-
11.发明授权Mobile network managing apparatus and mobile information managing apparatus for controlling access requests 有权用于控制访问请求的移动网络管理装置和移动信息管理装置公开(公告)号:US08539554B2
公开(公告)日:2013-09-17
申请号:US12158968
申请日:2006-12-26
申请人: Jun Hirano , Keigo Aso , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
发明人: Jun Hirano , Keigo Aso , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
IPC分类号: G06F7/04
CPC分类号: H04W12/08 , H04L12/2818 , H04L12/283 , H04L12/2898 , H04L12/4633 , H04L63/0272 , H04L63/104 , H04L63/20 , H04W76/10 , H04W80/04 , H04W84/005
摘要: Disclosed is a technique capable of proper execution of access control based on various security policies set by a home user with regards to a packet sent from a visitor node. According to the technique, a MR (Mobile Router) 10 which manages a mobile PAN 30 determines whether a sender of a packet from a communication terminal connected to the mobile PAN is a home user's node which is allowed direct access into a home network or a visitor node (VN 31), and forwards the packet from the home user's node to an HA 20 while forwarding the packet from the visitor node to a policy server 36 located in a DMZ 35. This allows the policy server to perform access control on every packet from a visitor node which attempts to gain access into the home network based on a security policy 36a.
摘要翻译: 公开了一种能够基于由用户对由访问者节点发送的分组设置的各种安全策略来适当地执行访问控制的技术。 根据该技术,管理移动PAN30的MR(移动路由器)10确定来自连接到移动PAN的通信终端的分组的发送者是否是被允许直接访问家庭网络的家庭用户节点,或者 访问节点(VN31),并且将分组从归属用户节点转发到HA 20,同时将分组从访问节点转发到位于DMZ 35中的策略服务器36.这允许策略服务器对每个 来自访问节点的分组,其尝试基于安全策略36a来访问归属网络。
-
公开(公告)号:US08249086B2
公开(公告)日:2012-08-21
申请号:US12302845
申请日:2007-06-14
申请人: Jun Hirano , Keigo Aso , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
发明人: Jun Hirano , Keigo Aso , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
IPC分类号: H04L12/56
CPC分类号: H04L47/2491 , H04L12/66 , H04L29/12226 , H04L45/38 , H04L61/2015 , H04L61/2061 , H04W8/26 , H04W28/10 , H04W60/005 , H04W80/04 , H04W84/005
摘要: Disclosed is a technique which enables a mobile node (MN) connected to a mobile router (MR) to carry out flow filtering in a mobile network. This technique allows an MN 25 in a mobile network 24 to set a policy needed for the flow filtering in an MR 10 and, in the present invention, an MR inserts an egress characteristic thereof into, for example, a router advertisement message so that the egress characteristic, a node in a mobile network cannot grasp originally, can be advertised to the interior of the mobile network. Thus, the MN can grasp a characteristic of an access network (characteristic of access system 20) even in a case in which it is connected to the MR, which achieves intelligent flow filtering.
摘要翻译: 公开了一种使与移动路由器(MR)连接的移动节点(MN)能够在移动网络中进行流量过滤的技术。 该技术允许移动网络24中的MN 25设置MR 10中的流量过滤所需的策略,并且在本发明中,MR将其出口特性插入到例如路由器通告消息中,使得 出口特性,移动网络中的一个节点最初无法掌握,可以通告给移动网络的内部。 因此,即使在连接到MR的情况下,MN也可以掌握接入网络的特性(接入系统20的特性),从而实现智能流量过滤。
-
13.发明申请ADDRESS ALLOCATION METHOD, ADDRESS ALLOCATION SYSTEM, MOBILE NODE, AND PROXY NODE 审中-公开地址分配方法,地址分配系统,移动节点和代理节点公开(公告)号:US20100268804A1
公开(公告)日:2010-10-21
申请号:US12742631
申请日:2008-11-18
申请人: Keigo Aso , Jun Hirano , Chun Keong Benjamin Lim , Mohana Dhamayanthi Jeyatharan , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
发明人: Keigo Aso , Jun Hirano , Chun Keong Benjamin Lim , Mohana Dhamayanthi Jeyatharan , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
IPC分类号: G06F15/177
CPC分类号: H04L61/2007 , H04L29/12216 , H04L29/12952 , H04L61/6077 , H04W8/26 , H04W60/005 , H04W80/04
摘要: Disclosed is a technique for switching a forwarding address of a packet destined for a mobile node in a local mobility domain when the mobile node has a plurality of interfaces so that the packet will be forwarded to the mobile node. According to the technique, an MN 101 receives network information 40 including a domain ID 402 from a network through two or more IFs 1010 and 1011. Based on the domain ID 402 in the network information received, when determining that the IFs 1010 and 1011 are attached to the same domain, the MN 101 decides to allocate the same address to the IFs 1010 and 1011, and requests MAGs 111 and 112 connected to the IFs 1010 and 1011, respectively, to bind the same address to each of link identifiers of the IFs 1010 and 1011. Based on the request, the MAGs 111 and 112 perform binding to forward, to the MN 101, packets destined to the same address of the MN 101.
摘要翻译: 公开了一种用于在移动节点具有多个接口时切换目的地为本地移动性域中的移动节点的分组的转发地址的技术,使得分组将被转发到移动节点。 根据该技术,MN 101通过两个以上的IF 1010和1011从网络接收包括域ID 402的网络信息40.根据接收的网络信息中的域ID 402,当确定IF1010和1011是 MN 101决定向IF1010和1011分配相同的地址,并且分别请求连接到IF1010和1011的MAG111和112将相同的地址绑定到每个链路标识符 IF1010和1011.根据该请求,MAG 111和112向MN 101执行绑定以转发到MN101的相同地址的分组。
-
公开(公告)号:US20100067381A1
公开(公告)日:2010-03-18
申请号:US12531861
申请日:2008-03-13
CPC分类号: H04W8/12 , H04W60/005 , H04W76/15 , H04W80/04
摘要: A technology is disclosed for appropriately providing a certain service desired by a mobile node, even in an environment including overlay network nodes providing different functions. In the technology, a mobile node (MN) 110 implements Monami6 protocol and transmits a binding update message requesting a service based on the Monami6 protocol. On the other hand, an overlay network is present on a network, the overlay network in which a home agent (MCHA) implementing the Monami6 protocol and a home agent (MSHA) not implementing the Monami6 protocol cooperate to provide functions of an HA. In this instance, for example, an MSHA 150 that receives a message from the mobile node via a path 112 sends the request to an MCHA implementing the Monami6 protocol (such as an MCHA 130) and makes the MCHA process the request.
摘要翻译: 公开了一种用于适当地提供移动节点期望的特定服务的技术,即使在包括提供不同功能的覆盖网络节点的环境中也是如此。 在该技术中,移动节点(MN)110实现Monami6协议,并且基于Monami6协议传送请求服务的绑定更新消息。 另一方面,在网络上存在覆盖网络,其中实现Monami6协议的归属代理(MCHA)和不实现Monami6协议的归属代理(MSHA)协作以提供HA的功能的覆盖网络。 在这种情况下,例如,经由路径112从移动节点接收消息的MSHA 150将请求发送到实施Monami6协议(例如MCHA 130)的MCHA,并使得MCHA处理请求。
-
公开(公告)号:US20090285103A1
公开(公告)日:2009-11-19
申请号:US12307559
申请日:2007-07-06
IPC分类号: H04L12/26
CPC分类号: H04L12/4633 , H04L45/00 , H04L45/18 , H04L2212/00
摘要: Disclosed is a technique whereby a packet transferring apparatus (particularly, a tunnel entry point made to carry out packet encapsulation) becomes capable of detecting a tunneling loop signifying that a packet loops along the same route while undergoing encapsulation. With this technique, at packet transfer, a loop detection module of a router according to the present invention stores a TEL value (value of tunnel encapsulation limit for limiting the number of times of duplication of tunnel) set in an encapsulation header of this packet or stores a TEL value set in an encapsulation header of a packet sent back as an ICMP error In addition, the loop detection module analyzes an increase/decrease variation pattern of the stored TEL value relative to time and, in a case in which the pattern agrees with a unique pattern (sawtooth-like pattern) appearing at the occurrence of a tunneling loop, estimates that a tunneling loop has occurred.
摘要翻译: 公开了一种技术,其中分组传送装置(特别是用于执行分组封装的隧道入口点)变得能够检测表示分组在进行封装时沿着相同路线循环的隧道循环。 利用这种技术,在分组传送中,根据本发明的路由器的环路检测模块存储设置在该分组的封装头部中的TEL值(用于限制隧道复制次数的隧道封装限制值) 存储在作为ICMP错误发回的分组的封装头部中设置的TEL值。此外,循环检测模块分析存储的TEL值相对于时间的增加/减少变化模式,并且在模式一致的情况下 在出现隧道循环时出现了独特的模式(锯齿状模式),估计已经发生了隧道循环。
-
公开(公告)号:US20090024732A1
公开(公告)日:2009-01-22
申请号:US12281435
申请日:2007-03-08
申请人: Jun Hirano , Chun Keong Benjamin Lim , Chan Wah Ng , Pek Yew Tan
发明人: Jun Hirano , Chun Keong Benjamin Lim , Chan Wah Ng , Pek Yew Tan
IPC分类号: G06F15/173
CPC分类号: H04L61/2092 , H04L29/1232 , H04W8/26 , H04W40/24 , H04W80/04 , H04W84/005
摘要: Disclosed is a technique which enables a communication node connected to a router made to advertise a plurality of prefixes to use an address including an appropriate prefix. According to this technique, an MR (Mobile Router) (10) multicasts, to a mobile PAN (31), a router advertisement message including a prefix (MNPNEMO) derived from a home network to which it pertains, a prefix (MNPAR) advertised from an AR (access router) (10a) and prefix choice information indicative of one of the prefixes to be selected on the basis of a function relative to the mobile PAN (31). A node (VN 20a, LN 20b) connected to the mobile PAN refers to the prefix choice information of the router advertisement message so as to select a prefix appropriate thereto for configuring its own global address.
摘要翻译: 公开了一种技术,其使得连接到路由器的通信节点能够通告多个前缀来使用包括适当前缀的地址。 根据该技术,MR(移动路由器)(10)向移动PAN(31)组播包含从其所属的归属网络导出的前缀(MNPNEMO)的路由器通告消息,广播前缀(MNPAR) 基于相对于移动PAN(31)的功能,从AR(接入路由器)(10a)和前缀选择信息指示要选择的前缀之一。 连接到移动PAN的节点(VN 20a,LN 20b)是指路由器通告消息的前缀选择信息,以便选择适合于其的前缀来配置其自己的全局地址。
-
公开(公告)号:US08861382B2
公开(公告)日:2014-10-14
申请号:US12513269
申请日:2007-10-31
摘要: There is disclosed a technology which improves scalability in an overlay network system and which efficiently supplies a service with respect to a user, and according to the technology, for example, in a case where a mobile node (110) transmits an update message including a specific flow filtering rule to an HA (120) in order to receive a service concerning functions of multiple interfaces, the HA (120) interprets the flow filtering rule, specifies an HA 160 to transfer a data packet from CNs (180, 190), an HA (150) to transfer a data packet from the CN (190) and an HA (140) to transfer a data packet from a CN (1100), and selectively transmits to each HA a message including information useful for the respective HA.
摘要翻译: 公开了一种提高覆盖网络系统的可扩展性并且有效地为用户提供服务的技术,并且根据该技术,例如,在移动节点(110)发送包括 特定流过滤规则到HA(120)以便接收涉及多个接口的功能的服务,HA(120)解释流过滤规则,指定HA 160从CN(180,190)传送数据包, 传送来自CN(190)的数据分组和HA(140)的HA(150),以从CN(1100)传送数据分组,并且选择性地向每个HA发送包括对相应HA有用的信息的消息。
-
18.发明申请POSITION INFORMATION MANAGEMENT DEVICE, NETWORK EDGE DEVICE, AND MOBILE TERMINAL 审中-公开位置信息管理设备,网络边缘设备和移动终端公开(公告)号:US20100316035A1
公开(公告)日:2010-12-16
申请号:US12867026
申请日:2009-02-06
申请人: Jun Hirano , Chan Wah Ng , Tien Ming Benjamin Koh , Chun Keong Benjamin Lim , Pek Yew Tan , Mohana Dhamayanthi Jeyatharan
发明人: Jun Hirano , Chan Wah Ng , Tien Ming Benjamin Koh , Chun Keong Benjamin Lim , Pek Yew Tan , Mohana Dhamayanthi Jeyatharan
IPC分类号: H04W4/00
摘要: Disclosed is a technique that, in a network-based local mobility management method, reduces the load of a network node for managing position information of a mobile terminal and achieves a high scalability with respect to the number of mobile terminals. According to the technique, a LMA (Local Mobility Anchor) (1000) assigns a primary network prefix to each of MAGs (Mobility Access Gateways) (1010, 1020) under the control of the LMA and registers, in a routing table, the correspondence relationship between the position information of each of the MAGs and the primary network prefix assigned to each of the MAGs. In addition, among MNs (MobileNodes) (1030, 1040) connected under the MAGs, for a MN that uses an address including a secondary network prefix, the LMA registers, in a binding cache, the correspondence relationship between the MN and the position information of an MAG to which the MN is connected.
摘要翻译: 公开了一种技术,在基于网络的本地移动性管理方法中,减少用于管理移动终端的位置信息的网络节点的负载,并且相对于移动终端的数量实现高可扩展性。 根据该技术,LMA(Local Mobility Anchor)(1000)在LMA的控制下向MAG(移动性接入网关)(1010,1020)中的每一个分配主要网络前缀,并在路由表中注册对应的对应 每个MAG的位置信息和分配给每个MAG的主网络前缀之间的关系。 此外,在MAG下连接的MN(MobileNodes)(1030,1040)中,对于使用包括辅助网络前缀的地址的MN,LMA在绑定高速缓存中注册MN与位置信息之间的对应关系 的MN连接到的MAG。
-
19.发明申请COMMUNICATION SYSTEM, DOMAIN MANAGING DEVICE, EDGE DEVICE AND MOBILE TERMINAL DEVICE 有权通信系统,域管理设备,边缘设备和移动终端设备公开(公告)号:US20100315973A1
公开(公告)日:2010-12-16
申请号:US12521519
申请日:2007-12-19
申请人: Jun Hirano , Takashi Aramaki , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
发明人: Jun Hirano , Takashi Aramaki , Chun Keong Benjamin Lim , Chan Wah Ng , Tien Ming Benjamin Koh , Pek Yew Tan
IPC分类号: H04L12/28
摘要: A technique disclosed enables a node having a plurality of interfaces to conduct connection of the plurality of interfaces simultaneously in a communication network domain. A mobile node having a plurality of interfaces connects one of the interfaces with a MAG (mobile access gateway) 11a to take part in a NetLMM domain 18 using a NetLMM protocol, and a LMA (local mobility anchor) 13 includes association information with the MAG 11a registered therein. When the mobile node connects another interface with another MAG 11b, the LMA receives a registration request for association information of this mobile node with the MAG 11b, and makes an inquiry to the already registered MAG 11a as to whether link with the mobile node is still valid or not. If the link is valid, the LMA keeps association information of the mobile node with both of the MAGs 11a and 11b.
摘要翻译: 所公开的技术使得具有多个接口的节点能够在通信网络域中同时进行多个接口的连接。 具有多个接口的移动节点将接口之一与MAG(移动接入网关)11a连接,以使用NetLMM协议参与NetLMM域18,并且LMA(本地移动锚)13包括与MAG的关联信息 11a登记。 当移动节点与另一个MAG 11b连接另一个接口时,LMA向MAG 11b接收该移动节点的关联信息的注册请求,并且向已登记的MAG 11a询问关于与移动节点的链路是否仍然存在 是否有效。 如果链路有效,则LMA保持移动节点与MAG 11a和11b两者的关联信息。
-
公开(公告)号:US20100216462A1
公开(公告)日:2010-08-26
申请号:US12678729
申请日:2008-09-19
申请人: Keigo Aso , Jun Hirano , Chan Wah Ng , Pek Yew Tan , Chun Keong Benjamin Lim , Tien Ming Benjamin Koh
发明人: Keigo Aso , Jun Hirano , Chan Wah Ng , Pek Yew Tan , Chun Keong Benjamin Lim , Tien Ming Benjamin Koh
IPC分类号: H04W36/34
CPC分类号: H04W36/14 , H04L45/22 , H04W12/08 , H04W28/08 , H04W36/0055 , H04W36/36 , H04W60/005 , H04W76/20 , H04W88/06 , H04W92/02
摘要: A technique is disclosed, according to which a mobile node, having a plurality of interfaces and performing communication according to flow information when an operator is performing communication based on the flow information as defined by a policy, can select an interface suitable for the flow and can perform communication. According to this technique, a mobile node (MN 10) having a plurality of interfaces has a list to indicate domain limited flows to be transmitted only within a specific network (a trusted network), and a list to indicate the trusted networks. When a certain interface performs handover, and in case there is a domain limited flow that uses the interface, it is decided whether the network of handover destination is a trusted network or not, and in case the network of the handover destination is not a trusted network, it is decided whether it is possible or not to transmit and receive the domain limited flow via another interface that is connected to the trusted network.
摘要翻译: 公开了一种技术,根据该技术,根据该技术,具有多个接口的移动节点并且当运营商基于由策略定义的流信息进行通信时根据流信息执行通信,可以选择适合于流的接口,以及 可以进行通信。 根据该技术,具有多个接口的移动节点(MN 10)具有列表,用于指示仅在特定网络(可信网络)内发送的域限制流,以及用于指示可信网络的列表。 当某个接口执行切换时,在存在使用该接口的域限制流的情况下,确定切换目的地的网络是否为可信网络,并且在切换目的地的网络不是可信任的情况下 网络,决定是否可能通过连接到可信网络的另一接口来发送和接收域限制流。
-
-
-
-
-
-
-
-
-
搜索结果
136 条记录 (耗时 0.032 秒)
