摘要:
A network component comprising at least one processor configured to implement a method comprising granting a user restricted access at a reduced rate without authenticating the user, attempting to authenticate the user, and granting the user unrestricted access at a full rate if the user authentication is successful. Included is a method comprising authenticating a user device, a user line, or both using a first communication, and authenticating a user using a second communication separate from the first communication. Also included is an apparatus comprising an access node (AN) configured to couple to an access network and communicate with a user equipment (UE) via the access network, wherein the UE is authenticated using either line authentication or device authentication based on the access network.
摘要:
An apparatus comprising a supplicant proxy port authorization entity (PAE) configured to communicate with a user equipment (UE) and a network, wherein the supplicant proxy PAE causes a communication path to forward or block communications between the UE and the network. Included is a network component comprising at least one processor configured to implement a method comprising authenticating a UE with a network using an Institute of Electrical and Electronics Engineers (IEEE) 802.1X protocol, and exchanging a secure key with the UE using an IEEE 802.1 AF protocol. Also included is a method comprising authenticating a user UE configured for a first authentication protocol with a network configured for a second authentication protocol using a port entity configured for the first authentication protocol and the second authentication protocol, and securing the UE's access to the network by completing a security key agreement using the first authentication protocol.
摘要:
An apparatus comprising a local mobility anchor (LMA) configured to forward a flow to a mobile node (MN) via a first mobile access gateway (MAG) in a first network and via a second MAG in a second network, and to bind the flow to the second MAG from the first MAG, wherein the first MAG is configured to manage the MN mobility in the first network and the second MAG is configured to manage the MN mobility in the second network, wherein the first MAG sends a binding update comprising a flow description information to the LMA, and wherein the LMA replies to the binding update with a binding acknowledgement.
摘要:
A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.
摘要:
An apparatus comprising a node comprising an access controller (AC) and an authentication, authorization and accounting (AAA) proxy (AAA-P), wherein the AC is configured to manage authentication for a user equipment (UE), and wherein the AAA-P is configured to exchange authentication information related to the UE with an AAA server. Included is a network component comprising at least one processor configured to implement a method comprising establishing a first tunnel with a home gateway (HG), wherein the HG communicates wirelessly with a UE, and establishing a second tunnel between the UE and a Network Access Server (NAS). Also included is a network component comprising at least one processor configured to implement a method comprising receiving a Pairwise Master Key (PMK) from an AAA mediator (AAA-M), and authenticating a UE using the PMK.
摘要:
A method of multicast access control in an IP multicast system is disclosed. The method provides a distributed architecture separating a session control in a service stratum from an access control in a transport stratum.
摘要:
A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.
摘要:
A method comprising sending a dynamic host configuration protocol (DHCP) message comprising an Identity Association for Prefix Delegation (IA_PD) Prefix option comprising a Internet Protocol version 6 (IPv6) prefix and a length of the IPv6 prefix to a device having a media access control (MAC) address, receiving from the device a packet comprising a source MAC address and a source IPv6 address, and dropping the packet when the MAC address is equal to the source MAC address and the leftmost bits of the source IPv6 address defined by the length are not equal to the IPv6 prefix.
摘要:
Methods and system for simplified Protocol for Carrying Authentication for Network Access (sPANA) are disclosed. In the broadband architecture such as Broadband forum or WiMAX forum, a Network Access server (NAS) is one IP hop away from a user. Therefore, it is possible to relax the need in PANA to obtain an IP address prior to authentication. A PANA client (PaC) may use an unspecified IP address (e.g. 0.0.0.0 in TPv4) as a source address for authentication. A PANA Authentication Agent (PAA) may use an IP broadcast address as a network layer destination address (e.g. oxffffffff). The present invention defines PANA Attribute-Value Pairs (AVPs) and procedures that allow a Challenge-Handshake Authentication Protocol (CHAP) exchange to occur in PANA. The PANA CHAP support may facilitate smooth migration from Point-to-Point Protocol (PPP) sessions to IP sessions in a DSL Broadband network environment. The sPANA can be desirably compatible with the PANA.
摘要:
A system for link-independent multihoming in a network having heterogeneous access network technologies is disclosed, providing such multihoming in a manner transparent to IP connections. The system of the present invention provides constructs and methods for: discovering and selecting a multihoming server; selecting a primary media access control (MAC) address; associating multiple link addresses with a MAC address; and forwarding packets via the multihoming server based on certain defined policies.