Abstract: In one embodiment, a method includes obtaining a request to connect a mobile device to a network of a third party, wherein the request includes first credentials, and wherein the request is automatically generated by the mobile device without interaction from a user and without requiring a mobile application to be open on the mobile device. The method further includes evaluating second credentials separately obtained from the mobile device to determine whether the second credentials comprise anonymized credentials, and proxying to equipment of the third party, a response to the second credentials including the anonymized credentials. Connection of the mobile device to the network of the third party, is facilitated responsive to the second credentials not including anonymized credentials, that allow the mobile device to connect to the network of the third party. Other embodiments are disclosed.

Abstract: In one embodiment, a method includes receiving, by an authentication server, first credentials from a mobile application installed on a device. The first credentials include information associated with the device and information associated with a user of the device. The method also includes automatically receiving, by the authentication server and from the device, a request to connect the device to a network of a third party. The request is automatically generated by the device without interaction from the user of the device and the request comprises second credentials. The method further includes determining, by the authentication server, whether to authenticate the device using the first credentials and the second credentials and communicating, by the authentication server, a packet to the device that allows the device to connect to the network of the third party if the authentication server determines to authenticate the device.

Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device after intercepting an authentication and key agreement message from the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device after intercepting an authentication and key agreement message from the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: In one embodiment, a method includes receiving, by an authentication server, first credentials from a mobile application installed on a device. The first credentials include information associated with the device and information associated with a user of the device. The method also includes automatically receiving, by the authentication server and from the device, a request to connect the device to a network of a third party. The request is automatically generated by the device without interaction from the user of the device and the request comprises second credentials. The method further includes determining, by the authentication server, whether to authenticate the device using the first credentials and the second credentials and communicating, by the authentication server, a packet to the device that allows the device to connect to the network of the third party if the authentication server determines to authenticate the device.

Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device after intercepting an authentication and key agreement message from the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: Aspects of the subject disclosure may include, for example, a device that includes a processing system and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations such as receiving an extensible authentication protocol (EAP) authentication message addressed to an EAP authentication server from a communication device; extracting information from the EAP authentication message; determining whether to reject a request in the EAP authentication message of the communication device based on the information extracted; and sending an EAP Failure message to the communication device based on the determining indicating that the request should be rejected. Other embodiments are disclosed.

Abstract: Steering an authentication request to a determined authentication device based on a correlation between a user equipment (UE) identity and an authentication device is disclosed. The authentication request comprises an updateable subscriber identity. The authentication request can be associated with the UE identity, which can be correlated to an authentication device as a result of a prior authentication event. The updateable subscriber identity can have been updated during the prior authentication event, such that the authentication device has record of the updated subscriber identity. Therefore, the authentication device can to perform an authentication based on the updated subscriber identity while other authentication devices lacking record of the updated subscriber identity would be unable to perform the authentication. The disclosed subject matter can be operable with existing deployed authentication systems with little to no modification of those systems.

Abstract: A server automatically determines a path by which a mobile device will likely move to a particular geographic destination and service times during which this particular mobile device will likely receive service with respect to this communication session at various ones of a plurality of wireless access points. This server can then provide a plurality of one-time passwords and use this path and service time information to dynamically schedule support (by at least some of the plurality of wireless access points) for that given communication session. Moreover, pursuant to these teachings, this server can pre-provision at least one of the one-time passwords to a given one of the wireless access points prior to an anticipated handoff to thereby facilitate rapid authentication of that mobile device with respect to later effecting the handoff, wherein the one-time password has a corresponding effective time interval associated therewith.

Abstract: A network server (200) (prior to initiation of a communication session by a particular mobile device (205), which mobile device will be moving from a first location to a second location and thereby traversing heterogeneous network communication resources (204)) is able to automatically determine (103) a monetary cost associated with supporting a communication service using heterogeneous network communication resources as that mobile device moves from a first location to a second location. By one approach, this can comprise, at least in part, automatically determining (102) a sequence of usage of the heterogeneous network communication resources by which the communication session can be supported as the mobile device moves from the first to the second location (in which case, if desired, the step of determining the monetary cost can be made, at least in part, as a function of that sequence of usage).

Abstract: A server (502) that is participating in a communication session with a mobile device (400) determines (101) that this mobile device has need for a given amount of bandwidth in service of a given communication session while moving with respect to a plurality of wireless access points to a particular geographic destination. Upon then automatically determining (102) a path by which this mobile device will likely move to that destination this server can then use this path information to dynamically schedule support (103) (by at least some of the plurality of wireless access points) for that communication session while also providing at least the given amount of bandwidth. So configured, this communication session can remain fully and substantially continuously serviced by various ones of the wireless access points with at least the given amount of bandwidth as the mobile device moves to the target geographic destination.