-
1.发明申请公开(公告)号:US20060185013A1
公开(公告)日:2006-08-17
申请号:US10595009
申请日:2004-06-15
申请人: Johnson Oyama , Ryoji Kato , Johan Rune , Tony Larsson
发明人: Johnson Oyama , Ryoji Kato , Johan Rune , Tony Larsson
IPC分类号: G06F12/14
CPC分类号: H04L63/08 , H04L63/0892 , H04L63/162 , H04L63/164 , H04W8/02 , H04W8/085 , H04W12/06 , H04W80/04
摘要: A basic feature of the invention is to rely on an AAA infrastructure to “bootstrap” the HMIPv6 service for a mobile node (130) that “roams” in a visited network or the home network. In accordance with a preferred embodiment of the invention, bootstrapping the HMIPv6 service involves authenticating and authorizing the mobile node (130) for HMIPv6 service based on an AAA infrastructure. In an important scenario, the mobile node is roaming in a visited network, and the AAA infrastructure (110, 120, 122) links the visited network with the home network of the mobile node. The invention also supports the possibility of having the MAP (125) located in the home network or other network than the visited network. The reliance on the AAA infrastructure preferably involves transferring HMIPv6-related information required for authenticating and authorizing the mobile node for HMIPv6 service over the AAA infrastructure.
摘要翻译: 本发明的一个基本特征是依靠AAA基础设施来为在受访网络或家庭网络中“漫游”的移动节点(130)“引导”HMIPv6服务。 根据本发明的优选实施例,引导HMIPv6服务包括基于AAA基础设施来认证和授权用于HMIPv6服务的移动节点(130)。 在重要的情况下,移动节点在受访网络中漫游,并且AAA基础设施(110,120,122)将受访网络与移动节点的归属网络链接。 本发明还支持使MAP(125)位于家庭网络或其他网络中比被访问网络的可能性。 对AAA基础设施的依赖优选涉及传送HMIPv6相关信息,用于通过AAA基础设施来认证和授权用于HMIPv6服务的移动节点所需的信息。
-
公开(公告)号:US07990935B2
公开(公告)日:2011-08-02
申请号:US10598491
申请日:2004-11-24
申请人: Johnson Oyama , Ryoji Kato
发明人: Johnson Oyama , Ryoji Kato
IPC分类号: H04B7/00
CPC分类号: H04W28/06 , H04L63/0227 , H04L63/0236 , H04L63/10 , H04W8/085 , H04W8/18 , H04W12/08 , H04W40/02 , H04W74/00 , H04W80/04 , H04W84/005 , H04W88/14
摘要: The invention relates to access control for a movable network (15) managed by a mobile router (10), wherein said mobile route is interconnected through a bi-directional link (40) with a mobility anchoring agent (20) that anchors the network mobility for the mobile router. According to the invention, access control enforcement points (11, 21) are located at both the mobile router (10) and the mobility anchoring agent (20). Access control is exercised at the mobility agent (20) to filter downlink packets to the mobile router (10) and access control is exercised at the mobile router (10) to filter uplink packets to the mobility anchoring agent (20). In this way, unauthorized packets, both uplink and downlink, do not have to cross the air interface before being filtered away, thereby preventing waste of valuable radio resources. The access control modules are typically provisioned with access control filter information, preferably by means of a hierarchical provisioning structure.
摘要翻译: 本发明涉及由移动路由器(10)管理的可移动网络(15)的访问控制,其中所述移动路由通过具有锚定网络移动性的移动性锚定代理(20)的双向链路(40)互连。 为移动路由器。 根据本发明,访问控制执行点(11,21)位于移动路由器(10)和移动锚定代理(20)两者处。 移动代理(20)对移动代理(20)进行访问控制,以便向移动路由器(10)过滤下行链路分组,并且在移动路由器(10)处进行访问控制,以过滤上行分组到移动性锚定代理(20)。 以这种方式,上行链路和下行链路的未经授权的分组在被过滤之前不必跨越空中接口,从而防止浪费有价值的无线电资源。 访问控制模块通常被提供有访问控制过滤器信息,优选地通过分层供应结构。
-
3.发明申请Method, System And Apparatus To Support Mobile Ip Version 6 Services in Cdma Systems 审中-公开支持Cdma系统中移动Ip V6服务的方法,系统和设备公开(公告)号:US20070274266A1
公开(公告)日:2007-11-29
申请号:US10595014
申请日:2004-06-15
申请人: Johnson Oyama , Ryoji Kato , Johan Rune , Tony Larsson
发明人: Johnson Oyama , Ryoji Kato , Johan Rune , Tony Larsson
IPC分类号: H04L29/06
摘要: The invention provides authentication and authorization support for MIPv6 in a CDMA framework by transferring MIPv6-related information in an, preferably extended, authentication protocol in an end-to-end procedure between a mobile node in a visited network and the home network of the mobile node over an AAA infrastructure. Preferably, the end-to-end procedure is executed between the mobile node and an AAA server (34) of the home network In the visited network, after lower-layer setup, point-to-point communication is established between the mobile node and an internetworking access server (22). The access server then communicates with the AAA home server for MIPv6 authentication and authorization of the mobile node. A preferred embodiment uses EAP as basis for the extended authentication protocol. EAP extensions are then used for MIPv6 initiation and re-authentication, while CHAP can be beneficial for MIPv6 hand-in.
