Method and apparatus for negotiating internet cryptographic key exchanging safety coalition existence period

A life cycle and key exchange technology, applied to electrical components, transmission systems, etc., can solve problems such as no response terminal, communication interruption, and IKESA failure, etc., to achieve the effect of easy implementation and simple process

Inactive Publication Date: 2008-07-23
NEW H3C TECH CO LTD
View PDF0 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 2. The responder accepts the negotiation, but the responder adopts a smaller life cycle;
Once the INFO message is lost during transmission, or the INFO message is not processed due to the busy task of the initiator, the IKE SA life cycle at both ends will be inconsistent, which may cause a problem similar to the second method: the responder does not have IKE SA cannot be negotiated for IPsec SA, resulting in communication interruption
Moreover, the INFO message is sent after the IKE / IPsec SA negotiation is completed, so after receiving the INFO message, the initiator needs to modify the life cycle of the established IKE SA, which is also troublesome in the actual implementation process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for negotiating internet cryptographic key exchanging safety coalition existence period
  • Method and apparatus for negotiating internet cryptographic key exchanging safety coalition existence period
  • Method and apparatus for negotiating internet cryptographic key exchanging safety coalition existence period

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The main idea of ​​the present invention is: when the IKE SA lifetime of the responder and the initiator are inconsistent, when the IKE SA lifetime of the responder in IKE negotiation is shorter than the IKE SA lifetime of the initiator, the IKE SA lifetime of the responder is transmitted during the IKE negotiation process. The SA lifetime allows the initiator to know the IKE SA lifetime of the responder, so that the IKE SA lifetime of the initiator can be negotiated to a smaller value during IKE SA negotiation. The present invention will be described in detail below through specific embodiments in conjunction with the accompanying drawings.

[0060] In the embodiment of the present invention, the IPSec policy is pre-configured on the corresponding interface between the initiator and the responder, and the traffic flowing through the interface of the initiator triggers IKE negotiation and establishes an IPSec SA. Specifically, the initiating end and the responding end m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a process for negotiating the life cycle of internet key exchange security alliance and the device, wherein the process indicates an initiation end and a response end to conduct the negotiation of the life cycle of the IKE SA through utilizing the negotiation identification of the IKE SA life cycle in the IKE SA negotiation process, thereby negotiating the IKE SA into a smaller value in the IKE negotiation process.

Description

technical field [0001] The present invention relates to the technical field of Internet Protocol Security (IPsec, IP Security), in particular to a method for negotiating the lifetime of an IKE Security Association (SA, Security Association) during an Internet Key Exchange (IKE, Internet Key Exchange) negotiation process and corresponding device of. Background technique [0002] Network security includes two meanings: one is the security of the internal network, and the other is the security of data exchange in the public network. The former is realized by means of firewall, network address translation (NAT), etc.; the latter is realized by the emerging IPsec technology. IPsec provides a protection method for encrypting packets at the IP layer. IPsec security associations can be established through manual configuration, but when the number of nodes in the network increases, manual configuration will be very difficult, and it is difficult to ensure security. In this case, I...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 李红霞
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap