Methods and apparatus for securing proxy Mobile IP
First Claim
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
- receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether the source MAC address is in a client association table identifying one or more source MAC addresses; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
2 Assignments
0 Petitions
Accused Products
Abstract
An invention is disclosed that enables proxy Mobile IP registration to be performed in a secure manner. Various security mechanisms may be used independently, or in combination with one another, to authenticate the identity of a node during the registration process. First, an Access Point receiving a packet from a node verifies that the source MAC address identified in the packet is in the Access Point'"'"'s client association table. In addition, as a second mechanism, the Access Point ensures that a one-to-one mapping exists for the source MAC address and source IP address identified in the packet in a mapping table maintained by the Access Point. As a third mechanism, a binding is not modified in the mobility binding table maintained by the Home Agent unless there is a one-to-one mapping in the mobility binding table between the source MAC address and the source IP address. Similarly, the Foreign Agent may also maintain a mapping between the source IP address and the source MAC address in its visitor table to ensure a one-to-one mapping between a source IP address and the associated MAC address. The MAC address is preferably transmitted in a MAC address extension to the registration request and registration reply packets. In this manner, the Access Point, Home Agent, and Foreign Agent may ascertain the node'"'"'s MAC address and ensure a one-to-one mapping between the IP address and the MAC address during the registration process.
-
Citations
24 Claims
-
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether the source MAC address is in a client association table identifying one or more source MAC addresses; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a Home Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address;
composing a registration reply including a home address field including the source IP address, a care-of address field including the care-of address, and having a MAC address extension including the source MAC address; and
sending the registration reply to the care-of address. - View Dependent Claims (12, 13, 14, 15)
-
-
16. In a Foreign Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address;
forwarding the registration request to the Home Agent address;
receiving a registration reply having a home address field including the source IP address, a Home Agent field including the Home Agent address, and a MAC address extension including the source MAC address; and
forwarding the registration reply to the source IP address. - View Dependent Claims (17, 18, 19, 20)
-
-
21. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
-
-
22. A computer-readable medium storing thereon computer-readable instructions for performing a method n an Access Point of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
instructions for receiving a packet from the node, the packet including a source MAC address and a source IP address;
instructions for ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and
instructions for composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
-
-
23. An Access Point adapted for performing a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
means for receiving a packet from the node, the packet including a source MAC address and a source IP address;
means for ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and
means for composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
-
-
24. An Access Point adapted for performing a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
a processor; and
a memory, at least one of the processor and the memory being adapted for;
receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
-
Specification