Method for providing virtual private network services to mobile node in IPv6 network and gateway using the same
First Claim
1. A method for providing VPN (virtual private network) services of a gateway in an IPv6 network, the method comprising:
- performing IKE (Internet key exchange) negotiation with an MN (mobile node) which has performed handover, acquiring SA (security association) and then authenticating a terminal of the MN;
receiving a BU (binding update) message from the MN and verifying the BU message, storing new position information of the MN, transmitting a BA (binding acknowledgement) message and performing mobility processing;
if the mobility processing is completed, performing IPsec processing on packets which the MN transmits to a CN (correspondent node), and transmitting the packets; and
re-configuring and transmitting packets so that packets which the CN transmits to a home address of the MN, can be transmitted to a CoA (Care-of-Address) of the MN.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a method for providing virtual private network (VPN) services to a mobile node (MN) in an IPv6 network and a gateway using the same. The method includes: performing IKE (Internet key exchange) negotiation with an MN (mobile node) which has performed handover, acquiring SA (security association) and then authenticating a terminal of the MN; receiving a BU (binding update) message from the MN and verifying the BU message, storing new position information of the MN, transmitting a BA (binding acknowledgement) message and performing mobility processing; if the mobility processing is completed, performing IPsec processing on packets which the MN transmits to a CN (correspondent node), and transmitting the packets; and re-configuring and transmitting packets so that packets which the CN transmits to a home address of the MN can be transmitted to a CoA (Care-of-Address) of the MN. A function performed by a home agent (HA) of Mobile IPv6 is performed so that IP mobility in VPN services can be provided and both mobility inside a VPN domain of the MN and mobility outside the VPN domain can be supported.
-
Citations
19 Claims
-
1. A method for providing VPN (virtual private network) services of a gateway in an IPv6 network, the method comprising:
-
performing IKE (Internet key exchange) negotiation with an MN (mobile node) which has performed handover, acquiring SA (security association) and then authenticating a terminal of the MN;
receiving a BU (binding update) message from the MN and verifying the BU message, storing new position information of the MN, transmitting a BA (binding acknowledgement) message and performing mobility processing;
if the mobility processing is completed, performing IPsec processing on packets which the MN transmits to a CN (correspondent node), and transmitting the packets; and
re-configuring and transmitting packets so that packets which the CN transmits to a home address of the MN, can be transmitted to a CoA (Care-of-Address) of the MN. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing VPN (virtual private network) services between a gateway and an MN (mobile node) in an IPv6 network in which the MN, a VPN gateway and a CN (correspondent node) are connected to one another, the method comprising:
-
providing SA (security association) after performing IKE (Internet key exchange) negotiation between the MN and the gateway;
transmitting a BU (binding update) message to which an IPsec tunnel header generated based on the SA is added, to the gateway using the MN;
performing IPsec processing and decrypting packets based on the SA using the gateway which has verified the BU message, and transmitting a BA (binding acknowledgement) message to the MN;
if IPsec processing is performed on packets which the MN transmits to the CN and the packets are transmitted to the gateway, transmitting the packets to the CN which is a destination, by referring to binding cache information using the gateway; and
re-configuring and transmitting packets so that packets which the CN transmits to a home address of the MN, can be transmitted to a Care-of-Address (CoA) of the MN using the gateway receiving the packets. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A gateway for providing VPN (virtual private network) services in an IPv6 network, the gateway comprising:
-
an IPsec engine module processing ESP (encapsulating security payload) and an authentication overhead to perform IPsec processing with communication with a MN (mobile node);
an encryption/decryption processing unit performing encryption/decryption processing and hash function processing used in IPsec and generating and verifying a message authentication code;
a VPN service module providing VPN services if authentication of the MN is successfully performed; and
a mobility processing &
management module performing processing of an address of the MN and packets to perform the VPN services and outputting the address of the MN and the packets to the VPN service module. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification