Providing anonymity to a mobile node in a session with a correspondent node
First Claim
Patent Images
1. A method of providing unlinkability to a mobile node in a session with a correspondent node, the method comprising the steps of:
- receiving a first update from said mobile node at said correspondent node, said first update comprising a first sequence value;
said first update further comprises a first pseudo care-of address equal to a home address if said mobile node is in a home network for said mobile node or equal to a care-of address if said mobile node is in a foreign network;
calculating at said correspondent node an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism;
creating at said correspondent node a table entry for said session, said table entry for storing said expected sequence value and storing said first pseudo care-of address in said table entry;
receiving from said mobile node at said correspondent node a second update comprising a second sequence value, said second sequence value based at least in part on said first sequence value, using said first hashing mechanism;
said second update further comprises a second pseudo care-of address equal to said home address if said mobile node is in said home network for said mobile node or equal to a new care-of address if said mobile node is in a new foreign network;
said second update is sent responsive to a change of a location of said mobile node;
identifying at said correspondent node said table entry by looking through said table for a match between said expected sequence value and said second sequence value; and
overwriting said pseudo care-of address with said second pseudo care-of address in said table entry.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, a correspondent node and a mobile node provide anonymity and unlinkability to a mobile node in a session with a correspondent node. Sequence values, calculated based on secret data, are added to updates sent from the mobile node towards the correspondent node and are used by the correspondent node to authenticate updates from the mobile node. A home address of the mobile node is not explicitly disclosed. An expected care-of address is calculated at the correspondent node and used by the correspondent node to send data packets to the mobile node.
-
Citations
16 Claims
-
1. A method of providing unlinkability to a mobile node in a session with a correspondent node, the method comprising the steps of:
-
receiving a first update from said mobile node at said correspondent node, said first update comprising a first sequence value; said first update further comprises a first pseudo care-of address equal to a home address if said mobile node is in a home network for said mobile node or equal to a care-of address if said mobile node is in a foreign network; calculating at said correspondent node an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism; creating at said correspondent node a table entry for said session, said table entry for storing said expected sequence value and storing said first pseudo care-of address in said table entry; receiving from said mobile node at said correspondent node a second update comprising a second sequence value, said second sequence value based at least in part on said first sequence value, using said first hashing mechanism; said second update further comprises a second pseudo care-of address equal to said home address if said mobile node is in said home network for said mobile node or equal to a new care-of address if said mobile node is in a new foreign network; said second update is sent responsive to a change of a location of said mobile node; identifying at said correspondent node said table entry by looking through said table for a match between said expected sequence value and said second sequence value; and overwriting said pseudo care-of address with said second pseudo care-of address in said table entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A mobile node, comprising:
-
a memory for storing a first sequence value and a second sequence value; a processor for calculating said first sequence value, for storing said first sequence value in said memory, for reading said first sequence value from said memory, for calculating said second sequence value by use of a first hashing mechanism, based at least in part on said first sequence value, and for storing in said memory said second sequence value; an access interface for sending towards a correspondent node a first update comprising said first sequence value and a second update comprising said second sequence value; and a communication logic for controlling a session with said correspondent node, said communication logic requesting said processor to calculate said first and said second sequence values and requesting said access interface to send said first and said second updates; wherein; said access interface is for receiving an acknowledgement from said correspondent node, said acknowledgement comprising a shared secret key; said processor is for decrypting said shared secret key; and said memory is for storing said decrypted shared secret key and wherein; said first hashing mechanism further calculates said second sequence value based at least in part on said shared secret key; said processor further comprises a second hashing mechanism for calculating a virtual home address based at least in part on a pseudo care-of address; said processor further comprises a third hashing mechanism for calculating an expected care-of address based at least in part on said pseudo care-of address and based at least in part on said shared secret key; and said second hashing mechanism is further for calculating an expected virtual home address based at least in part on said expected care-of address. - View Dependent Claims (10)
-
-
11. A mobile node, comprising:
-
a memory for storing a first sequence value and a second sequence value; a processor for calculating said first sequence value, for storing said first sequence value in said memory, for reading said first sequence value from said memory, for calculating said second sequence value by use of a first hashing mechanism, based at least in part on said first sequence value, and for storing in said memory said second sequence value; an access interface for sending towards a correspondent node a first update comprising said first sequence value and a second update comprising said second sequence value; and a communication logic for controlling a session with said correspondent node, said communication logic requesting said processor to calculate said first and said second sequence values and requesting said access interface to send said first and said second updates; wherein said communication logic is for controlling sending of said first update upon set up of said session; said communication logic is for detecting a location change of said mobile node; and said communication logic is for controlling sending of said second update responsive to said location change; and wherein; said communication logic is for determining whether said session is set up through a connection of said access interface to a home network or to a foreign network; said communication logic is for acquiring a care-of address if said session is being served by said foreign network; said communication logic is for setting up a pseudo care-of address, said pseudo care-of address being equal to said care-of address if said session is being served by said foreign network, said pseudo care-of address being equal to a home address of said mobile node if said session is being served by said home network; and said first update comprises said pseudo care-of address. - View Dependent Claims (12)
-
-
13. A correspondent node comprising:
-
an input port for receiving a first update comprising a first pseudo care-of address and a first sequence value, said first update being for a session with a mobile node, and for receiving a second update for said session, said second update comprising a second pseudo care-of address and a second sequence value, wherein said first pseudo care-of address is equal to a home address if said mobile node is in a home network for said mobile node or equal to a care-of address if said mobile node is in a foreign network and wherein said second pseudo care-of address is equal to said home address if said mobile node is in said home network for said mobile node or equal to a new care-of address if said mobile node is in a new foreign network; a processor for calculating an expected sequence value based at least in part on said first sequence value, using a first hashing mechanism, and for calculating a new expected sequence value based at least in part on said second sequence value; a table for storing a table entry for said session with said mobile node, wherein said table entry comprises said first address and a pointer for said table entry, said pointer being equal to said expected sequence value, for overwriting in said table entry said pointer with said new expected sequence value, and for overwriting in said table entry said first pseudo care-of address with an expected care-of address based at least in part on said second pseudo care-of address; and a communication logic for controlling said session, said communication logic for looking through said table for an entry comprising a value of said pointer equal to said first sequence value, for creating said table entry if no value of said pointer equal to said first sequence value is found in said table, for requesting said processor to calculate said expected sequence value, for finding said table entry comprising said pointer equal to said second sequence value, and for requesting said processor to calculate said new expected sequence value. - View Dependent Claims (14, 15, 16)
-
Specification