Abstract: The invention relates to access control for a movable network (15) managed by a mobile router (10), wherein said mobile route is interconnected through a bi-directional link (40) with a mobility anchoring agent (20) that anchors the network mobility for the mobile router. According to the invention, access control enforcement points (11, 21) are located at both the mobile router (10) and the mobility anchoring agent (20). Access control is exercised at the mobility agent (20) to filter downlink packets to the mobile router (10) and access control is exercised at the mobile router (10) to filter uplink packets to the mobility anchoring agent (20). In this way, unauthorized packets, both uplink and downlink, do not have to cross the air interface before being filtered away, thereby preventing waste of valuable radio resources. The access control modules are typically provisioned with access control filter information, preferably by means of a hierarchical provisioning structure.

Abstract: A basic idea is to use the AAA infrastructure to assign (S3) an appropriate DHCP server to DHCP client for the DHCP service, and transferring DHCP-related information over the AAA infrastructure for authenticating (S1) and authorizing (S4) the DHCP client for DHCP service with the assigned DHCP server. Instead of the more complex DHCP server discovery process known from the prior art, the AAA infrastructure, and more particularly a suitable AAA server or equivalent AAA component, is used for assigning an appropriate DHCP server to the DHCP client. Consequently, there is no longer any mandatory dependency on the DHCP discovery-related messages. The invention preferably provides AAA protocol support for facilitating assignment of appropriate DHCP servers and providing an out-of-band key agreement protocol for DHCP clients and servers by carrying DHCP related information facilitating the bootstrapping of DHCP authentication extension (RFC3118).

Abstract: For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.

Abstract: Using session signaling, a multimedia session with plural media data streams is initiated between the mobile terminal and a remote host coupled to a packet data network. The mobile terminal is coupled to the packet data network and to a multimedia system that provides multimedia session services by way of an access point. A plurality of packet access bearers is established between the mobile terminal and the access point to transport corresponding ones of the media data streams between the mobile terminal and the access points. The media binding information is created for each media data stream. The media binding information associates each media data stream in the session to one of the media packet access bearers and is used to provide session-based control of each of the media packet access bearers. Different example techniques for generating/providing the media information are disclosed.

Abstract: A protocol proxy relationship is established between a non-enabled host and a protocol-enabled router or other node in a multimedia session including a mobile communications network. A mechanism is provided that allows a non-enabled mobile terminal to communicate a protocol proxy request with a protocol-enabled node along an end-to-end path between the mobile terminal and a remote host. A mechanism is further provided to install information in the protocol enabled node so that it can function as the protocol proxy for the non-enabled mobile terminal.

Abstract: A basic idea is to use the AAA infrastructure to assign (S3) an appropriate DHCP server to DHCP client for the DHCP service, and transferring DHCP-related information over the AAA infrastructure for authenticating (S1) and authorizing (S4) the DHCP client for DHCP service with the assigned DHCP server. Instead of the more complex DHCP server discovery process known from the prior art, the AAA infrastructure, and more particularly a suitable AAA server or equivalent AAA component, is used for assigning an appropriate DHCP server to the DHCP client. Consequently, there is no longer any mandatory dependency on the DHCP discovery-related messages. The invention preferably provides AAA protocol support for facilitating assignment of appropriate DHCP servers and providing an out-of-band key agreement protocol for DHCP clients and servers by carrying DHCP related information facilitating the bootstrapping of DHCP authentication extension (RFC3118).

Abstract: Systems and methods for splitting communication nodes to provide inter-domain functionality are described. For example, a home subscriber services (HSS) node can be split into a proxy node in a first domain and a non-proxy node in a second domain. The proxy node may or may not include a subset of the data available on the corresponding non-proxy node. An inter-domain interface, e.g., a GUP interface, can be employed between the proxy node and the non-proxy node and the inter-domain protocol server can be used to facilitate other interfaces, e.g., between a home location register (HLR) and other entities.

Abstract: A method for selecting the best access for terminals (210) in IP-based multi-access communication systems (200) is provided. The access selection is performed on the network side by an access wizard (261) that communicates with a profile server (262) associated with a number of databases (263). Via the profile server, the access wizard collects database information related to user, terminal, access networks and/or operator. It determines a “best” access network based on this information and preferably also on terminal specific information, e.g. terminal location and available access networks, from an access wizard agent (213) in the terminal. The best access is signaled from the access wizard, via the access wizard agent, and to an access manager (214) in the terminal, which has means for executing the actions necessary to use the best access.

Abstract: The invention provides authentication and authorization support for MIPv6 in a CDMA framework by transferring MIPv6-related information in an, preferably extended, authentication protocol in an end-to-end procedure between a mobile node in a visited network and the home network of the mobile node over an AAA infrastructure. Preferably, the end-to-end procedure is executed between the mobile node and an AAA server (34) of the home network In the visited network, after lower-layer setup, point-to-point communication is established between the mobile node and an internetworking access server (22). The access server then communicates with the AAA home server for MIPv6 authentication and authorization of the mobile node. A preferred embodiment uses EAP as basis for the extended authentication protocol. EAP extensions are then used for MIPv6 initiation and re-authentication, while CHAP can be beneficial for MIPv6 hand-in.

