`Ishiyama et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,904,466 B1
`Jun. 7, 2005
`
`USOO6904.466B1
`
`(54) MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`(75) Inventors: Masahiro Ishiyama, Tokyo (JP);
`Atsushi Inoue, Kanagawa (JP)
`(73) Assignee: Kabushiki Kaisha Toshiba, Kawasaki
`(JP)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(*) Notice:
`
`(21) Appl. No.: 09/573,189
`(22) Filed:
`May 19, 2000
`(30)
`Foreign Application Priority Data
`May 20, 1999
`(JP) ........................................... 11-140373
`(51) Int. Cl." ........................ G06F 15/16; G06F 15/173
`(52) U.S. Cl. ....................... 709/245; 709/224; 709/228;
`709/207
`(58) Field of Search ................................. 709/206-207,
`709/203, 223-224, 228, 238, 242, 245,
`204, 205
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`6,088,725 A * 7/2000 Kondo et al. ............... 709/220
`6,496,704 B2 12/2002 Yuan .......................... 455/466
`FOREIGN PATENT DOCUMENTS
`
`JP
`JP
`
`09-214516
`10-051449
`
`8/1997
`2/1998
`
`OTHER PUBLICATIONS
`Network Working Group, Request for Comments 2002,
`Mobil IP Spec., Oct. 1996, pp. 15-79.
`Network Working Group, Request for Comments 2136,
`Dynamic DNS Update, Apr. 1997, pp. 1-21.
`
`Network Working Group, Request for Comments 2401 (pp.
`1-66); Request for Comments 2402 (pp. 1-22); Request for
`Comments 2403 (pp. 1-7); Request for Comments 2404 (pp.
`1-7); Request for Comments 2405 (pp. 1-10); Request for
`Comments 2406 (pp. 1-22); Request for Comments 2407
`(pp. 1-32); Request for Comments 2408 (pp. 1-86); Request
`for Comments 2409 (pp. 1-41); Request for Comments
`2410 (pp. 1-6); Request for Comments 2411 (1-11);
`Request for Comments 2412 (pp. 1-55); Ipsec Base Speci
`fication, Nov. 1998.
`
`* cited by examiner
`
`Primary Examiner Ario Etienne
`ASSistant Examiner Hussein El-chanti
`(74) Attorney, Agent, or Firm-Foley & Lardner LLP
`(57)
`ABSTRACT
`
`The disclosed mobile communication Scheme enables easy
`change of a connected location of a mobile computer on the
`IP network when the mobile computer leaves its home
`network, without requiring the use of a home agent, while
`providing a Sufficient level of Security. The mobile computer
`transmits a packet from a visited Site network to a corre
`spondent by encapsulating an inner packet having a home
`address as an original Source address within an outer packet
`having a current location address as a Source address. The
`correspondent which received this encapsulated packet rec
`ognizes the Source addresses of the Outer and inner packets
`of the encapsulated packet as the current location address
`and the home address of the mobile computer, respectively,
`So that the correspondent can transmit a packet to the mobile
`computer thereafter by encapsulating an inner packet having
`the home address as a final destination address within an
`outer packet having the current location address as a desti
`nation address.
`
`16 Claims, 9 Drawing Sheets
`
`(i) SA GENERATION BY KEY
`MANAGEMEN PROTOCOL
`
`(MoWED To N2: CoA2 ACQUIRED)
`(4) REGISTER CoA2 INTo DNS SERVER
`USING Dynamic DNS Update
`(5) SA Gateway Update Haddr:CoAl-CoA2
`
`
`
`:
`
`Ex. 1004
`Apple v. MPH Techs. Oy
`IPR2019-00820
`
`0001
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 1 of 9
`
`US 6,904,466 B1
`
`FIG. 1
`PRIOR ART
`
`
`
`CORRESPONDENT
`HOST (CH) 103
`
`V
`
`a
`
`a
`
`- - - r
`
`MOBfLE
`
`Y
`
`(HOME) NETWORK 101 a
`
`0002
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 2 of 9
`
`US 6,904,466 B1
`
`FIG. 2
`
`NETWORK1c
`
`NETWORK1b
`
`N
`
`IPSEC TUNNEL
`
`w
`
`CORRESPONDENT
`HOST (CH)3
`y
`V
`
`
`
`Y
`
`n
`
`al
`-------11
`LOCATION
`QUERY
`
`y
`MOBILE
`COMPUTER 2
`A
`
`|
`
`?
`
`,
`/
`
`-
`4 -------- i
`
`1
`
`M
`
`?
`
`V
`\
`
`n
`
`Y
`
`N
`
`y - - -
`- - - -
`Y--- re
`f
`Y- 1.
`/
`MOBILE
`1.
`COMPUTER --
`- . -----------
`W NETWORK la
`
`as
`
`Y-
`
`0003
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 3 of 9
`
`US 6,904,466 B1
`
`FIG. 3
`
`TCP/IP
`MODULE
`
`COMMUNICATION
`INTERFACE
`
`COMPUTER 2,3
`
`FIG. 4
`
`
`
`
`
`Src : CoA1
`dist: CN dist: CN
`
`
`
`IPSEC
`TUNNEL
`
`CORRESPONDENT
`HOST 3
`(ADDRESS=CN)
`
`
`
`
`
`
`
`Src.: CoA2
`dist : CN
`dSt. CN
`
`
`
`MOBILE
`COMPUTER 2
`
`IPSEC
`TUNNEL
`
`0004
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 4 of 9
`
`US 6,904,466 B1
`
`FIG. 5
`
`
`
`HOME ADDRESS
`RESOURCE RECORD
`
`NETWORK N2
`
`0005
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 5 of 9
`
`US 6,904,466 B1
`
`FIG 7
`
`(1) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(2)
`
`Src : COA1 ESP
`DSt. CN SPIC
`
`Src.: Haddr
`DSt. CN
`
`(3)
`
`ESP
`Src CN
`Dst : COA1 SPI-ml
`
`Src : CN
`Dst : Hadd
`
`(MOVED TO N2: CoA2 ACQUIRED)
`
`(4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`(5) SA Gateway Update Haddr: CoAl-CoA2
`
`(6)
`
`Src.: CoA2 ESP
`DSt. CN SPIC1
`
`Src : Haddr
`Dst : CN
`
`
`
`(7)
`
`Dst: CoA2 SP=m1 Dst: Haddr
`
`0006
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 6 of 9
`
`US 6,904,466 B1
`
`
`
`
`
`FIG. 8A
`
`FIG. 8B
`
`MN
`D
`
`field
`
`value
`
`CN
`ID
`
`field
`
`value
`
`FIG. 9A
`
`FIG. 9B
`
`ID
`
`field
`
`value
`CN
`ESP
`tunnel
`
`field
`
`value
`
`ID
`
`
`
`0007
`
`
`
`U.S. Patent
`
`Jun. 7, 2005
`
`Sheet 7 of 9
`
`US 6,904,466 B1
`
`FIG 10
`
`MN
`
`CN
`(1) OBTAIN AAAA (CoA1)
`& HAAAA (Haddr) OF
`MN USING DNS
`/ (2) NOTIFICATION
`(3) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(4)
`
`Dst : CoA1 SPI=m1
`
`Dst : Haddr
`
`
`
`(5) Src.: CoA ESP
`Dst : CN SPI-c1
`
`Src : Haddr
`DSt. CN
`
`0008
`
`
`
`US. Patent
`
`Jun. 7, 2005
`
`Sheet 8 0f 9
`
`US 6,904,466 B1
`
`EmHmmeHnCwMU
`
`awhmgéfi
`
`VMOSEE
`
`.EZD
`
`mmmMQQ/wWEOE
`
`>m02m2
`
`ZOHH<U~ZDEEOU
`
`
`
`HZmEmG<Z<2mmmmmg.52:.575
`
`
`ZOEZUOJHZNMMDUnZOHE<ADmm<UZmZOHP<ADmm<UMQ
`
`
`
`Mmbm2<m<mEMHmNrmOEme
`
`.575025.55
`
`mo<mMMHZH
`
`:.GE
`
`
`
`ZOE>MUZmZOEMBUNQ
`
`OS
`
`H9
`
`NS
`
`.EZDZOHE<UHZDEEOU
`
`MMAAOMHZOUmZQ
`
`>-02m2mZQ
`
`3.05
`
`.
`
`,EZD
`
`m:
`
`
`
` HmMUAEI.523.EZD ZOEKUHZDZEOU
`
`
`
`0009
`
`0009
`
`
`
`
`
`
`
`
`
`US. Patent
`
`M02
`
`9m
`
`US 6,904,466 B1
`
`2.05
`
`
`
`
`
`7,:2:ozEmm
`
`
`
`
`
`
`zmegmoEEu.mufimmEH20:52:2onmamemzéfi
`
`
`
`
`
`zoF<onaonuSaga
`
`9—-I:2:MioHEmuzm29,5289
`
`
`
`m2
`
`.55
`
`5$0sz$2:
`
`0010
`
`
`
`mmemzéfi92m2m0<z<2magma?:75:2:
`
`
`
`
`
`
`
`zmemwmoiwmu$56283:62zoF<5mm<o2m20.215353
`
`
`
`
`
`0010
`
`
`
`
`
`US 6,904,466 B1
`
`1
`MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to a mobile computer device
`capable of carrying out communications while moving
`among a plurality of inter-connected networks, a computer
`management device for managing an address of the mobile
`computer, and a mobile computer device for carrying out
`cipher communications with the mobile computer, as well as
`a mobile communication method Suitable for these devices.
`2. Description of the Background Art
`In conjunction with availability of computer Systems in
`Smaller sizes and lower costs and more enriched network
`environments, the use of computer Systems has been rapidly
`expanded into a variety of fields, and there is also a transition
`from centralized Systems to distributed Systems. In this
`regard, in recent years, because of the advance and spread of
`the computer network technology in addition to the progreSS
`and improved performance of the computer System itself, it
`has become possible to realize not only a sharing of
`resources Such as files and printers within an office but also
`communications (electronic mail, electronic news, file trans
`fer etc.) with nodes or hosts outside of an office or
`organization, and these communications are now widely
`used.
`In particular, in recent years, the use of the World's largest
`computer network called “Internet” has become very
`popular, and there are new computer businesses for con
`necting to the Internet and utilizing open information and
`Services, or for providing information and Services to exter
`nal users who make accesses through the Internet. In
`addition, new technology is developed in relation to the use
`of the Internet.
`Also, in conjunction with the spread of Such networks,
`there are technological developments regarding the mobile
`computing. In the mobile computing, a user carries along a
`portable computer terminal and makes communications
`while moving over networks. In Some cases, the user may
`change a location on a network while continuing the
`communication, So that there is a need for a Scheme that
`manages a changing address of a mobile computer on a
`network during Such a communication in order to route the
`communication content correctly.
`In general, in the case of realizing the mobile computing,
`a router (home agent) for managing the Visiting site infor
`mation of the mobile computer is provided at a network
`(home network) to which the mobile computer belongs, and
`when the mobile computer is away from the home network,
`the mobile computer Sends a registration message for indi
`cating a current location to this home agent. When this
`registration message is received, the transmission of data
`destined to the mobile computer is realized via the home
`agent of the mobile computer, by carrying out the data
`routing control with respect to the mobile computer by
`encapsulating an IP packet destined to an original address of
`the mobile computer within a packet destined to a current
`location address of the mobile computer.
`For example, in FIG. 1, this role is played by a home agent
`(HA) 105 when the mobile computer 102 that originally
`belongs to the home network 101 a moves to another net
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`work 101b and carries out the communication with another
`computer (correspondent host: CH) 103 located within the
`other network 101c through the Internet 106. This is a
`scheme called Mobile IF which is currently in a process of
`being standardized by the mobile-IP working group of the
`IETF which is the standardizing organization for the Internet
`(see, IETF RFC 2002, IF mobility support (C. Perkins)).
`The Mobile IP scheme aims at providing the mobility on
`the IP layer by continually using the same IP address even
`when a physical connection point on the network is changed.
`This mobility is Superior to the so called nomadicity which
`Simply enables a node to move from one network to another,
`in the following two respects: a loSS of a Session due to
`moving can be avoided, and an IP address can be used as a
`node identifier. For this reason, the Mobile IP is expected to
`be a protocol that can Strongly Support the mobile comput
`ing.
`However, in the Mobile IP scheme, it is necessary to
`provide routers called home agents in order to Support
`mobile nodes as described above. Also, in the Mobile IP
`Scheme, there are cases involving triangular routes in the
`communications between a mobile node and the other host
`where a packet from the other host to the mobile node is
`transmitted via the home agent while a packet from the
`mobile node to the other host is transmitted without passing
`through the home agent.
`These aspects of the Mobile IP scheme are expected to
`cause the following problems.
`First, the home agent must be connected to a permanently
`connected network, and the mobile node cannot carry out
`any communications if the home agent falls to function
`properly. These facts weaken the robustness of the mobile
`communications.
`Second, there is a mechanism called firewall which is
`indispensable in the current Internet environment, but the
`presence of a triangular route complicates the issue of
`firewall passing because the firewall cannot recognize a
`packet from the mobile node to the other host, for example.
`SUMMARY OF THE INVENTION
`It is therefore an object of the present invention to provide
`a mobile communication Scheme capable of easily changing
`a connected location of a mobile computer on the IP network
`when the mobile computer leaves its home network, without
`requiring the use of a home agent, while providing a
`sufficient level of security.
`According to one aspect of the present invention there is
`provided a method of mobile communications between a
`mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre
`spondent computer, the method comprising the Steps of:
`transmitting a packet to the correspondent computer from
`the mobile computer located at a visited Site network outside
`a home network of the mobile computer, by encapsulating an
`inner packet having a home address assigned to the mobile
`computer at the home network as a Source address, within an
`outer packet having a current location address acquired at
`the Visited Site network as a Source address, Storing crypto
`System parameter information necessary in forming a tunnel
`for transferring an encapsulated packet by encrypting the
`inner packet, at the mobile computer and the correspondent
`computer, notifying a change of the current location address
`of the mobile computer from the mobile computer to the
`correspondent computer by Setting a new current location
`address as the Source address of the outer packet in the
`packet transmitted by the transmitting Step; updating the
`
`0011
`
`
`
`US 6,904,466 B1
`
`15
`
`3
`current location address used as a termination endpoint
`address of the tunnel in the cryptosystem parameter infor
`mation Stored at the mobile computer into the new current
`location address, when the current location address is
`changed to the new current location address, managing
`Source addresses of the outer packet and the inner packet of
`the encapsulated packet received from the mobile computer
`respectively as the current location address and the home
`address of the mobile computer at the correspondent com
`puter; and updating the current location address used as a
`termination endpoint address of the tunnel in the cryptosys
`tem parameter information Stored at the correspondent com
`puter into the new current location address, when the change
`of the current location address to the new current location
`address is notified from the mobile computer.
`According to another aspect of the present invention there
`is provided a method of mobile communications between a
`mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre
`spondent computer, the method comprising the Steps of:
`Storing a current location address acquired by the mobile
`computer at a visited Site network outside a home network
`of the mobile computer, and a home address assigned to the
`mobile computer at the home network, in correspondence to
`a host name of the mobile computer, at a computer man
`agement device, updating the current location address Stored
`25
`at the computer management device, according to a notifi
`cation regarding the current location address received from
`the mobile computer, making an inquiry about the mobile
`computer from the correspondent computer to the computer
`management device, before initiating a packet transmission
`to the mobile computer at the correspondent computer;
`returning a response from the computer management device
`in response to the inquiry for the current location address of
`the mobile computer and the home address of the mobile
`computer received from the correspondent computer; and
`transmitting a packet from, the correspondent computer to
`the mobile computer located at the visited site network, by
`encapsulating an inner packet having the home address as a
`destination address, within an Outer packet having the cur
`rent location address as a destination address, when the
`current location address and the home address are obtained
`from the computer management device in response to the
`inquiry made by the correspondent computer.
`According to another aspect of the present invention there
`is provided a mobile computer device capable of carrying
`out communications while moving over inter-connected
`networks, the mobile computer device comprising: a packet
`transmission unit configured to transmit a packet to a
`correspondent computer from a visited Site network outside
`a home network of the mobile computer device, by encap
`Sulating an inner packet having a home address assigned to
`the mobile computer device at the home network as a Source
`address, within an outer packet having a current location
`address acquired at the Visited Site network as a Source
`address, a memory configured to Store cryptosystem param
`eter information necessary in forming a tunnel for transfer
`ring an encapsulated packet by encrypting the inner packet;
`and a current location address management unit configured
`to notify a change of the current location address of the
`mobile computer device to the correspondent computer by
`Setting a new current location address as the Source address
`of the outer packet in the packet transmitted by the packet
`transmission unit, and to update the current location address
`used as a termination endpoint address of the tunnel in the
`cryptosystem parameter information Stored in the memory
`into the new current location address, when the current
`location address is changed to the new current location
`address.
`
`35
`
`4
`According to another aspect of the present invention there
`is provided a computer management device provided in
`inter-connected networks on which a mobile computer car
`ries out communications while moving over the inter
`connected networks, the computer management device com
`prising: a memory configured to Store a current location
`address acquired by the mobile computer at a visited Site
`network outside a home network of the mobile computer,
`and a home address assigned to the mobile computer at the
`home network, in correspondence to a host name of the
`mobile computer; and a management unit configured to
`update the current location address Stored in the memory
`according to a notification regarding the current location
`address received from the mobile computer, and to respond
`to an inquiry for the current location address of the mobile
`computer and an inquiry for the home address of the mobile
`computer received from a correspondent computer of the
`mobile computer.
`According to another aspect of the present invention there
`is provided a correspondent computer device for carrying
`out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com
`prising: a memory configured to Store cryptosystem param
`eter information necessary in forming a tunnel for transfer
`ring an encapsulated packet with respect to the mobile
`computer, and a mobile computer address management unit
`configured to manage Source addresses of an Outer packet
`and an inner packet of the encapsulated packet received
`from the mobile computer respectively as a current location
`address acquired by the mobile computer at a visited Site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer at the home
`network, and to update the current location address used as
`a termination endpoint address of the tunnel in the crypto
`System parameter information Stored in the memory into a
`new current location address, when a change of the current
`location address to the new current location address is
`notified from the mobile computer.
`According to another aspect of the present invention there
`is provided a correspondent computer device for carrying
`out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com
`prising: a mobile computer address management unit con
`figured to make an inquiry about the mobile computer to a
`computer management device that manages a current loca
`tion address acquired by the mobile computer at a visited Site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer device at
`the home network, before initiating a packet transmission to
`the mobile computer; and a packet transmission unit con
`figured to transmit a packet to the mobile computer located
`at the Visited Site network, by encapsulating an inner packet
`having the home address as a destination address, within an
`outer packet having the current location address as a desti
`nation address, when the current location address and the
`home address are obtained from the computer management
`device in response to the inquiry made by the mobile
`computer address management unit.
`It is also possible to provide computer usable medium
`having computer readable program codes for realizing any
`of the mobile computer device, the computer management
`device, and the correspondent computer device described
`above.
`Other features and advantages of the present invention
`will become apparent from the following description taken
`in conjunction with the accompanying drawings.
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`0012
`
`
`
`US 6,904,466 B1
`
`15
`
`35
`
`40
`
`25
`
`S
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a Schematic diagram for explaining a basic
`operation of the conventional Mobile IP scheme.
`FIG. 2 is a Schematic diagram showing an exemplary
`configuration of a mobile communication System according
`to one embodiment of the present invention.
`FIG. 3 is a block diagram showing an exemplary basic
`configuration of a mobile computer and a correspondent host
`in the mobile communication system of FIG. 2.
`FIG. 4 is a Schematic diagram for explaining operations in
`the case where the mobile computer changes a connected
`location in the mobile communication system of FIG. 2.
`FIG. 5 is a diagram showing an exemplary data format
`used in a DNS server in the mobile communication system
`of FIG. 2.
`FIG. 6 is a Schematic diagram showing an exemplary
`Situation in which mobile communications are carried out in
`the mobile communication system of FIG. 2.
`FIG. 7 is a Sequence chart showing an exemplary pro
`cessing Sequence in the case where the mobile computer
`initiates communications at a visited Site and then changes
`a location in the mobile communication system of FIG. 2.
`FIGS. 8A and 8B are diagrams showing exemplary Secu
`rity policy databases for the mobile computer and the
`correspondent host according to IPSEC that can be used in
`the mobile communication system of FIG. 2.
`FIGS. 9A, 9B, 9C and 9D are diagrams showing exem
`plary Security association databases for the mobile computer
`and the correspondent host according to IPSEC that can be
`used in the mobile communication system of FIG. 2.
`FIG. 10 is a Sequence chart showing an exemplary pro
`cessing Sequence in the case where the correspondent host
`initiates a packet transmission to the mobile computer in the
`mobile communication system of FIG. 2.
`FIG. 11 is a block diagram showing an exemplary internal
`configuration of the mobile computer in the mobile com
`munication system of FIG. 2.
`FIG. 12 is a block diagram showing an exemplary internal
`configuration of the DNS server in the mobile communica
`tion system of FIG. 2.
`FIG. 13 is a block diagram showing an exemplary internal
`configuration of the correspondent host in the mobile com
`45
`munication system of FIG. 2.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`Referring now to FIG. 1 to FIG. 13, one embodiment of
`a mobile communication Scheme according to the present
`invention will be described in detail.
`First, the major features of the present invention are
`briefly summarized as follows.
`AS described above, in the conventional Mobile IP
`Scheme, it is necessary to provide routers called home agents
`for Supporting mobile computers. And as a result of this fact,
`there are cases involving triangular routes in the communi
`cations between a mobile computer and the other host where
`only a packet from the other host to the mobile computer is
`transmitted via the home agent. For these reasons, there have
`been drawbacks that the mobile communications are criti
`cally dependent on a reliability of the home agent, and that
`a policy control at a time of passing a firewall at the entrance
`of an enterprise network becomes difficult.
`In the mobile communication Scheme of the present
`invention, the mobile computer transmits a packet from a
`
`50
`
`55
`
`60
`
`65
`
`6
`Visited Site network to a correspondent by encapsulating an
`inner packet having a home address as an original Source
`address within an outer packet having a current location
`address as a Source address. The correspondent which
`received this encapsulated packet recognizes the Source
`addresses of the outer and inner packets of the encapsulated
`packet as the current location address and the home address
`of the mobile computer, respectively, So that the correspon
`dent can transmit a packet to the mobile computer thereafter
`by encapsulating an inner packet having the home address as
`a final destination address within an Outer packet having the
`current location address as a destination address.
`Also, in this Scheme, when the current location address of
`the mobile computer is changed to a new address, the mobile
`computer notifies the change of the own current location
`address to the correspondent by Setting the new current
`location address as the Source address of the outer packet of
`the encapsulated packet. Upon receiving this encapsulated
`packet, the correspondent can continue communications by
`changing only the destination address of the outer packet to
`the new current location address in the encapsulated packets
`to be transmitted thereafter.
`On the other hand, when the own current location address
`is changed to a new address, the mobile computer also
`notifies the new current location address to a computer
`management device that manages the home address and the
`current location address of this mobile computer, and the
`computer management device updates the current location
`address of this mobile computer accordingly. In this case, a
`host that wishes to originate a call to the mobile computer
`Sends a query to the computer management device, and if the
`current location address and the home address of the mobile
`computer are obtained as a response, this host transmits a
`packet to the mobile computer thereafter by encapsulating
`an inner packet having the home address as a final destina
`tion address within an Outer packet having the current
`location address as a destination address Similarly as
`described above.
`In this way, the mobile communications of the mobile
`computer can be realized without any need for Special
`routers such as home agents required in the Mobile IP
`Scheme, and without any possibility for generating a trian
`gular route.
`Also, in the mobile communication Scheme according to
`the present invention, it is possible to utilize the IPSEC (IP
`Security protocol) tunnel, for example, as follows.
`When the mobile computer obtains the current location
`address (Care-of address) at a visited Site network, the
`mobile computer generates the IPSEC tunnel having this
`current location address as a tunnel termination endpoint,
`and carries out communications through this tunnel by
`encapsulating a packet using the home address.
`When the mobile computer moves, the Care-of address is
`changed so that the termination endpoint of the IPSEC
`tunnel also changes, but it is possible to guarantee the
`mobility without interrupting the Session by notifying the
`changed IPSEC tunnel terminal endpoint to the IPSEC
`module of the correspondent and changing the tunnel ter
`mination address in a Security related database. Also, the
`DNS (Domain Name System) is expanded to provide an
`entry indicating a correspondence between the home address
`and the current Care-of address, Such that when this entry
`indicates that the mobile computer is moving, a fixed host
`that wishes to originate a call to the moving mobile com
`puter transmits a packet having the corresponding Care-of
`Address as the IPSEC tunnel destination to the mobile
`
`0013
`
`
`
`US 6,904,466 B1
`
`15
`
`25
`
`7
`computer so as to construct the IPSEC tunnel to the correct
`tunnel termination endpoint, and thereby realizes the routing
`control to the correct current location without using a home
`agent, while maintaining the Security of communication for
`a call that terminates to the mobile computer from the fixed
`host.
`Thus according to the present invention, the mobile
`computer uses a Security protocol on the IP layer while
`leaving from the home network, and changes the tunnel
`termination endpoint according to that protocol at a time of
`moving, Such that it becomes easily possible to change a
`connected location on the IP network without requiring the
`use of a home agent, while providing a Sufficient level of
`Security. In addition, it also becomes possible to easily
`resolve a moved location of the mobile computer even in the
`case of communication for a call that terminates to the
`mobile computer from the other computer, by registering the
`tunnel termination endpoint information of the IP layer
`security protocol in the DNS, so that it becomes possible to
`transfer packets to the correct moved location. In this way,
`it is possible to construct a Mobile IP system that is far more
`easier to introduce compared with the conventional Mobile
`IP system.
`Now, one embodiment of the mobile communication
`Scheme according to the present invention will be described
`in further detail with references to the drawings.
`FIG. 2 shows an exemplary basic configuration of a
`communication System according to this embodiment.
`In the communication system of FIG. 2, a plurality of
`networks 1a, 1b and 1c are inter-connected through the
`Internet 6, and there is provided a DNS server 4 on the
`Internet 6. In the following, the description will be given for
`an exemplary case where a mobile computer 2 that belongs
`to the home network 1a has moved to another network 1b (or
`35
`to still another network not shown in FIG. 2 from the
`network 1b) as a result of moving and carries out commu
`nications with a correspondent host 3 (which is assumed to
`be a fixed node) that is located in the network 1c.
`Note that the DNS server 4 used in this communication
`system of FIG. 2 has an extra field in addition to the usual
`fields provided in the conventional DNS server, in order to
`manage the current location address of the mobile computer
`2 (as well as whether the mobile computer has moved or not)
`as will be described in further detail below.
`In this embodiment, the tunnel mode of the IPSEC will be
`utilized for communications between the moving mobile
`computer 2 and the correspondent host 3. For details of the
`IPSEC, see RFC 2401 to RFC 2412.
`FIG. 3 shows an exemplary internal configuration of the
`mobile computer 2 in this embodiment.
`The mobile computer 2 of FIG. 3 has a communication
`interface 21 for making a connection to the network, a
`TCP/IP module 23 for carrying out ordinary TCP/IP
`communications, and an IPSEC module 22 for carrying out
`IPSEC communications called tunnel mode. In the tunnel
`mode IPSEC communications, the packet encapsulation and
`the encryption/decryption of the inner packet are carried out
`and the IPSEC module 22 has functions for realizing such
`encapsulation and encryption/decryption processing.
`Also, the mobile computer 2 has one address by which it
`is uniquely identifiable. This address will be referred to as a
`home address (Haddr). The home address is assigned at the
`home network of the mobile computer 2. Also, the mobile
`computer 2 acquires at least one appropriate address at a
`visited site network. This address will be referred to as a
`Care-of address (CoA).
`
`8
`In the case of the tunnel mode IPSEC communications,
`the IP address (CoA) assigned to the communication inter
`face 21 will be used as an address (gateway address)
`indicating one endpoint (termination endpoint) of the tunnel
`of the tunnel mode IPSEC communications in the mobile
`computer 2 of FIG. 3. On the other hand, the Haddr will be
`used as a Source address in the inner packet of the encap
`Sulated packet.
`Also, the IPSEC module 22 of the mobile computer 2
`carries out a processing to update the CoA to be used in this
`mobile computer 2 when this mobile computer 2 has moved.
`In addition, the mobile computer 2 also carries out a
`processing to notify the newly acquired CoA to the DNS
`Server 4 at this point.
`Note that the correspondent host 3 which is capable of
`communicating with the mobile computer 2 also has a
`configuration basically similar to that of FIG. 3. However,
`the IPSEC module of the correspondent host 3 carries out a
`processing to update