IPSEC nesting strategy match correcting method

A verification method and strategy technology, applied in the field of information security in the field of information technology, can solve problems such as time-consuming and performance bottlenecks of IPSEC communication systems, and achieve the effect of improving efficiency and performance.

Inactive Publication Date: 2004-09-15
ZTE CORP
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Since the input and output process of IPSEC involves quite a lot of operations, and operations such as encryption and decryption are quite time-consuming
Therefore, for a system using IPSEC, IPSEC communication is likely to become the bottleneck of system performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPSEC nesting strategy match correcting method
  • IPSEC nesting strategy match correcting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The IPSEC nested policy matching verification method of the present invention will be specifically described below in conjunction with the embodiments. First define the relevant data structures of security association SA and security policy SP:

[0027] The security association SA includes the following fields: destination IP address (dest_ipaddr), security protocol (proto), security parameter index (spi), cryptographic algorithm and other parameters (crypto), and attribution security policy (sp).

[0028] The security policy SP includes the following fields: source IP address (source_ipaddr), destination IP address (dest_ipaddr), tunnel source IP address (tunnel_source_ipaddr), tunnel destination IP address (tunnel_dest_ipaddr), upper layer protocol (proto), corresponding security association (sa) , Outer security policy (out_sp).

[0029] Use a security association array to store the SA that operates on a data packet, and this array is SAG[].

[0030] N represents t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

For condition of multiple tunnel nest, associations are associated in format of doubly linked list or data array according to erosive precedence sequence. Based on content of data packet, strategy search is carried out. Strategy matching verification is carried out for each security strategy corresponding to a security association. The invention solves issue of strategy matching verification for IPSBC multiple tunnel-nested application. For condition of multiple tunnel nests, it is only needed to look up security strategy database once, and utilize association relationship between strategies to complete all operation for matching strategy. The invention raises efficiency for verifying security strategy and system performance.

Description

technical field [0001] The invention belongs to the information security technology in the field of information technology, and relates to an IPSEC (IP Security) system, specifically, to a method in which multiple security protections are adopted for stacked data packets, and a method for matching and verifying these security protections and security policies. Background technique [0002] As technology advances and costs fall, the Internet is becoming more and more popular. From the 1990s to the present, this network has continued to expand. Many telecommunications companies provide high-speed lines for customers to access the Internet, while local Internet service providers (ISPs) provide cheap local access services, attracting more and more users to access the Internet. Today, the Internet carries all kinds of communications, and users only need to pay the fee for local network access to access resources all over the world. People have accepted the way of using e-commer...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L9/32H04L29/06
Inventor 陈海彬陈开渠丁勇赵洁李亚晖彭志威
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap