Non-cryptographic addressing
First Claim
1. A method for allowing a first device not capable of implementing a cryptographically generated address (CGA)-based protocol to participate in a first network controlled by a CGA-based protocol, wherein the first network comprises a plurality of devices, the method comprising:
- a) extracting, by a second device, a first network address from a first message received from a third device, the first network address identifying the third device and including a hash of at least one cryptographic address parameter, the at least one parameter being a first public key associated with the third device;
b) extracting, by the second device, a second network address from a second message, the second network address identifying the first device, wherein the second network address is not an encoding of a hash of a public key, and wherein the first device, the second device, and the third device are operatively connected via the first network;
c) determining based on the first network address whether the first network address of the third device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;
extracting a predetermined portion from the first network address;
retrieving a predetermined value that indicates whether an address is cryptographic;
comparing the predetermined portion from the first network address to the predetermined value;
d) based on the comparison of the predetermined portion from the first network address to the predetermined value, identifying, by the second device, the first network address as a cryptographic address;
e) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographic-address-based authentication scheme, wherein the authenticating comprises verifying the identity of a sender of the first message by checking a value of data for a routing prefix stored in a parameters structure to determine if the stored data is equal to a routing prefix of the first network address, wherein the verifying fails if the stored data differs from the routing prefix of the first network address;
f) determining based on the second network address whether the second network address of the first device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;
extracting a predetermined portion from the second network address;
comparing the predetermined portion from the second network address to the predetermined value;
g) based on the comparison of the predetermined portion from the second network address to the predetermined value;
identifying, by the second device, the second network address as a non-cryptographic address;
h) authenticating the second message using the second network address and a second authentication scheme, wherein the second authentication scheme comprises a non-cryptographic-address-based authentication scheme; and
i) prioritizing the first message and the second message for processing, wherein the prioritizing comprises identifying the address type of each message as one of;
(1) an authentic cryptographic address, (2) an authentic non-cryptographic address, and (3) a non-authenticated address, and wherein a message with an authentic cryptographic address is processed before a message with an authentic non-cryptographic address, and a message with an authentic non-cryptographic address is processed before a message with a non-authenticated address.
2 Assignments
0 Petitions
Accused Products
Abstract
To allow down-level devices to participate in a network controlled by a protocol including CGAS or ECGAs, the CGA or ECGA authentication may be made optional to allow the down-level devices to execute non-CGA or non-ECGA versions of network protocols, while at the same time allowing the use of CGA- and/or ECGA-authenticated versions of the same protocols. To identify non-cryptographic addresses (e.g., non-CGA and non-ECGA), the address bits of a non-CGA or non-ECGA such that the address cannot be or is probably not an encoding of the hash of a public key. In this manner, a receiving node may properly identify the capabilities of the sending node, perform an appropriate authentication of the message containing the non-cryptographic address, and/or prioritize processing of information contained in the message with the non-cryptographic address.
241 Citations
16 Claims
-
1. A method for allowing a first device not capable of implementing a cryptographically generated address (CGA)-based protocol to participate in a first network controlled by a CGA-based protocol, wherein the first network comprises a plurality of devices, the method comprising:
-
a) extracting, by a second device, a first network address from a first message received from a third device, the first network address identifying the third device and including a hash of at least one cryptographic address parameter, the at least one parameter being a first public key associated with the third device; b) extracting, by the second device, a second network address from a second message, the second network address identifying the first device, wherein the second network address is not an encoding of a hash of a public key, and wherein the first device, the second device, and the third device are operatively connected via the first network; c) determining based on the first network address whether the first network address of the third device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the first network address; retrieving a predetermined value that indicates whether an address is cryptographic; comparing the predetermined portion from the first network address to the predetermined value; d) based on the comparison of the predetermined portion from the first network address to the predetermined value, identifying, by the second device, the first network address as a cryptographic address; e) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographic-address-based authentication scheme, wherein the authenticating comprises verifying the identity of a sender of the first message by checking a value of data for a routing prefix stored in a parameters structure to determine if the stored data is equal to a routing prefix of the first network address, wherein the verifying fails if the stored data differs from the routing prefix of the first network address; f) determining based on the second network address whether the second network address of the first device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the second network address; comparing the predetermined portion from the second network address to the predetermined value; g) based on the comparison of the predetermined portion from the second network address to the predetermined value;
identifying, by the second device, the second network address as a non-cryptographic address;h) authenticating the second message using the second network address and a second authentication scheme, wherein the second authentication scheme comprises a non-cryptographic-address-based authentication scheme; and i) prioritizing the first message and the second message for processing, wherein the prioritizing comprises identifying the address type of each message as one of;
(1) an authentic cryptographic address, (2) an authentic non-cryptographic address, and (3) a non-authenticated address, and wherein a message with an authentic cryptographic address is processed before a message with an authentic non-cryptographic address, and a message with an authentic non-cryptographic address is processed before a message with a non-authenticated address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer readable storage medium, wherein the medium does not consist of a propagated data signal, the medium having encoded thereon a computer program of instructions for executing a computer process for allowing a first device not capable of implementing a cryptographically generated address (CGA)-based protocol to participate in a first network controlled by a CGA-based protocol, wherein the first network comprises a plurality of devices, the computer process comprising:
-
a) extracting, by a second device, a first network address from a first message received from a third device, the first network address identifying the third device and including a hash of at least one cryptographic-address parameter, the at least one cryptographic-address parameter including a first public key associated with the third device; b) extracting, by the second device, a second network address from a second message, the second network address identifying the first device, wherein the second network address is not an encoding of a hash of a public key, and wherein the first device, the second device, and the third device are operatively connected via the first network; c) determining based on the first network address whether the first network address of the third device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the first network address; retrieving a predetermined value that indicates whether an address is cryptographic; comparing the predetermined portion from the first network address to the predetermined value; d) based on the comparison of the predetermined portion from the first network address to the predetermined value, identifying, by the second device, the first network address as a cryptographic address; e) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographic-address-based authentication scheme, wherein the authenticating comprises verifying the identity of a sender of the first message by checking a value of data for a routing prefix stored in a parameters structure to determine if the stored data is equal to a routing prefix of the first network address, wherein the verifying fails if the stored data differs from the routing prefix of the first network address; f) determining based on the second network address whether the second network address of the first device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the second network address; comparing the predetermined portion from the second network address to the predetermined value; g) based on the comparison of the predetermined portion from the second network address to the predetermined value, identifying, by the second device, the second network address as a non-cryptographic address; h) authenticating the second message using the second network address and a second authentication scheme, wherein the second authentication scheme includes a non-cryptographic-address-based authentication scheme; and i) prioritizing the first message and the second message for processing, wherein the prioritizing comprises identifying the address type of each message as one of;
(1) an authentic cryptographic address, (2) an authentic non-cryptographic address, and (3) a non-authenticated address, and wherein a message with an authentic cryptographic address is processed before a message with an authentic non-cryptographic address, and a message with an authentic non-cryptographic address is processed before a message with a non-authenticated address. - View Dependent Claims (11, 12)
-
-
13. A system allowing a first device that is not capable of implementing a cryptographically generated address (CGA)-based protocol to participate in a first network controlled by a CGA-based protocol, wherein the first network comprises a plurality of devices system comprising:
-
at least one processing unit for executing computer executable instructions; and memory, coupled with and readable by the at least one processing unit, storing computer executable instructions that when executed by the at least one processing unit provide for; a) extracting, by a second device, a first network address from a first message received from a third device, the first network address identifying the third device and including a hash of at least one cryptographic-address parameter, wherein the at least one cryptographic-address parameter includes a first public key associated with the third device; b) extracting, by the second device, a second network address from a second message, the second network address identifying the first device, wherein the second network address is not an encoding of a hash of a public key, and wherein the first device, the second device, and the third device are operatively connected via the first network; c) determining based on the first network address whether the first network address of the third device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the first network address; retrieving a predetermined value that indicates whether an address is cryptographic; comparing the predetermined portion from the first network address to the predetermined value; d) based on the comparison of the predetermined portion from the first network address to the predetermined value, identifying, by the second device, the first network address as a cryptographic address; e) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographic-address-based authentication scheme, wherein the authenticating comprises verifying the identity of a sender of the first message by checking a value of data for a routing prefix stored in a parameters structure to determine if the stored data is equal to a routing prefix of the first network address, wherein the verifying fails if the stored data differs from the routing prefix of the first network address; f) determining based on the second network address whether the second network address of the first device comprises one from the group consisting of;
a cryptographic address and a non-cryptographic address, wherein determining further comprises;extracting a predetermined portion from the second network address; comparing the predetermined portion from the second network address to the predetermined value; g) based on the comparison of the predetermined portion from the second network address to the predetermined value, identifying, by the second device, the second network address as a non-cryptographic address; h) authenticating the second message using the second network address and a second authentication scheme, wherein the second authentication scheme comprises a non-cryptographic-address-based authentication scheme; and i) prioritizing the first message and the second message for processing, wherein the prioritizing comprises identifying the address type of each message as one of;
(1) an authentic cryptographic address, (2) an authentic non-cryptographic address, and (3) a non-authenticated address, and wherein a message with an authentic cryptographic address is processed before a message with an authentic non-cryptographic address, and a message with an authentic non-cryptographic address is processed before a message with a non-authenticated address. - View Dependent Claims (14, 15, 16)
-
Specification