(12) United States Patent
`Ishiyama et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,904,466 Bl
`Jun.7,2005
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006904466B 1
`
`(54) MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`(75)
`
`Inventors: Masahiro Ishiyama, Tokyo (JP);
`Atsushi Inoue, Kanagawa (JP)
`
`(73) Assignee: Kabushiki Kaisha Toshiba, Kawasaki
`(JP)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`Network Working Group, Request for Comments 2401 (pp.
`1-66); Request for Comments 2402 (pp. 1-22); Request for
`Comments 2403 (pp. 1-7); Request for Comments 2404 (pp.
`1-7); Request for Comments 2405 (pp. 1-10); Request for
`Comments 2406 (pp. 1-22); Request for Comments 2407
`(pp. 1-32); Request for Comments 2408 (pp. 1-86); Request
`for Comments 2409 (pp. 1-41); Request for Comments
`2410 (pp. 1-6); Request for Comments 2411 (1-11);
`Request for Comments 2412 (pp. 1-55); Ipsec Base Speci(cid:173)
`fication, Nov. 1998.
`
`* cited by examiner
`
`(21) Appl. No.: 09/573,189
`
`(22) Filed:
`
`May 19,2000
`
`(30)
`
`Foreign Application Priority Data
`
`Primary Examiner-Aria Etienne
`Assistant Examiner---Hussein El-chanti
`(74) Attorney, Agent, or Firm-Foley & Lardner LLP
`
`May 20, 1999
`
`(JP) ........................................... 11-140373
`
`(57)
`
`ABSTRACT
`
`Int. Cl? ........................ G06F 15/16; G06F 15/173
`(51)
`(52) U.S. Cl. ....................... 709/245; 709/224; 709/228;
`709/207
`(58) Field of Search ................................. 709/206-207,
`709/203, 223-224, 228, 238, 242, 245,
`204, 205
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,088,725 A * 7/2000 Kondo eta!. ............... 709/220
`6,496,704 B2 * 12/2002 Yuan .......................... 455/466
`
`FOREIGN PATENT DOCUMENTS
`
`JP
`JP
`
`09-214516
`10-051449
`
`8/1997
`2/1998
`
`01HER PUBLICATIONS
`
`Network Working Group, Request for Comments 2002,
`Mobil IP Spec., Oct. 1996, pp. 15-79.
`Network Working Group, Request for Comments 2136,
`Dynamic DNS Update, Apr. 1997, pp. 1-21.
`
`The disclosed mobile communication scheme enables easy
`change of a connected location of a mobile computer on the
`IP network when the mobile computer leaves its home
`network, without requiring the use of a home agent, while
`providing a sufficient level of security. The mobile computer
`transmits a packet from a visited site network to a corre(cid:173)
`spondent by encapsulating an inner packet having a home
`address as an original source address within an outer packet
`having a current location address as a source address. The
`correspondent which received this encapsulated packet rec(cid:173)
`ognizes the source addresses of the outer and inner packets
`of the encapsulated packet as the current location address
`and the home address of the mobile computer, respectively,
`so that the correspondent can transmit a packet to the mobile
`computer thereafter by encapsulating an inner packet having
`the home address as a final destination address within an
`outer packet having the current location address as a desti(cid:173)
`nation address.
`
`16 Claims, 9 Drawing Sheets
`
`:n
`(1) SA G
`ENERA: ON BY KEY
`MANAGEMENT PROTOCOL
`
`(2) ~~rc: CoAl I ESP
`
`Dst : CN
`
`SPI=cl
`
`II Src: Haddr
`
`Dst; CN
`
`I II
`
`(3)1SreoCN
`
`Dst: CoAl SPI-ml
`
`IESP LIISreoCN
`, Dst: Haddr Ill
`
`(MOVED TO N2 : CoA2 ACQUIRED)
`
`(4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`(5) SA Gateway Update Haddr: CoAl-coAl
`
`(6) lFrc: CoA21 ~SP
`
`Dst : CN
`
`SPl=cl
`
`II Src: Haddr
`
`Dst : CN
`
`I II
`
`(7)1~""CN .Iss• ,lls,..:cN
`, Dst : Haddr I II
`
`Dst: CoA2 SPI=ml
`
`Ex. 1005
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`0001
`
`
`Ishiyama et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,904,466 Bl
`Jun.7,2005
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006904466B 1
`
`(54) MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`(75)
`
`Inventors: Masahiro Ishiyama, Tokyo (JP);
`Atsushi Inoue, Kanagawa (JP)
`
`(73) Assignee: Kabushiki Kaisha Toshiba, Kawasaki
`(JP)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`Network Working Group, Request for Comments 2401 (pp.
`1-66); Request for Comments 2402 (pp. 1-22); Request for
`Comments 2403 (pp. 1-7); Request for Comments 2404 (pp.
`1-7); Request for Comments 2405 (pp. 1-10); Request for
`Comments 2406 (pp. 1-22); Request for Comments 2407
`(pp. 1-32); Request for Comments 2408 (pp. 1-86); Request
`for Comments 2409 (pp. 1-41); Request for Comments
`2410 (pp. 1-6); Request for Comments 2411 (1-11);
`Request for Comments 2412 (pp. 1-55); Ipsec Base Speci(cid:173)
`fication, Nov. 1998.
`
`* cited by examiner
`
`(21) Appl. No.: 09/573,189
`
`(22) Filed:
`
`May 19,2000
`
`(30)
`
`Foreign Application Priority Data
`
`Primary Examiner-Aria Etienne
`Assistant Examiner---Hussein El-chanti
`(74) Attorney, Agent, or Firm-Foley & Lardner LLP
`
`May 20, 1999
`
`(JP) ........................................... 11-140373
`
`(57)
`
`ABSTRACT
`
`Int. Cl? ........................ G06F 15/16; G06F 15/173
`(51)
`(52) U.S. Cl. ....................... 709/245; 709/224; 709/228;
`709/207
`(58) Field of Search ................................. 709/206-207,
`709/203, 223-224, 228, 238, 242, 245,
`204, 205
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,088,725 A * 7/2000 Kondo eta!. ............... 709/220
`6,496,704 B2 * 12/2002 Yuan .......................... 455/466
`
`FOREIGN PATENT DOCUMENTS
`
`JP
`JP
`
`09-214516
`10-051449
`
`8/1997
`2/1998
`
`01HER PUBLICATIONS
`
`Network Working Group, Request for Comments 2002,
`Mobil IP Spec., Oct. 1996, pp. 15-79.
`Network Working Group, Request for Comments 2136,
`Dynamic DNS Update, Apr. 1997, pp. 1-21.
`
`The disclosed mobile communication scheme enables easy
`change of a connected location of a mobile computer on the
`IP network when the mobile computer leaves its home
`network, without requiring the use of a home agent, while
`providing a sufficient level of security. The mobile computer
`transmits a packet from a visited site network to a corre(cid:173)
`spondent by encapsulating an inner packet having a home
`address as an original source address within an outer packet
`having a current location address as a source address. The
`correspondent which received this encapsulated packet rec(cid:173)
`ognizes the source addresses of the outer and inner packets
`of the encapsulated packet as the current location address
`and the home address of the mobile computer, respectively,
`so that the correspondent can transmit a packet to the mobile
`computer thereafter by encapsulating an inner packet having
`the home address as a final destination address within an
`outer packet having the current location address as a desti(cid:173)
`nation address.
`
`16 Claims, 9 Drawing Sheets
`
`:n
`(1) SA G
`ENERA: ON BY KEY
`MANAGEMENT PROTOCOL
`
`(2) ~~rc: CoAl I ESP
`
`Dst : CN
`
`SPI=cl
`
`II Src: Haddr
`
`Dst; CN
`
`I II
`
`(3)1SreoCN
`
`Dst: CoAl SPI-ml
`
`IESP LIISreoCN
`, Dst: Haddr Ill
`
`(MOVED TO N2 : CoA2 ACQUIRED)
`
`(4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`(5) SA Gateway Update Haddr: CoAl-coAl
`
`(6) lFrc: CoA21 ~SP
`
`Dst : CN
`
`SPl=cl
`
`II Src: Haddr
`
`Dst : CN
`
`I II
`
`(7)1~""CN .Iss• ,lls,..:cN
`, Dst : Haddr I II
`
`Dst: CoA2 SPI=ml
`
`Ex. 1005
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`0001
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 1 of 9
`
`US 6,904,466 Bl
`
`FIG. 1
`PRIOR ART
`
`.,....-
`,.'
`,
`
`/
`
`/
`
`/
`
`I
`
`I
`
`NETWORK 101c
`'
`'
`'
`'
`
`-....
`_I
`.... ..! ....
`
`'
`
`I
`I
`I
`I
`I
`I
`\ CORRESPONDENT
`\HOST (CH) 103
`' ' ' ' '
`
`I
`\
`
`....
`
`........
`
`--------
`
`\
`\
`I
`I
`I
`I
`
`1-----.,
`
`I
`I
`I
`I
`I
`
`I
`
`I
`
`I
`
`_,
`_,
`
`NETWORK 10lb
`' I
`-.... ,,
`,.~~--
`',
`/ MOBILE
`',
`COMPUTER 102
`\
`
`- - - - - - ....
`
`/
`
`/
`I
`I
`I
`I
`
`\
`\
`I
`\
`
`\
`I
`I
`,
`
`I
`I
`I
`
`'
`,
`
`I
`
`, , , , , , , ,
`----------,'-- ---
`:
`
`I
`
`I
`I
`I
`I
`-----,--:i'i:------......_---.,.--
`
`~~~=---
`
`REGISTRATION
`,___
`MESSAGE ------------ -
`-----.·~~-~
`I
`I
`I
`
`'
`
`\
`
`----
`
`---
`
`I
`
`I
`
`J
`
`\
`
`\
`
`'
`
`'
`
`',
`.........
`
`.... _
`
`.... ,
`
`I
`·~~
`, (
`---------.,. I I
`I
`I
`I
`I
`I
`I
`I
`, .. ..I
`
`----
`
`---
`
`'-.
`-.,
`' ,
`',
`-~---
`\
`l
`I
`,
`1
`,/
`_,.,
`_____ .,
`
`I
`-.., - - - -
`·'
`r
`' '
`MOBILE
`'............... HOME AGENT 105
`COMPUTER 102
`---
`................ _ (HA)
`------
`---
`-------,------------
`(HOME) NETWORK 101 a
`
`/~,-~
`
`I
`
`- - -
`
`----
`
`,,.""
`
`,
`, '
`
`I
`
`/
`1
`I
`I
`\
`
`0002
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 2 of 9
`
`US 6,904,466 Bl
`
`FIG. 2
`
`- - - - - - - - -
`
`IPSEC TUNNEL
`
`NETWORK lc
`,
`r"'
`'..{ .... ,
`' ' '
`
`,,' ....
`,
`
`/
`
`I
`
`I
`
`I
`I
`I
`I
`I
`\CORRESPONDENT
`\HOST (CH) 3
`
`\
`
`\
`
`\
`
`' ' ......
`' .... ,_ -------
`
`LOCATION
`QUERY
`
`-------
`
`-----
`
`NETWORK lb
`' \
`~ ...... ----- ---
`
`I
`
`~~"'
`
`' .... , ... ...
`' ' ' ' ' \
`
`\
`
`\
`MOBll..E
`COMPUTER 2~
`
`. :
`
`I
`I
`I
`I
`I
`
`'
`'
`I
`,
`. - -_ !_ __ _ ____,',,REGISTRATION:
`.,./
`................. _
`• .................
`'
`I
`~
`4
`------ -~
`-- ............ ,
`:
`.... --
`'
`----- ',
`
`I
`
`I
`I
`I
`
`I
`I
`
`'
`
`' ,
`
`---(cid:173)
`
`,•
`I
`
`/1
`
`,./
`
`- - - - - - -
`
`- - - - -
`
`-
`
`.... _
`
`---
`
`r-
`1 - , - - - - -
`I
`,'r""
`MOBILE
`COMPUTER __ _,-
`
`-----T-----------------
`NETWORK la
`
`1
`I
`
`0003
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 3 of 9
`
`US 6,904,466 Bl
`
`FIG. 3
`
`23
`
`22
`
`COMPUTER 2,3
`
`21
`
`FIG. 4
`
`IPSEC
`TUNNEL
`
`CORRESPONDENT
`HOST 3
`(ADDRESS=CN)
`
`0004
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 4 of 9
`
`US 6,904,466 Bl
`
`FIG. 5
`
`____ ...._.__ __
`
`HOME ADDRESS
`RESOURCE RECORD
`'
`r
`
`DOMAIN NAME
`
`AAAA
`
`HAAAA
`
`FIG. 6
`
`6
`
`2
`
`CoAl
`
`NETWORK Nl
`
`,.------,
`I 2
`I
`r .........
`1
`~---r--.J
`I
`I
`: CoA2
`I
`
`NETWORK N2
`
`0005
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 5 of 9
`
`US 6,904,466 Bl
`
`FIG. 7
`
`MN
`
`CN
`
`(1) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(2)
`
`Src: CoAl ESP
`SPI=cl
`Dst: CN
`
`I Src: Haddr
`
`Dst: CN
`
`I I
`
`(3)
`
`ESP
`Src: CN
`Dst: CoAl SPI=ml
`
`I Src: CN
`, Dst: Haddr I I
`
`(MOVED TO N2 : CoA2 ACQUIRED)
`
`( 4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`
`(5) SA Gateway Update Haddr: CoAI~CoA2
`
`I
`I
`I
`I
`I
`I
`:
`I
`I
`
`' I
`
`I
`I
`
`(6) Src: CoA2 ESP
`Dst: CN
`SPI=cl
`
`Dst: CN
`
`I Src: Haddr I I
`I I
`
`ESP
`(7) Src: CN
`Dst: CoA2 SPI=ml
`
`I Src: CN
`
`. Dst: Haddr
`
`0006
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 6 of 9
`
`US 6,904,466 Bl
`
`FIG. 8A
`
`FIG. 8B
`
`MN
`ID
`SPMl
`
`SPM2
`
`field
`src
`dst
`SA
`src
`dst
`SA
`
`value
`Haddr
`CN
`SAMl
`CN
`Haddr
`SAM2
`
`CN
`ID
`SPCl
`
`SPC2
`
`field
`src
`dst
`SA
`src
`dst
`SA
`
`value
`CN
`Haddr
`SACl
`Haddr
`CN
`SAC2
`
`FIG. 9A
`
`FIG. 9B
`
`MN
`ID
`SAMl
`
`SAM2
`
`field
`value
`dst
`CN
`proto ESP
`mode
`tunnel
`SPI
`c1
`dst
`CoAl
`proto ESP
`mode
`tunnel
`SPI
`ml
`
`CN
`ID
`SACI
`
`SAC2
`
`field
`value
`dst
`CoAl
`proto ESP
`tunnel
`mode
`SPI
`ml
`dst
`CN
`proto ESP
`mode
`tunnel
`SPI
`cl
`
`FIG. 9C
`
`FIG. 9D
`
`MN
`ID
`SAMI
`
`SAM2
`
`value
`field
`CN
`dst
`proto ESP
`mode
`tunnel
`SPI
`cl
`dst
`CoA2
`proto ESP
`mode
`tunnel
`SPI
`ml
`
`CN
`ID
`SACl
`
`SAC2
`
`value
`field
`CoA2
`dst
`proto ESP
`tunnel
`mode
`SPI
`ml
`dst
`CN
`proto ESP
`tunnel
`mode
`cl
`SPI
`
`0007
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 7 of 9
`
`US 6,904,466 Bl
`
`FIG. 10
`
`MN
`
`CN
`(1) OBTAIN AAAA (CoAl)
`& HAAAA (Haddr) OF
`MN USING DNS
`
`/
`(3) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(2) NOTIFICATION
`
`(4)
`
`ESP
`Src: CN
`Dst: CoAl SPI=ml
`
`I Src: CN
`
`. Dst: Haddr
`
`(5) Src: CoAl ESP
`Dst: CN
`SPI=cl
`
`I I
`I Src: Haddr I I
`
`Dst: CN
`
`0008
`
`
`
`FIG 11
`
`'
`
`/""""' 111
`DECAPSULATION
`UNIT
`
`110
`)
`COMMUNICATION INTERFACE I
`I
`_.,--" 113
`/"""' 116
`ENCAPSULATION t---
`CURRENT LOCATION
`UNIT
`ADDRESS MANAGEMENT
`UNIT
`
`1
`
`118
`f
`CRYPTOSYSTEM PARAMETER
`SETIING UNIT
`
`..----112
`DECRYPTION
`UNIT
`
`r-"114
`ENCRYPTION
`UNIT
`
`I
`
`PACKET COMMUNICATION
`UNIT
`I
`
`J
`115
`
`FIG. 12
`
`117
`)
`HOME ADDRESS
`MEMORY
`
`COMMUNICATION UNIT
`
`DNS CONTROLLER
`
`DNS MEMORY
`
`120
`
`121
`
`122
`
`CRYPTOSYSTEM
`PARAMETER
`MEMORY
`
`----119
`
`!
`
`I
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`~ = ?
`N c c
`
`~-..J
`
`Ul
`
`'JJ. =(cid:173)~
`
`~
`00
`0 ......,
`'0
`
`e
`
`rJ'l
`0'1
`\o
`Q
`~
`~
`0'1
`0'1
`~
`1--"
`
`0009
`
`
`
`130
`)
`COMMUNICATION INTERFACE I
`,..,. 133
`,-/136
`ENCAPSULATION
`MOBILE COMPUTER
`ADDRESS MANAGEMENT
`UNIT
`UNIT
`
`,.-131
`DECAPSULATION
`UNIT
`
`-
`
`~132
`DECRYPTION
`UNIT
`
`_.,--/ 134
`ENCRYPTION
`UNIT
`
`I
`
`PACKET COMMUNICATION
`UNIT
`
`135
`
`FIG. 13
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`137
`J
`CRYPTOSYSTEM PARAMETER
`SETIING UNIT
`
`1
`
`~ = ?
`N c c
`
`~-..J
`
`Ul
`
`CRYPTOSYSTEM
`PARAMETER
`MEMORY
`
`~138
`
`'JJ. =(cid:173)~
`~ .....
`'0
`0 ......,
`'0
`
`e
`rJ'l
`-..a-..
`\0
`Q
`~
`
`~ a-.. a-..
`
`~
`1--"
`
`0010
`
`
`
`US 6,904,466 Bl
`
`1
`MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`BACKGROUND OF THE INVENTION
`
`2
`work lOlb and carries out the communication with another
`computer (correspondent host: CH) 103 located within the
`other network lOlc through the Internet 106. This is a
`scheme called Mobile IF which is currently in a process of
`5 being standardized by the mobile-IP working group of the
`IETF which is the standardizing organization for the Internet
`(see, IETF RFC 2002, IF mobility support (C. Perkins)).
`The Mobile IP scheme aims at providing the mobility on
`the IP layer by continually using the same IP address even
`10 when a physical connection point on the network is changed.
`This mobility is superior to the so called nomadicity which
`simply enables a node to move from one network to another,
`in the following two respects: a loss of a session due to
`moving can be avoided, and an IP address can be used as a
`15 node identifier. For this reason, the Mobile IP is expected to
`be a protocol that can strongly support the mobile comput-
`in g.
`However, in the Mobile IP scheme, it is necessary to
`provide routers called home agents in order to support
`mobile nodes as described above. Also, in the Mobile IP
`scheme, there are cases involving triangular routes in the
`communications between a mobile node and the other host
`where a packet from the other host to the mobile node is
`transmitted via the home agent while a packet from the
`mobile node to the other host is transmitted without passing
`through the home agent.
`These aspects of the Mobile IP scheme are expected to
`cause the following problems.
`First, the home agent must be connected to a permanently
`connected network, and the mobile node cannot carry out
`any communications if the home agent falls to function
`properly. These facts weaken the robustness of the mobile
`communications.
`Second, there is a mechanism called firewall which is
`indispensable in the current Internet environment, but the
`presence of a triangular route complicates the issue of
`firewall passing because the firewall cannot recognize a
`packet from the mobile node to the other host, for example.
`
`35
`
`1. Field of the Invention
`The present invention relates to a mobile computer device
`capable of carrying out communications while moving
`among a plurality of inter-connected networks, a computer
`management device for managing an address of the mobile
`computer, and a mobile computer device for carrying out
`cipher communications with the mobile computer, as well as
`a mobile communication method suitable for these devices.
`2. Description of the Background Art
`In conjunction with availability of computer systems in
`smaller sizes and lower costs and more enriched network
`environments, the use of computer systems has been rapidly 20
`expanded into a variety of fields, and there is also a transition
`from centralized systems to distributed systems. In this
`regard, in recent years, because of the advance and spread of
`the computer network technology in addition to the progress
`and improved performance of the computer system itself, it 25
`has become possible to realize not only a sharing of
`resources such as files and printers within an office but also
`communications (electronic mail, electronic news, file trans-
`fer etc.) with nodes or hosts outside of an office or
`organization, and these communications are now widely 30
`used.
`In particular, in recent years, the use of the world's largest
`computer network called "Internet" has become very
`popular, and there are new computer businesses for con-
`necting to the Internet and utilizing open information and
`services, or for providing information and services to exter(cid:173)
`nal users who make accesses through the Internet. In
`addition, new technology is developed in relation to the use
`of the Internet.
`Also, in conjunction with the spread of such networks,
`there are technological developments regarding the mobile
`computing. In the mobile computing, a user carries along a
`portable computer terminal and makes communications
`while moving over networks. In some cases, the user may 45
`change a location on a network while continuing the
`communication, so that there is a need for a scheme that
`manages a changing address of a mobile computer on a
`network during such a communication in order to route the
`communication content correctly.
`In general, in the case of realizing the mobile computing,
`a router (home agent) for managing the visiting site infor(cid:173)
`mation of the mobile computer is provided at a network
`(home network) to which the mobile computer belongs, and
`when the mobile computer is away from the home network, 55
`the mobile computer sends a registration message for indi(cid:173)
`cating a current location to this home agent. When this
`registration message is received, the transmission of data
`destined to the mobile computer is realized via the home
`agent of the mobile computer, by carrying out the data 60
`routing control with respect to the mobile computer by
`encapsulating an IP packet destined to an original address of
`the mobile computer within a packet destined to a current
`location address of the mobile computer.
`For example, in FIG. 1, this role is played by a home agent 65
`(HA) 105 when the mobile computer 102 that originally
`belongs to the home network lOla moves to another net-
`
`40
`
`SUMMARY OF THE INVENTION
`
`It is therefore an object of the present invention to provide
`a mobile communication scheme capable of easily changing
`a connected location of a mobile computer on the IP network
`when the mobile computer leaves its home network, without
`requiring the use of a home agent, while providing a
`sufficient level of security.
`According to one aspect of the present invention there is
`provided a method of mobile communications between a
`50 mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre(cid:173)
`spondent computer, the method comprising the steps of:
`transmitting a packet to the correspondent computer from
`the mobile computer located at a visited site network outside
`a home network of the mobile computer, by encapsulating an
`inner packet having a home address assigned to the mobile
`computer at the home network as a source address, within an
`outer packet having a current location address acquired at
`the visited site network as a source address; storing crypto(cid:173)
`system parameter information necessary in forming a tunnel
`for transferring an encapsulated packet by encrypting the
`inner packet, at the mobile computer and the correspondent
`computer; notifying a change of the current location address
`of the mobile computer from the mobile computer to the
`correspondent computer by setting a new current location
`address as the source address of the outer packet in the
`packet transmitted by the transmitting step; updating the
`
`0011
`
`
`
`US 6,904,466 Bl
`
`10
`
`3
`current location address used as a termination endpoint
`address of the tunnel in the cryptosystem parameter infor(cid:173)
`mation stored at the mobile computer into the new current
`location address, when the current location address is
`changed to the new current location address; managing
`source addresses of the outer packet and the inner packet of
`the encapsulated packet received from the mobile computer
`respectively as the current location address and the home
`address of the mobile computer at the correspondent com(cid:173)
`puter; and updating the current location address used as a
`termination endpoint address of the tunnel in the cryptosys(cid:173)
`tem parameter information stored at the correspondent com(cid:173)
`puter into the new current location address, when the change
`of the current location address to the new current location
`address is notified from the mobile computer.
`According to another aspect of the present invention there
`is provided a method of mobile communications between a
`mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre(cid:173)
`spondent computer, the method comprising the steps of:
`storing a current location address acquired by the mobile
`computer at a visited site network outside a home network
`of the mobile computer, and a home address assigned to the
`mobile computer at the home network, in correspondence to
`a host name of the mobile computer, at a computer man(cid:173)
`agement device; updating the current location address stored
`at the computer management device, according to a notifi(cid:173)
`cation regarding the current location address received from
`the mobile computer; making an inquiry about the mobile
`computer from the correspondent computer to the computer
`management device, before initiating a packet transmission
`to the mobile computer at the correspondent computer;
`returning a response from the computer management device
`in response to the inquiry for the current location address of
`the mobile computer and the home address of the mobile
`computer received from the correspondent computer; and
`transmitting a packet from, the correspondent computer to
`the mobile computer located at the visited site network, by
`encapsulating an inner packet having the home address as a
`destination address, within an outer packet having the cur(cid:173)
`rent location address as a destination address, when the
`current location address and the home address are obtained
`from the computer management device in response to the
`inquiry made by the correspondent computer.
`According to another aspect of the present invention there
`is provided a mobile computer device capable of carrying
`out communications while moving over inter-connected
`networks, the mobile computer device comprising: a packet
`transmission unit configured to transmit a packet to a
`correspondent computer from a visited site network outside
`a home network of the mobile computer device, by encap(cid:173)
`sulating an inner packet having a home address assigned to
`the mobile computer device at the home network as a source
`address, within an outer packet having a current location
`address acquired at the visited site network as a source
`address; a memory configured to store cryptosystem param(cid:173)
`eter information necessary in forming a tunnel for transfer(cid:173)
`ring an encapsulated packet by encrypting the inner packet;
`and a current location address management unit configured
`to notify a change of the current location address of the
`mobile computer device to the correspondent computer by
`setting a new current location address as the source address 60
`of the outer packet in the packet transmitted by the packet
`transmission unit, and to update the current location address
`used as a termination endpoint address of the tunnel in the
`cryptosystem parameter information stored in the memory
`into the new current location address, when the current 65
`location address is changed to the new current location
`address.
`
`4
`According to another aspect of the present invention there
`is provided a computer management device provided in
`inter-connected networks on which a mobile computer car(cid:173)
`ries out communications while moving over the inter-
`s connected networks, the computer management device com(cid:173)
`prising: a memory configured to store a current location
`address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer,
`and a home address assigned to the mobile computer at the
`home network, in correspondence to a host name of the
`mobile computer; and a management unit configured to
`update the current location address stored in the memory
`according to a notification regarding the current location
`address received from the mobile computer, and to respond
`to an inquiry for the current location address of the mobile
`15 computer and an inquiry for the home address of the mobile
`computer received from a correspondent computer of the
`mobile computer.
`According to another aspect of the present invention there
`is provided a correspondent computer device for carrying
`20 out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com(cid:173)
`prising: a memory configured to store cryptosystem param(cid:173)
`eter information necessary in forming a tunnel for transfer-
`2s ring an encapsulated packet with respect to the mobile
`computer; and a mobile computer address management unit
`configured to manage source addresses of an outer packet
`and an inner packet of the encapsulated packet received
`from the mobile computer respectively as a current location
`30 address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer at the home
`network, and to update the current location address used as
`a termination endpoint address of the tunnel in the crypto-
`35 system parameter information stored in the memory into a
`new current location address, when a change of the current
`location address to the new current location address is
`notified from the mobile computer.
`According to another aspect of the present invention there
`40 is provided a correspondent computer device for carrying
`out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com(cid:173)
`prising: a mobile computer address management unit con-
`45 figured to make an inquiry about the mobile computer to a
`computer management device that manages a current loca(cid:173)
`tion address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer device at
`50 the home network, before initiating a packet transmission to
`the mobile computer; and a packet transmission unit con(cid:173)
`figured to transmit a packet to the mobile computer located
`at the visited site network, by encapsulating an inner packet
`having the home address as a destination address, within an
`55 outer packet having the current location address as a desti(cid:173)
`nation address, when the current location address and the
`home address are obtained from the computer management
`device in response to the inquiry made by the mobile
`computer address management unit.
`It is also possible to provide computer usable medium
`having computer readable program codes for realizing any
`of the mobile computer device, the computer management
`device, and the correspondent computer device described
`above.
`Other features and advantages of the present invention
`will become apparent from the following description taken
`in conjunction with the accompanying drawings.
`
`0012
`
`
`
`5
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a schematic diagram for explaining a basic
`operation of the conventional Mobile IP scheme.
`FIG. 2 is a schematic diagram showing an exemplary
`configuration of a mobile communication system according
`to one embodiment of the present invention.
`FIG. 3 is a block diagram showing an exemplary basic
`configuration of a mobile computer and a correspondent host
`in the mobile communication system of FIG. 2.
`FIG. 4 is a schematic diagram for explaining operations in
`the case where the mobile computer changes a connected
`location in the mobile communication system of FIG. 2.
`FIG. 5 is a diagram showing an exemplary data format
`used in a DNS server in the mobile communication system 15
`of FIG. 2.
`FIG. 6 is a schematic diagram showing an exemplary
`situation in which mobile communications are carried out in
`the mobile communication system of FIG. 2.
`FIG. 7 is a sequence chart showing an exemplary pro(cid:173)
`cessing sequence in the case where the mobile computer
`initiates communications at a visited site and then changes
`a location in the mobile communication system of FIG. 2.
`FIGS. SA and 8B are diagrams showing exemplary secu- 25
`rity policy databases for the mobile computer and the
`correspondent host according to IPSEC that can be used in
`the mobile communication system of FIG. 2.
`FIGS. 9A, 9B, 9C and 9D are diagrams showing exem(cid:173)
`plary security association databases for the mobile computer 30
`and the correspondent host according to IPSEC that can be
`used in the mobile communication system of FIG. 2.
`FIG. 10 is a sequence chart showing an exemplary pro(cid:173)
`cessing sequence in the case where the correspondent host
`initiates a packet transmission to the mobile computer in the 35
`mobile communication system of FIG. 2.
`FIG. 11 is a block diagram showing an exemplary internal
`configuration of the mobile computer in the mobile com(cid:173)
`munication system of FIG. 2.
`FIG. 12 is a block diagram showing an exemplary internal 40
`configuration of the DNS server in the mobile communica(cid:173)
`tion system of FIG. 2.
`FIG. 13 is a block diagram showing an exemplary internal
`configuration of the correspondent host in the mobile com-
`munication system of FIG. 2.
`
`45
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`Referring now to FIG. 1 to FIG. 13, one embodiment of 50
`a mobile communication scheme according to the present
`invention will be described in detail.
`First, the major features of the present invention are
`briefly summarized as follows.
`As described above, in the conventional Mobile IP
`scheme, it is necessary to provide routers called home agents
`for supporting mobile computers. And as a result of this fact,
`there are cases involving triangular routes in the communi(cid:173)
`cations between a mobile computer and the other host where
`only a packet from the other host to the mobile computer is
`transmitted via the home agent. For these reasons, there have
`been drawbacks that the mobile communications are criti(cid:173)
`cally dependent on a reliability of the home agent, and that
`a policy control at a time of passing a firewall at the entrance
`of an enterprise network becomes difficult.
`In the mobile communication scheme of the present
`invention, the mobile computer transmits a packet from a
`
`US 6,904,466 Bl
`
`5
`
`6
`visited site network to a correspondent by encapsulating an
`inner packet having a home address as an original source
`address within an outer packet having a current location
`address as a source address. The correspondent which
`received this encapsulated packet recognizes the source
`addresses of the outer and inner packets of the encapsulated
`packet as the current location address and the home address
`of the mobile computer, respectively, so that the correspon(cid:173)
`dent can transmit a packet to the mobile computer thereafter
`10 by encapsulating an inner packet having the home address as
`a final destination address within an outer packet having the
`current location address as a destination address.
`Also, in this scheme, when the current location address of
`the mobile computer is changed to a new address, the mobile
`computer notifies the change of the own current location
`address to the correspondent by setting the new current
`location address as the source address of the outer packet of
`the encapsulated packet. Upon receiving this encapsulated
`packet, the correspondent can continue communications by
`20 changing only the destination address of the outer packet to
`the new current location address in the encapsulated packets
`to be transmitted thereafter.
`On the other hand, when the own current location address
`is changed to a new address, the mobile computer also
`notifies the new current location address to a computer
`management device that manages the home address and the
`current location address of this mobile computer, and the
`computer management device updates the current location
`address of this mobile computer accordingly. In this case, a
`host that wishes to originate a call to the mobile computer
`sends a query to the computer management device, and if the
`current location address and the home address of the mobile
`computer are obtained as a response, this host transmits a
`packet to the mobile computer thereafter by encapsulating
`an inner packet having the home address as a final destina(cid:173)
`tion address within an outer packet having the current
`location address as a destination address similarly as
`described above.
`In this way, the mobile communications of the mobile
`computer can be realized without any need for special
`routers such as home agents required in the Mobile IP
`scheme, and without any possibility for generating a trian(cid:173)
`gular route.
`Also, in the mobile communication scheme according to
`the present invention, it is possible to utilize the IPSEC (IP
`security protocol) tunnel, for example, as follows.
`When the mobile computer obtains the current location
`address (Care-of address) at a visited site network, the
`mobile computer generates the IPSEC tunnel having this
`current location address as a tunnel termination endpoint,
`and carries out communications through this tunnel by
`encapsulating a packet using the home address.
`When the mobile computer moves, the Care-of address is
`55 changed so that the termination endpoint of the IPSEC
`tunnel also changes, but it is possible to guarantee the
`mobility without interrupting the session by notifying the
`changed IPSEC tunnel terminal endpoint to the IPSEC
`module of the correspondent and changing the tunnel ter-
`60 mination address in a security related database. Also, the
`DNS (Domain Name System) is expanded to provide an
`entry indicating a correspondence between the home address
`and the current Care-of address, such that when this entry
`indicates that the mobile computer is moving, a fixed host
`65 that wishes to originate a call to the moving mobile com(cid:173)
`puter transmits a packet having the corresponding Care-of
`Address as the IPSEC tunnel destination to the mobile
`
`0013
`
`
`
`US 6,904,466 Bl
`
`15
`
`30
`
`7
`computer so as to construct the IPSEC tunnel to the correct
`tunnel termination endpoint, and thereby realizes the routing
`control to the correct current location without using a home
`agent, while maintaining the security of communication for
`a call that terminates to the mobile computer from the fixed 5
`host.
`Thus according to the present invention, the mobile
`computer uses a security protocol on the IP layer while
`leaving from the home network, and changes the tunnel
`termination endpoint according to that protocol at a time of
`moving, such that it becomes easily possible to change a
`connected location on the IP network without requiring the
`use of a home agent, while providing a sufficient level of
`security. In addition, it also becomes possible to easily
`resolve a moved location of the mobile computer even in the
`case of communication for a call that terminates to the
`mobile computer from the other computer, by registering the
`tunnel termination endpoint information of the IP layer
`security protocol in the DNS, so that it becomes possible to
`transfer packets to the correct moved location. In this way,
`it is possible to construct a Mobile IP system that is far more
`easier to introduce compared with the conventional Mobile
`IP system.
`Now, one embodiment of the mobile communication
`scheme according to the present invention will be described
`in further detail with referenc
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
