LOCATION PRIVACY THROUGH IP ADDRESS SPACE SCRAMBLING
First Claim
Patent Images
1. A network address assignment method for assigning an address to a host for network communications, the method comprising:
- computing a pseudo prefix incorporating an encryption of a subnet address associated with a subnet associated with the host; and
communicating the pseudo prefix to the host for use as part of said address assigned to the host, the address being for use by the host as the host'"'"'s address in network communications.
0 Assignments
0 Petitions
Accused Products
Abstract
In a network, a router uses some secret information combined with a cryptographic process in determination of a subnet'"'"'s routing prefix. Several methods are disclosed, including using an IP suffix for prefix generation and for decryption, maintaining a pool of pseudo prefixes at the router, using public key encryption and symmetric key encryption.
23 Citations
61 Claims
-
1. A network address assignment method for assigning an address to a host for network communications, the method comprising:
-
computing a pseudo prefix incorporating an encryption of a subnet address associated with a subnet associated with the host; and
communicating the pseudo prefix to the host for use as part of said address assigned to the host, the address being for use by the host as the host'"'"'s address in network communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 52)
-
-
11. A network address assignment method for assigning an address to a host for network communications, the method comprising:
-
receiving an address request from the host associated with a router in a network;
computing a pseudo prefix including logically combining an actual routing prefix and a message authentication code computed over nonce data and a suffix of the address of the host to produce a result; and
communicating the pseudo prefix to the host for use as part of said address assigned to the host, the address being for use by the host as the host'"'"'s address in network communications. - View Dependent Claims (12, 13, 14, 15, 16, 53)
-
-
17. A network address assignment method for assigning an address to a host associated with a router in a network, wherein the host and the router are part of a privacy domain, the method comprising:
-
receiving an address request from the host;
computing a pseudo prefix, including encrypting an actual routing prefix of the router using an encryption key; and
communicating the pseudo prefix to the host, the host using the pseudo prefix to configure the host'"'"'s address, said address being for use as a destination address both in packets destined to the host and originating inside the privacy domain and in packets destined to the host and originating outside the privacy domain;
wherein each router inside the privacy domain is provided with cryptographic information for decrypting the pseudo prefix to obtain the actual routing prefix when routing data to the host, but the privacy domain does not provide the cryptographic information to one or more routers outside the privacy domain, the one or more routers outside the privacy domain being operable to forward data to at least one router in the privacy domain without decrypting the pseudo prefix. - View Dependent Claims (18, 54)
-
-
19. A network address assignment method for assigning a network address to a host for network communications, the method comprising:
-
receiving an address request from the host associated with a router in a network;
computing a network address, the network address including 1) a common routing prefix shared between all routers in the network, 2) a pseudo prefix portion, 3) data including a number generated by the router, referred to as nonce; and
communicating the network address to the host for use by the host as the host'"'"'s network address in network communications. - View Dependent Claims (20, 21, 22, 23, 55)
-
-
24. A method for routing a data packet in a network, the method comprising:
-
receiving the data packet over the network, the data packet comprising a destination address comprising an encryption of a subnet address associated with the data packet'"'"'s destination;
decrypting the destination address to obtain the subnet address; and
forwarding said data packet over a network in accordance with the subnet address to deliver said data packet comprising said destination address comprising said encryption of said subnet address to the data packet'"'"'s destination. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 56)
-
-
39. A method for configuring a new internet protocol (IP) address, the method comprising:
-
at a network host, requesting an address prefix;
receiving a pseudo prefix computed using an encryption of a routing prefix of a router associated with the host; and
the host combining the pseudo prefix with a suffix of the host to form the new IP address, and using the new IP address as the host'"'"'s address in network communications. - View Dependent Claims (40, 57)
-
-
41. A method for operating a router in a communication network, the method comprising:
-
receiving a packet;
reading a destination address from the packet;
determining a network routing prefix from the destination address, wherein determining the network routing prefix comprises using secret information and a cryptographic process;
caching the network routing prefix determined above for later use; and
forwarding the packet in accordance with the network routing prefix to deliver the packet comprising said destination address to the packet'"'"'s destination specified by the destination address. - View Dependent Claims (42, 43, 44, 58)
-
- 45. A method for network communication in a network comprising a privacy domain comprising a plurality of networked devices comprising one or more routers, the network domain comprising a plurality of subnets, wherein each of said devices is associated with at least one of said subnets, and each of said subnets is associated with at least one subnet address corresponding to a prefix of an address of a networked device, the method comprising the one or more routers of the privacy domain advertising prefixes associated with the subnet addresses, but at least one of the networked devices in the privacy domain having an address whose prefix does not coincide with any of the advertised prefixes.
- 48. A method for network communications, the method comprising a host receiving a data packet in a subnet with which the host is associated, the data packet comprising a destination address identifying the host, the destination address comprising an encryption of a subnet address of the subnet.
-
51. A method for delivering a data packet over a network to a host in a privacy domain, the data packet having a destination address comprising an encrypted portion of a subnet address of a subnet associated with a host and an encrypted portion of the subnet address, the method comprising:
-
routing the packet by one or more routers outside the privacy domain to a router in the privacy domain using the unencrypted portion without decrypting the encrypted portion; and
routing the packet by one or more routers inside the privacy domain by decrypting the decrypted portion. - View Dependent Claims (61)
-
Specification