-
公开(公告)号:US09628454B2
公开(公告)日:2017-04-18
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
IPC分类号: H04L9/32 , H04W80/04 , H04L12/04 , H04L12/06 , H04L9/08 , H04L29/06 , H04W12/04 , H04W80/00 , H04W12/06
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
-
公开(公告)号:US20100303072A1
公开(公告)日:2010-12-02
申请号:US12744739
申请日:2007-11-28
申请人: Petri Jokela , Jan Melen , Jukka Ylitalo
发明人: Petri Jokela , Jan Melen , Jukka Ylitalo
IPC分类号: H04L12/56
CPC分类号: H04L12/189 , H04L12/185 , H04L29/12028 , H04L61/103 , H04L63/0823 , H04L67/16
摘要: A method of delivering an IP multicast stream from a source node to a destination node. The method comprises establishing a Host Identity Protocol association between a multicast router and at least one further network node upstream of the multicast router, both of which are present in the multicast path, and using said association(s) to transport multicast packets.
摘要翻译: 一种将IP组播流从源节点传递到目的地节点的方法。 该方法包括在组播路由器与组播路由器上游的至少一个另外的网络节点之间建立主机标识协议关联,两者都存在于组播路径中,并使用所述关联传输组播包。
-
公开(公告)号:US20100106972A1
公开(公告)日:2010-04-29
申请号:US12526857
申请日:2007-02-12
申请人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
发明人: Jan Melen , Jukka Ylitalo , Pekka Nikander , Petri Jokela
CPC分类号: H04L63/06 , H04L9/3213 , H04L63/0823 , H04W12/04 , H04W12/06 , H04W36/0038 , H04W80/00 , H04W80/04 , H04W84/005 , H04W84/047
摘要: In order to delegate location update signaling responsibility from a Mobile Node to a Mobile Router, the Mobile Router is provided with a second symmetric key generated by a Mobile Node using a first symmetric key shared between the Mobile Node and a Peer Node. The Mobile Router is additionally provided with a “certificate” authenticating the second symmetric key using the first symmetric key. In this way, the mobile router can sign location update related messages sent to the Peer Node with the second symmetric key, and can provide the Peer Node with the certificate in order to allow the Peer Node to authenticate the right of the Mobile Router to act on behalf of the Mobile Node.
摘要翻译: 为了将位置更新信令责任从移动节点委托给移动路由器,移动路由器被提供有由移动节点使用在移动节点和对等节点之间共享的第一对称密钥生成的第二对称密钥。 移动路由器另外设置有使用第一对称密钥来认证第二对称密钥的“证书”。 以这种方式,移动路由器可以使用第二对称密钥来签署发送到对等节点的位置更新相关消息,并且可以向对等节点提供证书,以便允许对等节点认证移动路由器的权利 代表移动节点。
-
公开(公告)号:US20110055570A1
公开(公告)日:2011-03-03
申请号:US12674020
申请日:2008-08-22
申请人: Petri Jokela , Jan Melen , Patrik Salmela , Jukka Ylitalo
发明人: Petri Jokela , Jan Melen , Patrik Salmela , Jukka Ylitalo
CPC分类号: H04W8/06 , H04W36/0011 , H04W80/04 , H04W88/182
摘要: A method of facilitating location update signalling within a communication network between a mobile node and an end host includes establishing a trust relationship between one or more end hosts (1) and a proxy (3). When a mobile node (2) is handed-off, a location update is performed between the mobile node (2) and the proxy (3), and a location update message is sent from the proxy to the end host(s) having the trust relationship with the proxy. Multiple end hosts may authorise the same proxy to perform location update signalling on their behalf. The number of signalling messages required to perform the location update may be reduced, compared to a legacy method in which the mobile node is required to perform location update signalling with each end host.
摘要翻译: 促进移动节点和终端主机之间的通信网络内的位置更新信令的方法包括建立一个或多个终端主机(1)和代理(3)之间的信任关系。 当移动节点(2)被切换时,在移动节点(2)和代理(3)之间执行位置更新,并且将位置更新消息从代理发送到具有 与代理人的信任关系。 多个终端主机可以授权相同的代理来代表它们执行位置更新信令。 与需要移动节点与每个终端主机执行位置更新信令的传统方法相比,执行位置更新所需的信令消息的数量可以减少。
-
公开(公告)号:US20090265541A1
公开(公告)日:2009-10-22
申请号:US12300059
申请日:2007-04-30
申请人: Jukka Ylitalo , Petri Jokela , Jan Melen , Raimo Vuopionpera
发明人: Jukka Ylitalo , Petri Jokela , Jan Melen , Raimo Vuopionpera
CPC分类号: H04L63/06 , H04L29/12028 , H04L61/103 , H04L67/1002 , H04L67/1008
摘要: A method of establishing a Host Identity Protocol session between first and second Host Identity Protocol enabled hosts, where at least said second host is located behind a reverse-proxy. The method comprises providing the reverse-proxy with Diffie-Hellman public keying material of the second host, sending said Diffie-Hellman public keying material from the reverse-proxy to the first host as part of the Host Identity Protocol base exchange procedure, this material being bound to the Host Identity of the reverse-proxy for the purpose of the Host Identity Protocol session, and, at the first host, using the Host Identity of the reverse-proxy as the correspondent Host Identity for the Host Identity Protocol session, and, at the second host, using the Host Identity of the reverse-proxy as the originating Host Identity for the Host Identity Protocol session.
摘要翻译: 一种在启用第一和第二主机标识协议的主机之间建立主机标识协议会话的方法,其中至少所述第二主机位于反向代理之后。 该方法包括向第二主机的Diffie-Hellman公开密钥资源提供反向代理,作为主机标识协议基础交换过程的一部分,将所述Diffie-Hellman公钥密钥资料从反向代理发送给第一主机,该资料 被绑定到用于主机标识协议会话的反向代理的主机标识,并且在第一主机使用反向代理的主机标识作为主机标识协议会话的对应主机标识,以及 在第二主机处,使用反向代理的主机标识作为主机标识协议会话的始发主机标识。
-
公开(公告)号:US20080271132A1
公开(公告)日:2008-10-30
申请号:US11816459
申请日:2005-11-17
申请人: Petri Jokela , Jan Melen
发明人: Petri Jokela , Jan Melen
IPC分类号: H04L9/00
CPC分类号: H04L63/0442 , H04L63/0823 , H04W80/04
摘要: A method is provided of at least partially securing communications between first and second hosts using the Host Identity Protocol, HIP, where the first host is not HIP enabled and the second host is HIP enabled. A persistent HIP identity is associated with the first host and maintained at a remote server. A public part of the persistent HIP identity is obtained from the remote server together with a certificate authorising a gateway node between the first and second hosts to use a temporary HIP identity associated with the first host in a subsequent negotiating step. A secure HIP connection is then negotiated between the gateway node and the second host using at least part of each of the persistent HIP identity, the temporary HIP identity and the certificate. A Host Identity Protocol, HIP, method is provided for use in a network in which a non-HIP-enabled host is communicating with a HIP-enabled host via a plurality of gateway nodes in turn, comprising using a persistent HIP identity for the first host, maintained at a remote server, for each such gateway node used.
摘要翻译: 提供一种使用主机标识协议HIP至少部分地保护第一和第二主机之间的通信的方法,其中第一主机不启用HIP并且第二主机是启用HIP的。 持久的HIP身份与第一个主机相关联,并在远程服务器上进行维护。 永久HIP身份的公共部分从远程服务器以及授权第一和第二主机之间的网关节点的证书获得,以在随后的协商步骤中使用与第一主机相关联的临时HIP身份。 然后在网关节点和第二主机之间使用至少一部分持续的HIP标识,临时HIP标识和证书来协商一个安全的HIP连接。 主机身份协议HIP方法被提供用于网络中,其中非HIP使能的主机依次通过多个网关节点与启用HIP的主机进行通信,包括使用第一 主机,维护在远程服务器上,为每个这样的网关节点使用。
-
公开(公告)号:US20120300781A1
公开(公告)日:2012-11-29
申请号:US13575314
申请日:2010-12-10
申请人: Mikko Särelä , Petri Jokela , Pekka Nikander
发明人: Mikko Särelä , Petri Jokela , Pekka Nikander
IPC分类号: H04L12/56
摘要: A network node (4) is adapted to insert a collecting Bloom filter into a packet, and send the packet towards a second network node (8) by a hop-by-hop routing protocol. The network node (4) subsequently receives a packet sent by the second network node (8), with the header of the packet sent by the second network node containing a Bloom filter or Bloom Filter equivalent that encodes forwarding information from the second network node (8) to the network node (4). The Bloom filter or Bloom Filter equivalent received at the network node (4) may also encode forwarding information from the network node (4) to the second network node (8). In this case, the network node (4) may then determine, from the forwarding information in the Bloom filter or Bloom Filter equivalent, a first hop for forwarding packets towards the second node (8).
摘要翻译: 网络节点(4)适于将收集的Bloom过滤器插入到分组中,并且通过逐跳路由协议向第二网络节点(8)发送分组。 网络节点(4)随后接收由第二网络节点(8)发送的分组,由第二网络节点发送的分组的报头包含Bloom滤波器或Bloom Filter等价物,其编码来自第二网络节点的转发信息( 8)到网络节点(4)。 在网络节点(4)处接收到的Bloom过滤器或Bloom Filter等价物也可以将来自网络节点(4)的转发信息编码到第二网络节点(8)。 在这种情况下,网络节点(4)然后可以根据Bloom过滤器或Bloom Filter等效的转发信息来确定用于向第二节点(8)转发数据包的第一跳。
-
公开(公告)号:US09154571B2
公开(公告)日:2015-10-06
申请号:US12816442
申请日:2010-06-16
申请人: Petri Jokela , Pekka Nikander , Teemu Rinta-Aho , Mikko Särelä
发明人: Petri Jokela , Pekka Nikander , Teemu Rinta-Aho , Mikko Särelä
CPC分类号: H04L67/2823 , H04L67/28 , H04L69/08
摘要: A method of making data, published on a first publication/subscribe (pubsub) network, available to hosts within a second publication/subscribe network where the networks are interconnected via the Internet. The method comprises registering a publication identity of said data within a rendezvous system located within the Internet, forwarding Subscribe requests associated with said publication identity from said second network to said rendezvous system and, at the rendezvous system, identifying a location of said data within said first network. The Subscribe request can then be forwarded to said first network, and said data delivered from said first network to said second network via the Internet.
摘要翻译: 在第一发布/订阅(pubsub)网络上发布的制作数据的方法可用于通过因特网互连网络的第二发布/订阅网络内的主机。 该方法包括在位于因特网内的会合系统内注册所述数据的发布标识,将与所述发布身份相关联的订阅请求从所述第二网络转发到所述会合系统,并且在所述会合系统处,识别所述数据在所述 第一网络 然后可以将订阅请求转发到所述第一网络,并且所述数据经由因特网从所述第一网络传送到所述第二网络。
-
公开(公告)号:US08934487B2
公开(公告)日:2015-01-13
申请号:US12613080
申请日:2009-11-05
申请人: Christian Vogt , Petri Jokela
发明人: Christian Vogt , Petri Jokela
CPC分类号: H04L61/6059 , H04L29/12367 , H04L29/12481 , H04L29/12801 , H04L29/12915 , H04L61/2514 , H04L61/2557 , H04L61/6004 , H04L63/0407
摘要: A first packet is received from a client over an internal network destined for a remote node of an external network. The first packet includes a source IP address having an internal network portion that identifies a location of the client in the internal network and an external network portion that identifies a location of the internal network accessible by the external network. An obfuscation operation is performed on the internal network portion of the source IP address of the first packet to conceal the location of the client in the internal network and the internal network portion of the source IP address of the first packet is rewritten with the obfuscated internal network portion while maintaining the current external network portion of the source IP address. Thereafter, the first packet is transmitted to the remote node over the external network.
摘要翻译: 通过内部网络从外部网络的远程节点接收来自客户端的第一分组。 第一分组包括具有标识内部网络中的客户端的位置的内部网络部分的源IP地址和识别由外部网络可访问的内部网络的位置的外部网络部分。 在第一分组的源IP地址的内部网络部分进行模糊处理,以隐藏内部网络中的客户端的位置,并且第一分组的源IP地址的内部网络部分被改写为混淆内部 网络部分,同时保持源IP地址的当前外部网络部分。 此后,第一个分组通过外部网络传输到远程节点。
-
公开(公告)号:US08559434B2
公开(公告)日:2013-10-15
申请号:US13059958
申请日:2008-10-10
申请人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
发明人: Christian Esteve Rothenberg , Petri Jokela , Jimmy Kjällman , Pekka Nikander , Teemu Rinta-Aho , Jukka Ylitalo
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/16 , H04L45/34 , H04L45/566 , H04L45/745
摘要: A method of providing packet routing information comprises: encoding routing information from a source node to one or more destination nodes into a compact representation of set membership; and putting the compact representation of sets into a header of a packet that is to be sent from the source node to the destination node(s). The compact representation may be obtained by: generating d representations of a set of identifiers; generating d candidate compact representations of set membership from the d representations of the identifiers; and selecting one of the candidate compact representation of set membership. The selection may be made on the basis of which of the candidate compact representations has the lowest rate of returning false positives.
摘要翻译: 提供分组路由信息的方法包括:将来自源节点到一个或多个目的地节点的路由信息编码为集合隶属的紧凑表示; 并将集合的紧凑表示放在要从源节点发送到目的地节点的分组的报头中。 紧凑表示可以通过以下方式获得:生成一组标识符的d表示; 从标识符的d表示生成集合隶属的d候选紧凑表示; 并选择集合隶属的候选紧凑表示中的一个。 可以基于哪个候选紧凑表示具有最低的返回误报率来进行选择。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.019 秒)
