摘要:
A system and method for the implementation of a proxy smart card application in a mobile telephone. The mobile telephone receives a smart card related message from a remote terminal. If the smart card related message is related to a function implemented by electronic device software within the mobile telephone, the electronic device software processes the message. If the smart card related message is not related to a function implemented by the electronic device software, the message is transmitted to the smart card.
摘要:
The present invention relates to a method, system, client device, gateway device and computer program product for maintaining a state information in an intermediate network function, wherein the state information expires after a predetermined idle period. Detecting means are provided for detecting an idle state of a connection. In response to the detecting means, a transport protocol used for encapsulating data is changed from a first protocol with a first predetermined idle period to a second protocol with a second predetermined idle period, said second predetermined idle period being longer than said first predetermined idle period. Alternatively, a connection parameter is provided to a device for a parallel second connection in a set-up negotiation via said first connection. This connection parameter is then used for setting up a parallel second connection to the device based on the second transport protocol used for encapsulating data with the second predetermined idle period. Then, an information linking the first and second connections is transmitted from the device to the data network, wherein the second connection is used for transmitting a wake-up notification to the device in response a detected idle state. Both alternatives provide the advantage of reduced keep-alive signaling and thus enhanced battery efficiency.
摘要:
The present invention relates to arranging data transmission for a mobile node in a telecommunications system comprising a secure network and an insecure network. A connection to a secure network for a mobile node may be arranged by a home agent if the mobile node is accessing the secure network directly or via a third network other than the insecure network, or a connection to the secure network may be arranged by a VPN node if the mobile node is accessing the secure network via the insecure network. According to a first aspect of the invention, the VPN node and the home agent are configured to allocate the same IP address as an internal IP address and as a home address.
摘要:
The invention proposes a method for handling authentication requests in a network, wherein the authentication requests may have different types, the method comprising the steps of determining (S1, S3, S4) types of the authentication requests, and applying (S5-S7) a policy for handling the received authentication requests based on the determined types of authentication requests. The invention also proposes a corresponding network control element and a computer program product.
摘要:
Disclosed is a method providing secure mobility for a terminal in a mobile system comprising at least two IP based sub-networks. The method comprises to detect a change of the IP based sub-network by the terminal. The connection parameters of the terminal are updated so as to be connected with a new IP based sub-network. Further, the security requirements of the new IP based sub-network are detected, and the security associations of the terminal to the new IP based sub-network are adapted to the security requirements of the new IP based sub-network.
摘要:
The invention proposes a method for handling authentication requests in a network, wherein the authentication requests may have different types, the method comprising the steps of determining (S1, S3, S4) types of the authentication requests, and applying (S5-S7) a policy for handling the received authentication requests based on the determined types of authentication requests. The invention also proposes a corresponding network control element and a computer program product.
摘要:
A method for use by a telecommunication terminal (10) in checking whether a candidate RAND in an EAP/SIM RAND challenge is likely a replay, based on using a Bloom filter including a vector data structure (21) for determining (admittedly sometimes erroneously) whether the candidate RAND is in a set of previously used RAND values. The components of the vector data structure (21) are set to one or left at zero depending on whether pointers corresponding to the previously used RAND values point to them. The pointers can be hash functions or can be constructed from the previously used RAND values. To provide for smooth filter performance at points in time when the Bloom filter is full and cannot hold information for any new previously used RAND values, the vector data structure (21) is partitioned into more than one part, and only one part is reset and re-initialized at a time.
摘要:
A method for use by a telecommunication terminal (10) in checking whether a candidate RAND in an EAP/SIM RAND challenge is likely a replay, based on using a Bloom filter including a vector data structure (21) for determining (admittedly sometimes erroneously) whether the candidate RAND is in a set of previously used RAND values. The components of the vector data structure (21) are set to one or left at zero depending on whether pointers corresponding to the previously used RAND values point to them. The pointers can be hash functions or can be constructed from the previously used RAND values. To provide for smooth filter performance at points in time when the Bloom filter is full and cannot hold information for any new previously used RAND values, the vector data structure (21) is partitioned into more than one part, and only one part is reset and re-initialized at a time.
摘要:
A system and method for the implementation of a proxy smart card application in a mobile telephone. The mobile telephone receives a smart card related message from a remote terminal. If the smart card related message is related to a function implemented by electronic device software within the mobile telephone, the electronic device software processes the message. If the smart card related message is not related to a function implemented by the electronic device software, the message is transmitted to the smart card.
摘要:
A method, program product and system of selecting a wireless local area network (WLAN) using split user equipment. The method comprising the following steps: a first user equipment obtains relevant network selection parameters from a second user equipment and obtains an undecorated root network access identifier from the second user equipment, the first user equipment performs network discovery and selection, and, upon initiation of final EAP authentication, the first user equipment decorates said network access identifier and transmits it to the WLAN.