Mobile computer and method of packet encryption and...

Details Mobile computer and method of packet encryption and... Mobile computer and method of packet encryption and...

1997-10-16

2001-01-02

Swann, Tod R. (Department: 2767)

Electrical computers and digital processing systems: support

Multiple computer communication using cryptography

Particular node for directing data and applying cryptography

C380S029000, C380S029000, C380S044000, C713S154000, C713S160000, C713S161000, C705S065000, C705S067000, C705S073000

Utility Patent

active

06170057

ABSTRACT:

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a mobile computer capable of carrying out cipher communications while moving among inter-connected networks, and a method of packet encryption and authentication suitable for a mobile computing.
2. Description of the Background Art
In conjunction with availability of a computer system in smaller size and lower cost and a more enriched network environment, the use of computer system has been rapidly expanded into variety of fields, and there is also a transition from a centralized system to a distributed system. In this regard, in recent years, because of the advance and spread of the computer network technology in addition to the progress and improved performance of the computer system itself, it has become possible to realize not only a sharing of resources such as files and printers within an office but also communications (electronic mail, electronic news, file transfer etc.) with outside of an office or organization, and these communications are now widely used.
In particular, in recent years, the use of the world's largest computer network called Internet has become very popular, and there are new computer businesses for connecting to the Internet and utilizing open information and services, or for providing information and services to external users who make accesses through the Internet. In addition, new technological developments are made in relation to the use of the Internet.
Also, in conjunction with the spread of such networks, there are technological developments regarding the mobile computing. In the mobile computing, a user carries along a portable computer terminal and makes communications while moving over networks. In some cases, the user may change a location on a network while continuing the communication, so that there is a need for a scheme that manages a changing address of a mobile computer on a network during such a communication in order to route the communication content correctly.
Also, when the networks are wide spread and free connections among networks are realized so that huge amount of data and services can be exchanged, there arises a need to account for the problem of security.
For example, there is a problem as to how to prevent the leakage of the secret information of the organization to the external network, and there is also a problem as to how to protect resources and information connected to the domestic network. The Internet was developed originally for the academic purpose so that the primary concern was the free data and service exchanges by the network connections and the above described problem of security has not been accounted for.
However, in recent years, many corporations and organizations are connecting to the Internet so that there is a need for a mechanism to guard the own network in view of the above described problem of security.
To this end, there is a known scheme for use at a time of exchanging a data packet on the Internet, in which the content of the data packet is to be encrypted and an authentication code is to be attached before the transmission of the data packet to the external, and the authentication code is to be verified and the data packet is to be decrypted at a received site.
For example, the IETF (which is the standardizing organization for the Internet) specifies the encryption and authentication code attaching scheme for IP packets as the IP security standard (see, IETF RFC1825-1829). According to this scheme, even when an outsider user picks up the data packet on the external network, the leakage of data content can be prevented because the data content is encrypted, and therefore the safe communication can be realized.
A mutual cipher communication is possible between networks which are protected (guarded) by gateway computers that support such a cipher communication, and when the above described mobile computer itself supports a function of the packet encryption and decryption, a cipher communication between any gateways or a gateway and a mobile computer can be supported.
For example, in an exemplary case shown in
FIG. 1
, a mobile computer
2
that originally belongs to a home network
1
a
moves to another network
1
b
and carries out a cipher communication with another computer (CH: Correspondent Host)
3
in a network
1
c
, through gateways (data packet encryption and authentication devices)
4
a
and
4
c
that support the encryption/decryption function.
In general, in a case of realizing the mobile computing, a router (home agent) for managing data on a visiting site of the mobile computer is provided, and the transmission of data destined to the mobile computer is realized by sending it to the home agent of the mobile computer, and carrying out the data routing control with respect to the mobile computer by encapsulating an IP packet destined to an original address of the mobile computer within a packet destined to a current location address of the mobile computer. In
FIG. 1
, this role is played by a home agent (HA)
5
. This is a scheme called mobile IP which is currently in a process of being standardized by the mobile-IP working group of the IETF (see, IETF RFC2002, IP mobility support (C. Perkins)).
When this mobile IP scheme is used in combination with the above described data packet encryption of the IP security standard, a packet transfer route in
FIG. 1
will be as follows: correspondent host (CH)
3
→gateway
4
c
(where the packet is encrypted)→gateway
4
a
(where the packet is decrypted)→home agent (HA)
5
→gateway
4
a
(where the packet is encrypted again)→mobile computer
2
(where the packet is decrypted again).
Now, in such a case of using the mobile IP in combination with the packet encryption of the IP security standard, the security policy may change depending on a visiting network of the mobile computer.
For example, in another exemplary case shown in
FIG. 2
, suppose that the network
1
b
is operated by the same security policy as the home network
1
a
. Here, the same security policy for two networks means that, at the gateway of each network, the same packet encryption will be applied (or the packet encryption will not be applied) with respect to a communication between a computer within the own network and any correspondent host who is located outside these two networks.
When the mobile computer
2
moves to the network
1
b
that has the same security policy as the home network
1
a
, the same packet as that which would have been generated in a case of transmission within the home network
1
a
can be generated regardless of whether the packet encryption processing is carried out by the packet encryption function provided in the mobile computer
2
itself or by the gateway
4
b
. Consequently, in such a case, the control can be made simpler by not activating the packet encryption function within the mobile computer
2
and carrying out the packet encryption processing at the gateway
4
b
, as indicated by a lines
7
in
FIG. 2
, and this is also preferable from a viewpoint of the network management.
In contrast, in
FIG. 2
, suppose that the network
1
b
is operated by the security policy different from that of the home network
1
a.
When the mobile computer
2
moves to the network
1
b
that has the security policy different from that of the home network
1
a
, it is not possible to generate the encrypted packet which is equivalent to that which would have been generated in a case of transmission within the home network
1
a
unless the packet encryption function of the mobile computer
2
is used. Consequently, in such a case, in order to operate the mobile computer
2
that moved to the network
1
b
by the same security policy as that of the home network
1
a
, it is necessary to carry out the packet encryption processing by the packet encryption function of the mobile computer
2
itself, as indicated by lines
8
in FIG.
2
.
Moreover, as in a case shown in
FIG. 1
, when there is no gateway that has the packet encryption function at

Affiliated with

Also associated with

Rating

Mobile computer and method of packet encryption and... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Mobile computer and method of packet encryption and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mobile computer and method of packet encryption and... will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2496959