发明名称 |
Managing user access in a communications network |
摘要 |
A method of operating a node for performing handover between access networks wherein a user has authenticated for network access in a first access network. The method comprises receiving from a home network a first session key and a temporary identifier allocated to the user for the duration of a communication session. The identifier is mapped to the first session key, and the mapped identifier and key are stored at the node. A second session key is derived from the first session key and the second session key is sent to an access network, and the identifier sent to a user terminal. When the user subsequently moves to a second access network, the node receives the identifier from the user terminal. The node then retrieves the first session key mapped to the received identifier, derives a third session key and sends the third session key to the second access network. |
申请公布号 |
US8885831(B2) |
申请公布日期 |
2014.11.11 |
申请号 |
US201313912377 |
申请日期 |
2013.06.07 |
申请人 |
Telefonaktiebolaget L M Ericsson (publ) |
发明人 |
Naslund Mats;Arkko Jari |
分类号 |
H04W12/02;H04L29/06;H04W12/04;H04W12/06;H04W80/04 |
主分类号 |
H04W12/02 |
代理机构 |
Rothwell, Figg, Ernst & Manbeck, P.C. |
代理人 |
Rothwell, Figg, Ernst & Manbeck, P.C. |
主权项 |
1. A method performed by a wireless communication device (WCD), comprising:
generating, by the WCD, a first session key; receiving, by the WCD, a temporary identifier allocated to the WCD for the duration of a communication session, wherein an authentication server stores a copy of the first session key and the temporary identifier so that the temporary identifier is mapped to the first session key; using, by the WCD, the first session key to encrypt first data; sending, by the WCD, the encrypted first data encrypted using the first session key to a first access point that has its own copy of the first session key or a key derived from the first session key; as part of a handover from the first access point to a second access point, the WCD sending to the second access point the temporary identifier, thus enabling the second access point to obtain from the authentication server a copy of the first session key or a key derived from the first session key; after sending to the second access point the temporary identifier, the WCD using the first session key to encrypt second data; and the WCD sending the encrypted second data encrypted using the first session key to the second access point. |
地址 |
Stockholm SE |