Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for negotiating about security alliance

A security and alliance technology, applied in the field of IP security, can solve problems such as waste of network resources, unsuccessful SA negotiation process between communication parties, and affect normal operation of business, so as to achieve the effect of ensuring normal operation and successful negotiation

Inactive Publication Date: 2007-02-21
NEW H3C TECH CO LTD
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this way, the final SA reserved by the communication parties is not a matching SA, so that the communication parties negotiate to generate two IKE SAs or two IPsec SAs to protect the same IP traffic, resulting in the failure of the SA negotiation process between the communication parties, which seriously affects the business. normal operation, resulting in an extreme waste of network resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for negotiating about security alliance
  • Method for negotiating about security alliance
  • Method for negotiating about security alliance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] The core idea of ​​the present invention is: set selection rules, and when it is determined that there is a conflict in the two SA negotiation processes, obtain the characteristics of the two conflicting SA negotiation processes according to the selection rules, and select the conflicting SA negotiation process according to the obtained characteristics and selection rules. An SA corresponding to the two SA negotiation processes.

[0052] Here, there are two ways to determine that there is a conflict in the negotiation process of the two SAs. One is: when the communication party generates two SAs to protect the same IP traffic, it is determined that the SA negotiation process corresponding to the two SAs has a conflict; the other is : When the communication party receives the SA negotiation request message, it judges whether there is a conflict in the SA negotiation process corresponding to the SA negotiation request message. In the SA negotiation process, it can be dete...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention comprises: setting the selection rule; when confirming that there is a conflict existed between two SA (security negotiation) the negotiation processes, according to the selection rule, acquiring the character of the two conflicted SA negotiation processes; according to the acquired character and selection rule; selecting one SA corresponding to the two conflicted SA negotiation processes. By the invention, when both communicational parties generates two different SAs for protecting same IP traffic or performs two SA negotiation processes for protecting same IP traffic, both of them can get matched SA.

Description

technical field [0001] The present invention relates to IP security (IPsec) technology, especially a method for negotiating security association (SA). Background technique [0002] In the prior art, the IPsec SA is usually obtained through negotiation using the Internet Key Exchange Protocol (IKE). IKE negotiation is divided into two phases. In phase 1, IKE SA is negotiated, and the IKE SA is used to protect the negotiation process in phase 2. In phase 2, IPsec SA is negotiated, and the SA is used to protect user IP traffic. During the IPsecSA negotiation process, in order to protect different IP traffic, the communication parties will conduct IPsec SA negotiation for each IP traffic to be protected. Here, the IKE SA used to protect the negotiation process of phase 2 can also be regarded as the SA that protects the IP traffic of phase 2. In the introduction of this document, unless otherwise specified, SA means IKE SA or IPsec SA. [0003] An SA negotiation process, wheth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/56H04L9/32H04L9/14H04L12/24
Inventor 杨银柱
Owner NEW H3C TECH CO LTD
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More