Providing anonymity to a mobile node in a session with a correspondent node

US 20070189250A1
Filed: 04/04/2006
Published: 08/16/2007
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing unlinkability to a mobile node in a session with a correspondent node, the method comprising the steps of:

sending a first update from said mobile node towards said correspondent node, said first update comprising a first sequence value;

calculating at said correspondent node an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism;

creating at said correspondent node a table entry for said session, said table entry for storing said expected sequence value;

calculating at said mobile node a second sequence value based at least in part on said first sequence value, using said first hashing mechanism;

sending from said mobile node towards said correspondent node a second update comprising said second sequence value; and

identifying at said correspondent node said table entry by looking through said table for a match between said expected sequence value and said second sequence value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a correspondent node and a mobile node provide anonymity and unlinkability to a mobile node in a session with a correspondent node. Sequence values, calculated based on secret data, are added to updates sent from the mobile node towards the correspondent node and are used by the correspondent node to authenticate updates from the mobile node. A home address of the mobile node is not explicitly disclosed. An expected care-of address is calculated at the correspondent node and used by the correspondent node to send data packets to the mobile node.

Citations

19 Claims

1. A method of providing unlinkability to a mobile node in a session with a correspondent node, the method comprising the steps of:
- sending a first update from said mobile node towards said correspondent node, said first update comprising a first sequence value;
  
  calculating at said correspondent node an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism;
  
  creating at said correspondent node a table entry for said session, said table entry for storing said expected sequence value;
  
  calculating at said mobile node a second sequence value based at least in part on said first sequence value, using said first hashing mechanism;
  
  sending from said mobile node towards said correspondent node a second update comprising said second sequence value; and
  
  identifying at said correspondent node said table entry by looking through said table for a match between said expected sequence value and said second sequence value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising the steps of:
    - responsive to said first update, calculating at said correspondent node a shared secret key for said mobile node;
      
      storing said shared secret key in said table entry;
      
      sending an acknowledgement from said correspondent node towards said mobile node, said acknowledgement comprising said shared secret key; and
      
      storing said shared secret key at said mobile node before sending said second update.
  - 3. The method of claim 2, wherein:
    - said first update further comprises a first pseudo care-of address equal to a home address if said mobile node is in a home network for said mobile node or equal to a care-of address if said mobile node is in a foreign network;
      
      said table entry further stores said first pseudo care-of address;
      
      said second update further comprises a second pseudo care-of address equal to said home address if said mobile node is in said home network for said mobile node or equal to a new care-of address if said mobile node is in a new foreign network;
      
      said second update is sent responsive to a change of a location of said mobile node; and
      
      said table entry overwrites said pseudo care-of address with said second pseudo care-of address.
  - 4. The method of claim 3, wherein:
    - said first sequence value is included in said first pseudo care-of address; and
      
      said second sequence value is included in said second pseudo care-of address.
  - 5. The method of claim 3, further providing anonymity, wherein:
    - said mobile node calculates a virtual home address based at least in part on said first pseudo care-of address;
      
      said first update further comprises said virtual home address and a privacy indication;
      
      said step of calculating at said correspondent node said expected sequence value is responsive to said privacy indication in said first update;
      
      said correspondent node stores said virtual home address in said table entry; and
      
      said correspondent node uses said first pseudo care-of address and said virtual home address to send packets towards said mobile node until said correspondent node receives said second update.
  - 6. The method of claim 5, further comprising the steps of:
    - responsive to said second update comprising said privacy indication, calculating at said correspondent node a further expected sequence value based at least in part on said second sequence value;
      
      calculating at said correspondent node an expected care-of address, based at least in part on said second pseudo care-of address;
      
      calculating at said correspondent node an expected virtual home address based at least in part on said expected care-of address;
      
      updating said table entry by storing said further expected sequence value, said expected care-of address and said expected virtual home address;
      
      sending a further acknowledgement from said correspondent node towards said mobile node;
      
      calculating at said mobile node a copy of said expected care-of address, based at least in part on said second pseudo care-of address;
      
      calculating at said mobile node a copy of said expected virtual home address based at least in part on said copy of said expected care of address; and
      
      using at said correspondent node said expected care-of address and said expected virtual home address to send packets towards said mobile node until said correspondent node receives said second update.
  - 7. The method of claim 6, wherein:
    - said step of calculating at said correspondent node said expected sequence value further comprises calculating based at least in part on said shared secret key;
      
      said step of calculating at said mobile node said second sequence value further comprises calculating based at least in part on said shared secret key;
      
      said step of calculating at said correspondent node said further expected sequence value further comprises calculating based at least in part on said shared secret key and using said first hashing mechanism;
      
      said step of calculating at said correspondent node said expected care-of address further comprises calculating based at least in part on said shared secret key and using a second hashing mechanism;
      
      said step of calculating at said mobile node said copy of said expected care-of address further comprises calculating based at least in part on said shared secret key and using said second hashing mechanism;
      
      said step of calculating at said mobile node said virtual home address uses a third hashing mechanism;
      
      said step of calculating at said correspondent node said expected virtual home address uses said third hashing mechanism; and
      
      said step of calculating at said mobile node said copy of said expected virtual home address uses said third hashing mechanism.
  - 8. The method of claim 1, wherein:
    - said correspondent node ignores said second update if said second sequence value does not match any expected sequence value in any table entry.
  - 9. The method of claim 1, wherein:
    - said update further comprises a public key of said mobile node; and
      
      said correspondent node authenticates said first update based on said public key.

10. A mobile node, comprising:
- a memory for storing a first sequence value and a second sequence value;
  
  a processor for calculating said first sequence value, for storing said first sequence value in said memory, for reading said first sequence value from said memory, for calculating said second sequence value by use of a first hashing mechanism, based at least in part on said first sequence value, and for storing in said memory said second sequence value;
  
  an access interface for sending towards a corresponderit node a first update comprising said first sequence value and a second update comprising said second sequence value; and
  
  a communication logic for controlling a session with said correspondent node, said communication logic requesting said processor to calculate said first and said second sequence values and requesting said access interface to send said first and said second updates.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The mobile node of claim 10, wherein:
    - said access interface is for receiving an acknowledgement from said correspondent node, said acknowledgement comprising a shared secret key;
      
      said processor is for decrypting said shared secret key; and
      
      said memory is for storing said decrypted shared secret key.
  - 12. The mobile node of claim 10, wherein:
    - said first hashing mechanism further calculates said second sequence value based at least in part on said shared secret key;
      
      said processor further comprises a second hashing mechanism for calculating a virtual home address based at least in part on a pseudo care-of address;
      
      said processor further comprises a third hashing mechanism for calculating an expected care-of address based at least in part on said pseudo care-of address and based at least in part on said shared secret key; and
      
      said second hashing mechanism is further for calculating an expected virtual home address based at least in part on said expected care-of address.
  - 13. The mobile node of claim 10, wherein:
    - said communication logic is for controlling sending of said first update upon set up of said session;
      
      said communication logic is for detecting a location change of said mobile node; and
      
      said communication logic is for controlling sending of said second update responsive to said location change.
  - 14. The mobile node of claim 13, wherein:
    - said communication logic is for determining whether said session is set up through a connection of said access interface to a home network or to a foreign network;
      
      said communication logic is for acquiring a care-of address if said session is being served by said foreign network;
      
      said communication logic is for setting up a pseudo care-of address, said pseudo care-of address being equal to said care-of address if said session is being served by said foreign network, said pseudo care-of address being equal to a home address of said mobile node if said session is being served by said home network; and
      
      said first update comprises said pseudo care-of address.
  - 15. The mobile node of claim 14, wherein:
    - said communication logic is for setting up a new pseudo care-of address responsive to said location change;
      
      said new pseudo care-of address is equal to a new care-of address if said mobile node is now served by a new foreign network responsive to said location change, said pseudo care-of address is equal to said home address of said mobile node if said session is now served by said home network responsive to said location change; and
      
      said second update comprises said new pseudo care-of address.

16. A correspondent node comprising:
- an input port for receiving a first update comprising a first address and a first sequence value, said first update being for a session with a mobile node, and for receiving a second update for said session, said second update comprising a second address and a second sequence value;
  
  a processor for calculating an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism, and for calculating a new expected sequence value based at least in part on said second sequence value;
  
  a table for storing a table entry for said session with said mobile node, wherein said table entry comprises said first address and a pointer for said table entry, said pointer being equal to said expected sequence value, for overwriting in said table entry said pointer with said new expected sequence value, and for overwriting in said table entry said first address with an expected care-of address based at least in part on said second address; and
  
  a communication logic for controlling said session, said communication logic for looking through said table for an entry comprising a value of said pointer equal to said first sequence value, for creating said table entry if no value of said pointer equal to said first sequence value is found in said table, for requesting said processor to calculate said expected sequence value, for finding said table entry comprising said pointer equal to said second sequence value, and for requesting said processor to calculate said new expected sequence value.
- View Dependent Claims (17, 18, 19)
- - 17. The correspondent node of claim 16, wherein:
    - said processor is for further calculating a shared secret key for said session with said mobile node;
      
      said table entry is for further storing said shared secret key;
      
      said correspondent node further comprises an output port for sending acknowledgements towards said mobile node, responsive to said first and second updates, said acknowledgements comprising said shared secret key.
  - 18. The correspondent node of claim 17, wherein:
    - said first hashing mechanism calculates said expected sequence values based at least in part on said shared secret key;
      
      said processor further comprises a second hashing mechanism for calculating said expected care-of address based at least in part on said shared secret key;
      
      said processor further comprises a third hashing mechanism for calculating a virtual home address based at least in part on expected care-of address; and
      
      said table entry is for further storing said virtual home address.
  - 19. The correspondent node of claim 17, further comprising:
    - a packet handler for sending through said output port data packets towards said mobile node using said expected care-of address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Haddad, Wassim, Krishnan, Suresh

Granted Patent

US 7,907,948 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0421   Anonymous communication, i....

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 8/26   Network addressing or numbe...

H04W 80/04   Network layer protocols, e....

Providing anonymity to a mobile node in a session with a correspondent node

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Providing anonymity to a mobile node in a session with a correspondent node

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links