Telefonaktiebolaget LM Ericsson (publ)
Multiple PDN connections over untrusted WLAN access

Abstract:

Embodiments of this invention relate to methods and apparatus for establishing additional simultaneous packet data network (PDN) connections between a User Equipment (UE) and an evolved packet core network (EPC) over an untrusted WiFi network. The UE is attached to the EPC through a security gateway over a first PDN connection over which the UE is authenticated and has established an Internet Key Exchange Security Association (IKE SA) and a first Internet Protocol Security SA (IPSec SA). The UE then establishes an additional PDN connection using a new IKE request/response exchange or an enhanced IKE CREATE_CHILD_SA exchange that is cryptographically protected using algorithms and keys negotiated during the first PDN connection, hence improving delay and battery life of the UE as the UE no longer needs, for each additional PDN connection, to negotiate an individual IKE SA and to authenticate the UE.