公开(公告)号：US20020181400A1

公开(公告)日：2002-12-05

申请号：US09870141

申请日：2001-05-30

申请人： Nokia Corporation

发明人： Haihong Zheng ,  Franck Le ,  Stefano M. Faccin

IPC分类号： H04L012/26 ,  H04L012/56

CPC分类号： H04L69/22

摘要： A method of communicating a flow of data packets across a network, said network comprising routing means including communication nodes and communication endpoints, wherein a data packet is structured to have a plurality of fields including header fields and payload fields and such a data packet is communicated from endpoint to endpoint via at least one node; the method comprising the steps of generating (S31) a flow identity number for said flow by an originating endpoint of said flow; writing (S32), by said originating endpoint, at least a source address of said flow and a destination address of said flow into header fields of each of data packets belonging to said flow; writing (S32) said flow identity number into a header field of each data packet belonging to said flow which is examined by every routing means along the communication path of said flow, but remains unchanged during the whole communication; and examining (S33) the header fields containing said flow identity number, said source address and said destination address by every (S36) routing means along the communication path of said flow, wherein said flow is uniquely identified by the flow identity number being unique itself, or by combination of said source address and said flow identity number, or by combination of said source address and said destination address and said flow identity number.

摘要翻译： 一种通过网络传送数据分组流的方法，所述网络包括包括通信节点和通信端点的路由装置，其中数据分组被构造为具有包括报头字段和有效载荷字段的多个字段，并且这样的数据分组被传送 通过至少一个节点从端点到端点; 该方法包括以下步骤：由所述流的始发端产生（S31）所述流的流标识号; 由所述始发端点写入（S32）至少将所述流的源地址和所述流的目的地址转换为属于所述流的每个数据分组的报头字段; 将所述流标识号写入（S32），将所述流标识号写入属于所述流的每个数据分组的报头字段，所述报头字段由每个路由装置沿着所述流的通信路径检查，但在整个通信期间保持不变; 以及沿着所述流的通信路径，通过每个（S36）路由装置检查（S33）包含所述流标识号，所述源地址和所述目的地地址的报头字段，其中所述流由唯一标识的唯一标识符 ，或通过所述源地址和所述流标识号的组合，或者通过所述源地址和所述目的地地址和所述流标识号的组合。

公开(公告)号：US20030014668A1

公开(公告)日：2003-01-16

申请号：US09905463

申请日：2001-07-13

申请人： Nokia Corporation

发明人： Stefano Faccin ,  Franck Le

IPC分类号： H04L009/32

CPC分类号： H04L63/08 ,  H04L29/06027 ,  H04L65/1006 ,  H04L65/1069 ,  H04M7/00 ,  H04M7/0078 ,  H04W12/06 ,  H04W48/08

摘要： The invention proposes a method of performing authentication of a subscriber during a subscriber equipment terminated call, comprising the steps of sending a session invitation message (S4, S5) to the subscriber equipment, the session invitation message including authentication information (AuthData1), and performing an authentication procedure in the subscriber equipment by using the authentication information. The invention also proposes a corresponding network system, network control element and subscriber entity.

公开(公告)号：US20040268123A1

公开(公告)日：2004-12-30

申请号：US10721504

申请日：2003-11-26

申请人： Nokia Corporation

发明人： Franck Le ,  Stefano M. Faccin

IPC分类号： H04L009/00

CPC分类号： H04L63/123 ,  H04L9/3073 ,  H04L9/3247 ,  H04L9/3297 ,  H04L69/22 ,  H04L2209/80

摘要： A method for protecting packets to be sent from a first network node to a second network node is provided. According to one embodiment, the method includes the steps of generating validity information for a packet, and generating a header for the packet, including the validity information. The method also includes the step of sending the packet including the header from the first network node to the second network node. The validity information includes all necessary information required for performing a validity check of the packet. Thus, no pre-established security association is needed to verify the validity of a packet.

摘要翻译： 提供了一种用于保护要从第一网络节点发送到第二网络节点的分组的方法。 根据一个实施例，该方法包括以下步骤：产生分组的有效性信息，以及生成分组的报头，包括有效性信息。 该方法还包括将包括头部的分组从第一网络节点发送到第二网络节点的步骤。 有效性信息包括执行分组的有效性检查所需的所有必要信息。 因此，不需要预先建立的安全关联来验证分组的有效性。

公开(公告)号：US20040029584A1

公开(公告)日：2004-02-12

申请号：US10609016

申请日：2003-06-27

申请人： Nokia Corporation

发明人： Franck Le ,  Stefano Faccin ,  Basavaraj Patil

IPC分类号： H04Q007/20

CPC分类号： H04L63/083 ,  H04L63/164 ,  H04W80/00

摘要： A method for registering a home address of a mobile node with a home agent in a network. Instead of using the home address of the mobile node as the key element in identifying the mobile node, the home agent uses the network access identity of the mobile node included in a registration request sent by the mobile node to the home agent in the registration process. Upon receiving the registration request, the home agent authenticates the mobile node by selecting the appropriate security association based on the network access identity. In response, the home agent may send Authentication and Key material to the mobile node so as to allow the mobile node to further provide the home agent with a mobile node authentication for use in a challenge-response procedure.

摘要翻译： 一种用于在网络中用归属代理注册移动节点的归属地址的方法。 代理使用移动节点的归属地址作为识别移动节点的关键要素，归属代理使用移动节点发送的注册请求中包括的移动节点的网络接入身份到注册过程中的归属代理 。 在接收到注册请求后，归属代理通过基于网络访问身份选择适当的安全关联来认证移动节点。 作为响应，归属代理可以向移动节点发送认证和密钥材料，以便允许移动节点进一步向归属代理提供用于质询 - 响应过程的移动节点验证。