公开(公告)号：GB2442044B

公开(公告)日：2010-12-08

申请号：GB0609256

申请日：2006-05-11

Applicant: ERICSSON L M OY ,  ERICSSON TELEFON AB L M

Inventor： JOKELA PETRI ,  MELEN JAN ,  YLITALO JUKKA ,  VUOPIONPERA RAIMO

IPC: H04L9/00

Abstract: A method of establishing a Host Identity Protocol session between first and second Host Identity Protocol enabled hosts, where at least said second host is located behind a reverse-proxy. The method comprises providing the reverse-proxy with Diffie-Hellman public keying material of the second host, sending said Diffie-Hellman public keying material from the reverse-proxy to the first host as part of the Host Identity Protocol base exchange procedure, this material being bound to the Host Identity of the reverse-proxy for the purpose of the Host Identity Protocol session, and, at the first host, using the Host Identity of the reverse-proxy as the correspondent Host Identity for the Host Identity Protocol session, and, at the second host, using the Host Identity of the reverse-proxy as the originating Host Identity for the Host Identity Protocol session.

公开(公告)号：CA2369652C

公开(公告)日：2008-12-09

申请号：CA2369652

申请日：2000-03-07

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER HARRI TAPANI ,  JOKELA PETRI ,  KUPARINEN MARTTI ,  VUOPIONPERA RAIMO

IPC: H04L12/56 ,  H04L12/28 ,  H04W12/06

Abstract: A method of authenticating a mobile wireless terminal (9) in a mobile telecommunications network, the terminal (9) being a subscriber of an Internet Service Provider (ISP) (11) rather than of a mobile network. The terminal (9) is allocated an International Mobile Identity (IMI) which is transmitted from the terminal (9) to a mobile network when th e terminal (9) wishes to register with the network. A country code part and an operator ID part of the IMI are used by the network to determine the Internet Protocol (IP) address of the terminal's home ISP (11), which is then contacted by the network over the Internet to authenticate the mobile terminal (9).

公开(公告)号：GB2442044A8

公开(公告)日：2011-02-23

申请号：GB0609256

申请日：2006-05-11

Applicant: ERICSSON L M OY ,  ERICSSON TELEFON AB L M

Inventor： JOKELA PETRI ,  MELEN JAN ,  YLITALO JUKKA ,  VUOPIONPERA RAIMO

Abstract: A method of establishing a Host Identity Protocol session between first and second Host Identity Protocol enabled hosts, where at least said second host is located behind a reverse-proxy. The method comprises providing the reverse-proxy with Diffie-Hellman public keying material of the second host, sending said Diffie-Hellman public keying material from the reverse-proxy to the first host as part of the Host Identity Protocol base exchange procedure, this material being bound to the Host Identity of the reverse-proxy for the purpose of the Host Identity Protocol session, and, at the first host, using the Host Identity of the reverse-proxy as the correspondent Host Identity for the Host Identity Protocol session, and, at the second host, using the Host Identity of the reverse-proxy as the originating Host Identity for the Host Identity Protocol session.

公开(公告)号：DE60006088D1

公开(公告)日：2003-11-27

申请号：DE60006088

申请日：2000-03-07

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER TAPANI ,  JOKELA PETRI ,  KUPARINEN MARTTI ,  VUOPIONPERA RAIMO

IPC: H04L12/56 ,  H04W12/06 ,  H04L12/28 ,  H04L29/06 ,  H04Q7/38

Abstract: A method of authenticating a mobile wireless terminal 9 in a mobile telecommunications network, the terminal 9 being a subscriber of an Internet Service Provider (ISP) 11 rather than of a mobile network. The terminal 9 is allocated an International Mobile Identity (IMI) which is transmitted from the terminal 9 to a mobile network when the terminal 9 wishes to register with the network. A country code part and an operator ID part of the IMI are used by the network to determine the Internet Protocol (IP) address of the terminal's home ISP 11, which is then contacted by the network over the Internet to authenticate the mobile terminal 9.

公开(公告)号：GB2442044B8

公开(公告)日：2011-02-23

申请号：GB0609256

申请日：2006-05-11

Applicant: ERICSSON TELEFON AB L M

Inventor： JOKELA PETRI ,  MELEN JAN ,  YLITALO JUKKA ,  VUOPIONPERA RAIMO

IPC: H04L9/00

Abstract: A method of establishing a Host Identity Protocol session between first and second Host Identity Protocol enabled hosts, where at least said second host is located behind a reverse-proxy. The method comprises providing the reverse-proxy with Diffie-Hellman public keying material of the second host, sending said Diffie-Hellman public keying material from the reverse-proxy to the first host as part of the Host Identity Protocol base exchange procedure, this material being bound to the Host Identity of the reverse-proxy for the purpose of the Host Identity Protocol session, and, at the first host, using the Host Identity of the reverse-proxy as the correspondent Host Identity for the Host Identity Protocol session, and, at the second host, using the Host Identity of the reverse-proxy as the originating Host Identity for the Host Identity Protocol session.

公开(公告)号：AT252798T

公开(公告)日：2003-11-15

申请号：AT00910782

申请日：2000-03-07

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER HARRI TAPANI ,  JOKELA PETRI ,  KUPARINEN MARTTI ,  VUOPIONPERA RAIMO

IPC: H04L12/56 ,  H04W12/06 ,  H04L12/28 ,  H04L29/06 ,  H04Q7/38

Abstract: A method of authenticating a mobile wireless terminal 9 in a mobile telecommunications network, the terminal 9 being a subscriber of an Internet Service Provider (ISP) 11 rather than of a mobile network. The terminal 9 is allocated an International Mobile Identity (IMI) which is transmitted from the terminal 9 to a mobile network when the terminal 9 wishes to register with the network. A country code part and an operator ID part of the IMI are used by the network to determine the Internet Protocol (IP) address of the terminal's home ISP 11, which is then contacted by the network over the Internet to authenticate the mobile terminal 9.

公开(公告)号：AU5435600A

公开(公告)日：2000-12-28

申请号：AU5435600

申请日：2000-05-31

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER HARRI ,  JOKELA PETRI ,  VUOPIONPERA RAIMO

IPC: H04L12/66 ,  H04L12/28 ,  H04L12/46 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  H04M15/00 ,  H04M17/00 ,  H04W8/26 ,  H04W12/00 ,  H04W80/00 ,  H04W80/04 ,  H04Q7/38

Abstract: A method of authorising an Internet Protocol (IP) enabled mobile host (1) to access the Internet (2) via a wireless LAN, GSM, or UMTS access network (3) comprises initially sending an IP access request from the mobile host (1) to an IP router (5) within the access network (3). In response to receipt of said access request at the IP router (5), an IP address routing prefix is sent from the IP router (5) to the mobile host (1). Electronic cash is then forwarded from the mobile hose (1) to a control point (6) within the access network (3). The control point (6) confirms the authenticity and/or sufficiency of the electronic cash and, providing that confirmation is made, sends an authorisation message to the IP router (5). The IP router (5) blocks the transmission of IP packets between the mobile host (1) and the Internet (2) prior to receipt of the authorisation message and permits the passage of IP packets only after an authorisation message has been received.

公开(公告)号：GB2442044A

公开(公告)日：2008-03-26

申请号：GB0609256

申请日：2006-05-11

Applicant: ERICSSON L M OY ,  ERICSSON TELEFON AB L M

Inventor： JOKELA PETRI ,  MELEN JAN ,  YLITALO JUKKA ,  VUOPIONPERA RAIMO

IPC: H04L9/00

Abstract: Utilising the normal Host Identity Protocol (HIP) it is difficult to establish a secure session with a host operating from behind a reverse proxy, such as a server in a web cluster. To overcome this the host sends its public key to the reverse proxy, which then binds the key to its own host identity (HI). An external host will then establish a communication link with the reverse proxy's HI using the original host's public key. The reverse proxy forwards these message to the original host, which deals with them in the normal fashion, except that replies are also directed to the reverse proxy's HI, with the reverse proxy forwarding the communication after replacing the original host's signature with its own. This arrangement allows the establishment of a secure HIP session between the hosts without the need for the reverse proxy to de/re-encrypt the communications.

公开(公告)号：DE60006088T2

公开(公告)日：2004-08-26

申请号：DE60006088

申请日：2000-03-07

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER TAPANI ,  JOKELA PETRI ,  KUPARINEN MARTTI ,  VUOPIONPERA RAIMO

IPC: H04L12/56 ,  H04W12/06 ,  H04L12/28 ,  H04L29/06 ,  H04Q7/38

Abstract: A method of authenticating a mobile wireless terminal 9 in a mobile telecommunications network, the terminal 9 being a subscriber of an Internet Service Provider (ISP) 11 rather than of a mobile network. The terminal 9 is allocated an International Mobile Identity (IMI) which is transmitted from the terminal 9 to a mobile network when the terminal 9 wishes to register with the network. A country code part and an operator ID part of the IMI are used by the network to determine the Internet Protocol (IP) address of the terminal's home ISP 11, which is then contacted by the network over the Internet to authenticate the mobile terminal 9.

公开(公告)号：CA2376527A1

公开(公告)日：2000-12-14

申请号：CA2376527

申请日：2000-05-31

Applicant: ERICSSON TELEFON AB L M

Inventor： VILANDER HARRI ,  VUOPIONPERA RAIMO ,  JOKELA PETRI

IPC: H04L12/66 ,  H04L12/28 ,  H04L12/46 ,  H04L12/56 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12 ,  H04M15/00 ,  H04M17/00 ,  H04W8/26 ,  H04W12/00 ,  H04W80/00 ,  H04W80/04 ,  H04Q7/38

Abstract: A method of authorising an Internet Protocol (IP) enabled mobile host (1) to access the Internet (2) via a wireless LAN, GSM, or UMTS access network (3) comprises initially sending an IP access request from the mobile host (1) to an IP router (5) within the access network (3). In response to receipt of sa id access request at the IP router (5), an IP address routing prefix is sent fr om the IP router (5) to the mobile host (1). Electronic cash is then forwarded from the mobile hose (1) to a control point (6) within the access network (3 ). The control point (6) confirms the authenticity and/or sufficiency of the electronic cash and, providing that confirmation is made, sends an authorisation message to the IP router (5). The IP router (5) blocks the transmission of IP packets between the mobile host (1) and the Internet (2) prior to receipt of the authorisation message and permits the passage of IP packets only after an authorisation message has been received.