Methods and apparatus for securing proxy mobile IP
First Claim
Patent Images
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
- receiving a packet from the node, the packet including a source MAC address and a source IP address;
ascertaining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mapping table; and
composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node, wherein composing and sending the registration request are performed according to whether it is ascertained that the one-to-one mapping between the source MAC address and the source IP address exists in the mapping table.
0 Assignments
0 Petitions
Accused Products
Abstract
Various security mechanisms may be used independently, or in combination with one another, to authenticate the identity of a node during the Mobile IP registration process. First, an Access Point receiving a packet from a node verifies that the source MAC address identified in the packet is in the Access Point'"'"'s client association table. In addition, as a second mechanism, the Access Point ensures that a one-to-one mapping exists for the source MAC address and source IP address identified in the packet in a mapping table maintained by the Access Point. As a third mechanism, a binding is not modified in the mobility binding table maintained by the Home Agent unless there is a one-to-one mapping in the mobility binding table between the source MAC address and the source IP address. Similarly, the Foreign Agent may also maintain a mapping between the source IP address and the source MAC address in its visitor table to ensure a one-to-one mapping between a source IP address and the associated MAC address.
129 Citations
24 Claims
-
1. In an Access Point, a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
receiving a packet from the node, the packet including a source MAC address and a source IP address; ascertaining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mapping table; and composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node, wherein composing and sending the registration request are performed according to whether it is ascertained that the one-to-one mapping between the source MAC address and the source IP address exists in the mapping table. - View Dependent Claims (2)
-
-
3. An Access Point adapted for performing a method of authenticating a node prior to performing proxy registration on behalf of the node, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a packet from the node, the packet including a source MAC address and a source IP address; ascertaining whether a mapping between the source MAC address and the source IP address exists in a mapping table; and composing a registration request including a home address field including the source IP address and sending the registration request, thereby performing proxy registration on behalf of the node, wherein composing and sending the registration request are performed according to whether it is ascertained that the mapping between the source MAC address and the source IP address exists in the mapping table.
-
-
4. In a Foreign Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address; determining whether an entry including the source IP address and the source MAC address is in a visitor table maintained by the Foreign Agent; and forwarding the registration request according to whether an entry in the visitor table maintained by the Foreign Agent includes the source IP address and the source MAC address. - View Dependent Claims (5, 6)
-
-
7. In a Home Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; and determining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mobility binding table; wherein registering the source IP address with the Home Agent, composing a registration reply and sending the registration reply to the care-of address are performed according to whether it is determined that a one-to-one mapping between the source MAC address and the source IP address exists in the mobility binding table. - View Dependent Claims (8)
-
-
9. In a Home Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; determining whether a mapping between the source MAC address and the source IP address exists in a mobility binding table; updating the mobility binding table according to whether the mapping between the source MAC address and the source IP address exists in the mobility binding table; composing a registration reply including a home address field including the source IP address, a care-of address field including the care-of address, and having a MAC address extension including the source MAC address; and sending the registration reply to the care-of address. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. In a Foreign Agent, a method of processing a registration request, comprising:
-
receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address; determining whether an entry including the source IP address and the source MAC address is in a visitor table maintained by the Foreign Agent; and forwarding the registration request to the Home Agent address according to whether an entry including the source IP address and the source MAC address is determined to be in the visitor table maintained by the Foreign Agent. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A Foreign Agent, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a registration request having a home address field including a source IP address, a Home Agent field including a Home Agent address, and a MAC address extension including a source MAC address; determining whether an entry including the source IP address and the source MAC address is in a visitor table maintained by the Foreign Agent; and forwarding the registration request according to whether an entry in the visitor table maintained by the Foreign Agent includes the source IP address and the source MAC address.
-
-
22. A Home Agent, comprising:
-
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; and determining whether a one-to-one mapping between the source MAC address and the source IP address exists in a mobility binding table; wherein registering the source IP address with the Home Agent, composing a registration reply and sending the registration reply to the care-of address are performed according to whether it is determined that a one-to-one mapping between the source MAC address and the source IP address exists in the mobility binding table. - View Dependent Claims (23)
-
-
24. A Home Agent, comprising:
a processor; and a memory, at least one of the processor and the memory being adapted for; receiving a registration request having a home address field including a source IP address, a care-of address field including a care-of address, and having a MAC address extension including a source MAC address; determining whether a mapping between the source MAC address and the source IP address exists in a mobility binding table; updating the mobility binding table according to whether the mapping between the source MAC address and the source IP address exists in the mobility binding table; composing a registration reply including a home address field including the source IP address, a care-of address field including the care-of address, and having a MAC address extension including the source MAC address; and sending the registration reply to the care-of address.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsLeung, Kent K., Dommety, Gopal
-
Primary Examiner(s)Pham, Chi H.
-
Assistant Examiner(s)HOM, SHICK C
-
Application NumberUS12/368,159Publication NumberTime in Patent Office1,303 DaysField of SearchNoneUS Class Current370/331CPC Class CodesH04L 2101/622 Layer-2 addresses, e.g. med...H04L 61/5084 Providing for device mobili...H04L 63/0281 ProxiesH04L 63/1466 Active attacks involving in...H04L 69/329 in the application layer [O...H04W 12/062 Pre-authenticationH04W 12/122 Counter-measures against at...H04W 12/126 Anti-theft arrangements, e....H04W 60/00 Affiliation to network, e.g...H04W 8/26 Network addressing or numbe...H04W 80/04 Network layer protocols, e....H04W 88/08 Access point devicesH04W 88/182 Network node acting on beha...
