related to the new route or a proposed new route. The Mobile Terminal and the gateway node can share routing information over a dynamic routing protocol. Additionally, the Mobile Terminal and the gateway node can configure static routing information on routes towards each other. The new route can be added with 24.008 and/or GTP messages when initiated on the Mobile Terminal side for either the dynamic or static case.

Abstract: A method and system for supporting mobile routers in Internet Protocol version 6 (IPv6) is provided. A mobile router obtains a care-of-address associated with an address configuration. The mobile router registers the care-of-address with a home agent. A bi-directional tunnel is established between the mobile router and the home agent. Packets are then forwarded via the bi-directional tunnel.

Abstract: A method of authenticating a paging request within an IP environment, said environment comprising a paging area having a plurality of access router (PAR, AR) and at least one mobile node (MN), said method comprising the steps of: sharing a session security key (K) between said mobile node (MN) and an access router (PAR) to which said mobile node (MN) has been previously attached to; receiving (S1) a packet incoming for said mobile node (MN) by said previous access router (PAR), wherein said mobile node (MN) is in a dormant mode; submitting (S2) a paging request to all other access routers (AR) of said paging area by said previous access router (PAR) about the packet which came in, thereby also distributing said session security key (K); generating (S3) authentication parameters according to a predetermined process by an access router (AR) to which said mobile node (MN) is currently attached to; submitting (S4) said paging request from said access router (AR) to said mobile node (MN) including said authenticat

Abstract: A system and method for three-party authentication and authorization. The system includes an authorizer that authorizes requestors, a client that makes a request, and a local attendant that provides a conduit through which messages between the client and the authorizer pass. The authorizer, the client, and a peer on which the requested resource may be accessed are each in separate domains. A domain is defined as a set of one or more entities such that if the set includes more than one entity, a connection between any two of the entities in the set can be secured by static credentials that are known by each of the two entities. A subscriber identity module (SIM) may be used to generate a copy of a key for the client to be used in accessing a requested resource.

Abstract: The invention relates to a method for distinguishing clients in a communication system comprising at least one wireless access network and at least one wired access network. The wireless access network comprise means for connecting wireless clients in communication to the wireless access network. Wired access network comprise means for connecting wired clients in communication to the wired access network. Communication system comprise means for communicating between the access network and the wired access network. In the method a resolution request message is transmitted to the communication system indicating a client to be examined, the message is received in at least one other node. A decision whether a resolution reply message is to be transmitted to the communication system is performed on the basis of a resolution reply message.

Abstract: A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber's authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber's GSM network operator's Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.

Abstract: A client 110 may be authenticated by transmitting or beaming a telecommunication network subscriber's authentication to the client from a device 120, over a wireless link. For example, a GSM telephone 120 may authenticate an electronic book 110 to a content providing service within the Internet. The service verifies the authentication using the subscriber's GSM network operator's Authentication Center 161 to generate an authenticator and the client correspondingly generates a local copy of the authenticator using a GSM SIM over the wireless local link. The authentication is then determined by checking that these authenticators match and thereafter the authenticator can be used as a session key to encrypt data in the service.