Main-mode IKE negotiation method

A main mode, negotiating message technology, applied in the field of network communication, can solve the problem of uncertain ip address, unable to confirm the negotiation key of user identity, etc.

Inactive Publication Date: 2012-09-26
OPZOON TECH
5 Cites 2 Cited by

AI-Extracted Technical Summary

Problems solved by technology

However, in the main mode, the user identity information of the local end is only carried when the information is negotiated for the third time in IKE, and because the key must be determined before the second IKE mutual negotiation in the main mode, only the information of the packet can be used in the negotiation in the main mode. ip address, but cannot use the user identity to c...
View more

Abstract

The invention discloses a main-mode IKE (Internet Key Exchange) negotiation method, which belongs to the field of network communication technology. The method comprises the following steps: embedding respective user identity information in a sending message at a first stage of the main-mode IKE negotiation initiated by the current end to the opposite end, when the current end and the opposite end are in first interaction negotiation; sending DH encryption information to the opposite end when the current end and the opposite end are in second interaction negotiation; and selecting corresponding secret key according to the user identity information of the opposite party and the DH encryption information when the current end and the opposite end are in third interaction negotiation. According to the invention, the respective user identity information is embedded in the sending message, when the current end and the opposite end are in first interaction negotiation, so that the method provided by the invention can be also realized when the ip address is uncertain.

Application Domain

Transmission

Technology Topic

Ip addressEncryption +3

Image

  • Main-mode IKE negotiation method
  • Main-mode IKE negotiation method

Examples

  • Experimental program(1)

Example Embodiment

[0022] The specific embodiments of the present invention will be described in further detail below in conjunction with the drawings and embodiments. The following examples are used to illustrate the present invention, but not to limit the scope of the present invention.
[0023] figure 1 It is a flowchart of an IKE main mode negotiation method according to an embodiment of the present invention; refer to figure 1 , The method includes:
[0024] In the first stage of the IKE main mode negotiation initiated by the front end to the opposite end, the current end and the opposite end carry their respective user identity information in the sent message during the first interactive negotiation;
[0025] The current end and the opposite end send DH encrypted information to the other during the second interactive negotiation;
[0026] In the third interactive negotiation, the current end and the opposite end use DH encryption information to select the corresponding key according to the user identity information of the other party.
[0027] Preferably, the first interactive negotiation between the current end and the opposite end specifically includes:
[0028] A1: The current end sends a first negotiation message to the opposite end, where the first negotiation message includes user identity information of the current end;
[0029] A2: The opposite end parses the first negotiation message to obtain the user identity of the current end, and sends a first response message to the current end, the first response message including the opposite end User identification information;
[0030] A3: The current end parses the first response message to obtain the user identity information of the opposite end.
[0031] Preferably, the DH encryption information is a Diffie-Hellman key exchange algorithm.
[0032] Preferably, the third interactive negotiation between the current end and the opposite end specifically includes:
[0033] B1: The current end sends a third negotiation message to the opposite end, and the opposite end uses DH encryption information to select a corresponding key according to the user identity information of the current end;
[0034] B2: The opposite end sends a third response message to the current end, and the current end uses DH encryption information to select a corresponding key according to the user identity information of the opposite end;
[0035] B3: The current end and the opposite end respectively verify their respective keys.
[0036] The above embodiments are only used to illustrate the present invention, not to limit the present invention. Those of ordinary skill in the relevant technical fields can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, all The equivalent technical solutions also belong to the scope of the present invention, and the patent protection scope of the present invention should be defined by the claims.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents.

© 2023 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap