Packet processing device and mobile computer with reduced packet processing overhead
    2.
    发明授权
    Packet processing device and mobile computer with reduced packet processing overhead 失效
    分组处理设备和移动计算机具有减少的分组处理开销

    公开(公告)号:US06240514B1

    公开(公告)日:2001-05-29

    申请号:US08954631

    申请日:1997-10-20

    IPC分类号: H04L900

    摘要: A packet processing and packet transfer scheme capable of reducing the packet processing overhead by eliminating a need to decrypt and re-encrypt the entire packet at a time of relaying encrypted packets. In a packet processing device for relaying encrypted packets, a packet transferred to the packet processing device is received, where the packet has a packet processing key to be used in a prescribed packet processing with respect to a data portion of the packet, and the packet processing key is encrypted by using a first master key shared between a last device that applied a cipher communication related processing to the packet and the packet processing device. Then, the packet processing key in the received packet is decrypted, without carrying out the prescribed packet processing with respect to the data portion of the packet, and the decrypted packet processing key is re-encrypted by using a second master key shared between a next device to apply the cipher communication related processing to the packet and the packet processing device. Then, the packet with the re-encrypted packet processing key encoded therein is transmitted toward a destination of the received packet.

    摘要翻译: 一种分组处理和分组传输方案,其能够通过在中继加密的分组时消除对整个分组的解密和重新加密的需要来减少分组处理开销。 在用于中继加密分组的分组处理装置中,接收到传送到分组处理装置的分组,其中分组具有关于分组的数据部分的规定分组处理中使用的分组处理密钥,并且分组 处理密钥通过使用应用与分组的密码通信相关处理的最后设备与分组处理设备之间共享的第一主密钥进行加密。 然后,对接收到的分组中的分组处理密钥进行解密,而不对分组的数据部分执行规定的分组处理,并且通过使用下一个共享的第二主密钥来重新加密解密的分组处理密钥 将密码通信相关处理应用于分组和分组处理设备。 然后,将其中编码的重新加密的分组处理密钥的分组发送到接收分组的目的地。

    Packet inspection device, mobile computer and packet transfer method in
mobile computing with improved mobile computer authenticity check scheme
    3.
    发明授权
    Packet inspection device, mobile computer and packet transfer method in mobile computing with improved mobile computer authenticity check scheme 失效
    移动计算中的分组检测设备,移动计算机和分组传输方法,具有改进的移动计算机真实性检查方案

    公开(公告)号:US6163843A

    公开(公告)日:2000-12-19

    申请号:US957773

    申请日:1997-10-24

    摘要: A packet transfer scheme for realizing a control of a packet inspection device to pass only packets from those mobile computers that can be recognized as authenticated among non-management target mobile computers that had moved inside the network, to outside the network. A packet inspection device judges whether a passing of a packet transmitted from a mobile computer other than own management target computers to outside the own network is permitted or not, according to a mobile computer identification information contained in the packet, and sends a message indicating a refusal of the passing of the packet to the mobile computer when the passing of the packet is judged to be not permitted; and then transfers the packet when the passing of the packet is judged to be permitted; and also checks whether a user information regarding a user of the mobile computer satisfies a prescribed condition or not, upon receiving a message requesting a key information for generating the mobile computer identification information from the mobile computer, and returns a requested key information to the mobile computer when the user information satisfies the prescribed condition.

    摘要翻译: 一种用于实现分组检查装置的控制的分组传送方案,仅将来自可以被识别为在网络内移动的非管理目标移动计算机之间被认证的那些移动计算机的分组传递到网络外部。 分组检查装置根据分组中包含的移动计算机识别信息判断是否允许从自己的管理目标计算机以外的移动计算机发送的分组传送到自身网络外部,并发送指示 拒绝通过该数据包时不允许将数据包传给移动计算机; 然后当分组的通过被判断为允许时传送分组; 并且还在从移动计算机接收到请求用于生成移动计算机识别信息的密钥信息的消息时,检查关于移动计算机的用户的用户信息是否满足规定条件,并将所请求的密钥信息返回给移动台 当用户信息满足规定条件时,计算机。

    Mobile computing scheme using encryption and authentication processing
based on mobile computer location and network operating policy
    7.
    发明授权
    Mobile computing scheme using encryption and authentication processing based on mobile computer location and network operating policy 失效
    基于移动计算机位置和网络运营策略的移动计算方案采用加密和认证处理

    公开(公告)号:US06167513A

    公开(公告)日:2000-12-26

    申请号:US962332

    申请日:1997-10-31

    摘要: A mobile computing scheme capable of carrying out a proper packet transfer according to a current location of the mobile computer by accounting for the network operating policy. A mobile computer carries out a prescribed communication processing according to recognition results as to whether the mobile computer is located inside or outside the home network at which a mobile computer management device of the mobile computer is provided, and whether or not there exists a packet processing device which has a packet transmitted by at least one of the mobile computer and a correspondent computer as an encryption and authentication processing target. Also, a packet processing device carries out a prescribed transfer processing according to recognition results as to whether at least one of a source computer and a destination computer of a packet to be transferred is a moving mobile computer which is moving outside its home network, and whether or not there exists a packet processing device which has a packet transmitted by at least one of the source computer and the destination computer as an encryption and authentication processing target.

    摘要翻译: 一种移动计算方案,其能够通过计算网络操作策略来根据移动计算机的当前位置来执行适当的分组传送。 移动计算机根据关于移动计算机是位于移动计算机的移动计算机管理装置的家庭网络内部还是外部的识别结果进行规定的通信处理,以及是否存在分组处理 装置,其具有由至少一个移动计算机和对应计算机发送的分组作为加密和认证处理目标。 此外,分组处理装置根据识别结果来执行规定的传送处理,以确定要传送的分组的源计算机和目的地计算机中的至少一个是移动到家庭网络之外的移动移动计算机,以及 是否存在具有由源计算机和目的地计算机中的至少一个发送的分组作为加密和认证处理目标的分组处理设备。

    Mobile computer and method of packet encryption and authentication in mobile computing based on security policy of visited network
    9.
    发明授权
    Mobile computer and method of packet encryption and authentication in mobile computing based on security policy of visited network 失效
    基于访问网络安全策略的移动计算机和移动计算中的分组加密和认证方法

    公开(公告)号:US06170057A

    公开(公告)日:2001-01-02

    申请号:US08951297

    申请日:1997-10-16

    IPC分类号: H04L900

    摘要: A mobile computer and a packet encryption and authentication method which are capable of controlling an activation of a packet encryption and authentication device belonging to the mobile computer according to the security policy at the visited network of the mobile computer. The mobile computer is provided with a packet encryption and authentication unit having an ON/OFF switchable function for applying an encryption and authentication processing on input/output packets of the mobile computer. Then, one of the packet encryption and authentication unit and an external packet processing device is selectively controlled to carry out the encryption and authentication processing on the input/output packets, where the external packet processing device being provided in a visited network at which the mobile computer is located and having a function for relaying packets transferred between a computer located in the visited network and a computer located in another network by applying the encryption and authentication processing.

    摘要翻译: 一种能够根据移动计算机的访问网络的安全策略来控制属于移动计算机的分组加密和认证装置的激活的移动计算机和分组加密和认证方法。 移动计算机设置有具有ON / OFF切换功能的分组加密和认证单元,用于对移动计算机的输入/输出分组进行加密和认证处理。 然后,选择性地控制分组加密和认证单元和外部分组处理设备中的一个,对输入/输出分组执行加密和认证处理,其中外部分组处理设备被提供在访问网络中,移动台 计算机具有通过应用加密和认证处理来中继在位于被访问网络中的计算机和位于另一网络中的计算机之间传送的分组的功能。

    Mobile IP communication scheme incorporating individual user authentication
    10.
    发明申请
    Mobile IP communication scheme incorporating individual user authentication 失效
    包含个人用户认证的移动IP通信方案

    公开(公告)号:US20050191992A1

    公开(公告)日:2005-09-01

    申请号:US11106602

    申请日:2005-04-15

    摘要: A mobile IP communication scheme capable of authenticating an individual user who is operating the mobile computer when the mobile computer is connected to a visited site network and transmits a current location registration message to the home agent is disclosed. A user authentication to judge a properness of a user of the mobile computer is carried out according to a user input based information, and the current location of the mobile computer is registered at the mobile computer management device (home agent) when the user is judged as a proper user. The user authentication can be carried out either at the mobile computer management device according to a user input based information received from the mobile computer, or at the mobile computer according to an information entered by the user at the mobile computer.

    摘要翻译: 公开了一种移动IP通信方案,其能够在移动计算机连接到访问站点网络并将归属代理发送当前位置登记消息时,对正在操作移动计算机的个人用户进行认证。 根据基于用户输入的信息进行用于判断移动计算机的用户的适当性的用户认证,并且当用户被判断时,在移动计算机管理装置(归属代理)处登记移动计算机的当前位置 作为适当的用户。 可以在移动计算机管理装置处根据从移动计算机接收到的基于用户输入的信息或者在移动计算机根据用户在移动计算机输入的信息来执行用户认证。