公开(公告)号：US08788629B2

公开(公告)日：2014-07-22

申请号：US12599714

申请日：2008-05-08

申请人： Patrik Salmela ,  Petri Jokela ,  Raimo Vuopionperë ,  Jan Melén

发明人： Patrik Salmela ,  Petri Jokela ,  Raimo Vuopionperë ,  Jan Melén

IPC分类号： G06F15/177

CPC分类号： H04L45/04 ,  H04L29/12066 ,  H04L29/12103 ,  H04L61/1511 ,  H04L61/1535 ,  H04L67/04

摘要： A method of configuring a plurality of rendezvous servers to provide a Host Identity Protocol, HIP, based mobility service to HIP nodes, where the servers are arranged in a hierarchical branching structure. For each HIP node, a Host Identity Tag, HIT, and contact address mapping is registered with a rendezvous server. That server then identifies itself and the HIT to each higher level server within the same branch, without explicitly identifying the contact address to those higher level servers wherein, in use, when a first rendezvous server receives a HIP contact message addressed to a given HIT, if that first server is unaware of the destination HIT, it forwards the message to a higher level server within the same branch and if the first server is not the server at which the HIT is registered but is aware of the HIT, it forwards the contact message to the neighbouring rendezvous server corresponding to the HIT.

摘要翻译： 配置多个会合服务器以向HIP节点提供基于主机标识协议，基于HIP的移动性服务的方法，其中服务器以分层分支结构排列。 对于每个HIP节点，向集合服务器注册主机标识标签，HIT和联系人地址映射。 然后，该服务器将自身和HIT识别到同一分支内的每个较高级服务器，而不明确地识别到那些较高级服务器的联系人地址，其中在使用时，当第一会合服务器接收到给定HIT的HIP联系人消息时， 如果第一个服务器不知道目的地HIT，则将消息转发到同一分支中的较高级别的服务器，如果第一个服务器不是HIT注册但知道HIT的服务器，则转发该联系人 消息发送到对应于HIT的相邻会合服务器。

公开(公告)号：US08516243B2

公开(公告)日：2013-08-20

申请号：US11816459

申请日：2005-11-17

申请人： Petri Jokela ,  Jan Melén

发明人： Petri Jokela ,  Jan Melén

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0442 ,  H04L63/0823 ,  H04W80/04

摘要： A method and apparatus of at least partially securing communications between first and second hosts using the Host Identity Protocol (HIP) is provided. The first host is not HIP enabled and the second host is HIP enabled. A persistent HIP identity is associated with the first host and maintained at a remote server. A public part of the persistent HIP identity is obtained from the remote server together with a certificate authorizing a gateway node between the first and second hosts to use a temporary HIP identity associated with the first host. A secure HIP identity is negotiated between the gateway node and the second host using at least part of each of the persistent HIP identity, the temporary HIP identity, and the certificate.

摘要翻译： 提供了使用主机标识协议（HIP）至少部分地保护第一和第二主机之间的通信的方法和装置。 第一台主机不启用HIP，第二台主机启用HIP。 持久的HIP身份与第一个主机相关联，并在远程服务器上进行维护。 永久HIP身份的公共部分从远程服务器以及授权第一和第二主机之间的网关节点的证书获得，以使用与第一主机相关联的临时HIP身份。 使用持续HIP标识，临时HIP标识和证书中的每一个的至少一部分，在网关节点和第二主机之间协商安全的HIP身份。

公开(公告)号：US20100306350A1

公开(公告)日：2010-12-02

申请号：US12599714

申请日：2008-05-08

申请人： Patrik Salmela ,  Petri Jokela ,  Raimo Vuopionperä ,  Jan Melén

发明人： Patrik Salmela ,  Petri Jokela ,  Raimo Vuopionperä ,  Jan Melén

IPC分类号： G06F15/177 ,  G06F15/16

CPC分类号： H04L45/04 ,  H04L29/12066 ,  H04L29/12103 ,  H04L61/1511 ,  H04L61/1535 ,  H04L67/04

摘要： A method of configuring a plurality of rendezvous servers to provide a Host Identity Protocol, HIP, based mobility service to HIP nodes, where the servers are arranged in a hierarchical branching structure. For each HIP node, a Host Identity Tag, HIT, and contact address mapping is registered with a rendezvous server. That server then identifies itself and the HIT to each higher level server within the same branch, without explicitly identifying the contact address to those higher level servers wherein, in use, when a first rendezvous server receives a HIP contact message addressed to a given HIT, if that first server is unaware of the destination HIT, it forwards the message to a higher level server within the same branch and if the first server is not the server at which the HIT is registered but is aware of the HIT, it forwards the contact message to the neighbouring rendezvous server corresponding to the HIT.

摘要翻译： 配置多个会合服务器以向HIP节点提供基于主机标识协议，基于HIP的移动性服务的方法，其中服务器以分层分支结构排列。 对于每个HIP节点，向集合服务器注册主机标识标签，HIT和联系人地址映射。 然后，该服务器将自身和HIT识别到同一分支内的每个较高级服务器，而不明确地识别到那些较高级服务器的联系人地址，其中在使用时，当第一会合服务器接收到给定HIT的HIP联系人消息时， 如果第一个服务器不知道目的地HIT，则将消息转发到同一分支中的较高级别的服务器，如果第一个服务器不是HIT注册但知道HIT的服务器，则转发该联系人 消息发送到对应于HIT的相邻会合服务器。

公开(公告)号：US20120300781A1

公开(公告)日：2012-11-29

申请号：US13575314

申请日：2010-12-10

申请人： Mikko Särelä ,  Petri Jokela ,  Pekka Nikander

发明人： Mikko Särelä ,  Petri Jokela ,  Pekka Nikander

IPC分类号： H04L12/56

CPC分类号： H04W40/02 ,  H04L45/10 ,  H04L45/38

摘要： A network node (4) is adapted to insert a collecting Bloom filter into a packet, and send the packet towards a second network node (8) by a hop-by-hop routing protocol. The network node (4) subsequently receives a packet sent by the second network node (8), with the header of the packet sent by the second network node containing a Bloom filter or Bloom Filter equivalent that encodes forwarding information from the second network node (8) to the network node (4). The Bloom filter or Bloom Filter equivalent received at the network node (4) may also encode forwarding information from the network node (4) to the second network node (8). In this case, the network node (4) may then determine, from the forwarding information in the Bloom filter or Bloom Filter equivalent, a first hop for forwarding packets towards the second node (8).

摘要翻译： 网络节点（4）适于将收集的Bloom过滤器插入到分组中，并且通过逐跳路由协议向第二网络节点（8）发送分组。 网络节点（4）随后接收由第二网络节点（8）发送的分组，由第二网络节点发送的分组的报头包含Bloom滤波器或Bloom Filter等价物，其编码来自第二网络节点的转发信息（ 8）到网络节点（4）。 在网络节点（4）处接收到的Bloom过滤器或Bloom Filter等价物也可以将来自网络节点（4）的转发信息编码到第二网络节点（8）。 在这种情况下，网络节点（4）然后可以根据Bloom过滤器或Bloom Filter等效的转发信息来确定用于向第二节点（8）转发数据包的第一跳。

公开(公告)号：US09154571B2

公开(公告)日：2015-10-06

申请号：US12816442

申请日：2010-06-16

申请人： Petri Jokela ,  Pekka Nikander ,  Teemu Rinta-Aho ,  Mikko Särelä

发明人： Petri Jokela ,  Pekka Nikander ,  Teemu Rinta-Aho ,  Mikko Särelä

IPC分类号： G06F15/16 ,  H04L29/08 ,  H04L29/06

CPC分类号： H04L67/2823 ,  H04L67/28 ,  H04L69/08

摘要： A method of making data, published on a first publication/subscribe (pubsub) network, available to hosts within a second publication/subscribe network where the networks are interconnected via the Internet. The method comprises registering a publication identity of said data within a rendezvous system located within the Internet, forwarding Subscribe requests associated with said publication identity from said second network to said rendezvous system and, at the rendezvous system, identifying a location of said data within said first network. The Subscribe request can then be forwarded to said first network, and said data delivered from said first network to said second network via the Internet.

摘要翻译： 在第一发布/订阅（pubsub）网络上发布的制作数据的方法可用于通过因特网互连网络的第二发布/订阅网络内的主机。 该方法包括在位于因特网内的会合系统内注册所述数据的发布标识，将与所述发布身份相关联的订阅请求从所述第二网络转发到所述会合系统，并且在所述会合系统处，识别所述数据在所述 第一网络 然后可以将订阅请求转发到所述第一网络，并且所述数据经由因特网从所述第一网络传送到所述第二网络。

公开(公告)号：US08934487B2

公开(公告)日：2015-01-13

申请号：US12613080

申请日：2009-11-05

申请人： Christian Vogt ,  Petri Jokela

发明人： Christian Vogt ,  Petri Jokela

IPC分类号： H04L12/28 ,  H04L29/12 ,  H04L29/06

CPC分类号： H04L61/6059 ,  H04L29/12367 ,  H04L29/12481 ,  H04L29/12801 ,  H04L29/12915 ,  H04L61/2514 ,  H04L61/2557 ,  H04L61/6004 ,  H04L63/0407

摘要： A first packet is received from a client over an internal network destined for a remote node of an external network. The first packet includes a source IP address having an internal network portion that identifies a location of the client in the internal network and an external network portion that identifies a location of the internal network accessible by the external network. An obfuscation operation is performed on the internal network portion of the source IP address of the first packet to conceal the location of the client in the internal network and the internal network portion of the source IP address of the first packet is rewritten with the obfuscated internal network portion while maintaining the current external network portion of the source IP address. Thereafter, the first packet is transmitted to the remote node over the external network.

摘要翻译： 通过内部网络从外部网络的远程节点接收来自客户端的第一分组。 第一分组包括具有标识内部网络中的客户端的位置的内部网络部分的源IP地址和识别由外部网络可访问的内部网络的位置的外部网络部分。 在第一分组的源IP地址的内部网络部分进行模糊处理，以隐藏内部网络中的客户端的位置，并且第一分组的源IP地址的内部网络部分被改写为混淆内部 网络部分，同时保持源IP地址的当前外部网络部分。 此后，第一个分组通过外部网络传输到远程节点。

公开(公告)号：US08559434B2

公开(公告)日：2013-10-15

申请号：US13059958

申请日：2008-10-10

申请人： Christian Esteve Rothenberg ,  Petri Jokela ,  Jimmy Kjällman ,  Pekka Nikander ,  Teemu Rinta-Aho ,  Jukka Ylitalo

发明人： Christian Esteve Rothenberg ,  Petri Jokela ,  Jimmy Kjällman ,  Pekka Nikander ,  Teemu Rinta-Aho ,  Jukka Ylitalo

IPC分类号： H04L12/28

CPC分类号： H04L45/00 ,  H04L45/16 ,  H04L45/34 ,  H04L45/566 ,  H04L45/745

摘要： A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.

摘要翻译： 提供分组路由信息的方法包括：将来自源节点到一个或多个目的地节点的路由信息​​编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得：生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。

公开(公告)号：US20110103394A1

公开(公告)日：2011-05-05

申请号：US12613080

申请日：2009-11-05

申请人： Christian Vogt ,  Petri Jokela

发明人： Christian Vogt ,  Petri Jokela

IPC分类号： H04L12/56

CPC分类号： H04L61/6059 ,  H04L29/12367 ,  H04L29/12481 ,  H04L29/12801 ,  H04L29/12915 ,  H04L61/2514 ,  H04L61/2557 ,  H04L61/6004 ,  H04L63/0407

摘要： A first packet is received from a client over an internal network destined for a remote node of an external network. The first packet includes a source IP address having an internal network portion that identifies a location of the client in the internal network and an external network portion that identifies a location of the internal network accessible by the external network. An obfuscation operation is performed on the internal network portion of the source IP address of the first packet to conceal the location of the client in the internal network and the internal network portion of the source IP address of the first packet is rewritten with the obfuscated internal network portion while maintaining the current external network portion of the source IP address. Thereafter, the first packet is transmitted to the remote node over the external network.

摘要翻译： 通过内部网络从外部网络的远程节点接收来自客户端的第一分组。 第一分组包括具有标识内部网络中的客户端的位置的内部网络部分的源IP地址和识别由外部网络可访问的内部网络的位置的外部网络部分。 在第一分组的源IP地址的内部网络部分进行模糊处理，以隐藏内部网络中的客户端的位置，并且第一分组的源IP地址的内部网络部分被改写为混淆内部 网络部分，同时保持源IP地址的当前外部网络部分。 此后，第一个分组通过外部网络传输到远程节点。

公开(公告)号：US20100303072A1

公开(公告)日：2010-12-02

申请号：US12744739

申请日：2007-11-28

申请人： Petri Jokela ,  Jan Melen ,  Jukka Ylitalo

发明人： Petri Jokela ,  Jan Melen ,  Jukka Ylitalo

IPC分类号： H04L12/56

CPC分类号： H04L12/189 ,  H04L12/185 ,  H04L29/12028 ,  H04L61/103 ,  H04L63/0823 ,  H04L67/16

摘要： A method of delivering an IP multicast stream from a source node to a destination node. The method comprises establishing a Host Identity Protocol association between a multicast router and at least one further network node upstream of the multicast router, both of which are present in the multicast path, and using said association(s) to transport multicast packets.

摘要翻译： 一种将IP组播流从源节点传递到目的地节点的方法。 该方法包括在组播路由器与组播路由器上游的至少一个另外的网络节点之间建立主机标识协议关联，两者都存在于组播路径中，并使用所述关联传输组播包。

公开(公告)号：US09628454B2

公开(公告)日：2017-04-18

申请号：US12526857

申请日：2007-02-12

申请人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

发明人： Jan Melen ,  Jukka Ylitalo ,  Pekka Nikander ,  Petri Jokela

IPC分类号： H04L9/32 ,  H04W80/04 ,  H04L12/04 ,  H04L12/06 ,  H04L9/08 ,  H04L29/06 ,  H04W12/04 ,  H04W80/00 ,  H04W12/06

CPC分类号： H04L63/06 ,  H04L9/3213 ,  H04L63/0823 ,  H04W12/04 ,  H04W12/06 ,  H04W36/0038 ,  H04W80/00 ,  H04W80/04 ,  H04W84/005 ,  H04W84/047

摘要： In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.