Third party validation of internet protocol addresses

US 9,148,335 B2
Filed: 09/30/2008
Issued: 09/29/2015
Est. Priority Date: 09/30/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for enabling a third party validation of Internet Protocol (IP) addresses, comprising:

accessing a first network by a first node over a first communication interface;

obtaining by the first node an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;

requesting by the first node a certification for the IP address from a trusted third party;

receiving, by the first node, return-routability information that includes a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;

sending at least a subset of the return-routability information, including the cookie, by the first node to the trusted third party;

receiving by the first node a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;

the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and

the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the first node to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the first node from the trusted third party;

accessing a second network by the first node over a second communication interface; and

transmitting the validation ticket by the first node to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the first node over the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device can connect to a network over a first interface to configure and obtain an IP address. To communicate with nodes in a second network, over a second interface, the IP address can be validated by a trusted third party. The validation can include conducting a return routability test to validate a Prefix of the IP address. Cryptographically Generated Address verification can be utilized to verify the validity of an Interface Identifier included in the IP address. If the IP address is validated, the trusted third party can include the address in a verification ticket, which can also include a signature of the trusted third party. The device can provide the verification ticket to nodes in the second network as authentication of the device.

Citations

10 Claims

1. A method for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
- accessing a first network by a first node over a first communication interface;
  
  obtaining by the first node an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;
  
  requesting by the first node a certification for the IP address from a trusted third party;
  
  receiving, by the first node, return-routability information that includes a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;
  
  sending at least a subset of the return-routability information, including the cookie, by the first node to the trusted third party;
  
  receiving by the first node a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;
  
  the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and
  
  the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the first node to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the first node from the trusted third party;
  
  accessing a second network by the first node over a second communication interface; and
  
  transmitting the validation ticket by the first node to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the first node over the second network.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - obtaining the Prefix from the trusted third party or another trusted party; and
      
      cryptographically generating the Interface Identifier.
  - 3. The method of claim 1, wherein at least part of the IP address is obtained from a ticket issuer.
  - 4. The method of claim 1, further comprising:
    - receiving from a peer node an authorization ticket that includes an IP address of the peer node, wherein the authorization ticket is validated by a third party;
      
      checking a third party signature included in the peer node authorization ticket; and
      
      determining the IP address of the peer node is valid if the check of the signature is correct.

5. A communications apparatus for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
- a memory having stored thereon processor-executable instructions; and
  
  a processor, coupled to the memory, wherein the processor-executable instructions stored in the memory are executed by the processor, the processor configured to;
  
  access a first network over a first communication interface;
  
  obtain an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;
  
  request a certification for the IP address from a trusted third party;
  
  receive return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;
  
  send at least a subset of the return-routability information, including the cookie, to the trusted third party;
  
  receive a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;
  
  the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and
  
  the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received from the trusted third party;
  
  access a second network over a second communication interface; and
  
  transmit the validation ticket to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the communications apparatus over the second network.

6. A communications apparatus for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
- means for accessing a first network over a first communication interface;
  
  means for obtaining an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;
  
  means for requesting a certification for the IP address as a certified IP address from a trusted third party;
  
  means for receiving return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;
  
  means for sending at least a subset of the return-routability information, including the cookie, to the trusted third party;
  
  means for receiving a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;
  
  the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and
  
  the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the sending means to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the receiving means from the trusted third party;
  
  means for accessing a second network over a second communication interface; and
  
  means for transmitting the validation ticket to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the communications apparatus over the second network.
- View Dependent Claims (7, 8)
- - 7. The communications apparatus of claim 6, the apparatus further comprising:
    - means for obtaining the Prefix from the trusted third party or another trusted party; and
      
      means for cryptographically generating the Interface Identifier.
  - 8. The communications apparatus of claim 6, further comprising:
    - means for receiving from a peer node an authorization ticket that includes an IP address of the peer node, wherein the authorization ticket is validated by a third party;
      
      means for checking a third party signature included in the peer node authorization ticket; and
      
      means for determining the IP address of the peer node is valid if the check of the third party signature is correct.

9. A non-transitory computer-readable medium having stored thereon processor executable instructions that, when executed by a processor, cause the processor to perform operations for enabling a third party validation of Internet Protocol (IP) addresses, the operations comprising:
- accessing a first network over a first communication interface;
  
  obtaining an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;
  
  requesting a certification for the IP address from a trusted third party;
  
  receiving return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;
  
  sending at least a subset of the return-routability information, including the cookie, to the trusted third party;
  
  receiving a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;
  
  the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and
  
  the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent to the trusted third party matching a corresponding subset of the return-routability, including the cookie, received from the trusted third party;
  
  accessing a second network over a second communication interface;
  
  transmitting the validation ticket to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the processor over the second network.
- View Dependent Claims (10)
- - 10. The non-transitory computer-readable medium of claim 9, wherein the stored processor-executable instructions are configured to cause the processor to perform operations further comprising:
    - receiving from a peer node an authorization ticket that includes an IP address of the peer node, wherein the authorization ticket is validated by a third party;
      
      checking a third party signature included in the peer node authorization ticket; and
      
      determining the IP address of the peer node is valid if the check of the third party signature is correct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Tsirtsis, George
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US12/241,399
Publication Number

US 20100083354A1
Time in Patent Office

2,555 Days
Field of Search

726/2, 726/3, 726/5, 726/10, 713/159, 713/185
US Class Current

1/1
CPC Class Codes

H04L 2101/659   Internet protocol version 6...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 61/35   involving non-standard use ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/1466   Active attacks involving in...

Third party validation of internet protocol addresses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Third party validation of internet protocol addresses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links