Method and system for securing mobile IPV6 home address option using ingress filtering
First Claim
1. A method for securely communicating packets that include the home address destination option in a mobile IPv6 protocol network, comprising:
- (a) providing a care of address to a mobile node that employs an access router to communicate with at least one resource over a visited network;
(b) enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(c) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, enabling the mobile node to communicate another type of data through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate the other type of data through the access router.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention provides for disabling communication at the access router on a visited network that supports mobile IP v6 and the home address destination option. Until a home agent or a correspondent node authenticates the home IP address of the mobile node and the access router verifies this address, the mobile node is unable to communicate with other resources over the visited network. If the home IP address included in a binding acknowledgement message is verified by the access router and affirmatively compared to the state of a corresponding binding update message from the mobile node, the access router enables subsequent messages to be communicated over the visited network between the mobile node and other resources.
136 Citations
20 Claims
-
1. A method for securely communicating packets that include the home address destination option in a mobile IPv6 protocol network, comprising:
-
(a) providing a care of address to a mobile node that employs an access router to communicate with at least one resource over a visited network;
(b) enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(c) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, enabling the mobile node to communicate another type of data through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate the other type of data through the access router. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for securely communicating packets that include the home address destination option in a mobile IPv6 protocol network, comprising:
-
(a) a destination for packets sent over a network; and
(b) a mobile node that performs actions, including;
(i) receiving a care of address that employs an access router to communicate with at least one resource over a visited network;
(ii) enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(iii) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, enabling the mobile node to communicate another type of data through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate the other type of data through the access router. - View Dependent Claims (11, 12, 13)
-
-
14. An apparatus for securely communicating packets using the home address destination option in a mobile IPv6 protocol network, comprising:
-
(a) a network interface that sends and receives packetized messages; and
(b) a transcoder that performs actions, including;
(i) enabling a care of address to be provided to a mobile node that employs an access router to communicate with at least one resource over a visited network;
(ii) enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(iii) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, enabling the mobile node to communicate another type of data through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate the other type of data through the access router. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer-readable medium that includes instructions for performing actions, including:
-
(a) providing a care of address to a mobile node that employs an access router to communicate with at least one resource over a visited network;
(b) enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(c) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, enabling the mobile node to communicate through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate with any resource through the access router.
-
-
20. A method for securely communicating packets using the home address destination option in a mobile IPv6 protocol network, comprising:
-
(a) means for providing a care of address to a mobile node that employs an access router to communicate with at least one resource over a visited network;
(b) means for enabling a binding update message from the mobile node to be forwarded by the access router to another node for authentication, wherein the other node sends a binding acknowledgement message to the mobile node if a home IP address included in the binding update message is authentic; and
(c) if the binding acknowledgement message from the other node is determined by the access router to verify the home IP address for the mobile node, means for enabling the mobile node to communicate through the access router with at least one resource over the visited network, wherein until the home IP address is verified by the access router, the mobile node is unable to communicate with any resource through the access router.
-
Specification