Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Flow rate security detection method, equipment and system

A security detection and traffic technology, applied in the field of network communication, can solve the problems of inability to distinguish between different traffic types, hidden dangers of network information and communication security, and inability to realize in-depth detection of packets, so as to achieve the management and control of traffic and content and realize security Monitoring and ensuring the effectiveness of security

Active Publication Date: 2012-02-08
CHINA TELECOM CORP LTD
View PDF1 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] Although the existing technology can identify and analyze whether the IPsec VPN message is forged and whether it is a non-standard format message, the above two schemes can only analyze the encryption method and whether it meets the standard through the format in the sequence, that is, only Support for detection of encrypted formats
However, the encrypted content still cannot be detected, and different traffic types cannot be processed differently, and keywords cannot be monitored, and the true in-depth detection of the message cannot be realized.
In addition, with the popularization of IPv6, the abuse of IPsec may be brought about, and it will also bring certain hidden dangers to the information and communication security of the network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow rate security detection method, equipment and system
  • Flow rate security detection method, equipment and system
  • Flow rate security detection method, equipment and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0066] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

[0067] An embodiment of the IPSec flow security detection system of the present invention, see figure 1 shown. It mainly includes: gateway equipment and security detection server. in,

[0068] Gateway device 11: Placed between the security network domain of the initiator host A and the network of the responder host B, it is a gateway device that supports layer-3 routing functions and can implement the relay and routing functions of user data streams. In the preferred embodiment of the present invention, the gateway device 11 is located at the edge exit of the security area, and realizes the functions of IPsec detection, user authentication, response address association and IPsec data packet forwarding.

[0069] Securit...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Internet protocol security (IPSec) flow rate security detection method, equipment and a system. The method comprises the following steps that: when an initiation party initiates an Internet key exchange (IKE) request of the IPsec communication to a response party through gateway equipment, and the gateway equipment intercepts and captures the IKE request, extracts the source address of the request and the corresponding target address of the response party and stores the source address of the request and the corresponding target address of the response party into a local data list; the encryption consultation is respectively carried out with the initiation party and the response party, and in addition, IPsec security channels with the initiation party and the response party are respectively built; the initiation party encrypts a data packet to be sent to the response party by a gateway equipment consultation encryption method and sends the data packet to the gateway equipment through the IPsec security channel built with the gateway equipment; after the gateway equipment receives the data packet, the deep packet detection is carried out after the data packet is decrypted by an encryption method negotiated with the initiation party; when the deep packet detection is passed, the gateway equipment encrypts the data packet by the encryption method negotiated with the response party, and the data packet is sent to the response party through the IPsec security channel built with the response party.

Description

technical field [0001] The present invention relates to network communication technology, in particular to an Internet Protocol Security (IPSec, Internet Protocol Security) flow security detection method, device and system. Background technique [0002] In the past two decades, the rapid increase in the number of Internet users and terminals, and the rapid progress of network technology have proved the great success of the Internet with a simple and open design concept. However, precisely because of the simplicity and openness of the Internet, the Internet is also facing more and more new requirements and challenges, such as poor security, difficulty in control and management, and difficulty in responding to failures and attacks in a timely manner. With the further popularization of the Internet, these problems have become more and more noticeable, and the threats that network survivability needs to deal with have also expanded from simple random failures to various abnormal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06
Inventor 高歆雅陈晓益江志峰刘波王和宇陈运清
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com