Unlock instant, AI-driven research and patent intelligence for your innovation.

Data message and method for securely accessing data streams on a firewall

A data message and firewall technology, applied in the field of data flow security mutual access, can solve problems such as data degradation, firewall waste of equipment system resources, and impact on equipment performance, so as to improve flexibility, realize flexible access, and make up for resource waste.

Active Publication Date: 2019-01-08
XIAN UNIV OF TECH
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is also to provide a data flow security mutual access method for data messages on the firewall, which solves the problem of wasting equipment system resources caused by traditional firewall division methods and a large number of applications of security forwarding strategies, which affects equipment performance degradation The problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data message and method for securely accessing data streams on a firewall
  • Data message and method for securely accessing data streams on a firewall
  • Data message and method for securely accessing data streams on a firewall

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0017] The structure of the data message provided by the present invention is as figure 1 and figure 2 As shown, it includes the Mac header segment, IP header segment, new protocol header segment, TCP / UDP header segment, data payload segment, and FCS segment. The new protocol header segment includes the version number field, priority field, and authentication type field and the hash value field. In the present embodiment, the data length of the Mac header segment is 14B, the data length of the IP header segment is 20B, and the corresponding data length of the TCP / UDP header segment is corresponding to 20 / 8B, the data load segment, and the data length of the FCS segment The data length of the header section of the new protocol is 4B, and the data length of the version number field, priority field, verification type field, and hash value fie...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a data message, comprising a Mac header section, an IP header section, a new protocol header section, a TCP / UDP header section, a data payload section and an FCS section, wherein the new protocol header section comprises a version number field and a priority field. The method comprises the following steps: establishing a data message format and renewing a forwarding protocol; renewing a forwarding protocol; renewing a forwarding protocol; renewing a forwarding protocol; decapsulating the data packet by a firewall, if the source IP address and the destination IP addressare both private networks, match the correspondence table of the destination address and the interface address with the interface policy table to confirm whether forwarding is allowed or not. If the source IP address and the destination IP address are private network address and public network address respectively, if forwarding is allowed, NAT processing is performed first, and then the forwarding is sent. The scheme of the invention is simple in realization and clear in principle, can more effectively solve the safe access of data streams in different networks, and improves the flexibility of data mutual access configuration between different networks.

Description

technical field [0001] The invention belongs to the technical field of data communication and network security, specifically relates to a data message, and also relates to a data flow security mutual access method on a firewall based on the data message. Background technique [0002] At present, the traditional firewall adopts the method of area division to distinguish the security level of the network. Although the area division of the traditional firewall reasonably divides different interfaces into different security levels, so as to realize the legal access of data packets under the permission of the security policy, but if To achieve access from different security areas, you must configure the inter-zone default packet filtering policy or the inter-zone security forwarding policy. Although the configuration of the inter-zone default packet filtering policy is simple and rarely wastes system resources, its policy conditions are extremely broad. In other words, it is very...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/0236H04L63/123
Inventor 吴鹏飞李腾张启东贾璐瑶
Owner XIAN UNIV OF TECH