Telecommunications system and method for communicating internet packets between an external packet data communications network and a packet radio network
First Claim
1. A telecommunications system for communicating internet packets between a mobile communications user equipment forming a correspondent node and a mobile node via an external packet data communications network, the system comprising:
- a packet radio network operable to provide a plurality of packet data bearers for communicating the internet packets with nodes attached to the packet radio network, each of the bearers being defined with respect to a source address of the internet packets, the packet radio network including a gateway support node operable to provide an interface between the external network and the packet radio network, whereinthe gateway support node is operableto detect whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update,to confirm the care of address as a legitimate destination address of the mobile node, andto allow egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the gateway support node to the external network if the care of address is legitimate and block any internet packets sent from the correspondent node using a destination address which is not legitimate;
wherein the gateway support node includes a security function operable to control the egress of the internet packets from the packet radio network by comparing the destination address of the internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, the security function allowing egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, the care-of-address of the mobile node being added to the list upon detecting the binding update.
5 Assignments
0 Petitions
Accused Products
Abstract
A telecommunications system for communicating internet packets between a correspondent node and a mobile node. The system comprises a packet radio network providing packet data bearers for communicating internet packets with nodes. Each of the bearers is defined with respect to a source address of the internet packets, the packet radio network including a gateway support node (GGSN) to provide an interface between the external network and the packet radio network. The GGSN detects whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node. If the internet packet is a binding update, the GGSN allows egress of internet packets sent from the correspondent node. By allowing egress of packets from the correspondent node having this care-of-address as the destination address, a measure of security is provided.
30 Citations
44 Claims
-
1. A telecommunications system for communicating internet packets between a mobile communications user equipment forming a correspondent node and a mobile node via an external packet data communications network, the system comprising:
-
a packet radio network operable to provide a plurality of packet data bearers for communicating the internet packets with nodes attached to the packet radio network, each of the bearers being defined with respect to a source address of the internet packets, the packet radio network including a gateway support node operable to provide an interface between the external network and the packet radio network, wherein the gateway support node is operable to detect whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, to confirm the care of address as a legitimate destination address of the mobile node, and to allow egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the gateway support node to the external network if the care of address is legitimate and block any internet packets sent from the correspondent node using a destination address which is not legitimate; wherein the gateway support node includes a security function operable to control the egress of the internet packets from the packet radio network by comparing the destination address of the internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, the security function allowing egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, the care-of-address of the mobile node being added to the list upon detecting the binding update. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A gateway support node for communicating internet packets between an external packet data communications network and a packet radio network, the packet radio network providing a plurality of packet data bearers for communicating the internet packets, each of the bearers being defined with respect to a source address of the internet packets, wherein the gateway support node is operable
to detect whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, to confirm the care of address as a legitimate destination address of the mobile node, and to allow egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the gateway support node to the external network if the care of address is legitimate and block any internet packets sent from the correspondent node using a destination address which is not legitimate; wherein the gateway support node includes a security function operable to control the egress of the internet packets from the packet radio network by comparing the destination address of an internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, the security function allowing the egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, wherein the care-of-address of the mobile node is added to the list, upon detecting the binding update. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
30. A method of communicating internet packets between an external packet data communications network and a packet radio network, the packet radio network providing a plurality of packet data bearers for communicating internet packets, each of the bearers being defined with respect to a source address of the internet packets, the method comprising:
-
detecting whether an internet packet is for providing a binding update to a correspondent node of a first source address of a mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, confirming the care of address as a legitimate destination address of the mobile node, and allowing egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the packet radio network to the external network if the care of address is legitimate and blocking any internet packets sent from the correspondent node using an unauthorized address which is not legitimate by; comparing the destination address of an internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, allowing the egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, wherein the care-of-address of the mobile node is added to the list upon detecting the binding update. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer program providing computer executable instructions, the computer program loaded on to a data processor configuring the data processor to operate as a gateway support node
for communicating internet packets between an external packet data communications network and a packet radio network, the packet radio network providing a plurality of packet data bearers for communicating the internet packets, each of the bearers being defined with respect to a source address of the internet packets, wherein the gateway support node is operable to detect whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, to confirm the care of address as a legitimate destination address of the mobile node, and to allow egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the gateway support node to the external network if the care of address is legitimate and block any internet packets sent from the correspondent node using a destination address which is not legitimate; wherein the gateway support node includes a security function operable to control the egress of the internet packets from the packet radio network by comparing the destination address of the internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, the security function allowing egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, the care-of-address of the mobile node being added to the list upon detecting the binding update.
-
43. A computer program having computer executable instructions, the computer program loaded on to a data processor causing the data processor to perform a method comprising:
-
communicating internet packets between an external packet data communications network and a packet radio network, the packet radio network providing a plurality of packet data bearers for communicating internet packets, each of the bearers being defined with respect to a source address of the internet packets, the method comprising detecting whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, confirming the care of address as a legitimate destination address of the mobile node, and allowing egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the packet radio network to the external network if the care of address is legitimate and blocking any internet packets sent from the correspondent node using a destination address which is not legitimate by; comparing the destination address of an internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, allowing the egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, wherein the care-of-address of the mobile node is added to the list upon detecting the binding update.
-
-
44. A telecommunications system for communicating internet packets between a mobile communications user equipment forming a correspondent node and a mobile node via an external packet data communications network, the system comprising:
-
a packet radio network operable to provide a plurality of packet data bearers for communicating the internet packets with nodes attached to the packet radio network, each of the bearers being defined with respect to a source address of the internet packets, the packet radio network including a gateway support node operable to provide an interface between the external network and the packet radio network, wherein the gateway support node is operable to detect whether an internet packet is for providing a binding update to the correspondent node of a first source address of the mobile node to a care-of-address of the mobile node, and if the internet packet is a binding update, to confirm a hop-by-hop field contains a legitimate care-of-address and the source address contains a legitimate address of the mobile node, and to allow egress of internet packets sent from the correspondent node having the care-of-address of the mobile node as the destination address from the gateway support node to the external network if the hop-by-hop field contains the legitimate care-of-address and the source address contains the legitimate address and block any internet packets sent from the correspondent node using a destination address which is not legitimate; wherein the gateway support node includes a security function operable to control the egress of the internet packets from the packet radio network by comparing the destination address of the internet packet sent from the correspondent node with a list of legitimate destination addresses stored in a data store, the security function allowing egress of the internet packet from the packet radio network if the destination address of the internet packet appears in the list, and otherwise dropping the internet packet, the care-of-address of the mobile node being added to the list upon detecting the binding update.
-
Specification