公开(公告)号：US20090285181A1

公开(公告)日：2009-11-19

申请号：US12418372

申请日：2009-04-03

申请人： Pekka Nikander ,  Jari Arkko

发明人： Pekka Nikander ,  Jari Arkko

IPC分类号： H04W36/00

CPC分类号： H04W36/0016 ,  H04L69/167 ,  H04W36/02 ,  H04W40/02 ,  H04W40/36 ,  H04W80/04

摘要： A method of forwarding IP packets, sent to an old care-of-address of a mobile node, to the mobile node following a handover of the mobile node from a first old access router to a second new access router. The method comprises, prior to completion of said handover, providing said first router or another proxy node with information necessary to determine the new IP care-of address to be used by the mobile node when the mobile node is transferred to the second access router. At said first router or said proxy node, the new care-of-address for the mobile node is determined using said information and ownership of the new care-of-address by the mobile node confirmed, and subsequently packets received at said first access network and destined for said old care-of-address are forwarded to the predicted care-of-address address.

摘要翻译： 一种在移动节点从第一旧接入路由器切换到第二新接入路由器之后，向移动节点转发发送到移动节点的旧转交地址的IP分组的方法。 该方法包括：在所述切换完成之前，当移动节点被传送到第二接入路由器时，向所述第一路由器或另一代理节点提供确定要由移动节点使用的新的IP转交地址所必需的信息 。 在所述第一路由器或所述代理节点处，移动节点的新转交地址由所确定的移动节点的新的转交地址的所述信息和所有权确定，并且随后在所述第一接入网络 并且预定用于所述旧的转交地址转发到预期的转交地址。

公开(公告)号：US07401216B2

公开(公告)日：2008-07-15

申请号：US10277945

申请日：2002-10-23

申请人： Jari Arkko ,  Jukka Ylitalo ,  Pekka Nikander

发明人： Jari Arkko ,  Jukka Ylitalo ,  Pekka Nikander

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  H04L29/12009 ,  H04L61/00 ,  H04L63/0442 ,  H04L63/12

摘要： A method of delegating responsibility for an IP address owned by a first IP network node to a second IP network node, at least a part of the IP address being derivable from a public key of a public/private key pair belonging to the first node. The method comprises notifying the first node of a public key of a public/private key pair belonging to the second node, at the first node, signing the public key of the second node with the private key of the first node to provide an authorisation certificate, and sending the authorisation certificate from the first node to the second node, wherein the authorisation certificate is subsequently included with messages relating to said IP address and signed with the private key of the second node, sent from the second node to receiving nodes, and is used by the receiving nodes to verify the second node's claim on the IP address.

摘要翻译： 将由第一IP网络节点拥有的IP地址的责任委派给第二IP网络节点的方法，所述IP地址的至少一部分可从属于所述第一节点的公钥/私钥对的公钥导出。 该方法包括在第一节点向第一节点通知属于第二节点的公钥/私钥对的公开密钥，用第一节点的私钥对第二节点的公开密钥进行签名，以提供授权证书 并且将所述授权证书从所述第一节点发送到所述第二节点，其中所述授权证书随后包括与所述IP地址相关的消息并且与所述第二节点的私钥签名，从所述第二节点发送到接收节点，以及 被接收节点用于验证第二个节点对IP地址的声明。

公开(公告)号：US20070242638A1

公开(公告)日：2007-10-18

申请号：US11573831

申请日：2004-08-20

申请人： Jari Arkko ,  Pekka Nikander

发明人： Jari Arkko ,  Pekka Nikander

IPC分类号： H04L12/28

CPC分类号： H04W60/00 ,  H04L63/0823 ,  H04L63/126 ,  H04W8/087 ,  H04W12/06 ,  H04W40/02 ,  H04W74/00 ,  H04W80/00 ,  H04W80/04

摘要： A method of facilitating Internet Protocol access by a mobile node to an access Network, the method comprising: sending an attachment request from the mobile node to an access router of the access network, the request containing a mobile node identifier and an Interface Identifier or means for deriving an Interface Identifier, and being signed by the mobile node to allow the message to be authenticated as originating at that mobile node; receiving the request at the access router and authenticating the message there using the signature, and in response to the receipt and authentication of the message, performing a predefined set of tasks delegated to the access node and which are required to facilitate said access; and returning an acknowledgment from the access router to the mobile node confirming the access permission, the acknowledgement containing a network routing prefix and means for authenticating the access router to the mobile node.

摘要翻译： 一种促进移动节点对接入网络的因特网协议访问的方法，所述方法包括：从所述移动节点向所述接入网络的接入路由器发送附着请求，所述请求包含移动节点标识符和接口标识符或装置 用于导出接口标识符，并且被移动节点签名以允许将该消息认证为源于该移动节点; 在所述接入路由器处接收所述请求并使用所述签名在其上验证所述消息，并且响应于所述消息的接收和认证，执行委托给所述接入节点的预定义的任务集合，并且为便于所述接入而需要该任务; 以及从所述接入路由器返回确认所述访问许可的所述确认，所述确认包含网络路由前缀以及用于认证到所述移动节点的所述接入路由器的装置。

公开(公告)号：US20050111666A1

公开(公告)日：2005-05-26

申请号：US10937873

申请日：2004-09-10

申请人： Rolf Blom ,  Naslund Mats ,  Jari Arkko

发明人： Rolf Blom ,  Naslund Mats ,  Jari Arkko

IPC分类号： H04L9/00 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  H04W12/00 ,  H04W12/02 ,  H04W12/04

CPC分类号： H04W12/04 ,  H04L9/0844 ,  H04L9/3273 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/80 ,  H04W12/02 ,  H04W12/06

摘要： A basic idea according to the invention is to enhance or update the basic cryptographic security algorithms by an algorithm-specific modification of the security key information generated in the normal key agreement procedure of the mobile communication system. For communication with the mobile terminal, the network side normally selects an enhanced version of one of the basic cryptographic security algorithms supported by the mobile, and transmits information representative of the selected algorithm to the mobile terminal. The basic security key resulting from the key agreement procedure (AKA, 10) between the mobile terminal and the network is then modified (22) in dependence on the selected algorithm to generate an algorithm-specific security key. The basic security algorithm (24) is then applied with this algorithm-specific security key as key input to enhance security for protected communication in the mobile communications network.

摘要翻译： 根据本发明的基本思想是通过针对移动通信系统的正常密钥协商过程中产生的安全密钥信息的特定于算法的修改来增强或更新基本密码安全性算法。 为了与移动终端通信，网络侧通常选择由移动台支持的基本密码安全算法之一的增强版本，并将表示所选算法的信息发送到移动终端。 然后根据所选择的算法修改（22）移动终端和网络之间的密钥协商过程（AKA，10）产生的基本安全密钥，以生成特定于算法的安全密钥。 然后将基本的安全性算法（24）应用于该特定于算法的安全密钥作为关键输入，以增强移动通信网络中受保护通信的安全性。

公开(公告)号：US06535517B1

公开(公告)日：2003-03-18

申请号：US09096629

申请日：1998-06-12

申请人： Jari Arkko ,  Ralf Brunberg ,  Mika Korpela ,  Harri Toivanen

发明人： Jari Arkko ,  Ralf Brunberg ,  Mika Korpela ,  Harri Toivanen

IPC分类号： H04L1228

CPC分类号： H04L65/104 ,  H04L65/103 ,  H04L65/1069 ,  H04M7/122

摘要： A method and apparatus enables a Network Access Server in association with a telecommunications switch to route incoming calls only to devices that have an actual connection to the Internet. A set of devices, RPG-Is, reformat incoming data from subscribers to a desired Internet Protocol. Initially, the expected network topology is recorded in memory for later comparison. During operation, each RPG-I attempts to detect the presence of every other expected RPG-I. If the presence of another RPG-I is not detected within a predetermined threshold period, then an alarm is issued. Error alarms are forwarded to application logic of the telecommunications switch so that the switch can avoid connecting a subscriber's call to an inoperable RPG-I. An alarm can also be forwarded to a network operator's terminal.

摘要翻译： 一种方法和装置使得能够与电信交换机相关联的网络接入服务器将来话呼叫仅路由到具有与因特网的实际连接的设备。 一组设备，RPG-Is，将从订户传入的数据重新格式化为所需的Internet协议。 最初，预期的网络拓扑被记录在存储器中用于稍后的比较。 在操作期间，每个RPG-I尝试检测每个其他预期RPG-I的存在。 如果在预定的阈值周期内没有检测到另一RPG-I的存在，则发出报警。 错误报警转发到电信交换机的应用逻辑，以便交换机可以避免将用户的呼叫连接到不可操作的RPG-I。 报警也可以转发给网络运营商的终端。

公开(公告)号：US09525749B2

公开(公告)日：2016-12-20

申请号：US13885304

申请日：2010-11-17

申请人： Jari Arkko ,  Fredrik Garneij ,  Christian Gotare ,  Tero Kauppinen ,  Heikki Mahkonen ,  Jan Melen ,  Martti Kuparinen ,  Heidi Hostikka

发明人： Jari Arkko ,  Fredrik Garneij ,  Christian Gotare ,  Tero Kauppinen ,  Heikki Mahkonen ,  Jan Melen ,  Martti Kuparinen

IPC分类号： G06F15/167 ,  H04L29/08 ,  H04L29/12 ,  G06F9/455

CPC分类号： H04L67/2842 ,  G06F9/45533 ,  G06F15/167 ,  H04L29/12066 ,  H04L29/12132 ,  H04L29/12811 ,  H04L61/1511 ,  H04L61/1552 ,  H04L61/6009

摘要： The present invention relates to a Domain Name System (DNS) server and a method for resolving DNS queries from a number of clients. The DNS server comprises multiple virtual DNS server instances servicing different clients. The DNS server further comprises a shared cache for caching records which indicate answers to resolved DNS queries. The shared cache is shared between a set of virtual DNS server instances. The virtual DNS server instances that share the shared cache are able to cache DNS query results in the shared cache as well as resolve a DNS query by retrieving a cached record corresponding to the DNS query from the shared cache. Thus it is possible for a virtual DNS server instance to make use of DNS query results obtained by other virtual DNS server instances.

摘要翻译： 本发明涉及一种域名系统（DNS）服务器以及从多个客户端解析DNS查询的方法。 DNS服务器包括为不同客户端服务的多个虚拟DNS服务器实例。 DNS服务器还包括用于缓存记录的共享缓存，其指示解决的DNS查询的答案。 共享缓存在一组虚拟DNS服务器实例之间共享。 共享共享缓存的虚拟DNS服务器实例能够将DNS查询结果缓存在共享缓存中，并通过从共享缓存中检索与DNS查询相对应的缓存记录来解析DNS查询。 因此，虚拟DNS服务器实例可以利用其他虚拟DNS服务器实例获得的DNS查询结果。

公开(公告)号：US09356952B2

公开(公告)日：2016-05-31

申请号：US12161710

申请日：2007-01-31

申请人： Jari Arkko

发明人： Jari Arkko

IPC分类号： H04L29/06 ,  H04L29/12

CPC分类号： H04L63/1466 ,  H04L29/12801 ,  H04L29/12952 ,  H04L61/6004 ,  H04L61/6077 ,  H04L69/16 ,  H04L69/167

摘要： A method of controlling the re-direction of IP packets to an IP host having two or more different IP addresses comprises generating a first of said IP addresses as a one-way function of the second IP address. The method further comprises accepting a request to re-direct a packet destined to said first IP address to another IP address only if the other IP address is the second IP address.

摘要翻译： 控制IP分组向具有两个或更多个不同IP地址的IP主机的重新定向的方法包括：将所述IP地址中的第一个作为第二IP地址的单向功能生成。 该方法还包括仅当另一个IP地址是第二IP地址时才接受将目的地为所述第一IP地址的分组重定向到另一IP地址的请求。

公开(公告)号：US20150120888A1

公开(公告)日：2015-04-30

申请号：US14383821

申请日：2012-03-15

申请人： Jari Arkko ,  Heidi-Maria Back ,  Ari Keränen ,  Oscar Novo Diaz ,  Vlasios Tsiatsis

发明人： Jari Arkko ,  Heidi-Maria Back ,  Ari Keränen ,  Oscar Novo Diaz ,  Vlasios Tsiatsis

IPC分类号： H04L12/24

CPC分类号： H04L41/0816 ,  G06F1/263 ,  H04L41/22 ,  H04W4/70 ,  H04W12/00522 ,  H04W12/02

摘要： It is presented a configuration provision device comprising: an electronic paper display; an input device arranged to detect a user action; and a controller arranged to, when the input device detects a user action, determine configuration data of a machine-to-machine device associated with the configuration provision device, and display the configuration data on the electronic paper display. A corresponding machine-to-machine device, system, method, computer program and computer program product are also presented.

摘要翻译： 提供了一种配置提供装置，包括：电子纸显示器; 布置成检测用户动作的输入装置; 以及控制器，其布置成当所述输入设备检测到用户动作时，确定与所述配置提供设备相关联的机器对机器的配置数据，并且将所述配置数据显示在所述电子纸显示器上。 还提出了相应的机器对机器，系统，方法，计算机程序和计算机程序产品。

公开(公告)号：US20150079941A1

公开(公告)日：2015-03-19

申请号：US14400228

申请日：2012-05-15

申请人： Jari Arkko ,  Anna Larmo ,  Karl Norrman ,  Bengt Sahlin ,  Kristian Slavov

发明人： Jari Arkko ,  Anna Larmo ,  Karl Norrman ,  Bengt Sahlin ,  Kristian Slavov

IPC分类号： H04W12/06 ,  H04W68/00 ,  H04W12/04

CPC分类号： H04W12/06 ,  H04L9/3226 ,  H04L63/0876 ,  H04L63/123 ,  H04L2209/38 ,  H04L2209/80 ,  H04W4/70 ,  H04W12/00514 ,  H04W12/04 ,  H04W12/10 ,  H04W68/00 ,  H04W68/025

摘要： There is described a device for communicating with a network. The device receives a series of paging messages from a serving node in the network, where each paging message includes identification and authentication information sufficient to identify at least one device and authenticate the message, at least some of the information having been protected according to a sequence such that it varies between successive paging messages. The device verifies the protected part of the information using a cryptographic function and knowledge of the sequence and identifies whether the information indicates that message is an authentic message intended for that device. The device may act in response to the received paging message.

摘要翻译： 描述了用于与网络进行通信的设备。 该设备从网络中的服务节点接收一系列寻呼消息，其中每个寻呼消息包括足以识别至少一个设备并认证消息的标识和认证信息，至少一些信息已经根据序列被保护 使得它在连续的寻呼消息之间变化。 设备使用加密功能和序列的知识来验证信息的受保护部分，并且识别信息是否指示该消息是用于该设备的真实消息。 该设备可以响应于接收到的寻呼消息而起作用。

公开(公告)号：US20140096193A1

公开(公告)日：2014-04-03

申请号：US14090828

申请日：2013-11-26

申请人： Mats Näslund ,  Jari Arkko ,  Rolf Blom ,  Vesa Petteri Lehtovirta ,  Karl Norrman ,  Stefan Rommer ,  Bengt Sahlin

发明人： Mats Näslund ,  Jari Arkko ,  Rolf Blom ,  Vesa Petteri Lehtovirta ,  Karl Norrman ,  Stefan Rommer ,  Bengt Sahlin

IPC分类号： H04L29/06

CPC分类号： H04W12/06 ,  G06F21/30 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/0892 ,  H04L63/1433 ,  H04L63/162 ,  H04L63/164 ,  H04L63/20 ,  H04W60/00 ,  H04W72/0493

摘要： When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3′), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3′) is trusted or not.

摘要翻译： 当从用户设备UE（1）建立通信时，例如用于为UE提供IP接入，以便允许其使用与第一网络相关的一些服务，信息或至少一个网络属性的指示，例如， 当前接入网络（3,3'）从诸如UE的用户的归属网络（5）的第二网络中的节点（13）发送到UE。 可以在认证过程的第一阶段中发送信息或指示，这是作为来自UE的连接的建立的一部分。 特别地，网络属性可以指示接入网络（3,3'）是否被信任。