| 发明名称 | Managing user access in a communications network | ||
| 摘要 | A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network. | ||
| 申请公布号 | US8885831(B2) | 申请公布日期 | 2014.11.11 |
| 申请号 | US201313912377 | 申请日期 | 2013.06.07 |
| 申请人 | Telefonaktiebolaget L M Ericsson (publ) | 发明人 | Naslund Mats;Arkko Jari |
| 分类号 | H04W12/02;H04L29/06;H04W12/04;H04W12/06;H04W80/04 | 主分类号 | H04W12/02 |
| 代理机构 | Rothwell, Figg, Ernst & Manbeck, P.C. | 代理人 | Rothwell, Figg, Ernst & Manbeck, P.C. |
| 主权项 | 1. A method performed by a wireless communication device (WCD), comprising: generating, by the WCD, a first session key; receiving, by the WCD, a temporary identifier allocated to the WCD for the duration of a communication session, wherein an authentication server stores a copy of the first session key and the temporary identifier so that the temporary identifier is mapped to the first session key; using, by the WCD, the first session key to encrypt first data; sending, by the WCD, the encrypted first data encrypted using the first session key to a first access point that has its own copy of the first session key or a key derived from the first session key; as part of a handover from the first access point to a second access point, the WCD sending to the second access point the temporary identifier, thus enabling the second access point to obtain from the authentication server a copy of the first session key or a key derived from the first session key; after sending to the second access point the temporary identifier, the WCD using the first session key to encrypt second data; and the WCD sending the encrypted second data encrypted using the first session key to the second access point. | ||
| 地址 | Stockholm SE | ||