-
公开(公告)号:US07401216B2
公开(公告)日:2008-07-15
申请号:US10277945
申请日:2002-10-23
申请人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
发明人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
IPC分类号: H04L9/00
CPC分类号: H04L63/0823 , H04L29/12009 , H04L61/00 , H04L63/0442 , H04L63/12
摘要: A method of delegating responsibility for an IP address owned by a first IP network node to a second IP network node, at least a part of the IP address being derivable from a public key of a public/private key pair belonging to the first node. The method comprises notifying the first node of a public key of a public/private key pair belonging to the second node, at the first node, signing the public key of the second node with the private key of the first node to provide an authorisation certificate, and sending the authorisation certificate from the first node to the second node, wherein the authorisation certificate is subsequently included with messages relating to said IP address and signed with the private key of the second node, sent from the second node to receiving nodes, and is used by the receiving nodes to verify the second node's claim on the IP address.
摘要翻译: 将由第一IP网络节点拥有的IP地址的责任委派给第二IP网络节点的方法,所述IP地址的至少一部分可从属于所述第一节点的公钥/私钥对的公钥导出。 该方法包括在第一节点向第一节点通知属于第二节点的公钥/私钥对的公开密钥,用第一节点的私钥对第二节点的公开密钥进行签名,以提供授权证书 并且将所述授权证书从所述第一节点发送到所述第二节点,其中所述授权证书随后包括与所述IP地址相关的消息并且与所述第二节点的私钥签名,从所述第二节点发送到接收节点,以及 被接收节点用于验证第二个节点对IP地址的声明。
-
2.发明授权公开(公告)号:US07873825B2
公开(公告)日:2011-01-18
申请号:US10599761
申请日:2004-04-15
IPC分类号: H04L29/06
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机与在第二网络环境中操作的第二启用HIP的主机之间的通信与形成网关的网关节点 在两个环境之间。 标识符与第一主机相关联,存储在网关节点处,并被发送到第一主机。 然后,该标识符用作从第一主机发送到网关节点的后续会话发起消息中的源地址,其具有消息的目的地是第二主机的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
3.发明申请IDENTIFICATION METHOD AND APPARATUS FOR ESTABLISING HOST IDENTITY PROTOCOL (HIP) CONNECTIONS BETWEEN LEGACY AND HIP NODES 有权识别方法和设备用于打开主机身份协议(HIP)之间的联系和盗用代码公开(公告)号:US20070204150A1
公开(公告)日:2007-08-30
申请号:US10599761
申请日:2004-04-15
申请人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
发明人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
IPC分类号: G06F21/20
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method is provided of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host (102) operating in a first network environment and a second, HIP-enabled host (122) operating in a second network environment, with a gateway node (114) forming a gateway between the two environments. In the method, an identifier is associated with the first host (102), stored at the gateway node (114), and sent to the first host (102). The identifier is then used as a source address in a subsequent session initiation message sent from the first host (102) to the gateway node (114), having an indication that the destination of the message is the second host (122). The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 提供了一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机(102)和在第二网络环境中操作的第二启用HIP的主机(122)之间的通信的方法, 网关节点(114)在两个环境之间形成网关。 在该方法中,将标识符与存储在网关节点(114)处的第一主机(102)相关联,并发送到第一主机(102)。 然后,该标识符用作从第一主机(102)发送到网关节点(114)的后续会话发起消息中的源地址,其具有消息的目的地是第二主机(122)的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
公开(公告)号:US20090285181A1
公开(公告)日:2009-11-19
申请号:US12418372
申请日:2009-04-03
申请人: Pekka Nikander , Jari Arkko
发明人: Pekka Nikander , Jari Arkko
IPC分类号: H04W36/00
CPC分类号: H04W36/0016 , H04L69/167 , H04W36/02 , H04W40/02 , H04W40/36 , H04W80/04
摘要: A method of forwarding IP packets, sent to an old care-of-address of a mobile node, to the mobile node following a handover of the mobile node from a first old access router to a second new access router. The method comprises, prior to completion of said handover, providing said first router or another proxy node with information necessary to determine the new IP care-of address to be used by the mobile node when the mobile node is transferred to the second access router. At said first router or said proxy node, the new care-of-address for the mobile node is determined using said information and ownership of the new care-of-address by the mobile node confirmed, and subsequently packets received at said first access network and destined for said old care-of-address are forwarded to the predicted care-of-address address.
摘要翻译: 一种在移动节点从第一旧接入路由器切换到第二新接入路由器之后,向移动节点转发发送到移动节点的旧转交地址的IP分组的方法。 该方法包括:在所述切换完成之前,当移动节点被传送到第二接入路由器时,向所述第一路由器或另一代理节点提供确定要由移动节点使用的新的IP转交地址所必需的信息 。 在所述第一路由器或所述代理节点处,移动节点的新转交地址由所确定的移动节点的新的转交地址的所述信息和所有权确定,并且随后在所述第一接入网络 并且预定用于所述旧的转交地址转发到预期的转交地址。
-
公开(公告)号:US20070242638A1
公开(公告)日:2007-10-18
申请号:US11573831
申请日:2004-08-20
申请人: Jari Arkko , Pekka Nikander
发明人: Jari Arkko , Pekka Nikander
IPC分类号: H04L12/28
CPC分类号: H04W60/00 , H04L63/0823 , H04L63/126 , H04W8/087 , H04W12/06 , H04W40/02 , H04W74/00 , H04W80/00 , H04W80/04
摘要: A method of facilitating Internet Protocol access by a mobile node to an access Network, the method comprising: sending an attachment request from the mobile node to an access router of the access network, the request containing a mobile node identifier and an Interface Identifier or means for deriving an Interface Identifier, and being signed by the mobile node to allow the message to be authenticated as originating at that mobile node; receiving the request at the access router and authenticating the message there using the signature, and in response to the receipt and authentication of the message, performing a predefined set of tasks delegated to the access node and which are required to facilitate said access; and returning an acknowledgment from the access router to the mobile node confirming the access permission, the acknowledgement containing a network routing prefix and means for authenticating the access router to the mobile node.
摘要翻译: 一种促进移动节点对接入网络的因特网协议访问的方法,所述方法包括:从所述移动节点向所述接入网络的接入路由器发送附着请求,所述请求包含移动节点标识符和接口标识符或装置 用于导出接口标识符,并且被移动节点签名以允许将该消息认证为源于该移动节点; 在所述接入路由器处接收所述请求并使用所述签名在其上验证所述消息,并且响应于所述消息的接收和认证,执行委托给所述接入节点的预定义的任务集合,并且为便于所述接入而需要该任务; 以及从所述接入路由器返回确认所述访问许可的所述确认,所述确认包含网络路由前缀以及用于认证到所述移动节点的所述接入路由器的装置。
-
公开(公告)号:US08644256B2
公开(公告)日:2014-02-04
申请号:US13181984
申请日:2011-07-13
申请人: Pekka Nikander , Jari Arkko
发明人: Pekka Nikander , Jari Arkko
IPC分类号: H04W4/00
CPC分类号: H04W36/0016 , H04L69/167 , H04W36/02 , H04W40/02 , H04W40/36 , H04W80/04
摘要: A method of forwarding IP packets, sent to an old care-of-address of a mobile node, to the mobile node following a handover of the mobile node from a first old access router to a second new access router. The method comprises, prior to completion of said handover, providing said first router or another proxy node with information necessary to determine the new IP care-of address to be used by the mobile node when the mobile node is transferred to the second access router. At said first router or said proxy node, the new care-of-address for the mobile node is determined using said information and ownership of the new care-of-address by the mobile node confirmed, and subsequently packets received at said first access network and destined for said old care-of-address are forwarded to the predicted care-of-address address.
摘要翻译: 一种在移动节点从第一旧接入路由器切换到第二新接入路由器之后,向移动节点转发发送到移动节点的旧转交地址的IP分组的方法。 该方法包括:在所述切换完成之前,当移动节点被传送到第二接入路由器时,向所述第一路由器或另一代理节点提供确定要由移动节点使用的新的IP转交地址所必需的信息 。 在所述第一路由器或所述代理节点处,移动节点的新转交地址由所确定的移动节点的新的转交地址的所述信息和所有权确定,并且随后在所述第一接入网络 并且预定用于所述旧的转交地址转发到预期的转交地址。
-
公开(公告)号:US08009631B2
公开(公告)日:2011-08-30
申请号:US12418372
申请日:2009-04-03
申请人: Pekka Nikander , Jari Arkko
发明人: Pekka Nikander , Jari Arkko
IPC分类号: H04W4/00
CPC分类号: H04W36/0016 , H04L69/167 , H04W36/02 , H04W40/02 , H04W40/36 , H04W80/04
摘要: A method of forwarding IP packets, sent to an old care-of-address of a mobile node, to the mobile node following a handover of the mobile node from a first old access router to a second new access router. The method comprises, prior to completion of said handover, providing said first router or another proxy node with information necessary to determine the new IP care-of address to be used by the mobile node when the mobile node is transferred to the second access router. At said first router or said proxy node, the new care-of-address for the mobile node is determined using said information and ownership of the new care-of-address by the mobile node confirmed, and subsequently packets received at said first access network and destined for said old care-of-address are forwarded to the predicted care-of-address address.
摘要翻译: 一种在移动节点从第一旧接入路由器切换到第二新接入路由器之后,向移动节点转发发送到移动节点的旧转交地址的IP分组的方法。 该方法包括:在完成所述切换之前,当移动节点被传送到第二接入路由器时,向所述第一路由器或另一代理节点提供确定要由移动节点使用的新的IP转交地址所必需的信息。 在所述第一路由器或所述代理节点处,移动节点的新转交地址由所确定的移动节点的新的转交地址的所述信息和所有权确定,并且随后在所述第一接入网络 并且预定用于所述旧的转交地址转发到预期的转交地址。
-
公开(公告)号:US07551914B2
公开(公告)日:2009-06-23
申请号:US10584293
申请日:2003-12-24
申请人: Jari Arkko , Pekka Nikander , Mats Naslund
发明人: Jari Arkko , Pekka Nikander , Mats Naslund
IPC分类号: H04M1/66
CPC分类号: H04W12/04 , H04L9/3236 , H04L63/061 , H04L63/08 , H04L2209/38 , H04L2209/80 , H04W12/06 , H04W12/10
摘要: A method of authenticating a mobile node to a communication system is provided, the communication system comprising a plurality of access nodes, the method comprising the steps of (a) generating a numerical chain comprising a seriesof values using a one-way coding function such that a given value within the chain is easily obtainable from a subsequent value, but the subsequent value is not easily obtainable from that given value; (b) sending a value from the first numerical chain from the mobile node to an access node to which the mobile node wishes to attach; and (c) using the sent value at the access node to authenticate the mobile node.
摘要翻译: 提供了一种向通信系统认证移动节点的方法,所述通信系统包括多个接入节点,所述方法包括以下步骤:(a)使用单向编码功能生成包括一系列值的数字链,使得 链中的给定值可以从随后的值容易地获得,但是后续值不容易从该给定值获得; (b)从第一数字链从移动节点发送值到移动节点希望附加的接入节点; 和(c)在接入节点使用发送的值来认证移动节点。
-
公开(公告)号:US07813718B2
公开(公告)日:2010-10-12
申请号:US12370781
申请日:2009-02-13
申请人: Jari Arkko , Pekka Nikander , Mats Näslund
发明人: Jari Arkko , Pekka Nikander , Mats Näslund
IPC分类号: H04M1/66
CPC分类号: H04L63/08 , H04L9/3236 , H04L63/061 , H04L2209/38 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W88/02
摘要: A mobile wireless terminal, the terminal comprising a generator configured to generate and store a first numerical chain comprising a series of n values using a one-way coding function such that a given value within the chain is easily obtainable from a subsequent value, but the subsequent value is not easily obtainable from that given value, and an authentication requester configured to disclose a value from the numerical chain to an access node, in order to allow the access node to authenticate the mobile wireless terminal, wherein the disclosed value succeeds any values in the chain already disclosed by the mobile wireless terminal.
摘要翻译: 一种移动无线终端,所述终端包括发生器,其被配置为使用单向编码功能生成并存储包括一系列n个值的第一数字链,使得链中的给定值可以容易地从后续值获得,但是 为了允许接入节点认证移动无线终端,认证请求器被配置为从数字链公开一个值到接入节点,其中所公开的值成功地接收任何值 在移动无线终端已经公开的链中。
-
公开(公告)号:US07535870B2
公开(公告)日:2009-05-19
申请号:US10558498
申请日:2004-03-22
申请人: Pekka Nikander , Jari Arkko
发明人: Pekka Nikander , Jari Arkko
IPC分类号: H04Q7/00
CPC分类号: H04W36/0016 , H04L69/167 , H04W36/02 , H04W40/02 , H04W40/36 , H04W80/04
摘要: A method of forwarding IP packets, sent to an old care-of-address of a mobile node, to the mobile node following a handover of the mobile node from a first old access router to a second new access router. The method comprises, prior to completion of said handover, providing said first router or another proxy node with information necessary to determine the new IP care-of address to be used by the mobile node when the mobile node is transferred to the second access router. At said first router or said proxy node, the new care-of-address for the mobile node is determined using said information and ownership of the new care-of-address by the mobile node confirmed, and subsequently packets received at said first access network and destined for said old care-of-address are forwarded to the predicted care-of-address address.
摘要翻译: 一种在移动节点从第一旧接入路由器切换到第二新接入路由器之后,向移动节点转发发送到移动节点的旧转交地址的IP分组的方法。 该方法包括:在所述切换完成之前,当移动节点被传送到第二接入路由器时,向所述第一路由器或另一代理节点提供确定要由移动节点使用的新的IP转交地址所必需的信息 。 在所述第一路由器或所述代理节点处,移动节点的新转交地址由所确定的移动节点的新的转交地址的所述信息和所有权确定,并且随后在所述第一接入网络 并且预定用于所述旧的转交地址转发到预期的转交地址。
-
-
-
-
-
-
-
-
-
搜索结果
48 条记录 (耗时 0.02 秒)
