CN109639721A - IPsec message format processing method, device, equipment and storage medium - Google Patents
IPsec message format processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN109639721A CN109639721A CN201910016308.8A CN201910016308A CN109639721A CN 109639721 A CN109639721 A CN 109639721A CN 201910016308 A CN201910016308 A CN 201910016308A CN 109639721 A CN109639721 A CN 109639721A
- Authority
- CN
- China
- Prior art keywords
- data
- address
- packet data
- new
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a kind of IPsec message format processing method, device, equipment and computer readable storage mediums.Wherein, method includes the IP packet data that receiving mac layer is sent, and reads purpose IP address from IP packet data;It is matched from Security Policy Database according to purpose IP address and obtains new source IP address and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, encryption key is obtained according to new purpose IP address query safe linked database;According to encryption key, IP packet data are encrypted based on encryption data format, obtain encryption message data;New IP header is generated for IP packet data, and IP packet data trailer will be added to by the authentication data of default authentication data format analysis processing, as new IP packet data;Transmit encryption message data and new IP packet data.IP packet data format is carried out collection and uniform disposal by the application, is adapted to various TCP (UDP)/IP network environment, is improved code specification, improves IPsec performance.
Description
Technical field
The present embodiments relate to IPsec technical fields, more particularly to a kind of IPsec message format processing method, dress
It sets, equipment and computer readable storage medium.
Background technique
The working principle of IPsec (Internet Protocol Security Internet, protocol safety) is can be with
The communication data packet for carrying out IP grades for user encrypts, even if network packet is stolen in network transmission, also can not
Information is checked, to be effectively guaranteed data in the safety of transport layer.
But in ipsec technology practical application, during being encrypted and being verified, encryption and verification algorithm need
Message bit wide it is generally different with TCP/IP network, mac layers, IP layers, the bit wide of original ip message it is different, IP packet is packaged into ESP
Format message needs the transformation by multiple message format.
Summary of the invention
The embodiment of the present disclosure provides a kind of IPsec message format processing method, device, equipment and computer-readable storage
IP packet data format is uniformly processed medium, realizes the IPSec under TCP (UDP)/IP network of different bit wides
Versatility, improve code specification, improve IPsec performance.
In order to solve the above technical problems, the embodiment of the present invention the following technical schemes are provided:
On the one hand the embodiment of the present invention provides a kind of IPsec message format processing method, comprising:
The IP packet data that receiving mac layer is sent, and purpose IP address is read from the IP packet data;
Obtain Security Policy Database matched according to the destination IP address after feed back new source IP address and newly
Purpose IP address;
If new source IP address and new purpose IP address are not complete zero, according to the new purpose IP address query safe incidence number
According to library, encryption key is obtained;
According to the encryption key, the IP packet data are encrypted based on predetermined encryption data format, are obtained
To encryption message data;
New IP header is generated for the IP packet data, and will be added by the authentication data of default authentication data format analysis processing
The IP packet data trailer is added to, as new IP packet data;
The encryption message data and the new IP packet data are transmitted.
Optionally, described according to the encryption key, the IP packet data are carried out based on predetermined encryption data format
Encryption, obtaining encryption message data includes:
The encryption key is 128bit, and the encryption key is sent to ESP output module;
The length of the IP packet data is filled with 128 integral multiples, and will be filled according to 128bit data packet format
IP packet data later are sent to the ESP output module, so that the ESP output module is using the encryption key to institute
IP packet data are stated to be encrypted;
The 128bit encryption message data for caching ESP output module output, generates ESP head, using as the encryption
Message data.
Optionally, the length by the IP packet data is filled with 128 integral multiples and includes:
The filling data length L of the IP packet data is calculated using following formula:
L=112- (l) mod128, l are the length of the IP packet data;
After the IP packet data fill L data, wherein a data be 1, second to L be 0.
Optionally, it is described after the IP packet data fill L data after, further includes:
After filling L data trailers, filling 8bit filling data length and the next header of 8bit.
Optionally, the authentication data by default authentication data format analysis processing are as follows:
The encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and is recognized filled
Card data are sent to the ESP output module;
The 128bit authentication data for receiving the ESP output module output, as by default authentication data format analysis processing
Authentication data.
Optionally, the length of the authentication data by caching, which is filled to 512, includes:
The filling data length X of the authentication data is calculated using following formula:
X mod512=448;
After the authentication data fill X data, wherein a data be 1, second to L be 0.
Optionally, it is described after the authentication data fill X data after, further includes:
After filling X data trailers, the initial data length of the authentication data is filled.
On the other hand the embodiment of the present invention provides a kind of IPsec message format processing unit, comprising:
IP packet data cache module, for the IP packet data that receiving mac layer is sent, and from the IP packet data
Read purpose IP address;
Encryption key obtains module, for obtaining after Security Policy Database matched according to the destination IP address
The new source IP address of feedback and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to described new
Purpose IP address query safe linked database, obtains encryption key;
Message data processing module is encrypted, for being based on predetermined encryption data format to described according to the encryption key
IP packet data are encrypted, and obtain encryption message data;
Authentication data format analysis processing module, for being carried out based on authentication data of the default authentication data format analysis processing to caching
Format analysis processing;
IP packet sending module for generating new IP header for the IP packet data, and will pass through pre- setting authentication number
It is added to the IP packet data trailer according to the authentication data of format analysis processing, as new IP packet data;By the encryption message
Data and the new IP packet data are transmitted.
The embodiment of the invention also provides a kind of IPsec message format processing equipment, including processor, the processor is used
The step of the IPsec message format processing method as described in preceding any one is realized when executing the computer program stored in memory
Suddenly.
The embodiment of the present invention finally additionally provides a kind of computer readable storage medium, the computer readable storage medium
On be stored with IPsec message format processing routine, when the IPsec message format processing routine is executed by processor realize as before
The step of any one IPsec message format processing method.
The advantages of technical solution provided by the present application, is, is reported using preset encryption data format encryption IP
Literary data, using the authentication data of preset authentication data format analysis processing, by treated IP packet data and certification
Data are transmitted, and are realized and are focused on IP packet uniform format, make it in TCP (UDP)/IP of different bit wides
It can be used under network, do not need to format, adapt to various TCP (UDP)/IP network environment, realize in different positions
The versatility of IPSec under wide TCP (UDP)/IP network, improves code specification, improves IPsec performance.
In addition, the embodiment of the present invention provides corresponding realization device, equipment also directed to IPsec message format processing method
And computer readable storage medium, further such that the method has more practicability, described device, equipment and computer-readable
Storage medium has the advantages that corresponding.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
It is open.
Detailed description of the invention
It, below will be to embodiment or correlation for the clearer technical solution for illustrating the embodiment of the present invention or the relevant technologies
Attached drawing needed in technical description is briefly described, it should be apparent that, the accompanying drawings in the following description is only this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow diagram of IPsec message format processing method provided in an embodiment of the present invention;
Fig. 2 is a kind of specific embodiment structure chart of IPsec message format processing unit provided in an embodiment of the present invention;
Fig. 3 is a kind of specific embodiment structure chart of IPsec message format processing equipment provided in an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description
The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than
Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third " " in above-mentioned attached drawing
Four " etc. be for distinguishing different objects, rather than for describing specific sequence.Furthermore term " includes " and " having " and
Their any deformations, it is intended that cover and non-exclusive include.Such as contain a series of steps or units process, method,
System, product or equipment are not limited to listed step or unit, but may include the step of not listing or unit.
After describing the technical solution of the embodiment of the present invention, the various non-limiting realities of detailed description below the application
Apply mode.
Referring first to Fig. 1, Fig. 1 is that a kind of process of IPsec message format processing method provided in an embodiment of the present invention is shown
It is intended to, the embodiment of the present invention may include the following contents:
S101: the IP packet data that receiving mac layer is sent, and purpose IP address is read from IP packet data.
MAC (Media Access Control, medium access control) layer sends N IP packet data, and system can adopt
This N IP packet data are cached with FIFO (First Input First Output, first in first out).
After the completion of caching, 32 purpose IP address are read from IP packet data.
S102: obtain Security Policy Database matched according to purpose IP address after feed back new source IP address and newly
Purpose IP address.
After receiving SPD (Security Policy Database) and sending ready signal, purpose IP address is sent to SPD and is carried out
It matches, after successful match, inquires SPD.
SPD returns to useful signal, receives new source IP address and new purpose IP address that SPD is returned.
S103: it if new source IP address and new purpose IP address are not complete zero, is associated with according to new purpose IP address query safe
Database obtains encryption key.
If new source IP address and new purpose IP address are complete zero, then it represents that be bypass mode, then directly by IP packet
Data are sent to the IP-ORI packetization module for handling message data.Bypass mode is that finger can be by specifically triggering shape
State (power-off or crash) allows two networks not by the system of Network Security Device, and is directly physically connected.To realize
After Network Security Device failure, the network mutual conduction being connected in this equipment can also be allowed.
If new source IP address and new purpose IP address are not all zero, IP data packet is subjected to encryption data format analysis processing.
Firstly, waiting security association database useful signal according to new purpose IP address query safe linked database, 244bit is obtained
128bit can be read as encryption key in SA data.
S104: according to encryption key, IP packet data is encrypted based on predetermined encryption data format, are added
Close message data.
To ESP output processing module send encryption key after, wait Round_key_ready signal be height, can will
128bit data Data_aes signal and data valid signal Data_aes_vld are sent to ESP output processing module.
The encryption process of IP packet data can are as follows:
When the encryption key of acquisition is 128bit, the encryption key of 128bit can be sent to ESP output module, and (encapsulation is pacified
Full load output module);IP packet data are filled into ESP tail, to 128 modulus polishing data, the length of IP packet data is filled out
It fills for 128 integral multiples, and the IP packet data after filling is sent to ESP output mould according to 128bit data packet format
Block, that is, ESP output module 128bit data are once sent to until having sent all message datas, ESP output module is sharp
IP packet data are encrypted with 128bit encryption key, after the completion of encryption, are sent into encryption message data.System is slow
Deposit ESP output module output 128bit encryption message data, generate ESP head, using as encryption message data.
Specifically, calculating the filling data length L of IP packet data using following formula:
L=112- (l) mod128, l are the length of IP packet data;
After IP packet data fill L data, wherein a data be 1, second to L be 0.In filling L
After the data trailer of position, also fillable 8bit filling data length and the next header of 8bit.
S105: new IP header, and the authentication data that default authentication data format analysis processing will be passed through are generated for IP packet data
It is added to IP packet data trailer, as new IP packet data.
The format analysis processing process of authentication data can are as follows:
Encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and by filled certification number
According to being sent to ESP output module;The 128bit authentication data for receiving the output of ESP output module, as by default authentication data
The authentication data of format analysis processing.
The filling data length X of authentication data is calculated using following formula:
X mod512=448;
After authentication data fill X data, wherein a data be 1, second to L be 0.In filling X
After data trailer, the initial data length of authentication data can be filled, the length of upper former message is refilled after first step result
Degree, the memory length that can be utilized for are 64.If message-length is greater than 264, then its low 64 value, i.e. (message is only used
Length is to 264Modulus).After this step carries out, final message-length is exactly 512 integral multiple.
S106: encryption message data and new IP packet data are transmitted.
Encryption message data and new IP packet data are transmitted and give subsequent packet processing module, such as is sent to IP-
ORI packetization module.
In technical solution provided in an embodiment of the present invention, reported using preset encryption data format encryption IP
Literary data, using the authentication data of preset authentication data format analysis processing, by treated IP packet data and certification
Data are transmitted, and are realized and are focused on IP packet uniform format, make it in TCP (UDP)/IP of different bit wides
It can be used under network, do not need to format, adapt to various TCP (UDP)/IP network environment, realize in different positions
The versatility of IPSec under wide TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the present invention provides corresponding realization device also directed to IPsec message format processing method, further makes
It obtains the method and has more practicability.IPsec message format processing unit provided in an embodiment of the present invention is introduced below,
IPsec message format processing unit described below can correspond to each other ginseng with above-described IPsec message format processing method
According to.
Referring to fig. 2, Fig. 2 is IPsec message format processing unit provided in an embodiment of the present invention in a kind of specific embodiment party
Structure chart under formula, the device can include:
IP packet data cache module 201, for the IP packet data that receiving mac layer is sent, and from IP packet data
Read purpose IP address.
Encryption key obtains module 202, for obtaining after Security Policy Database matched according to purpose IP address
The new source IP address of feedback and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to new purpose
IP address query safe linked database, obtains encryption key.
Message data processing module 203 is encrypted, for being based on predetermined encryption data format to IP packet according to encryption key
Data are encrypted, and obtain encryption message data.
Authentication data format analysis processing module 204, for the authentication data based on default authentication data format analysis processing to caching
Carry out format analysis processing.
IP packet sending module 205, for generating new IP header for IP packet data, and will be by default authentication data
The authentication data of format analysis processing is added to IP packet data trailer, as new IP packet data;It will encryption message data and new IP
Message data is transmitted.
Optionally, in some embodiments of the present embodiment, the encryption message data processing module 203 can also be used in
Encryption key is 128bit, and encryption key is sent to ESP output module;By the length of IP packet data be filled with 128 it is whole
Several times, and the IP packet data after filling are sent to ESP output module according to 128bit data packet format, so that ESP is defeated
Module encrypts IP packet data using encryption key out;The 128bit for caching the output of ESP output module encrypts message number
According to, generate ESP head, using as encryption message data.
In some embodiments of the embodiment of the present invention, the encryption message data processing module 203 can also be used in benefit
Filling data length L:L=112- (l) mod128, l that IP packet data are calculated with following formula are the length of IP packet data;
After IP packet data fill L data, wherein a data be 1, second to L be 0.
In other embodiment, the encryption message data processing module 203 can also be used to fill L data
After tail portion, filling 8bit filling data length and the next header of 8bit.
Optionally, in application other embodiment, the authentication data format analysis processing module 204 can also be used to add
Key is 128bit, the length of the authentication data of caching is filled to 512, and filled authentication data is sent to
ESP output module;The 128bit authentication data for receiving the output of ESP output module, as by default authentication data format analysis processing
Authentication data.
In some other embodiment, the authentication data format analysis processing module 204 can also utilize following public affairs to be described
The filling data length X:X mod512=448 of formula calculating authentication data;X data are filled after authentication data, wherein first
Position data are 1, the module that second is 0 to L.
In addition, the authentication data format analysis processing module 204 can also be used in after filling X data trailers, filling is recognized
Demonstrate,prove the initial data length of data.
The function of each functional module of IPsec message format processing unit can be according to the above method described in the embodiment of the present invention
Method specific implementation in embodiment, specific implementation process are referred to the associated description of above method embodiment, herein not
It repeats again.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides
The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the invention also provides a kind of IPsec message format processing equipments, referring to Fig. 3, IPsec message format
Processing equipment 3 can include:
Memory 31, for storing computer program;
Processor 32 is realized for executing computer program at IPsec message format described in any one embodiment as above
The step of reason method.
The function of each functional module of IPsec message format processing equipment can be according to the above method described in the embodiment of the present invention
Method specific implementation in embodiment, specific implementation process are referred to the associated description of above method embodiment, herein not
It repeats again.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides
The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored with IPsec message format processing journey
Sequence, when the IPsec message format processing routine is executed by processor as above at IPsec message format described in any one embodiment
The step of reason method.
The function of each functional module of computer readable storage medium described in the embodiment of the present invention can be according to above method reality
The method specific implementation in example is applied, specific implementation process is referred to the associated description of above method embodiment, herein no longer
It repeats.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides
The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other
The difference of embodiment, same or similar part may refer to each other between each embodiment.For being filled disclosed in embodiment
For setting, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part
Explanation.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
It to a kind of IPsec message format processing method provided by the present invention, device, equipment and computer-readable deposits above
Storage media is described in detail.It is used herein that a specific example illustrates the principle and implementation of the invention,
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should be pointed out that for this technology
For the those of ordinary skill in field, without departing from the principle of the present invention, several improvement can also be carried out to the present invention
And modification, these improvements and modifications also fall within the scope of protection of the claims of the present invention.
Claims (10)
1. a kind of IPsec message format processing method characterized by comprising
The IP packet data that receiving mac layer is sent, and purpose IP address is read from the IP packet data;
Obtain the new source IP address fed back after Security Policy Database is matched according to the destination IP address and new purpose
IP address;
If new source IP address and new purpose IP address are not complete zero, according to the new purpose IP address query safe associated data
Library obtains encryption key;
According to the encryption key, the IP packet data are encrypted based on predetermined encryption data format, are added
Close message data;
New IP header is generated for the IP packet data, and will be added to by the authentication data of default authentication data format analysis processing
The IP packet data trailer, as new IP packet data;
The encryption message data and the new IP packet data are transmitted.
2. IPsec message format processing method according to claim 1, which is characterized in that described close according to the encryption
Key is encrypted the IP packet data based on predetermined encryption data format, obtains encryption message data and includes:
The encryption key is 128bit, and the encryption key is sent to ESP output module;
The length of the IP packet data is filled with 128 integral multiples, and will be after filling according to 128bit data packet format
IP packet data be sent to the ESP output module so that the ESP output module using the encryption key to the IP
Message data is encrypted;
The 128bit encryption message data for caching ESP output module output, generates ESP head, using as the encryption message
Data.
3. IPsec message format processing method according to claim 2, which is characterized in that described by the IP packet number
According to length be filled with 128 integral multiples and include:
The filling data length L of the IP packet data is calculated using following formula:
L=112- (l) mod128, l are the length of the IP packet data;
After the IP packet data fill L data, wherein a data be 1, second to L be 0.
4. IPsec message format processing method according to claim 3, which is characterized in that described in the IP packet number
After L data of rear filling, further includes:
After filling L data trailers, filling 8bit filling data length and the next header of 8bit.
5. IPsec message format processing method according to claim 1, which is characterized in that described to pass through pre- setting authentication number
According to the authentication data of format analysis processing are as follows:
The encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and by filled certification number
According to being sent to the ESP output module;
The 128bit authentication data for receiving the ESP output module output, as recognizing by default authentication data format analysis processing
Demonstrate,prove data.
6. IPsec message format processing method according to claim 5, which is characterized in that the certification number by caching
According to length fill to 512 and include:
The filling data length X of the authentication data is calculated using following formula:
X mod512=448;
After the authentication data fill X data, wherein a data be 1, second to L be 0.
7. IPsec message format processing method according to claim 6, which is characterized in that described in the authentication data
Afterwards after X data of filling, further includes:
After filling X data trailers, the initial data length of the authentication data is filled.
8. a kind of IPsec message format processing unit characterized by comprising
IP packet data cache module for the IP packet data that receiving mac layer is sent, and is read from the IP packet data
Purpose IP address;
Encryption key obtains module, feeds back after Security Policy Database is matched according to the destination IP address for obtaining
New source IP address and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to the new purpose
IP address query safe linked database, obtains encryption key;
Message data processing module is encrypted, for being reported to the IP based on predetermined encryption data format according to the encryption key
Literary data are encrypted, and obtain encryption message data;
Authentication data format analysis processing module, for carrying out format based on authentication data of the default authentication data format analysis processing to caching
Processing;
IP packet sending module, for generating new IP header for the IP packet data, and will be by default authentication data lattice
The authentication data of formula processing is added to the IP packet data trailer, as new IP packet data;By the encryption message data
It is transmitted with the new IP packet data.
9. a kind of IPsec message format processing equipment, which is characterized in that including processor, the processor is for executing storage
The step of the IPsec message format processing method as described in any one of claim 1 to 7 is realized when the computer program stored in device
Suddenly.
10. a kind of computer readable storage medium, which is characterized in that be stored with IPsec on the computer readable storage medium
Message format processing routine realizes such as claim 1 to 7 times when the IPsec message format processing routine is executed by processor
The step of one IPsec message format processing method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910016308.8A CN109639721B (en) | 2019-01-08 | 2019-01-08 | IPsec message format processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910016308.8A CN109639721B (en) | 2019-01-08 | 2019-01-08 | IPsec message format processing method, device, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109639721A true CN109639721A (en) | 2019-04-16 |
CN109639721B CN109639721B (en) | 2022-02-22 |
Family
ID=66060161
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910016308.8A Active CN109639721B (en) | 2019-01-08 | 2019-01-08 | IPsec message format processing method, device, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109639721B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111147382A (en) * | 2019-12-31 | 2020-05-12 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
CN113014567A (en) * | 2021-02-19 | 2021-06-22 | 清华大学 | Internet IP message data verification processing method, device and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110113236A1 (en) * | 2009-11-02 | 2011-05-12 | Sylvain Chenard | Methods, systems, and computer readable media for offloading internet protocol security (ipsec) processing using an ipsec proxy mechanism |
CN102882789A (en) * | 2012-09-17 | 2013-01-16 | 华为技术有限公司 | Data message processing method, system and equipment |
CN102891848A (en) * | 2012-09-25 | 2013-01-23 | 汉柏科技有限公司 | Method for carrying out encryption and decryption by using IPSec security association |
CN103220273A (en) * | 2013-03-19 | 2013-07-24 | 汉柏科技有限公司 | Method and system for central processing unit (CPU) to forward message rapidly |
US20140208115A1 (en) * | 2013-01-21 | 2014-07-24 | Canon Kabushiki Kaisha | Communication apparatus, method for controlling communication apparatus, and program |
WO2016165277A1 (en) * | 2015-04-16 | 2016-10-20 | 中兴通讯股份有限公司 | Ipsec diversion implementing method and apparatus |
CN107483639A (en) * | 2017-09-25 | 2017-12-15 | 山东渔翁信息技术股份有限公司 | The method, apparatus and equipment converted between serial data and wireless network data |
-
2019
- 2019-01-08 CN CN201910016308.8A patent/CN109639721B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110113236A1 (en) * | 2009-11-02 | 2011-05-12 | Sylvain Chenard | Methods, systems, and computer readable media for offloading internet protocol security (ipsec) processing using an ipsec proxy mechanism |
CN102882789A (en) * | 2012-09-17 | 2013-01-16 | 华为技术有限公司 | Data message processing method, system and equipment |
CN102891848A (en) * | 2012-09-25 | 2013-01-23 | 汉柏科技有限公司 | Method for carrying out encryption and decryption by using IPSec security association |
US20140208115A1 (en) * | 2013-01-21 | 2014-07-24 | Canon Kabushiki Kaisha | Communication apparatus, method for controlling communication apparatus, and program |
CN103220273A (en) * | 2013-03-19 | 2013-07-24 | 汉柏科技有限公司 | Method and system for central processing unit (CPU) to forward message rapidly |
WO2016165277A1 (en) * | 2015-04-16 | 2016-10-20 | 中兴通讯股份有限公司 | Ipsec diversion implementing method and apparatus |
CN107483639A (en) * | 2017-09-25 | 2017-12-15 | 山东渔翁信息技术股份有限公司 | The method, apparatus and equipment converted between serial data and wireless network data |
Non-Patent Citations (1)
Title |
---|
肖波: "基于IPSec协议的安全联盟涉及及其应用", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111147382A (en) * | 2019-12-31 | 2020-05-12 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
CN111147382B (en) * | 2019-12-31 | 2021-09-21 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
CN113014567A (en) * | 2021-02-19 | 2021-06-22 | 清华大学 | Internet IP message data verification processing method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN109639721B (en) | 2022-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8885826B2 (en) | Transmission/reception system, transmission device, reception device, authentication device, user device, method executed by the aforementioned, and program | |
CN109450852B (en) | Network communication encryption and decryption method and electronic equipment | |
CN104184740B (en) | Trusted transmission method, trusted third party and credible delivery system | |
US6223287B1 (en) | Method for establishing a secured communication channel over the internet | |
CN103929299B (en) | Self-securing lightweight network message transmitting method with address as public key | |
CN105959265B (en) | A kind of electronics fills out single system and its method | |
US20020023209A1 (en) | Encryption and decryption of digital messages in packet transmitting networks | |
US8745381B2 (en) | Methods, systems, and computer readable media for performing encapsulating security payload (ESP) rehashing | |
CN106453314B (en) | The method and device of data encrypting and deciphering | |
CN112260926B (en) | Data transmission system, method, device, equipment and storage medium of virtual private network | |
US20100306540A1 (en) | Encryption processing method and encryption processing device | |
CN109922047B (en) | Image transmission system and method | |
CN107947917A (en) | A kind of method and device for generating whitepack key | |
CN109639721A (en) | IPsec message format processing method, device, equipment and storage medium | |
US20120087490A1 (en) | Method And Arrangement For Protecting File-Based Information | |
CN109976770A (en) | A kind of ECU writes with a brush dipped in Chinese ink method, system and relevant device | |
CN112187448A (en) | Data encryption method and system | |
CN111192050B (en) | Digital asset private key storage and extraction method and device | |
WO2014197071A1 (en) | Secured embedded data encryption systems | |
CN110532814A (en) | Data processing equipment and operation method for this | |
CN109118187A (en) | Restoration methods, device and the computer readable storage medium of block chain wallet | |
CN105871858A (en) | Method and system for ensuring high data safety | |
TW201001290A (en) | Network task offload apparatus and method thereof | |
CN112187449B (en) | Quantum database query method, encryption and decryption method and system | |
JP2022519671A (en) | How to authenticate messages in resource-constrained systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |