Authentication and authorization in heterogeneous networks
First Claim
1. A method for authentication and authorization of a mobile terminal roaming to or in a foreign network different from its home network, the home network having an authentication and authorization home server, and the foreign network having a plurality of domains each of which comprises at least one local server for authentication, authorization and accounting, each of the local servers being connected to at least one network access server for handling access for mobile terminals roaming to or in the foreign network, the method comprises the steps of:
- detecting a roaming of the mobile terminal;
identifying a combination of network elements involved in the detected roaming; and
selecting one of a plurality of authentication and authorization procedures to be performed based on the identified combination.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and network elements for authentication and authorization of a mobile terminal (MT) roaming to or in a foreign network different from its home network is provided, the home network having an authentication and authorization home server (AAAH), and the foreign network having a plurality of domains each of which comprises at least one local server (AAAL1, AAAL2) for authentication, authorization and accounting, each of which local servers being connected to at least one network access server (NAS) for handling access for mobile terminals roaming to or in the foreign network, wherein an authentication and authorization of the mobile terminal is performed whenever the mobile terminal performs a roaming, wherein the authentication and authorization is performed according to a procedure pursuant to one of a plurality of hierarchy levels, whereby a combination of network elements involved in the roaming determines the hierarchy level to be used.
261 Citations
33 Claims
-
1. A method for authentication and authorization of a mobile terminal roaming to or in a foreign network different from its home network, the home network having an authentication and authorization home server, and the foreign network having a plurality of domains each of which comprises at least one local server for authentication, authorization and accounting, each of the local servers being connected to at least one network access server for handling access for mobile terminals roaming to or in the foreign network, the method comprises the steps of:
-
detecting a roaming of the mobile terminal;
identifying a combination of network elements involved in the detected roaming; and
selecting one of a plurality of authentication and authorization procedures to be performed based on the identified combination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for authentication and authorization of a mobile terminal roaming to or in a foreign network different from its home network, the system comprising an authentication and authorization home server in the home network, at least one local server for authentication, authorization and accounting in each of a plurality of domains of the foreign network, and at least one network access server for handling access of mobile terminals roaming to or in the foreign network, each of which network access servers being connectable to one of the local servers, the system comprises:
-
a detector for detecting a roaming of the mobile terminal;
an identifier for identifying a combination of network elements involved in the roaming being detected by the detector; and
a selector for selecting one of a plurality of authentication and authorization procedures to be performed based on the combination being identified by the identifier. - View Dependent Claims (15, 16)
-
-
17. A serving node for authentication, authorization and accounting in a domain of a network, the serving node being a local server of the domain to which a mobile terminal is attachable, which mobile terminal is registered with a home server of its home network, and the serving node being connectable to at least one network access server for handling access of mobile terminals roaming to or in the network, the serving node comprising:
an authentication and authorization processor for authentication and authorization of the mobile terminal, which processor is operable according to a procedure being selectable based on an identified combination of network elements which are involved in a detectable roaming of the mobile terminal. - View Dependent Claims (18, 19, 20, 21)
-
22. A home serving node for authentication, authorization and accounting in a domain of a network, the home serving node being a home server of a mobile terminal being attachable to another network, the home serving node comprising:
-
key generating means being configured to generate an encryption key for the mobile terminal using at least authentication information of the mobile terminal, which information is receivable from a serving node of the other network; and
a transceiver being configured to receive at least the authentication information from and to transmit the encryption key to the serving node. - View Dependent Claims (23)
-
-
24. A network access server being connectable to a local server of a domain of a network, the network access server comprising
accessing means being configured to handle access of a mobile terminal to the network; - and
a transceiver being configured to transmit and receive a local security information of the mobile terminal and other information to and from the connectable local server, another connectable network access server and a connectable mobile terminal;
wherein the network access server is adapted to authenticate and authorize according to a procedure being selectable based on an identified combination of network elements which are involved in a detectable roaming of the mobile terminal. - View Dependent Claims (25, 26, 27, 28, 29)
- and
-
30. A mobile terminal which is able to register with a home server in its home network and which is attachable to a foreign network by means of a network access server of the foreign network, the foreign network having a plurality of domains each of which comprises at least one local server for authentication, authorization and accounting, each of the local servers being connectable to at least one of the network access servers,
wherein the mobile terminal is configured to perform an authentication and authorization according to a procedure being selectable based on an identified combination of network elements which are involved in a detectable roaming of the mobile terminal.
Specification