Abstract: An arrangement for providing IP mobility for a mobile station (MS) provides a care-of-address (COA) for routing data packets when the MS is away from home. In one embodiment, the arrangement includes support nodes, called gateway GPRS support nodes (GGSN) or serving GPRS gateway support nodes (SGSN), and a foreign agent (FA) having an IP address. In order to save IP addresses and radio resources, the FA is integrated into one of the support nodes (e.g., the SGSN), and the IP address of, or an IP address provided by the FA is also used as the MS COA.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication centre. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: An arrangement for providing IP mobility for a mobile station (MS) provides a care-of-address (COA) for routing data packets when the MS is away from home. In one embodiment, the arrangement includes support nodes, called gateway GPRS support nodes (GGSN) or serving GPRS gateway support nodes (SGSN), and a foreign agent (FA) having an IP address. In order to save IP addresses and radio resources, the FA is integrated into one of the support nodes (e.g., the SGSN), and the IP address of, or an IP address provided by the FA is also used as the MS COA.

Abstract: A network system is proposed comprising a network control element and a communication device (UE) associated to a subscriber, wherein the communication device (UE) is adapted to send a registration message (A8) including subscriber information to be protected and an integrity code (MAC), to the network control element, wherein the communication device (UE) is adapted to calculate the integrity code (MAC) by using a part or whole of the registration message (A8) including the subscriber information to be protected, and the network element is adapted to verify the integrity code (MAC) included in the registration message. Also a case is proposed in which the integrity code is calculated in the network control element and verified in the communication device (UE). Furthermore, corresponding methods are proposed.

Abstract: A method for communicating a message over a data path by means of data transfer apparatus capable of transmitting the data over the data path, generating a representation of the data as received from the data path and generating an indication of the communication quality of the data path; the method comprising: forming a plurality of individual data segments together representing the message, the format of each data segment being selected from one of a plurality of available segment formats in dependence on the quality of the data path; transferring the segments over the data path by means of the data transfer apparatus; and combining the segments as received from the data transfer apparatus to form a representation of the message.

Abstract: A network system is proposed comprising a first network control element in a visited network, a second network control element in a home network and a communication device (UE) associated to a subscriber, wherein the first network control element is adapted to perform a first authentication (A9) of a roaming subscriber requesting authentication, and the second network control element is adapted to perform a second authentication (A11) of the same subscriber. By this measure, both network control elements are able to verify that the authentication was performed correctly. Also a corresponding method is proposed.

Abstract: Apparatus, and an associated method, for facilitating formation of a RANcast in a radio communication system. An identifier identifies when a selected number of mobile user endpoints within a cell of a radio communication system are to receive the same multicast data. When the number exceeds a selected threshold, a RANcast is implemented by a RANcast implementer in which a common channel is used to broadcast the multicast data to all the mobile user endpoints.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication centre. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: A method for routing data packets to a mobile node in a communication system which includes at least a first subnetwork of a first type supporting a first IP version and a second subnetwork of a second type supporting a second IP version. The mobile node is provided with a set of protocol stacks for handling data packets at least according to the first and the second IP version and with a home address at least according to the first and the second IP version. The home agent intercepts at least data packets addressed to the mobile node's home address according to the first or the second IP version and for encapsulating a data packet addressed to the mobile node in a packet according to the IP version of the foreign network to which the mobile node is attached, for routing the data packet to the mobile node.

Abstract: Apparatus, and an associated method, for facilitating formation of a RANcast in a radio communication system. An identifier identifies when a selected number of mobile user endpoints within a cell of a radio communication system are to receive the same multicast data. When the number exceeds a selected threshold, a RANcast is implemented by a RANcast implementer in which a common channel is used to broadcast the multicast data to all the mobile user endpoints.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication center. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.

Abstract: The invention is a method of providing a user (12) a terminal network address (14) in a first network (16) through which the user communicates with a data network (18) and authenticating connection of the user to the first network.

Abstract: A network system is proposed comprising a network control element and a communication device (UE) associated to a subscriber, wherein the communication device (UE) is adapted to send a registration message (A8) including subscriber information to be protected and an integrity code (MAC), to the network control element, wherein the communication device (UE) is adapted to calculate the integrity code (MAC) by using a part or whole of the registration message (A8) including the subscriber information to be protected, and the network element is adapted to verify the integrity code (MAC) included in the registration message. Also a case is proposed in which the integrity code is calculated in the network control element and verified in the communication device (UE). Furthermore, corresponding methods are proposed.

Abstract: A re-registration authorization is attached to a registration request or data packet sent from a mobile node roaming on a foreign network. The mobile node requests registration with its home network in order to maintain communication with the Internet and maintain identification of the mobile node by its individual home address. Such registration has a limited lifetime, and the re-registration authorization attached to the registration request or other data packet authorizes an intermediate communication entity in the foreign network to re-register the mobile node, on behalf of the mobile node, with the mobile node's home network, if the communication traffic of the mobile node indicates that the mobile node is still roaming on the foreign network. The rate of error is reduced by significantly reducing the amount of transmissions sent from the mobile node, and power consumption of the typically battery-powered mobile unit is reduced, as well.

Abstract: Apparatus, and an associated method, for facilitating formation of a RANcast in a radio communication system. An identifier identifies when a selected number of mobile user endpoints within a cell of a radio communication system are to receive the same multicast data. When the number exceeds a selected threshold, a RANcast is implemented by a RANcast implementer in which a common channel is used to broadcast the multicast data to all the mobile user endpoints.

Abstract: A method for routing data packets to a mobile node in a communication system which includes at least a first subnetwork of a first type supporting a first IP version and a second subnetwork of a second type supporting a second IP version. The mobile node is provided with a set of protocol stacks for handling data packets at least according to the first and the second IP version and with a home address at least according to the first and the second IP version. The home agent is provided with means for intercepting at least data packets addressed to the mobile node's home address according to the first or the second IP version and for encapsulating a data packet addressed to the mobile node in a packet according to the IP version of the foreign network to which said mobile node is attached, for routing the data packet to the mobile node.

Abstract: Authentication method for authenticating a mobile node to a packet data network, in which a shared secret for both the mobile node and the packet data network is arranged by using a shared secret of the mobile node and a telecommunications network authentication center. In the method, the mobile node sends its subscriber identity to the packet data network together with a replay attack protector. The packet data network obtains authentication triplets, forms a session key using them, and sends back to the mobile node challenges and a cryptographic authenticator made by using the session key. The mobile node can then form the rest of the authentication triplets using the challenges and then form the session key. With the session key, the mobile node can check the validity of the cryptographic authenticator. If the authenticator is correct, the mobile node sends a cryptographic response formed using the session key to the packet data network for authenticating itself to the packet data network.