Authenticating address ownership using care-of address (COA) binding protocol
First Claim
1. A method, comprising:
- piggybacking, at a mobile node, a list of correspondent nodes requiring registration of a Care-of-Address (CoA) of the mobile node to be used in a foreign link in a binding update message to register the CoA with a home agent, and transmitting the binding update message having the list of correspondent nodes to the home agent;
upon a reception of the binding update message having the list of correspondent nodes at the home agent, producing a random number at the home agent, encrypting the random number using a secret key shared by the home agent and the mobile node, piggybacking the encrypted random number in a binding acknowledge message, and transmitting the binding acknowledge message having the encrypted random number to the mobile node from the home agent;
obtaining, at the home agent, public keys of corresponding correspondent nodes listed on the list of correspondent nodes, encrypting at the home agent, first information required for authentication of the mobile node using the public keys, piggybacking at the home agent, the encrypted first information in data to be tunneled to the correspondent nodes, and transmitting the data having the encrypted first information from the home agent to the correspondent nodes;
piggybacking, at the mobile node, second information required for ownership authentication for the binding update message for registering the CoA with a corresponding correspondent node, and transmitting the binding update message having the second information to the corresponding correspondent node;
upon a reception of the data to be tunneled to the correspondent nodes having the encrypted first information at the corresponding correspondent node, decrypting, at the corresponding correspondent node, the first information received from the home agent using a secret key of the corresponding correspondent node; and
upon a reception of the binding update message having the second information and a completion of the decryption of the first information, comparing, at the corresponding correspondent node, the first information received from the home agent with the second information to authenticate ownership of the corresponding mobile node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating address ownership using a Care-of Address (CoA) binding protocol, the method includes a comparison of two hash-function-processed result values, i.e., a first hash-function-processed result value transmitted from a home agent, the first hash-function-processed result value encrypted by a public key of a correspondent node and decrypted by a secret key of the correspondent node, and a second hash-function-processed result value piggybacked in a binding update message transmitted from a mobile node. The hash-function-processed result values are obtained by applying hash functions to a care-of address of a mobile node to be used in a foreign link, a random number generated by a home agent and a secret key shared by the home agent and the mobile node.
79 Citations
8 Claims
-
1. A method, comprising:
-
piggybacking, at a mobile node, a list of correspondent nodes requiring registration of a Care-of-Address (CoA) of the mobile node to be used in a foreign link in a binding update message to register the CoA with a home agent, and transmitting the binding update message having the list of correspondent nodes to the home agent; upon a reception of the binding update message having the list of correspondent nodes at the home agent, producing a random number at the home agent, encrypting the random number using a secret key shared by the home agent and the mobile node, piggybacking the encrypted random number in a binding acknowledge message, and transmitting the binding acknowledge message having the encrypted random number to the mobile node from the home agent; obtaining, at the home agent, public keys of corresponding correspondent nodes listed on the list of correspondent nodes, encrypting at the home agent, first information required for authentication of the mobile node using the public keys, piggybacking at the home agent, the encrypted first information in data to be tunneled to the correspondent nodes, and transmitting the data having the encrypted first information from the home agent to the correspondent nodes; piggybacking, at the mobile node, second information required for ownership authentication for the binding update message for registering the CoA with a corresponding correspondent node, and transmitting the binding update message having the second information to the corresponding correspondent node; upon a reception of the data to be tunneled to the correspondent nodes having the encrypted first information at the corresponding correspondent node, decrypting, at the corresponding correspondent node, the first information received from the home agent using a secret key of the corresponding correspondent node; and upon a reception of the binding update message having the second information and a completion of the decryption of the first information, comparing, at the corresponding correspondent node, the first information received from the home agent with the second information to authenticate ownership of the corresponding mobile node. - View Dependent Claims (2, 3, 4)
-
-
5. A method, comprising:
-
piggybacking, at a mobile node, a list of correspondent nodes requiring registration of a Care-of-Address (CoA), in a binding update message transmitted to a home agent to register the CoA with the home agent, and transmitting, at the mobile node, the list of correspondent nodes; piggybacking, at the home agent, information on a random number encrypted by a secret key shared by the home agent and a mobile node, in a binding acknowledge message, and receiving, at the mobile node, the piggybacked information from the home agent; piggybacking, at a corresponding mobile node, result values calculated by processing the CoA, the random number and the secret key by hash functions, in the binding update message transmitted to a corresponding correspondent node to register the CoA of the mobile node with the corresponding correspondent node; transmitting, at the corresponding mobile node, the piggybacked result values to the corresponding correspondent node, encrypting, at the home agent, the result values processed by the hash functions, and receiving, at the correspondent node, the encrypted result values from the home agent; and upon the reception of the encrypted result values at the correspondent node, requesting the correspondent node to perform authentication of the address ownership of the corresponding mobile node using a zero knowledge technique.
-
-
6. A method, comprising:
-
receiving, at a home agent, a list of correspondent nodes piggybacked in a binding update message for registering a care-of address (CoA) from a mobile node; producing, at the home agent, a random number, encrypting the random number by using a secret key shared by a home agent and the mobile node, piggybacking, at the home agent, the encrypted random number in a binding acknowledge message, and transmitting, at the home agent, the binding acknowledge message having the encrypted random number to the mobile node; piggybacking, at a corresponding mobile node, information required for ownership authentication in a binding update message to register the CoA with a correspondent node, and transmitting the piggybacked binding update message having the information from the corresponding mobile node to the corresponding correspondent node; obtaining at the home agent, public keys of corresponding correspondent nodes listed on the list of correspondent nodes, encrypting at the home agent, information required for authentication of the corresponding mobile node by using the public keys, and piggybacking at the home agent, the encrypted information in data tunneled to the correspondent nodes; and upon reception, by the corresponding correspondent node, of the piggybacked binding update message having the information from the corresponding mobile node and the data having the encrypted information, comparing the information received from the mobile node to authenticate ownership of the corresponding mobile node in the correspondent node.
-
-
7. A method, comprising:
-
transmitting a public key to a home agent, in response to the home agent of a mobile node requesting the public key from a correspondent node which communicates with the mobile node; upon a reception, by the correspondent node, of data of the mobile node tunneled from the home agent of the mobile node, with the data containing a first resulting value obtained by processing a predetermined group of values comprising a care-of address (CoA) of the mobile node by hash functions and by encrypting the value processed with hash functions by application of by the public key, decrypting, at the correspondent node, the first encrypted resulting value by using a secret key of the correspondent node; receiving, from the mobile node, a second resulting value obtained by processing the predetermined group of values comprising the care-of address (CoA) of the mobile node by the hash functions, piggybacked in a binding update message and transmitted from the mobile node communicating with the correspondent node; and comparing, at the correspondent node, the first decrypted resulting value received from the home agent to the second resulting value received from the mobile node in order to authenticate ownership of the corresponding Care-of Address (CoA) of the mobile node transmitting a binding update message containing the CoA.
-
-
8. A system, comprising:
-
a mobile node; a home agent of the mobile node; and at least one correspondent node adapted to communicate with the mobile node; wherein the mobile node piggybacks a list of correspondent nodes requiring registration of a Care of Address (CoA) in a binding update message to register the CoA with the home agent and transmits the binding update message having the list of correspondent nodes to the home agent; wherein the home agent produces a random number, encrypts the random number using a secret key shared by the home agent and the mobile node, piggybacks the encrypted random number in a binding acknowledge message, and transmits the binding acknowledge message having the encrypted random number to the mobile node; wherein the home agent obtains public keys of corresponding correspondent nodes listed on the list of correspondent nodes, encrypts first information required for authentication of the mobile node using the public keys, piggybacks the encrypted first information in data tunneled to the correspondent nodes, and transmits the data having the encrypted first information to the correspondent nodes; wherein the mobile node piggybacks second information required for ownership authentication in the binding update message to register the CoA with the correspondent node and transmits the binding update message having the second information to the correspondent node; and wherein the correspondent node decrypts the first information received from the home agent by using a secret key of the correspondent node, and authenticates ownership of a corresponding mobile node by comparing the first information to the second information received from the mobile node.
-
Specification