-
公开(公告)号:US07401216B2
公开(公告)日:2008-07-15
申请号:US10277945
申请日:2002-10-23
申请人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
发明人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
IPC分类号: H04L9/00
CPC分类号: H04L63/0823 , H04L29/12009 , H04L61/00 , H04L63/0442 , H04L63/12
摘要: A method of delegating responsibility for an IP address owned by a first IP network node to a second IP network node, at least a part of the IP address being derivable from a public key of a public/private key pair belonging to the first node. The method comprises notifying the first node of a public key of a public/private key pair belonging to the second node, at the first node, signing the public key of the second node with the private key of the first node to provide an authorisation certificate, and sending the authorisation certificate from the first node to the second node, wherein the authorisation certificate is subsequently included with messages relating to said IP address and signed with the private key of the second node, sent from the second node to receiving nodes, and is used by the receiving nodes to verify the second node's claim on the IP address.
摘要翻译: 将由第一IP网络节点拥有的IP地址的责任委派给第二IP网络节点的方法,所述IP地址的至少一部分可从属于所述第一节点的公钥/私钥对的公钥导出。 该方法包括在第一节点向第一节点通知属于第二节点的公钥/私钥对的公开密钥,用第一节点的私钥对第二节点的公开密钥进行签名,以提供授权证书 并且将所述授权证书从所述第一节点发送到所述第二节点,其中所述授权证书随后包括与所述IP地址相关的消息并且与所述第二节点的私钥签名,从所述第二节点发送到接收节点,以及 被接收节点用于验证第二个节点对IP地址的声明。
-
2.发明授权公开(公告)号:US07873825B2
公开(公告)日:2011-01-18
申请号:US10599761
申请日:2004-04-15
IPC分类号: H04L29/06
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机与在第二网络环境中操作的第二启用HIP的主机之间的通信与形成网关的网关节点 在两个环境之间。 标识符与第一主机相关联,存储在网关节点处,并被发送到第一主机。 然后,该标识符用作从第一主机发送到网关节点的后续会话发起消息中的源地址,其具有消息的目的地是第二主机的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
3.发明申请IDENTIFICATION METHOD AND APPARATUS FOR ESTABLISING HOST IDENTITY PROTOCOL (HIP) CONNECTIONS BETWEEN LEGACY AND HIP NODES 有权识别方法和设备用于打开主机身份协议(HIP)之间的联系和盗用代码公开(公告)号:US20070204150A1
公开(公告)日:2007-08-30
申请号:US10599761
申请日:2004-04-15
申请人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
发明人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
IPC分类号: G06F21/20
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method is provided of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host (102) operating in a first network environment and a second, HIP-enabled host (122) operating in a second network environment, with a gateway node (114) forming a gateway between the two environments. In the method, an identifier is associated with the first host (102), stored at the gateway node (114), and sent to the first host (102). The identifier is then used as a source address in a subsequent session initiation message sent from the first host (102) to the gateway node (114), having an indication that the destination of the message is the second host (122). The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 提供了一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机(102)和在第二网络环境中操作的第二启用HIP的主机(122)之间的通信的方法, 网关节点(114)在两个环境之间形成网关。 在该方法中,将标识符与存储在网关节点(114)处的第一主机(102)相关联,并发送到第一主机(102)。 然后,该标识符用作从第一主机(102)发送到网关节点(114)的后续会话发起消息中的源地址,其具有消息的目的地是第二主机(122)的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
公开(公告)号:US08824474B2
公开(公告)日:2014-09-02
申请号:US13377008
申请日:2009-10-01
CPC分类号: H04L45/00 , H04L45/302 , H04L45/306 , H04L45/34 , H04L45/38
摘要: Methods of providing packet routing information, according to various embodiments, may include encoding the packet routing information into a compact representation of set membership. The methods may include putting the compact representation of set membership into a header of a packet. Moreover, the methods may include computing the compact representation of set membership using input parameters that include at least one packet-specific, flow-specific or processing-context-specific parameter.
摘要翻译: 根据各种实施例,提供分组路由信息的方法可以包括将分组路由信息编码成集合隶属的紧凑表示。 所述方法可以包括将集合隶属的紧凑表示放入分组的报头中。 此外,所述方法可以包括使用包括至少一个特定于分组的流特定或处理上下文特定参数的输入参数来计算集合隶属的紧凑表示。
-
公开(公告)号:US20130124757A1
公开(公告)日:2013-05-16
申请号:US13520301
申请日:2010-01-04
申请人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
发明人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
IPC分类号: H04L12/56
摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。
-
公开(公告)号:US08559434B2
公开(公告)日:2013-10-15
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
公开(公告)号:US20100106972A1
公开(公告)日:2010-04-29
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
摘要翻译: 为了将位置更新信令责任从移动节点委托给移动路由器,移动路由器被提供有由移动节点使用在移动节点和对等节点之间共享的第一对称密钥生成的第二对称密钥。 移动路由器另外设置有使用第一对称密钥来认证第二对称密钥的“证书”。 以这种方式,移动路由器可以使用第二对称密钥来签署发送到对等节点的位置更新相关消息,并且可以向对等节点提供证书,以便允许对等节点认证移动路由器的权利 代表移动节点。
-
公开(公告)号:US09628454B2
公开(公告)日:2017-04-18
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
IPC分类号: H04L9/32 , H04W80/04 , H04L12/04 , H04L12/06 , H04L9/08 , H04L29/06 , H04W12/04 , H04W80/00 , H04W12/06
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
-
公开(公告)号:US20120082163A1
公开(公告)日:2012-04-05
申请号:US13377008
申请日:2009-10-01
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/302 , H04L45/306 , H04L45/34 , H04L45/38
摘要: Packet routing information is encoded into a non-static compact representation of set membership, the compact representation of set membership being for inclusion into a header of a packet. The compact representation of set membership is computed using input parameters that include at least one packet-specific, flow-specific or processing-context-specific parameter. By making the compact representation of set membership packet-dependent, flow-dependent or processing-context-dependent it becomes harder for, for example, a potential attacker to obtain information needed to mount a DDoS attack. In a variant of the invention, the packet routing information is represented as a plurality of non-static identifiers for inclusion into a header of a packet.
摘要翻译: 分组路由信息被编码成集合成员的非静态紧凑表示,集合隶属的紧凑表示被包含在分组的报头中。 使用包含至少一个特定于数据包,特定于流程或处理上下文的参数的输入参数来计算集合成员资格的紧凑表示。 通过使集合成员关系数据包依赖,流依赖或处理上下文相关的紧凑表示,例如潜在攻击者获取安装DDoS攻击所需的信息变得更加困难。 在本发明的变型中,分组路由信息被表示为用于包含在分组的报头中的多个非静态标识符。
-
公开(公告)号:US08788705B2
公开(公告)日:2014-07-22
申请号:US13520301
申请日:2010-01-04
申请人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
发明人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
IPC分类号: G06F15/173
摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.018 秒)