Abstract: The invention relates to access control for a movable network (15) managed by a mobile router (10), wherein said mobile route is interconnected through a bi-directional link (40) with a mobility anchoring agent (20) that anchors the network mobility for the mobile router. According to the invention, access control enforcement points (11, 21) are located at both the mobile router (10) and the mobility anchoring agent (20). Access control is exercised at the mobility agent (20) to filter downlink packets to the mobile router (10) and access control is exercised at the mobile router (10) to filter uplink packets to the mobility anchoring agent (20). In this way, unauthorized packets, both uplink and downlink, do not have to cross the air interface before being filtered away, thereby preventing waste of valuable radio resources. The access control modules are typically provisioned with access control filter information, preferably by means of a hierarchical provisioning structure.

Abstract: For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.

Abstract: A signaling bearer quality of service profile is pre-established and configured in various nodes in an access network. This is a new quality of service class designed to meet the needs of signaling bearers in multimedia sessions. A message requesting a bearer to support a communication between a mobile terminal and an access point to a packet data network is generated. That message includes a signaling quality of service indicator, which when detected, causes a bearer to be established between the mobile terminal and the access point in accordance with the pre-established signaling quality of service profile. The pre-established signaling quality of service profile typically includes low delay and low bit error rates in addition to high priority and accommodation of bursty traffic patterns. A signaling usage indicator may also employed to implement a standard set of minimum signaling bearer capabilities.

Abstract: A basic feature of the invention is to rely on an AAA infrastructure to “bootstrap” the HMIPv6 service for a mobile node (130) that “roams” in a visited network or the home network. In accordance with a preferred embodiment of the invention, bootstrapping the HMIPv6 service involves authenticating and authorizing the mobile node (130) for HMIPv6 service based on an AAA infrastructure. In an important scenario, the mobile node is roaming in a visited network, and the AAA infrastructure (110, 120, 122) links the visited network with the home network of the mobile node. The invention also supports the possibility of having the MAP (125) located in the home network or other network than the visited network. The reliance on the AAA infrastructure preferably involves transferring HMIPv6-related information required for authenticating and authorizing the mobile node for HMIPv6 service over the AAA infrastructure.

Abstract: The present invention provides a mechanism for coordinating charging for a multimedia session between a mobile terminal and a remote host on both an application/session level and on an IP/access bearer level. The multimedia session is established over a radio access network via a packet-switched access network coupled to a multimedia system. The multimedia system has one or more multimedia servers for providing multimedia services for multimedia sessions. A token associated with the multimedia session is generated and used to correlate session charges for operations performed in the packet-switched access network and for operations performed in the multimedia system.

Abstract: The invention relates to a method enabling multiple session description protocol media flows for one packet data protocol context. Therefore an indicator is sent from a P-CSCF to a user equipment indicating that a particular session description protocol media flow can be combined with further session description protocol media flows in a single packet data protocol context.

Abstract: A method for selecting the best access for terminals (210) in IP-based multi-access communication systems (200) is provided. The access selection is performed on the network side by an access wizard (261) that communicates with a profile server (262) associated with a number of databases (263). Via the profile server, the access wizard collects database information related to user, terminal, access networks and/or operator. It determines a “best” access network based on this information and preferably also on terminal specific information, e.g. terminal location and available access networks, from an access wizard agent (213) in the terminal. The best access is signaled from the access wizard, via the access wizard agent, and to an access manager (214) in the terminal, which has means for executing the actions necessary to use the best access.

Abstract: A method of filtering and gating data flow in a QoS connection between a remote host and user equipment in a packet data network using policy control mechanisms includes a remote host initiating an application in an application server and a corresponding session between the remote host and the user equipment (“UE”) via the application server. The UE requests, to a gateway support node (“GGSN”) of the network, establishment of a network bearer service between the UE and the remote host. A corresponding policy control function (“PCF”) in a policy server receives, from the application server, filtering data derived from session data received by the application server during the session. The GGSN interrogates the corresponding PCF in the policy server to initialize a gate using policy control filtering data at the GGSN. The gate then filters the data flow in the QoS connection according to the policy control filtering data.

Abstract: The present invention provides a method to assure end-to-end quality of service for a multimedia session including plural media data streams. The multimedia session is between a first user terminal associated with a first local access network and a second user terminal associated with a second local access network. The first and second local networks are coupled to an IP backbone network. During session setup, the user terminals each request confirmation from the other that its local access network can provide the quality of service requested for the session. The first user terminal determines whether there are sufficient resources in the first local access network to support a quality of service in its local access network to support a quality of service requested for each of the media data streams. Once this is determined, the first user terminal sends a message to the second user terminal confirming that QoS assurance.

Abstract: The present invention provides a method to assure end-to-end quality of service for a multimedia session including plural media data streams. The multimedia session is between a first user terminal associated with a first local access network and a second user terminal associated with a second local access network. The first and second local networks are coupled to an IP backbone network. During session setup, the user terminals each request confirmation from the other that its local access network can provide the quality of service requested for the session. The first user terminal determines whether there are sufficient resources in the first local access network to support a quality of service in its local access network to support a quality of service requested for each of the media data streams. Once this is determined, the first user terminal sends a message to the second user terminal confirming that QoS assurance.

Abstract: A protocol proxy relationship is established between a non-enabled host and a protocol-enabled router or other node in a multimedia session including a mobile communications network. A mechanism is provided that allows a non-enabled mobile terminal to communicate a protocol proxy request with a protocol-enabled node along an end-to-end path between the mobile terminal and a remote host. A mechanism is further provided to install information in the protocol enabled node so that it can function as the protocol proxy for the non-enabled mobile terminal.