Abstract: Disclosed are a method for constructing a virtual private network, a method for packet forwarding, and a gateway apparatus using the methods. A method for constructing a virtual private network, according to an example embodiment of the present invention, may comprise receiving a first tunnel connection request from the lower gateway, and transmitting a permission message for the first tunnel connection request to the lower gateway; transmitting a second tunnel connection request to the upper gateway, and receiving a permission message for the second tunnel connection request from the upper gateway; and generating a second tunnel, and storing information about the second tunnel in a tunnel routing table.

Abstract: Disclosed are a logical network separation method and apparatus. The logical network separation method includes generating a first hash key on the basis of address information included in a service request packet, generating hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the same hash key as the first hash key is not in the hash table, and generating the policy about the reception of the service response packet corresponding to the service request packet on the basis of a destination of the service request packet. Accordingly, it is possible to block a cyber attack such as hacking, a malicious program, etc.

Abstract: Disclosed is a method for providing mobile virtual private network (VPN) services. An operation method of a group and tunnel manager (GTM) for providing mobile VPN services includes receiving a first message for registering information of a VPN group from a gateway, generating tunnel information between the GTM and the gateway based on the first message, and transmitting a packet based on the tunnel information. Accordingly, a private address may be used even in a mobile VPN, and therefore a VPN site may be configured even in an environment where a public address is difficult to use, or a flexible VPN site may be configured.

Abstract: In a plurality of virtual tunnel routers including a first virtual tunnel router and a second virtual tunnel router, the first virtual tunnel router and the second virtual tunnel router request virtual network prefix information from a tunnel mapping controller. When the tunnel mapping controller generates virtual network prefix information of the first virtual tunnel router and the second virtual tunnel router, respectively, and transmits the same along with information of a list of adjacent virtual tunnel routers, the first virtual tunnel router and the second virtual tunnel router create a tunnel. With the tunnel established, the virtual network prefix information received by the first virtual tunnel router and second virtual tunnel router, respectively, is linked so that direct communication can be performed between the first virtual tunnel router and the second virtual tunnel router.

Abstract: Disclosed are a network apparatus and an operating method thereof. The network apparatus includes: a security authentication module that executes security authentication of a distributed denial of service (DDoS) attack when a predetermined packet requests access to a particular service server to which the security authentication is applied, at the time of inputting the predetermined packet; and a communication module that transmits the predetermined packet security-authenticated by the security authentication module through a transmission route of the particular service server, so as to easily defend the DDoS attack by using a pseudo state of a service procedure.

Abstract: A system for providing a video conference service is provided. The system includes a Multipoint Processor (MP) configured to process media occurring during a video conference so as to allow the processed media to be transmitted/received between user terminals; and one or more Multipoint Controller (MC) configured to control a session of a user terminal participating in a multi-participant video conference, wherein the MP and the MC are separate from each other.

Abstract: The invention relates to a method and an apparatus for controlling seamless handover between heterogeneous networks based on IPv6 over IPv4 tunneling. When IPv6 service is provided using tunneling in an IPv4 based network environment, handover of a mobile terminal between different networks is achieved through switching of an active tunnel and a standby tunnel, and thus handover between different networks is facilitated and data loss is prevented to secure continuity of service provided to the mobile terminal even when the mobile terminal hands over to a heterogeneous network.

Abstract: In order to select a conference processing device to host a video conference between conference participation devices, a video conference system selects conference processing devices that are positioned most adjacent to each of conference participation devices that participate in the video conference as candidates for a conference processing device. The video conference system forms network topology based on candidate conference processing devices and conference participation devices, and aligns candidate conference processing devices based on preset alignment reference information. The video conference system selects one of the aligned candidate conference processing devices as an optimal conference processing device to host the video conference.

Abstract: A method for configuring a closed user network (CUN) using an IP tunneling mechanism and a CUN system are disclosed. In particular, disclosed is a technique of establishing a tunnel between a tunnel end edge device (TEED) and a control server by using an IP tunneling mechanism to allow terminals connected to the TEED to perform communications by using a closed IP, enabling the TEED to provide a network address translation (NAT) function so that the TEED can perform data forwarding like a general NAT, without performing tunneling on a destination IP outside the closed IP section, to perform communication, and allowing a terminal located in an area where the TEED is not provided to directly establish a tunnel with the control server by using a client software to thereby perform communications with a terminal or a server connected to the TEED by using the closed IP.

Abstract: The present invention relates to tunneling an IPv6 packet through an IPIv4 network. In using a tunneling method upon transmitting an IPv6 packet in an IP network, when destination nodes desired to be communicated are located within the same IPv6 prefix network, IPv6 prefix information is added for the management of a tunnel entry. Hence, tunneling information on terminals located within the same IPv6 prefix network can be managed as one tunnel entry. Accordingly, the time consumed when retrieving a tunnel entry can be reduced.

Abstract: An apparatus and method for supporting a portable mobile VPN service are provided. The method accesses a public network to generate a security tunnel, maps the generated security tunnel and a VPN address, stands by for authentication of a mobile terminal which desires to access a VPN, authenticates a mobile terminal which desires to access the VPN, and assigns an internal address which is used in the VPN according to the authentication result.

Abstract: Provided is a method of establishing a user centric virtual network. The method includes: performing a first tunneling operation between a first tunnel end and an address translation device, which are connected to a first private network, and a tunnel relay device; performing a second tunneling operation between a second tunnel end and an address translation device, which are connected to a second private network, and the tunnel relay device; and performing a third tunneling operation between the tunnel relay device and an end client, wherein a virtual IP is allocated to each of the first and second tunnel ends, the address translation devices, the end client, and the tunnel relay device; and each of the first to third tunneling operations connects routing information on the virtual IP to a corresponding tunnel.

Abstract: Disclosed are a system for managing virtual private networks (VPNs) includes: terminals configured to transmit user data; a manager configured to transmit information for concealing networks and managing the VPNs; border gateways configured to decrypt the user data and perform a network address translation (NAT) procedure and a filtering procedure on the decrypted user data based on the information; and servers configured to receive the user data subjected to the NAT procedure and the filtering procedure, wherein the filtering procedure is a procedure discarding the user data to be transferred to the servers that are not allowed so as to allow the terminals to access only the allowed servers, the NAT procedure is a procedure changing an Internet protocol (IP) address used in a first network to an IP address used in a second network, and the first network and the second network are different networks.

Abstract: A virtual tunnel router, an IP camera management server, and a location-based Internet protocol (IP) camera service are provided. Without complex equipment, a direct communication between a user terminal and an IP camera is established based on virtual IP, and thus control of the IP camera is very simple and a user is allowed to directly access the IP camera at any time and any place.

Abstract: Disclosed are a method and a system for receiving multicast data without using a tunnel in a tunneling-based mobility network architecture, and a mobile terminal thereof. By providing a method for receiving multicast data in a tunneling-based mobility network architecture receiving multicast data over a multicast-enabled Internet protocol (IP) network by switching a path before tunneling and thereby transmitting a corresponding channel reception request message to a corresponding visit network when a transmission packet of a mobile terminal is a channel reception request message in a heterogeneous visit network, and at the same time, guaranteeing mobility of the mobile terminal by tunneling a corresponding transmission packet to a care-of-address of a visit network being currently visited when the transmission packet is not the channel reception request message, there are provided a method and a system for receiving multicast data via a visit network without using an existing tunnel.

Abstract: Provided is a radio frequency identification (RFID) tag device. The RFID tag device includes memory which stores ID information and a second count value, and a certification unit which performs a certification process according to a keyed hash value received from the outside and a result of a comparison between first and second count values received from the outside, and adjusts the second count value.

Abstract: In a plurality of virtual tunnel routers including a first virtual tunnel router and a second virtual tunnel router, the first virtual tunnel router and the second virtual tunnel router request virtual network prefix information from a tunnel mapping controller. When the tunnel mapping controller generates virtual network prefix information of the first virtual tunnel router and the second virtual tunnel router, respectively, and transmits the same along with information of a list of adjacent virtual tunnel routers, the first virtual tunnel router and the second virtual tunnel router create a tunnel. With the tunnel established, the virtual network prefix information received by the first virtual tunnel router and second virtual tunnel router, respectively, is linked so that direct communication can be performed between the first virtual tunnel router and the second virtual tunnel router.

Abstract: The invention relates to a method and an apparatus for controlling seamless handover between heterogeneous networks based on IPv6 over IPv4 tunneling. When IPv6 service is provided using tunneling in an IPv4 based network environment, handover of a mobile terminal between different networks is achieved through switching of an active tunnel and a standby tunnel, and thus handover between different networks is facilitated and data loss is prevented to secure continuity of service provided to the mobile terminal even when the mobile terminal hands over to a heterogeneous network.

Abstract: A method for configuring a closed user network (CUN) using an IP tunneling mechanism and a CUN system are disclosed. In particular, disclosed is a technique of establishing a tunnel between a tunnel end edge device (TEED) and a control server by using an IP tunneling mechanism to allow terminals connected to the TEED to perform communications by using a closed IP, enabling the TEED to provide a network address translation (NAT) function so that the TEED can perform data forwarding like a general NAT, without performing tunneling on a destination IP outside the closed IP section, to perform communication, and allowing a terminal located in an area where the TEED is not provided to directly establish a tunnel with the control server by using a client software to thereby perform communications with a terminal or a server connected to the TEED by using the closed IP.

Abstract: Technology for forming a virtual private network (VPN) is provided. A VPN gateway that supports mobility with a connection node having a virtual home address (HoA) and a care of address (CoA) includes a mobility support unit, a data security unit, and a virtual address converter. When a packet is transferred from the connection node, the mobility support unit sustains a binding relationship between a home address (HoA) of the connection node and the changed CoA, and processes a mobility tunnel for the packet, thereby generating a first conversion packet. The data security unit performs a security test of the first conversion packet. The virtual address converter converts the HoA of the connection node, which is a source address of the first conversion packet in which the security test is complete, to a private network internal address that can be used in the VPN, thereby generating a second conversion packet.