In future Internet Protocol Version 6 (IPv6) network environment, huge IP address space allows any electronic device (e.g. computer, mobile device, home appliance) to have its independent IP address, and each electronic device within an enterprise, company or home has its own IP address, thereby constituting a private network. Through parsing these IP addresses or domain names, a member of the private network can communicate with the private network via the Internet from any external user equipment and thus can control or monitor any electronic device on the private network and transfer information.
However, the information of a private network is private and sensitive, whereas the Internet is open. Members of the private network hate to see other person who does not belong to the private network accesses the private network via the Internet, acquires special information of the private network or even controls the electronic devices on the private network.
Also, members of the private network do not want to see that when they normally access the private network from an external network, related data is stolen or tampered maliciously as being transferred on the Internet. Therefore, there is a dire need for a scheme that is able to protect the private network from malicious attacks and to ensure members of the private network to securely access the private network via the Internet from an external network.
In the prior art, virtual private networks (VPN) can assume the task of transmitting private communication on public networks. Virtual private networks are classified as encrypted VPNs and non-encrypted VPNs. The latter's security relies on the trust on Internet service providers and the security and integrity of routing functionality. The encrypted VPNs usually use encrypted tunnels to connect two or more networks needing secure communication together, so that their communication transmitted on public networks is concealed from the outside. A good example of VPNs of such kind is Internet Protocol Security Virtual Private Network (IPsec VPN).
IPsec VPN technology can encrypt data and allow communication traffics to pass through the Internet securely. However, this scheme has the following problems:
1) Due to the uncertainty of the IP address on the IPsec client end, it is impossible to define a unique IP address-based pre-shared key when using an unknown client end's IP address to connect to the gateway;
2) A large amount of complex configuration work is involved on the access server end, and changes in related configurations might alter settings on the client end, thereby resulting in poor extensibility;
3) It is difficult and unnecessary for ordinary users to master a complex and professional parameter negotiation procedure which is involved during setting up IPsec tunnels;
4) The existing IPsec VPN scheme treats the IPsec client end as a part of a home network it needs to connect to, and complex attributes of the original home network need to be configured for remote users, which complexes the implementation of the scheme a lot and increases the cost.