IPSec SA consultation method and device

An initiator and responder technology, applied in the field of network security, can solve problems such as traffic interruption and instantaneous traffic jitter

Inactive Publication Date: 2012-10-31
NEW H3C TECH CO LTD
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0036] The present invention provides a method and device for IPSec SA negotiation, which is applied to the IPSec SA negotiation process in the fast mode of the second stage of IKE negotiation, aiming at solving the instantaneous Problems with traffic jitter or traffic interruption

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPSec SA consultation method and device
  • IPSec SA consultation method and device
  • IPSec SA consultation method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] In order to solve the problem of instantaneous traffic jitter or traffic interruption of the responder in the process of initial IPSec SA negotiation and re-negotiation in the prior art, the embodiment of the present invention provides an IPSec SA negotiation in the fast mode of the second phase of IKE negotiation method, which is executed by the responder of the negotiation. Such as figure 2 shown, including the following steps:

[0049] Step S202, after receiving the first message from the initiator, the responder generates and delivers the negotiated SA;

[0050] In the second phase of IKE negotiation, the initiator of the negotiation first sends the first message to the responder, which contains all the security parameters that need to be negotiated by the responder, for example, the protocol defined by the IPSec policy (AH, ESP) , encryption algorithm, authentication algorithm, etc., and also includes a hash summary that can be verified.

[0051] After receivin...

Embodiment 2

[0062] Such as image 3 As shown, in the quick mode of the second phase of IKE negotiation, the interaction process between the initiator and the responder when negotiating the IPSec SA for the first time can be as follows:

[0063] Step S302, the initiator of the IKE negotiation sends the first message to the responder of the negotiation;

[0064] Step S304, after receiving the first message, the responder selects a security parameter that matches itself according to the security parameter carried in the message, and generates an SA according to the selected security parameter;

[0065] Step S306, the responder sends the generated SA to IPSec;

[0066] Step S308, the responder sends a second message to the initiator, the message carrying the security parameters selected by the responder in step S304;

[0067] Step S310, after receiving the second message, the initiator generates an SA according to the security parameters selected by the responder carried in the message;

...

Embodiment 3

[0074] Such as Figure 4 As shown, in the quick mode of the second phase of IKE negotiation, the interaction process between the initiator and the responder when renegotiating the IPSec SA can be as follows:

[0075] Step S402, the soft timeout of the old SA triggers the initiator of the negotiation to renegotiate the IPSec SA;

[0076] Step S404, the initiator sends the first message to the negotiated responder;

[0077] Step S406, after receiving the first message, the responder selects a security parameter that matches itself according to the security parameter carried in the message, and generates a new SA according to the selected security parameter;

[0078] Step S408, the responder sends the generated new SA to IPSec;

[0079] Step S410, the responder sends a second message to the initiator, the message carrying the security parameters selected by the responder in step S406;

[0080] Step S412, after receiving the second message, the initiator generates a new SA accord...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an IPSec (Internet Protocol Security) SA (Security Association) consultation method and an IPSec SA consultation device. The method comprises the following steps: generating and issuing a consulted SA when a responder receives a first message sent by an initiator; replying a second message to the initiator by the responder; and when the responder receives the IPSec encrypted message which is sent by the initiator and encrypted by the consulted SA, or receives a third message sent by the initiator, carrying out data flow protection utilizing the consulted SA, wherein the first message, the second message and the third message are three messages which are used to complete the IPSec SA consultation by the initiator and the responder together in a fast mode. According to the invention, through changing the issuing time and effective time of responder's consulted SA, the problems of jitter or interruption of instant flows during the IPSec SA initial consultation or re-consultation process in the prior art are solved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an IPSec SA negotiation method and device. Background technique [0002] IPSec (IP Security, IP (Internet Protocol, Internet Protocol) security) is a framework protocol developed by IETF (Internet Engineering Task Force, Internet Engineering Task Force) to ensure the security and encryption performance of data transmitted on the Internet. IPSec is a three-layer tunnel encryption protocol that provides high-quality, interoperable, and cryptography-based security guarantees for data transmitted on the Internet. It is a traditional implementation of a three-layer VPN (Virtual Private Network, Virtual Private Network) network) security technology. Specific communication parties establish IPSec tunnels to transmit users' private data, and provide the following security services at the IP layer: [0003] Data Confidentiality: The IPSec sender encrypts the packets before tr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 王佩龙
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap