公开(公告)号：EP2596428A4

公开(公告)日：2014-08-06

申请号：EP10855033

申请日：2010-07-23

Applicant: ERICSSON TELEFON AB L M

Inventor： KATO RYOJI ,  ODA TOSHIKANE ,  KRISTIANSSON JOHAN ,  FIKOURAS IOANNIS

IPC: G06F9/445 ,  G06F13/00

CPC classification number: H04L67/06 ,  G06F9/445

公开(公告)号：EP2636232A4

公开(公告)日：2016-04-20

申请号：EP10859275

申请日：2010-11-01

Applicant: ERICSSON TELEFON AB L M

Inventor： SUGIMOTO SHINTA ,  KATO RYOJI

IPC: H04W8/26 ,  H04L12/66 ,  H04W4/00 ,  H04W8/24 ,  H04W60/04 ,  H04W88/16

CPC classification number: H04W60/04 ,  H04L12/66 ,  H04W4/005 ,  H04W8/245 ,  H04W8/265 ,  H04W88/16

Abstract: A gateway apparatus comprises a registration unit for registering a network address, a temporary address and a flag, a receiving unit for receiving data destined to a destination communication device with the network address of the destination communication device from a source communication device, a determination unit for determining whether the destination communication device is provided with the MCIM or not, based on a registered value of the flag, and transmitting unit for transmitting a bootstrap message for requesting initiation of provisioning of a predetermined identifier to the destination communication device, to a provision server, when it is determined that the destination communication device is not provided with the MCIM, wherein the transmitting unit transmits the data to the destination communication device using the assigned temporary address, when the destination communication device is provided with the MCIM.

公开(公告)号：ES2449574T3

公开(公告)日：2014-03-20

申请号：ES07820435

申请日：2007-09-20

Applicant: ERICSSON TELEFON AB L M ,  ERICSSON TELEFON AB L M

Inventor： SUGIMOTO SHINTA ,  ODA TOSHIKANE ,  KATO RYOJI

IPC: H04W8/06 ,  H04L29/06 ,  H04W8/12 ,  H04W12/06 ,  H04W80/04

Abstract: Un método de gestionar itinerancia de un Nodo Móvil en una red Visitada, estando el Nodo Móvil asociado a unared Local, estando el método caracterizado por: en un servidor de Autenticación, Autorización y Contabilización dispuesto en la red Visitada, seleccionar (706) unnodo de Puerta de Enlace en base a criterios de selección, estando el nodo de Puerta de Enlace dispuesto entre lared Local y la red Visitada; en el servidor de Autenticación Autorización y Contabilización, enviar (709) un mensaje a un nodo de acceso de lared Visitada al que está unido el Nodo Móvil, cuyo mensaje identifica el nodo de Puerta de Enlace seleccionado.

公开(公告)号：EP2494814A4

公开(公告)日：2014-07-09

申请号：EP09850934

申请日：2009-10-27

Applicant: ERICSSON TELEFON AB L M

Inventor： SUGIMOTO SHINTA ,  ODA TOSHIKANE ,  KATO RYOJI

IPC: H04W36/00 ,  H04L12/46 ,  H04W12/00 ,  H04W88/06 ,  H04W88/16

CPC classification number: H04L12/4633 ,  H04L63/08 ,  H04L63/164 ,  H04W12/02 ,  H04W12/06 ,  H04W36/0038 ,  H04W36/14 ,  H04W48/16 ,  H04W76/041 ,  H04W88/06 ,  H04W88/16

Abstract: The present invention concern a methods and an apparatus for exchanging data between a user equipment and a core network via a security gateway. The invention concerns the establishment of an inactive pair of tunnel mode security associations between the UE and the security gateway, as well as the application of the pair of security associations when the UE detects attachment to or need to attach to an untrusted access network.

公开(公告)号：EP2737680A4

公开(公告)日：2015-07-01

申请号：EP11869918

申请日：2011-07-27

Applicant: ERICSSON TELEFON AB L M

Inventor： HJELM JOHAN ,  MURAKAMI SHINGO ,  SUGIMOTO SHINTA ,  ODA TOSHIKANE ,  KATO RYOJI

IPC: H04L29/06 ,  H04L29/08 ,  H04W4/00 ,  H04W8/20 ,  H04W12/04 ,  H04W48/18 ,  H04W92/08

CPC classification number: H04L63/08 ,  H04L67/02 ,  H04W4/005 ,  H04W8/20 ,  H04W12/04

Abstract: There is provided a mediation server. The mediation server comprises, among other things, a device identity receiving unit configured to receive, from a communication device, a device identity which enables the communication device to connect to a network operated by a network operator associated with the mediation server, a login request sending unit configured to send, to the communication device, a login request for requesting login credentials for one of at least one user identity associated with the device identity, and a login credentials receiving unit configured to receive the login credentials from the communication device. The mediation server also comprises a subscription information relaying unit configured to obtain subscription information for use by the communication device from a selected network, and forward the obtained subscription information to the communication device.

公开(公告)号：EP2213081A4

公开(公告)日：2013-08-21

申请号：EP07852060

申请日：2007-11-30

Applicant: ERICSSON TELEFON AB L M

Inventor： KATO RYOJI ,  ODA TOSHIKANE ,  SUGIMOTO SHINTA

IPC: H04W8/08 ,  H04W40/36 ,  H04W80/04

CPC classification number: H04W8/082 ,  H04W40/36 ,  H04W80/045

公开(公告)号：WO2010043254A8

公开(公告)日：2010-06-10

申请号：PCT/EP2008063890

申请日：2008-10-15

Applicant: ERICSSON TELEFON AB L M ,  KATO RYOJI ,  ODA TOSHIKANE ,  SUGIMOTO SHINTA

Inventor： KATO RYOJI ,  ODA TOSHIKANE ,  SUGIMOTO SHINTA

IPC: H04L29/06 ,  H04L12/22 ,  H04L12/46 ,  H04L29/12

CPC classification number: H04L63/0272 ,  H04L12/2859 ,  H04L12/4633 ,  H04L61/2015 ,  H04L63/0428 ,  H04L63/164

Abstract: A method of providing secure access to a remote communication network via a local communication network for a terminal device. A gateway node located outside the local communication network allocates an IP address to the terminal device. The gateway node subsequently receives a request to establish a secure tunnel between the gateway node and the terminal device. It identifies the terminal device as the same terminal device to which an IP address is allocated, and allocates the same IP address for use by the terminal device as both an inner IP address and an outer IP address for packets sent via the secure tunnel. This ensures that there are no issues as described above in selecting the IP address for use in the secure tunnel, and reduces the risk of a successful man-in-the-middle attack.

Abstract translation: 一种通过用于终端设备的本地通信网络向远程通信网络提供安全访问的方法。 位于本地通信网络外部的网关节点向终端设备分配IP地址。 网关节点随后接收到在网关节点和终端设备之间建立安全通道的请求。 它将终端设备识别为与其分配IP地址相同的终端设备，并为终端设备分配相同的IP地址作为通过安全隧道发送的分组的内部IP地址和外部IP地址。 这确保了在选择安全隧道中使用的IP地址时没有上述问题，并降低了成功的中间人攻击的风险。

公开(公告)号：WO2009070061A8

公开(公告)日：2010-05-20

申请号：PCT/SE2007001040

申请日：2007-11-30

Applicant: ERICSSON TELEFON AB L M ,  KATO RYOJI ,  ODA TOSHIKANE ,  SUGIMOTO SHINTA

Inventor： KATO RYOJI ,  ODA TOSHIKANE ,  SUGIMOTO SHINTA

IPC: H04L29/12

CPC classification number: H04W8/082 ,  H04W40/36 ,  H04W80/045

Abstract: The present invention concerns a method of handling a Local Break Out (LBO) session taking place in a first network between a user equipment and a corresponding node (CN). The invention addresses the problems that arise when using only one IP address in the user equipment and the user equipment moves to a second network. This is, for the downlink packets, solved by the steps of: converting, in a node in the first or the second network, the IP address of the downlink packets from an LHoA to a Global Home Address (GHoA) and routing, from the first node, directly or indirectly to a second node in the second network, any downlink packets being sent from the corresponding node, so that the downlink packets will arrive at the user equipment having a GHoA. For the uplink packets the problem is solved by converting, in a node in the first or the second network, the IP address of the uplink packets from a GHoA to an LHoA and routing, from the second node, directly or indirectly to the first node, any uplink packets being sent from the user equipment; so that the uplink packets will arrive at the corresponding node with a source address that is an LHoA. The invention also concerns nodes for handling an LBO session.

Abstract translation: 本发明涉及处理在用户设备和对应节点（CN）之间的第一网络中发生的本地中断（LBO）会话的方法。 本发明解决了在用户设备中仅使用一个IP地址并且用户设备移动到第二网络时出现的问题。 对于下行链路分组，这是通过以下步骤来解决的：在第一或第二网络中的节点中将从LHoA到全球归属地址（GHoA）的下行链路分组的IP地址转换为 第一节点直接或间接地连接到第二网络中的第二节点，从对应节点发送的任何下行链路分组，使得下行链路分组将到达具有GHoA的用户设备。 对于上行链路分组，通过将第一或第二网络中的节点中的上行链路分组的IP地址从GHoA转换到LHoA并且从第二节点直接或间接地路由到第一节点来解决问题 ，从用户设备发送的任何上行链路分组; 使得上行链路分组将以具有LHoA的源地址到达相应的节点。 本发明还涉及用于处理LBO会话的节点。

公开(公告)号：WO2004112348B1

公开(公告)日：2005-04-14

申请号：PCT/SE2004000949

申请日：2004-06-15

Applicant: ERICSSON TELEFON AB L M ,  OYAMA JOHNSON ,  KATO RYOJI ,  RUNE JOHAN ,  LARSSON TONY

Inventor： OYAMA JOHNSON ,  KATO RYOJI ,  RUNE JOHAN ,  LARSSON TONY

IPC: H04L12/28 ,  H04L29/06 ,  H04W8/04 ,  H04W12/06 ,  H04W84/00

CPC classification number: H04L63/08 ,  H04L63/0892 ,  H04L63/164 ,  H04W8/04 ,  H04W12/06 ,  H04W80/04 ,  H04W84/00

Abstract: For establishing a MIPv6 security association between the mobile node (10) roaming in a foreign network (20) and a home agent (36) and for simplifying MIPv6-related configuration, MIPv6-related information is transferred in an end-to-end procedure over an AAA infrastructure by means of an, preferably extended, authentication protocol. A preferred embodiment uses EAP as basis for the extended authentication protocol, creating EAP extensions by incorporating the MIPv6-related information as additional data in the EAP protocol stack, for example as EAP attributes in the EAP method layer of the EAP protocol stack or transferred in a generic container attribute on the EAP layer or the EAP method layer. A major advantage of the proposed MIPv6 authentication/authorization mechanism lies in the fact that it is transparent to the visited domain (20), allowing AAA client (22) and AAAv (24) to act as mere pass-through agents during the procedure.

Abstract translation: 为了在外部网络（20）和归属代理（36）之间漫游的移动节点（10）之间建立MIPv6安全关联，并且为了简化MIPv6相关配置，MIPv6相关信息以端对端的过程 通过优选扩展的认证协议通过AAA基础设施。 优选实施例使用EAP作为扩展认证协议的基础，通过将作为附加数据的MIPv6相关信息合并到EAP协议栈中来创建EAP扩展，例如作为EAP协议栈的EAP方法层中的EAP属性或者转移到 EAP层或EAP方法层上的通用容器属性。 所提出的MIPv6认证/授权机制的主要优点在于它对访问域（20）是透明的，允许AAA客户端（22）和AAAv（24）在过程期间仅作为直通代理。

公开(公告)号：WO2004112349B1

公开(公告)日：2005-06-16

申请号：PCT/SE2004000950

申请日：2004-06-15

Applicant: ERICSSON TELEFON AB L M ,  OYAMA JOHNSON ,  KATO RYOJI ,  RUNE JOHAN ,  LARSSON TONY

Inventor： OYAMA JOHNSON ,  KATO RYOJI ,  RUNE JOHAN ,  LARSSON TONY

IPC: H04L12/28 ,  H04L29/06 ,  H04W12/06 ,  H04W36/00 ,  H04W80/00 ,  H04W80/04 ,  H04L12/56

CPC classification number: H04L63/08 ,  H04W12/06 ,  H04W80/04

Abstract: The invention provides authentication and authorization support for MIPv6 in a CDMA framework by transferring MIPv6-related information in an, preferably extended, authentication protocol in an end-to-end procedure between a mobile node (10) in a visited network and the home network of the mobile node over an AAA infrastructure. Preferably, the end-to-end procedure is executed between the mobile node and an AAA server (34) of the home network. In the visited network, after lower-layer setup, point-to-point communication is established between the mobile node and an internetworking access server (22). The access server then communicates with the AAA home server for MIPv6 authentication and authorization of the mobile node. A preferred embodiment uses EAP as basis for the extended authentication protocol. EAP extensions are then used for MIPv6 initiation and re-authentication, while CHAP can be beneficial for MIPv6 hand-in.

Abstract translation: 本发明通过在访问网络中的移动节点（10）和归属网络之间以端到端过程在最优选地扩展的认证协议中传送MIPv6相关信息来提供CDMA框架中的MIPv6的认证和授权支持 的移动节点。 优选地，在移动节点和家庭网络的AAA服务器（34）之间执行端对端过程。 在访问网络中，在较低层设置之后，在移动节点与互联网络接入服务器（22）之间建立点对点通信。 然后，接入服务器与AAA家庭服务器进行通信，用于移动节点的MIPv6认证和授权。 优选实施例使用EAP作为扩展认证协议的基础。 然后，EAP扩展用于MIPv6启动和重新认证，而CHAP可以有益于MIPv6手动。