Abstract: The invention consists of a new registration and authentication protocol for between a Mobile Node and a Home Agent. The new protocol uses a novel messaging sequence to request registration, authentication and authorization of the Mobile Node when it is located on a foreign network, and the novel protocol will avoid some of the standard registration and authentication protocol messages in order to eliminate the problems associated with re-transmission errors.

Abstract: The present invention supports a communication protocol for transmission of information packets between a mobile node and a virtual private network. Information packets are encapsulated and decapsulated along the route as the information packet is forwarded among the various networks on its path to the destination address; either the mobile node on a foreign network or a correspondence node on a virtual private network. A home agent on the virtual private network supports transmitting the information packets, and the information packets are transmitted from the virtual private network from the home agent or a virtual private network gateway.

Abstract: Various embodiments are described to assist in reducing handoff delays and the blackout period(s) associated with inter AN (access network) hard handoffs. The hard handoff procedure of method disclosed herein establishes or initiates a connection (A10-type connection) between a target AN and a packet data serving node (PDSN), unlike known hard handoff approaches that wait until traffic channel assignment to establish or initiate such connection. The PDSN may optionally bicast data packets to both the source and target ANs since each is communicatively coupled to the PDSN during a given time period. In the event bicasting is unavailable or unused, a communication tunnel between the source and target ANs may be created and used to transmit data packets between them.

Abstract: Various embodiments are described for Point-to-Point Protocol-free (PPP-free) access and service authentication in a wireless network. An HRPD connection/session is established between an access terminal and the access network. Instead of setting up a PPP session and performing access (i.e., device access) authentication and service authentication using PPP, the Extensible Authentication Protocol (EAP) is utilized.

Abstract: Utilizing the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.

Abstract: The claimed subject matter is directed to defining a framework that enables wireless communicability between base stations for maintenance and configuration purposes, even while disconnected from an operator network, and/or deployed in the field. Embodiments are particularly applicable in the cases of small-cell base transceiver stations deployed in inconvenient, secluded, elevated and/or difficult to reach locations. The small cell base transceiver station is operable to communicate wirelessly to wireless terminals and mobile computing devices by emulating select functionality from dedicated components in an operator network.

Abstract: Various embodiments describe an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator.

Abstract: The present invention supports a communication protocol for transmission of information packets between a mobile node and a virtual private network. Information packets are encapsulated and decapsulated along the route as the information packet is forwarded among the various networks on its path to the destination address; either the mobile node on a foreign network or a correspondence node on a virtual private network. A home agent on the virtual private network supports transmitting the information packets, and the information packets are transmitted from the virtual private network from the home agent or a virtual private network gateway.

Abstract: Embodiments provide techniques for mobile route optimization authentication protocols. Embodiments allow for system control over whether route optimization is allowed or not allowed. A conditional allowance of route optimization solves several billing and security issues by allowing the system to impose appropriate charges for the route optimization feature or prevent route optimization where message flow using care-of addressing can be monitored.

Abstract: Various embodiments are described for Point-to-Point Protocol-free (PPP-free) access and service authentication in a wireless network. An HRPD connection/session is established between an access terminal and the access network. Instead of setting up a PPP session and performing access (i.e., device access) authentication and service authentication using PPP, the Extensible Authentication Protocol (EAP) is utilized.

Abstract: The present invention solves the problems with a new proxy binding update request and proxy binding acknowledgement messages having new indicators and identification information. Namely, the home agent/local mobility anchor will exchange proxy binding update messages and proxy binding acknowledge messages that include information such as mobile node identification (MN-ID), home network prefix (HNP), but can also include selective information fields such as, access type, handover indicator (HO), and interface identification (interface ID). By including new access type, indicator, and identification information, the local mobility anchor can respond to a binding update request message with a better understanding of the new connectivity request from the mobile node.

Abstract: The present invention solves these problems with a new proxy binding update request and proxy binding acknowledgment messages having new indicators and identification information. Namely, the home agent/local mobility anchor will exchange proxy binding update messages and proxy binding acknowledge messages that include information such as mobile node identification (MN-ID), home network prefix (HNP), but can also include selective information fields such as, access type, handover indicator (HO), and interface identification (interface ID) By including new access type, indicator, and identification information, the local mobility anchor can respond to a binding update request message with a better understanding of the new connectivity request from the mobile node.

Abstract: Provided is a method of providing secure communication between an initiator and a responder in a communication network. The method includes providing an encryption key for securing communications between an initiator and a responder in a communications network that includes the initiator generating an initiator Diffie-Hellman computed value, the initiator transmitting the initiator Diffie-Hellman computed value to the responder, the responder generating the encryption key and a responder Diffie-Hellman computed value, the responder transmitting the responder Diffie-Hellman computed value to the initiator, and the initiator generating the encryption key.

Abstract: The invention consists of an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator.

Abstract: Provided is a method of providing secure communication between an initiator and a responder in a communication network. The method includes presenting a registration request with one or more proposals for dynamically establishing a security association between the initiator and the responder, and receiving a registration response indicating whether any of the one or more proposals have been accepted for the security association.

Abstract: The invention consists of the invention consists of a new route optimization authentication protocol. The current Mobile IPv6 protocols do not allow for optional control over the use of route optimization. The present invention allows for system control over whether route optimization is allowed or not allowed. The conditional allowance of route optimization solves several billing and security issues by allowing the system to impose appropriate charges for the route optimization feature or prevent route optimization where message flow using care-of addressing can be monitored.

Abstract: The present invention solves these problems with a new proxy binding update request and proxy binding acknowledgement messages having new indicators and identification information. Namely, the home agent/local mobility anchor will exchange proxy binding update messages and proxy binding acknowledge messages that include information such as mobile node identification (MN-ID), home network prefix (HNP), but can also include selective information fields such as, access type, handover indicator (HO), and interface identification (interface ID). By including new access type, indicator, and identification information, the local mobility anchor can respond to a binding update request message with a better understanding of the new connectivity request from the mobile node. The invention also includes a binding revocation message with expanded trigger field information sent from the local mobility anchor to the mobile access gateways.

Abstract: The present invention utilizes the AAA infrastructure to dynamically allocate the various parameters needed to establish the security association between the Foreign Agent and the Home Agent. The present invention uses the AAA server as a central entity to dynamically generate and distribute the chosen security association parameters needed to support the Foreign Agent and Home Agent security association based on a request from the Foreign Agent. The AAA server can also dynamically assigns a unique SPI value to the Foreign Agent and Home Agent pairs. The various parameters that can be allocated in the present invention include a FA-HA shared secret key or a public/private key pair, an authentication algorithm and mode, a FA-HA secret key lifetime, and security parameter index or security index values. The present invention also can assist in making sure that the Foreign Agent and the Home Agent stay synchronized with respect to their security association.

Abstract: The present invention provides a method and system for identification of the different packet gateways that support different types of services on their packet data networks. The method and system provides identification and addressing information to user equipment for one or more packet gateways that support different types of services, sometimes called QoS services. The identification and addressing information for the one or more packet gateways is provided in the present invention by and through a DNS server or an AAA server depending on the network architecture and the IP version supporting the communications with the mobile node.

Abstract: The present invention solves the problems with a new proxy binding update request and proxy binding acknowledgement messages having new indicators and identification information. Namely, the home agent/local mobility anchor will exchange proxy binding update messages and proxy binding acknowledge messages that include information such as mobile node identification (MN-ID), home network prefix (HNP), but can also include selective information fields such as, access type, handover indicator (HO), and interface identification (interface ID). By including new access type, indicator, and identification information, the local mobility anchor can respond to a binding update request message with a better understanding of the new connectivity request from the mobile node.