Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)

A quantum key and secret key technology, applied in the field of virtual private network, can solve the problems of complex processing process and difficult to effectively improve the update frequency of IPSecSA session key

Active Publication Date: 2015-05-27
SHANDONG INST OF QUANTUM SCI & TECH +1
View PDF3 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Moreover, in the prior art, there is usually no mechanism for reading the quantum key in the key exchange protocol of IPSec VPN, or the quantum key is used to participate in the negotiation process of the first phase ISAKMP SA, or the quantum key is combined with IKE Negotiation keys are combined (for example, combined in an XOR mode) as a session key, and the processing process is relatively complicated, making it difficult to effectively improve the update frequency of the session key in the second-stage IPSec SA, and the prior art has not Make a clear description of the negotiation process of quantum keys exchanged between IPSec VPN and quantum devices

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)
  • Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)
  • Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0081] see image 3 , an embodiment of the present invention provides a method for supporting a quantum key as a session key in an IPSec VPN, which includes initiating an IPSec VPN gateway, responding to an IPSec VPN gateway, a first quantum key management terminal, and a second quantum key management terminal , the method includes:

[0082] Step 1. Initiate and respond to the IPSec VPN gateway to carry out ISAKMP SA negotiation, and establish ISAKMP SA, which is the shared strategy and key used by gateways to establish IPSec SA;

[0083] Step 2. Initiate and respond to the IPSec VPN gateway to conduct IPSec SA negotiation, and establish IPSec SA, which is a shared policy and key used to protect the security of data communication between gateways, wherein the quantum key and IKE negotiation key are processed in parallel Negotiation, the quantum key is used as the first session key for priority use, and the IKE negotiation key is used as the second session key; moreover, the i...

Embodiment 2

[0131] Such as Figure 12 As shown, the embodiment of the present invention provides a kind of IPSec VPN system, and this system comprises initiation IPSec VPN gateway and response IPSec VPN gateway, the first quantum key management terminal and the second quantum key management terminal, it is characterized in that:

[0132] The initiating IPSec VPN gateway is used to initiate and respond to the ISAKMP SA negotiation and IPSec SA negotiation of the IPSec VPN gateway, wherein the negotiation of the quantum key and the IKE negotiation key is processed in parallel, and according to the negotiation parameters, the first quantum key management terminal is requested and Obtain the quantum key, use the quantum key as the first session key for priority use, and use the IKE negotiation key as the second session key;

[0133] Responding to the IPSec VPN gateway, used to respond to the ISAKMP SA negotiation and IPSec SA negotiation initiated by the initiating IPSec VPN gateway, wherein ...

Embodiment 3

[0145] see Figure 12a , the embodiment of the present invention provides an IPSec VPN gateway, which is used to expand the use of quantum keys between an IPSec VPN system and at least one other IPSec VPN gateway, and the IPSec VPN gateway includes:

[0146] The key negotiation IKE module is used for traditional IKE key negotiation with at least one other IPSec VPN gateway and related parameter negotiation when expanding the use of quantum keys, wherein the negotiation of quantum keys and IKE negotiation keys is processed in parallel, and quantum encryption The key is used as the first session key for priority use, and the IKE negotiation key is used as the second session key, and the established IPSec SA is sent to the IPSec protocol stack module;

[0147] A quantum key interaction module, configured to request and obtain a quantum key from the quantum key management terminal according to the negotiation parameters;

[0148] The IPSec protocol stack module is used to receive...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for extended use of quantum keys in an IPSec VPN (internet protocol security-virtual private network) system. The IPSec VPN system comprises at least two IPSec VPN gateways including an initiating IPSec VPN gateway and a responding IPSec VPN gateway as well as corresponding quantum key management terminals. The method comprises steps as follows: through parallel processing of negotiation of the quantum keys and IKE (internet key exchange) negotiated keys, the quantum keys are taken as first session keys for preferential use, and the IKE negotiated keys are taken as second session keys for safety communication. Besides, the invention further provides the corresponding IPSec VPN gateway, the quantum key management terminals and the IPSec VPN system. The quantum keys are taken as the session keys through extended use, so that the session key updating frequency is greatly increased and the safety communication performance of conventional IPSec VPN is guaranteed under the condition that an original IPSec VPN is compatible.

Description

technical field [0001] The present invention relates to the virtual private network (IPSec VPN) of the Internet security protocol, and in particular provides a method for expanding the use of quantum keys in the IPSec VPN, an IPSec VPN gateway, a quantum key management terminal and an IPSec VPN system. Background technique [0002] The Internet Key Exchange (IKE) protocol provides keys for the secure communication of IPSec VPN, and its key exchange process is divided into two stages, such as figure 1 shown. In the first phase of the exchange, the initiator and the responder negotiate to establish an Internet Security Association and Key Management Protocol (ISAKMP) Security Association (SA), that is, ISAKMP SA, which is used by the negotiating parties to establish IPSec SA Share policy and key, use this SA to protect the negotiation process of IPSec SA; in the second phase of exchange, the communication parties use the first phase of ISAKMP SA negotiation to establish IPSec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/08
CPCH04L9/0852H04L12/4641H04L63/0272H04L63/164
Inventor 李霞赵梅生周雷赵波
Owner SHANDONG INST OF QUANTUM SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com