Abstract: The present invention relates to a device and method that enable a security key to be shared using security key exchange between two terminals, and a system that supports the same. To achieve the above, an in-house generated public key is divided into two, said two public keys that have been divided are delivered to counterpart devices via different pathways, and the two public keys delivered from counterpart devices are used to predict the public key of the counterpart device. In addition, said predicted public key is verified, and said verified public key is used to form a master key. Subsequently, said generated master key is verified, and said master key that has been verified is used to exchange data with the counterpart device.

Abstract: An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system includes at least one first node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the created identification information with each second node in a secure negotiating process. Each second node creates identification information capable of identifying each secret key shared with each first node, and performs the secure negotiating process based on the secret keys corresponding to the identification information exchanged through the secure negotiating process. Thereby, secure communication complying with Security Architecture for the Internet Protocol (IPSec) can be implemented based on the secret keys in the IPv4/IPv6 integrated network system of a Network Address Translation-Protocol Translation (NAT-PT) environment.

Abstract: There is provided a bundle authentication system and method that can perform network access authentication and authentication at a service request in a next generation network utilizing a Bundled Authentication Key (BAK) generated by using an Extended Master Session Key (EMSK) that is an encryption key generated during access authentication.

Abstract: The present invention relates to a device and method that enable a security key to be shared using security key exchange between two terminals, and a system that supports the same. To achieve the above, an in-house generated public key is divided into two, said two public keys that have been divided are delivered to counterpart devices via different pathways, and the two public keys delivered from counterpart devices are used to predict the public key of the counterpart device. In addition, said predicted public key is verified, and said verified public key is used to form a master key. Subsequently, said generated master key is verified, and said master key that has been verified is used to exchange data with the counterpart device.

Abstract: There is provided a bundle authentication system and method that can perform network access authentication and authentication at a service request in a next generation network utilizing a Bundled Authentication Key (BAK) generated by using an Extended Master Session Key (EMSK) that is an encryption key generated during access authentication.

Abstract: An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system includes at least one first node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the created identification information with each second node in a secure negotiating process. Each second node creates identification information capable of identifying each secret key shared with each first node, and performs the secure negotiating process based on the secret keys corresponding to the identification information exchanged through the secure negotiating process. Thereby, secure communication complying with Security Architecture for the Internet Protocol (IPSec) can be implemented based on the secret keys in the IPv4/IPv6 integrated network system of a Network Address Translation-Protocol Translation (NAT-PT) environment.

Abstract: Provided are a system and method for allocating an Internet protocol version 4 (IPv4) address through authentication of a dual stack transition mechanism (DSTM) node in a DSTM communication network, DSTM being an IPv4/IPv6 address translation mechanism. The system and method perform authentication when an IPv4 address is allocated between a DSTM node and the DSTM server in the DSTM communication network. According to the system and method, when the DSTM node requests IPv4 address allocation, the DSTM server authenticates the DSTM node, and then allocates an IPv4 address. Therefore, it is possible to solve a problem of exhaustion of an IPv4 address pool of the DSTM server by a denial of service (DoS) attack, as well as potentially solve a security problem of an IPv4/IPv6 translation process.

Abstract: A method for providing end-to-end security service in a communication network having an NAT-PT function comprises: performing security negotiation between a first node included in a first communication network having the network address translation-protocol translation function and a second node included in a second communication network operating with a protocol different from the first communication network; storing protocol translation information generated when the security negotiation is performed in the first node; and performing security transmission between the first and second nodes using the stored protocol translation information. The method transmits the address translation information to the ends in advance, thereby being capable of applying the security service using the address information on transmitting the data between hosts in the communication network using the address translation method.