-
公开(公告)号:US20100325416A1
公开(公告)日:2010-12-23
申请号:US12866641
申请日:2008-02-08
申请人: Wassim Haddad
发明人: Wassim Haddad
IPC分类号: H04L9/00
CPC分类号: H04L63/1458 , H04L63/123 , H04W8/082 , H04W12/10 , H04W80/04
摘要: A method is provided for use in a Mobile IP network in which it is determined whether a Mobile Node (10) in a visited network is reachable on a new claimed Care-of Address for the Mobile Node (10) using information relating to a pre-established cryptographic relationship between the Mobile Node (10) and an Access Router (20) of the visited network. It may be determined, through communication between a Home Agent (30) for the Mobile Node (10) in the Mobile Node 10's home network and the Access Router (20), whether such a pre-established cryptographic relationship exists. The existence of such a pre-established relationship would indicate that the Mobile Node (10) is reachable on the claimed Care-of Address.
摘要翻译: 提供了一种在移动IP网络中使用的方法,其中确定使用与预先相关的信息的移动节点(10)的新的所请求的转交地址可访问访问网络中的移动节点(10) - 建立移动节点(10)和访问网络的接入路由器(20)之间的密码关系。 可以通过移动节点10的家庭网络中的移动节点(10)的归属代理(30)和接入路由器(20)之间的通信来确定是否存在这样的预先建立的密码关系。 这种预先建立的关系的存在将指示移动节点(10)可以在所要求的转交地址上到达。
-
公开(公告)号:US20100031044A1
公开(公告)日:2010-02-04
申请号:US12531659
申请日:2008-02-26
申请人: Wassim Haddad , Mats Näslund
发明人: Wassim Haddad , Mats Näslund
CPC分类号: H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要: There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译: 公开了一种用于实现所要求保护的方法的方法,通信系统和通信节点,用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员, 会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。 在接收到请求后,在安全密钥交换之后或期间,如果执行了PRD(前缀可达性检测)协议,如果执行的话,优先包括ART(地址可达性文本)。 通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。 通信节点,其可以是例如请求节点访问网络的接入路由器,确定请求节点是否在拓扑结构中位于通信节点后面,并将结果报告给所请求的节点。 所请求的节点然后可以决定是否允许通信。 如果是,则通信会话正在进行时,PRD可以重复一次或多次。
-
63.发明申请Method and Mobility Anchor Point for Authenticating Updates from Mobile Node 审中-公开从移动节点认证更新的方法和移动锚点公开(公告)号:US20080205653A1
公开(公告)日:2008-08-28
申请号:US12065022
申请日:2006-09-06
申请人: Wassim Haddad
发明人: Wassim Haddad
CPC分类号: H04L63/123 , H04L29/12811 , H04L61/6009 , H04W8/085 , H04W80/04
摘要: A method and Mobility Anchor Point (MAP) are provided for authenticating an update message received at the MAP from a Mobile Node (MN). A table entry is created in the MAP, following receipt of a first message comprising a public key of the MN, a first pointer and a first comparison data, information elements received from the first message being stored in the table entry. The MAP then receives an update message requesting binding of a Local Care-of Address (LCoA) with a Regional Care-of Address (RCoA). The update message further comprises a second pointer and a second comparison data. The MAP locates the table entry by use of the second pointer. The MAP then authenticates the second message by hashing one of the first or second comparison data and comparing a result of the hashing with the other one of the first and second comparison data. If a match is found, the second message is authenticated and the MAP binds the LCoA and the RCoA by storing both addresses in the table entry.
摘要翻译: 提供了一种方法和移动锚点(MAP),用于对来自移动节点(MN)的MAP处接收到的更新消息进行认证。 在接收到包含MN的公开密钥的第一消息,第一指针和第一比较数据之后,在MAP中创建表条目,从第一消息接收的信息元素存储在表条目中。 然后,MAP接收到请求绑定地方转交地址(LCoA)与区域转交地址(RCoA)的更新消息。 更新消息还包括第二指针和第二比较数据。 MAP通过使用第二个指针来定位表条目。 然后,MAP通过对第一或第二比较数据中的一个进行散列来比较散列的结果与第一和第二比较数据中的另一个进行认证。 如果找到匹配项,则第二条消息被认证,MAP通过将两个地址存储在表条目中来绑定LCoA和RCoA。
-
64.发明申请METHOD AND NODES FOR OPTIMIZED AND SECURE COMMUNICATION BETWEEN ROUTERS AND HOSTS 有权路由器和主机之间的优化和安全通信的方法和方法公开(公告)号:US20080162936A1
公开(公告)日:2008-07-03
申请号:US11617260
申请日:2006-12-28
申请人: Wassim Haddad
发明人: Wassim Haddad
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , H04L63/1441
摘要: A method, a router and a host are introduced for providing secure communication with limited use of processing intensive cryptographic means. Strong cryptographic keys are first used between the host and the router to sign messages therebetween, thereby ensuring that a first communication between the host and the router is secure. The router generates a secret key and forwards it to the host, the secret key being encrypted at the router and decrypted at the host by use of the strong cryptographic keys. Further communication between the host and the router is signed by use of the secret key.
