IPv6 to IPv4 data packet migration in a trusted security zone

US 9,871,768 B1
Filed: 05/22/2017
Issued: 01/16/2018
Est. Priority Date: 07/07/2015
Status: Active Grant

First Claim

Patent Images

1. A method for secure migration of IPv6 protocol packets, comprising:

receiving, by a communication channel stored in a trusted security zone, a request from a first application to engage in an exchange of communication with a second application, wherein the first application is associated with an IPv6 protocol and the second application is associated with an IPv4 protocol;

determining, by the communication channel, whether the second application has a security feature activated;

in response to a determination that the second application does not have the security feature activated, determining, by the communication channel, whether the second application is a trusted application or resides in a secure environment; and

in response to a determination that the second application is at least one of a trusted application or resides in a secure environment, migrating, by the communication channel, packet communication to the second application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods discussed herein relate to enabling communications between IPv4 and IPv6 hosts using a communication channel in a trusted security zone associated with a first host to determine the IP-versions and/or other security features that may be present or enabled on the first host or the second host.

Citations

20 Claims

1. A method for secure migration of IPv6 protocol packets, comprising:
- receiving, by a communication channel stored in a trusted security zone, a request from a first application to engage in an exchange of communication with a second application, wherein the first application is associated with an IPv6 protocol and the second application is associated with an IPv4 protocol;
  
  determining, by the communication channel, whether the second application has a security feature activated;
  
  in response to a determination that the second application does not have the security feature activated, determining, by the communication channel, whether the second application is a trusted application or resides in a secure environment; and
  
  in response to a determination that the second application is at least one of a trusted application or resides in a secure environment, migrating, by the communication channel, packet communication to the second application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising, in response to a determination that the second application is not a trusted application and is not stored in the secure environment of the second user equipment, sending a notification to at least one of the first application and the second application that the requested information will not be sent or received.
  - 3. The method of claim 1, wherein migrating occurs using one of a tunneling mechanism, a dual stack mechanism, and an address/translation protocol mechanism.
  - 4. The method of claim 3, wherein the tunneling mechanism comprises the communications channel encapsulating the IPv6 packet in an IPv4 packet.
  - 5. The method of claim 3, wherein the address/translation protocol mechanism comprises the communications channel translating the IPv6 packet into an IPv4 packet to be received by the second application associated with the IPv4 protocol.
  - 6. The method of claim 1, wherein migrating comprises at least one of encrypting, encapsulating, or translating the IPv6 packet to an IPv4 protocol in the communications channel.

7. A method for secure migration of IPv6 protocol packets, comprising:
- receiving, by a communication channel stored in a trusted security zone, a request from a first application, wherein the request is to engage in an exchange of communication with a second application, and wherein the first application is associated with an IPv6 protocol;
  
  determining, by the communication channel, if the second application is associated with an IPv6 protocol;
  
  in response to a determination that the second application is not associated with the IPv6 protocol, determining, by the communication channel, if the second application is associated with an IPv4 protocol and whether the IPv4 protocol comprises an active security feature; and
  
  in response to a determination that the second application is associated with an IPv4 protocol comprising the active security feature, sending, by the communication channel, an IPv6 protocol packet to the second application to migrate the second application to the IPv6 protocol.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the security feature comprises IPsec.
  - 9. The method of claim 7, wherein the first application is associated with a first user equipment, and wherein the first user equipment comprises a portable communication device, mobile phone, tablet, laptop computer, personal computer, server, or other computer system in communication with a network.
  - 10. The method of claim 7, wherein the second application is associated with a second user equipment, and wherein the second user equipment comprises a portable communication device, mobile phone, tablet, laptop computer, personal computer, server, or other computer system in communication with a network.
  - 11. The method of claim 7, wherein the communications channel migrates the IPv6 packet by tunneling, dual stack, or address/protocol translation.
  - 12. The method of claim 11, wherein the migration occurs in the trusted security zone.
  - 13. The method of claim 11, wherein the migration occurs in the communications channel in the trusted security zone.

14. A system for the secure transmission of information between IPv4 and IPv6, comprising:
- a processor;
  
  a non-transitory memory; and
  
  an application stored in a trusted security zone, wherein the trusted security zone comprises a communications channel to establish an end-to-end trusted communication link configured to;
  
  receive a request from a first application, wherein the request is to engage in an exchange of communication with a second application via a network;
  
  determine if the second application is associated with an IPv6 protocol;
  
  in response to a determination that the second application is not associated with the IPv6 protocol, determine whether the second application is associated with an IPv4 protocol and has IPsec activated;
  
  in response to a determination that the second application either is not associated with an IPv4 protocol or does not have IPsec activated, determine whether the second application is at least one of a trusted application or is stored in a secure environment; and
  
  in response to at least one of a determination that the second application is associated with IPv4 protocol and comprises activated IPsec and a determination that the second application is at least one of a trusted application or is stored in the secure environment, sends an IPv6 packet to the second application via the end-to-end trusted communication link.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the first application is associated with a first user equipment, and wherein the first user equipment comprises a portable communication device, mobile phone, tablet, laptop computer, personal computer, server, or other computer system in communication with the network.
  - 16. The system of claim 14, wherein the second application is associated with a second user equipment, and wherein the second user equipment comprises a portable communication device, mobile phone, tablet, laptop computer, personal computer, server, or other computer system in communication with the network.
  - 17. The system of claim 14, wherein the network comprises an IPv4 network, and wherein the communications channel encapsulates an IPv6 packet in an IPv4 packet during migration.
  - 18. The system of claim 17, wherein, subsequent to receiving the IPv6 packet, the second application is associated with the IPv6 protocol.
  - 19. The system of claim 14, wherein the IPv6 packet is encapsulated subsequent to receipt by the second application.
  - 20. The system of claim 14, wherein the IPv6 packet is translated in the communications channel to an IPv4 packet and received by the second application as an IPv4 packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Ray, Amar N., Sisul, James P.
Primary Examiner(s)
Thompson, Jr., Otis L

Application Number

US15/602,057
Time in Patent Office

239 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 45/306   Route determination based o...

H04L 45/741   Routing in networks with a ...

H04L 63/04   for providing a confidentia...

H04L 63/105   Multiple levels of security

H04L 63/166   at the transport layer

H04L 69/08   Protocols for interworking;...

H04L 69/085   specially adapted for inter...

H04L 69/167   Adaptation for transition b...

H04L 69/24   Negotiation of communicatio...

IPv6 to IPv4 data packet migration in a trusted security zone

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IPv6 to IPv4 data packet migration in a trusted security zone

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links