Method for network access, related network and computer program product therefor

摘要

A method of providing access of a mobile terminal to an IP network includes establishing a security association between the mobile terminal and a first security gateway of a first router in said plurality of routers. The mobile terminal is provided access to the IP network via the first router, and the data exchanged between the mobile terminal and the first router is encapsulated by using the security association. The security association is made available to at least one second router having a second security gateway. The mobile terminal is provided access to the IP network via said the second router, and data exchanged between the mobile terminal and the second router is encapsulated by using the same security association. Establishing the security association includes assigning a Security Parameter Index that identifies univocally the first security gateway and the security association. Making the security association available to the second router includes making available to the second router the Security Parameter Index. The second router may thus have access to the security association either by requesting it from the first router or by identifying it in a set of security associations sent from the first router to a set of routers candidate to become the second router as result of the mobility of the mobile terminal.

主权项

1. A method of providing access of a mobile terminal to an IP network via a plurality of routers having security gateways, the method including:
establishing a connection between said mobile terminal and an access point associated with a first access network, establishing a security association between said mobile terminal and a first security gateway of a first router in said plurality of routers, associating an IP address to said mobile terminal and providing said mobile terminal having associated said IP address access to said IP network via said first access network and said first router, wherein a first data exchanged between said mobile terminal having associated said IP address and said first router is encapsulated by using said security association, responsive to establishing a connection between said mobile terminal and an access point associated with a second access network, determining that said mobile terminal has attempted to access said IP network via said second access network and at least one second router in the plurality of routers instead of via said access point associated with said first access network and said at least one first router, said at least one second router having a second security gateway different from said first security gateway, making said security association available to said at least one second router in said plurality of routers, and providing said mobile terminal having associated said IP address access to said IP network via said at least one access points associated with said second access network and said at least one second router, wherein a second data exchanged between said mobile terminal having associated said IP address and said at least one second router is encapsulated by using said security association made available to said at least one second router, and wherein: establishing said security association between said mobile terminal and said first security gateway includes assigning a Security Parameter Index to said security association, said Security Parameter Index identifying univocally said first security gateway and said security association; making said security association available to said at least one second router includes making said Security Parameter Index available to said at least one second router to enable said at least one second router to have access to said security association; and encapsulating said second data using said security association includes encrypting said second data using said security association and creating a data packet comprising said Security Parameter Index and said encrypted second data.