Third party validation of internet protocol addresses
First Claim
1. A method for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
- accessing a first network by a first node over a first communication interface;
obtaining by the first node an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier;
requesting by the first node a certification for the IP address from a trusted third party;
receiving, by the first node, return-routability information that includes a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party;
sending at least a subset of the return-routability information, including the cookie, by the first node to the trusted third party;
receiving by the first node a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein;
the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and
the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the first node to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the first node from the trusted third party;
accessing a second network by the first node over a second communication interface; and
transmitting the validation ticket by the first node to a second node in the second network over the second communication interface,wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the first node over the second network.
1 Assignment
0 Petitions
Accused Products
Abstract
A device can connect to a network over a first interface to configure and obtain an IP address. To communicate with nodes in a second network, over a second interface, the IP address can be validated by a trusted third party. The validation can include conducting a return routability test to validate a Prefix of the IP address. Cryptographically Generated Address verification can be utilized to verify the validity of an Interface Identifier included in the IP address. If the IP address is validated, the trusted third party can include the address in a verification ticket, which can also include a signature of the trusted third party. The device can provide the verification ticket to nodes in the second network as authentication of the device.
-
Citations
10 Claims
-
1. A method for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
-
accessing a first network by a first node over a first communication interface; obtaining by the first node an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier; requesting by the first node a certification for the IP address from a trusted third party; receiving, by the first node, return-routability information that includes a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party; sending at least a subset of the return-routability information, including the cookie, by the first node to the trusted third party; receiving by the first node a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein; the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the first node to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the first node from the trusted third party; accessing a second network by the first node over a second communication interface; and transmitting the validation ticket by the first node to a second node in the second network over the second communication interface, wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the first node over the second network. - View Dependent Claims (2, 3, 4)
-
-
5. A communications apparatus for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
-
a memory having stored thereon processor-executable instructions; and a processor, coupled to the memory, wherein the processor-executable instructions stored in the memory are executed by the processor, the processor configured to; access a first network over a first communication interface; obtain an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier; request a certification for the IP address from a trusted third party; receive return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party; send at least a subset of the return-routability information, including the cookie, to the trusted third party; receive a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein; the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received from the trusted third party; access a second network over a second communication interface; and transmit the validation ticket to a second node in the second network over the second communication interface, wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the communications apparatus over the second network.
-
-
6. A communications apparatus for enabling a third party validation of Internet Protocol (IP) addresses, comprising:
-
means for accessing a first network over a first communication interface; means for obtaining an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier; means for requesting a certification for the IP address as a certified IP address from a trusted third party; means for receiving return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party; means for sending at least a subset of the return-routability information, including the cookie, to the trusted third party; means for receiving a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein; the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent by the sending means to the trusted third party matching a corresponding subset of the return-routability information, including the cookie, received by the receiving means from the trusted third party; means for accessing a second network over a second communication interface; and means for transmitting the validation ticket to a second node in the second network over the second communication interface, wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the communications apparatus over the second network. - View Dependent Claims (7, 8)
-
-
9. A non-transitory computer-readable medium having stored thereon processor executable instructions that, when executed by a processor, cause the processor to perform operations for enabling a third party validation of Internet Protocol (IP) addresses, the operations comprising:
-
accessing a first network over a first communication interface; obtaining an IP address from the first network, wherein the IP address from the first network is valid and comprises a Prefix and an Interface Identifier; requesting a certification for the IP address from a trusted third party; receiving return-routability information, including a cookie, sent from the trusted third party based on the Prefix, in response to requesting the certification for the IP address from the trusted third party; sending at least a subset of the return-routability information, including the cookie, to the trusted third party; receiving a validation ticket from the trusted third party that includes the certified IP address and a signature of the trusted third party, wherein; the validation ticket indicates whether at least one of the Prefix and the Interface Identifier is valid; and the trusted third party certifies the Prefix only in response to the subset of the return-routability information, including the cookie, sent to the trusted third party matching a corresponding subset of the return-routability, including the cookie, received from the trusted third party; accessing a second network over a second communication interface; transmitting the validation ticket to a second node in the second network over the second communication interface, wherein the second node verifies the IP address based on the signature of the trusted third party included in the transmitted validation ticket and, in response to a successful verification, the second node allows further communication with the processor over the second network. - View Dependent Claims (10)
-
Specification