CN102724173A - System and method for realizing IKEv2 protocol in MIPv6 environment - Google Patents

System and method for realizing IKEv2 protocol in MIPv6 environment Download PDF

Info

Publication number
CN102724173A
CN102724173A CN2011102134755A CN201110213475A CN102724173A CN 102724173 A CN102724173 A CN 102724173A CN 2011102134755 A CN2011102134755 A CN 2011102134755A CN 201110213475 A CN201110213475 A CN 201110213475A CN 102724173 A CN102724173 A CN 102724173A
Authority
CN
China
Prior art keywords
mipv6
ikev2
agreement
ike
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011102134755A
Other languages
Chinese (zh)
Inventor
刘�东
刘铭
步日欣
谷晨
董伟
程远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Original Assignee
BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING TIANDI INTERCONNECTION INFORMATION TECHNOLOGY Co Ltd
Priority to CN2011102134755A priority Critical patent/CN102724173A/en
Publication of CN102724173A publication Critical patent/CN102724173A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a system and method for realizing an intemet key exchange (IKE)v2 protocol in an MIPv6 (mobile IPv6) environment. According to the system, a routing mechanism is established at an MN terminal; more specifically, a same local like address X is uniformly configured to all access routers (AR) in a network and a default route is arranged at the MN terminal, wherein the gateway is the address X; a data packet that is sent by the MN to an HA is routed to an AR terminal and the AR forwards the data packet to the HA according to a destination address; a data packet that the HA is returned to the MN is routed to the AR and then the AR forwards the data packet to the MN. A set of flags is established in user space at the MN terminal; a security association (SA) trigger mechanism is added into kernel space and an MIPv6 process decides whether to start the SA trigger mechanism by determining values of the flags; an IKEv2 process decides whether to initiate IKE communication between the MN and the HA by determining the flag values and secret key negotiation is carried out. According to the invention, problems that IKEv2 negotiation between an MN and an HA before MIPv6 mobile registration is realized and an MIPv6 triggers an IKEv2 protocol to carry out negotiation can be effectively solved, thereby realizing the IKEv2 protocol in an MIPv6 environment and solving a problem of network security in the MIPv6 environment.

Description

Under the MIPv6 environment, realize the system and method for IKEv2 agreement
Technical field
The present invention relates to a kind of system and method for under the MIPv6 environment, realizing the IKEv2 agreement.
Background technology
The extensive use with the mobile portable terminal that develops rapidly along with Internet realizes more and more important to ambulant support in the Internet.But mobility is not supported in traditional I P design.Because traditional I P agreement IP addresses of nodes as the unique identification of node in Access Network; Node is through its IP address transceive data; And the Routing Protocol that the router in the network uses generally is based on the forwarding of purpose network prefix, if node is if be moved, the destination is that the bag of this IP network prefix will send to original network; The node that has so moved can not receive the packet of issuing it, and communication can be interrupted.For this reason, the IETF tissue has proposed mobile IP (Mobile IP, notion MIP).And to the various network type, designed respectively the mobile IPv 4 agreement (Mobile IPv4, MIPv4) and mobile IPv 6 protocol (MobileIPv6, MIPv6).
The MIP agreement is a kind of mobility solution that is deployed in Global Internet, its work and network layer, and this makes upper-layer protocol transparent to moving.The proposition of MIP agreement can make node under the prerequisite that does not change its IP address and existing route framework, free-roaming in network, and keep the continuation of communication.
Encrypt for authentication under the MIPv6 environment and signaling, IETF has proposed to adopt the mobile signaling protocol message between ipsec protocol protection mobile node MN and home agent HA.It can effectively prevent wiretapping, message block or attacks such as forgery and DoS.And the use of ipsec protocol just relates to the foundation of the security alliance SA (security association) that mobile node and home agent ask.Ripe at present scheme is internet key exchange IKE agreement (Intemet Key Exchange); It is based upon on the framework of internet security alliance and IKMP ISAKMP; Define authentication between communication entity, consulted encryption algorithm and generated the method for sharing session key; Under the MIPv6 environment, consult SA through the IKE protocol dynamic, realize the mobile signaling protocol message ipsec encryption between mobile node and home agent.
IETF has introduced under the MIPv6 in RFC 3776 and the implementation criteria of ipsec protocol in detail.Propose therein to realize the IPSec ESP encipherment protection of the mobility signaling between MN and HA through adopting the IKE protocol dynamic to create and safeguard the SA that MN and HA ask.Afterwards along with the improvement of ipsec protocol in RFC24301, make and to discern slip-on head by the IPSec selector (Mobility Header, MH) type have realized the support of ipsec protocol to MIPv6.IETF improves original RFC 3776 standards to this change at the RFC4877 of issue in 2007, and adopts new IKEv2 agreement to realize key agreement, has simplified the mutual complexity of MIPv6 and IPSec and IKEv2 agreement greatly.But the IKEv2 agreement is to be based upon the key agreement protocol that static node is asked, the mailing address of mobile node MN can move and changes along with MN in the MIPv6 agreement, how in the MIPv6 environment, to realize the IKEv2 agreement, does not still have clear and definite solution.
Summary of the invention
In view of the problem of above-mentioned existence, the object of the present invention is to provide the system and method for realizing the IKEv2 agreement under a kind of MIPv6 environment.
For realizing above-mentioned purpose, the present invention adopts following technical scheme:
A kind of system that under the MIPv6 environment, realizes the IKEv2 agreement; This system has set up a kind of routing mechanism at the MN end; Be about to identical link-local address X of the unified configuration of all couple in router AR in the network, at the MN end default route be set, gateway is address X; The packet that MN sends to HA at first is routed to the AR end, and AR is transmitted to HA according to destination address with it; HA is routed to AR earlier to the packet that MN replys, and AR is transmitted to MN afterwards;
This system has also set up the negotiation mechanism that a kind of MIPv6 triggers the IKEv2 agreement at the MN end; Promptly create a group mark position flag in user's space; Add the SA trigger mechanism in kernel spacing, whether the MIPv6 process starts the SA trigger mechanism through the value of judging flag with decision; The IKEv2 process is through judging whether the flag value is initiated MN with decision and communicated by letter arranging key with IKE between the HA.
Further:
Said MN end adopts the shared drive strategy to realize communicating by letter between said MIPv6 process and IKEv2 process.
Said startup SA trigger mechanism at first makes up a BU message, sends through communication interface, and this BU message will be called IKEv2 process creation SA through kernel IPSec module the time, and when SA set up successfully, MN sent normal BU message to HA again.
A kind of method that under the MIPv6 environment, realizes the IKEv2 agreement may further comprise the steps:
MN constantly carries out router and finds;
When finding to be linked into new following time of AR, MN according to shared drive distinctive emblem position judge with HA between whether have corresponding SA, if existence is then directly sent BU and is registered; If do not exist, then send self-defined BU, it is mutual to trigger IKE, sets up required IPSec SA through the IKE agreement;
SA generates back MN and moves registration again, and oneself can be protected BU at this moment, BA message by IPSec ESP;
When the IPSec SA between MN, HA was expired, it is mutual that MN initiates IKE, rebulids SA.
The present invention efficiently solves MIPv6 and moves the problem that realizes between preceding MN of registration and the HA that IKEv2 consults and MIPv6 triggering IKEv2 agreement is held consultation; And then under the MIPv6 environment, realized the IKEv2 agreement, broken through a network security difficult problem under the Next Generation Internet MIPv6 environment.
Description of drawings
Fig. 1 is the routing mechanism sketch map of MN end among the present invention;
Fig. 2 triggers the negotiation mechanism sketch map of IKEv2 for the MIPv6 of MN end among the present invention;
Fig. 3 triggers the embodiment sketch map that IKEv2 holds consultation for the MIPv6 of MN end among the present invention;
Fig. 4 is a Message Processing flow chart of realizing the IKEv2 agreement under the MIPv6 environment of the present invention.
Embodiment
The IKE agreement is a kind of general mixed type agreement, and it is based upon on the framework of Intemet Security Association and IKMP (ISAKMP) definition, has defined to carry out authentication, AES negotiation between communication entity and share the method that session key generates.The IKE agreement exchanges non-key data through the asymmetric arithmetic of a series of strong securities, realizes both sides' key change, and it has solved the foundation of safety in unsafe network or has upgraded the problem of sharing key.
The IKEv2 agreement is the IKE agreement that current internet is approved most, and it adopts UDP to carry, and a last version IKEv1 has been made significant improvement, has simplified message, has replaced encryption grammer or the like.It provides support for communication-peers dynamic negotiation key.Having defined three kinds of interacting message types in the IKEv2 agreement, is respectively that Initial is mutual, CREATE-CHILD-SA is mutual and Informational is mutual.Initial reciprocal process is accomplished and is set up IKE SA and CHILD SA (being IPSec SA).This process is accomplished by 4 message: it is mutual that preceding two message are called IKE SA INIT, carries out mainly that AES is consulted, nonce exchange and a D.H key change, thereby generate the key material that is used to encrypt with authentication; It is mutual that two message in back are called IKE AUTH, mainly preceding two message carried out authentication, accomplishes authentication simultaneously, sets up IKE SA and primary CHILD SA then.The key material that data in the IKE AUTH reciprocal process have all adopted IKE SA 1NIT to generate is encrypted, and guarantees that identity information wherein is not stolen.CREATE CHILD SA reciprocal process is after the mutual completion of Initial, generates extra CHILD SA or carries out key reconsul negotiation (rekeying).Informational reciprocal process transmitting control message is used for notifying the opposite end to make a mistake or some incident.This process must be after Initial be mutual, and under the protection of IKE SA, carries out.
But in the MIPv6 environment, dispose the IKEv2 agreement, realize that the SA dynamic negotiation between MN and HA faces the problem of two keys all the time:
First problem is, when MN after the other places obtains new Care-of Address CoA (Care of Address), need move registration process, notify HA new CoA.If at this moment do not set up IPSec SA as yet between MN, HA or SA expired, then both sides will carry out ike negotiation earlier before moving registration.And this moment, MN did not have the route to HA, and HA does not know the CoA of MN yet, and the communication of UDP is obstructed, and this causes the mutual negotiation of IKE to carry out, thereby can not set up IPSec SA.
Another problem is; IKEv2 is the key agreement that is based upon on the IP address; When main frame sends packet, at first according to parameter query Security Policy Database SPD (SP Database) such as source address, destination address, protocol types, if SPD does not have strategy; Then let slip, this bag is gone to the IP layer handle; If corresponding strategies is arranged among the SPD, then according to the corresponding SP query safe database SAD of alliance (SA Database), and obtain encryption parameter among the corresponding SA and packet is carried out IPSec handle, go to the IP layer afterwards and handle; If do not find corresponding SA, then call the IKE agreement, set up SA through the rule among the SP at two communication entities, carry out that afterwards IPSec handles etc.
And in the MIPv6 agreement; Mobile signaling protocol binding update messages BU (Binding Update) between MN and the HA and binding response message BA (Binding Acknowledgement) adopt the CoA of MN as source address/destination address, and CoA moves continuous variation with MN.Though it is home address rather than CoA through MN for the coupling of SA that standard has defined about BU/BA, situation at this moment is to have set up effective SA between MN, HA; If also do not have SA this moment, after then mobile entity sent BU/BA, according to parameter query SPD such as MN end address CoA, HA address, protocol types, and the strategy among the SPD all should be based on the HoA of MN.So can not find the SP of coupling, and then can't trigger the IKE protocol interaction and set up SA.
Can find out by above analysis, under the MIPv6 environment, realize solving two problems the IKEv2 agreement:
1) MIPv6 moves between the preceding MN of registration, HA how to realize that IKEv2 consults;
2) how MIPv6 triggers the negotiation of IKEv2.
Below in conjunction with accompanying drawing and embodiment the present invention is done further detailed description.
For move registration at MIPv6 before, realize that the IKEv2 between MN and HA consults, the present invention has set up a kind of stable routing mechanism at the MN end, and MN is communicated by letter newly can carrying out UDP with HA under the couple in router AR arbitrarily.
Fig. 1 is the routing mechanism sketch map of MN end among the present invention.Like figure, an identical link-local address X has been disposed in all couple in router AR unifications in the network, at the MN end default route is set, and gateway is address X.Like this, when MN moves to following time of nonlocal AR, MN obtains new CoA, carries out address duplicate detection DAD (Duplicate Address Detection) process then, with the CoA of MN and MAC Address in the binding of AR end.MN sends the UDP bag to HA, and source address is CoA, and destination address is the HA address, and packet at first is routed to the AR end, and AR is transmitted to HA according to destination address with it afterwards; HA replys the UDP bag to MN, and source address is the HA address, and destination-address is CoA, and the UDP bag is routed to AR earlier according to destination address, and AR is transmitted to MN afterwards.
The interpolation of MN end default route can realize that this order is write among file/etc/rc.d/rc.10cal, and MN will configure this default route in opening initialization through the linux system order.
Be to solve the negotiation problem that MIPv6 triggers IKEv2, the present invention introduces a kind of through the SP among the SPD of correct coupling IKE process configuration in the MIPv6 agreement, and according to this SP triggering IKE agreement so between MN and HA the mechanism of establishment SA.Because mobile registration processes all in the MIPv6 agreement are all initiated by the MN end, so this trigger mechanism only needs to add at the MN end, HA need not make any change as the responding terminal of communicating pair.
Fig. 2 triggers the negotiation mechanism sketch map of IKEv2 for MN end MIPv6 among the present invention.As shown in the figure, at the MN end, create a group mark position flag in user's space, its parameter value is by MIPv6 process and the decision of IKEv2 process; Add the SA trigger mechanism in kernel spacing, it can judge whether to help MIPv6 process triggers IKEv2 to carry out the negotiation of SA according to the parameter value of user's space flag, and the state of SA also can influence the parameter value of flag simultaneously.
Shared drive is that (Interprocess Communication, IPC) mode also are the fastest IPC forms in effectively interprocess communication.Two different process A, B shared drives are meant that same physical memory is mapped to the process A and the B process address space separately.Process A can see process B immediately to updating data in the shared drive, and vice versa.Shared drive has System V and POSIX dual mode.What the present invention adopted is System V shared drive.
The SystemV shared drive mainly contains following API:shmget0, shmat0, shmdt0, shrnctl0.Wherein: shmget () function is used for obtaining the ID in shared drive zone, if do not exist the shared region of appointment just to create corresponding zone.The shmat0 function is mapped to the shared drive zone in the address space of calling process, like this, process just can be easily to the operation that conducts interviews of shared drive zone.The shmdt0 function is used for the releasing process to the regional mapping of shared drive.The shmctl0 function is realized the control operation to the shared drive zone.
Fig. 3 triggers the embodiment sketch map that IKEv2 holds consultation for the MIPv6 of MN end among the present invention.In shared memory space two flag bit A, B are set, flag bit A is used for whether existing between mark MN, HA effective SA; Flag bit B is used to judge whether the MN end starts the SA trigger mechanism.
Like figure, because same group mark position flag need be checked, managed to MIPv6 process and these two processes of IKEv2 process jointly, so adopt the shared drive strategy to realize the communication between two processes at the MN end, the present invention adopts System V shared drive.Present embodiment is provided with flag bit A, B in the shared drive district, concrete:
For the MIPv6 process, to, HA at first visit the shared drive district when sending BU message when detecting; Read the value of flag bit B: if B=1; Then this moment, communicating pair was set up effective SA, and MN directly sends normal BU message to HA, and its source address is CoA; This message can find relevant SA through kernel IPSec module the time, therefrom extracting parameter and encryption and package are sent; If B=0, then this moment, communicating pair was not set up effective SA as yet, and MN starts the SA trigger mechanism, and at first the value with flag bit A is written as 1, the HoA that to make up a source address then be MN, and destination address is the BU message of HA, sends through communication interface.Attention: this BU message can be inquired about SPD through kernel IPSec module the time; Can find relevant security strategy SP therein; But in SAD, can not find corresponding SA, at this moment will call IKEv2 process creation SA, when judging the worthwhile B=1 of B afterwards once more; SA has set up success, and MN sends normal BU message to HA again.
For the IKEv2 process, its IPSec control module is constantly intercepted the kernel announcement, when receiving the message of creating SA; IKEv2 visit shared drive district; Read the value of flag bit A:, withdraw from and continue to wait for the kernel announcement if A=0 illustrates that MN this moment, HA ask and set up effective SA; If A=1 then calls network control module, initiate the IKE communication between MN and the HA based on kernel information, arranging key is created SA, makes B=1 afterwards, and A=0 withdraws from and continues to wait for the kernel announcement.
Fig. 4 is a Message Processing flow chart of realizing the IKEv2 agreement under the MIPv6 environment of the present invention.As shown in the figure, MN constantly carries out router and finds, when finding to be linked into new following time of AR, MN initiates to move registration process, this moment MN can according to shared drive distinctive emblem position judge with HA between whether have corresponding SA.If exist, then directly send BU and register; If do not exist, then send self-defined BU, it is mutual to trigger IKE, sets up required IPSec SA through the IKE agreement; SA generates back MN and moves registration again, and oneself can be protected BU at this moment, BA message by IPSec ESP.When the IPSec SA between MN, HA was expired, it is mutual that MN also should initiate IKE, rebulids SA.
The system that under the MIPv6 environment, realizes the IKEv2 agreement of the present invention; Solve MIPv6 effectively and moved the problem that realizes between preceding MN of registration and the HA that IKEv2 consults and MIPv6 triggering IKEv2 agreement is held consultation; And then under the MIPv6 environment, realized the IKEv2 agreement, broken through a network security difficult problem under the Next Generation Internet MIPv6 environment.
The above is preferred embodiment of the present invention and the know-why used thereof; For a person skilled in the art; Under the situation that does not deviate from the spirit and scope of the present invention; Any based on conspicuous changes such as the equivalent transformation on the technical scheme of the present invention basis, simple replacements, all belong within the protection range of the present invention.

Claims (4)

1. system that under the MIPv6 environment, realizes the IKEv2 agreement is characterized in that:
This system sets up a kind of routing mechanism at the MN end, is about to identical link-local address X of the unified configuration of all couple in router AR in the network, at the MN end default route is set, and gateway is address X; The packet that MN sends to HA at first is routed to the AR end, and AR is transmitted to HA according to destination address with it; HA is routed to AR earlier to the packet that MN replys, and AR is transmitted to MN afterwards;
This system also sets up the negotiation mechanism that a kind of MIPv6 triggers the IKEv2 agreement at the MN end, promptly creates a group mark position flag in user's space, adds the SA trigger mechanism in kernel spacing, and whether the MIPv6 process starts the SA trigger mechanism through the value of judging flag with decision; The IKEv2 process is through judging whether the flag value is initiated MN with decision and communicated by letter arranging key with IKE between the HA.
2. MIPv6 environment as claimed in claim 1 is realized the system of IKEv2 agreement down, it is characterized in that:
Said MN end adopts the shared drive strategy to realize communicating by letter between said MIPv6 process and IKEv2 process.
3. MIPv6 environment as claimed in claim 1 is realized the system of IKEv2 agreement down, it is characterized in that:
In said startup SA trigger mechanism, at first make up a BU message, to send through communication interface, this BU message will be called IKEv2 process creation SA through kernel IPSec module the time, and when SA set up successfully, MN sent normal BU message to HA again.
4. method that under the MIPv6 environment, realizes the IKEv2 agreement is characterized in that may further comprise the steps:
MN constantly carries out router and finds;
When finding to be linked into new following time of AR, MN according to shared drive distinctive emblem position judge with HA between whether have corresponding SA, if existence is then directly sent BU and is registered; If do not exist, then send self-defined BU, it is mutual to trigger IKE, sets up required IPSec SA through the IKE agreement;
SA generates back MN and moves registration again, and oneself can be protected BU at this moment, BA message by IPSec ESP;
When the IPSec SA between MN, HA was expired, it is mutual that MN initiates IKE, rebulids SA.
CN2011102134755A 2011-07-28 2011-07-28 System and method for realizing IKEv2 protocol in MIPv6 environment Pending CN102724173A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011102134755A CN102724173A (en) 2011-07-28 2011-07-28 System and method for realizing IKEv2 protocol in MIPv6 environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011102134755A CN102724173A (en) 2011-07-28 2011-07-28 System and method for realizing IKEv2 protocol in MIPv6 environment

Publications (1)

Publication Number Publication Date
CN102724173A true CN102724173A (en) 2012-10-10

Family

ID=46949836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011102134755A Pending CN102724173A (en) 2011-07-28 2011-07-28 System and method for realizing IKEv2 protocol in MIPv6 environment

Country Status (1)

Country Link
CN (1) CN102724173A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535834A (en) * 2019-08-09 2019-12-03 苏州浪潮智能科技有限公司 A kind of accelerated processing method and system of network security IPsec

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585405A (en) * 2004-06-04 2005-02-23 西安电子科技大学 Wide-band wireless IP network safety system structure and realizing method
US20060105741A1 (en) * 2004-11-18 2006-05-18 Samsung Electronics Co., Ltd. Method and apparatus for security of IP security tunnel using public key infrastructure in mobile communication network
CN101031133A (en) * 2006-03-01 2007-09-05 华为技术有限公司 Method and apparatus for determining mobile-node home agent
CN101193130A (en) * 2006-11-21 2008-06-04 中兴通讯股份有限公司 Method for penetrating NAT in mobile IPv6
CN101213797A (en) * 2005-06-30 2008-07-02 松下电器产业株式会社 Optimized reverse tunnelling for packet switched mobile communication systems
CN101478750A (en) * 2009-01-23 2009-07-08 西安电子科技大学 Fast switch and authentication fusion method based on IPSec
WO2010049574A1 (en) * 2008-10-29 2010-05-06 Nokia Corporation Connection management

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1585405A (en) * 2004-06-04 2005-02-23 西安电子科技大学 Wide-band wireless IP network safety system structure and realizing method
US20060105741A1 (en) * 2004-11-18 2006-05-18 Samsung Electronics Co., Ltd. Method and apparatus for security of IP security tunnel using public key infrastructure in mobile communication network
CN101213797A (en) * 2005-06-30 2008-07-02 松下电器产业株式会社 Optimized reverse tunnelling for packet switched mobile communication systems
CN101031133A (en) * 2006-03-01 2007-09-05 华为技术有限公司 Method and apparatus for determining mobile-node home agent
CN101193130A (en) * 2006-11-21 2008-06-04 中兴通讯股份有限公司 Method for penetrating NAT in mobile IPv6
WO2010049574A1 (en) * 2008-10-29 2010-05-06 Nokia Corporation Connection management
CN101478750A (en) * 2009-01-23 2009-07-08 西安电子科技大学 Fast switch and authentication fusion method based on IPSec

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
H. SOLIMAN: "《Hierarchical Mobile IPv6 (HMIPv6) Mobility Management》", 《IETF》, 31 October 2008 (2008-10-31) *
曹静: "《移动IPsec研究和NS-2仿真实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 12, 15 December 2010 (2010-12-15) *
李大庆: "《移动IPV6切换技术的研究与实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑 》, no. 11, 15 November 2010 (2010-11-15), pages 136 - 285 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535834A (en) * 2019-08-09 2019-12-03 苏州浪潮智能科技有限公司 A kind of accelerated processing method and system of network security IPsec
CN110535834B (en) * 2019-08-09 2021-11-09 苏州浪潮智能科技有限公司 Accelerated processing method and system for network security IPsec

Similar Documents

Publication Publication Date Title
Arkko et al. Using IPsec to protect mobile IPv6 signaling between mobile nodes and home agents
Frankel et al. Ip security (ipsec) and internet key exchange (ike) document roadmap
US8549294B2 (en) Securing home agent to mobile node communication with HA-MN key
US20060182083A1 (en) Secured virtual private network with mobile nodes
EP1978698A1 (en) A COMMUNICATION METHOD FOR MIPv6 MOBILE NODES
US20070177550A1 (en) Method for providing virtual private network services to mobile node in IPv6 network and gateway using the same
JP2003051818A (en) Method for implementing ip security in mobile ip networks
US20080219224A1 (en) System and Method for Providing Secure Mobility and Internet Protocol Security Related Services to a Mobile Node Roaming in a Foreign Network
EP1466458B1 (en) Method and system for ensuring secure forwarding of messages
US20070234036A1 (en) Network mobility node authentication
CN101478388B (en) Multi-stage security mobile IPSec access authentication method
Moravejosharieh et al. Overview of mobile IPv6 security
CN1980231B (en) Method for renewing fire-retardant wall in mobile IPv6
CN102724173A (en) System and method for realizing IKEv2 protocol in MIPv6 environment
CN101715179A (en) Method for constructing safety system and safety mechanism for mobile IP
Inoue et al. Secure mobile IP using IP security primitives
KR100799575B1 (en) Method for providing VPN services to Mobile Node in IPv6 network and gateway using the same
CN102281287A (en) TLS (transport layer security)-based separation mechanism mobile signaling protection system and method
Al Hawi et al. Secure framework for the return routability procedure in MIPv6
CN100536471C (en) Method for effective protecting signalling message between mobile route and hometown agent
Mufti et al. Design and implementation of a secure mobile IP protocol
Chandrasekaran Mobile ip: Issues, challenges and solutions
Samoui et al. Improved IPSec tunnel establishment for 3GPP–WLAN interworking
Qiu et al. Mobile personal firewall
Arkko et al. RFC 3776: Using IPsec to protect mobile IPv6 signaling between mobile nodes and home agents

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20121010