Access through non-3GPP access networks
First Claim
1. A method of establishing connectivity from a user equipment to an external network through an access network, comprising:
- sending, to the access network from the user equipment, a request for a connectivity to the external network when the UE is not currently connected to the external network;
a node in the access network receiving the request and, in response thereto, initiating an authentication procedure for the user equipment by sending a message to an Authentication, Authorization, Accounting (AAA) server in a home network of the user equipment, the AAA server executing the authentication procedure; and
establishing the requested connectivity through the access network;
wherein a first message sent to the user equipment from the AAA server in the authentication procedure includes information indicative of whether the AAA server considers the access network to be trusted; and
wherein the user equipment, when establishing the requested connectivity, selectively sets up an Internet Protocol Security (IPSec) tunnel to a gateway in the home network based on the first message such that the user equipment;
does not set up an IPSec tunnel to the gateway if the first message indicates that the AAA server considers the access network to be trusted; and
does set up an IPSec tunnel to the gateway if the first message indicates that the AAA server considers the access network to be untrusted.
1 Assignment
0 Petitions
Accused Products
Abstract
When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication or at least one network properly relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a sue and network such as the home network (5) of the subscriber ask UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.
56 Citations
19 Claims
-
1. A method of establishing connectivity from a user equipment to an external network through an access network, comprising:
-
sending, to the access network from the user equipment, a request for a connectivity to the external network when the UE is not currently connected to the external network; a node in the access network receiving the request and, in response thereto, initiating an authentication procedure for the user equipment by sending a message to an Authentication, Authorization, Accounting (AAA) server in a home network of the user equipment, the AAA server executing the authentication procedure; and establishing the requested connectivity through the access network; wherein a first message sent to the user equipment from the AAA server in the authentication procedure includes information indicative of whether the AAA server considers the access network to be trusted; and wherein the user equipment, when establishing the requested connectivity, selectively sets up an Internet Protocol Security (IPSec) tunnel to a gateway in the home network based on the first message such that the user equipment; does not set up an IPSec tunnel to the gateway if the first message indicates that the AAA server considers the access network to be trusted; and does set up an IPSec tunnel to the gateway if the first message indicates that the AAA server considers the access network to be untrusted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A user equipment for communication to an external network through an access network, said user equipment comprising:
one or more processing circuits configured to; interpret a special condition indicated in a first message sent to the user equipment from an Authentication, Authorization, Accounting (AAA) server in a home network of the user equipment in an authentication procedure being part of setting up a connection from the user equipment to the external network through the access network when the user equipment is not currently connected to the external network, the special condition being indicative of whether the AAA server considers the access network to be trusted; and
elating to at least one network property of the access network; andsubsequently establish a connection to the external network that selectively includes an Internet Protocol Security (IPSec) tunnel to a gateway in the home network based on the special condition such that; the connection to the external network omits the IPSec tunnel if the special condition indicates that the AAA server considers the access network to be trusted; and the connection to the external network includes the IPSec tunnel if the special condition indicates that the AAA server considers the access network to be untrusted. - View Dependent Claims (11)
-
12. An Authentication, Authorization, Accounting (AAA) server in a home network of a user equipment, the AAA server configured to:
-
send information to the user equipment in an authentication procedure being part of establishing connectivity from the user equipment to an external network through an access network; wherein the AAA server is configured to introduce, in a message included in said information sent to the user equipment, special information indicating a special condition indicative of whether the AAA server considers the access network to be trusted, or to modify said message to indicate the special condition, to control whether the user equipment, when not already connected to the external network, sets up an Internet Protocol Security (IPSec) tunnel to a gateway in the home network to establish a connection to the external network through the access network. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer program product for use by a user equipment related to an Authentication, Authorization, Accounting (AAA) server in a home network of the user equipment, the computer product being stored in non-transitory electronic memory carrying computer readable instructions which when run by the user equipment causes the user equipment to:
-
interpret a special condition indicated in one of the messages sent to the user equipment from the AAA server in an authentication procedure being part of setting up a connection from the user equipment to an external network through an access network when the user equipment is not already connected to the external network, the special condition being indicative of whether the AAA server considers the access network to be trusted; and subsequently establish a connection to the external network that selectively includes an Internet Protocol Security (IPSec) tunnel to a gateway in the home network based on the special condition such that the connection to the external network; omits the IPSec tunnel if the special condition indicates that the AAA server considers the access network to be trusted; and includes the IPSec tunnel if the special condition indicates that the AAA server considers the access network to be untrusted.
-
-
19. A computer program product, for use by an Authentication, Authorization, Accounting (AAA) server in a home network of a user equipment, the computer program product being stored in non-transitory electronic memory carrying computer readable instructions which when run by the AAA server causes the AAA server to:
-
introduce, in a message included in information sent to the user equipment, special information indicative of whether the AAA server considers an access network through which a connection to the user equipment is to be set up to be trusted, to control whether the user equipment, when not already connected to an external network, sets up an Internet Protocol Security (IPSec) tunnel to a gateway in the home network to establish a connection to the external network through the access network;
ormodify said message to indicate the special condition.
-
Specification