公开(公告)号：US09087023B2

公开(公告)日：2015-07-21

申请号：US14227546

申请日：2014-03-27

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Jouni Korhonen ,  Hannes Tschofenig

IPC: G06F11/00 ,  G06F11/20 ,  H04L12/24 ,  H04L29/06 ,  H04L29/14 ,  H04L29/08

CPC classification number: G06F11/2007 ,  G06F11/2023 ,  G06F11/2038 ,  H04L41/06 ,  H04L41/28 ,  H04L63/0892 ,  H04L63/10 ,  H04L67/327 ,  H04L69/40

Abstract: There is provided an intra-realm AAA (authentication, authorization and accounting) fallback mechanism, wherein the single global realm may be divided in one or more sub-realms. The thus presented mechanism exemplarily comprises detecting a failure of an authentication server serving at least one authentication client within a first sub-realm of a single-realm authentication system, and routing authentication messages of the at least one authentication client to a fallback authentication server within a second sub-realm of the single-realm authentication system, wherein routing may exemplarily comprise sub-realm based source routing.

Abstract translation: 提供了内部AAA（认证，授权和计费）回退机制，其中单个全球领域可以被划分成一个或多个子领域。 所呈现的机制示例性地包括检测服务于单域认证系统的第一子域内的至少一个认证客户端的认证服务器的故障，以及将至少一个认证客户端的认证消息路由到后端认证服务器内的后退认证服务器 单域认证系统的第二子域，其中路由可以示例性地包括基于子域的源路由。

公开(公告)号：US10334641B2

公开(公告)日：2019-06-25

申请号：US15678849

申请日：2017-08-16

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Seppo Ilmari Vesterinen ,  Jouni Korhonen ,  Matti Einari Laitila

IPC: H04W76/02 ,  H04W48/08 ,  H04L29/12 ,  H04W92/02 ,  H04W76/12 ,  H04W76/15

Abstract: A second internet protocol network is logically connected to a packet data network connection provided between a user equipment and a first internet protocol network over a radio access network, the second internet protocol network located on a data path from the first internet protocol network to the user equipment. The first internet protocol network represents the highest level internet protocol point of attachment to the packet data network connection. Router advertisements are sent from the second internet protocol network to the user equipment over the radio access network via the packet data network connection.

公开(公告)号：US20150049749A1

公开(公告)日：2015-02-19

申请号：US14387089

申请日：2013-03-21

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anders Jan Olof Kall ,  Gyorgy Tamas Wolfner ,  Jouni Korhonen

IPC: H04W12/08 ,  H04W48/16

CPC classification number: H04W12/08 ,  H04L63/0892 ,  H04L63/126 ,  H04M15/43 ,  H04M15/70 ,  H04M15/73 ,  H04M15/80 ,  H04M15/8022 ,  H04M15/81 ,  H04W12/10 ,  H04W48/16 ,  H04W84/12 ,  H04W92/045

Abstract: It is provided a method, comprising providing a non 3GPP network access to a user equipment (S10); connecting an apparatus performing the method via an interface to a packet data network gateway of a packet core network (S20); indicating, to the packet data network gateway via the interface, an indication whether the non 3GPP network access is a trusted access (S30).

Abstract translation: 提供了一种方法，包括向用户设备提供非3GPP网络接入（S10）; 将经由接口执行该方法的装置连接到分组核心网络的分组数据网络网关（S20）; 经由接口向分组数据网络网关指示非3GPP网络接入是否为可信接入（S30）。

公开(公告)号：US10581816B2

公开(公告)日：2020-03-03

申请号：US15427819

申请日：2017-02-08

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Anders Jan Olof Kall ,  Gyorgy Tamas Wolfner ,  Jouni Korhonen

IPC: H04L29/06 ,  H04L12/66 ,  H04W12/06 ,  G06F12/04 ,  H04L9/08 ,  H04L12/46

Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.

公开(公告)号：US09960950B2

公开(公告)日：2018-05-01

申请号：US14391208

申请日：2013-04-08

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Jouni Korhonen ,  Anders Jan Olof Kall

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/14

CPC classification number: H04L41/0604 ,  H04L63/0892 ,  H04L69/40

Abstract: Apparatus, method, system and computer program product for server failure handling A mechanism for a first apparatus is described. The mechanism comprising receiving, from a first apparatus, a first authentication request comprising an user identity and an identity of said first apparatus, wherein said first apparatus being capable for provide authentication related service with respect to said user identity; determining if a third apparatus, originally associated with said user identity for providing authentication related service, is available for providing said service; registering said first apparatus as the server associated with said user identity for providing authentication related service, if said third apparatus is not available; sending a response to said first apparatus to acknowledge the first authentication request.

公开(公告)号：US20150063126A1

公开(公告)日：2015-03-05

申请号：US14391208

申请日：2013-04-08

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Jouni Korhonen ,  Anders Jan Olof Kall

IPC: H04L12/24

CPC classification number: H04L41/0604 ,  H04L63/0892 ,  H04L69/40

Abstract: Apparatus, method, system and computer program product for server failure handling A mechanism for a first apparatus is described. The mechanism comprising receiving, from a first apparatus, a first authentication request comprising an user identity and an identity of said first apparatus, wherein said first apparatus being capable for provide authentication related service with respect to said user identity; determining if a third apparatus, originally associated with said user identity for providing authentication related service, is available for providing said service; registering said first apparatus as the server associated with said user identity for providing authentication related service, if said third apparatus is not available; sending a response to said first apparatus to acknowledge the first authentication request.

Abstract translation: 用于服务器故障处理的装置，方法，系统和计算机程序产品描述用于第一装置的机构。 该机制包括从第一装置接收包括所述第一装置的用户身份和身份的第一认证请求，其中所述第一装置能够提供关于所述用户身份的认证相关服务; 确定最初与所述用户身份相关联的用于提供认证相关服务的第三装置是否可用于提供所述服务; 将所述第一装置注册为与所述用户身份相关联的服务器，用于提供认证相关服务，如果所述第三设备不可用; 向所述第一设备发送响应以确认所述第一认证请求。