摘要:
In one embodiment, a first access request is received from a mobile device. The access request may be received through a first access medium for a virtual access point name (APN). A session is created with a service using a first real access point name (APN) for the mobile device. A second access request is received through a second type of access medium. The request may be received through a second virtual APN. A session is determined that is active for the mobile device through the first access medium and the second access request is assigned the first real APN even though the request is received through a second access medium. The continuity of the connection may then be maintained because the first real APN is still being used. In this case, a handoff of the connection from the first access network to the second access network is performed while the connection to the service is maintained through the first real APN.
摘要:
In one embodiment, a load balancer receives a message from a tunnel termination gateway (TTG) associated with a mobile device. The load balancer may receive messages from a plurality of TTGs. A gateway node in a plurality of gateway nodes in which to send the message is determined. The load balancer then assigns a NSAPI for use by the gateway node. For example, the NSAPI may be associated with a tunnel that is generated between the TTG and GGSN. The load balancer ensures that the assigned NSAPI is not currently in use at the gateway node. Thus, no overlapping of NSAPIs may occur even though the load balancer is processing messages from multiple TTGs for multiple gateway nodes.
摘要:
In one embodiment, a first access request is received from a mobile device. The access request may be received through a first access medium for a virtual access point name (APN). A session is created with a service using a first real access point name (APN) for the mobile device. A second access request is received through a second type of access medium. The request may be received through a second virtual APN. A session is determined that is active for the mobile device through the first access medium and the second access request is assigned the first real APN even though the request is received through a second access medium. The continuity of the connection may then be maintained because the first real APN is still being used. In this case, a handoff of the connection from the first access network to the second access network is performed while the connection to the service is maintained through the first real APN.
摘要:
In one embodiment, a security gateway receives an IPSec Initiation (IPSec INIT) request from a client. The security gateway may communicate with a AAA server to authenticate the client. After authentication, the security gateway intercepts a URR Discovery request from the client. The security gateway determines registration information for a response to the registration request. The registration information may be information on where the client can locate a D-GANC. A response is generated using the determined information and sent to the client. The response to the discovery request is performed without communicating with a P-GANC. Accordingly, a security gateway is used to authenticate the client and also to respond to the discovery request. This does not require that a P-GANC function be deployed in a network. Thus, cost and processing power may be saved.
摘要:
Network operators are striving to find ways to provide stable video services amid a rapid increase in video data traffic. In order to provide stable video services with constrained network resources, network operators attempted to deploy multiple communication networks in parallel. However, network operators failed to effectively balance data traffic across parallel communication networks. This disclosure provides systems and methods for effectively balancing data traffic across parallel communication networks.
摘要:
A system for efficiently reauthenticating a client of a network. In a specific embodiment, the system includes an authentication server and a Security GateWay (SGW) in communication with the client. The SGW includes reauthentication information associated with the client. In a more specific embodiment, the authentication server includes an Authentication, Authorization, and Accounting (AAA) server. The SGW further includes one or more routines for employing the reauthentication information to reauthenticate the client. The AAA server performs initial authentication of the client to enable client access to the network, which yields the reauthentication information. The reauthentication information includes one or more keys and/or counters, such as an authorization key, an encryption key, and a master key, which is/are predetermined by the AAA server.
摘要:
In one embodiment, while being connected to the network, a security issue may be detected and associated with the device. The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the network. Identification information for the device is added to the blacklist at the authentication server. If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR. Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.
摘要:
An Unlicensed Mobile Access (UMA) network architecture. In a specific embodiment, the network architecture includes a mobile station and an access point in communication with the mobile station. A UMA Controller (UNC) communicates with the access point. A Service GateWay (SGW) communicates with the UMA controller. The SGW includes functionality to route user-plane packets in the UMA. In a more specific embodiment, the functionality includes UNC user-plane functionality offloaded from the UNC to the SGW; Serving GPRS Support Node (SGSN) user-plane functionality; access-authentication functionality sufficient to enable the SGW to enable the SGW to bypass a legacy SGSN control plane; and/or Radio Network Controller (RNC) user-plane functionality sufficient to enable communications between the SGW and the RNC.
摘要:
A system for facilitating persistent communications between entities in a network. In a specific embodiment, the system is adapted to facilitate fast reauthentication of a client performed by a server, such as an Authentication, Authorization, and Accounting (AAA) server, that is coupled to the client via a load balancer. The system includes a first message to be exchanged between the server and the client, wherein the first message includes a field identifying the server and/or the client. A matching module communicates with or is otherwise incorporated within the load balancer. The matching module includes one or more routines for employing the field to selectively route the first message to the client and/or server. In a more specific embodiment, the server a fast reauthentication module adapted to append the field in the message. The field includes sub-realm information identifying the server.
摘要:
In one embodiment, while being connected to the network, a security issue may be detected and associated with the device. The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the network. Identification information for the device is added to the blacklist at the authentication server. If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR. Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.