Virtual private network system
First Claim
1. A virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a private network, comprising:
- a first mobile unit making a communication by fixedly holding the first address; and
a second unit obtaining a correspondence between the first address of said first unit and the second address for making a communication via the second network, and authenticating said first unit and forming a virtual private network between a communicating device accessing the first network and said second unit via the second network in a procedure for establishing a session that can be communicated even when said first unit moves.
1 Assignment
0 Petitions
Accused Products
Abstract
A home agent (HA) is endowed with a gateway function having a security function of an enterprise network. A VPN is established beforehand between the home agent arranged in a communications carrier and a security gateway within the enterprise network, when a service contract is made between the communications carrier and the enterprise. As a result, co-located mode of a mobile node (MN) is used, and VPN information according to a security level of a network that accommodates the mobile node is distributed in a location registration procedure of a mobile IP, so that a VPN that effectively uses a tunnel set-up process of the mobile IP is configured.
-
Citations
31 Claims
-
1. A virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a private network, comprising:
-
a first mobile unit making a communication by fixedly holding the first address; and
a second unit obtaining a correspondence between the first address of said first unit and the second address for making a communication via the second network, and authenticating said first unit and forming a virtual private network between a communicating device accessing the first network and said second unit via the second network in a procedure for establishing a session that can be communicated even when said first unit moves. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A home agent enabling a communication between a mobile node and a node connected to a private network according to a mobile IP, comprising:
-
a unit establishing a virtual private network between the mobile node and the home agent;
a unit authenticating an access of the mobile node; and
a unit notifying the mobile node of information about the virtual private network, which is obtained from said authenticating unit.
-
-
12. A router enabling a communication between a mobile node and a node connected to a private network, comprising:
-
a unit detecting a care-of-address or a domain of a location registration request transmitted from the mobile node; and
a communications controlling unit causing a communication between the mobile node and the node to be made via the router with a communications protocol having low secrecy between the mobile node and the router if a detected care-of-address or domain indicates a network that can guarantee secrecy of a communication, or with a communications protocol having high secrecy between the mobile node and the router if the care-of-address indicates a network that cannot fully guarantee the secrecy of the communication.
-
-
13. A router enabling a communication between a mobile node and a node connected to a private network, comprising:
-
a unit making a comparison between a care-of-address and a source address of a location registration request transmitted from the mobile node; and
a communications controlling unit causing a communication between the mobile node and the node to be made via the router with a communications protocol having low secrecy between the mobile node and the router if the care-of-address does not indicate a predetermined communications carrier and matches the source address, or with a communications protocol having high secrecy between the mobile node and the router if the care-of-address mismatches the source address. - View Dependent Claims (14)
-
-
15. A mobile node enabling a communication with a node connected to a private network, comprising:
-
an obtaining unit obtaining information of a network to which the mobile node itself currently belongs; and
a controlling unit performing a control to transmit a location registration request message to a private address of a router that manages a location of the mobile node if the obtained information of the network indicates a private network, to transmit a location registration request message to a global address of the router if the obtained information of the network indicates a predetermined communications carrier network, or to transmit a location registration request message including a request to set up a communications path having high secrecy to the global address of the router in other cases. - View Dependent Claims (16)
-
-
17. A mobile node in a system enabling a communication between a mobile node and a node connected to a private network, comprising:
-
a unit setting up a tunnel for a mobile IP communication; and
a unit setting up a tunnel for a communication of the private network in a set-up procedure of the tunnel for the mobile IP communication, wherein the mobile node makes a communication by using one tunnel for a communication, which serves both as a tunnel for a mobile IP communication and as a tunnel for a private network communication. - View Dependent Claims (27)
-
-
18. A communications controlling method for use in a virtual private network system, which controls a communication with a second address, is connected to a first network, and makes a communication via a second network with a first address used in the first network being a first network, comprising:
-
arranging a mobile node making a communication by fixedly holding a first address; and
arranging a router which obtains a correspondence between the first address of the mobile node and the second address for making a communication via the second network, and authenticates the mobile node and forms a virtual private network between a communicating device accessing the first network and the router via the second network in a procedure for establishing a session that can be communicated even when the mobile node moves. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
28. A communications controlling method for use in a router enabling a communication between a mobile node and a node connected to a private network, comprising:
-
detecting a care-of-address of a location registration request transmitted from the mobile node; and
causing a communication between the mobile node and the node to be made with a communications protocol having low secrecy if a detected care-of-address indicates an access network whose communication secrecy can be guaranteed by a communications carrier, or with a communications protocol having high secrecy if the detected care-of-address indicates an access network whose communication secrecy cannot be fully guaranteed by a communications carrier.
-
-
29. A communications controlling method for use in a router enabling a communication between a mobile node and a node connected to a private network, comprising:
-
making a comparison between a care-of-address and a source address of a location registration request transmitted from the mobile node; and
causing a communication between the mobile node and the node to be made with a communications protocol having low secrecy if the care-of-address matches the source address, or with a communications protocol having high secrecy if the care-of-address mismatches the source address.
-
-
30. A communications controlling method for use in a mobile node enabling a communication with a node connected to a private network, comprising:
-
obtaining information of a network to which the mobile node itself currently belongs; and
performing a control to transmit a location registration request message to a private address of a router that manages a location of the mobile node if the obtained information of the network indicates a private network, a control to transmit a location registration request message to a global address of the router if the obtained information of the network indicates an access network of a communications carrier that makes a mutual connection contract with the private network, or a control to transmit a location registration request message including a request to set up a communications path having high secrecy to the global address of the home agent in other cases.
-
-
31. A communications controlling method for use in a mobile node in a system enabling a communication between a mobile node and a node connected to a private network according to a mobile IP, comprising:
-
setting up a tunnel for a mobile IP communication; and
setting up a tunnel for a communication of the private network in a set-up procedure of the tunnel for the mobile IP communication, wherein the mobile node makes a communication with one tunnel for a communication, which serves both as a tunnel for a mobile IP communication and as a tunnel for a private network communication.
-
Specification