METHODS AND APPARATUS FOR SECURING PROXY MOBILE IP
First Claim
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
- receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mapping table; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
0 Assignments
0 Petitions
Accused Products
Abstract
An invention is disclosed that enables proxy Mobile IP registration to be performed in a secure manner. Various security mechanisms may be used independently, or in combination with one another, to authenticate the identity of a node during the registration process. First, an Access Point receiving a packet from a node verifies that the source MAC address identified in the packet is in the Access Point'"'"'s client association table. In addition, as a second mechanism, the Access Point ensures that a one-to-one mapping exists for the source MAC address and source IP address identified in the packet in a mapping table maintained by the Access Point. As a third mechanism, a binding is not modified in the mobility binding table maintained by the Home Agent unless there is a one-to-one mapping in the mobility binding table between the source MAC address and the source IP address. Similarly, the Foreign Agent may also maintain a mapping between the source IP address and the source MAC address in its visitor table to ensure a one-to-one mapping between a source IP address and the associated MAC address. The MAC address is preferably transmitted in a MAC address extension to the registration request and registration reply packets. In this manner, the Access Point, Home Agent, and Foreign Agent may ascertain the node'"'"'s MAC address and ensure a one-to-one mapping between the IP address and the MAC address during the registration process.
113 Citations
20 Claims
-
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address; ascertaining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mapping table; and composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node. - View Dependent Claims (2, 3)
-
-
4. An Access Point adapted for performing a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a packet from the node, the packet including a source MAC address and a source IP address; ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node.
-
-
5. In a Foreign Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address; determining whether an entry including the source IP address and the source MAC address is in a visitor table maintained by the Foreign Agent; and forwarding the registration request according to whether an entry in the visitor table maintained by the Foreign Agent includes the source IP address and the source MAC address. - View Dependent Claims (6, 7)
-
-
8. In a Home Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; and determining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mobility binding table; wherein registering the source IP address with the Home Agent, composing a registration reply and sending the registration reply to the care-of address are performed according to whether it is determined that a one-to-one mapping between the source MAC address and the source IP address exists in the mobility binding table. - View Dependent Claims (9)
-
-
10. In a Home Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; composing a registration reply including a home address field including the source IP address, a care-of address field including the care-of address, and having a MAC address extension including the source MAC address; and sending the registration reply to the care-of address. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. In a Foreign Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address; forwarding the registration request to the Home Agent address; receiving a registration reply having a home address field including the source IP address, a Home Agent field including the Home Agent address, and a MAC address extension including the source MAC address; and forwarding the registration reply to the source IP address. - View Dependent Claims (17, 18, 19, 20)
-
Specification