31 results about "Host Identity Protocol" patented technology

A method is provided of at least partially securing communications, via a HIP proxy (16), between a first host (12) which is not HIP enabled and a second host (14) which is HIP enabled, the method comprising: sending (A) a query from the first host (12) to resolve the IP address of the second host (14); in response to said query, retrieving (B, C) an IP address (IPfa) and HIT (HIThip) associated with the second host (14), returning (E) from the proxy (16) a substitute IP address (IPres) associated with the second host (14), and maintaining (D) at the proxy (16) a mapping between the substitute IP address (IPres), the retrieved IP address (IPfa) and the retrieved HIT (HIThip); and upon receipt (F) of a session initiation message (TCP SYN) at the proxy (16) from the first host (12) including as its destination address the substitute IP address (IPres), using the mapping to negotiate a secure HIP connection (22) between the proxy (16) and the second host (14).

A method of using the Host Identity Protocol (HIP) to at least partially secure communications between a first host operating in a first network environment and a second, HIP-enabled, host operating in a second network environment, with a gateway node forming a gateway between the two environments. An identifier is associated with the first host, stored at the gateway node, and sent to the first host. The identifier is then used as a source address in a subsequent session initiation message sent from the first host to the gateway node, having an indication that the destination of the message is the second host. The stored identifier at the gateway node is then used to negotiate a secure HIP connection to the second host. The first network environment may be a UMTS or GPRS environment, in which case the gateway node may be a Gateway GPRS Support Node (GGSN).

A method of establishing a Host Identity Protocol session between first and second Host Identity Protocol enabled hosts, where at least said second host is located behind a reverse-proxy. The method comprises providing the reverse-proxy with Diffie-Hellman public keying material of the second host, sending said Diffie-Hellman public keying material from the reverse-proxy to the first host as part of the Host Identity Protocol base exchange procedure, this material being bound to the Host Identity of the reverse-proxy for the purpose of the Host Identity Protocol session, and, at the first host, using the Host Identity of the reverse-proxy as the correspondent Host Identity for the Host Identity Protocol session, and, at the second host, using the Host Identity of the reverse-proxy as the originating Host Identity for the Host Identity Protocol session.

A method of establishing a connection between a second host and an application socket on a first host. The method utilizes the Host Identity Protocol (HIP). The method includes the steps of establishing either a new or a selected existing HIP Security Association between the first and second hosts; creating a new or selecting an existing Tube Association between the application socket and the Security Association; and forming an association for the connection between the application socket, the Security Association, and the Tube Association. This establishes a connection between the second host and the application socket on the first host through the Security Association and the Tube Association.

Disclosed in the present invention are a Host Identity Protocol Access Point (HAP) handoff method and system. The method includes: after the IP address of a Host Identity Protocol (HIP) device changes, the HIP device decides whether to perform a HAP handoff according to obtained HAP information wherein the packet Round Trip Time (RTT) is shorter, or the original HAP of the HIP device decides whether the HIP device should perform the HAP handoff according to obtained HAP information wherein the RTT between the HIP device and the HAP is shorter; when deciding to perform the HAP handoff, the HIP device establishes an association with a new HAP and closes the association with the original HAP; and the original HAP forwards the data sent to the HIP to the new HAP. The present invention solves the problem of long interaction delays between a UE and a HIP device, which are caused by the change from short to long of the RTT between the UE and the HAP after the UE moves.

A method of configuring a plurality of rendezvous servers to provide a Host Identity Protocol, HIP, based mobility service to HIP nodes, where the servers are arranged in a hierarchical branching structure. For each HIP node, a Host Identity Tag, HIT, and contact address mapping is registered with a rendezvous server. That server then identifies itself and the HIT to each higher level server within the same branch, without explicitly identifying the contact address to those higher level servers wherein, in use, when a first rendezvous server receives a HIP contact message addressed to a given HIT, if that first server is unaware of the destination HIT, it forwards the message to a higher level server within the same branch and if the first server is not the server at which the HIT is registered but is aware of the HIT, it forwards the contact message to the neighbouring rendezvous server corresponding to the HIT.

The invention relates to a secure multi-party network communication platform and a construction method and a communication method thereof, and belongs to the fields of distributed systems and computer networks. The multi-party communication platform consists of a management node and a group of host nodes needing intercommunication; by Internet connection, the multi-party communication platform can realize secure and efficient multi-party communication and provide a secure channel for network application software deployed on the communication nodes; the security of the communication layer is realized by using a host identification protocol, and authentication security is realized by using a public key / secret key system on management; the protocol is realized by an open source and supports multiple common operating systems, so the cost of the scheme is very low; centralized member management adopted by the method is flexible and convenient; different from multi-hop forwarding and layer-upon-layer encryption of an onion router protocol, the data of a host marking protocol are finished in one hop between double communication parties and encrypted at one time, so the efficiency is greatly improved, and the data are totally transparent for upper application.

Disclosed is a method and system of communication based on HIP, and HIP device and HIP access point, wherein the method is based on the Host Identity Protocol (HIP) device and the HIP access point (HAP). The method comprises: the HIP device establishes connection with HAP; source HIP device sends data package to source HAP via HIP connection; and the source HAP receives the data package and forwarding the data package based on HIP connection relationship or IP address of the destination device. The present invention can improve user experience by reducing HIP connection required and time delay by the HIP device.

The invention provides a registration and authentication method and system based on HIP (host identity protocol). User equipment is accessed into a distributed telecommunication service platform based on HIP by an HIP node, and an authentication method in a telecommunication network is adopted to authenticate the user equipment; and after the user equipment passes authentication, association information between a user identification of the user equipment and the HIP node and association information between the user identification of the user equipment and the current IP (internet protocol) address of the user equipment are stored in the HIP node. The invention provides a service platform with unified user management, transparent support mobility and multi-cavity performance, and new service income is acquired; and in addition, due to use of the original authentication system of the communication network, the resources of the network and the terminal are saved, the investment is reduced, and the reasonable overhead of mobile equipment and the network is guaranteed. Simultaneously, an application provider does not need to carry out investment construction of user management, support mobility and multi-cavity performance so as to save the capital expenditure, therefore, the win-win situation of the application provider and a network operator is achieved.

The invention relates to a HIP (Host Identity Protocol) based method for realizing user mobility, comprising the following steps of: a registration step: the host equipment initiates a registration process to a set server, and the set server stores the mapping relation between user identification of a host equipment user and the host identification and the location identification of the host equipment; and a connection establishment step: the host equipment queries the set server according to the user identification of an opposite end user and establishes connection with the host equipment of the opposite end user by adopting the HIP according to a query result. The HIP based method and system for realizing the user mobility can realize the mobility taking the user as a centre.

The invention provides an encrypted tunnel communication method based on a host identity protocol (HIP). Two pieces of equipment not supporting the HIP are separately connected with an HIP switch, andthe two HIP switches are connected via a network; agent functions of APR of the two HIP switches are opened, and a GRW virtual interface tunnel is built on the two HIP switches. According to the encrypted tunnel communication method based on the HIP provided by the invention, matched with the HIP switches and the GRE virtual interface tunnel technologies, the HIP communication can be achieved between the equipment without HIP functions, mobile interconnection networking between the equipment without mobile interconnection functions and mutual networking between the different networks are achieved, and the characteristics of wide application range and high security and confidentiality degree are provided.

The invention provides a scheme for performing mobility management on a sensor network by using a host identity protocol. According to the technical scheme provided by the invention, signaling overhead, handover delay and data packet dropout can be reduced, and the cost of data packet headers can be avoided. In addition, the mobility management scheme based on the host identity protocol, provided by the invention, further has the advantages of providing safety protection for a mobile sensor network, supporting power-limiting sensor nodes, being easy to configure and the like.