The present invention supports a secure transmissions protocol for information packet transmission between a Mobile Node and a Foreign Agent. The information packets are encrypted and decrypted using an integrated software client that combines mobile IP communication support and encrypting and decrypting protocols.

Since the Mobile IP is defined under the assumption that a mobile node roams between networks conforming to the same communications protocols, mobile communications between IPv4 and IPv6 are not possible. Further, a translation of the location registration messages also requires translating the format between different protocol layers. To solve this problem, a mobile proxy apparatus 2 is provided between a home network 1a and a foreign network 1b governed by different communications protocols. The mobile proxy apparatus 2 has a DNS-ALG function, a translator function and a Mobile IP function, and, by combining these functions, performs address translation and format translation on Mobile IP messages and user packets. The MN4 has Mobile IPv4 and Mobile IPv6 functions and executes communication suitable for the communications protocol governing the network to which it moves.

A method and system for managing security material and security services, and for securely distributing them in a distributed database system where one or multiple distributed applications operate on distributed data. One database hosted by database server contains master version of the security data of databases hosted by database servers. The database hosted by database server has a global view of the security material for managing security of the other databases. A special database is responsible of providing security services to application database of a database server. The system and method control application programs access to data of a database in a database server, and also facilitates the security management issues of complex database topologies, such as multitier hierarchies or multi-master topologies.

A method and apparatus for managing a mobile Internet protocol (IP) using network address translation (NAT) in a mobile network are provided. The method includes periodically receiving an agent information message from an agent on a network, and checking a connection to a home network or a foreign network. If a connection to the home network is determined based on the agent information message, a global IP address received from the agent of the home network and local IP addresses set a plurality of hosts included in the mobile network are registered, and communication with the home network is performed through conversion between the registered global IP address and each of the registered local IP addresses. If a connection to the foreign network is determined based on the agent information message, a temporary IP address is received from the agent of the foreign network. The temporary IP address is registered with the local IP addresses set at the hosts, and communication with the foreign network is performed through conversions between the registered temporary IP address and each of the registered local IP addresses.

A Security Association establishment negotiation technique includes forwarding identifying information from a Mobile Node via a first interface to a first network element. Negotiations are then initiated between the first network element and a second network element serving as a proxy for the Mobile Node via a second interface to establish a Security Association between the Mobile Node and the first network element, the second network element utilizing previously stored Security Association parameters of the Mobile Node. Upon agreement between the first network element and the second network element with regard to the Security Association parameters, the first network element forwards the agreed-upon Security Association parameters to the Mobile Node via the first interface. The first network element may include a Home Agent, a Correspondent Node or a Agent, and the first interface may include a wireless interface to forward information between the Mobile Node and the first network element. The first network element may also include a first gateway connected to it. The first gateway may include a AAA (Authentication, Authorization, and Accounting) server. The second network element may include a second gateway and an Subscriber database/Authentication Center, and the second gateway may be connected to the Subscriber database/Authentication Center. The second gateway may also include a AAA server.