摘要:
A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.
摘要:
A packet processing and packet transfer scheme capable of reducing the packet processing overhead by eliminating a need to decrypt and re-encrypt the entire packet at a time of relaying encrypted packets. In a packet processing device for relaying encrypted packets, a packet transferred to the packet processing device is received, where the packet has a packet processing key to be used in a prescribed packet processing with respect to a data portion of the packet, and the packet processing key is encrypted by using a first master key shared between a last device that applied a cipher communication related processing to the packet and the packet processing device. Then, the packet processing key in the received packet is decrypted, without carrying out the prescribed packet processing with respect to the data portion of the packet, and the decrypted packet processing key is re-encrypted by using a second master key shared between a next device to apply the cipher communication related processing to the packet and the packet processing device. Then, the packet with the re-encrypted packet processing key encoded therein is transmitted toward a destination of the received packet.
摘要:
A packet transfer scheme for realizing a control of a packet inspection device to pass only packets from those mobile computers that can be recognized as authenticated among non-management target mobile computers that had moved inside the network, to outside the network. A packet inspection device judges whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside the own network is permitted or not, according to a mobile computer identification information contained in the packet, and sends a message indicating a refusal of the passing of the packet to the mobile computer when the passing of the packet is judged to be not permitted; and then transfers the packet when the passing of the packet is judged to be permitted; and also checks whether a user information regarding a user of the mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from the mobile computer, and returns a requested key information to the mobile computer when the user information satisfies the prescribed condition.
摘要:
A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.
摘要:
A mobile IP communication scheme in which the mobile computer can be operated using the mobile communication protocol such as Mobile IP even in the case where the home network is operated by the dynamic address allocation protocol such as DHCP is disclosed. The current location registration message to be transmitted by the mobile computer from the visited site to the mobile computer management device contains an information indicating that the dynamic address allocation has been received at the home network and an information capable of identifying the mobile computer, and the mobile computer management device carries out exchanges with the dynamic address management server on behalf of the mobile computer, so that the mobile computer which has received the dynamic address allocation at the home network can be operated at the visited site by using the mobile communication protocol.
摘要:
A mobile IP communication scheme in which the mobile computer can be operated using the mobile communication protocol such as Mobile IP even in the case where the home network is operated by the dynamic address allocation protocol such as DHCP is disclosed. The current location registration message to be transmitted by the mobile computer from the visited site to the mobile computer management device contains an information indicating that the dynamic address allocation has been received at the home network and an information capable of identifying the mobile computer, and the mobile computer management device carries out exchanges with the dynamic address management server on behalf of the mobile computer, so that the mobile computer which has received the dynamic address allocation at the home network can be operated at the visited site by using the mobile communication protocol.
摘要:
A mobile computing scheme capable of carrying out a proper packet transfer according to a current location of the mobile computer by accounting for the network operating policy. A mobile computer carries out a prescribed communication processing according to recognition results as to whether the mobile computer is located inside or outside the home network at which a mobile computer management device of the mobile computer is provided, and whether or not there exists a packet processing device which has a packet transmitted by at least one of the mobile computer and a correspondent computer as an encryption and authentication processing target. Also, a packet processing device carries out a prescribed transfer processing according to recognition results as to whether at least one of a source computer and a destination computer of a packet to be transferred is a moving mobile computer which is moving outside its home network, and whether or not there exists a packet processing device which has a packet transmitted by at least one of the source computer and the destination computer as an encryption and authentication processing target.
摘要:
A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.
摘要:
A mobile computer and a packet encryption and authentication method which are capable of controlling an activation of a packet encryption and authentication device belonging to the mobile computer according to the security policy at the visited network of the mobile computer. The mobile computer is provided with a packet encryption and authentication unit having an ON/OFF switchable function for applying an encryption and authentication processing on input/output packets of the mobile computer. Then, one of the packet encryption and authentication unit and an external packet processing device is selectively controlled to carry out the encryption and authentication processing on the input/output packets, where the external packet processing device being provided in a visited network at which the mobile computer is located and having a function for relaying packets transferred between a computer located in the visited network and a computer located in another network by applying the encryption and authentication processing.
摘要:
A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.