IPSEC negotiation method, apparatus, equipment and system

A total and consistent technology, applied in the field of communication, can solve the problems of long time and low efficiency in IPSEC negotiation

Active Publication Date: 2013-11-13
HUAWEI TECH CO LTD
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Embodiments of the present invention provide a method, device, device and system for IPSEC negotiation, which solve the technical problems of long time-consuming and low efficiency in the IPSEC negotiation process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPSEC negotiation method, apparatus, equipment and system
  • IPSEC negotiation method, apparatus, equipment and system
  • IPSEC negotiation method, apparatus, equipment and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0187] An embodiment of the present invention provides an IPSEC (Internet Protocol Security, Internet Protocol Security) negotiation method.

[0188] On the one hand, the receiver involved in IPSEC negotiation, such as Figure 1b shown, including the following steps:

[0189] 101. Receive the first phase configuration parameters of IKE (Internet Key Exchange, Internet Key Exchange Protocol) sent by the initiator.

[0190] The IKE Phase 1 configuration parameters sent by the initiator to the receiver include: initiator IKE version, initiator negotiation mode, initiator authentication method, initiator authentication algorithm, initiator encryption algorithm, and initiator key exchange algorithm group.

[0191] 102. When the first phase configuration parameters of the IKE sent by the initiator are inconsistent with the first phase configuration parameters of the receiver, send the first phase configuration parameters of the receiver to the initiator so that the initiator Gener...

Embodiment 2

[0254] An embodiment of the present invention provides a method for IPSEC negotiation.

[0255] On the one hand, the receiver involved in IPSEC negotiation, such as image 3 shown, including the following steps:

[0256] 301. Receive the configuration parameters of the first phase of Internet key exchange IKE sent by the initiator.

[0257] The IKE Phase 1 configuration parameters sent by the initiator to the receiver include: initiator IKE version, initiator negotiation mode, initiator authentication method, initiator authentication algorithm, initiator encryption algorithm, and initiator key exchange algorithm group.

[0258] 302. Determine whether the first-phase configuration parameters of the IKE are consistent with the first-phase configuration parameters of the receiver.

[0259] If consistent, execute 305, and when inconsistent, execute 303.

[0260] 303. When the first phase configuration parameters of the IKE sent by the initiator are inconsistent with the first p...

Embodiment 3

[0331] An embodiment of the present invention provides an IPSEC negotiation device.

[0332] On the one hand, the receiver involved in IPSEC negotiation, such as Figure 5 As shown, the device includes:

[0333] The first-stage receiving unit 51 is configured to receive the first-stage configuration parameters of the Internet Key Exchange IKE sent by the initiator.

[0334] The first-stage judging unit 52 is configured to judge whether the first-stage configuration parameters of the IKE sent by the initiator are consistent with the first-stage configuration parameters of the receiver.

[0335] The first-stage sending unit 53 is configured to: when the receiver’s first-stage judging unit judges that the IKE first-stage configuration parameters sent by the initiator are inconsistent with the receiver’s first-stage configuration parameters, send the receiver’s first-stage configuration parameters to The first-phase configuration parameters are sent to the initiator, so that the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an IPSEC negotiation method, which refers to communication field, and solves the problems of long IPSEC negotiation process and low negotiation efficiency. The IPSEC negotiation method comprises a first step of sending a receiver first stage configuration parameter to a starter by a receiver when an IKE first stage configuration parameter differs from the receiver first stage configuration parameter, and then receiving an IKE first stage configuration modify parameter to establish a first stage SA; and a second step of receiving an IKE second stage configuration parameter by a receiver, and sending a receiver second stage configuration parameter to the starter when the IKE second stage configuration parameter sent by the starter differs from the receiver second stage configuration parameter, and then receiving the IKE second stage configuration modify parameter and establishing a second stage SA. The invention is mainly applied in data transmission.

Description

technical field [0001] The present invention relates to the communication field, in particular to an IPSEC negotiation method, device, equipment and system. Background technique [0002] IPSEC (Internet Protocol Security, network protocol security) provides secure data communication for users in different physical regions to prevent data from being viewed and tampered with during network transmission. [0003] In general, the initiator and receiver need to conduct IKE (Internet Key Exchange, Internet Key Exchange Protocol) negotiation before sending data to ensure that the initiator and receiver adopt consistent encryption and authentication algorithms to ensure correct data reception . The IKE negotiation includes two processes. The first phase is to establish an SA (Security Association, Security Association) that provides protection for the second phase, and the second phase establishes an SA that provides protection for data. [0004] The specific negotiation process i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L9/32H04L63/061
Inventor 王祥光
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap