-
公开(公告)号:US08788705B2
公开(公告)日:2014-07-22
申请号:US13520301
申请日:2010-01-04
申请人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
发明人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
IPC分类号: G06F15/173
摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。
-
公开(公告)号:US20130124757A1
公开(公告)日:2013-05-16
申请号:US13520301
申请日:2010-01-04
申请人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
发明人: Karl Norrman , Jukka Ylitalo , Mats Näslund , Pekka Nikander
IPC分类号: H04L12/56
摘要: Methods and arrangements for supporting a forwarding process in routers when routing data packets through a packet-switched network, by employing hierarchical parameters in which the hops of a predetermined transmission path between a sender and a receiver are encoded. A name server generates and distributes router-associated keys to routers in the network which keys are used for computing the hierarchical parameters.
摘要翻译: 通过采用编码发送器和接收器之间的预定传输路径的跳的层次参数来支持通过分组交换网络路由数据分组时在路由器中的转发过程的方法和装置。 名称服务器生成并将与路由器相关的密钥分发给网络中用于计算分层参数的密钥的路由器。
-
公开(公告)号:US20110149973A1
公开(公告)日:2011-06-23
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目标节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
公开(公告)号:US08559434B2
公开(公告)日:2013-10-15
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
公开(公告)号:US07401216B2
公开(公告)日:2008-07-15
申请号:US10277945
申请日:2002-10-23
申请人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
发明人: Jari Arkko , Jukka Ylitalo , Pekka Nikander
IPC分类号: H04L9/00
CPC分类号: H04L63/0823 , H04L29/12009 , H04L61/00 , H04L63/0442 , H04L63/12
摘要: A method of delegating responsibility for an IP address owned by a first IP network node to a second IP network node, at least a part of the IP address being derivable from a public key of a public/private key pair belonging to the first node. The method comprises notifying the first node of a public key of a public/private key pair belonging to the second node, at the first node, signing the public key of the second node with the private key of the first node to provide an authorisation certificate, and sending the authorisation certificate from the first node to the second node, wherein the authorisation certificate is subsequently included with messages relating to said IP address and signed with the private key of the second node, sent from the second node to receiving nodes, and is used by the receiving nodes to verify the second node's claim on the IP address.
摘要翻译: 将由第一IP网络节点拥有的IP地址的责任委派给第二IP网络节点的方法,所述IP地址的至少一部分可从属于所述第一节点的公钥/私钥对的公钥导出。 该方法包括在第一节点向第一节点通知属于第二节点的公钥/私钥对的公开密钥,用第一节点的私钥对第二节点的公开密钥进行签名,以提供授权证书 并且将所述授权证书从所述第一节点发送到所述第二节点,其中所述授权证书随后包括与所述IP地址相关的消息并且与所述第二节点的私钥签名,从所述第二节点发送到接收节点,以及 被接收节点用于验证第二个节点对IP地址的声明。
-
6.发明授权公开(公告)号:US08837729B2
公开(公告)日:2014-09-16
申请号:US11883879
申请日:2006-02-10
申请人: Pekka Nikander , Jari Arrko , Mats Näslund
发明人: Pekka Nikander , Jari Arrko , Mats Näslund
CPC分类号: H04L63/0414 , H04L9/0844 , H04L63/0272 , H04L63/164 , H04L2209/38 , H04L2209/80 , H04W12/02 , H04W12/04
摘要: A method of improving privacy by hiding, in an ordered sequence of messages M[x(1), D(1)], M[x(2), D(2)], etc, communicated between a first and at least one second party sharing a key k, metadata x(i) descriptive of message processing, wherein D(i) denotes payload data. The method comprises the first and the second party agreeing on a pseudo random mapping depending on a shared key k, Fk, mapping at least x(i) to y(i), and the first party modifying the messages by replacing x(i) by y(i) in each message M(x(i), D(i)). The first party then transmits the modified messages maintaining their original order, and on reception of a message M(y(m), D), the second party uses a mapping Gk to retrieve position m of received value and the original value x(m).
摘要翻译: 一种通过以有序的消息M [x(1),D(1)],M [x(2),D(2)]等的顺序隐藏来提高隐私的方法,在第一和至少一个 共享密钥k的第二方,元数据x(i)描述消息处理,其中D(i)表示有效载荷数据。 该方法包括第一方和第二方根据共享密钥k,F k映射到至少x(i)至y(i)的伪随机映射,并且第一方通过替换x(i)来修改消息, 在每个消息M(x(i),D(i))中由y(i)表示。 第一方然后发送修改的消息保持其原始顺序,并且在接收到消息M(y(m),D)时,第二方使用映射G k来检索接收值的位置m,并且原始值x )。
-
公开(公告)号:US20120287934A1
公开(公告)日:2012-11-15
申请号:US13521629
申请日:2010-10-22
申请人: Mikko Särelä , Mats Näslund , Pekka Nikander
发明人: Mikko Särelä , Mats Näslund , Pekka Nikander
IPC分类号: H04L12/56
CPC分类号: H04L63/04 , H04L45/04 , H04L45/34 , H04L63/164
摘要: A network node (NB1) located within a domain is adapted to receive, from another node, a packet having an in-packet Bloom filter or Bloom filter equivalent encoding information about a route within the domain. The node reversibly modifies the in-packet Bloom filter or Bloom filter equivalent in a manner which is linear with respect to the operation used to add links to the Bloom filter or Bloom filter equivalent. The node then forward the packet with its header containing the modified Bloom filter or Bloom filter to another node (NA1). The invention allows secure Bloom filter-based routing in a domain (Domain B), while requiring that only routers (NB1) at the domain boundary are secure routers. Other routers (NB2, NB3, NB4) in the domain may operate conventionally, and may be secure routers or insecure routers. The modification may be a bit permutation.
摘要翻译: 位于域内的网络节点(NB1)适于从另一个节点接收具有分组内Bloom过滤器或Bloom过滤器等效编码与域内的路由相关的信息的分组。 节点以相对于用于添加到Bloom过滤器或Bloom过滤器等价物的链接的操作是线性的方式可逆地修改包内Bloom过滤器或Bloom过滤器等价物。 然后,该节点将其包含修改的Bloom过滤器或Bloom过滤器的报头转发到另一个节点(NA1)。 本发明允许在域(域B)中基于安全的基于Bloom过滤器的路由,同时要求仅在域边界的路由器(NB1)是安全路由器。 域中的其他路由器(NB2,NB3,NB4)可以常规操作,并且可以是安全路由器或不安全路由器。 该修改可以是位置换。
-
公开(公告)号:US07813718B2
公开(公告)日:2010-10-12
申请号:US12370781
申请日:2009-02-13
申请人: Jari Arkko , Pekka Nikander , Mats Näslund
发明人: Jari Arkko , Pekka Nikander , Mats Näslund
IPC分类号: H04M1/66
CPC分类号: H04L63/08 , H04L9/3236 , H04L63/061 , H04L2209/38 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W88/02
摘要: A mobile wireless terminal, the terminal comprising a generator configured to generate and store a first numerical chain comprising a series of n values using a one-way coding function such that a given value within the chain is easily obtainable from a subsequent value, but the subsequent value is not easily obtainable from that given value, and an authentication requester configured to disclose a value from the numerical chain to an access node, in order to allow the access node to authenticate the mobile wireless terminal, wherein the disclosed value succeeds any values in the chain already disclosed by the mobile wireless terminal.
摘要翻译: 一种移动无线终端,所述终端包括发生器,其被配置为使用单向编码功能生成并存储包括一系列n个值的第一数字链,使得链中的给定值可以容易地从后续值获得,但是 为了允许接入节点认证移动无线终端,认证请求器被配置为从数字链公开一个值到接入节点,其中所公开的值成功地接收任何值 在移动无线终端已经公开的链中。
-
公开(公告)号:US08824474B2
公开(公告)日:2014-09-02
申请号:US13377008
申请日:2009-10-01
CPC分类号: H04L45/00 , H04L45/302 , H04L45/306 , H04L45/34 , H04L45/38
摘要: Methods of providing packet routing information, according to various embodiments, may include encoding the packet routing information into a compact representation of set membership. The methods may include putting the compact representation of set membership into a header of a packet. Moreover, the methods may include computing the compact representation of set membership using input parameters that include at least one packet-specific, flow-specific or processing-context-specific parameter.
摘要翻译: 根据各种实施例,提供分组路由信息的方法可以包括将分组路由信息编码成集合隶属的紧凑表示。 所述方法可以包括将集合隶属的紧凑表示放入分组的报头中。 此外,所述方法可以包括使用包括至少一个特定于分组的流特定或处理上下文特定参数的输入参数来计算集合隶属的紧凑表示。
-
公开(公告)号:US09628454B2
公开(公告)日:2017-04-18
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
IPC分类号: H04L9/32 , H04W80/04 , H04L12/04 , H04L12/06 , H04L9/08 , H04L29/06 , H04W12/04 , H04W80/00 , H04W12/06
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.026 秒)
