Virtual private network system

US 20040037260A1
Filed: 08/07/2003
Published: 02/26/2004
Est. Priority Date: 08/09/2002
Status: Abandoned Application

First Claim

Patent Images

1. A virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a private network, comprising:

a first mobile unit making a communication by fixedly holding the first address; and

a second unit obtaining a correspondence between the first address of said first unit and the second address for making a communication via the second network, and authenticating said first unit and forming a virtual private network between a communicating device accessing the first network and said second unit via the second network in a procedure for establishing a session that can be communicated even when said first unit moves.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A home agent (HA) is endowed with a gateway function having a security function of an enterprise network. A VPN is established beforehand between the home agent arranged in a communications carrier and a security gateway within the enterprise network, when a service contract is made between the communications carrier and the enterprise. As a result, co-located mode of a mobile node (MN) is used, and VPN information according to a security level of a network that accommodates the mobile node is distributed in a location registration procedure of a mobile IP, so that a VPN that effectively uses a tunnel set-up process of the mobile IP is configured.

124 Citations

31 Claims

1. A virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a private network, comprising:
- a first mobile unit making a communication by fixedly holding the first address; and
  
  a second unit obtaining a correspondence between the first address of said first unit and the second address for making a communication via the second network, and authenticating said first unit and forming a virtual private network between a communicating device accessing the first network and said second unit via the second network in a procedure for establishing a session that can be communicated even when said first unit moves.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The virtual private network system according to claim 1, further comprising a unit optimizing a communications path between said first unit and a node, when said first unit makes a communication with the node connected to the first network.
  - 3. The virtual private network system according to claim 1, wherein a virtual private network is established beforehand between said second unit and the first network.
  - 4. The virtual private network system according to claim 1, wherein a protocol that enables a mobile communication is a mobile IP.
  - 5. The virtual private network system according to claim 4, wherein said second unit notifies said first unit of information about a virtual private network, and establishes a virtual private network between said first unit and said second unit in a tunnel set-up procedure of the mobile IP between said first unit and said second unit itself.
  - 6. The virtual private network system according to claim 5, wherein co-located mode of said first unit is used to set the mobile IP, and to establish the virtual private network.
  - 7. The virtual private network system according to claim 6, wherein the second network is configured by a public network and a mobile communications network possessed by a communications carrier, and an IPinIP tunnel is set up between said first unit and said second unit if the mobile communications network accessed by said first unit is a secure access network.
  - 8. The virtual private network system according to claim 6, wherein the second network is configured by a public network and a mobile communications network possessed by a communications carrier, and an IPSec tunnel is set up between said first unit and said second unit if the mobile communications network accessed by said first unit is an insecure access network.
  - 9. The virtual private network system according to claim 6, wherein the second network is configured by a public network, a first mobile communications network possessed by a first communications carrier, and a second mobile communications network possessed by a second communications carrier, and an IPSec+UDP tunnel is set up between said first unit and said second unit when said first unit accesses the first network from the first mobile communications network via the second mobile communications network and the public network.
  - 10. The virtual private network system according to claim 1, wherein a fixed virtual private network is established beforehand between said second unit and the first network.

11. A home agent enabling a communication between a mobile node and a node connected to a private network according to a mobile IP, comprising:
- a unit establishing a virtual private network between the mobile node and the home agent;
  
  a unit authenticating an access of the mobile node; and
  
  a unit notifying the mobile node of information about the virtual private network, which is obtained from said authenticating unit.

12. A router enabling a communication between a mobile node and a node connected to a private network, comprising:
- a unit detecting a care-of-address or a domain of a location registration request transmitted from the mobile node; and
  
  a communications controlling unit causing a communication between the mobile node and the node to be made via the router with a communications protocol having low secrecy between the mobile node and the router if a detected care-of-address or domain indicates a network that can guarantee secrecy of a communication, or with a communications protocol having high secrecy between the mobile node and the router if the care-of-address indicates a network that cannot fully guarantee the secrecy of the communication.

13. A router enabling a communication between a mobile node and a node connected to a private network, comprising:
- a unit making a comparison between a care-of-address and a source address of a location registration request transmitted from the mobile node; and
  
  a communications controlling unit causing a communication between the mobile node and the node to be made via the router with a communications protocol having low secrecy between the mobile node and the router if the care-of-address does not indicate a predetermined communications carrier and matches the source address, or with a communications protocol having high secrecy between the mobile node and the router if the care-of-address mismatches the source address.
- View Dependent Claims (14)
- - 14. The router according to claim 13, wherein the communications protocol having high secrecy between the mobile node and the router is an IPSec+UDP tunnel.

15. A mobile node enabling a communication with a node connected to a private network, comprising:
- an obtaining unit obtaining information of a network to which the mobile node itself currently belongs; and
  
  a controlling unit performing a control to transmit a location registration request message to a private address of a router that manages a location of the mobile node if the obtained information of the network indicates a private network, to transmit a location registration request message to a global address of the router if the obtained information of the network indicates a predetermined communications carrier network, or to transmit a location registration request message including a request to set up a communications path having high secrecy to the global address of the router in other cases.
- View Dependent Claims (16)
- - 16. The mobile node according to claim 15, wherein the communications protocol having high secrecy between the mobile node and the router is an IPSec+UDP tunnel.

17. A mobile node in a system enabling a communication between a mobile node and a node connected to a private network, comprising:
- a unit setting up a tunnel for a mobile IP communication; and
  
  a unit setting up a tunnel for a communication of the private network in a set-up procedure of the tunnel for the mobile IP communication, wherein the mobile node makes a communication by using one tunnel for a communication, which serves both as a tunnel for a mobile IP communication and as a tunnel for a private network communication.
- View Dependent Claims (27)
- - 27. The communications controlling method according to claim 17, wherein a fixed virtual private network is established beforehand between the router and the first network.

18. A communications controlling method for use in a virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a first network, comprising:
- arranging a mobile node making a communication by fixedly holding a first address; and
  
  arranging a router which obtains a correspondence between the first address of the mobile node and the second address for making a communication via the second network, and authenticates the mobile node and forms a virtual private network between a communicating device accessing the first network and the router via the second network in a procedure for establishing a session that can be communicated even when the mobile node moves.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The communications controlling method according to claim 18, further comprising optimizing a communications path between the mobile node and a node when the mobile node makes a communication with the node connected to the first network.
  - 20. The communications controlling method according to claim 18, wherein a virtual private network is established beforehand between a home agent and the first network.
  - 21. The communications controlling method according to claim 18, wherein a protocol that enables a mobile communication is a mobile IP.
  - 22. The communications controlling method according to claim 21, wherein a home agent notifies the mobile node of information about a virtual private network, and establishes a virtual private network between the mobile node and the router in a mobile IP tunnel set-up procedure with the mobile terminal.
  - 23. The communications controlling method according to claim 21, wherein co-located mode of the mobile node is used to set the mobile IP, and to establish the virtual private network.
  - 24. The communications controlling method according to claim 22, wherein the second network is configured by a public network and a mobile communications network possessed by a communications carrier, and an IPinIP tunnel is set up between the home agent and the mobile node if the mobile communications network accessed by the mobile node is a secure access network.
  - 25. The communications controlling method according to claim 22, wherein the second network is configured by a public network and a mobile communications network possessed by a communications carrier, and an IPSec tunnel is set up between the home agent and the mobile node if the mobile communications network accessed by the mobile node is an insecure access network.
  - 26. The communications controlling method according to claim 22, wherein the second network is configured by a public network, a first mobile communications network possessed by a first communications carrier, and a second mobile communications network possessed by a second communications carrier, and an IPSec+UDP tunnel is set up between the router and the mobile node if the mobile node accesses the first network from the first mobile communications network via the public network to the second mobile communications network.

28. A communications controlling method for use in a router enabling a communication between a mobile node and a node connected to a private network, comprising:
- detecting a care-of-address of a location registration request transmitted from the mobile node; and
  
  causing a communication between the mobile node and the node to be made with a communications protocol having low secrecy if a detected care-of-address indicates an access network whose communication secrecy can be guaranteed by a communications carrier, or with a communications protocol having high secrecy if the detected care-of-address indicates an access network whose communication secrecy cannot be fully guaranteed by a communications carrier.

29. A communications controlling method for use in a router enabling a communication between a mobile node and a node connected to a private network, comprising:
- making a comparison between a care-of-address and a source address of a location registration request transmitted from the mobile node; and
  
  causing a communication between the mobile node and the node to be made with a communications protocol having low secrecy if the care-of-address matches the source address, or with a communications protocol having high secrecy if the care-of-address mismatches the source address.

30. A communications controlling method for use in a mobile node enabling a communication with a node connected to a private network, comprising:
- obtaining information of a network to which the mobile node itself currently belongs; and
  
  performing a control to transmit a location registration request message to a private address of a router that manages a location of the mobile node if the obtained information of the network indicates a private network, a control to transmit a location registration request message to a global address of the router if the obtained information of the network indicates an access network of a communications carrier that makes a mutual connection contract with the private network, or a control to transmit a location registration request message including a request to set up a communications path having high secrecy to the global address of the home agent in other cases.

31. A communications controlling method for use in a mobile node in a system enabling a communication between a mobile node and a node connected to a private network according to a mobile IP, comprising:
- setting up a tunnel for a mobile IP communication; and
  
  setting up a tunnel for a communication of the private network in a set-up procedure of the tunnel for the mobile IP communication, wherein the mobile node makes a communication with one tunnel for a communication, which serves both as a tunnel for a mobile IP communication and as a tunnel for a private network communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Taniguchi, Hiroyuki, Yamamura, Shinya, Kakemizu, Mitsuaki, Wakameda, Hiroshi

Application Number

US10/637,057
Publication Number

US 20040037260A1
Time in Patent Office

Days
Field of Search
US Class Current

370/338
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 63/0272   Virtual private networks

H04W 4/06   Selective distribution of b...

H04W 76/20   Manipulation of established...

H04W 8/04   Registration at HLR or HSS ...

H04W 80/04   Network layer protocols, e....

Virtual private network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

124 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links