Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for carrying out encryption and decryption by using IPSec security association

An alliance and security technology, applied in the field of communication, can solve problems such as confusion and response information that multiple devices do not correspond to

Inactive Publication Date: 2013-01-23
OPZOON TECH
View PDF3 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When multiple devices send information to one device, and one device receives the information and returns response information to multiple devices, the response information will not correspond to multiple devices, which may cause confusion

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for carrying out encryption and decryption by using IPSec security association
  • Method for carrying out encryption and decryption by using IPSec security association
  • Method for carrying out encryption and decryption by using IPSec security association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] The present invention proposes a method for encrypting and decrypting using an IPSec security association, characterized in that at least one local device sends a message to a peer device, and the method includes:

[0027] A. The local device sends a message to the first firewall at the local end;

[0028] B, the first firewall receives the message, uses the IPSec security association to encrypt the message, and sends the encrypted message to the second firewall at the opposite end;

[0029] C. After the second firewall receives the encrypted message, it searches for the IPSec security association according to the security protocol type of the encrypted message and the security parameter index SPI, and decrypts the encrypted message through the found IPSec security association to obtain the decrypted message. arts;

[0030] D. The second firewall creates a mapping relationship table, and sends the decrypted message to the peer device.

Embodiment 2

[0032] This embodiment includes all the content of Embodiment 1. In addition, the message in step A is further limited to include: the address of the local device and the address of the peer device.

[0033] The encrypted message in step B includes: the address of the first firewall and the address of the second firewall. The first firewall encrypts the message into an encapsulating security payload (Encapsulating Security Payload, ESP) / authentication header (Authentication Header, AH) message.

[0034] The decrypted message in step C includes: the address of the local device and the address of the opposite device. When the second firewall receives the ESP / AH message, it searches for the IPSec SA (IPsec Security Association) on the server according to the security protocol type (AH protocol or ESP protocol) and the security parameter index of the message. After finding it, it uses the IPSec SA to Decrypt the encrypted message and send it to the peer device.

[0035] The mapp...

Embodiment 3

[0043] This embodiment uses a specific IP address to more specifically describe a method for encrypting and decrypting using an IPSec security association. The specific examples are as follows:

[0044] Pc1-------------first firewall------------second firewall------------Pc2

[0045] The client Pc1 sends the message to the client Pc2, wherein the message passes through the first firewall (Firewall, fw) and the second firewall.

[0046] The local device IP2 address 1.1.1.1 of PC1 sends a message to the peer device IP2 address 2.2.2.2 of PC2.

[0047] At this time, the message structure is:

[0048]

[0049] When passing through the first firewall, it needs to be encrypted into an ESP packet through IPSec SA. The IP1 address of the first firewall is 192.168.1.1 and the IP1 address of the second firewall is 192.168.1.2

[0050] The encrypted message structure of the first firewall is as follows:

[0051]

[0052] After the second firewall receives it, it searches for the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for carrying out encryption and decryption by using IPSec security association. At least one local end device sends a message to an opposite end device. The method comprises the following steps that: A, a home terminal device sends a message to a first fire dam of a home terminal; B, the first fire dam receives the message, encrypts the message by using the IPSec security association, and sends the encrypted message to a second fire dam of an opposite terminal; C, after receiving the encrypted message, the second fire dam searches the IPSec security association according to a security protocol type and a security parameter index of the encrypted message, and decrypts the encrypted message through the searched IPSec security association to obtain a decrypted message; and D, the second fire dam creates a mapping relationship table, and sends the decrypted message to the opposite terminal device. The invention realizes that a fire dam of the opposite terminal device respectively returns a response message to a plurality of home terminal devices according to a mapping relationship when the home terminal devices respectively send the message to one opposite terminal device.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a method for encrypting and decrypting by using an IPSec security association. Background technique [0002] Internet Protocol Security (IPSec, Internet Protocol Security) is a security protocol widely used in network communication. In the application of this protocol, the information transmission between two devices needs to establish an IPSec security association for the encryption and decryption process of information, so as to ensure the safe transmission of information. When multiple devices send information to one device respectively, and one device receives the information and returns response information to multiple devices respectively, the response information will not correspond to multiple devices, which is likely to cause confusion. Contents of the invention [0003] (1) Solved technical problems [0004] The invention solves the technical problem that a pl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12
Inventor 陈海滨
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com