Abstract: In one embodiment, during an authentication process between a network device and an access terminal, an authentication message for access to the network is received. The network device is configured to allow access to an IP network. The network device determines one or more capabilities of the access terminal from the authentication message. An action is then performed based on the one or more capabilities of the access terminal. The action may include using the capabilities to set up a session with the access terminal. Also, the network device may send its own capabilities to the access terminal in an authentication response. Accordingly, a capability negotiation between the access terminal and network device may be provided during an authentication process. This may facilitate a faster session setup as capabilities are exchanged during authentication can be used in the configuration of the session.

Abstract: In one embodiment, during an authentication process between a network device and an access terminal, an authentication message for access to the network is received. The network device is configured to allow access to an IP network. The network device determines one or more capabilities of the access terminal from the authentication message. An action is then performed based on the one or more capabilities of the access terminal. The action may include using the capabilities to set up a session with the access terminal. Also, the network device may send its own capabilities to the access terminal in an authentication response. Accordingly, a capability negotiation between the access terminal and network device may be provided during an authentication process. This may facilitate a faster session setup as capabilities are exchanged during authentication can be used in the configuration of the session.

Abstract: In one embodiment, during an authentication process between a network device and an access terminal, an authentication message for access to the network is received. The network device is configured to allow access to an IP network. The network device determines one or more capabilities of the access terminal from the authentication message. An action is then performed based on the one or more capabilities of the access terminal. The action may include using the capabilities to set up a session with the access terminal. Also, the network device may send its own capabilities to the access terminal in an authentication response. Accordingly, a capability negotiation between the access terminal and network device may be provided during an authentication process. This may facilitate a faster session setup as capabilities are exchanged during authentication can be used in the configuration of the session.

Abstract: In one embodiment, a method for using credentials for a mobile node to protect the transfer of posture data is provided. A network access device receives a message from a mobile node for access to a network. The message includes posture data encrypted using credentials for the mobile node. The credentials may be found in a storage card that is used to identify the mobile node. The network access device determines decryption information for the mobile node. For example, the credentials for the mobile node may be stored in a home location register (HLR) and are retrieved. The posture data is then decrypted using the credentials. The posture data is processed in a network admission control procedure for allowing access to the network. For example, a policy for access to the network may be installed based on the posture data.

Abstract: Assigning an access terminal identifier to a mobile node includes receiving a request at an access terminal home agent of a radio access network. The request requests an access terminal identifier for the mobile node. An access terminal identifier is assigned to the mobile node. The access terminal identifier identifies a communication session of the mobile node, and is assigned according to an Internet Protocol procedure for assigning an address. The access terminal identifier is provided to the mobile node.

Abstract: Particular embodiments provide an access gateway that facilitates communication between a plurality of access technologies. The access gateway facilitates data communication with an access terminal through a bearer path. A radio resource manager is configured to provide radio resource management functions for the communications. The radio resource manager is decoupled from the bearer path and provides control of radio transmission characteristics for the bearer path to the gateway. Because the radio resource manager is not in the bearer path, the access gateway may be access technology agnostic. Thus, the access gateway does not need to have access-specific modules based on the radio technology for each bearer path.

Abstract: In one embodiment, a first node receives data associated with a mobile node. The mobile node includes a plurality of sessions associated with it. For example, the plurality of sessions may be associated with flows for different services, such as voice over IP. A session for the data is determined out of a plurality of sessions. Labels may be provided that correspond to sessions in the plurality of sessions and a label is then determined for the session. The data is sent to the second node in a packet that includes the label. The packet is sent using a label switched path (LSP) in a multi-protocol label switching (MPLS) network. When the second node receives the data, it uses the label to determine a performance treatment to apply to the data. For example, different labels may correspond to the different sessions and different sessions may be associated with different quality of service (QoS) levels.

Abstract: According to one embodiment, an anchor access gateway receives packets from a home agent. The packets are destined for an access terminal, and the anchor access gateway serves the access terminal. The packets are forwarded to the access terminal. The anchor access gateway receives a handoff request from a target access gateway. The handoff request requests a handover from the anchor access gateway to the target access gateway. The packets are forwarded to the target access gateway in accordance with the handoff request.

Abstract: Particular embodiments provide an access gateway that facilitates communication between a plurality of access technologies. The access gateway facilitates data communication with an access terminal through a bearer path. A radio resource manager is configured to provide radio resource management functions for the communications. The radio resource manager is decoupled from the bearer path and provides control of radio transmission characteristics for the bearer path to the gateway. Because the radio resource manager is not in the bearer path, the access gateway may be access technology agnostic. Thus, the access gateway does not need to have access-specific modules based on the radio technology for each bearer path.

Abstract: Authenticating a registration request from a mobile node includes an authenticator operable to facilitate a communication session for the mobile node. Access authentication to provide the mobile node access to an Internet Protocol (IP) network is facilitated. A mobility key is obtained from the access authentication. A registration request is received from the mobile node, and is authenticated using the mobility key.

Abstract: In one embodiment, techniques provide QoS-aware service flow mapping in an access network. A message is received from an access device at a gateway in the access network. The message includes a traffic flow specification. The traffic flow specification may include packet filter information, which is used to install a packet filter to route traffic to the access device. The gateway creates a session and associates the packet filter with it. When an incoming packet is received at the network device, the packet is matched to the packet filter. The incoming packet is then sent to the access device for the session. The traffic flow specification may also specify QoS parameters that are desired. The QoS parameters may then be applied to the packet sent to the access device. The gateway and access device may negotiate to determine a QoS to apply.

Abstract: In accordance with one embodiment of the present disclosure, a system for authentication of an access terminal generally includes a radio access network having a packet control function. The packet control function is operable to receive an extended authentication protocol (EAP) message from the access terminal, encapsulate the extended authentication protocol message in a radio-packet (RP) network message, and transmit the radio-packet network message to an IP gateway.

Abstract: In one embodiment, a system for providing mobile Internet Protocol (IP) connectivity includes a memory and a processor. The memory stores one or more user level policies associated with an access terminal. The processor establishes a mobile IP connection with the access terminal. The processor receives the user level policies from a home IP gateway of the access terminal, and applies the user level policies to the mobile IP connection.

Abstract: In one embodiment according to the present disclosure, a system for implementing handover of a mobile IP session in a cellular communication network generally includes a processor and a memory for storing one or more context information rules associated with an access terminal. The processor is operable to receive a registration request message from the target radio network controller and in response to receipt of the registration request message, transmit a context information request message to query context information from an anchor IP gateway. The processor is also operable to receive a context information response message from the anchor IP gateway and apply the context information response message to the mobile IP connection. The context information response message including at least one context information rule that is associated with the access terminal.

Abstract: Communicating packets along a bearer path includes providing a home network address and a visited network address to an access terminal. The home network address corresponds to a home anchored bearer path anchored at a home network of the access terminal, and the visited network address corresponds to a visited anchored bearer path anchored at a visited network. Packets are received from the access terminal. The packets are communicated along the home anchored bearer path if the packets use the home network address. The packets are communicated along the visited anchored bearer path if packets use the visited network address.

Abstract: A system and method is provided for authenticating access in a mobile wireless network. The system and method comprise exchanging an extensible authentication protocol (EAP) packet with an access terminal over a high rate packet data radio link and a signaling interface through a radio access network, encapsulating the EAP packet in an authentication authorization and accounting (AAA) packet, and sending the AAA packet to an authentication server for authentication.

Abstract: Particular embodiments provide an optimal allocation of a bearer manager or home agent. In one embodiment, a message is received from a mobile node requesting access to a visiting network that is different from a home network for the mobile node. An authentication request is sent to the home network requesting authentication for access. The authentication request indicates that a home agent has not been assigned. The home AAA server then sends a response that indicates the visiting AAA server can assign a home agent for the mobile node. The visiting AAA server then assigns a home agent that is optimally determined. The visiting home agent is different from a home agent that is found in the mobile node's home network. When a registration request is received, an IP gateway may send the registration request to the visiting home agent, which may not be sent back to the home network.

Abstract: According to one embodiment, an anchor access gateway receives packets from a home agent. The packets are destined for an access terminal, and the anchor access gateway serves the access terminal. The packets are forwarded to the access terminal. The anchor access gateway receives a handoff request from a target access gateway. The handoff request requests a handover from the anchor access gateway to the target access gateway. The packets are forwarded to the target access gateway in accordance with the handoff request.

Abstract: In one embodiment, a method includes, generating a first value at an Internet Protocol gateway (IPGW) corresponding to an identifier (ID) of an access terminal (AT). The method further includes identifying a first one of a plurality of visited bearer managers (VBMs) based on a correlation between the first value and a first Internet Protocol (IP) address of the first VBM and determining usability of the first VBM for the AT, the determination of the usability of the first VBM taking into account dynamic conditions at the first VBM. If the first VBM is usable for the AT, connection is allowed between the AT and the first VBM. If the first VBM is unusable for the AT, a second value corresponding to a modification of the ID is generated and a second one of the VBMs is identified.

Abstract: In one embodiment, a method for using credentials for a mobile node to protect the transfer of posture data is provided. A network access device receives a message from a mobile node for access to a network. The message includes posture data encrypted using credentials for the mobile node. The credentials may be found in a storage card that is used to identify the mobile node. The network access device determines decryption information for the mobile node. For example, the credentials for the mobile node may be stored in a home location register (HLR) and are retrieved. The posture data is then decrypted using the credentials. The posture data is processed in a network admission control procedure for allowing access to the network. For example, a policy for access to the network may be installed based on the posture data.