CN108200071A - Support message information extraction and the IPSecNAT traversing methods and system that carry - Google Patents
Support message information extraction and the IPSecNAT traversing methods and system that carry Download PDFInfo
- Publication number
- CN108200071A CN108200071A CN201810026146.1A CN201810026146A CN108200071A CN 108200071 A CN108200071 A CN 108200071A CN 201810026146 A CN201810026146 A CN 201810026146A CN 108200071 A CN108200071 A CN 108200071A
- Authority
- CN
- China
- Prior art keywords
- message
- information
- ipsec
- data
- inforheader
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention discloses a kind of method and system that message information is supported to extract and carry while IPSec messages NAT is supported to pass through.It may insure that message content extracts before ipsec encryption by this method, sampling arrangement carried out to it, and transmission is carried with message, can very easily get sample information for the sampling server or task equipment set in transmission process.Present invention provides a set of mechanism simultaneously to protect sample information, it is ensured that ESP encrypted contents will not be revealed because of sample information or be tracked by emphasis.It can solve the problems, such as that ipsec encryption message deep analysis cost is high using the system and method for the present invention, strong guarantee is provided for the data source needed for growing big data analysis.
Description
Technical field
The present invention relates to the data transmission technologies in computer networking technology, particularly computer network, specifically relate to
And a kind of IPSec NAT (Network Address Translation, network address translation) traversing method.
Background technology
IPSec (Internet Protocol Security) is IETF (Internet Engineering Task
Force) the network security protocol for the one group of opening formulated, it is a series of agreement and service that safety is provided for IP network
Set.Wherein, ESP agreements (Encapsulated Security Payload, package safety load) mainly provide encryption, number
It is verified according to source, data integrity validation and replay protection.IPSec ESP agreements have two kinds of transmission mode and tunnel mode
Mode:Former IP data pack loads and ESP telegram ends is encrypted in transmission mode (Transport mode), as shown in Figure 1, wherein
HDR is the abbreviation of Header, represents head;Tunnel mode (Tunnel mode) is to IP heads, load and the ESP of former IP data packets
Telegram end is encrypted together, as shown in Figure 2.The both ends of ipsec encryption and decryption are known as peer-to-peer, only know between peer-to-peer
Other side's key.
In addition, NAT technologies for another IP address by the IP address conversion in IP datagram text head by providing inside
The function of network protection, and the problem of alleviate IPv4 Address Run Shorts to a certain extent.IPSec and NAT cooperate, can be with
Realize safe transmission on ip networks between specific communications side, therefore as more and more enterprises or the master of mechanism on-premise network
Stream selection.IPSec VPN users generally make ESP packets pass through NAT using NAT-T (NAT Traversal, NAT pass through) to reach
Purpose.It is passed through in scene in IPSec NAT, the data between ESP HDR to ESP Auth data form new IP packet and carry
Lotus, the load cannot be changed, and otherwise opposite end just can not be by decrypting come restoring data;And NAT is inevitably
It modifies to IP address, so when being related to across NAT device scene, existing scheme is typically chosen in the IP heads of IPSec messages
Increase by one UDP afterwards ESP messages to be protected to be not modified.The message structure of IPSec passing through NAT is as shown in Figure 3.
Data are transmitted using IPSec ESP agreements, by the way that ciphering user data, the confidentiality of data has been effectively ensured
And safety, data is prevented to be ravesdropping in transmission process.Even if data are trapped in transmission process, do not knowing that track data is close
In the case of key, Brute Force will face huge data analysis and attempt the time.It expends and very big crack cost and can only also obtain
To losing the data that are worth in real time.This effect is exactly that data safety work is desired.
But in the today in big data epoch, effective information is derived from the real-time analysis to mass data and excavates.Internet
Data content on each node, all demand there may be data acquisition.And the encrypted message of ipsec encryption agreement is mutual
During networking transport, data content is that data resolution server or special analyzing device can not be got easily.Such as
It is described above, even if being obtained by Brute Force, huge computing resource and time are also expended, this is big data analysis now
Problem urgently to be resolved hurrily.
Invention content
Goal of the invention:For problem of the prior art, the present invention proposes a kind of support message information extraction and carries, simultaneously
The method and system that IPSec messages NAT is supported to pass through.
Technical solution:A kind of method that message information is supported to extract and carry while IPSec messages NAT is supported to pass through, packet
Include that construction passes through message and parsing is passed through two stages of message, construction passes through message and includes the following steps:It is specified by user
Strategy and template are extracted, sort out and are assembled to data packet before encrypting, and the information content is turned further according to data dictionary
Justice completes the arrangement of sampled data;To the sampled data after arrangement successively packaging information head InforHeader (Information
) and designated port UDP heads Header;Ipsec encryption is carried out to data packet, after data packet completes encryption, packaged is adopted
Sample data are put into after the IP heads of ESP messages.
Parsing is passed through message and is included:UDP port number is parsed, parses InforHeader, obtains sample information length;It is based on
Sample information length deletes sampled data;IPSec ESP messages are decrypted.
The IPSec ESP messages encapsulated by this method are in transmission process, once by sampling server or special adopt
Sample equipment obtains, it is possible in the case where not decrypted to ciphertext, UDP heads are recognized by UDP port number and InforHeader
Sampling can be rapidly completed in the case where not needing to decryption in packet sampling information afterwards.
The disclosure of certain sample information is also Constrained and scope limitation.The information dynamics to sampled data can be passed through
Control and information escape are carried out, sensitive information leakage or characteristic information to be avoided to be tracked.In indefinite key message meaning
In the case of, IPSec ESP content safeties are protected to a certain extent, while ensure that part carries the encryption message of key message not
It can be tracked by emphasis.
Based on above 2 points, which can be divided into trust region and distrusts region:
In trust region, sampling server has the template and dictionary of sampled data, can easily get correct sample information;No
Sampled data can be accessed by being trusted region, but is not known the clear and definite meaning of information or be can only obtain the clear and definite meaning in part
Information.The information content in Simultaneous Sampling Data can also divide safe class as required:Safe class is required minimum
Information, content can be without escapes, this partial information is showed with script meaning;Higher report is required for safe class
Text, the meaning the fuzzy more deviates script meaning or even the meaning of a word and runs counter to, and needs just obtain by dictionary and information model definite
Meaning.
A kind of system that message information is supported to extract and carry while IPSec messages NAT is supported to pass through, including constructing mould
Block and parsing module, wherein, then constructing module seals the sampled data after arrangement successively for being arranged to sampled data
Information header InforHeader and designated port UDP heads are filled, packaged sampled data is put into after the IP heads of ESP messages.Tool
Body, to the arrangement of sampled data respectively by extraction unit, sort out strategy that unit and module units specified based on user and
Template is extracted, sorts out and is assembled to data packet before encrypting, then by escape unit according to data dictionary to the information content
It carries out escape and completes.Parsing module is used for long to obtain sample information by parsing UDP port number, parsing InforHeader
Degree is then based on sample information length and deletes sampled data, obtains IPSec ESP messages and it is decrypted.
Advantageous effect:The invention discloses a kind of support message information extraction and carrying while support IPSec messages NAT
The method and system passed through.It may insure that message content extracts before ipsec encryption by this method, it adopted
Sample arranges, and carries transmission with message, can be very convenient for the sampling server or task equipment that are set in transmission process
Get sample information.Present invention provides a set of mechanism simultaneously to protect sample information, it is ensured that in ESP encryptions
Holding will not reveal because of sample information or be tracked by emphasis.Ipsec encryption report can be solved using the system and method for the present invention
The problem of literary deep analysis cost is high, strong guarantee is provided for the data source needed for growing big data analysis.
Description of the drawings
Fig. 1 is IPSec ESP message structure schematic diagrames under transmission mode;
Fig. 2 is IPSec ESP message structure schematic diagrames under tunnel mode;
Fig. 3 is the message structure schematic diagram that NAT is passed through under scene;
Fig. 4 is the overview flow chart of the method for the present invention;
Fig. 5 is the application scenarios and operation principle schematic diagram of the present invention;
Fig. 6 is the flow chart that IPSec messages are encapsulated according to the peer-to-peer of the embodiment of the present invention;
Fig. 7 is the InforHeader structure according to the embodiment of the present invention and passes through message organigram;
Fig. 8 is the flow chart that IPSec messages are decapsulated according to the peer-to-peer of further embodiment of this invention;
Fig. 9 is the system global structure schematic diagram of the present invention;
Figure 10 is the system structure diagram according to further embodiment of this invention.
Specific embodiment
Technical scheme of the present invention is described further below in conjunction with the accompanying drawings.
The invention discloses a kind of sides that message information is supported to extract and carry while IPSec messages NAT is supported to pass through
Method.As shown in figure 4, IPSec message NAT through method according to embodiments of the present invention includes the following steps:Step 10, construction are worn
More message:Data packet before encrypting is extracted, is sorted out, is assembled and escape, then successively packaging information head InforHeader and
Then packaged sampled data is put into after the IP heads of ESP messages by designated port UDP heads;Report is passed through in step 20, parsing
Text:UDP port number, parsing InforHeader are parsed, obtains sample information length, the deletion of sample information length is then based on and adopts
Sample data obtain IPSec ESP messages and it are decrypted.It may insure message content in ipsec encryption by this method
It extracts, and is carried with message before, it can be for the sampling server or special equipment that are set in transmission process very easily
Sample information is got, so as to provide reliably and effectively data source for big data analysis.While present invention provides
A set of mechanism protects sample information, it is ensured that ESP encrypted contents will not be revealed because of sample information or be tracked by emphasis.
Fig. 5 shows application scenarios of the present invention and operation principle schematic diagram, as shown in figure 5, ipsec peer establish with
Afterwards, peer-to-peer A and peer-to-peer B are communicated by respective carrier gateway via internet, and sampling server can be to each
The data of a network node are sampled.The safety of sample information and agility in order to balance pass through the transmission range of message
It is divided into trust region and distrusts region, in trust region, sampling server has the template and dictionary of sampled data, can
Easily to get correct sample information;Although sampled data can also be accessed by being not trusted region, letter is not known
The clear and definite meaning of breath.The disclosure of sampled data is constrained and has scope limitation, can pass through the informational power to sampled data
Degree carries out control and information escape, sensitive information leakage or characteristic information to be avoided to be tracked.In the feelings of indefinite type meaning
Under condition, IPSec ESP content safeties are protected to a certain extent, it is ensured that will not be because of the sensitive word in the extraction information of its carrying
And it is tracked by packet capture person emphasis.
Information type in Simultaneous Sampling Data can also define safe class as required in data dictionary.For safety
The minimum information of class requirement, can be without escape, this partial information is showed with script meaning.Safe class is required to get over
High message, the meaning the fuzzy more deviates script meaning or even the meaning of a word and runs counter to, and needs to obtain by dictionary and information model
To precise meaning.
To the principle of data template and data dictionary, detailed description are as follows herein:
Data template defines the assembling form of message extraction information, is that user defines and is configured to ipsec peer and sets
It is standby upper.For example, in xml form, according to the classification per extract information in extraction information, the content for extracting information is carried out
Tissue.There is fixed form, the extraction information that IPSec messages carry is parsed and identified convenient for IPSec opposite equip.s.
Data dictionary contains user-defined sensitive vocabulary and universal word and its corresponding escape content and safety
Grade.The structure of data dictionary is shown in Fig. 5.Using data dictionary by escape replacement operation after, the message that gets well construction
Extraction information becomes to deviate its original meaning, accordingly even when IPSec messages are intercepted by other equipment and get the extraction letter of its carrying
Breath, it is also difficult to its clear and definite real meaning.The safe class of sensitivity vocabulary therein is the sensitivity according to user according to business information
Property defines.Such as:The sensitivity lexical information such as userName, password, port can be defined as advanced.Video, audio,
The APP such as QQ Type can be defined as middle rank.Universal word popular word such as picture, get can be defined as rudimentary.
Universal word can be without escape.
Under this traversing method, data template and dictionary that peer-to-peer both sides use can be updated regularly and know IPSec
Sampling server or task equipment can be arrived, sampled data escape part is prevented to be tracked and crack due to long-time service.
Fig. 6 shows the flow chart of peer-to-peer encapsulation IPSec messages according to embodiments of the present invention, when transmitting terminal constructs
Processing when IPSec passes through message is as follows:
Step 101, the IPSec pass through the corresponding business of business it is enabled when, perform step 102 and carry out message deep analysis,
Otherwise by former flow processing.
Step 102, peer-to-peer carry out deep analysis to message, obtain the key message in load.The process of deep analysis
The message deep analysis library that is configured is relied in peer device to carry out.
Step 103, the sample information template and data dictionary for obtaining configuration.Wherein sample information template definition sampling letter
The form of construction is ceased, and data dictionary will be used at step 104.
Step 104 constructs the message information that step 102 is extracted according to sample template into row format, then goes to step 105
Processing.
Step 105, the definition in data dictionary carry out escape to the keyword in sample information, then go to step
106 processing.
Step 106, the sample information packaging information head InforHeader to have constructed.Fig. 7 shows according to the present invention
The InforHeader structures of embodiment and message composition is passed through, it is crucial that identification field and length word in InforHeader
Section, identification field shows whether the data behind UDP are InforHeader, for example, being defined as 0xAA55 in structural scheme
The mark of InforHeader, then identification field value is 0xAA55 just it is considered that UDP are followed by InforHeader.Length
Field shows the length of sampled data, and the length field shown in Fig. 7 occupies 2Byte, that is, 16bit to store, represents supported
Sampled data length is 0-65535Byte.Then 107 processing are gone to step.
Step 107 after completing InforHeader encapsulation, continues as sample information encapsulation UDP heads.Wherein UDP port number is
User is configured at ipsec peer both ends, for identifying the message that the IPSec NAT pass through encapsulation, so far sample information structure
It makes and finishes.
After step 108, message complete ipsec encryption processing, the sample information data segment that step 107 has constructed is inserted into
After the IP heads of IPSec, IPSec passes through message and is so far finished with regard to construction.
As shown in figure 8, opposite end IPSec opposite ends peer-to-peer receives this, to pass through the processing after message as follows:
Step 201, opposite end peer-to-peer are received after the IPSec passes through message, carry out IP and UDP packet parsings first.
Step 202, when parsing the ports of UDP messages and passing through the corresponding port numbers of business for the IPSec, be shown to be and wear
More message needs to go to step 203 further determine whether it is sample information;If UDP port number is not belonging to pass through message, press
Former flow processing is continued with by UDP packet parsing flows.
Step 203, analytic message InforHeader obtain the identification field and length field of InforHeader.Otherwise
By former flow processing.
Step 204 judges by the way that whether the identification field of InforHeader is identical with the value of schema definition
Whether InforHeader is legal.If legal go to step 205 processing, otherwise by former flow processing.
Step 205, obtain InforHeader in length field, according to this length+UDP headings length (fixation)+
This body length of InforHeader (fixation), you can know the total length of sample information.
The length of step 206, the sampled data calculated according to step 205, deletion include UDP, InforHeader
Whole sampled datas inside.IPSec ESP messages can normally be decrypted below.
As shown in figure 9, the system global structure schematic diagram for the present invention, which includes the constructing module interconnected
100 and parsing module 200, wherein, constructing module 100 passes through message for constructing:Sampled data is arranged, then to whole
Sampled data after reason packaging information head InforHeader and designated port UDP heads successively, packaged sampled data is put into
After the IP heads of ESP messages.Parsing module 200 is used to parse the message that passes through received:By parsing udp port
Number, parsing InforHeader obtain sample information length, be then based on sample information length and delete sampled data, obtain IP
Sec ESP messages are simultaneously decrypted it.
Figure 10 is the system structure diagram according to another embodiment of the present invention.The arrangement of sampled data is passed sequentially through and is carried
Take unit 110, sort out strategy that unit 120 and module units 130 specified based on user and template to data packet before encrypting into
Row extraction is sorted out and is assembled, then carries out escape to the information content according to data dictionary to complete by escape unit 140.Construction
Module 100 includes:Extraction unit 110 for doing deep analysis to message before encryption, and extracts message information;Sort out unit
120, for being sorted out according to application type to the message information extracted, such as video data, audio data etc.;Assembling is single
Member 130, is assembled and is constructed to the information after extracting, sorting out for the template according to user configuration;Escape unit 140 is used
According to data dictionary in the extraction information after assembling keyword carry out escape.
It should be understood by one skilled in the art that realizing all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, these programs can be stored in computer readable storage medium, which is performing
When, perform step including the steps of the foregoing method embodiments;The computer readable storage medium packet ROM, RAM, disk or CD etc.
The various media that can store program code.
The present invention provides a kind of realizations that message information is supported to extract and carry while IPSec messages NAT is supported to pass through
Method and system, there are many method and the approach for implementing the technical solution, and the above is only the preferred implementation side of the present invention
Formula, it is noted that for those skilled in the art, without departing from the principle of the present invention, may be used also
To make several improvements and modifications, these improvements and modifications also should be regarded as falling into protection scope of the present invention.
Claims (7)
1. a kind of IPSec NAT through method that message information is supported to extract and carry passes through message including construction and parsing is worn
More two stages of message, which is characterized in that the construction passes through message and includes:The strategy and template specified by user are to encryption
Preceding data packet is extracted, sorts out and is assembled, and is carried out escape to the information content further according to data dictionary, is completed sampled data
It arranges;It is complete in data packet to the UDP heads of the sampled data after arrangement successively packaging information head InforHeader and designated port
Into after encryption, packaged sampled data is put into after the IP heads of ESP messages;
The parsing is passed through message and is included:The message received is parsed, sample information length is obtained, based on sample information
Length deletes sampled data, obtains IPSec ESP messages and it is decrypted.
2. IPSec NAT through method according to claim 1, which is characterized in that the data dictionary is determined comprising user
The sensitive vocabulary and universal word of justice and its corresponding escape content and safe class.
3. IPSec NAT through method according to claim 1, which is characterized in that described information head InforHeader packets
Include identification field and length field, wherein the identification field show data behind UDP whether be
InforHeader, the length field are used to show the length of sampled data.
4. IPSec NAT through method according to claim 1, which is characterized in that the construction passes through message by sending
Peer-to-peer is held to complete, is included the following steps:
11) transmitting terminal peer-to-peer carries out deep analysis to message, obtains the key message in load;
12) preconfigured sample information template and data dictionary are obtained;
13) message information of step 11) extraction is constructed, and determined in data dictionary according to sample template into row format
Justice carries out escape to the keyword in sample information;
14) it is the sample information packaging information head InforHeader constructed, encapsulates UDP heads, so far sample information has constructed
Finish;
15) after message completes ipsec encryption processing, the sample information data segment that step 14) has constructed is inserted into the IP of IPSec
After head, IPSec passes through message construction and finishes.
5. IPSec NAT through method according to claim 1, which is characterized in that the parsing passes through message by receiving
Peer-to-peer is held to complete, is included the following steps:
21) receiving terminal peer-to-peer carries out IP and UDP packet parsings, when business pair is passed through in the port for parsing UDP messages for IPSec
During the port numbers answered, go to step and 22) handle;Otherwise by former flow processing;
22) analytic message InforHeader obtains the identification field and length field of InforHeader, if identification field is closed
Method goes to step and 23) handles, otherwise by former flow processing;
23) length field in InforHeader is obtained, according to this height of this length+UDP heading length+InforHeader
Degree obtains the total length of sample information;
24) according to the total length of sample information, whole sampled datas including UDP, InforHeader are deleted, then right
Remaining IPSec ESP messages are normally decrypted.
6. a kind of IPSec NAT ride through system that message information is supported to extract and carry, which is characterized in that including:
Constructing module, for being arranged to sampled data, then to the sampled data after arrangement successively packaging information head
Packaged sampled data is put into after the IP heads of ESP messages by the UDP heads of InforHeader and designated port;
Parsing module for obtaining sample information length by parsing UDP port number, parsing InforHeader, is then based on
Sample information length deletes sampled data, obtains IPSec ESP messages and it is decrypted;
Wherein, the strategy and template specified to the collation pass of sampled data based on user put forward data packet before encrypting
It takes, sort out and assembles, escape is carried out to the information content further according to data dictionary and is completed.
7. IPSec NAT ride through system according to claim 6, which is characterized in that the constructing module includes:
Extraction unit for doing deep analysis to message before encryption, and extracts message information;
Sort out unit, for sorting out according to application type to the message information extracted;
Module units is assembled and is constructed to the information after extracting, sorting out for the template according to user configuration;
Escape unit, for carrying out escape to the keyword in the extraction information after assembling according to data dictionary.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810026146.1A CN108200071A (en) | 2018-01-11 | 2018-01-11 | Support message information extraction and the IPSecNAT traversing methods and system that carry |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810026146.1A CN108200071A (en) | 2018-01-11 | 2018-01-11 | Support message information extraction and the IPSecNAT traversing methods and system that carry |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108200071A true CN108200071A (en) | 2018-06-22 |
Family
ID=62589056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810026146.1A Pending CN108200071A (en) | 2018-01-11 | 2018-01-11 | Support message information extraction and the IPSecNAT traversing methods and system that carry |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108200071A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109361590A (en) * | 2018-12-25 | 2019-02-19 | 杭州迪普科技股份有限公司 | It is a kind of to solve the obstructed method and apparatus of business access |
| WO2021037216A1 (en) * | 2019-08-29 | 2021-03-04 | 华为技术有限公司 | Message transmission method and device, and computer storage medium |
| CN112910729A (en) * | 2021-01-27 | 2021-06-04 | 江苏农林职业技术学院 | Method for supporting IPSec VPN data monitoring |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1445693A (en) * | 2002-03-19 | 2003-10-01 | 微软公司 | Safety digital data form and code forced implement policy |
| CN1697452A (en) * | 2005-06-17 | 2005-11-16 | 中兴通讯股份有限公司 | Method for protecting access security of IP multimedia subsystem based on IPSec passing through NAT |
| CN101543001A (en) * | 2006-11-30 | 2009-09-23 | 艾利森电话股份有限公司 | Packet handling in a mobile IP architecture |
| US20170104850A1 (en) * | 2015-10-13 | 2017-04-13 | Cisco Technology, Inc. | Multi-hop wan macsec over ip |
-
2018
- 2018-01-11 CN CN201810026146.1A patent/CN108200071A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1445693A (en) * | 2002-03-19 | 2003-10-01 | 微软公司 | Safety digital data form and code forced implement policy |
| CN1697452A (en) * | 2005-06-17 | 2005-11-16 | 中兴通讯股份有限公司 | Method for protecting access security of IP multimedia subsystem based on IPSec passing through NAT |
| CN101543001A (en) * | 2006-11-30 | 2009-09-23 | 艾利森电话股份有限公司 | Packet handling in a mobile IP architecture |
| US20170104850A1 (en) * | 2015-10-13 | 2017-04-13 | Cisco Technology, Inc. | Multi-hop wan macsec over ip |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109361590A (en) * | 2018-12-25 | 2019-02-19 | 杭州迪普科技股份有限公司 | It is a kind of to solve the obstructed method and apparatus of business access |
| WO2021037216A1 (en) * | 2019-08-29 | 2021-03-04 | 华为技术有限公司 | Message transmission method and device, and computer storage medium |
| CN112910729A (en) * | 2021-01-27 | 2021-06-04 | 江苏农林职业技术学院 | Method for supporting IPSec VPN data monitoring |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dyer et al. | Protocol misidentification made easy with format-transforming encryption | |
| CN110011931B (en) | Encrypted flow type detection method and system | |
| US7398386B2 (en) | Transparent IPSec processing inline between a framer and a network component | |
| CN102300210B (en) | LTE Non-Access Stratum ciphertext decryption methods and its monitoring signaling device | |
| CY1108561T1 (en) | PACKAGE DATA ARCHITECTURE SAFE ARCHITECTURE | |
| CN108200071A (en) | Support message information extraction and the IPSecNAT traversing methods and system that carry | |
| Lucena et al. | Syntax and semantics-preserving application-layer protocol steganography | |
| EP3693859B1 (en) | Method and system of latency assessment in a packet data network | |
| CN102347870A (en) | Flow rate security detection method, equipment and system | |
| CN107666486A (en) | A kind of network data flow restoration methods and system based on message protocol feature | |
| CN110392044B (en) | Information transmission method and device based on video networking | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| CN103227742B (en) | A kind of method of ipsec tunnel fast processing message | |
| CN110011786A (en) | A kind of IP secret communication method of high safety | |
| Anderson et al. | Limitless http in an https world: Inferring the semantics of the https protocol without decryption | |
| CN107124385A (en) | A kind of SSL/TLS agreement clear data acquisition methods based on mirror image stream | |
| CN106161386A (en) | A kind of method and apparatus realizing that IPsec shunts | |
| CN105979513B (en) | A kind of decryption method and system of VoLTE network SGI interface | |
| CN112104589B (en) | End-to-end encryption method with width integration | |
| CN114826748B (en) | Audio and video stream data encryption method and device based on RTP, UDP and IP protocols | |
| Pluskal et al. | Netfox Detective: A tool for advanced network forensics analysis | |
| CN115834026A (en) | Safety encryption method based on industrial protocol | |
| Wagner et al. | Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols | |
| CN110572415B (en) | Safety protection method, equipment and system | |
| Luo et al. | Behavior-based method for real-time identification of encrypted proxy traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180622 |