Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Reliable IKE message negotiation method, device and system thereof

A packet negotiation and device technology, applied in the communication field, can solve the problems of packet loss, the responder device cannot receive, and IKESA or IPsecSA cannot be established normally.

Inactive Publication Date: 2009-09-09
NEW H3C TECH CO LTD
View PDF0 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At this time, the initiator device sends data packets encrypted according to the IPsec protocol to the responder device through the IPsec SA channel. The responder device discards these data packets, causing the initiator device to fail to transmit encrypted data
In addition, if the initiator of the second stage does not send the encrypted data packet at this time, but waits for the responder to send the encrypted data packet, and the responder device cannot send the encrypted data packet because the IPsec SA has not been established. Data packets will also cause the initiator device to fail to transmit encrypted data
[0010] To sum up, in the prior art, during the packet negotiation process of establishing IKE, due to the loss of the last packet in the first phase or the second phase or the inability of the responding device to receive the packet, the responding device cannot normally establish IKE SA or IPsec SA, resulting in subsequent IKE negotiation or encrypted data packet forwarding failure
And the existing IKE protocol does not define how to reliably transmit the last message, so once the last message is lost in the network or the responder device cannot receive the message, it will lead to subsequent IKE negotiation or encrypted datagram File forwarding failed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Reliable IKE message negotiation method, device and system thereof
  • Reliable IKE message negotiation method, device and system thereof
  • Reliable IKE message negotiation method, device and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0091] The core content of the present invention is that, during the process of IKE message negotiation, when the responder device receives the last negotiation message sent by the initiator device, the responder device returns an ACK (ACKnowledge, confirmation) message to the initiator device , to inform the initiator device that the responder device has received the last negotiation message sent by the initiator device, and the initiator device establishes the initiator device SA after receiving the ACK message. In the present invention, before the reliable message negotiation is performed in the first stage, the initiator device and the responder device perform capability negotiation to determine that both parties have the ability to carry out subsequent reliable IKE negotiation. The technical scheme of the present invention effectively protects the one-way IKE or IPsec SA caused by the loss or delayed sending of the last negotiation message during the establishment process ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a reliable IKE message negotiation method, a device and a system thereof, wherein, the method is applied to a system comprising first equipment and second equipment. The method comprises the following steps: a. the first equipment judges whether a response message from the second equipment is received within a preset cycle after the first equipment sends a last negotiation message to the second equipment; and b. if the response message from the second equipment is judged to be received within the preset cycle, the first equipment establishes a security alliance (SA) immediately. The method, the device and the system can guarantee reliable establishment of IKE SA and IPsec SA and reliable transmission of data message encrypted according to an IPsec Protocol when a network is in poor state, and the last message of message negotiation in a first stage or a second stage of the IKE misses or is delayed.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method, device and system for IKE reliable message negotiation. Background technique [0002] The IKE protocol (Internet Key Exchange, Internet Key Exchange) is used to establish a security association in IPsec (IPsecurity, IP security), and securely establish and update a shared key in an insecure network environment such as the Internet. In order to ensure the safe operation of IPv6 (Internet Protocol Version 6, the sixth edition of the Internet Protocol), it is necessary to establish an IKE security association to realize encrypted forwarding and transmission of data. [0003] IKE is based on the framework defined by ISAKMP (Internet Security Association and Key Management Protocol, Security Association and Key Management Protocol). Usually, the establishment of IKE includes two phases. The first phase is used to establish a communication channel IKE SA (security ass...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56H04L1/16
Inventor 徐庆伟罗潇
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com