公开(公告)号：WO2007127035A3

公开(公告)日：2008-12-11

申请号：PCT/US2007008632

申请日：2007-04-04

Applicant: CISCO TECH INC ,  SHATZKAMER KEVIN ,  OSWAL ANAND K ,  GRAYSON MARK ,  IYER JAYARAMAN ,  NARANG NAVAN

Inventor： SHATZKAMER KEVIN ,  OSWAL ANAND K ,  GRAYSON MARK ,  IYER JAYARAMAN ,  NARANG NAVAN

IPC: G06F15/16

CPC classification number: H04L63/0892 ,  H04L63/08 ,  H04L63/164 ,  H04W12/06 ,  H04W88/16

Abstract: A system for efficiently reauthenticating a client of a network. In a specific embodiment, the system includes an authentication server and a Security GateWay (SGW) in communication with the client. The SGW includes reauthentication information associated with the client. In a more specific embodiment, the authentication server includes an Authentication, Authorization, and Accounting (AAA) server. The SGW further includes one or more routines for employing the reauthentication information to reauthenticate the client. The AAA server performs initial authentication of the client to enable client access to the network, which yields the reauthentication information. The reauthentication information includes one or more keys and/or counters, such as an authorization key, an encryption key, and a master key, which is/are predetermined by the AAA server.

Abstract translation: 一种用于有效地重新认证网络客户端的系统。 在具体实施例中，系统包括与客户端通信的认证服务器和安全门禁（SGW）。 SGW包括与客户端相关联的重新认证信息。 在更具体的实施例中，认证服务器包括认证，授权和计费（AAA）服务器。 SGW还包括用于使用重新认证信息重新认证客户端的一个或多个例程。 AAA服务器执行客户端的初始认证，以使客户端能够访问网络，从而产生重新认证信息。 重新认证信息包括由AAA服务器预先确定的一个或多个密钥和/或计数器，例如授权密钥，加密密钥和主密钥。

公开(公告)号：WO2007103504A3

公开(公告)日：2007-12-21

申请号：PCT/US2007005937

申请日：2007-03-06

Applicant: CISCO TECH INC ,  IYER JAYARAMAN R ,  LEUNG KENT K ,  STAMMERS TIMOTHY P ,  OSWAL ANAND K

Inventor： IYER JAYARAMAN R ,  LEUNG KENT K ,  STAMMERS TIMOTHY P ,  OSWAL ANAND K

IPC: H04W8/26 ,  H04W12/08 ,  H04W28/18 ,  H04W36/00 ,  H04W36/12 ,  H04W36/14 ,  H04W48/14 ,  H04W60/00 ,  H04W80/04 ,  H04W80/10 ,  H04W92/02

CPC classification number: H04W12/08 ,  G06Q20/102 ,  H04L12/14 ,  H04L12/1403 ,  H04L41/0893 ,  H04L41/5029 ,  H04L41/5061 ,  H04L45/50 ,  H04L47/10 ,  H04L47/14 ,  H04L47/15 ,  H04L47/70 ,  H04L47/724 ,  H04L47/805 ,  H04L47/824 ,  H04L61/2015 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/102 ,  H04L63/162 ,  H04L65/1006 ,  H04L65/1016 ,  H04L67/141 ,  H04L69/14 ,  H04L69/24 ,  H04W8/26 ,  H04W12/06 ,  H04W28/18 ,  H04W36/0033 ,  H04W36/12 ,  H04W36/14 ,  H04W48/14 ,  H04W60/00 ,  H04W80/04 ,  H04W80/10 ,  H04W92/02

Abstract: Communicating packets along a bearer path includes receiving a home network address and a visited network address at an access terminal. The home network address corresponds to a home anchored bearer path anchored at a home network of the access terminal. The visited network address corresponds to a visited anchored bearer path anchored at a visited network. The access terminal determines whether to use the home anchored bearer path or the visited anchored bearer path, and communicates packets using the home network address or the visited network address in accordance with the determination.

Abstract translation: 沿承载路径通信数据包包括在接入终端接收归属网络地址和被访问网络地址。 归属网络地址对应于锚定在接入终端的归属网络上的归属锚定承载路径。 所访问的网络地址对应于在访问网络上锚定的访问锚定承载路径。 接入终端确定是否使用归属承载路径或访问锚定承载路径，并且根据该确定使用家庭网络地址或访问网络地址来传送分组。

公开(公告)号：WO2008112482A3

公开(公告)日：2009-01-22

申请号：PCT/US2008056000

申请日：2008-03-06

Applicant: CISCO TECH INC ,  SHATZKAMER KEVIN ,  OSWAL ANAND K ,  YOON CASEY ,  GRAYSON MARK

Inventor： SHATZKAMER KEVIN ,  OSWAL ANAND K ,  YOON CASEY ,  GRAYSON MARK

IPC: H04L29/06

CPC classification number: H04W8/06 ,  H04L63/101 ,  H04W12/08 ,  H04W12/12 ,  H04W88/14

Abstract: In one embodiment, while bei.ng connected, to the network (110), a security issue may be detected and associated with a device (104). The device may be placed on a blacklist for the security issue. The blacklist is a list that is used to deny service for the device when it attempts to connect. Thus, the device is disconnected from the. network. Identification information for the device is added to the blacklist at the authentication server (102). If the device attempts to reconnect to the network, the request is received at the authentication server. The authentication server can then check the blacklist and deny the request for access to the network if the identification information is on the blacklist. This denial is determined without sending the request to the HLR (108). Accordingly, the HLR is protected in that requests from a device that may be considered a security issue are not sent to the HLR.

Abstract translation: 在一个实施例中，当连接到网络（110）时，可以检测安全问题并与设备（104）相关联。 为了安全问题，设备可能被放置在黑名单上。 黑名单是用于在尝试连接时拒绝该设备的服务的列表。 因此，设备与该设备断开连接。 网络。 设备的识别信息被添加到认证服务器的黑名单（102）。 如果设备尝试重新连接到网络，则在认证服务器处接收到请求。 然后，如果识别信息在黑名单上，认证服务器可以检查黑名单并拒绝接入网络的请求。 确定该拒绝，而不向HLR发送请求（108）。 因此，HLR受到保护，因为来自可能被认为是安全问题的设备的请求不被发送到HLR。

公开(公告)号：WO2006127220A3

公开(公告)日：2007-11-01

申请号：PCT/US2006016918

申请日：2006-05-01

Applicant: CISCO TECH INC ,  OSWAL ANAND K ,  IYER JAYARAMAN R ,  WEI LIMING

Inventor： OSWAL ANAND K ,  IYER JAYARAMAN R ,  WEI LIMING

IPC: H04L9/00

CPC classification number: H04L9/0833 ,  H04L63/065 ,  H04L63/102 ,  H04L2209/60 ,  H04L2209/80

Abstract: Providing a multicast service to a mobile node includes receiving a first request to join a multicast group from a first cell site. The first request requests that a first mobile node be permitted to join the multicast group. A first multicast source operable to provide content to the first mobile node is identified. The multicast group and the first multicast source are associated to yield a first group-source combination. A first key is assigned to the first group-source combination, and the first key is provided to the first cell site.

Abstract translation: 向移动节点提供多播服务包括从第一小区站点接收加入多播组的第一请求。 第一请求请求允许第一移动节点加入多播组。 识别可操作以向第一移动节点提供内容的第一组播源。 组播组和第一组播源被关联以产生第一组源组合。 将第一密钥分配给第一组源组合，并将第一密钥提供给第一小区站点。

公开(公告)号：WO2007098165A2

公开(公告)日：2007-08-30

申请号：PCT/US2007004415

申请日：2007-02-20

Applicant: CISCO TECH INC ,  YEGANI PARVIZ ,  STAMMERS TIMOTHY ,  IYER JAYARAMAN ,  OSWAL ANAND K

Inventor： YEGANI PARVIZ ,  STAMMERS TIMOTHY ,  IYER JAYARAMAN ,  OSWAL ANAND K

IPC: H04W8/06 ,  H04W12/06 ,  H04W80/04

CPC classification number: H04W8/065 ,  H04L63/08 ,  H04L63/0892 ,  H04W12/06 ,  H04W80/04

Abstract: Particular embodiments provide an optimal allocation of a bearer manager or home agent. In one embodiment, a message is received from a mobile node requesting access to a visiting network that is different from a home network for the mobile node. An authentication request is sent to the home network requesting authentication for access. The authentication request indicates that a home agent has not been assigned. The home AAA server then sends a response that indicates the visiting AAA server can assign a home agent for the mobile node. The visiting AAA server then assigns a home agent that is optimally determined. The visiting home agent is different from a home agent that is found in the mobile node's home network. When a registration request is received, an IP gateway may send the registration request to the visiting home agent, which may not be sent back to the home network.

Abstract translation: 特定实施例提供承载管理器或归属代理的最佳分配。 在一个实施例中，从移动节点接收请求访问不同于移动节点的归属网络的访问网络的消息。 认证请求被发送到家庭网络，请求认证进行访问。 认证请求表示没有分配归属代理。 然后，归属AAA服务器发送响应，其指示访问AAA服务器可以为移动节点分配归属代理。 然后，访问的AAA服务器分配最佳确定的归属代理。 访问归属代理与在移动节点的家庭网络中找到的归属代理不同。 当接收到注册请求时，IP网关可以将该注册请求发送到访问归属代理，该归属代理可能不被发送回家庭网络。

公开(公告)号：WO2007139641A3

公开(公告)日：2008-04-10

申请号：PCT/US2007010034

申请日：2007-04-26

Applicant: CISCO TECH INC ,  GRAYSON MARK ,  IYER JAYARAMAN ,  SHATZKAMER KEVIN ,  FORSTER RICHARD KYLE ,  OSWAL ANAND K

Inventor： GRAYSON MARK ,  IYER JAYARAMAN ,  SHATZKAMER KEVIN ,  FORSTER RICHARD KYLE ,  OSWAL ANAND K

IPC: G06F15/173 ,  H04W88/12 ,  H04W88/16 ,  H04W92/02

CPC classification number: H04W92/02 ,  H04W88/12 ,  H04W88/16

Abstract: An Unlicensed Mobile Access (UMA) network architecture. In a specific embodiment, the network architecture includes a mobile station and an access point in communication with the mobile station. A UMA Controller (UNC) communicates with the access point. A Service GateWay (SGW) communicates with the UMA controller. The SGW includes functionality to route user-plane packets in the UMA. In a more specific embodiment, the functionality includes UNC user-plane functionality offloaded from the UNC to the SGW; Serving GPRS Support Node (SGSN) user-plane functionality; access-authentication functionality sufficient to enable the SGW to enable the SGW to bypass a legacy SGSN control plane; and/or Radio Network Controller (RNC) user-plane functionality sufficient to enable communications between the SGW and the RNC.

Abstract translation: 无牌移动接入（UMA）网络架构。 在具体实施例中，网络架构包括与移动站通信的移动站和接入点。 UMA控制器（UNC）与接入点进行通信。 服务网关（SGW）与UMA控制器进行通信。 SGW包括在UMA中路由用户平面数据包的功能。 在更具体的实施例中，功能包括从UNC卸载到SGW的UNC用户平面功能; 服务GPRS支持节点（SGSN）用户平面功能; 访问认证功能足以使SGW能够使SGW绕过传统的SGSN控制平面; 和/或无线电网络控制器（RNC）用户平面功能，足以实现SGW与RNC之间的通信。

公开(公告)号：WO2006113124A3

公开(公告)日：2007-11-22

申请号：PCT/US2006012532

申请日：2006-04-04

Applicant: CISCO TECH INC ,  OSWAL ANAND K ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K ,  LINDERT DAVID P ,  WACLAWSKY JOHN G

Inventor： OSWAL ANAND K ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K ,  LINDERT DAVID P ,  WACLAWSKY JOHN G

IPC: H04W8/10 ,  H04W80/04

CPC classification number: H04W36/0033 ,  H04W8/10 ,  H04W36/14 ,  H04W80/04 ,  H04W88/16

Abstract: Facilitating node mobility includes facilitating a communication session for a mobile node communicated along a first communication path. A first anchor point manages context information for the communication session, where the context information comprises information for supporting the communication session. A command to transfer the context information to a second anchor point is received from a home agent. The second anchor point is operable to facilitate communication of the communication session along a second communication path. The context information is transferred in response to the command.

Abstract translation: 促进节点移动性包括促进沿着第一通信路径传送的移动节点的通信会话。 第一锚点管理通信会话的上下文信息，其中上下文信息包括用于支持通信会话的信息。 从归属代理接收到将上下文信息传送到第二锚点的命令。 第二锚定点可操作以便于沿着第二通信路径进行通信会话的通信。 响应于命令传送上下文信息。

公开(公告)号：WO2006113124A8

公开(公告)日：2007-10-04

申请号：PCT/US2006012532

申请日：2006-04-04

Applicant: CISCO TECH INC ,  OSWAL ANAND K ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K ,  LINDERT DAVID P ,  WACLAWSKY JOHN G

Inventor： OSWAL ANAND K ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K ,  LINDERT DAVID P ,  WACLAWSKY JOHN G

IPC: H04W8/10 ,  H04W80/04

CPC classification number: H04W36/0033 ,  H04W8/10 ,  H04W36/14 ,  H04W80/04 ,  H04W88/16

Abstract: Facilitating node mobility includes facilitating a communication session for a mobile node communicated along a first communication path. A first anchor point manages context information for the communication session, where the context information comprises information for supporting the communication session. A command to transfer the context information to a second anchor point is received from a home agent. The second anchor point is operable to facilitate communication of the communication session along a second communication path. The context information is transferred in response to the command.

Abstract translation: 促进节点移动性包括促进沿着第一通信路径通信的移动节点的通信会话。 第一锚点管理通信会话的上下文信息，其中上下文信息包括用于支持通信会话的信息。 从家乡代理接收将上下文信息传送到第二个锚点的命令。 第二锚点可操作以促进通信会话沿第二通信路径的通信。 上下文信息响应于该命令而被传送。

公开(公告)号：WO2007102867A2

公开(公告)日：2007-09-13

申请号：PCT/US2006046800

申请日：2006-12-06

Applicant: CISCO TECH INC ,  YEGANI PARVIZ ,  SALOWEY JOSEPH A ,  IYER JAYARAMAN R ,  OSWAL ANAND K

Inventor： YEGANI PARVIZ ,  SALOWEY JOSEPH A ,  IYER JAYARAMAN R ,  OSWAL ANAND K

IPC: H04K1/00

CPC classification number: H04W12/06 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/162

Abstract: A system and method is provided for authenticating access in a mobile wireless network. The system and method comprise exchanging an extensible authentication protocol (EAP) packet with an access terminal over a high rate packet data radio link and a signaling interface through a radio access network, encapsulating the EAP packet in an authentication authorization and accounting (AAA) packet, and sending the AAA packet to an authentication server for authentication.

Abstract translation: 提供了一种用于在移动无线网络中认证访问的系统和方法。 该系统和方法包括通过高速率分组数据无线电链路与接入终端交换可扩展认证协议（EAP）分组和通过无线接入网络的信令接口，将EAP分组封装在认证授权和计费（AAA）分组中 并将AAA分组发送到认证服务器进行认证。

公开(公告)号：WO2006113051A2

公开(公告)日：2006-10-26

申请号：PCT/US2006010942

申请日：2006-03-24

Applicant: CISCO TECH INC ,  OSWAL ANAND K ,  WACLAWSKY JOHN G ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K

Inventor： OSWAL ANAND K ,  WACLAWSKY JOHN G ,  IYER JAYARAMAN R ,  MALAVIYA VIREN K

IPC: H04W24/02 ,  H04W48/16

CPC classification number: H04W36/0083

Abstract: Obtaining neighborhood information for a cell includes establishing the presence of a mobile node in a first cell having a first cell site. A communication session for the mobile node is facilitated. Neighborhood information is determined in response to facilitating the communication session. The neighborhood information describes a second cell having a second cell site. The neighborhood information is recorded in a neighborhood information record.

Abstract translation: 获取小区的邻域信息包括在具有第一小区站点的第一小区中建立移动节点的存在。 便于移动节点的通信会话。 响应于促进通信会话确定邻域信息。 邻域信息描述具有第二小区站点的第二小区。 邻域信息被记录在邻居信息记录中。