A telecommunications system and method is disclosed for implementing a Policy Enforcement Point (PEP) for an Internet Service Provider (ISP) at the subscriber premises. This PEP enforces policies with respect to authentication of subscribers, authorization to access and services, accounting and mobility of the subscribers. These policies are defined by the ISP operator in a Policy Decision Point (PDP), which is a server connected to the Internet that communicates with the PEP. In addition, the ISP can supply an encryption key for the PEP and an encryption key for a particular subscriber. Thus, all communications between the subscriber and the PEP, as well as between the PEP and the PDP can be encrypted.