| Patent application number | Description | Published |
|---|
| 20090093232 | PROVISIONING COMMUNICATION NODES - Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon. | 04-09-2009 |
| 20090094351 | ACCESS TERMINAL CONFIGURATION AND ACCESS CONTROL - Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon. | 04-09-2009 |
| 20090094680 | ACCESS MANAGEMENT FOR WIRELESS COMMUNICATION - Provisioning and access control for communication nodes involves assigning identifiers to sets of nodes where the identifiers may be used to control access to restricted access nodes that provide certain services only to certain defined sets of nodes. In some aspects provisioning a node may involve providing a unique identifier for sets of one or more nodes such as restricted access points and access terminals that are authorized to receive service from the restricted access points. Access control may be provided by operation of a restricted access point and/or a network node. In some aspects, provisioning a node involves providing a preferred roaming list for the node. In some aspects, a node may be provisioned with a preferred roaming list through the use of a bootstrap beacon. | 04-09-2009 |
| 20100124228 | REMOTE ACCESS TO LOCAL NETWORK - Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel. | 05-20-2010 |
| 20100125899 | REMOTE ACCESS TO LOCAL NETWORK VIA SECURITY GATEWAY - Multiple protocol tunnels (e.g., IPsec tunnels) are deployed to enable an access terminal that is connected to a network to access a local network associated with a femto access point. A first protocol tunnel is established between a security gateway and the femto access point. A second protocol tunnel is then established in either of two ways. In some implementations the second protocol tunnel is established between the access terminal and the security gateway. In other implementations the second protocol tunnel is established between the access terminal and the femto access point, whereby a portion of the tunnel is routed through the first tunnel. | 05-20-2010 |
| 20100130171 | METHOD AND APPARATUS TO PERFORM SECURE REGISTRATION OF FEMTO ACCESS POINTS - Methods, apparatus, and systems to perform secure registration of a femto access point for trusted access to an operator-controlled network element. Method steps include establishing a security association for at least one said femto access point, making a request using the security association to an operator-controlled network element, which requests a secure registration credential from an authorizing component. The operator-controlled network element constructs a secure registration credential and sends the secure registration credential to the requesting femto access point, thus authorizing trusted access by the requesting femto access point to access operator-controlled network elements. Embodiments include establishing a security association via an IPsec security association received from a security gateway which is within an operator-controlled domain and using an operator-controlled database of IPsec inner addresses. In some embodiments the femto access point conducts message exchanges using one or more IMS protocols and components, including call session control function elements, which elements in turn may authorize a femto access point within the IMS domain, may or access non-IMS network elements for authorization. | 05-27-2010 |
| 20100284304 | METHOD AND APPARATUS TO ESTABLISH TRUST AND SECURE CONNECTION VIA A MUTUALLY TRUSTED INTERMEDIARY - Systems and methods for establishing secure communications between two network elements through a trusted intermediary when no direct communication path is available. Separate secure communication links are established between the network elements and the trusted intermediary to facilitate secure end to end communication. | 11-11-2010 |
| 20110119492 | Apparatus and Method for Over-the-Air (OTA) Provisioning of Authentication and Key Agreement (AKA) Credentials Between Two Access Systems - A method and apparatus for over-the-air provisioning of authentication credentials at an access device via a first access system, wherein the authentication credentials are for a second access system lacking an over-the-air provisioning procedure. For example, the second access system may be a 3GPP system using AKA authentication methods. The first access system may be CDMA, using an OTASP or IOTA procedure. Provisioning the authentication credentials may include provisioning any of a 3GPP AKA authentication root key (K), AKA authentication related parameters, an AKA authentication algorithm to be used in the 3GPP authentication, or authentication algorithm customization parameters. | 05-19-2011 |
| 20110134837 | FEMTOCELL ACCESS CONTROL - Access by a mobile station to a femto access point (FAP) of a wireless communication system is controlled by an enforcement point in response to mobile station authorization data provided from a storage point that is remote from the FAP. The authorization data is provided in response to FAP authentication data. The authentication data may include a FAP identifier and a message authenticator that the FAP generates by hashing shared secret information. The storage point may provide the authorization data in response to determining that the message authenticator is a hash of the shared secret information. | 06-09-2011 |
| 20110159841 | SYSTEMS, APPARATUS AND METHODS TO FACILITATE HANDOVER SECURITY - Systems, methods and apparatus for facilitating handover security are provided. In some embodiments, the method can include deriving a key value for handover from a GERAN/UTRAN system to an E-UTRAN system using a first input value. The method can also include deriving a key value for a connection establishment using a second input value, wherein the first input value is different from the second input value and is different from input values derived subsequent to the second input value, and wherein the first input value, the second input value and the input values derived subsequent to the second input value are configured to be input to a same key derivation function configured to output a key for use between a network entity and user equipment. | 06-30-2011 |
