Fragment processing method and system

A technology of fragment identification and sender, applied in the field of data communication and Internet security, and can solve problems such as Dos attacks

Inactive Publication Date: 2012-03-14
BEIJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the problem of DoS attack in the existing IKEv2 protocol, the embodiment of the present invention provides a method and system for fragment processing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fragment processing method and system
  • Fragment processing method and system
  • Fragment processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0061] see figure 1 , the embodiment of the present invention provides a method for slice processing, including:

[0062] 101: The first application layer of the sender acquires the first message, and fragments the first message to obtain N fragments, where each fragment of the N fragments includes a fragment identifier , fragment offset and fragment flag, and send the N fragments to the receiver, where N is a natural number greater than 1;

[0063] 102: The second application layer of the receiver obtains the N fragments sent by the sender, and according to the fragment identifier, fragment offset and fragmentation of each fragment in the N fragments The flag bits are used to assemble the N fragments to obtain the first message.

[0064] In this embodiment, the first message includes IKEv1 and IKEv2 messages, but is not limited to these two messages. The fragmentation identifier is used to identify whether a certain message is a message that needs to be fragmented, and the ...

Embodiment 2

[0084] This embodiment provides a method for slice processing, such as figure 2 Shown is the overall logical system architecture of the IPsec protocol software deployed on the security gateway. Both the sender device and the receiver device need to install the M-IKEv2 protocol. This figure also shows the M-IKEv2 protocol application layer fragmentation and TCP / IP fragmentation. The location of slices in the entire system, the M-IKEv2 protocol application layer slices are in the user space, and the TCP / IP slices are in the kernel space.

[0085] like image 3 Shown is the deployment method of the security gateway-security gateway in the actual network application scenario. In this embodiment, two routers connected to the transmission network are required to deploy the IPsec and M-IKEv2 protocols, and one transmission network is required to connect the two security gateways. transfer data packets between them. The core network router is a high-performance IP router, and the I...

Embodiment 3

[0150] see Figure 11 , the embodiment of the present invention provides a fragment processing system, including: a sender 301 and a receiver 302, the sender 301 includes a first application layer, and the receiver 302 includes a second application layer;

[0151] The first application layer of the sender is configured to obtain the first message, and perform fragment processing on the first message to obtain N fragments, wherein each fragment in the N fragments includes a fragment slice identifier, slice offset and slice flag, and send the N slices to the receiver, where N is a natural number greater than 1;

[0152] The second application layer of the receiver is configured to obtain the N fragments sent by the sender, and according to the fragment identifier, fragment offset and fragmentation of each fragment in the N fragments The fragment flag bit is used to assemble the N fragments to obtain the first message.

[0153] Wherein, the first application layer of the sender...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fragment processing method and system, belonging to the field of data communication and internet security. The fragment processing method comprises the following steps of: obtaining first information by a first application layer of a sender, carrying out fragment processing on the first information to obtain N fragments, wherein each of the N fragments comprises a fragment identifier, a fragment offset and a fragment bit zone; sending the N fragments to a receiver; obtaining the N fragments which are sent by the sender by a second application layer of a receiver and assembling the N fragments according to the fragment identifier, the fragment offset and the fragment bit zone of each of the N fragments so as to obtain first information.

Description

technical field [0001] The invention relates to the fields of data communication and Internet security, in particular to a fragment processing method and system. Background technique [0002] IPsec (Internet Protocol Security) can protect multiple IP data streams between hosts, between security gateways and security gateways, and between security gateways and hosts. For many security applications on the Internet, the IPsec standard uses IKEv2 (Internet Key Exchange Version 2, the second version of the Internet Key Exchange Protocol) as its default automatic key configuration protocol to negotiate parameters such as keys and encryption / authentication algorithms . [0003] IKEv2 allows multiple authentication methods between a pair of network communication devices and establishes a corresponding set of security association parameters, which are provided to ESP (Encapsulating Security Payload, encapsulating security payload) or AH (Authentication Header, authentication header)...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L1/00H04L12/56H04L29/08H04L12/715
Inventor 张宏科许长桥关建峰周平文新贾世杰张能权伟曹远龙
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap