Method for improving security of IPv6 protocol data packets

An ipv6 protocol and data packet technology, which is applied in the direction of secure communication devices, digital transmission systems, user identity/authority verification, etc., can solve problems such as unresolved source address counterfeiting, fault bottlenecks, etc., and achieve enhanced accountability and prevention of heavy-duty Unleash aggressive behavior and reduce the effect of fake aggressive behavior

Inactive Publication Date: 2017-01-04
SHENZHEN INSTITUTE OF INFORMATION TECHNOLOGY
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its advantage is that it can not only guarantee the authenticity of the data packet, protect the privacy of the user's data flow, but also flexibly control the user's data flow. However, this scheme does not solve the problem of source address counterfeiting. It has actually become a NAT device, which may become a bottleneck point of failure under large-scale concurrent requests

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving security of IPv6 protocol data packets
  • Method for improving security of IPv6 protocol data packets

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described in detail below in combination with specific embodiments and with reference to the accompanying drawings. It should be emphasized that the following description is only exemplary and not intended to limit the scope of the invention and its application.

[0025] Such as figure 1 As shown, the present invention can use the programmable user network access device or the overall network exit device (hereinafter referred to as "device") to extend the identity identification option proposed by the present invention to the user data packet. Further, the embodiment includes the following steps:

[0026] A0. Optionally, the device first excludes data packets that are not suitable for extended identity identification options, such as DNS, BGP, DHCP and other protocol data packets.

[0027]A1. Match user identity based on IP source address: The device looks up the user identity and its private key mapped to the IP address in the loc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for improving security of IPv6 protocol data packets. The method comprises the steps of expanding identity options in IPv6 target option packet headers, wherein the options comprise fields such as an option type, option length, an option version, a reservation field, an autonomous domain number, user identity, a time stamp and a digital signature; and the method discloses the meaning, a data generation mode and an implementation method of each field. According to the method, the identities are added to data packets sent by a user, and the identities are prevented from being counterfeited, tampered and reversely deduced; an overall mechanism is beneficial for enhancing the accountability of the internet and reducing counterfeit attack behaviors of the internet; and the method has positive significance to establishing the safe and credible internet.

Description

technical field [0001] The invention relates to the field of IPv6 protocol and network security, in particular to an IPv6 target option packet header extension method carrying the user's real identity. Background technique [0002] With the rapid expansion of the Internet network scale and the continuous enrichment of upper-level applications in recent years, the network structure and functions have become increasingly complex, the network management and control capabilities have gradually weakened, and the Internet security situation has become more severe. One of the problems to be solved is that after a network security incident occurs, the responsible person can be determined by attacking data packet samples. [0003] In the current Internet architecture, it is only possible to determine the source of the sender based on the source address of the data packet, but it is not sufficient to infer the identity of the sender only based on the IP source address. This is because...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3239H04L9/3247H04L9/3297H04L63/0876H04L63/1466
Inventor 胡光武张平安延霞曲绪纲张海平孔令晶马泉
Owner SHENZHEN INSTITUTE OF INFORMATION TECHNOLOGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap