Networks have enhanced our ability to communicate and access information by allowing one personal computer to communicate over a network (or network connection) with another personal computer and/or other networking devices, using electronic messages. When transferring an electronic message between personal computers or networking devices, the electronic message will often pass through a protocol stack that performs operations on the data within the electronic message (e.g., packetizing, routing, flow control).
The first major version of addressing structure, Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6) is being deployed actively worldwide. The IPv6 network protocol provides that IPv6 hosts or host devices (e.g., image forming apparatuses and other devices) can configure themselves automatically (i.e., stateless address autoconfiguration) when connected to an IPv6 network using ICMPv6 neighbor discovery messages. When first connected to a network, an IPv6 host sends a link-local multicast neighbor solicitation request advertising its tentative link-local address for double address detection (dad) if no problem is encountered the host uses the link-local address.
In addition, it can be appreciated that most network interfaces come with an embedded IEEE Identifier (i.e., a link-layer MAC address), and in those cases, stateless address autoconfiguration (IPv6 protocol) uses the IEEE identifier to generate a 64-bit interface identifier. By design, the interface identifier is likely to be globally unique when generated in this fashion. The interface identifier is in turn appended to a prefix to form the 128-bit IPv6 address. The first-half 64 bits are allocated to a network prefix included in router advertisement (RA) from the router. The second-half 64 bits are allocated to a EUI-64 format interface ID as a 64-bit identifier decided by the IEEE. In the EUI-64 format interface ID, the Media Access Control address (MAC address) is encapsulated. In 64 bits of the entire interface ID, the first 24 bits are allocated to a number indicating a manufacturer administrated by the IEEE, the next 16 bits are allocated to “FFFE”, and the last 24 bits are allocated to an expanded identification number managed by the manufacturer.
It can be appreciated that any IPv6 capable device with stateless addressing including image forming apparatuses (e.g., Multi-Function Peripherals (MFP) and printers) typically will include a unique identifier or Media Access Control address (MAC address). The MAC address is assigned to network adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control protocol sublayer of the Internet Protocol Version 6 (IPv6). If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number. It can be appreciated that the MAC address can also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or physical address.
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. In addition, IPsec includes protocols for establishing mutual authentication between agents (or nodes) at the beginning of a session and negotiation of cryptographic keys to be used during the session. IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite, and can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). However, current protocols do not allow the enabling of an IPv6 IPsec communication between two nodes based on direct neighbor solicitations.
Accordingly, it would be desirable to have a method and system that facilitates enhancing security for a computer device by obtaining a link layer address of a target node using Neighbor Discovery unspecified solicitation to enable IPv6 IPsec communication between nodes and/or computer devices.