Communication system, router, method of communication, method of routing, and computer program product

US 20060018317A1
Filed: 07/14/2005
Published: 01/26/2006
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A communication system, comprising:

a server connected to a first network; and

a router connected to the first network, wherein the server includes an option setting unit that grants to a response packet that is a response to a packet which is destined for an anycast address and which is sent from a communication apparatus connected to a second network different from the first network, anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;

a field putting unit that puts a signature field for a setting of an electronic signature in the response packet; and

a transmitting unit that transmits to the communication apparatus the response packet in which the anycast address option information has been set and the signature field has been put; and

the router includes a receiving unit that receives the response packet sent from the server to the communication apparatus;

a sender validating unit that validates whether the response packet is sent from a legitimate server based on the anycast address option information if the response packet includes the anycast address option information;

a validation information setting unit that sets an electronic signature based on information related with the response packet in the signature field put in the response packet, when the response packet is validated to be sent from the legitimate server; and

a transferring unit that transmits the response packet in which the electronic signature has been set.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system includes a server and a router which are both connected to a first network. The server grants to a response packet destined for an anycast address sent from a communication apparatus connected to a second network, anycast address option information indicating that an anycast address of a sender of the response packet, puts a signature field for a setting of an electronic signature in the response packet; and transmits to the communication apparatus the response packet. The router receives the response packet, validates whether the response packet is sent from a legitimate server based on the anycast address option information if the response packet includes the anycast address option information. The router also sets an electronic signature based on information related with the response packet in the signature field if the response packet is sent from the legitimate server, and transmits the response packet.

54 Citations

View as Search Results

19 Claims

1. A communication system, comprising:
- a server connected to a first network; and
  
  a router connected to the first network, wherein the server includes an option setting unit that grants to a response packet that is a response to a packet which is destined for an anycast address and which is sent from a communication apparatus connected to a second network different from the first network, anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;
  
  a field putting unit that puts a signature field for a setting of an electronic signature in the response packet; and
  
  a transmitting unit that transmits to the communication apparatus the response packet in which the anycast address option information has been set and the signature field has been put; and
  
  the router includes a receiving unit that receives the response packet sent from the server to the communication apparatus;
  
  a sender validating unit that validates whether the response packet is sent from a legitimate server based on the anycast address option information if the response packet includes the anycast address option information;
  
  a validation information setting unit that sets an electronic signature based on information related with the response packet in the signature field put in the response packet, when the response packet is validated to be sent from the legitimate server; and
  
  a transferring unit that transmits the response packet in which the electronic signature has been set.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The communication system according to claim 1, wherein the field putting unit further puts a time field in the response packet, and the validation information setting unit further sets a time of transfer of the response packet in the time field of the response packet.
  - 3. The communication system according to claim 2, wherein the validation information setting unit sets the electronic signature using a predetermined key information for the anycast address option information in the signature field of the response packet.
  - 4. The communication system according to claim 2, wherein the field putting unit puts the signature field and the time field in a field of the anycast address option information.
  - 5. The communication system according to claim 1, wherein the option setting unit sets an anycast address allocated to the server in the anycast address option information of the response packet, and the router further includes a storage unit that stores anycast address correspondence information which includes a unicast address of the server that is present in the first network and the anycast address allocated to the server in association with each other, the sender validating unit, when the response packet includes the anycast address option information, determines whether the anycast address of the anycast address option information matches with a unicast address corresponding to the anycast address registered in the anycast address correspondence information, and when the anycast address matches with the unicast address, determines that the response packet is sent from a legitimate server.

6. A router comprising:
- a receiving unit that receives a response packet from a server connected to a first network to a communication apparatus connected to a second network different from the first network, the response packet being a response to a packet destined for an anycast address which is sent from the communication apparatus and which is received by the server;
  
  a sender validating unit that validates whether the response packet is sent from a legitimate server based on anycast address option information which indicates that an anycast address is allocated to a sender of the response packet if the response packet includes the anycast address option information;
  
  a validation information setting unit that, when the response packet is validated to be sent from the legitimate server, sets an electronic signature based on information related with the response packet in the signature field put in the response packet; and
  
  a transferring unit that transfers the response packet in which the electronic signature is set to a next node.
- View Dependent Claims (7, 8, 9)
- - 7. The router according to claim 6, wherein the validation information setting unit further sets a time of transfer of the response packet in a time field put in the response packet by the server.
  - 8. The router according to claim 6, wherein the validation information setting unit sets the electronic signature using a predetermined key information for the anycast address option information in the signature field of the response packet.
  - 9. The router according to claim 6, wherein the sender validating unit validates, when the received response packet is to be transferred to another node for the first time, whether the response packet is sent from a legitimate server based on the anycast address option information if the response packet includes the anycast address option information, and discards the response packet if determines that the response packet is not sent from a legitimate server;
    - and the router further comprises a validating unit that validates, when the response packet is sent from a node that transfers the response packet for the first time, whether the response packet is legitimate based on the electronic signature, and if the response packet is not legitimate, discards the response packet.

10. A communication method, comprising:
- in a server connected to a first network, granting to a response packet that is a response to a packet which is destined for an anycast address and which is sent from a communication apparatus connected to a second network different from the first network, anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;
  
  in the server, putting a signature field for a setting of an electronic signature in the response packet;
  
  in the server, transmitting to the communication apparatus the response packet in which the anycast address option information has been set and the signature field has been put;
  
  in a router connected to the first network, receiving the response packet sent from the server to the communication apparatus;
  
  in the router, validating whether the response packet is sent from a legitimate server based on the anycast address option information if the response packet includes the anycast address-option information;
  
  in the router, setting an electronic signature based on information related with the response packet in the signature field put in the response packet, when the response packet is validated to be sent from the legitimate server; and
  
  in the router, transferring the response packet in which the electronic signature has been set.

11. A routing method comprising:
- receiving a response packet from a server connected to a first network to a communication apparatus connected to a second network different from the first network, the response packet being a response to a packet destined for an anycast address which is sent from the communication apparatus and which is received by the server;
  
  determining whether the received response packet includes anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;
  
  if the response packet includes the anycast address option information, validating whether the response packet is sent from a legitimate server based on the anycast address option information;
  
  setting an electronic signature based on information related with the response packet in the signature field put in the response packet, when the response packet is validated to be sent from the legitimate server; and
  
  transferring the response packet in which the electronic signature is set to a next node.
- View Dependent Claims (12, 13, 14)
- - 12. The routing method according to claim 11, further comprising setting a time of transfer of the response packet in the time field of the response packet.
  - 13. The routing method according to claim 11, further comprising setting the electronic signature using a predetermined key information for the anycast address option information in the signature field of the response packet.
  - 14. The routing method to claim 11, further comprising:
    - determining, when the received response packet is to be transferred to another node for the first time, whether the response packet includes the anycast address option information;
      
      if the response packet includes the anycast address option information, validating whether the response packet is sent from a legitimate server based on the anycast address option information; and
      
      discarding the response packet, when the response packet is determined not to be sent from a legitimate server;
      
      validating, if the response packet is sent from a node that transfers the response packet for the first time, whether the response packet is legitimate based on the electronic signature; and
      
      if the response packet is not legitimate, discarding the response packet.

15. A computer program product having a computer readable medium including programmed instructions for transmitting a packet between a server and a router which are connected to a first network, wherein the instructions, when executed by a computer, cause the computer to perform:
- granting to a response packet that is a response to a packet which is destined for an anycast address and which is sent from a communication apparatus connected to a second network different from the first network, anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;
  
  putting a signature field for a setting of an electronic signature in the response packet; and
  
  transmitting to the communication apparatus the response packet in which the anycast address option information has been set and the signature field has been put.

16. A computer program product having a computer readable medium including programmed instructions for transferring a packet sent from a server connected to a first network, wherein the instructions, when executed by a computer, cause the computer to perform:
- receiving a response packet from the server, the response packet being a response to a packet destined for an anycast address which is sent from a communication apparatus connected to a second network different from the first network and which is received by the server;
  
  determining whether the received response packet includes anycast address option information which indicates that an anycast address is allocated to a sender of the response packet;
  
  if the response packet includes the anycast address option information, validating whether the response packet is sent from a legitimate server based on the anycast address option information;
  
  setting an electronic signature based on information related with the response packet in the signature field put in the response packet, when the response packet is validated to be sent from the legitimate server; and
  
  transferring the response packet in which the electronic signature is set to a next node.
- View Dependent Claims (17, 18, 19)
- - 17. The computer program product according to claim 16, wherein the instructions further cause the computer to perform setting a time of transfer of the response packet in the time field of the response packet.
  - 18. The computer program product according to claim 16, wherein the instructions further cause the computer to perform setting the electronic signature using a predetermined key information for the anycast address option information in the signature field of the response packet.
  - 19. The computer program product according to claim 16, wherein the instructions further cause the computer to perform:
    - determining, when the received response packet is to be transferred to another node for the first time, whether the response packet includes the anycast address option information;
      
      if the response packet includes the anycast address option information, validating whether the response packet is sent from a legitimate server based on the anycast address option information; and
      
      discarding the response packet, when the response packet is validated not to be sent from a legitimate server;
      
      validating, if the response packet is sent from a node that transfers the response packet for the first time, whether the response packet is legitimate based on the electronic signature; and
      
      if the response packet is not legitimate, discarding the response packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Jimmei, Tatsuya

Granted Patent

US 7,436,833 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

H04L 61/5069   for group communication, mu...

H04L 63/12   Applying verification of th...

H04L 69/22   Parsing or analysis of headers

Communication system, router, method of communication, method of routing, and computer program product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Communication system, router, method of communication, method of routing, and computer program product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links