480 results about "Network access server" patented technology

A system and method are disclosed for providing ubiquitous public network access to wireless, mobile terminals using private networks having private network access points and connections with the public network. The wireless, mobile terminals are permitted to use wireless, radio frequency communication devices comprising private network access points. A network access server (NAS) is associated with each wireless, radio frequency communication device and provides an interface between the wireless, mobile terminals and the private network. The NAS controls registration of wireless, mobile terminals as subscribers, and provides public network access to the mobile terminals through the private network's access point and public network connection. The NAS also restricts access by the mobile terminals to the private network, meters network useage by the mobile terminals, and controls use of bandwidth by the mobile terminals. The NAS also interfaces with integration operator distributed services over the public network. The integration operator services include databases and servers for storing and providing subscriber and network provider information for subscriber registration, network access and useage control, and accounting purposes. The NAS may be provided as a standalone element embodied in a computer, or may be integrated with the wireless radio frequency device and/or a network adaptor device for the private network.

A method, system, and network elements for authentication and authorization of a mobile terminal (MT) roaming to or in a foreign network different from its home network is provided, the home network having an authentication and authorization home server (AAAH), and the foreign network having a plurality of domains each of which comprises at least one local server (AAAL1, AAAL2) for authentication, authorization and accounting, each of which local servers being connected to at least one network access server (NAS) for handling access for mobile terminals roaming to or in the foreign network, wherein an authentication and authorization of the mobile terminal is performed whenever the mobile terminal performs a roaming, wherein the authentication and authorization is performed according to a procedure pursuant to one of a plurality of hierarchy levels, whereby a combination of network elements involved in the roaming determines the hierarchy level to be used.

A method of finding a mobile wireless communications device when an Internet Protocol (IP) packet from a remote user is sent to the device over an IP network. The mobile device does not have to register with the IP network in order to receive the IP. The method comprises the steps of receiving the IP packet at a home agent associated with a wireless communications network. The IP packet includes an IP address assigned to the device. If there is no current mobility binding record for the mobile device, instead of dropping the packet the home agent sends an access-request packet, containing the IP address, to an authentication server. The authentication server, e.g., a RADIUS server, maintains a table mapping the IP address for the device to an identification number uniquely associated with the device, such as the device's International Mobile Subscriber Identity number. The authentication server sends an access-accept packet to the home agent in the event that the device is authorized to receive the IP packet, in which case the access-accept packet includes the identification information. The home agent uses the identification number to locate, page and automatically connect the wireless device to the IP network via an InterWorking Unit (IWU) configured as a IP network access server.

The invention relates to a traffic-free downloading method, device and system based on a mobile terminal. The traffic-free downloading method, device and system are used for solving the problems that when network content is downloaded by a mobile terminal in the prior art, a user of the mobile terminal needs to pay lots of traffic fees, and accordingly user downloading enthusiasm is obviously lowered. The traffic-free downloading method comprises the steps that downloading channels with traffic-free identifications are configured for multiple terms of network content provided by a network content server, and the downloading channels and the traffic-free identifications of the downloading channels are supplied to a network access server; a special traffic-free downloading region where the multiple terms of network content can be downloaded according to a traffic-free mode is supplied to the mobile terminal through the network access server, wherein a plurality of downloading ports corresponding to all the terms of network content are formed in the special traffic-free downloading region, and each downloading port is used for being connected into one downloading channel so that the network content corresponding to the downloading port can be downloaded.

In a typical remote access application, such as access from the home to a packet-switched high speed network such as the Internet, the low-speed dial up connection to a network access is the main bottleneck in terms of the bandwidth and efficiency of transfer of data across the network access server. The present invention increases throughput through the network access server by identifying and dropping redundant, e.g., retransmitted, packets en route from the LAN or WAN to the remote terminal, thereby preserving precious bandwidth.

A method for coordinating and controlling multiple data streams representing a data transmission session that terminate in different termination units (such as network access servers) using a virtual data stream tunnel is presented. The data streams are transmitted over two or more links, collectively forming a "bundle. One of the termination units that receives a data stream is designated as the termination unit to receive and reconstruct a call. The designated termination unit is the "owner" of the bundle. A termination unit that is a not a bundle owner creates a virtual tunnel to the termination unit that is the bundle owner, and sends data streams through the virtual tunnel to the bundle owner to reconstruct the call. The designated termination unit reconstructs the data streams for the bundle and directs the bundle to a destination.

A method and apparatus for distributing protocol processing among a plurality of computing platforms. Data communications equipment such as Remote Access Devices, Communication Servers, Terminal Servers, and Dial-up Routers provide single user or large-scale multiple user communication access to various computing environments. The equipment costs and performance of such access equipment is related to the amount of CPU processing capability and memory required to support the desired number of serial communication links. It is common to use protocols that terminate in their entirely in the same processing machine. This invention encompasses methods developed to increase the cost/performance capabilities of the communication equipment that supports these serial links, primarily by means of distributing the protocol processing for higher level protocols across multiple computing platforms, including devices such as modems. Examples of such higher level protocols include PPP, SLIP and RTP.

A network access server providing remote access to an IP network for a remote client initiates a PPP connection for a remote client quickly, and without requiring re-negotiation of Link Control Protocols and Network Control Protocols. The network access server has a PPP session with the remote client go dormant, for example when the user is a wireless user and goes out of range of a radio tower and associated base station. The network access server does not get rid of the PPP state for the dormant session, but rather switches that PPP state to a new session, such as when the client moves into range of a different radio tower and associated base station and initiates a new active session on the interface to the wireless network. The switching of PPP states may be within a single network access server, or from one network access server to another. This "context switching" of the active PPP session allows the mobile user to seamlessly move about the wireless network without having to re-negotiate Link Control Protocols and Network Control Protocols every time they move out of range of one radio tower and into range of another radio tower.

In a General Packet Radio Service (GPRS) network, a system and method of dynamically allocating an Internet Protocol (IP) address to a mobile terminal (MT) operating in the network. A Gateway GPRS Service Node (GGSN) requests IP addresses over the Gi interface from a Radius server in an IP-based network. A Conditional PDP Address (CPA) parameter is stored in the MT's Home Location Register (HLR) as part of the user subscriber data, and is passed to the GGSN during the GPRS Attach procedure. The CPA parameter indicates whether the subscriber is entitled to a backup IP address in case of failure to obtain one over the Gi interface, and whether the MT is a user of a real-time application. A timer in the GGSN sets a maximum time period (Ti) that the GGSN will wait for a response from the server, and a counter (Ni) sets the maximum number of requests that are sent. A Network Access Server (NAS) in the GGSN sends a request for an IP address from the GGSN to the server, and determines whether Ti expires without receiving a response from the server. If no response is received, the GGSN allocates an IP address. A public IP address is allocated only if the MT is a user of a real-time application. Otherwise, a private IP address is allocated.

A high density network access server implements a tunneling protocol between a modem module and a route server module. PPP and routing control packets received from the PPP link are tunneled to the route server for processing. The IP data packet forwarding function for the network access server is distributed directly to the modem modules. The combination of distributed PPP processing and distributed IP data packet forwarding enables the capacity of the network access server to be scaled to orders of magnitude greater than previously known, to handle thousands or even tens of thousands of simultaneous data sessions.

An access server architecture, and methods for use of the architecture to increase the scalability of and balance processor load for a network access server device, are disclosed. In this architecture, packet forwarding and packet processing are distributed amongst cards serving low-speed access lines (i.e., line cards). Thus, as the number of line cards expands, forwarding resources are expanded in at least rough proportion. The NAS route switch controller and the high-speed ports used to access the network are largely relieved of packet processing tasks for traffic passing through the server. The egress port uses a distribution engine that performs the routing lookup for packets received at the high-speed interface, tags the packets with an adjacency table pointer, and sends them to the appropriate forwarding engine for packet processing. The route switch controller, largely uninvolved in the processing of packets, updates routing information needed by each distribution or forwarding engine.

A Virtual Single Account (VSA) system that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.

A method and apparatus is provided for controlling network access in a communication system comprising a packet data network and a circuit switched network. The packet data network receives, from the circuit switched network, a message indicating that the circuit switched network is congested. In response to receiving the indication, the packet data network broadcasts a message informing that access to one or more services of the circuit switched network is restricted. In various embodiments, the message received from the circuit switched network may include access class barring parameters identifying one or more classes of user equipment or service classes that are one or more of being barred from accessing the circuit switched network or whose access to the circuit switched network is being reduced and/or may identify one or more coverage areas or access nodes of the circuit switched network where access is being restricted.

A method of populating a location information database for use in providing a location-based service to a host device that is an endpoint of a logical connection between the host device and a network access server. The method comprises receiving from the host device over the logical connection a request for network access; assigning a logical identifier to the host device in response to the receiving; determining a physical location associated with the endpoint of the logical connection; creating an association between the logical identifier and the physical location; and storing the association in the location information database.

A system for streaming packet captures over the Internet includes multiple network access devices, each operating as one of a gateway device, a wireless access point, and a network switch, and a management server communicatively coupled to the network access devices over the Internet for managing the network access devices. The management server maintains a persistent hypertext transport protocol (HTTP) connection with each of the network access devices over the Internet. The management server is to generate a bytecode based on a filtering expression for packet captures (PCAPs) representing one or more PCAPs filtering rules, transmit the bytecode to the network access devices without requiring the network access devices to compile the PCAPs filtering rules, receive PCAPs from the network access devices captured by the network access devices based on the PCAPs filtering rules, and merge the PCAPs received from the network access devices into merged PCAPs.

A method for providing a network connection includes a step of initiating an EAP connection between a device seeking network access and a network by way of a network access server. The network access server is configured to selectively permit-or deny-network access. Using EAP formatted messages, the device seeking network access negotiates for an additional credential that grants an authorization for a service other than network access. The network preferably provides the credential prior to completing the EAP process for granting network access.

An access method and a system for User Equipment (UE), and a network access device are disclosed. The access method for UE includes: sending a second Random Access Channel (RACH) message that carries Transmission Time Interval (TTI) bundling setting information to a UE after receiving a first RACH message from the UE; and receiving a third RACH message transmitted by the UE in a mode indicated by the TTI bundling setting information. With the access method and system for UE and the network access device, the second RACH message carries TTI bundling setting information so that the UE may send the third RACH message in a TTI bundling mode. Therefore, the time of random access is effectively saved. Moreover, when a UE is power-limited, the UE may send the third RACH message in a TTI bundling mode, so that the random access rate of the UE is improved.

An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for forwarding authentication requests by tunneling interactions between the requesting client and an identity provider.

In a packet-switched network, a subscribing application subscribes to a network presence server to receive selected network presence information. The network presence server obtains the selected network presence information, at least in part, from status messages that a network access server, such as a packet data serving node (PDSN), sends, for example, to an accounting server. The network presence server then provides the selected network presence information to the subscribing application. The selected network presence information may include an identification of a particular customer that has just initiated or terminated a data session and the network address the particular customer is or was using.

Methods and systems for initiating a collaboration between users are disclosed. An application server receives information pertaining to a call to a first user placed by a second user. A notification server sends notification of the call to a device associated with the first user. A network access server may then receive a response to the notification. Thereafter, the notification server sends a notification of a collaboration request to a device associated with the second user based on the response, and the application server initiates a collaboration between the first user and the second user based on a determination that the second user accepts the collaboration request.

The invention discloses a GSM network access system. An access subsystem ASS comprises an access entity AE, a gateway entity GE and a management entity ME; the access entity AE is used for providing Um interface access for a terminal MS and sending a request to the ME to obtain the basic information of the target GE serving the AE, and is responsible for sending an AE registration request message and an MS registration request message to the GE; the gateway entity GE is used for authenticating the access of the AE, authenticating the AE according to the AE registration request message and controlling the access of the MS according to the MS registration request message; and the management entity ME is used for searching the target GE according to the messaged for requesting the target GE to serve the AE sent by the AE and returning the mark of the serving GE to the AE. The GSM network access system can increase the flexibility of GSM network access and reduce the implementation cost of an access network.