-
公开(公告)号:US09154571B2
公开(公告)日:2015-10-06
申请号:US12816442
申请日:2010-06-16
申请人: Petri Jokela , Pekka Nikander , Teemu Rinta-Aho , Mikko Särelä
发明人: Petri Jokela , Pekka Nikander , Teemu Rinta-Aho , Mikko Särelä
CPC分类号: H04L67/2823 , H04L67/28 , H04L69/08
摘要: A method of making data, published on a first publication/subscribe (pubsub) network, available to hosts within a second publication/subscribe network where the networks are interconnected via the Internet. The method comprises registering a publication identity of said data within a rendezvous system located within the Internet, forwarding Subscribe requests associated with said publication identity from said second network to said rendezvous system and, at the rendezvous system, identifying a location of said data within said first network. The Subscribe request can then be forwarded to said first network, and said data delivered from said first network to said second network via the Internet.
摘要翻译: 在第一发布/订阅(pubsub)网络上发布的制作数据的方法可用于通过因特网互连网络的第二发布/订阅网络内的主机。 该方法包括在位于因特网内的会合系统内注册所述数据的发布标识,将与所述发布身份相关联的订阅请求从所述第二网络转发到所述会合系统,并且在所述会合系统处,识别所述数据在所述 第一网络 然后可以将订阅请求转发到所述第一网络,并且所述数据经由因特网从所述第一网络传送到所述第二网络。
-
公开(公告)号:US20120300781A1
公开(公告)日:2012-11-29
申请号:US13575314
申请日:2010-12-10
申请人: Mikko Särelä , Petri Jokela , Pekka Nikander
发明人: Mikko Särelä , Petri Jokela , Pekka Nikander
IPC分类号: H04L12/56
摘要: A network node (4) is adapted to insert a collecting Bloom filter into a packet, and send the packet towards a second network node (8) by a hop-by-hop routing protocol. The network node (4) subsequently receives a packet sent by the second network node (8), with the header of the packet sent by the second network node containing a Bloom filter or Bloom Filter equivalent that encodes forwarding information from the second network node (8) to the network node (4). The Bloom filter or Bloom Filter equivalent received at the network node (4) may also encode forwarding information from the network node (4) to the second network node (8). In this case, the network node (4) may then determine, from the forwarding information in the Bloom filter or Bloom Filter equivalent, a first hop for forwarding packets towards the second node (8).
摘要翻译: 网络节点(4)适于将收集的Bloom过滤器插入到分组中,并且通过逐跳路由协议向第二网络节点(8)发送分组。 网络节点(4)随后接收由第二网络节点(8)发送的分组,由第二网络节点发送的分组的报头包含Bloom滤波器或Bloom Filter等价物,其编码来自第二网络节点的转发信息( 8)到网络节点(4)。 在网络节点(4)处接收到的Bloom过滤器或Bloom Filter等价物也可以将来自网络节点(4)的转发信息编码到第二网络节点(8)。 在这种情况下,网络节点(4)然后可以根据Bloom过滤器或Bloom Filter等效的转发信息来确定用于向第二节点(8)转发数据包的第一跳。
-
公开(公告)号:US20120287934A1
公开(公告)日:2012-11-15
申请号:US13521629
申请日:2010-10-22
申请人: Mikko Särelä , Mats Näslund , Pekka Nikander
发明人: Mikko Särelä , Mats Näslund , Pekka Nikander
IPC分类号: H04L12/56
CPC分类号: H04L63/04 , H04L45/04 , H04L45/34 , H04L63/164
摘要: A network node (NB1) located within a domain is adapted to receive, from another node, a packet having an in-packet Bloom filter or Bloom filter equivalent encoding information about a route within the domain. The node reversibly modifies the in-packet Bloom filter or Bloom filter equivalent in a manner which is linear with respect to the operation used to add links to the Bloom filter or Bloom filter equivalent. The node then forward the packet with its header containing the modified Bloom filter or Bloom filter to another node (NA1). The invention allows secure Bloom filter-based routing in a domain (Domain B), while requiring that only routers (NB1) at the domain boundary are secure routers. Other routers (NB2, NB3, NB4) in the domain may operate conventionally, and may be secure routers or insecure routers. The modification may be a bit permutation.
摘要翻译: 位于域内的网络节点(NB1)适于从另一个节点接收具有分组内Bloom过滤器或Bloom过滤器等效编码与域内的路由相关的信息的分组。 节点以相对于用于添加到Bloom过滤器或Bloom过滤器等价物的链接的操作是线性的方式可逆地修改包内Bloom过滤器或Bloom过滤器等价物。 然后,该节点将其包含修改的Bloom过滤器或Bloom过滤器的报头转发到另一个节点(NA1)。 本发明允许在域(域B)中基于安全的基于Bloom过滤器的路由,同时要求仅在域边界的路由器(NB1)是安全路由器。 域中的其他路由器(NB2,NB3,NB4)可以常规操作,并且可以是安全路由器或不安全路由器。 该修改可以是位置换。
-
公开(公告)号:US20120082163A1
公开(公告)日:2012-04-05
申请号:US13377008
申请日:2009-10-01
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/302 , H04L45/306 , H04L45/34 , H04L45/38
摘要: Packet routing information is encoded into a non-static compact representation of set membership, the compact representation of set membership being for inclusion into a header of a packet. The compact representation of set membership is computed using input parameters that include at least one packet-specific, flow-specific or processing-context-specific parameter. By making the compact representation of set membership packet-dependent, flow-dependent or processing-context-dependent it becomes harder for, for example, a potential attacker to obtain information needed to mount a DDoS attack. In a variant of the invention, the packet routing information is represented as a plurality of non-static identifiers for inclusion into a header of a packet.
摘要翻译: 分组路由信息被编码成集合成员的非静态紧凑表示,集合隶属的紧凑表示被包含在分组的报头中。 使用包含至少一个特定于数据包,特定于流程或处理上下文的参数的输入参数来计算集合成员资格的紧凑表示。 通过使集合成员关系数据包依赖,流依赖或处理上下文相关的紧凑表示,例如潜在攻击者获取安装DDoS攻击所需的信息变得更加困难。 在本发明的变型中,分组路由信息被表示为用于包含在分组的报头中的多个非静态标识符。
-
公开(公告)号:US08824474B2
公开(公告)日:2014-09-02
申请号:US13377008
申请日:2009-10-01
CPC分类号: H04L45/00 , H04L45/302 , H04L45/306 , H04L45/34 , H04L45/38
摘要: Methods of providing packet routing information, according to various embodiments, may include encoding the packet routing information into a compact representation of set membership. The methods may include putting the compact representation of set membership into a header of a packet. Moreover, the methods may include computing the compact representation of set membership using input parameters that include at least one packet-specific, flow-specific or processing-context-specific parameter.
摘要翻译: 根据各种实施例,提供分组路由信息的方法可以包括将分组路由信息编码成集合隶属的紧凑表示。 所述方法可以包括将集合隶属的紧凑表示放入分组的报头中。 此外,所述方法可以包括使用包括至少一个特定于分组的流特定或处理上下文特定参数的输入参数来计算集合隶属的紧凑表示。
-
公开(公告)号:US20110149973A1
公开(公告)日:2011-06-23
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目标节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
公开(公告)号:US08559434B2
公开(公告)日:2013-10-15
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
公开(公告)号:US09628454B2
公开(公告)日:2017-04-18
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
IPC分类号: H04L9/32 , H04W80/04 , H04L12/04 , H04L12/06 , H04L9/08 , H04L29/06 , H04W12/04 , H04W80/00 , H04W12/06
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
-
9.发明申请IDENTIFICATION METHOD AND APPARATUS FOR ESTABLISING HOST IDENTITY PROTOCOL (HIP) CONNECTIONS BETWEEN LEGACY AND HIP NODES 有权识别方法和设备用于打开主机身份协议(HIP)之间的联系和盗用代码公开(公告)号:US20070204150A1
公开(公告)日:2007-08-30
申请号:US10599761
申请日:2004-04-15
申请人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
发明人: Petri Jokela , Pekka Nikander , Patrik Salmela , Jari Arkko , Jukka Ylitalo
IPC分类号: G06F21/20
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method is provided of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host (102) operating in a first network environment and a second, HIP-enabled host (122) operating in a second network environment, with a gateway node (114) forming a gateway between the two environments. In the method, an identifier is associated with the first host (102), stored at the gateway node (114), and sent to the first host (102). The identifier is then used as a source address in a subsequent session initiation message sent from the first host (102) to the gateway node (114), having an indication that the destination of the message is the second host (122). The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 提供了一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机(102)和在第二网络环境中操作的第二启用HIP的主机(122)之间的通信的方法, 网关节点(114)在两个环境之间形成网关。 在该方法中,将标识符与存储在网关节点(114)处的第一主机(102)相关联,并发送到第一主机(102)。 然后,该标识符用作从第一主机(102)发送到网关节点(114)的后续会话发起消息中的源地址,其具有消息的目的地是第二主机(122)的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
10.发明授权公开(公告)号:US07873825B2
公开(公告)日:2011-01-18
申请号:US10599761
申请日:2004-04-15
IPC分类号: H04L29/06
CPC分类号: H04L29/12018 , H04L29/12066 , H04L61/10 , H04L61/1511 , H04L63/08 , H04L63/164 , H04L69/24 , H04L69/329 , H04W8/04 , H04W80/04
摘要: A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).
摘要翻译: 一种使用主机身份协议(HIP)至少部分地保护在第一网络环境中操作的第一主机与在第二网络环境中操作的第二启用HIP的主机之间的通信与形成网关的网关节点 在两个环境之间。 标识符与第一主机相关联,存储在网关节点处,并被发送到第一主机。 然后,该标识符用作从第一主机发送到网关节点的后续会话发起消息中的源地址,其具有消息的目的地是第二主机的指示。 网关节点处的存储的标识符然后用于协商到第二主机的安全HIP连接。 第一网络环境可以是UMTS或GPRS环境,在这种情况下,网关节点可以是网关GPRS支持节点(GGSN)。
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.018 秒)
