公开(公告)号：US09525749B2

公开(公告)日：2016-12-20

申请号：US13885304

申请日：2010-11-17

申请人： Jari Arkko ,  Fredrik Garneij ,  Christian Gotare ,  Tero Kauppinen ,  Heikki Mahkonen ,  Jan Melen ,  Martti Kuparinen ,  Heidi Hostikka

发明人： Jari Arkko ,  Fredrik Garneij ,  Christian Gotare ,  Tero Kauppinen ,  Heikki Mahkonen ,  Jan Melen ,  Martti Kuparinen

IPC分类号： G06F15/167 ,  H04L29/08 ,  H04L29/12 ,  G06F9/455

CPC分类号： H04L67/2842 ,  G06F9/45533 ,  G06F15/167 ,  H04L29/12066 ,  H04L29/12132 ,  H04L29/12811 ,  H04L61/1511 ,  H04L61/1552 ,  H04L61/6009

摘要： The present invention relates to a Domain Name System (DNS) server and a method for resolving DNS queries from a number of clients. The DNS server comprises multiple virtual DNS server instances servicing different clients. The DNS server further comprises a shared cache for caching records which indicate answers to resolved DNS queries. The shared cache is shared between a set of virtual DNS server instances. The virtual DNS server instances that share the shared cache are able to cache DNS query results in the shared cache as well as resolve a DNS query by retrieving a cached record corresponding to the DNS query from the shared cache. Thus it is possible for a virtual DNS server instance to make use of DNS query results obtained by other virtual DNS server instances.

摘要翻译： 本发明涉及一种域名系统（DNS）服务器以及从多个客户端解析DNS查询的方法。 DNS服务器包括为不同客户端服务的多个虚拟DNS服务器实例。 DNS服务器还包括用于缓存记录的共享缓存，其指示解决的DNS查询的答案。 共享缓存在一组虚拟DNS服务器实例之间共享。 共享共享缓存的虚拟DNS服务器实例能够将DNS查询结果缓存在共享缓存中，并通过从共享缓存中检索与DNS查询相对应的缓存记录来解析DNS查询。 因此，虚拟DNS服务器实例可以利用其他虚拟DNS服务器实例获得的DNS查询结果。

公开(公告)号：US20150074221A1

公开(公告)日：2015-03-12

申请号：US13885304

申请日：2010-11-17

申请人： Jan Melen ,  Tero Kauppinen ,  Jari Arkko ,  Heikki Mahkonen ,  Fredrik Garneij ,  Christian Gotare

发明人： Martti Kuparinen ,  Jan Melen ,  Tero Kauppinen ,  Jari Arkko ,  Heikki Mahkonen ,  Fredrik Garneij ,  Christian Gotare

IPC分类号： H04L29/08 ,  G06F9/455 ,  G06F15/167

CPC分类号： H04L67/2842 ,  G06F9/45533 ,  G06F15/167 ,  H04L29/12066 ,  H04L29/12132 ,  H04L29/12811 ,  H04L61/1511 ,  H04L61/1552 ,  H04L61/6009

摘要： The present invention relates to a Domain Name System (DNS) server and a method for resolving DNS queries from a number of clients. The DNS server comprises multiple virtual DNS server instances servicing different clients. The DNS server further comprises a shared cache for caching records which indicate answers to resolved DNS queries. The shared cache is shared between a set of virtual DNS server instances. The virtual DNS server instances that share the shared cache are able to cache DNS query results in the shared cache as well as resolve a DNS query by retrieving a cached record corresponding to the DNS query from the shared cache. Thus it is possible for a virtual DNS server instance to make use of DNS query results obtained by other virtual DNS server instances.

摘要翻译： 本发明涉及一种域名系统（DNS）服务器以及从多个客户端解析DNS查询的方法。 DNS服务器包括为不同客户端服务的多个虚拟DNS服务器实例。 DNS服务器还包括用于缓存记录的共享缓存，其指示解决的DNS查询的答案。 共享缓存在一组虚拟DNS服务器实例之间共享。 共享共享缓存的虚拟DNS服务器实例能够将DNS查询结果缓存在共享缓存中，并通过从共享缓存中检索与DNS查询相对应的缓存记录来解析DNS查询。 因此，虚拟DNS服务器实例可以利用其他虚拟DNS服务器实例获得的DNS查询结果。

公开(公告)号：US20090089872A1

公开(公告)日：2009-04-02

申请号：US12219457

申请日：2008-07-22

申请人： Jari Arkko ,  Jan Melen ,  Teemu Rinta-Aho

发明人： Jari Arkko ,  Jan Melen ,  Teemu Rinta-Aho

IPC分类号： G06F21/00

CPC分类号： H04L63/0272 ,  H04L12/2856

摘要： A method of routing traffic between external users and a communication network via a private access network. The method comprises establishing a secure outer tunnel between the private network and a gateway of a public access network to which the private network is coupled, based upon authentication of the private network to the public access network, said gateway being coupled to said communication network. For each external user wishing to connect to the communication network via the private network, a secure inner tunnel is established between the user and the gateway based upon authentication of the user to the gateway, the inner tunnel being within said outer tunnel. Traffic is caused to flow between external users and the gateway through the respective inner tunnels.

摘要翻译： 一种通过私有接入网络在外部用户和通信网络之间路由业务的方法。 所述方法包括：基于所述专用网络对所述公共接入网络的认证，在所述专用网络与所述专用网络所耦合的公共接入网络的网关之间建立安全外部隧道，所述网关耦合到所述通信网络。 对于希望通过专用网络连接到通信网络的每个外部用户，基于用户对网关的认证，内部隧道在所述外部隧道内，在用户和网关之间建立安全的内部隧道。 流量通过相应的内部隧道导致外部用户和网关之间流动。

公开(公告)号：US09628454B2

公开(公告)日：2017-04-18

申请号：US12526857

申请日：2007-02-12

申请人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

发明人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

IPC分类号： H04L9/32 ,  H04W80/04 ,  H04L12/04 ,  H04L12/06 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W80/00 ,  H04W12/06

CPC分类号： H04L63/06 ,  H04L9/3213 ,  H04L63/0823 ,  H04W12/04 ,  H04W12/06 ,  H04W36/0038 ,  H04W80/00 ,  H04W80/04 ,  H04W84/005 ,  H04W84/047

摘要： In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.

公开(公告)号：US20100106972A1

公开(公告)日：2010-04-29

申请号：US12526857

申请日：2007-02-12

申请人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

发明人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： H04L63/06 ,  H04L9/3213 ,  H04L63/0823 ,  H04W12/04 ,  H04W12/06 ,  H04W36/0038 ,  H04W80/00 ,  H04W80/04 ,  H04W84/005 ,  H04W84/047

摘要： In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.

摘要翻译： 为了将位置更新信令责任从移动节点委托给移动路由器，移动路由器被提供有由移动节点使用在移动节点和对等节点之间共享的第一对称密钥生成的第二对称密钥。 移动路由器另外设置有使用第一对称密钥来认证第二对称密钥的“证书”。 以这种方式，移动路由器可以使用第二对称密钥来签署发送到对等节点的位置更新相关消息，并且可以向对等节点提供证书，以便允许对等节点认证移动路由器的权利 代表移动节点。

公开(公告)号：US20100303072A1

公开(公告)日：2010-12-02

申请号：US12744739

申请日：2007-11-28

申请人： Petri Jokela ,  Jan Melen ,  Jukka Ylitalo

发明人： Petri Jokela ,  Jan Melen ,  Jukka Ylitalo

IPC分类号： H04L12/56

CPC分类号： H04L12/189 ,  H04L12/185 ,  H04L29/12028 ,  H04L61/103 ,  H04L63/0823 ,  H04L67/16

摘要： A method of delivering an IP multicast stream from a source node to a destination node. The method comprises establishing a Host Identity Protocol association between a multicast router and at least one further network node upstream of the multicast router, both of which are present in the multicast path, and using said association(s) to transport multicast packets.

摘要翻译： 一种将IP组播流从源节点传递到目的地节点的方法。 该方法包括在组播路由器与组播路由器上游的至少一个另外的网络节点之间建立主机标识协议关联，两者都存在于组播路径中，并使用所述关联传输组播包。

公开(公告)号：US20100027465A1

公开(公告)日：2010-02-04

申请号：US12301371

申请日：2006-05-24

申请人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

发明人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

IPC分类号： H04W8/02

CPC分类号： H04L29/12028 ,  H04L29/12311 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0823 ,  H04L63/1458 ,  H04W12/06 ,  H04W84/005

摘要： A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorised in dependence upon the result of the comparison.

摘要翻译： 一种在包括移动节点，移动路由器和对等节点的通信系统中处理移动性相关信令的方法。 该方法包括向移动路由器提供由移动节点或代表移动节点密码地签名的授权证书。 在移动路由器处，代表移动节点的对等节点发起与移动性有关的信令交换，移动路由器提供给该交换机内的对等节点，所述授权证书或证书的标识以及序列号 与证书相关联。 在对等节点处，将所接收的序列号与对等节点相对于委托证书维护的序列号进行比较，并且根据比较结果授权交换。

公开(公告)号：US08705439B2

公开(公告)日：2014-04-22

申请号：US12301371

申请日：2006-05-24

申请人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

发明人： Jukka Ylitalo ,  Jan Melen ,  Patrik Mikael Salmela

IPC分类号： H04W4/00

CPC分类号： H04L29/12028 ,  H04L29/12311 ,  H04L61/103 ,  H04L61/2084 ,  H04L63/0823 ,  H04L63/1458 ,  H04W12/06 ,  H04W84/005

摘要： A method of handling mobility-related signaling in a communications system comprising a mobile node, a mobile router, and a peer node. The method comprises providing the mobile router with a delegation certificate that is cryptographically signed by or on behalf of the mobile node. At the mobile router, a mobility-related signaling exchange is initiated with the peer node on behalf of the mobile node, the mobile router providing to the peer node within this exchange, said delegation certificate or an identification of the certificate, and a sequence number associated with the certificate. At the peer node, the received sequence number is compared with a sequence number maintained by the peer node in respect of the delegation certificate, and the exchange authorized in dependence upon the result of the comparison.

摘要翻译： 一种在包括移动节点，移动路由器和对等节点的通信系统中处理移动性相关信令的方法。 该方法包括向移动路由器提供由移动节点或代表移动节点密码地签名的授权证书。 在移动路由器处，代表移动节点的对等节点发起与移动性有关的信令交换，移动路由器提供给该交换机内的对等节点，所述授权证书或证书的标识以及序列号 与证书相关联。 在对等节点处，将所接收的序列号与对等节点相对于委托证书维护的序列号进行比较，并且根据比较结果授权交换。

公开(公告)号：US20110296027A1

公开(公告)日：2011-12-01

申请号：US13147250

申请日：2009-02-05

申请人： Patrik Salmela ,  Jan Melen ,  Jukka Ylitalo

发明人： Patrik Salmela ,  Jan Melen ,  Jukka Ylitalo

IPC分类号： G06F15/173

CPC分类号： H04W8/08 ,  H04L29/12028 ,  H04L29/12103 ,  H04L29/12283 ,  H04L29/12933 ,  H04L61/103 ,  H04L61/1535 ,  H04L61/2061 ,  H04L61/6068 ,  H04W80/04 ,  H04W84/005 ,  H04W88/182

摘要： A method of facilitating access to a Host Identity Protocol security procedure by a host connected to a moving network, where the moving network comprises a Host Identity Protocol server responsible for allocating local IP addresses to attached hosts. The method comprises registering at a rendezvous server an IP address prefix for use by said Host Identity Protocol server in allocating said local addresses, together with an externally reachable IP address of the Host Identity Protocol server. The registered IP address prefix is used at the rendezvous server to forward received I1 messages to the Host Identity Protocol server. The rendezvous server controls the allocation and registration of address prefixes to Host Identity Protocol servers in order to prevent collision of local IP addresses.

摘要翻译： 一种促进由连接到移动网络的主机访问主机身份协议安全过程的方法，其中移动网络包括负责为本地IP地址分配给主机的主机身份协议服务器。 该方法包括在会合服务器上注册所述主机标识协议服务器在分配所述本地地址时使用的IP地址前缀，以及主机标识协议服务器的外部可达IP地址。 注册的IP地址前缀在会合服务器上使用，将接收到的I1消息转发到主机标识协议服务器。 会合服务器控制地址前缀的分配和注册到主机身份协议服务器，以防止本地IP地址的冲突。

公开(公告)号：US20110055570A1

公开(公告)日：2011-03-03

申请号：US12674020

申请日：2008-08-22

申请人： Petri Jokela ,  Jan Melen ,  Patrik Salmela ,  Jukka Ylitalo

发明人： Petri Jokela ,  Jan Melen ,  Patrik Salmela ,  Jukka Ylitalo

IPC分类号： H04W36/00 ,  H04W12/04 ,  H04W12/06 ,  H04L9/32

CPC分类号： H04W8/06 ,  H04W36/0011 ,  H04W80/04 ,  H04W88/182

摘要： A method of facilitating location update signalling within a communication network between a mobile node and an end host includes establishing a trust relationship between one or more end hosts (1) and a proxy (3). When a mobile node (2) is handed-off, a location update is performed between the mobile node (2) and the proxy (3), and a location update message is sent from the proxy to the end host(s) having the trust relationship with the proxy. Multiple end hosts may authorise the same proxy to perform location update signalling on their behalf. The number of signalling messages required to perform the location update may be reduced, compared to a legacy method in which the mobile node is required to perform location update signalling with each end host.

摘要翻译： 促进移动节点和终端主机之间的通信网络内的位置更新信令的方法包括建立一个或多个终端主机（1）和代理（3）之间的信任关系。 当移动节点（2）被切换时，在移动节点（2）和代理（3）之间执行位置更新，并且将位置更新消息从代理发送到具有 与代理人的信任关系。 多个终端主机可以授权相同的代理来代表它们执行位置更新信令。 与需要移动节点与每个终端主机执行位置更新信令的传统方法相比，执行位置更新所需的信令消息的数量可以减少。