`Ishiyama et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,904,466 Bl
`Jun.7,2005
`
`111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006904466B 1
`
`(54) MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`(75)
`
`Inventors: Masahiro Ishiyama, Tokyo (JP);
`Atsushi Inoue, Kanagawa (JP)
`
`(73) Assignee: Kabushiki Kaisha Toshiba, Kawasaki
`(JP)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`Network Working Group, Request for Comments 2401 (pp.
`1-66); Request for Comments 2402 (pp. 1-22); Request for
`Comments 2403 (pp. 1-7); Request for Comments 2404 (pp.
`1-7); Request for Comments 2405 (pp. 1-10); Request for
`Comments 2406 (pp. 1-22); Request for Comments 2407
`(pp. 1-32); Request for Comments 2408 (pp. 1-86); Request
`for Comments 2409 (pp. 1-41); Request for Comments
`2410 (pp. 1-6); Request for Comments 2411 (1-11);
`Request for Comments 2412 (pp. 1-55); Ipsec Base Speci(cid:173)
`fication, Nov. 1998.
`
`* cited by examiner
`
`(21) Appl. No.: 09/573,189
`
`(22) Filed:
`
`May 19,2000
`
`(30)
`
`Foreign Application Priority Data
`
`Primary Examiner-Aria Etienne
`Assistant Examiner---Hussein El-chanti
`(74) Attorney, Agent, or Firm-Foley & Lardner LLP
`
`May 20, 1999
`
`(JP) ........................................... 11-140373
`
`(57)
`
`ABSTRACT
`
`Int. Cl? ........................ G06F 15/16; G06F 15/173
`(51)
`(52) U.S. Cl. ....................... 709/245; 709/224; 709/228;
`709/207
`(58) Field of Search ................................. 709/206-207,
`709/203, 223-224, 228, 238, 242, 245,
`204, 205
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,088,725 A * 7/2000 Kondo eta!. ............... 709/220
`6,496,704 B2 * 12/2002 Yuan .......................... 455/466
`
`FOREIGN PATENT DOCUMENTS
`
`JP
`JP
`
`09-214516
`10-051449
`
`8/1997
`2/1998
`
`01HER PUBLICATIONS
`
`Network Working Group, Request for Comments 2002,
`Mobil IP Spec., Oct. 1996, pp. 15-79.
`Network Working Group, Request for Comments 2136,
`Dynamic DNS Update, Apr. 1997, pp. 1-21.
`
`The disclosed mobile communication scheme enables easy
`change of a connected location of a mobile computer on the
`IP network when the mobile computer leaves its home
`network, without requiring the use of a home agent, while
`providing a sufficient level of security. The mobile computer
`transmits a packet from a visited site network to a corre(cid:173)
`spondent by encapsulating an inner packet having a home
`address as an original source address within an outer packet
`having a current location address as a source address. The
`correspondent which received this encapsulated packet rec(cid:173)
`ognizes the source addresses of the outer and inner packets
`of the encapsulated packet as the current location address
`and the home address of the mobile computer, respectively,
`so that the correspondent can transmit a packet to the mobile
`computer thereafter by encapsulating an inner packet having
`the home address as a final destination address within an
`outer packet having the current location address as a desti(cid:173)
`nation address.
`
`16 Claims, 9 Drawing Sheets
`
`:n
`(1) SA G
`ENERA: ON BY KEY
`MANAGEMENT PROTOCOL
`
`(2) ~~rc: CoAl I ESP
`
`Dst : CN
`
`SPI=cl
`
`II Src: Haddr
`
`Dst; CN
`
`I II
`
`(3)1SreoCN
`
`Dst: CoAl SPI-ml
`
`IESP LIISreoCN
`, Dst: Haddr Ill
`
`(MOVED TO N2 : CoA2 ACQUIRED)
`
`(4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`(5) SA Gateway Update Haddr: CoAl-coAl
`
`(6) lFrc: CoA21 ~SP
`
`Dst : CN
`
`SPl=cl
`
`II Src: Haddr
`
`Dst : CN
`
`I II
`
`(7)1~""CN .Iss• ,lls,..:cN
`, Dst : Haddr I II
`
`Dst: CoA2 SPI=ml
`
`Ex. 1005
`Apple v. MPH Techs. Oy
`IPR2019-00821
`
`0001
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 1 of 9
`
`US 6,904,466 Bl
`
`FIG. 1
`PRIOR ART
`
`.,....-
`,.'
`,
`
`/
`
`/
`
`/
`
`I
`
`I
`
`NETWORK 101c
`'
`'
`'
`'
`
`-....
`_I
`.... ..! ....
`
`'
`
`I
`I
`I
`I
`I
`I
`\ CORRESPONDENT
`\HOST (CH) 103
`' ' ' ' '
`
`I
`\
`
`....
`
`........
`
`--------
`
`\
`\
`I
`I
`I
`I
`
`1-----.,
`
`I
`I
`I
`I
`I
`
`I
`
`I
`
`I
`
`_,
`_,
`
`NETWORK 10lb
`' I
`-.... ,,
`,.~~--
`',
`/ MOBILE
`',
`COMPUTER 102
`\
`
`- - - - - - ....
`
`/
`
`/
`I
`I
`I
`I
`
`\
`\
`I
`\
`
`\
`I
`I
`,
`
`I
`I
`I
`
`'
`,
`
`I
`
`, , , , , , , ,
`----------,'-- ---
`:
`
`I
`
`I
`I
`I
`I
`-----,--:i'i:------......_---.,.--
`
`~~~=---
`
`REGISTRATION
`,___
`MESSAGE ------------ -
`-----.·~~-~
`I
`I
`I
`
`'
`
`\
`
`----
`
`---
`
`I
`
`I
`
`J
`
`\
`
`\
`
`'
`
`'
`
`',
`.........
`
`.... _
`
`.... ,
`
`I
`·~~
`, (
`---------.,. I I
`I
`I
`I
`I
`I
`I
`I
`, .. ..I
`
`----
`
`---
`
`'-.
`-.,
`' ,
`',
`-~---
`\
`l
`I
`,
`1
`,/
`_,.,
`_____ .,
`
`I
`-.., - - - -
`·'
`r
`' '
`MOBILE
`'............... HOME AGENT 105
`COMPUTER 102
`---
`................ _ (HA)
`------
`---
`-------,------------
`(HOME) NETWORK 101 a
`
`/~,-~
`
`I
`
`- - -
`
`----
`
`,,.""
`
`,
`, '
`
`I
`
`/
`1
`I
`I
`\
`
`0002
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 2 of 9
`
`US 6,904,466 Bl
`
`FIG. 2
`
`- - - - - - - - -
`
`IPSEC TUNNEL
`
`NETWORK lc
`,
`r"'
`'..{ .... ,
`' ' '
`
`,,' ....
`,
`
`/
`
`I
`
`I
`
`I
`I
`I
`I
`I
`\CORRESPONDENT
`\HOST (CH) 3
`
`\
`
`\
`
`\
`
`' ' ......
`' .... ,_ -------
`
`LOCATION
`QUERY
`
`-------
`
`-----
`
`NETWORK lb
`' \
`~ ...... ----- ---
`
`I
`
`~~"'
`
`' .... , ... ...
`' ' ' ' ' \
`
`\
`
`\
`MOBll..E
`COMPUTER 2~
`
`. :
`
`I
`I
`I
`I
`I
`
`'
`'
`I
`,
`. - -_ !_ __ _ ____,',,REGISTRATION:
`.,./
`................. _
`• .................
`'
`I
`~
`4
`------ -~
`-- ............ ,
`:
`.... --
`'
`----- ',
`
`I
`
`I
`I
`I
`
`I
`I
`
`'
`
`' ,
`
`---(cid:173)
`
`,•
`I
`
`/1
`
`,./
`
`- - - - - - -
`
`- - - - -
`
`-
`
`.... _
`
`---
`
`r-
`1 - , - - - - -
`I
`,'r""
`MOBILE
`COMPUTER __ _,-
`
`-----T-----------------
`NETWORK la
`
`1
`I
`
`0003
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 3 of 9
`
`US 6,904,466 Bl
`
`FIG. 3
`
`23
`
`22
`
`COMPUTER 2,3
`
`21
`
`FIG. 4
`
`IPSEC
`TUNNEL
`
`CORRESPONDENT
`HOST 3
`(ADDRESS=CN)
`
`0004
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 4 of 9
`
`US 6,904,466 Bl
`
`FIG. 5
`
`____ ...._.__ __
`
`HOME ADDRESS
`RESOURCE RECORD
`'
`r
`
`DOMAIN NAME
`
`AAAA
`
`HAAAA
`
`FIG. 6
`
`6
`
`2
`
`CoAl
`
`NETWORK Nl
`
`,.------,
`I 2
`I
`r .........
`1
`~---r--.J
`I
`I
`: CoA2
`I
`
`NETWORK N2
`
`0005
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 5 of 9
`
`US 6,904,466 Bl
`
`FIG. 7
`
`MN
`
`CN
`
`(1) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(2)
`
`Src: CoAl ESP
`SPI=cl
`Dst: CN
`
`I Src: Haddr
`
`Dst: CN
`
`I I
`
`(3)
`
`ESP
`Src: CN
`Dst: CoAl SPI=ml
`
`I Src: CN
`, Dst: Haddr I I
`
`(MOVED TO N2 : CoA2 ACQUIRED)
`
`( 4) REGISTER CoA2 INTO DNS SERVER
`USING Dynamic DNS Update
`
`(5) SA Gateway Update Haddr: CoAI~CoA2
`
`I
`I
`I
`I
`I
`I
`:
`I
`I
`
`' I
`
`I
`I
`
`(6) Src: CoA2 ESP
`Dst: CN
`SPI=cl
`
`Dst: CN
`
`I Src: Haddr I I
`I I
`
`ESP
`(7) Src: CN
`Dst: CoA2 SPI=ml
`
`I Src: CN
`
`. Dst: Haddr
`
`0006
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 6 of 9
`
`US 6,904,466 Bl
`
`FIG. 8A
`
`FIG. 8B
`
`MN
`ID
`SPMl
`
`SPM2
`
`field
`src
`dst
`SA
`src
`dst
`SA
`
`value
`Haddr
`CN
`SAMl
`CN
`Haddr
`SAM2
`
`CN
`ID
`SPCl
`
`SPC2
`
`field
`src
`dst
`SA
`src
`dst
`SA
`
`value
`CN
`Haddr
`SACl
`Haddr
`CN
`SAC2
`
`FIG. 9A
`
`FIG. 9B
`
`MN
`ID
`SAMl
`
`SAM2
`
`field
`value
`dst
`CN
`proto ESP
`mode
`tunnel
`SPI
`c1
`dst
`CoAl
`proto ESP
`mode
`tunnel
`SPI
`ml
`
`CN
`ID
`SACI
`
`SAC2
`
`field
`value
`dst
`CoAl
`proto ESP
`tunnel
`mode
`SPI
`ml
`dst
`CN
`proto ESP
`mode
`tunnel
`SPI
`cl
`
`FIG. 9C
`
`FIG. 9D
`
`MN
`ID
`SAMI
`
`SAM2
`
`value
`field
`CN
`dst
`proto ESP
`mode
`tunnel
`SPI
`cl
`dst
`CoA2
`proto ESP
`mode
`tunnel
`SPI
`ml
`
`CN
`ID
`SACl
`
`SAC2
`
`value
`field
`CoA2
`dst
`proto ESP
`tunnel
`mode
`SPI
`ml
`dst
`CN
`proto ESP
`tunnel
`mode
`cl
`SPI
`
`0007
`
`
`
`U.S. Patent
`
`Jun.7,2005
`
`Sheet 7 of 9
`
`US 6,904,466 Bl
`
`FIG. 10
`
`MN
`
`CN
`(1) OBTAIN AAAA (CoAl)
`& HAAAA (Haddr) OF
`MN USING DNS
`
`/
`(3) SA GENERATION BY KEY
`MANAGEMENT PROTOCOL
`
`(2) NOTIFICATION
`
`(4)
`
`ESP
`Src: CN
`Dst: CoAl SPI=ml
`
`I Src: CN
`
`. Dst: Haddr
`
`(5) Src: CoAl ESP
`Dst: CN
`SPI=cl
`
`I I
`I Src: Haddr I I
`
`Dst: CN
`
`0008
`
`
`
`FIG 11
`
`'
`
`/""""' 111
`DECAPSULATION
`UNIT
`
`110
`)
`COMMUNICATION INTERFACE I
`I
`_.,--" 113
`/"""' 116
`ENCAPSULATION t---
`CURRENT LOCATION
`UNIT
`ADDRESS MANAGEMENT
`UNIT
`
`1
`
`118
`f
`CRYPTOSYSTEM PARAMETER
`SETIING UNIT
`
`..----112
`DECRYPTION
`UNIT
`
`r-"114
`ENCRYPTION
`UNIT
`
`I
`
`PACKET COMMUNICATION
`UNIT
`I
`
`J
`115
`
`FIG. 12
`
`117
`)
`HOME ADDRESS
`MEMORY
`
`COMMUNICATION UNIT
`
`DNS CONTROLLER
`
`DNS MEMORY
`
`120
`
`121
`
`122
`
`CRYPTOSYSTEM
`PARAMETER
`MEMORY
`
`----119
`
`!
`
`I
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`~ = ?
`N c c
`
`~-..J
`
`Ul
`
`'JJ. =(cid:173)~
`
`~
`00
`0 ......,
`'0
`
`e
`
`rJ'l
`0'1
`\o
`Q
`~
`~
`0'1
`0'1
`~
`1--"
`
`0009
`
`
`
`130
`)
`COMMUNICATION INTERFACE I
`,..,. 133
`,-/136
`ENCAPSULATION
`MOBILE COMPUTER
`ADDRESS MANAGEMENT
`UNIT
`UNIT
`
`,.-131
`DECAPSULATION
`UNIT
`
`-
`
`~132
`DECRYPTION
`UNIT
`
`_.,--/ 134
`ENCRYPTION
`UNIT
`
`I
`
`PACKET COMMUNICATION
`UNIT
`
`135
`
`FIG. 13
`
`d •
`\Jl
`•
`~
`~ ......
`~ = ......
`
`137
`J
`CRYPTOSYSTEM PARAMETER
`SETIING UNIT
`
`1
`
`~ = ?
`N c c
`
`~-..J
`
`Ul
`
`CRYPTOSYSTEM
`PARAMETER
`MEMORY
`
`~138
`
`'JJ. =(cid:173)~
`~ .....
`'0
`0 ......,
`'0
`
`e
`rJ'l
`-..a-..
`\0
`Q
`~
`
`~ a-.. a-..
`
`~
`1--"
`
`0010
`
`
`
`US 6,904,466 Bl
`
`1
`MOBILE COMMUNICATION SCHEME
`WITHOUT HOME AGENTS FOR
`SUPPORTING COMMUNICATIONS OF
`MOBILE NODES
`
`BACKGROUND OF THE INVENTION
`
`2
`work lOlb and carries out the communication with another
`computer (correspondent host: CH) 103 located within the
`other network lOlc through the Internet 106. This is a
`scheme called Mobile IF which is currently in a process of
`5 being standardized by the mobile-IP working group of the
`IETF which is the standardizing organization for the Internet
`(see, IETF RFC 2002, IF mobility support (C. Perkins)).
`The Mobile IP scheme aims at providing the mobility on
`the IP layer by continually using the same IP address even
`10 when a physical connection point on the network is changed.
`This mobility is superior to the so called nomadicity which
`simply enables a node to move from one network to another,
`in the following two respects: a loss of a session due to
`moving can be avoided, and an IP address can be used as a
`15 node identifier. For this reason, the Mobile IP is expected to
`be a protocol that can strongly support the mobile comput-
`in g.
`However, in the Mobile IP scheme, it is necessary to
`provide routers called home agents in order to support
`mobile nodes as described above. Also, in the Mobile IP
`scheme, there are cases involving triangular routes in the
`communications between a mobile node and the other host
`where a packet from the other host to the mobile node is
`transmitted via the home agent while a packet from the
`mobile node to the other host is transmitted without passing
`through the home agent.
`These aspects of the Mobile IP scheme are expected to
`cause the following problems.
`First, the home agent must be connected to a permanently
`connected network, and the mobile node cannot carry out
`any communications if the home agent falls to function
`properly. These facts weaken the robustness of the mobile
`communications.
`Second, there is a mechanism called firewall which is
`indispensable in the current Internet environment, but the
`presence of a triangular route complicates the issue of
`firewall passing because the firewall cannot recognize a
`packet from the mobile node to the other host, for example.
`
`35
`
`1. Field of the Invention
`The present invention relates to a mobile computer device
`capable of carrying out communications while moving
`among a plurality of inter-connected networks, a computer
`management device for managing an address of the mobile
`computer, and a mobile computer device for carrying out
`cipher communications with the mobile computer, as well as
`a mobile communication method suitable for these devices.
`2. Description of the Background Art
`In conjunction with availability of computer systems in
`smaller sizes and lower costs and more enriched network
`environments, the use of computer systems has been rapidly 20
`expanded into a variety of fields, and there is also a transition
`from centralized systems to distributed systems. In this
`regard, in recent years, because of the advance and spread of
`the computer network technology in addition to the progress
`and improved performance of the computer system itself, it 25
`has become possible to realize not only a sharing of
`resources such as files and printers within an office but also
`communications (electronic mail, electronic news, file trans-
`fer etc.) with nodes or hosts outside of an office or
`organization, and these communications are now widely 30
`used.
`In particular, in recent years, the use of the world's largest
`computer network called "Internet" has become very
`popular, and there are new computer businesses for con-
`necting to the Internet and utilizing open information and
`services, or for providing information and services to exter(cid:173)
`nal users who make accesses through the Internet. In
`addition, new technology is developed in relation to the use
`of the Internet.
`Also, in conjunction with the spread of such networks,
`there are technological developments regarding the mobile
`computing. In the mobile computing, a user carries along a
`portable computer terminal and makes communications
`while moving over networks. In some cases, the user may 45
`change a location on a network while continuing the
`communication, so that there is a need for a scheme that
`manages a changing address of a mobile computer on a
`network during such a communication in order to route the
`communication content correctly.
`In general, in the case of realizing the mobile computing,
`a router (home agent) for managing the visiting site infor(cid:173)
`mation of the mobile computer is provided at a network
`(home network) to which the mobile computer belongs, and
`when the mobile computer is away from the home network, 55
`the mobile computer sends a registration message for indi(cid:173)
`cating a current location to this home agent. When this
`registration message is received, the transmission of data
`destined to the mobile computer is realized via the home
`agent of the mobile computer, by carrying out the data 60
`routing control with respect to the mobile computer by
`encapsulating an IP packet destined to an original address of
`the mobile computer within a packet destined to a current
`location address of the mobile computer.
`For example, in FIG. 1, this role is played by a home agent 65
`(HA) 105 when the mobile computer 102 that originally
`belongs to the home network lOla moves to another net-
`
`40
`
`SUMMARY OF THE INVENTION
`
`It is therefore an object of the present invention to provide
`a mobile communication scheme capable of easily changing
`a connected location of a mobile computer on the IP network
`when the mobile computer leaves its home network, without
`requiring the use of a home agent, while providing a
`sufficient level of security.
`According to one aspect of the present invention there is
`provided a method of mobile communications between a
`50 mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre(cid:173)
`spondent computer, the method comprising the steps of:
`transmitting a packet to the correspondent computer from
`the mobile computer located at a visited site network outside
`a home network of the mobile computer, by encapsulating an
`inner packet having a home address assigned to the mobile
`computer at the home network as a source address, within an
`outer packet having a current location address acquired at
`the visited site network as a source address; storing crypto(cid:173)
`system parameter information necessary in forming a tunnel
`for transferring an encapsulated packet by encrypting the
`inner packet, at the mobile computer and the correspondent
`computer; notifying a change of the current location address
`of the mobile computer from the mobile computer to the
`correspondent computer by setting a new current location
`address as the source address of the outer packet in the
`packet transmitted by the transmitting step; updating the
`
`0011
`
`
`
`US 6,904,466 Bl
`
`10
`
`3
`current location address used as a termination endpoint
`address of the tunnel in the cryptosystem parameter infor(cid:173)
`mation stored at the mobile computer into the new current
`location address, when the current location address is
`changed to the new current location address; managing
`source addresses of the outer packet and the inner packet of
`the encapsulated packet received from the mobile computer
`respectively as the current location address and the home
`address of the mobile computer at the correspondent com(cid:173)
`puter; and updating the current location address used as a
`termination endpoint address of the tunnel in the cryptosys(cid:173)
`tem parameter information stored at the correspondent com(cid:173)
`puter into the new current location address, when the change
`of the current location address to the new current location
`address is notified from the mobile computer.
`According to another aspect of the present invention there
`is provided a method of mobile communications between a
`mobile computer capable of carrying out communications
`while moving over inter-connected networks and a corre(cid:173)
`spondent computer, the method comprising the steps of:
`storing a current location address acquired by the mobile
`computer at a visited site network outside a home network
`of the mobile computer, and a home address assigned to the
`mobile computer at the home network, in correspondence to
`a host name of the mobile computer, at a computer man(cid:173)
`agement device; updating the current location address stored
`at the computer management device, according to a notifi(cid:173)
`cation regarding the current location address received from
`the mobile computer; making an inquiry about the mobile
`computer from the correspondent computer to the computer
`management device, before initiating a packet transmission
`to the mobile computer at the correspondent computer;
`returning a response from the computer management device
`in response to the inquiry for the current location address of
`the mobile computer and the home address of the mobile
`computer received from the correspondent computer; and
`transmitting a packet from, the correspondent computer to
`the mobile computer located at the visited site network, by
`encapsulating an inner packet having the home address as a
`destination address, within an outer packet having the cur(cid:173)
`rent location address as a destination address, when the
`current location address and the home address are obtained
`from the computer management device in response to the
`inquiry made by the correspondent computer.
`According to another aspect of the present invention there
`is provided a mobile computer device capable of carrying
`out communications while moving over inter-connected
`networks, the mobile computer device comprising: a packet
`transmission unit configured to transmit a packet to a
`correspondent computer from a visited site network outside
`a home network of the mobile computer device, by encap(cid:173)
`sulating an inner packet having a home address assigned to
`the mobile computer device at the home network as a source
`address, within an outer packet having a current location
`address acquired at the visited site network as a source
`address; a memory configured to store cryptosystem param(cid:173)
`eter information necessary in forming a tunnel for transfer(cid:173)
`ring an encapsulated packet by encrypting the inner packet;
`and a current location address management unit configured
`to notify a change of the current location address of the
`mobile computer device to the correspondent computer by
`setting a new current location address as the source address 60
`of the outer packet in the packet transmitted by the packet
`transmission unit, and to update the current location address
`used as a termination endpoint address of the tunnel in the
`cryptosystem parameter information stored in the memory
`into the new current location address, when the current 65
`location address is changed to the new current location
`address.
`
`4
`According to another aspect of the present invention there
`is provided a computer management device provided in
`inter-connected networks on which a mobile computer car(cid:173)
`ries out communications while moving over the inter-
`s connected networks, the computer management device com(cid:173)
`prising: a memory configured to store a current location
`address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer,
`and a home address assigned to the mobile computer at the
`home network, in correspondence to a host name of the
`mobile computer; and a management unit configured to
`update the current location address stored in the memory
`according to a notification regarding the current location
`address received from the mobile computer, and to respond
`to an inquiry for the current location address of the mobile
`15 computer and an inquiry for the home address of the mobile
`computer received from a correspondent computer of the
`mobile computer.
`According to another aspect of the present invention there
`is provided a correspondent computer device for carrying
`20 out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com(cid:173)
`prising: a memory configured to store cryptosystem param(cid:173)
`eter information necessary in forming a tunnel for transfer-
`2s ring an encapsulated packet with respect to the mobile
`computer; and a mobile computer address management unit
`configured to manage source addresses of an outer packet
`and an inner packet of the encapsulated packet received
`from the mobile computer respectively as a current location
`30 address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer at the home
`network, and to update the current location address used as
`a termination endpoint address of the tunnel in the crypto-
`35 system parameter information stored in the memory into a
`new current location address, when a change of the current
`location address to the new current location address is
`notified from the mobile computer.
`According to another aspect of the present invention there
`40 is provided a correspondent computer device for carrying
`out communications with a mobile computer which is
`capable of carrying out communications while moving over
`inter-connected networks, the correspondent computer com(cid:173)
`prising: a mobile computer address management unit con-
`45 figured to make an inquiry about the mobile computer to a
`computer management device that manages a current loca(cid:173)
`tion address acquired by the mobile computer at a visited site
`network outside a home network of the mobile computer and
`a home address assigned to the mobile computer device at
`50 the home network, before initiating a packet transmission to
`the mobile computer; and a packet transmission unit con(cid:173)
`figured to transmit a packet to the mobile computer located
`at the visited site network, by encapsulating an inner packet
`having the home address as a destination address, within an
`55 outer packet having the current location address as a desti(cid:173)
`nation address, when the current location address and the
`home address are obtained from the computer management
`device in response to the inquiry made by the mobile
`computer address management unit.
`It is also possible to provide computer usable medium
`having computer readable program codes for realizing any
`of the mobile computer device, the computer management
`device, and the correspondent computer device described
`above.
`Other features and advantages of the present invention
`will become apparent from the following description taken
`in conjunction with the accompanying drawings.
`
`0012
`
`
`
`5
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a schematic diagram for explaining a basic
`operation of the conventional Mobile IP scheme.
`FIG. 2 is a schematic diagram showing an exemplary
`configuration of a mobile communication system according
`to one embodiment of the present invention.
`FIG. 3 is a block diagram showing an exemplary basic
`configuration of a mobile computer and a correspondent host
`in the mobile communication system of FIG. 2.
`FIG. 4 is a schematic diagram for explaining operations in
`the case where the mobile computer changes a connected
`location in the mobile communication system of FIG. 2.
`FIG. 5 is a diagram showing an exemplary data format
`used in a DNS server in the mobile communication system 15
`of FIG. 2.
`FIG. 6 is a schematic diagram showing an exemplary
`situation in which mobile communications are carried out in
`the mobile communication system of FIG. 2.
`FIG. 7 is a sequence chart showing an exemplary pro(cid:173)
`cessing sequence in the case where the mobile computer
`initiates communications at a visited site and then changes
`a location in the mobile communication system of FIG. 2.
`FIGS. SA and 8B are diagrams showing exemplary secu- 25
`rity policy databases for the mobile computer and the
`correspondent host according to IPSEC that can be used in
`the mobile communication system of FIG. 2.
`FIGS. 9A, 9B, 9C and 9D are diagrams showing exem(cid:173)
`plary security association databases for the mobile computer 30
`and the correspondent host according to IPSEC that can be
`used in the mobile communication system of FIG. 2.
`FIG. 10 is a sequence chart showing an exemplary pro(cid:173)
`cessing sequence in the case where the correspondent host
`initiates a packet transmission to the mobile computer in the 35
`mobile communication system of FIG. 2.
`FIG. 11 is a block diagram showing an exemplary internal
`configuration of the mobile computer in the mobile com(cid:173)
`munication system of FIG. 2.
`FIG. 12 is a block diagram showing an exemplary internal 40
`configuration of the DNS server in the mobile communica(cid:173)
`tion system of FIG. 2.
`FIG. 13 is a block diagram showing an exemplary internal
`configuration of the correspondent host in the mobile com-
`munication system of FIG. 2.
`
`45
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`Referring now to FIG. 1 to FIG. 13, one embodiment of 50
`a mobile communication scheme according to the present
`invention will be described in detail.
`First, the major features of the present invention are
`briefly summarized as follows.
`As described above, in the conventional Mobile IP
`scheme, it is necessary to provide routers called home agents
`for supporting mobile computers. And as a result of this fact,
`there are cases involving triangular routes in the communi(cid:173)
`cations between a mobile computer and the other host where
`only a packet from the other host to the mobile computer is
`transmitted via the home agent. For these reasons, there have
`been drawbacks that the mobile communications are criti(cid:173)
`cally dependent on a reliability of the home agent, and that
`a policy control at a time of passing a firewall at the entrance
`of an enterprise network becomes difficult.
`In the mobile communication scheme of the present
`invention, the mobile computer transmits a packet from a
`
`US 6,904,466 Bl
`
`5
`
`6
`visited site network to a correspondent by encapsulating an
`inner packet having a home address as an original source
`address within an outer packet having a current location
`address as a source address. The correspondent which
`received this encapsulated packet recognizes the source
`addresses of the outer and inner packets of the encapsulated
`packet as the current location address and the home address
`of the mobile computer, respectively, so that the correspon(cid:173)
`dent can transmit a packet to the mobile computer thereafter
`10 by encapsulating an inner packet having the home address as
`a final destination address within an outer packet having the
`current location address as a destination address.
`Also, in this scheme, when the current location address of
`the mobile computer is changed to a new address, the mobile
`computer notifies the change of the own current location
`address to the correspondent by setting the new current
`location address as the source address of the outer packet of
`the encapsulated packet. Upon receiving this encapsulated
`packet, the correspondent can continue communications by
`20 changing only the destination address of the outer packet to
`the new current location address in the encapsulated packets
`to be transmitted thereafter.
`On the other hand, when the own current location address
`is changed to a new address, the mobile computer also
`notifies the new current location address to a computer
`management device that manages the home address and the
`current location address of this mobile computer, and the
`computer management device updates the current location
`address of this mobile computer accordingly. In this case, a
`host that wishes to originate a call to the mobile computer
`sends a query to the computer management device, and if the
`current location address and the home address of the mobile
`computer are obtained as a response, this host transmits a
`packet to the mobile computer thereafter by encapsulating
`an inner packet having the home address as a final destina(cid:173)
`tion address within an outer packet having the current
`location address as a destination address similarly as
`described above.
`In this way, the mobile communications of the mobile
`computer can be realized without any need for special
`routers such as home agents required in the Mobile IP
`scheme, and without any possibility for generating a trian(cid:173)
`gular route.
`Also, in the mobile communication scheme according to
`the present invention, it is possible to utilize the IPSEC (IP
`security protocol) tunnel, for example, as follows.
`When the mobile computer obtains the current location
`address (Care-of address) at a visited site network, the
`mobile computer generates the IPSEC tunnel having this
`current location address as a tunnel termination endpoint,
`and carries out communications through this tunnel by
`encapsulating a packet using the home address.
`When the mobile computer moves, the Care-of address is
`55 changed so that the termination endpoint of the IPSEC
`tunnel also changes, but it is possible to guarantee the
`mobility without interrupting the session by notifying the
`changed IPSEC tunnel terminal endpoint to the IPSEC
`module of the correspondent and changing the tunnel ter-
`60 mination address in a security related database. Also, the
`DNS (Domain Name System) is expanded to provide an
`entry indicating a correspondence between the home address
`and the current Care-of address, such that when this entry
`indicates that the mobile computer is moving, a fixed host
`65 that wishes to originate a call to the moving mobile com(cid:173)
`puter transmits a packet having the corresponding Care-of
`Address as the IPSEC tunnel destination to the mobile
`
`0013
`
`
`
`US 6,904,466 Bl
`
`15
`
`30
`
`7
`computer so as to construct the IPSEC tunnel to the correct
`tunnel termination endpoint, and thereby realizes the routing
`control to the correct current location without using a home
`agent, while maintaining the security of communication for
`a call that terminates to the mobile computer from the fixed 5
`host.
`Thus according to the present invention, the mobile
`computer uses a security protocol on the IP layer while
`leaving from the home network, and changes the tunnel
`termination endpoint according to that protocol at a time of
`moving, such that it becomes easily possible to change a
`connected location on the IP network without requiring the
`use of a home agent, while providing a sufficient level of
`security. In addition, it also becomes possible to easily
`resolve a moved location of the mobile computer even in the
`case of communication for a call that terminates to the
`mobile computer from the other computer, by registering the
`tunnel termination endpoint information of the IP layer
`security protocol in the DNS, so that it becomes possible to
`transfer packets to the correct moved location. In this way,
`it is possible to construct a Mobile IP system that is far more
`easier to introduce compared with the conventional Mobile
`IP system.
`Now, one embodiment of the mobile communication
`scheme according to the present invention will be described
`in further detail with referenc