Supercharge Your Innovation With Domain-Expert AI Agents!

Trusted IPSec module and VPN tunnel construction method

A tunnel and module technology, applied in the field of network security, can solve problems such as attacking VPN tunnels, stealing important information and sensitive resources, etc., and achieve the effects of reducing system load, improving communication efficiency, and ensuring communication security

Active Publication Date: 2020-12-25
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] It can be seen that there are technical problems in the prior art that criminals can exploit the unsafe application environment and system loopholes in the terminal equipment system to attack VPN tunnels and steal important information and sensitive resources.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted IPSec module and VPN tunnel construction method
  • Trusted IPSec module and VPN tunnel construction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] Please refer to figure 1 , Embodiment 1 of the present application provides a trusted IPSec module applied to a terminal device, including:

[0053] REE function group 11, running in REE drive environment, including IPSec protocol encapsulation analysis module 111 and TCP / IP protocol stack 112;

[0054] TEE function group 12, running in TEE driver environment, including IPSec core module 121;

[0055] A storage module 13, the storage module is respectively connected with the IPSec protocol encapsulation analysis module and the IPSec core module.

[0056] The TEE-driven environment is a trusted execution environment, which can guarantee computing that is not interfered by the conventional operating system, so it is called "trusted". In a nutshell, TEE is an independent execution environment running in parallel with Rich OS, providing security services for the Rich OS environment. The TEE driver environment is implemented based on ARM TrustZone, which can access hardwa...

Embodiment 2

[0073] Please refer to figure 2 Embodiment 2 of the present application provides a method for constructing a VPN tunnel, which is applied to the IPSec module described in Embodiment 1, and the method includes:

[0074] Step 201: The TEE client issues a startup command, so that the IPSec protocol encapsulation analysis module encapsulates the IPSec / IP protocol, obtains an IP protocol encapsulation package, and stores the IP protocol encapsulation package in the storage module;

[0075] It should be pointed out that when the method in Embodiment 2 of the present application is implemented, a TEE client and a TA application need to be installed in the terminal device, the TEE client runs in the REE driver environment; the TA application runs in the TEE driver environment ; and the TEE client is interconnected with the TA application.

[0076] During the execution of this step, the user can first send an instruction to the TEE client to establish a VPN tunnel through direct or i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a trusted IPSec module and a VPN tunnel construction method. By the scheme in the invention, an IPSec module in terminal equipment is configured to comprise anREE function group running in an REE driving environment and a TEE function group running in a TEE driving environment, wherein the REE function group comprises an IPSec protocol encapsulation analysis module and a TCP / IP stack, the TEE function group comprises an IPSec core module, and a storage module connected with the IPSec protocol encapsulation analysis module and the IPSec core module is also arranged. When a VPN tunnel is constructed, key data and a processing process are processed in the TEE driving environment by utilizing functions of hardware isolation, system isolation and the like of the TEE driving environment; meanwhile, a universal IPSec protocol encapsulation analysis process and a data calling process of the TCP / IP stack are processed in the REE driving environment, sothat the technical effects that on one hand, the load of a TEE system is reduced, on the other hand, the safety and stability of key data information are ensured, the communication safety is ensured,and the communication efficiency is improved are achieved.

Description

technical field [0001] The present application relates to network security technology, and in particular, relates to a trusted IPSec module and a VPN tunnel construction method. Background technique [0002] The Internet Protocol Security (IPSec for short) is a protocol package, and its principle is to protect the network transmission protocol family of the IP protocol by encrypting and authenticating the packets of the IP protocol. [0003] In the prior art, the mobile terminal constructs a data tunnel by using VPN technologies such as IPSec, so that information can be transmitted in a safe and reliable tunnel. However, due to the unsafe IPSec application environment and system loopholes that may exist in the mobile smart terminal side, it is easy for criminals to attack the VPN tunnel through the security loopholes of the terminal system and steal sensitive information. Therefore, it is of great significance to build a trusted IPSec component architecture from the termina...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/46H04L29/06
CPCH04L12/4633H04L12/4641H04L63/0485H04L69/16
Inventor 孟丹孟慧石贾晓启侯锐黄庆佳武希耀周梦婷杜海超白璐
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com