摘要翻译: 引入了一种方法,路由器和主机,以便有限地使用处理密集型密码装置提供安全通信。 首先在主机和路由器之间使用强密码密钥来在其间签署消息,从而确保主机和路由器之间的第一通信是安全的。 路由器生成秘密密钥并将其转发给主机,秘密密钥在路由器加密,并通过使用强密码密钥在主机处解密。 主机和路由器之间的进一步通信使用密钥进行签名。
-
65.发明申请公开(公告)号:US20070189250A1
公开(公告)日:2007-08-16
申请号:US11396706
申请日:2006-04-04
申请人: Wassim Haddad , Suresh Krishnan
发明人: Wassim Haddad , Suresh Krishnan
IPC分类号: H04Q7/24
CPC分类号: H04W12/02 , H04L63/0407 , H04L63/0414 , H04L63/0421 , H04L63/0823 , H04L63/083 , H04L63/126 , H04W8/26 , H04W12/06 , H04W80/04
摘要: A method, a correspondent node and a mobile node provide anonymity and unlinkability to a mobile node in a session with a correspondent node. Sequence values, calculated based on secret data, are added to updates sent from the mobile node towards the correspondent node and are used by the correspondent node to authenticate updates from the mobile node. A home address of the mobile node is not explicitly disclosed. An expected care-of address is calculated at the correspondent node and used by the correspondent node to send data packets to the mobile node.
摘要翻译: 方法,对应节点和移动节点在与通信节点的会话中向移动节点提供匿名和不可链接性。 基于秘密数据计算的序列值被添加到从移动节点向对应节点发送的更新,并由通信节点用于对来自移动节点的更新进行认证。 移动节点的归属地址没有明确公开。 在对端节点处计算预期转交地址,并由通信节点用于向移动节点发送数据分组。
-
公开(公告)号:US20070036119A1
公开(公告)日:2007-02-15
申请号:US11494547
申请日:2006-07-28
申请人: Wassim Haddad , Suresh Krishnan
发明人: Wassim Haddad , Suresh Krishnan
IPC分类号: H04Q7/24
CPC分类号: H04L63/123 , H04L63/1458 , H04W48/16 , H04W80/04
摘要: A method and a Mobile Node are provided for authenticating an Advertisement message received from an Access Router through an Access Point. The Advertisement message comprises a Hashed Nonce Value and a Nonce Index corresponding to a Nonce Value held in the Access Router. Upon receiving the Advertisement message from the Access Point, the Mobile Node initiates a process for configuring an IP address, by use of information received in the Advertisement, for having a session with the Access Point and the Access Router. In parallel, either the Access Point or the Mobile Node sends the Nonce Index directly to the Access Router. The Access Router replies with the Nonce Value sent to the Mobile Node. The Mobile Node hashes the Nonce Value received from the Access Router and compares a Result of the hashing with the Hashed Nonce Value. If the Result matches the Hashed Nonce Value, the Advertisement is considered authenticated and the IP address configured according to the Advertisement is kept in the Mobile Node.
摘要翻译: 提供了一种方法和移动节点,用于认证通过接入点从接入路由器接收的通告消息。 广告消息包括对应于在接入路由器中保存的随机数值的散列随机值和随机数索引。 在从接入点接收到广告消息时,移动节点通过使用在广告中接收到的信息来发起配置IP地址的过程,以便与接入点和接入路由器进行会话。 并行地,接入点或移动节点直接向接入路由器发送随机数索引。 接入路由器使用发送到移动节点的随机数值进行回复。 移动节点哈希接收来自接入路由器的随机数值,并将散列的结果与散列随机值进行比较。 如果结果匹配Hashed Nonce值,则广告被认为是认证的,并且根据Advertisement配置的IP地址保存在移动节点中。
-
公开(公告)号:US20050188093A1
公开(公告)日:2005-08-25
申请号:US10697961
申请日:2003-10-31
申请人: Wassim Haddad
发明人: Wassim Haddad
摘要: A method of establishing a network connection, capable of transmitting data, from a computing device, having a network connection with an existing network, to a network. The method comprises: determining whether data requested by the computing device originates within the network. If said data requested by the computing device does originate within the network, breaking at least a portion of the network connection with the existing network for the data and establishing a network connection with the network for that portion of the network connection that was previously connected to the existing network.
