-
1.发明申请Bootstrapping method and system in mobile network using diameter-based protocol 审中-公开使用基于直径协议的移动网络中的引导方法和系统公开(公告)号:US20060078119A1
公开(公告)日:2006-04-13
申请号:US11177528
申请日:2005-07-07
IPC分类号: H04K1/00
CPC分类号: H04L63/08 , H04L63/164
摘要: A bootstrapping method and system in a mobile network using a Diameter-based protocol are provided. The bootstrapping system includes; a mobile node, connecting to a local network, which creates and transmits an AAA request message; and a home AAA server of a home network, which authenticates the mobile node based on the AAA request message received through a local AAA server of the local network, allocates a home agent and a home address relating to the mobile node, transmits the address of the home agent and the home address along with Internet key exchange (IKE) phase 1 security key material to the mobile node, and transmits an IKE phase 1 security key to the home agent, wherein the mobile node generates the IKE phase 1 security key using the IKE phase 1 security key material, distributes IP security (IPsec) security agreement (SA) with the home agent using IKE phase 2, and performs a binding update with the home agent using distributed IPsec SA. Therefore, the bootstrapping system can dynamically initialize the mobile node, using a Diameter infrastructure.
摘要翻译: 提供了使用基于Diameter协议的移动网络中的引导方法和系统。 引导系统包括: 连接到本地网络的移动节点,其创建并发送AAA请求消息; 以及家庭网络的归属AAA服务器,其基于通过本地网络的本地AAA服务器接收的AAA请求消息来认证移动节点,分配归属代理和与移动节点相关的归属地址, 归属代理和归属地址以及互联网密钥交换(IKE)第一阶段安全密钥资料到移动节点,并将IKE阶段1的安全密钥发送到归属代理,其中移动节点使用 IKE阶段1安全密钥材料,使用IKE阶段2与归属代理分配IP安全(IPsec)安全协议(SA),并使用分布式IPsec SA与归属代理执行绑定更新。 因此,引导系统可以使用Diameter基础架构动态初始化移动节点。
-
2.发明申请Method for generating and authenticating address automatically in IPv6-based internet and data structure thereof 审中-公开在基于IPv6的互联网及其数据结构中自动生成和认证地址的方法公开(公告)号:US20060077908A1
公开(公告)日:2006-04-13
申请号:US11081388
申请日:2005-03-15
IPC分类号: H04L12/28
CPC分类号: H04L29/12216 , H04L29/1232 , H04L61/2007 , H04L61/2092 , H04L63/123 , H04L69/16 , H04L69/161 , H04L69/167
摘要: Provided are a method for automatically generating an address in the IPv6-based Internet when a sender having a pair of a public key and a private key establishes a network connection, and a data format thereof. The method includes generating a CGA address and a CGA option based on the public key and a predetermined parameter, generating a signature option for verifying the CGA option, additionally generating a timestamp option in a case where a unidirectional message is transmitted to the network, and additionally generating a nonce option containing random numbers in a case where a bidirectional message is transmitted to the network, and adding the signature option, the timestamp option and the nonce option to a Neighbor Discovery (ND) option field to form an ND message, and transmitting the ND message to the network. When a host enters the network in a Zero Configuration over the IPv6-based Internet, the host can securely generate its own address without using a manual key. The method can also be applied to general IPv6 packet authentication or position authentication of a mobile node.
摘要翻译: 提供了一种当具有一对公钥和私钥的发送方建立网络连接时,在基于IPv6的因特网中自动生成地址的方法及其数据格式。 该方法包括基于公共密钥和预定参数生成CGA地址和CGA选项,生成用于验证CGA选项的签名选项,在将单向消息发送到网络的情况下另外生成时间戳选项,以及 在将双向消息发送到网络的情况下,另外生成包含随机数的随机数,并将签名选项,时间戳选项和随机数选项添加到邻居发现(ND)选项字段以形成ND消息,以及 将ND消息发送到网络。 当主机通过基于IPv6的Internet在零配置中进入网络时,主机可以安全地生成自己的地址,而无需使用手动密钥。 该方法还可以应用于移动节点的一般IPv6分组认证或位置认证。
-
3.发明申请公开(公告)号:US20050105489A1
公开(公告)日:2005-05-19
申请号:US10923184
申请日:2004-08-19
CPC分类号: H04W40/02 , H04L45/00 , H04L67/303 , H04L69/329 , H04W8/02 , H04W8/26 , H04W36/0016
摘要: A network apparatus and packet routing method for ubiquitous computing are provided. In the network apparatus, a movement detection unit detects movement from a first network to a second network, and a movement address setting unit generates care-of-address (CoA) information corresponding to prefix information of the second network. A movement registration unit registers a movement address by transmitting a binding update message containing the generated CoA and home address (HoA) mapping information, to a home agent. A resource setting unit registers information on current terminal apparatuses among network terminal apparatuses on the second network. A packet distribution unit distributes the received packet to a current terminal apparatus corresponding to the application characteristic of the packet received from the home agent based on the information on the current terminal apparatuses.
摘要翻译: 提供了一种用于无处不在的计算的网络设备和分组路由方法。 在网络装置中,移动检测部检测从第一网络向第二网络的移动,移动地址设定部生成与第二网络的前缀信息对应的转交地址(CoA)信息。 移动注册单元通过将包含所生成的CoA和归属地址(HoA)映射信息的绑定更新消息发送到归属代理来注册移动地址。 资源设置单元在第二网络上的网络终端装置中登记当前终端装置的信息。 分组分发单元基于关于当前终端设备的信息,将接收的分组分发到与归属代理接收的分组的应用特性相对应的当前终端设备。
-
4.发明申请Method of transmitting and receiving message using encryption/decryption key 审中-公开使用加密/解密密钥发送和接收消息的方法公开(公告)号:US20050141718A1
公开(公告)日:2005-06-30
申请号:US10860970
申请日:2004-06-03
CPC分类号: H04L9/0894
摘要: Provided is a method of transmitting and receiving a message using an encryption/decryption key, by which each of a sender and a recipient can generate an encryption/decryption key and recover a key used for encryption/decryption while transmitting and receiving the message using an electronic device. The method includes: (a) a user generating his/her own private key and a public key, registering the public key with a key recovery agent (KRA), and setting shared secret information; and (b) a sender transmitting the recovery information necessary for decryption of the transmission message to a recipient, and the recipient generating a key necessary for the decryption from the recovery information and decrypting the transmission message. The method may further include the recipient requesting recovery of the session key to the KRA.
摘要翻译: 提供了一种使用加密/解密密钥发送和接收消息的方法,通过该方法,发送者和接收者中的每一个可以生成加密/解密密钥并恢复用于加密/解密的密钥,同时使用 电子设备。 该方法包括:(a)生成他/她自己的私钥和公开密钥的用户,用密钥恢复代理(KRA)注册公共密钥,并设置共享的秘密信息; 以及(b)发送方将发送消息解密所必需的恢复信息发送给接收者,接收者从恢复信息生成解密所必需的密钥并解密传输消息。 该方法还可以包括接收请求恢复到KRA的会话密钥。
-
5.发明申请Network system and communication methods for securely bootstraping mobile IPv6 mobile node using pre-shared key 失效使用预共享密钥安全地引导移动IPv6移动节点的网络系统和通信方法公开(公告)号:US20070136590A1
公开(公告)日:2007-06-14
申请号:US11635181
申请日:2006-12-07
申请人: Jae Nah , Hyeok Kwon , Jong Jang
发明人: Jae Nah , Hyeok Kwon , Jong Jang
IPC分类号: H04L9/00
CPC分类号: H04L9/0844 , H04L9/321 , H04L61/203 , H04L61/6059 , H04L63/0272 , H04L63/062 , H04L63/08 , H04L63/0892 , H04L63/164 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W80/04
摘要: Provided is a network system using diameter authentication, authorization and accounting (AAA) infrastructure to support the bootstrapping of a Mobile Internet Protocol version 6 (IPv6) mobile node. The network system includes a mobile node equipped with Mobile IPv6, an attendant which is accessed by the mobile node when the mobile node moves toward a new network, an AAA local server which supports AAA processes for the mobile node in a local network, an AAA home server which supports AAA processes for the mobile node in a home network, and supports initial settings during the bootstrapping of the mobile node, and a home agent which handles binding update (BU) and binding acknowledgement (BA) regarding the mobile node. The AAA home server can configure initial settings for the mobile node that is authenticated by the AAA local server so that the mobile node can be effectively bootstrapped. Then, the AAA home server can distribute an IPsec SA to the mobile node and a home agent, and perform BU and BA based on the initial settings.
摘要翻译: 提供了一种使用直径认证,授权和计费(AAA)基础设施来支持移动互联网协议版本6(IPv6)移动节点的引导的网络系统。 该网络系统包括移动节点,该移动节点配备有移动IPv6,当移动节点向新网络移动时被移动节点接入的话务员,支持本地网络中的移动节点的AAA进程的AAA本地服务器,AAA 家庭服务器,其支持归属网络中的移动节点的AAA进程,并且在移动节点的引导期间支持初始设置,以及处理关于移动节点的绑定更新(BU)和绑定确认(BA)的归属代理。 AAA家庭服务器可以配置由AAA本地服务器认证的移动节点的初始设置,从而可以有效地引导移动节点。 然后,AAA家庭服务器可以向移动节点和归属代理分配IPsec SA,并且基于初始设置来执行BU和BA。
-
-
-
-
搜索结果
5 条记录 (耗时 0.019 秒)
