Abstract: A method for mitigating service disrupting attacks including receiving packets during a session between hosts in a packet data network; monitoring the session for information on events, authentication information, and/or a cookie; and determining a level of trust for the session on the basis of the monitored information.

Abstract: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.

Abstract: A mechanism for providing a mobile node with reliable information for location privacy decisions in connection with an address update process that gives the correspondent node a chance to deduce the location of the mobile node is provided. According to one embodiment of the invention, an indication is given when an address update process needs to be performed for optimizing routing between a mobile node and a correspondent node. In response to the indicating step, the correspondent node may be authenticated, the authentication yielding identity information about the correspondent node. Based on the identity information, a route optimization decision may be made based on whether or not the address update process is to be performed, and the address update process may be carried out depending on the decision.

Abstract: The method and system provides a data packet encapsulated with protocol data according to an embodiment of the invention. A data packet for communication may be associated with a TLLI and a NSAPI identifying a communications path between a BSS and a SGSN. The method and system provides a BVC associated with the BSS and the SGSN and a NSE that provides communication service to the BVC over NS-VC. The BVC, NSE and NS-VC may be associated with the TLLI and NSAPI. The encapsulated protocol data comprises UDP and IP. UDP provides UDP ports associated with NS-VC. The UDP ports identified as data designated as either real time or non-real time services. IP provides an IP address identifying the NSE providing service to the BVC. The data packet encapsulated with UDP and IP provides for more efficient, flexible and reliable communications between a BSS and a SGSN.

Abstract: Processing of packet data in a communication system supporting at least packet data transfer involves the following. Packet data is received from a source. It is determined, based on the received packet data, whether there is anomalous behaviour of the packet data source. Data transmission resources for a communications device are limited in response to determining anomalous behaviour of the source, and transmission of packet data for the communications device is provided using the limited transmission resources. The communications device is either the source or a destination of at least part of the packet data received from the source. In the communication system, access to a set of services from the communications device may furthermore be blocked.

Abstract: The present invention discloses a method for classifying packets in a packet network. The method comprises the steps of detecting (S1) the length of a packet and classifying (S2, S3, S4) the packets depending on the detected length. By this method, it is possible to easily determine the different classes of packets by referring to the length of a packet. Hence, no special control data fields have to be generated and added to the packets in order to provide them with different transmission qualities in dependence on their class or type. Furthermore, the present invention also discloses a routing device adapted to carry out the method.

Abstract: A system and method of receiving key information for calculating at least one password by a user equipment from a communication network system via a secure channel, generating at least one password on the basis of the key information in the user equipment, and performing authentication between the user equipment and the communication network system using the at least one password.

Abstract: A method controls content communication between a communication device and another communicating party in a communication system. The method includes providing a first network entity with device information relating to the communication device. Furthermore, the method includes receiving in the first network entity content to be delivered to or from the communication device. Furthermore, the method includes controlling delivery of the content based on the communication device information. A network entity in a communication system is configured to execute the method.

Abstract: A method of authenticating a user seeking access to a service from a service provider in a communication network, the method comprising: allocating to a user a plurality of service-specific identities for accessing respective services; issuing a request from the user, the request identifying the service to be accessed and including a public key of the user; at a certification authority, authenticating the request and issuing a public key certificate for binding the service-specific identity with the public key in the request, and returning the public key certificate to the user.

Abstract: A mechanism for providing a mobile node with reliable information for location privacy decisions in connection with an address update process that gives the correspondent node a chance to deduce the location of the mobile node is provided. According to one embodiment of the invention, an indication is given when an address update process needs to be performed for optimizing routing between a mobile node and a correspondent node. In response to the indicating step, the correspondent node may be authenticated, the authentication yielding identity information about the correspondent node. Based on the identity information, a route optimization decision may be made based on whether or not the address update process is to be performed, and the address update process may be carried out depending on the decision.

Abstract: A technique for charging of network access and/or services includes sending a request for least one of network access or services from the user to a network other than the user's home network. A payment request is sent from the network to the user in response to the user's request for the least one of network access and/or services, and a payment information is sent from the user in response to the network's sent payment request. A receipt of a payment is then sent to the user and/or the network in response to the sent user's payment information and a payment confirmation may then be sent from the user to the network in response to the third party wallet's receipt of the payment. The network provides the requested at least one of the network access and/or service to the user upon receiving the payment confirmation of the corresponding at least one of the network access and/or service.

Abstract: The invention relates to a method and packet network for transmitting a packet from a source to a destination on the basis of an IP header in a packet network employing an IP protocol. The packet network comprises a first means arranged to drop at least a part of a destination address included in the IP header to a lower protocol layer to serve as a label. In addition, the packet network comprises a second means arranged to transmit the packet to the destination indicated by the label.

Abstract: The present invention discloses a method for classifying packets in a packet network. The method comprises the steps of detecting (S1) the length of a packet and classifying (S2, S3, S4) the packets depending on the detected length. By this method, it is possible to easily determine the different classes of packets by referring to the length of a packet. Hence, no special control data fields have to be generated and added to the packets in order to provide them with different transmission qualities in dependence on their class or type. Furthermore, the present invention also discloses a routing device adapted to carry out the method.

Abstract: The method and system provides a data packet encapsulated with protocol data according to an embodiment of the invention. A data packet for communication may be associated with a TLLI and a NSAPI identifying a communications path between a BSS and a SGSN. The method and system provides a BVC associated with the BSS and the SGSN and a NSE that provides communication service to the BVC over NS-VC. The BVC, NSE and NS-VC may be associated with the TLLI and NSAPI. The encapsulated protocol data comprises UDP and IP. UDP provides UDP ports associated with NS-VC. The UDP ports identified as data designated as either real time or non-real time services. IP provides an IP address identifying the NSE providing service to the BVC. The data packet encapsulated with UDP and IP provides for more efficient, flexible and reliable communications between a BSS and a SGSN.