摘要翻译: 一种能够从具有与现有网络的网络连接的计算设备向网络发送数据的网络连接的方法。 该方法包括:确定计算设备请求的数据是否源自网络。 如果所述计算设备请求的所述数据确实起源于网络内,则断开与现有网络的数据的网络连接的至少一部分,以及与之前连接到的网络连接部分的网络建立网络连接 现有网络。
-
公开(公告)号:US09107048B2
公开(公告)日:2015-08-11
申请号:US12562869
申请日:2009-09-18
申请人: Wassim Haddad
发明人: Wassim Haddad
CPC分类号: H04W8/082 , H04L63/04 , H04L63/0869 , H04L63/164 , H04W80/04
摘要: The present application relates to network mobility (e.g., mobility in an IPv6 network). More specifically, the present application discloses systems and methods for enabling mobile nodes to switch to a routing optimization mode using a minimum of mobility messages.
摘要翻译: 本申请涉及网络移动性(例如,IPv6网络中的移动性)。 更具体地,本申请公开了使移动节点能够使用最小的移动性消息切换到路由优化模式的系统和方法。
-
公开(公告)号:US08863236B2
公开(公告)日:2014-10-14
申请号:US12531659
申请日:2008-02-26
申请人: Wassim Haddad , Mats Näslund
发明人: Wassim Haddad , Mats Näslund
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L9/30 , H04L63/061 , H04L63/123 , H04L63/1466 , H04L2209/24
摘要: There is disclosed a method, and a communication system, and a communication node for implementing the claimed method, for attempting to enhance legitimacy assessment and thwart a man-in-the middle or similar false-location attack by evaluating the topology of a communication-session requesting node relative to the proposed communication path through a network between the requesting node and the requested node. Upon receiving the request, a PRD (Prefix Reachability Detection) protocol is initiated, either after or during a secure key exchange, if any, which if performed preferably includes an ART (address reachability text). The PRD is executed by sending a message to the communication node challenging the location-authenticity of the requesting device. The communication node, which may be for example an access router through which the requesting node accesses the network, determines if the requesting node is positioned behind the communication node topologically, and reports the result to the requested node. The requested node may then make a decision on whether to permit the communication. If so, the PRD may be repeated one or more times while the communication session is in progress.
摘要翻译: 公开了一种用于实现所要求保护的方法的方法,通信系统和通信节点,用于通过评估通信的拓扑来尝试增强合法性评估并阻止中间或类似的假位置攻击中的人员, 会话请求节点相对于所提出的通信路径通过请求节点和请求节点之间的网络。 在接收到请求后,在安全密钥交换之后或期间,如果执行了PRD(前缀可达性检测)协议,如果执行的话,优先包括ART(地址可达性文本)。 通过向通信节点发送消息来执行请求设备的位置真实性来执行PRD。 通信节点,其可以是例如请求节点访问网络的接入路由器,确定请求节点是否在拓扑结构中位于通信节点后面,并将结果报告给所请求的节点。 所请求的节点然后可以决定是否允许通信。 如果是,则通信会话正在进行时,PRD可以重复一次或多次。
-
公开(公告)号:US08812670B2
公开(公告)日:2014-08-19
申请号:US13271056
申请日:2011-10-11
申请人: Wassim Haddad , Joel Halpern
发明人: Wassim Haddad , Joel Halpern
IPC分类号: G06F15/173 , H04L12/28 , H04W12/06 , H04L29/06
CPC分类号: H04L41/0816 , H04L12/2807 , H04L12/2832 , H04L12/2834 , H04L63/08 , H04L2012/5618 , H04W12/06 , H04W84/12
摘要: A method implemented by a network element of an Internet service provider to provide network access through a visited network associated with a visited network owner to a device of a visiting user connecting to the visited networker. The visited network owner is a customer of the Internet service provider. The network element configures the visited network to provide access to resources of a remote home network to the device of the visiting user. The remote home network is in communication with the visited network over a wide area network. Connecting to a virtual gateway controller of the remote home network to obtain configuration information to establish a connection between the device and the remote home network. Establishing a connection between the device of the visiting user and a second access point. Providing access to the resource of the remote home network through the second access point.
摘要翻译: 由互联网服务提供商的网络元件实现的方法,通过与访问网络所有者相关联的访问网络向连接到访问网络的访问用户的设备提供网络访问。 受访网络所有者是互联网服务提供商的客户。 网络元件配置访问网络以向远程归属网络的资源提供对访问用户的设备的访问。 远程家庭网络通过广域网与被访问的网络进行通信。 连接到远程家庭网络的虚拟网关控制器,以获取配置信息,以在设备和远程家庭网络之间建立连接。 在访问用户的设备和第二接入点之间建立连接。 通过第二接入点提供对远程家庭网络的资源的访问。
-
-
-
-
-
-
-
-
-
搜索结果
86 条记录 (耗时 0.04 秒)
