Method and device for synchronizing security association (SA) between equipment

A technology between devices and devices, applied in the field of communication networks, can solve problems such as waste, and achieve the effects of improving utilization, solving data flow loss, and saving bandwidth resources

Active Publication Date: 2013-03-13
紫光恒越技术有限公司
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The present invention provides an SA synchronization method and equipment among devices, which are used to solve the problem of waste of resources and improve the utilization rate of resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for synchronizing security association (SA) between equipment
  • Method and device for synchronizing security association (SA) between equipment
  • Method and device for synchronizing security association (SA) between equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] This embodiment describes the flow of the SA synchronization solution between devices in the main mode exchange mode, as figure 1 As shown, the process includes the following steps:

[0035] In step 101, network device A sends a first message to peer network device B for requesting SA parameter exchange, and the message carries an SA security policy to be confirmed.

[0036] Step 102, network device B returns a second message to network device A according to the received first message to confirm the SA security policy, and the message carries the SA security policy confirmed by network device B.

[0037] The above steps 101-102 implement the SA parameter exchange process, which is used for negotiating and confirming relevant security policies. Specifically, network device A sends the IKE policy to the peer network device B, and network device B searches for a matching policy and returns it to network device A. Network device A receives the policy confirmed by network d...

Embodiment 2

[0069] This embodiment describes the flow of the SA synchronization solution between devices in the aggressive mode exchange mode, such as image 3 As shown, the process includes the following steps:

[0070] Step 301, network device A sends a first message to network device B to request confirmation of the SA security policy and key exchange, the first message carries the SA security policy to be confirmed and key generation information of device A .

[0071] Step 302, IPsec SA peer B returns a second message to network device A according to the received first message, and the second message carries the SA security policy confirmed by network device B and network device B's key generation information.

[0072] The above steps 301-302 implement the security policy and key exchange process, which are used for security policy negotiation and exchange of Diffie-Hellman public value and auxiliary data.

[0073] Step 303, network device A sends a third message to network device ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for synchronizing security association (SA) between equipment. The method comprises the following steps of: receiving identification information of opposite-terminal IPsec (internet protocol security) SA peer equipment transmitted from the opposite-terminal IPsec SA peer equipment in an IKE (Internet Key Exchange) SA negotiation process between IPsec SA peer equipment and the opposite-terminal IPsec SA peer equipment; deleting the IKE SA and the IPsec SA, inquired according to the identification information, on the IPsec SA equipment; and establishing the IPsec SA between the IPsec SA peer equipment and the opposite-terminal IPsec SA peer equipment by virtue of taking the identification information as an index. The method and the device can be used for solving the problem of data loss between the equipment, saving CPU (Central Processing Unit) resources and improving the utilization rate of the CPU resources; and as the IPsec SA peer equipment is informed of deleting the useless SA by an IKE SA negotiation message in the IKE SA negotiation process, the burden from extra message interaction between the equipment is not added, and bandwidth resources are saved.

Description

technical field [0001] The present invention relates to the technical field of communication networks, in particular to a method and device for synchronizing Security Association (Security Association, SA) between devices. Background technique [0002] IPsec (IP Security, IP Security) is a three-layer tunnel encryption protocol formulated by IETF (Internet Engineering Task Force, Internet Engineering Task Force), which provides high-quality, interoperable, cryptography-based It is a traditional security technology for implementing Layer 3 VPN (Virtual Private Network, Virtual Private Network). [0003] IPsec provides secure communication between two devices, and devices that use IPsec technology to communicate are called IPsec peers. SA is an agreement between communication peers on certain elements, such as protocol type, protocol encapsulation mode, encryption algorithm, shared key for protecting data in a specific flow, and key lifetime. IPsec can establish an SA throug...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 杨超
Owner 紫光恒越技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap