Abstract: In one aspect there is provided a method performed by a first location management entity, LME (e.g., an MME or an SGSN), for providing location information to a location server (e.g., a GMLC). The method includes the first LME receiving from the location server a first request for location information pertaining to a terminal. The method also includes the first LME determining whether the terminal is in a connected state. The method further includes the first LME, in response to determining that the terminal is in a connected state, performing a method comprising: i) transmitting a stop paging message to a second LME; ii) obtaining the requested location information pertaining to the terminal; and iii) transmitting the obtained location information to the location server.

Abstract: Methods, devices, computer programs and carriers comprising computer programs for handling handling a User Equipments, UE, access to networks are provided. A method performed by a mobility node 105 comprises, when the UE 101 accesses the current visited network 100v, transmitting 302, 401, through the visited network to a subscriber server 108 in a home network 100h of the UE 101, a request for access information for the UE 101. The request comprises network information which indicates the current visited network 100v and at least one potential visited network which the UE 101 can access. The method further comprises receiving 304, 403, from the subscriber server 108, the requested access information for at least some of the networks indicated in the request. The access information comprises allowed network IDs and corresponding allowed RATs for at least some of the networks indicated in the request which the UE 101 is allowed to access.

Abstract: In one aspect there is provided a method performed by a first location management entity, LME (e.g., an MME or an SGSN), for providing location information to a location server (e.g., a GMLC). The method includes the first LME receiving from the location server a first request for location information pertaining to a terminal. The method also includes the first LME determining whether the terminal is in a connected state. The method further includes the first LME, in response to determining that the terminal is in a connected state, performing a method comprising: i) transmitting a stop paging message to a second LME; ii) obtaining the requested location information pertaining to the terminal; and iii) transmitting the obtained location information to the location server.

Abstract: In one aspect there is provided a method performed by a first location management entity, LME (e.g., an MME or an SGSN), for providing location information to a location server (e.g., a GMLC). The method includes the first LME receiving from the location server a first request for location information pertaining to a terminal. The method also includes the first LME determining whether the terminal is in a connected state. The method further includes the first LME, in response to determining that the terminal is in a connected state, performing a method comprising: i) transmitting a stop paging message to a second LME; ii) obtaining the requested location information pertaining to the terminal; and iii) transmitting the obtained location information to the location server.

Abstract: In a mobile network with a plurality of access networks, a control node, which is controlling access of a user equipment to that one of the access networks which is currently used by the user equipment, performs a determination of an access capability of the user equipment in this access network. The control node provides an indication of the determined access capability to a subscriber database associated with the user equipment. When transmitting the indication, a guard timer is started. After determining the access capability, the control node receives an update indication for the user equipment. In response to receiving the update indication, the control node performs a redetermination of the access capability. Further, the control node checks if the guard timer has expired and, only if the guard timer has not expired, provides a further indication of the redetermined access capability to the subscriber database.

Abstract: The present invention concern methods and apparatuses for handling public identities in an Internet Protocol Multimedia Subsystem, IMS, network. According to a method an HSS receives a request message from an S-CSCF. The request message includes a public identity. The HSS sends a response message including the registered wildcarded public identity to the S-CSCF if the request message includes an indication that the public identity is unregistered, the request message does not include a wildcarded public identity indication, and the public identity, included in the request message, matches with a wildcarded public identity, registered in the HSS. The S-CSCF is thus enabled to fetch a user profile using the wildcarded public identity.

Abstract: A method for restoring faulty subscriber-related data in an Evolved Packet System (EPS) network including a Home Subscriber Server (HSS) and a 3GPP AAA server, be characterized by comprising the following steps performed at the 3GPP AAA server: receiving an indicator from the HSS, the indicator identifying one or more subscribers having the faulty subscriber-related data stored in the HSS; and for an interaction with an access from a non-3GPP network, if the access corresponding to one of the identified subscribers, instructing the HSS to restore the faulty subscriber-related data for one or all of the identified subscribers.

Abstract: In one aspect there is provided a method performed by a first location management entity, LME (e.g., an MME or an SGSN), for providing location information to a location server (e.g., a GMLC). The method includes the first LME receiving from the location server a first request for location information pertaining to a terminal. The method also includes the first LME determining whether the terminal is in a connected state. The method further includes the first LME, in response to determining that the terminal is in a connected state, performing a method comprising: i) transmitting a stop paging message to a second LME; ii) obtaining the requested location information pertaining to the terminal; and iii) transmitting the obtained location information to the location server.

Abstract: A method for restoring faulty subscriber-related data in an Evolved Packet System (EPS) network including a Home Subscriber Server (HSS) and a 3GPP AAA server, be characterized by comprising the following steps performed at the 3GPP AAA server: receiving an indicator from the HSS, the indicator identifying one or more subscribers having the faulty subscriber-related data stored in the HSS; and for an interaction with an access from a non-3GPP network, if the access corresponding to one of the identified subscribers, instructing the HSS to restore the faulty subscriber-related data for one or all of the identified subscribers.

Abstract: In a mobile network with a plurality of access networks, a control node, which is controlling access of a user equipment to that one of the access networks which is currently used by the user equipment, performs a determination of an access capability of the user equipment in this access network. The control node provides an indication of the determined access capability to a subscriber database associated with the user equipment. When transmitting the indication, a guard timer is started. After determining the access capability, the control node receives an update indication for the user equipment. In response to receiving the update indication, the control node performs a redetermination of the access capability. Further, the control node checks if the guard timer has expired and, only if the guard timer has not expired, provides a further indication of the redetermined access capability to the subscriber database.

Abstract: The present invention concern methods and apparatuses for handling public identities in an Internet Protocol Multimedia Subsystem, IMS, network. According to a method an HSS receives a request message from an S-CSCF. The request message includes a public identity. The HSS sends a response message including the registered wildcarded public identity to the S-CSCF if the request message includes an indication that the public identity is unregistered, the request message does not include a wildcarded public identity indication, and the public identity, included in the request message, matches with a wildcarded public identity, registered in the HSS. The S-CSCF is thus enabled to fetch a user profile using the wildcarded public identity.

Abstract: The invention refers to a system, apparatus and method for carrying out a SIM-based authentication of a user accessing a WLAN, without having provided yet an IP connectivity, along with a layer-2 encryption mechanism for protecting the path between the Terminal Equipment and the Mobile network. Therefore, the invention provides a method for establishing a PPP-tunneling for AKA dialogues between the terminal and an Access Controller for accessing the mobile network owning the SIM. The invention also provides an Access Controller (AC) comprising a Point-to-Point over Ethernet (PPPoE) server for tunneling AKA dialogues from a PPP-client installed in the terminal for the same purpose, and also comprising a Traffic Router and a RADIUS-client. The AC thus including a RADIUS-client is interposed between a RADIUS-proxy accessed from the access points (AP) in the WLAN and the mobile network where SIM-based authentication is carried out.

Abstract: An apparatus and method for providing Single Sign-On services to a user when accessing a selected Service Provider from a plurality of Service Providers. An Authentication Provider authenticates the user at with a user-identity, provides the user with a token as proof of the authentication, and assigns a temporary alias-identity to the user for use when the user accesses the selected Service Provider. The Authentication Provider and the selected Service Provider link the assigned alias-identity and the user-identity to identify the user at respective sites. The user accesses the selected Service Provider by presenting the token along with a local user-identity valid for the selected Service Provider. When the user attempts a subsequent access at the selected Service Provider, the user is identified by the shared alias-identity, if the user allowed permanent linking. If the user did not allow permanent linking, the process is repeated for each subsequent access.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication. The present invention provides a system, method and apparatus wherein a cellular Federation of mobile network operators becomes an SSO authentication authority for subscribers of this Federation accessing Service Providers having such agreement with a mobile network operator of the Federation.

Abstract: The invention provides a system and a method basically oriented for providing Single Sign-On services for a user roaming in a packet radio network of a Multinational Mobile Network Operator that includes a federation of National Network Operators, one of these National Network Operators holding the user's subscription. In particular, the telecommunications system includes a number of Service Providers having service agreements with the Multinational Mobile Network Operator federation for offering Single Sign-On services to subscribers of any National Network Operator included in the federation.

Abstract: Mobile operators presently offer services on behalf of service providers where such services are really carried out for the users. Mobile operators act as identity providers in this scenario, wherein service provider and identity provider share a unique identity to identify each particular user accessing a number of services. As the number of users accessing these services, and the number of services offered from different service providers increase, the storage required at the operator's network for such amount of user's identities becomes a problem. To overcome this and other problems, the present invention provides an identity Generator device arranged to generate a user's service indicator to identify the user between the service provider and the identity provider, the user's service indicator comprising a master user's identifier for identification of the user at the identity provider, and a service identifier indicating the services to be accessed at a given service provider.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication. The present invention provides a system, method and apparatus wherein a cellular Federation of mobile network operators becomes an SSO authentication authority for subscribers of this Federation accessing Service Providers having such agreement with a mobile network operator of the Federation.

Abstract: An apparatus and method for providing Single Sign-On services to a user when accessing a selected Service Provider from a plurality of Service Providers. An Authentication Provider authenticates the user at with a user-identity, provides the user with a token as proof of the authentication, and assigns a temporary alias-identity to the user for use when the user accesses the selected Service Provider. The Authentication Provider and the selected Service Provider link the assigned alias-identity and the user-identity to identify the user at respective sites. The user accesses the selected Service Provider by presenting the token along with a local user-identity valid for the selected Service Provider. When the user attempts a subsequent access at the selected Service Provider, the user is identified by the shared alias-identity, if the user allowed permanent linking. If the user did not allow permanent linking, the process is repeated for each subsequent access.

Abstract: The advent of new and sophisticated web services provided by Service Providers to users, services that individually require authentication of user and authorization of access, brings the needs for a new service to facilitate such authentication and access, a service referred to as Single Sign-On (SSO). The basic principle behind SSO is that users are authenticated once at a particular level, and then access all their subscribed services accepting that level of authentication.