Ismael Hery

Bio: Ismael Hery is an academic researcher from Motorola. The author has contributed to research in topics: Private network & Gateway address. The author has an hindex of 1, co-authored 2 publications receiving 35 citations.

Communication between a private network and a roaming mobile terminal

Abstract: Communication between a private network (1) and a roamning mobile terminal (4), the private network (1) including a home agent (5) for the mobile terminal and a gateway (2, 3) through which, the communicationpassesand which-provides security protection for the private network (1).The protocolsof thecommunication Including security association bundles each include a security association between the mobile terminal (4) and the gateway (2, 3) for inbound communication and another security association for outbound communication. In response to a handover of communication causing an IP address. (MN Co c) of the mobile terminal (4), to change to a new IP address (MN: New Co c), the mobile termlnal updates its inbound security association from the, gateway (2, 3) so that it can receive packets sent to it with the new IP address (MN New Co c) as destination. It sends a first signalllng message with: the home agent (5) as destination: in a secure tunnel (20') to the gateway (2, 3), indicating the new IP address (MN,New Co c) in secure form to the home agent (5). The inbound security association of the gateway (2, 3 ) from the mobile terminal (4) accets,the first signalling message without cheking its source address. The gatewa (2, 3) forwards the first signalling message within the private network (1) to the home agent (5), the home agent (5) checks the validity of the first signalling message and, if It is valid, updates its address data and sends a second signalling message to the gateway (2,3) indicating the new address (MN New Co c). The gateway (2, 3) updates its outbound security association with the mobile terminal (4) in response to the new address (MN New Co c) indicated. Preferably, communication between the mobile node (4) and the gateway (2, 3) is in accordance with IPsec and an Encapsulating Security Paypepad protocol used in tunnel mode. Peferably, a registration reply for the mobile node (4) is included In the second signalling message

Configuring a user device to remotely access a private network

Abstract: Configuring a mobile device to remotely access a private network involves determining, via the private network, first network parameters that enable the mobile device utilize to a computing service of the private network. The device also determines, via a gateway coupled to the private network, second network parameters that allow the mobile to utilize the computing service via a public network. The first and second network parameters are stored on the mobile device. A request is received from a user of the mobile device to access the computing service. It is determined that the mobile device is not on the private network. In response to determining that the mobile device is not on the private network, the second network parameters are utilized to access the computing service via the gateway in response to the request.

Secure transport of multicast traffic

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header. The packet may then be forwarded on an interface toward at least one multicast recipient identified in the second header.

Virtual private networking with mobile communication continuity

Abstract: In general, a mobile virtual private network (VPN) is described in which service provider networks cooperate to dynamically extend a virtual routing area of a home service provider network to the edge of a visited service provider network and thereby enable IP address continuity for a roaming wireless device. In one example, a home service provider network allocates an IP address to a wireless device and establishes a mobile VPN. The home service provider network dynamically provisions a visited service provider network with the mobile VPN, when the wireless device attaches to an access network served by the visited service provider network, to enable the wireless device to exchange network traffic with the visited service provider network using the IP address allocated by the home service provider network.

Method and apparatus for flexible pilot pattern

Abstract: The application discloses a method for a wireless communication system determining a location in time of a sub-frame when SFN transmission for data will occur. Determining a first transmission pattern and a second transmission pattern for reference signals, wherein the transmission patterns indicate the symbols and tones of a sub-frame to use for reference signals. Selecting for use, between the first transmission pattern and second transmission pattern for reference signals depending on whether SFN data will be transmitted in the sub-frame. Broadcasting information about the selected transmission pattern prior to use thereof.

Establishment of a secure communication

Abstract: There is proposed a mechanism for establishing a secure communication between network elements in a communication network. The network nodes execute an authentication procedure with an authentication network element. The authentication network may also one of the network elements as a gateway element. Then, a respective data key for the network elements authenticated is generated and distributed to the gateway element by using a secure channel between the authentication network element and the gateway element. The data keys are stored the data keys in the gateway element. When a secure communication is to be setup, a respective session key is generated in the network elements intending to participate in the secure communication. The session keys are exchanged between the network elements intending to participate in the secure communication via secure channels between the gateway element and the network elements .