Abstract: A system is disclosed for measuring data utilization attributable to use by an application being executed on a mobile device. The system has a server operable to register the application and transmit information to establish a connection between the application and a proxy server. The system also has a proxy server operable to establish a first connection with the application, receive direction to establish a second connection with a target endpoint, establish the second connection between the proxy server and the target endpoint, pass data between the target endpoint and the application using the established connections, and measure the amount of data passed between the target endpoint and the application.

Abstract: A method is provided in one example embodiment and includes receiving a data packet transported on a backhaul link at a first network element; identifying whether the data packet is an upstream data packet; identifying whether the data packet matches an internet protocol (IP) access control list (ACL) or a tunnel endpoint identifier; performing a network address translation on the data packet; and offloading the data packet from the backhaul link. In certain implementations, the method can include identifying that the data packet does not match the IP ACL or the tunnel endpoint identifier; and communicating the data packet to a second network element. In other instances, the method can include identifying that the data packet is a downstream data packet; and restoring a tunnel header and tunnel identification based on an IP address of the data packet.

Abstract: The present disclosure generally provides techniques for establishing a unique, ephemeral home address (hoa)/home agent address (ha?) address pair that may be limited to use in a session having a defined lifetime. Limiting the use of this dynamic address pair to a session lifetime and by preventing a mobile node from knowing the static address of a home agent may help protect the home agent from attacks.

Abstract: A method is provided and may include receiving a request for a network content delivery service from an access device; directing the access device to a network service provider for authentication for the network content delivery service; receiving a network authorization token from the access device, where the network authorization token is associated with the access device; obtaining a network access token from the network service provider; and binding the network access token to a content access token.

Abstract: Systems and methods are disclosed for receiving a request at a packet gateway to allocate a new bearer for a mobile device on a wireless telecommunications network; identifying, at the packet gateway, existing bearers that have a quality of service (QoS) that can be reduced without dropping the existing bearers; reducing, at the packet gateway, the QoS of the existing bearers; reclaiming resources at the packet gateway that were previously in use by the existing bearers; and allocating the new bearer for the mobile device using the reclaimed resources at the packet gateway without causing any of the existing bearers to be disconnected, wherein the existing bearers have a lower priority than the new bearer, and wherein the existing bearers have previously been designated as capable of being preempted.

Abstract: This disclosure relates to a system and method for offloading selected data traffic in logical tunnels to the Internet. The offloading provides another data path for selected data traffic that can relieve the burden on a mobile operator's network, such as the backhaul and core networks. As the proliferation of data rich content and increasingly more capable mobile devices has continued, the amount of data communicated over mobile operator's networks has increased. Upgrading the existing network that was designed for voice calls is not desirable or practical for many mobile operators. This disclosure provides systems and methods for offloading data to the Internet at a router to relieve congestion on the mobile operator's network.

Abstract: Providing a mobility key for a communication session for a mobile station includes facilitating initiation of the communication session. A master key for the communication session is established, where the master key is generated at an authentication server in response to authenticating the mobile station. A mobility key is derived from the authentication key at an access node, where the mobility key is operable to authenticate mobility signaling for the communication session.

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract: In accordance with various embodiments, a Home Agent receives a registration request and sends a registration reply having a network mask extension including a network mask associated with the home address of the Mobile Node. Once the Mobile Node has obtained its network mask, it may send packets such as broadcast packets, as well as roam to its Home Agent. Additionally, in accordance with various embodiments, when a Home Agent receives a broadcast packet, it forwards the broadcast packet to a care-of address of the broadcast packet without duplicating the broadcast packet. Instead, the Foreign Agent obtains the subnet from the broadcast packet, identifies the Mobile Node(s) on that subnet, and duplicates the broadcast packet for transmission to the identified Mobile Node(s).

Abstract: In one embodiment, an apparatus receives an advertisement from each of one or more Home Agents, the advertisement including a first set of information associated with a corresponding one of the Home Agents, each advertisement being in a first protocol. The apparatus obtains the first set of information associated with a corresponding one of the Home Agents from each advertisement. The apparatus composes a router advertisement including a second set of information associated with at least one of the Home Agents, the router advertisement being in a second protocol. The apparatus then sends the router advertisement.

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract: Multi-operator networking techniques are provided for allowing two or more operators to share a wireless local area network (WLAN). In particular, mobile access gateway functionality is integrated in a wireless network controller of a WLAN that is accessible to first and second operators. Operator-specific tunnels are created through the network for each of the first and second operators that link a core network of each of the first and second operators with an associated client device. Packets are then forwarded between the core networks of the first and second operators and their associated client devices via the operator-specific tunnels.

Abstract: A method is provided in one example embodiment and includes receiving a discover message over a network; determining that the discover message is associated with an unauthenticated client (e.g., identifying a media access control (MAC) address); communicating a proxy binding update (PBU) having a binding type value set to a temporary status; and establishing a bidirectional tunnel for transporting traffic for the client.

Abstract: A method is provided in one example embodiment and includes communicating an access request to an authentication, authorization, and accounting (AAA) element. The access request is configured to include an attribute that indicates that a network element can support a particular home agent assignment from amongst a plurality of home agents. The method also includes receiving a response that includes an Internet Protocol (IP) address of a home agent loadbalancer, the response including a key that establishes a secure connection between the network element and the home agent loadbalancer. In other embodiments, the method includes communicating with a foreign agent in order to authenticate user equipment associated with the access request. In addition, the access request can be initiated by user equipment configured to establish a network communication session via the particular home agent.

Abstract: A method and implementation are disclosed for binding a mobile node to a subnet. The invention comprises steps and implementations for intercepting messages sent by a mobile node to a server, associating a predetermined subnet with the intercepted messages and forwarding the intercepted messages to the server. The invention intercepts reply messages sent by at least one server and selects reply messages that are associated with the predetermined subnet. The selected reply messages are forwarded to the mobile node, and reply messages that are not associated with the predetermined subnet are discarded.

Abstract: The disclosed embodiments support mobility internal and external to enterprise networks. Service providers provide mobility by providing Home Agent functionality corresponding to each Enterprise network. In this manner, mobility may be provided to Mobile Nodes both internal and external to their enterprise networks. Moreover, data packets may be transmitted by Mobile Nodes to Correspondent Nodes, whether they are within their enterprise network, the Service Provider network, or the Internet.

Abstract: Systems and methods for providing identity management and mobility management are disclosed. The management scheme provides mobility in multi-device and multi-homed deployments. A collection of three identities, a device identity, a link layer identity, and a user identity, can be used to provide mobility for a number of devices under different use scenarios. In one embodiment, a method is disclosed for receiving messages from a mobile device at a mobility gateway, the messages including identifiers such as a user identifier, a link layer identifier, and a device identifier where identifiers are stored or retained at the mobility gateway. When a subsequent network attach request is received including one or more identifiers, a reconnection can occur, based on a result of comparing the stored identifiers with the received one or more identifiers.

Abstract: Methods and apparatus for enabling mobility of a node that does not support Mobile IP are disclosed. When an AP receives a data packet, the AP may compare the data packet (e.g., source address) with the AP information for one or more APs to determine whether to send a registration request on behalf of the node. More particularly, the AP determines from the source address whether the node is located on a subnet identical to a subnet of the AP. If the node is located on the subnet of the AP, no Mobile IP service is required on behalf of the node. However, when it is determined from the source address that the node is not located on the subnet identical to the subnet of the Access Point, the AP composes and sends a mobile IP registration request on behalf of the node. For instance, the mobile IP registration request may be composed using the gateway associated with the “home” AP (e.g., having a matching subnet) as the node's Home Agent.

Abstract: A method is provided in one example implementation and the method includes identifying through a home bearer manager that an Internet Protocol (IP) address has been previously sent to an access terminal, the IP address being issued by a visited bearer manager as a result of the access terminal requesting registration in a visited network. The method further includes communicating the IP address to the access terminal in response to the access terminal registering in a home network. The registrations in the home and the visited network allow a plurality of packets to be communicated to the access terminal via the IP address. In more specific embodiments, the IP address serves as a care of address (CoA) address and a home IP address concurrently. The IP address can be exchanged via a mobile IP (MIP) exchange. The home and visited bearer managers are independent or interdependent.

Abstract: Methods and apparatus for establishing communication between a Mobile Node and a Home Agent are disclosed. The Home Agent receives a registration request packet from the Mobile Node, the registration request packet including an IP source address and a Home Agent address. The Home Agent then detects from the registration request packet when network address translation has been performed. When it has been detected that network address translation has been performed, a tunnel is set up between the Home Agent address and the IP source address.