Return routability optimisation

US 7,933,253 B2
Filed: 09/20/2004
Issued: 04/26/2011
Est. Priority Date: 09/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method of managing switching of a virtual private network (VPN) tunnel termination point from a first address to a second address, wherein the VPN operates between a fixed network node and a mobile node which defines the termination point, the method comprising the steps of:

Requesting that a third party, which is trusted by the fixed network node, allocate an address to the mobile node using an identity used by the mobile node for the VPN tunnel with the fixed network node;

Allocating the second address as a new address to the mobile node by the trusted third party;

Providing the mobile node with a certificate, containing the second address and the identity, by the trusted third party;

switching an address of the mobile node from the first address to the second address;

sending a notification containing the certificate from the mobile node to the fixed network node that the address of the mobile node has changed from the first address to the second address; and

verifying from the certificate that the second address has been allocated to the mobile node by the trusted third party.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing switching of a virtual private network (VPN) tunnel termination point from a first address to a second address. The VPN operates between a fixed network node and a mobile node which defines the termination point. The address of the mobile mode is switched from the first address to the second address and a notification from the mobile node to the fixed node is sent to indicate that the address of the mobile has changed from the first address to the second address. Verification of the trustworthiness of the second address is also then made. A searching manager for performing the method is also disclosed.

28 Citations

View as Search Results

13 Claims

1. A method of managing switching of a virtual private network (VPN) tunnel termination point from a first address to a second address, wherein the VPN operates between a fixed network node and a mobile node which defines the termination point, the method comprising the steps of:
- Requesting that a third party, which is trusted by the fixed network node, allocate an address to the mobile node using an identity used by the mobile node for the VPN tunnel with the fixed network node;
  
  Allocating the second address as a new address to the mobile node by the trusted third party;
  
  Providing the mobile node with a certificate, containing the second address and the identity, by the trusted third party;
  
  switching an address of the mobile node from the first address to the second address;
  
  sending a notification containing the certificate from the mobile node to the fixed network node that the address of the mobile node has changed from the first address to the second address; and
  
  verifying from the certificate that the second address has been allocated to the mobile node by the trusted third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13)
- - 2. The method according to claim 1, wherein the trusted third party is a Dynamic Host Configuration Protocol (DHCP) server.
  - 3. The method according to claim 1, wherein the identity is determined during establishment of the VPN tunnel.
  - 4. The method according to claim 1, wherein the certificate contains a public key.
  - 5. The method according to claim 2, wherein the certificate contains a timestamp showing when the DHCP server allocated the second address and a lifetime for which the second address has been allocated to the mobile node.
  - 6. The method according to claim 5, wherein the certificate contains a digital signature using a private key of the DHCP server that serves as a binding between the second address, the identity used by the mobile node and the timestamp.
  - 7. The method according to claim 2, wherein the mobile node requests the services of the DHCP server capable of providing the certificate through use of modified DHCP signalling.
  - 8. The method according to claim 7, wherein the modified DHCP signalling is a new option OPTION_ADDR_CERT included in a DHCP Request message for address allocation from the mobile node to the DHCP server.
  - 9. The method according to claim 1, wherein Internet Key Exchange version 2 (IKEv2) signalling is used to notify the fixed network node of the mobile node'"'"'s second address and contains the DHCP certificate.
  - 12. The method according to claim 3, wherein the certificate contains the identity used by the mobile node during an address configuration process.
  - 13. The method according to claim 1, further comprising:
    - providing, by the trusted third party to the mobile node, a further certificate that verifies the trusted third party;
      
      providing, by the mobile node, the further certificate to the fixed network node; and
      
      verifying the trusted third party by the fixed network node, using the further certificate.

10. A virtual private network (VPN) tunnel termination point switching system for switching from a first address to a second address, wherein the VPN tunnel operates between a fixed node and a mobile node which defines the termination point, the switching system comprising:
- Requesting means arranged to request a third party, which is trusted by the fixed network node, to allocate an address to the mobile node using an identity used by the mobile node for the VPN tunnel with the fixed network node;
  
  Allocating means arranged to allocate the second address as a new address to the mobile node by the trusted third party;
  
  Providing means arranged to provide the mobile node with a certificate, containing the second address and the identity, by the trusted third party;
  
  switching means arranged to switch the address of the mobile node from the first address to the second address;
  
  notification sending means arranged to send a notification containing the certificate from the mobile node to the fixed network node, the notification indicating that the address of the mobile node has changed from the first address to the second address; and
  
  verification means arranged to verify from the certificate that the second address has been allocated to the mobile node by the trusted third party.
- View Dependent Claims (11)
- - 11. The switching system according to claim 10, wherein Internet Key Exchange (IKE) signalling is used to notify the fixed network node that the address of the mobile node has changed from the first address to the second address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Intellectual Property Corporation of America (Panasonic Holdings Corporation)
Original Assignee
Panasonic Corporation (Panasonic Holdings Corporation)
Inventors
Kasapidis, Makis, Akram, Ammad
Primary Examiner(s)
Chang; Kent
Assistant Examiner(s)
Elhag; Magdi

Application Number

US11/663,316
Publication Number

US 20080310375A1
Time in Patent Office

2,409 Days
Field of Search

370/338
US Class Current

370/338
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 61/5014   using dynamic host configur...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04W 12/03   Protecting confidentiality,...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/069   using certificates or pre-s...

H04W 8/26   Network addressing or numbe...

H04W 80/04   Network layer protocols, e....

Return routability optimisation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Return routability optimisation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links