Non-cryptographic addressing
First Claim
1. A method comprising:
- a) extracting a first network address from a first message, the first network address identifying a first node and including a hash of at least one cryptographically generated address parameter, one of the parameters being a first public key associated with the first node;
b) extracting a second network address from a second message, the second network address identifying a second node and excluding a hash of a second public key associated with the second node and of the same type as the first public key;
c) identifying the first network address as a cryptographically generated address or an extended cryptographically generated address;
d) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographically generated address authentication scheme or an extended cryptographically generated address authentication scheme;
e) identifying the second network address as a non-cryptographically generated address; and
f) authenticating the second message using the second address and a second authentication scheme which is not the same as the first authentication scheme.
2 Assignments
0 Petitions
Accused Products
Abstract
To allow down-level devices to participate in a network controlled by a protocol including CGAS or ECGAs, the CGA or ECGA authentication may be made optional to allow the down-level devices to execute non-CGA or non-ECGA versions of network protocols, while at the same time allowing the use of CGA- and/or ECGA-authenticated versions of he same protocols. To identify non-cryptographic addresses (e.g., non-CGA and non-ECGA), the address bits of a non-CGA or non-ECGA such that the address cannot be or is probably not an encoding of the hash of a public key. In this manner, a receiving node may properly identify the capabilities of the sending node, perform an appropriate authentication of the message containing the non-cryptographic address, and/or prioritize processing of information contained in the message with the non-cryptographic address.
173 Citations
20 Claims
-
1. A method comprising:
-
a) extracting a first network address from a first message, the first network address identifying a first node and including a hash of at least one cryptographically generated address parameter, one of the parameters being a first public key associated with the first node;
b) extracting a second network address from a second message, the second network address identifying a second node and excluding a hash of a second public key associated with the second node and of the same type as the first public key;
c) identifying the first network address as a cryptographically generated address or an extended cryptographically generated address;
d) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographically generated address authentication scheme or an extended cryptographically generated address authentication scheme;
e) identifying the second network address as a non-cryptographically generated address; and
f) authenticating the second message using the second address and a second authentication scheme which is not the same as the first authentication scheme. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer readable medium having stored thereon a data structure representing a network address uniquely identifying a node of a network, comprising:
-
a) a first data portion containing a routing prefix for routing an Internet Protocol packet to a destination network; and
b) a second data portion, concatenated with the first data portion, the second data portion containing at least a portion of a hash of a value, the value being distinguishable from a public key, the first data portion and the second data portion uniquely identifying the node. - View Dependent Claims (15, 16)
-
-
17. One or more computer readable media having computer executable components comprising:
-
a) means for extracting a sender'"'"'s address from a received message;
b) means for identifying the sender'"'"'s address as a non-cryptographic network address;
c) means for identifying the sender'"'"'s address as a cryptographically generated network address or an extensible cryptographically generated network address; and
d) means for authenticating the identified cryptographically generated network address or extensible cryptographically generated network address, the means for authenticating including means for hashing a public key associated with the sender'"'"'s address. - View Dependent Claims (18, 19, 20)
-
Specification