摘要翻译: 本发明通过在访问网络中的移动节点与移动台的归属网络之间的端到端过程中以优选扩展的认证协议传送MIPv6相关信息来为CDMA框架中的MIPv6提供认证和授权支持。 节点超过AAA基础设施。 优选地,终端到终端过程在移动节点和归属网络的AAA服务器(34)之间执行。在被访问网络中,在较低层建立之后,在移动节点与移动节点之间建立点到点通信 互联访问服务器(22)。 然后,接入服务器与AAA家庭服务器进行通信,用于移动节点的MIPv6认证和授权。 优选实施例使用EAP作为扩展认证协议的基础。 然后,EAP扩展用于MIPv6启动和重新认证,而CHAP可以有益于MIPv6手动。
-
公开(公告)号:US20080282325A1
公开(公告)日:2008-11-13
申请号:US11568013
申请日:2004-12-10
申请人: Johnson Oyama , Ryoji Kato
发明人: Johnson Oyama , Ryoji Kato
CPC分类号: H04L61/2015 , H04L63/06 , H04L63/08 , H04W8/065 , H04W80/04
摘要: A basic idea is to use the AAA infrastructure to assign (S3) an appropriate DHCP server to DHCP client for the DHCP service, and transferring DHCP-related information over the AAA infrastructure for authenticating (S1) and authorizing (S4) the DHCP client for DHCP service with the assigned DHCP server. Instead of the more complex DHCP server discovery process known from the prior art, the AAA infrastructure, and more particularly a suitable AAA server or equivalent AAA component, is used for assigning an appropriate DHCP server to the DHCP client. Consequently, there is no longer any mandatory dependency on the DHCP discovery-related messages. The invention preferably provides AAA protocol support for facilitating assignment of appropriate DHCP servers and providing an out-of-band key agreement protocol for DHCP clients and servers by carrying DHCP related information facilitating the bootstrapping of DHCP authentication extension (RFC3118).
摘要翻译: 一个基本思想是使用AAA基础设施将DHCP服务器(S 3)分配给DHCP客户端的适当DHCP服务器,并通过AAA基础设施传输与DHCP相关的信息,以验证(S 1)并授权(S 4) DHCP客户端与分配的DHCP服务器进行DHCP服务。 使用现有技术已知的更复杂的DHCP服务器发现过程,而不是使用AAA基础设施,更具体地,合适的AAA服务器或等效的AAA组件来为DHCP客户端分配合适的DHCP服务器。 因此,不再需要依赖DHCP发现相关的消息。 本发明优选地提供AAA协议支持,以便于分配适当的DHCP服务器,并通过携带DHCP相关信息为DHCP客户端和服务器提供带外密钥协商协议,以便于DHCP认证扩展(RFC3118)的引导。
-
公开(公告)号:US07983418B2
公开(公告)日:2011-07-19
申请号:US11568013
申请日:2004-12-10
申请人: Johnson Oyama , Ryoji Kato
发明人: Johnson Oyama , Ryoji Kato
IPC分类号: H04L29/06
CPC分类号: H04L61/2015 , H04L63/06 , H04L63/08 , H04W8/065 , H04W80/04
摘要: A basic idea is to use the AAA infrastructure to assign (S3) an appropriate DHCP server to DHCP client for the DHCP service, and transferring DHCP-related information over the AAA infrastructure for authenticating (S1) and authorizing (S4) the DHCP client for DHCP service with the assigned DHCP server. Instead of the more complex DHCP server discovery process known from the prior art, the AAA infrastructure, and more particularly a suitable AAA server or equivalent AAA component, is used for assigning an appropriate DHCP server to the DHCP client. Consequently, there is no longer any mandatory dependency on the DHCP discovery-related messages. The invention preferably provides AAA protocol support for facilitating assignment of appropriate DHCP servers and providing an out-of-band key agreement protocol for DHCP clients and servers by carrying DHCP related information facilitating the bootstrapping of DHCP authentication extension (RFC3118).
摘要翻译: 一个基本思想是使用AAA基础设施为DHCP服务器为DHCP客户端分配(S3)适当的DHCP服务器,并通过AAA基础设施传输与DHCP相关的信息,以认证(S1)并授权(S4)DHCP客户端 DHCP服务与分配的DHCP服务器。 使用现有技术已知的更复杂的DHCP服务器发现过程,而不是使用AAA基础设施,更具体地,合适的AAA服务器或等效的AAA组件来为DHCP客户端分配合适的DHCP服务器。 因此,不再需要依赖DHCP发现相关的消息。 本发明优选地提供AAA协议支持,以便于分配适当的DHCP服务器,并通过携带DHCP相关信息为DHCP客户端和服务器提供带外密钥协商协议,以便于DHCP认证扩展(RFC3118)的引导。
-
公开(公告)号:US07436843B2
公开(公告)日:2008-10-14
申请号:US10724391
申请日:2003-12-01
申请人: Eva Gustafsson , Jürgen Sauermann , Ryoji Kato , Johnson Oyama
发明人: Eva Gustafsson , Jürgen Sauermann , Ryoji Kato , Johnson Oyama
CPC分类号: H04L47/10
摘要: A method for selecting the best access for terminals (210) in IP-based multi-access communication systems (200) is provided. The access selection is performed on the network side by an access wizard (261) that communicates with a profile server (262) associated with a number of databases (263). Via the profile server, the access wizard collects database information related to user, terminal, access networks and/or operator. It determines a “best” access network based on this information and preferably also on terminal specific information, e.g. terminal location and available access networks, from an access wizard agent (213) in the terminal. The best access is signaled from the access wizard, via the access wizard agent, and to an access manager (214) in the terminal, which has means for executing the actions necessary to use the best access.
摘要翻译: 提供了一种用于在基于IP的多址通信系统(200)中为终端(210)选择最佳接入的方法。 通过与与多个数据库(263)相关联的简档服务器(262)通信的访问向导(261)在网络侧执行访问选择。 通过配置文件服务器,访问向导收集与用户,终端,接入网络和/或运营商相关的数据库信息。 它基于该信息确定“最佳”接入网络,并且优选地还基于终端特定信息,例如, 终端位置和可用接入网络,从终端中的访问向导代理(213)。 从访问向导通过访问向导代理向终端中的访问管理器(214)发出最好的访问信息,该访问管理器具有用于执行使用最佳访问所需的动作的手段。
-
公开(公告)号:US20070223410A1
公开(公告)日:2007-09-27
申请号:US10598491
申请日:2004-11-24
申请人: Johnson Oyama , Ryoji Kato
发明人: Johnson Oyama , Ryoji Kato
IPC分类号: H04B7/00
CPC分类号: H04W28/06 , H04L63/0227 , H04L63/0236 , H04L63/10 , H04W8/085 , H04W8/18 , H04W12/08 , H04W40/02 , H04W74/00 , H04W80/04 , H04W84/005 , H04W88/14
摘要: The invention relates to access control for a movable network (15) managed by a mobile router (10), wherein said mobile route is interconnected through a bi-directional link (40) with a mobility anchoring agent (20) that anchors the network mobility for the mobile router. According to the invention, access control enforcement points (11, 21) are located at both the mobile router (10) and the mobility anchoring agent (20). Access control is exercised at the mobility agent (20) to filter downlink packets to the mobile router (10) and access control is exercised at the mobile router (10) to filter uplink packets to the mobility anchoring agent (20). In this way, unauthorized packets, both uplink and downlink, do not have to cross the air interface before being filtered away, thereby preventing waste of valuable radio resources. The access control modules are typically provisioned with access control filter information, preferably by means of a hierarchical provisioning structure.
摘要翻译: 本发明涉及由移动路由器(10)管理的可移动网络(15)的访问控制,其中所述移动路由通过双向链路(40)与移动性锚定代理(20)互连,所述移动锚定代理(20)锚定网络移动性 为移动路由器。 根据本发明,访问控制执行点(11,21)位于移动路由器(10)和移动锚定代理(20)两者处。 移动代理(20)对移动代理(20)进行访问控制,以便向移动路由器(10)过滤下行链路分组,并且在移动路由器(10)处进行访问控制,以过滤上行分组到移动性锚定代理(20)。 以这种方式,上行链路和下行链路的未经授权的分组在被过滤之前不必跨越空中接口,从而防止浪费有价值的无线电资源。 访问控制模块通常被提供有访问控制过滤器信息,优选地通过分层供应结构。
-
8.发明授权公开(公告)号:US07934094B2
公开(公告)日:2011-04-26
申请号:US10595019
申请日:2004-06-15
申请人: Johnson Oyama
发明人: Johnson Oyama
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , H04L63/0892 , H04L63/164 , H04W8/04 , H04W12/06 , H04W80/04 , H04W84/00
摘要: For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.
摘要翻译: 为了在外部网络(20)和归属代理(36)之间漫游的移动节点(10)之间建立MIPv6安全关联,并且为了简化MIPv6相关配置,MIPv6相关信息以端对端的过程 通过优选扩展的认证协议通过AAA基础设施。 优选实施例使用EAP作为扩展认证协议的基础,通过将作为附加数据的MIPv6相关信息合并到EAP协议栈中来创建EAP扩展,例如作为EAP协议栈的EAP方法层中的EAP属性或传送到 EAP层或EAP方法层上的通用容器属性。 所提出的MIPv6认证/授权机制的主要优点在于它对访问域(20)是透明的,允许AAA客户端(22)和AAAv(24)在过程期间仅作为直通代理。
-
公开(公告)号:US20080254791A1
公开(公告)日:2008-10-16
申请号:US11733938
申请日:2007-04-11
申请人: Johnson Oyama , Nikos Katinakis
发明人: Johnson Oyama , Nikos Katinakis
IPC分类号: H04Q7/20
CPC分类号: H04L65/1016 , H04L65/105 , H04W88/182 , H04W92/02
摘要: Systems and methods for splitting communication nodes to provide inter-domain functionality are described. For example, a home subscriber services (HSS) node can be split into a proxy node in a first domain and a non-proxy node in a second domain. The proxy node may or may not include a subset of the data available on the corresponding non-proxy node. An inter-domain interface, e.g., a GUP interface, can be employed between the proxy node and the non-proxy node and the inter-domain protocol server can be used to facilitate other interfaces, e.g., between a home location register (HLR) and other entities.
摘要翻译: 描述了用于分割通信节点以提供域间功能的系统和方法。 例如,家庭订户服务(HSS)节点可以被拆分为第一域中的代理节点和第二域中的非代理节点。 代理节点可以包括也可以不包括在相应的非代理节点上可用的数据的子集。 可以在代理节点和非代理节点之间采用域间接口,例如GUP接口,并且可以使用域间协议服务器来促进其他接口,例如,归属位置寄存器(HLR) 和其他实体。
-
公开(公告)号:US06621793B2
公开(公告)日:2003-09-16
申请号:US09861817
申请日:2001-05-21
申请人: Ina Widegren , Gabor Fodor , Brian Williams , Johnson Oyama
发明人: Ina Widegren , Gabor Fodor , Brian Williams , Johnson Oyama
IPC分类号: G01R3108
CPC分类号: H04L65/104 , H04L12/14 , H04L12/1439 , H04L47/10 , H04L47/14 , H04L47/2425 , H04L47/2491 , H04L65/1006 , H04L65/1016 , H04L65/103 , H04L65/608 , H04L65/80 , H04L67/04 , H04L69/329 , H04M15/00 , H04M15/41 , H04M15/55 , H04M15/56 , H04M15/57 , H04M15/8016 , H04M15/8228 , H04M2215/0164 , H04M2215/202 , H04M2215/204 , H04M2215/208 , H04M2215/22 , H04M2215/32 , H04M2215/44 , H04M2215/7414 , H04M2215/7833 , H04W4/24 , H04W12/08 , H04W28/10 , H04W28/18 , H04W76/12 , H04W80/00 , H04W88/16
摘要: A method of filtering and gating data flow in a QoS connection between a remote host and user equipment in a packet data network using policy control mechanisms includes a remote host initiating an application in an application server and a corresponding session between the remote host and the user equipment (“UE”) via the application server. The UE requests, to a gateway support node (“GGSN”) of the network, establishment of a network bearer service between the UE and the remote host. A corresponding policy control function (“PCF”) in a policy server receives, from the application server, filtering data derived from session data received by the application server during the session. The GGSN interrogates the corresponding PCF in the policy server to initialize a gate using policy control filtering data at the GGSN. The gate then filters the data flow in the QoS connection according to the policy control filtering data.
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.02 秒)
