Abstract: In a mobile network with a plurality of access networks, a control node, which is controlling access of a user equipment to that one of the access networks which is currently used by the user equipment, performs a determination of an access capability of the user equipment in this access network. The control node provides an indication of the determined access capability to a subscriber database associated with the user equipment. When transmitting the indication, a guard timer is started. After determining the access capability, the control node receives an update indication for the user equipment. In response to receiving the update indication, the control node performs a redetermination of the access capability. Further, the control node checks if the guard timer has expired and, only if the guard timer has not expired, provides a further indication of the redetermined access capability to the subscriber database.

Abstract: The present invention concern methods and apparatuses for handling public identities in an Internet Protocol Multimedia Subsystem, IMS, network. According to a method an HSS receives a request message from an S-CSCF. The request message includes a public identity. The HSS sends a response message including the registered wildcarded public identity to the S-CSCF if the request message includes an indication that the public identity is unregistered, the request message does not include a wildcarded public identity indication, and the public identity, included in the request message, matches with a wildcarded public identity, registered in the HSS. The S-CSCF is thus enabled to fetch a user profile using the wildcarded public identity.

Abstract: A method for restoring faulty subscriber-related data in an Evolved Packet System (EPS) network including a Home Subscriber Server (HSS) and a 3GPP AAA server, be characterized by comprising the following steps performed at the 3GPP AAA server: receiving an indicator from the HSS, the indicator identifying one or more subscribers having the faulty subscriber-related data stored in the HSS; and for an interaction with an access from a non-3GPP network, if the access corresponding to one of the identified subscribers, instructing the HSS to restore the faulty subscriber-related data for one or all of the identified subscribers.

Abstract: In one aspect there is provided a method performed by a first location management entity, LME (e.g., an MME or an SGSN), for providing location information to a location server (e.g., a GMLC). The method includes the first LME receiving from the location server a first request for location information pertaining to a terminal. The method also includes the first LME determining whether the terminal is in a connected state. The method further includes the first LME, in response to determining that the terminal is in a connected state, performing a method comprising: i) transmitting a stop paging message to a second LME; ii) obtaining the requested location information pertaining to the terminal; and iii) transmitting the obtained location information to the location server.

Abstract: A method for restoring faulty subscriber-related data in an Evolved Packet System (EPS) network including a Home Subscriber Server (HSS) and a 3GPP AAA server, be characterized by comprising the following steps performed at the 3GPP AAA server: receiving an indicator from the HSS, the indicator identifying one or more subscribers having the faulty subscriber-related data stored in the HSS; and for an interaction with an access from a non-3GPP network, if the access corresponding to one of the identified subscribers, instructing the HSS to restore the faulty subscriber-related data for one or all of the identified subscribers.

Abstract: In a mobile network with a plurality of access networks, a control node, which is controlling access of a user equipment to that one of the access networks which is currently used by the user equipment, performs a determination of an access capability of the user equipment in this access network. The control node provides an indication of the determined access capability to a subscriber database associated with the user equipment. When transmitting the indication, a guard timer is started. After determining the access capability, the control node receives an update indication for the user equipment. In response to receiving the update indication, the control node performs a redetermination of the access capability. Further, the control node checks if the guard timer has expired and, only if the guard timer has not expired, provides a further indication of the redetermined access capability to the subscriber database.

Abstract: The present invention concern methods and apparatuses for handling public identities in an Internet Protocol Multimedia Subsystem, IMS, network. According to a method an HSS receives a request message from an S-CSCF. The request message includes a public identity. The HSS sends a response message including the registered wildcarded public identity to the S-CSCF if the request message includes an indication that the public identity is unregistered, the request message does not include a wildcarded public identity indication, and the public identity, included in the request message, matches with a wildcarded public identity, registered in the HSS. The S-CSCF is thus enabled to fetch a user profile using the wildcarded public identity.

Abstract: The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunneling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPoE) server for tunneling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication. The present invention provides a system, method and apparatus wherein a cellular Federation of mobile network operators becomes an SSO authentication authority for subscribers of this Federation accessing Service Providers having such agreement with a mobile network operator of the Federation.

Abstract: Mobile operators presently offer services on behalf of service providers where such services are really carried out for the users. Mobile operators act as identity providers in this scenario, wherein service provider and identity provider share a unique identity to identify each particular user accessing a number of services. As the number of users accessing these services, and the number of services offered from different service providers increase, the storage required at the operator's network for such amount of user's identities becomes a problem. To overcome this and other problems, the present invention provides an identity Generator device arranged to generate a user's service indicator to identify the user between the service provider and the identity provider, the user's service indicator comprising a master user's identifier for identification of the user at the identity provider, and a service identifier indicating the services to be accessed at a given service provider.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication. The present invention provides a system, method and apparatus wherein a cellular Federation of mobile network operators becomes an SSO authentication authority for subscribers of this Federation accessing Service Providers having such agreement with a mobile network operator of the Federation.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication.