Abstract: In the method of the invention, requests received by a request distributor are distributed to server computers. The request distributor uses distribution information for selecting, as a destination for the requests, a server computer. A first request relating to a delivery of a service is received by the request distributor and sent to one server computer. The server computer then receives the first request. Finally, it is determined whether a further request relating to the delivery of the service is expected to be received by the request distributor, and, if so, distribution information is made available to the request distributor.

Abstract: The present invention provides means and method for Single Sign-On authentication of a user accessing a service network through an access network when the user has been already authenticated by a core network where the user holds a subscription. Therefore, a number of means are provided in different entities distributed between the core network and the service network, as well as in the user's equipment, for carrying out the proposed method. The Single Sign-On authentication takes place upon matching in the service network a shared key for the user submitted from the core network with another shared key for the user derived at the user's equipment.

Abstract: For locating subscription data in a multi-tenant network, a request to be processed on the basis of subscription data is received in a subscription data locator (110). The subscription data locator (110) obtains an identity of a tenant-specific database (220A, 220B) maintaining the subscription data. The subscription data locator (110) then embeds the identity of the tenant-specific database (220A, 220B) in the request and forwards the request to a front-end (150-1, 150-n). The front-end (150-1, 150-n) then selects the tenant-specific database (220A, 220B) on the basis of the embedded identity and accesses the selected tenant-specific database when processing the request.

Abstract: The present invention addresses the problem of detecting possible fraud situations where there may be a plurality of access sessions simultaneously active in a user session for a user, the access sessions established through a number of access points of one or more wireless local area networks (WLAN). Therefore, the present invention provides for a mechanism, which includes means and method, whereby user sessions suspicious of fraud are reported to the operator network holding a subscription for the user. Moreover, the present invention also facilitates support for Single Sign-On services for a user.

Abstract: In the method of the invention, requests received by a request distributor are distributed to server computers. The request distributor uses distribution information for selecting, as a destination for the requests, a server computer. A first request relating to a delivery of a service is received by the request distributor and sent to one server computer. The server computer then receives the first request. Finally, it is determined whether a further request relating to the delivery of the service is expected to be received by the request distributor, and, if so, distribution information is made available to the request distributor.

Abstract: The present invention provides means and method for Single Sign-On authentication of a user accessing a service network through an access network when the user has been already authenticated by a core network where the user holds a subscription. Therefore, a number of means are provided in different entities distributed between the core network and the service network, as well as in the user's equipment, for carrying out the proposed method. The Single Sign-On authentication takes place upon matching in the service network a shared key for the user submitted from the core network with another shared key for the user derived at the user's equipment.

Abstract: An authentication server (e.g., AAA server) is described herein which is located in a CDMA2000 network and used to authenticate a user terminal that is connected to a non-CDMA2000 network. The authentication server receives an access request for authenticating the user terminal connected to the non-CDMA2000 network. Then, it obtains a root secret key shared between the user terminal and the CDMA2000 network and generates a GSM or UMTS-like authentication vector which is used to authenticate the user terminal according to a GSM or UMTS-like authentication method. The access of the terminal to the non-CDMA2000 network is granted upon successful authentication. According to embodiments of the invention, the non-CDMA2000 network can be a WLAN network, and the authentication methods used can be EAP SIP or EAP AKA. The present invention allows one to use authentication servers that were originally intended for WLAN-3GPP interworking scenarios also in WLAN-CDMA2000 network interworking.

Abstract: The present invention addresses the problem of detecting possible fraud situations where there may be a plurality of access sessions simultaneously active in a user session for a user, the access sessions established through a number of access points of one or more wireless local area networks (WLAN). Therefore, the present invention provides for a mechanism, which includes means and method, whereby user sessions suspicious of fraud are reported to the operator network holding a subscription for the user. Moreover, the present invention also facilitates support for Single Sign-On services for a user.

Abstract: The present invention provides means and method for Single Sign-On authentication of a user accessing a service network through an access network when the user has been already authenticated by a core network where the user holds a subscription. Therefore, a number of means are provided in different entities distributed between the core network and the service network, as well as in the user's equipment, for carrying out the proposed method. The Single Sign-On authentication takes place upon matching in the service network a shared key for the user submitted from the core network with another shared key for the user derived at the user's equipment.