Searching device and method for Ethernet internet protocol security (IPSec) database

An IP data packet and database technology, applied in the field of Ethernet security, can solve problems such as high power consumption, high cost of TCAM memory, poor configurability of SPD and SAD databases, etc., and achieve the effect of meeting the requirements of search performance

Inactive Publication Date: 2013-07-10
SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this hardware implementation can meet the requirements of high-speed table lookup, the configurab

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Searching device and method for Ethernet internet protocol security (IPSec) database
  • Searching device and method for Ethernet internet protocol security (IPSec) database
  • Searching device and method for Ethernet internet protocol security (IPSec) database

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be emphasized that the following description is only exemplary and not intended to limit the scope of the invention and its application.

[0040] refer to figure 1, in some embodiments, a high-speed Ethernet IPSec security database table lookup device includes a receiving module, a processing unit, an SPD static random access memory (SPD SRAM), a SAD static random access memory (SAD SRAM) and an IPSec security database lookup module, wherein , the receiving module can buffer the data frame, save the MAC frame header of the Ethernet data frame, analyze the IP packet header, and decapsulate the data frame into an IP data packet; the processing unit preferably adopts a 32-bit embedded CPU, which can configure an IPSec security database, preferably Ground, processing unit is also used for regularly updating IPSec security database; IPSec security ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a searching device for an Ethernet IPSec database. According to the device, a processing unit configures a security database, a receiving module receives a data frame from the Ethernet and unpacks the data frame into an IP data packet, an IPSec database searching module conducts selector extraction and compression on the IP data packet unpacked by the receiving module, a compressed character serves as an input address of a security policy database (SPD) storage unit, the SPD storage unit outputs a security policy and submits the security policy to the IPSec database searching module for analysis, information that whether IPSec protocol processing is to be conducted or not and an input address of a security association database (SAD) storage unit can be obtained from the security policy, the SAD storage unit outputs a security association, and the IPSec database searching module analyzes the security association to generate a task descriptor. By the aid of the device, the requirements for high-speed searching can be met, and the security database can be configured simply and flexibly. The invention also discloses a corresponding security database searching method as well as a device and a method which are used for achieving Ethernet IPSec database searching.

Description

technical field [0001] The invention relates to Ethernet security technology, in particular to an Ethernet IPSec security database search device and method. Background technique [0002] Since the network protocol itself does not provide security features, in order to ensure the confidentiality, integrity and identity authentication of network information, in 1998 the Internet Engineering Task Force IETF proposed the IPSec (Internet Protocol Security) protocol for the network layer (IP), as a network The key technology of security, IPSec protocol has been widely used. In the IPSec security system, there are two databases, one is the security policy database SPD (Security Policy Database), and the other is the security association database SAD (Security Association Database). A security policy defines the characteristics of secure communication between two communicating entities; what protocol to use in what mode; and how to handle IP packets. SPD is used to realize the sto...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F17/30H04L29/06
Inventor 乌力吉牛赟张向民麦宋平
Owner SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap