CN109639721A - IPsec message format processing method, device, equipment and storage medium - Google Patents

IPsec message format processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN109639721A
CN109639721A CN201910016308.8A CN201910016308A CN109639721A CN 109639721 A CN109639721 A CN 109639721A CN 201910016308 A CN201910016308 A CN 201910016308A CN 109639721 A CN109639721 A CN 109639721A
Authority
CN
China
Prior art keywords
data
address
packet data
new
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910016308.8A
Other languages
Chinese (zh)
Other versions
CN109639721B (en
Inventor
王莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201910016308.8A priority Critical patent/CN109639721B/en
Publication of CN109639721A publication Critical patent/CN109639721A/en
Application granted granted Critical
Publication of CN109639721B publication Critical patent/CN109639721B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of IPsec message format processing method, device, equipment and computer readable storage mediums.Wherein, method includes the IP packet data that receiving mac layer is sent, and reads purpose IP address from IP packet data;It is matched from Security Policy Database according to purpose IP address and obtains new source IP address and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, encryption key is obtained according to new purpose IP address query safe linked database;According to encryption key, IP packet data are encrypted based on encryption data format, obtain encryption message data;New IP header is generated for IP packet data, and IP packet data trailer will be added to by the authentication data of default authentication data format analysis processing, as new IP packet data;Transmit encryption message data and new IP packet data.IP packet data format is carried out collection and uniform disposal by the application, is adapted to various TCP (UDP)/IP network environment, is improved code specification, improves IPsec performance.

Description

IPsec message format processing method, device, equipment and storage medium
Technical field
The present embodiments relate to IPsec technical fields, more particularly to a kind of IPsec message format processing method, dress It sets, equipment and computer readable storage medium.
Background technique
The working principle of IPsec (Internet Protocol Security Internet, protocol safety) is can be with The communication data packet for carrying out IP grades for user encrypts, even if network packet is stolen in network transmission, also can not Information is checked, to be effectively guaranteed data in the safety of transport layer.
But in ipsec technology practical application, during being encrypted and being verified, encryption and verification algorithm need Message bit wide it is generally different with TCP/IP network, mac layers, IP layers, the bit wide of original ip message it is different, IP packet is packaged into ESP Format message needs the transformation by multiple message format.
Summary of the invention
The embodiment of the present disclosure provides a kind of IPsec message format processing method, device, equipment and computer-readable storage IP packet data format is uniformly processed medium, realizes the IPSec under TCP (UDP)/IP network of different bit wides Versatility, improve code specification, improve IPsec performance.
In order to solve the above technical problems, the embodiment of the present invention the following technical schemes are provided:
On the one hand the embodiment of the present invention provides a kind of IPsec message format processing method, comprising:
The IP packet data that receiving mac layer is sent, and purpose IP address is read from the IP packet data;
Obtain Security Policy Database matched according to the destination IP address after feed back new source IP address and newly Purpose IP address;
If new source IP address and new purpose IP address are not complete zero, according to the new purpose IP address query safe incidence number According to library, encryption key is obtained;
According to the encryption key, the IP packet data are encrypted based on predetermined encryption data format, are obtained To encryption message data;
New IP header is generated for the IP packet data, and will be added by the authentication data of default authentication data format analysis processing The IP packet data trailer is added to, as new IP packet data;
The encryption message data and the new IP packet data are transmitted.
Optionally, described according to the encryption key, the IP packet data are carried out based on predetermined encryption data format Encryption, obtaining encryption message data includes:
The encryption key is 128bit, and the encryption key is sent to ESP output module;
The length of the IP packet data is filled with 128 integral multiples, and will be filled according to 128bit data packet format IP packet data later are sent to the ESP output module, so that the ESP output module is using the encryption key to institute IP packet data are stated to be encrypted;
The 128bit encryption message data for caching ESP output module output, generates ESP head, using as the encryption Message data.
Optionally, the length by the IP packet data is filled with 128 integral multiples and includes:
The filling data length L of the IP packet data is calculated using following formula:
L=112- (l) mod128, l are the length of the IP packet data;
After the IP packet data fill L data, wherein a data be 1, second to L be 0.
Optionally, it is described after the IP packet data fill L data after, further includes:
After filling L data trailers, filling 8bit filling data length and the next header of 8bit.
Optionally, the authentication data by default authentication data format analysis processing are as follows:
The encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and is recognized filled Card data are sent to the ESP output module;
The 128bit authentication data for receiving the ESP output module output, as by default authentication data format analysis processing Authentication data.
Optionally, the length of the authentication data by caching, which is filled to 512, includes:
The filling data length X of the authentication data is calculated using following formula:
X mod512=448;
After the authentication data fill X data, wherein a data be 1, second to L be 0.
Optionally, it is described after the authentication data fill X data after, further includes:
After filling X data trailers, the initial data length of the authentication data is filled.
On the other hand the embodiment of the present invention provides a kind of IPsec message format processing unit, comprising:
IP packet data cache module, for the IP packet data that receiving mac layer is sent, and from the IP packet data Read purpose IP address;
Encryption key obtains module, for obtaining after Security Policy Database matched according to the destination IP address The new source IP address of feedback and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to described new Purpose IP address query safe linked database, obtains encryption key;
Message data processing module is encrypted, for being based on predetermined encryption data format to described according to the encryption key IP packet data are encrypted, and obtain encryption message data;
Authentication data format analysis processing module, for being carried out based on authentication data of the default authentication data format analysis processing to caching Format analysis processing;
IP packet sending module for generating new IP header for the IP packet data, and will pass through pre- setting authentication number It is added to the IP packet data trailer according to the authentication data of format analysis processing, as new IP packet data;By the encryption message Data and the new IP packet data are transmitted.
The embodiment of the invention also provides a kind of IPsec message format processing equipment, including processor, the processor is used The step of the IPsec message format processing method as described in preceding any one is realized when executing the computer program stored in memory Suddenly.
The embodiment of the present invention finally additionally provides a kind of computer readable storage medium, the computer readable storage medium On be stored with IPsec message format processing routine, when the IPsec message format processing routine is executed by processor realize as before The step of any one IPsec message format processing method.
The advantages of technical solution provided by the present application, is, is reported using preset encryption data format encryption IP Literary data, using the authentication data of preset authentication data format analysis processing, by treated IP packet data and certification Data are transmitted, and are realized and are focused on IP packet uniform format, make it in TCP (UDP)/IP of different bit wides It can be used under network, do not need to format, adapt to various TCP (UDP)/IP network environment, realize in different positions The versatility of IPSec under wide TCP (UDP)/IP network, improves code specification, improves IPsec performance.
In addition, the embodiment of the present invention provides corresponding realization device, equipment also directed to IPsec message format processing method And computer readable storage medium, further such that the method has more practicability, described device, equipment and computer-readable Storage medium has the advantages that corresponding.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited It is open.
Detailed description of the invention
It, below will be to embodiment or correlation for the clearer technical solution for illustrating the embodiment of the present invention or the relevant technologies Attached drawing needed in technical description is briefly described, it should be apparent that, the accompanying drawings in the following description is only this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow diagram of IPsec message format processing method provided in an embodiment of the present invention;
Fig. 2 is a kind of specific embodiment structure chart of IPsec message format processing unit provided in an embodiment of the present invention;
Fig. 3 is a kind of specific embodiment structure chart of IPsec message format processing equipment provided in an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third " " in above-mentioned attached drawing Four " etc. be for distinguishing different objects, rather than for describing specific sequence.Furthermore term " includes " and " having " and Their any deformations, it is intended that cover and non-exclusive include.Such as contain a series of steps or units process, method, System, product or equipment are not limited to listed step or unit, but may include the step of not listing or unit.
After describing the technical solution of the embodiment of the present invention, the various non-limiting realities of detailed description below the application Apply mode.
Referring first to Fig. 1, Fig. 1 is that a kind of process of IPsec message format processing method provided in an embodiment of the present invention is shown It is intended to, the embodiment of the present invention may include the following contents:
S101: the IP packet data that receiving mac layer is sent, and purpose IP address is read from IP packet data.
MAC (Media Access Control, medium access control) layer sends N IP packet data, and system can adopt This N IP packet data are cached with FIFO (First Input First Output, first in first out).
After the completion of caching, 32 purpose IP address are read from IP packet data.
S102: obtain Security Policy Database matched according to purpose IP address after feed back new source IP address and newly Purpose IP address.
After receiving SPD (Security Policy Database) and sending ready signal, purpose IP address is sent to SPD and is carried out It matches, after successful match, inquires SPD.
SPD returns to useful signal, receives new source IP address and new purpose IP address that SPD is returned.
S103: it if new source IP address and new purpose IP address are not complete zero, is associated with according to new purpose IP address query safe Database obtains encryption key.
If new source IP address and new purpose IP address are complete zero, then it represents that be bypass mode, then directly by IP packet Data are sent to the IP-ORI packetization module for handling message data.Bypass mode is that finger can be by specifically triggering shape State (power-off or crash) allows two networks not by the system of Network Security Device, and is directly physically connected.To realize After Network Security Device failure, the network mutual conduction being connected in this equipment can also be allowed.
If new source IP address and new purpose IP address are not all zero, IP data packet is subjected to encryption data format analysis processing. Firstly, waiting security association database useful signal according to new purpose IP address query safe linked database, 244bit is obtained 128bit can be read as encryption key in SA data.
S104: according to encryption key, IP packet data is encrypted based on predetermined encryption data format, are added Close message data.
To ESP output processing module send encryption key after, wait Round_key_ready signal be height, can will 128bit data Data_aes signal and data valid signal Data_aes_vld are sent to ESP output processing module.
The encryption process of IP packet data can are as follows:
When the encryption key of acquisition is 128bit, the encryption key of 128bit can be sent to ESP output module, and (encapsulation is pacified Full load output module);IP packet data are filled into ESP tail, to 128 modulus polishing data, the length of IP packet data is filled out It fills for 128 integral multiples, and the IP packet data after filling is sent to ESP output mould according to 128bit data packet format Block, that is, ESP output module 128bit data are once sent to until having sent all message datas, ESP output module is sharp IP packet data are encrypted with 128bit encryption key, after the completion of encryption, are sent into encryption message data.System is slow Deposit ESP output module output 128bit encryption message data, generate ESP head, using as encryption message data.
Specifically, calculating the filling data length L of IP packet data using following formula:
L=112- (l) mod128, l are the length of IP packet data;
After IP packet data fill L data, wherein a data be 1, second to L be 0.In filling L After the data trailer of position, also fillable 8bit filling data length and the next header of 8bit.
S105: new IP header, and the authentication data that default authentication data format analysis processing will be passed through are generated for IP packet data It is added to IP packet data trailer, as new IP packet data.
The format analysis processing process of authentication data can are as follows:
Encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and by filled certification number According to being sent to ESP output module;The 128bit authentication data for receiving the output of ESP output module, as by default authentication data The authentication data of format analysis processing.
The filling data length X of authentication data is calculated using following formula:
X mod512=448;
After authentication data fill X data, wherein a data be 1, second to L be 0.In filling X After data trailer, the initial data length of authentication data can be filled, the length of upper former message is refilled after first step result Degree, the memory length that can be utilized for are 64.If message-length is greater than 264, then its low 64 value, i.e. (message is only used Length is to 264Modulus).After this step carries out, final message-length is exactly 512 integral multiple.
S106: encryption message data and new IP packet data are transmitted.
Encryption message data and new IP packet data are transmitted and give subsequent packet processing module, such as is sent to IP- ORI packetization module.
In technical solution provided in an embodiment of the present invention, reported using preset encryption data format encryption IP Literary data, using the authentication data of preset authentication data format analysis processing, by treated IP packet data and certification Data are transmitted, and are realized and are focused on IP packet uniform format, make it in TCP (UDP)/IP of different bit wides It can be used under network, do not need to format, adapt to various TCP (UDP)/IP network environment, realize in different positions The versatility of IPSec under wide TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the present invention provides corresponding realization device also directed to IPsec message format processing method, further makes It obtains the method and has more practicability.IPsec message format processing unit provided in an embodiment of the present invention is introduced below, IPsec message format processing unit described below can correspond to each other ginseng with above-described IPsec message format processing method According to.
Referring to fig. 2, Fig. 2 is IPsec message format processing unit provided in an embodiment of the present invention in a kind of specific embodiment party Structure chart under formula, the device can include:
IP packet data cache module 201, for the IP packet data that receiving mac layer is sent, and from IP packet data Read purpose IP address.
Encryption key obtains module 202, for obtaining after Security Policy Database matched according to purpose IP address The new source IP address of feedback and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to new purpose IP address query safe linked database, obtains encryption key.
Message data processing module 203 is encrypted, for being based on predetermined encryption data format to IP packet according to encryption key Data are encrypted, and obtain encryption message data.
Authentication data format analysis processing module 204, for the authentication data based on default authentication data format analysis processing to caching Carry out format analysis processing.
IP packet sending module 205, for generating new IP header for IP packet data, and will be by default authentication data The authentication data of format analysis processing is added to IP packet data trailer, as new IP packet data;It will encryption message data and new IP Message data is transmitted.
Optionally, in some embodiments of the present embodiment, the encryption message data processing module 203 can also be used in Encryption key is 128bit, and encryption key is sent to ESP output module;By the length of IP packet data be filled with 128 it is whole Several times, and the IP packet data after filling are sent to ESP output module according to 128bit data packet format, so that ESP is defeated Module encrypts IP packet data using encryption key out;The 128bit for caching the output of ESP output module encrypts message number According to, generate ESP head, using as encryption message data.
In some embodiments of the embodiment of the present invention, the encryption message data processing module 203 can also be used in benefit Filling data length L:L=112- (l) mod128, l that IP packet data are calculated with following formula are the length of IP packet data; After IP packet data fill L data, wherein a data be 1, second to L be 0.
In other embodiment, the encryption message data processing module 203 can also be used to fill L data After tail portion, filling 8bit filling data length and the next header of 8bit.
Optionally, in application other embodiment, the authentication data format analysis processing module 204 can also be used to add Key is 128bit, the length of the authentication data of caching is filled to 512, and filled authentication data is sent to ESP output module;The 128bit authentication data for receiving the output of ESP output module, as by default authentication data format analysis processing Authentication data.
In some other embodiment, the authentication data format analysis processing module 204 can also utilize following public affairs to be described The filling data length X:X mod512=448 of formula calculating authentication data;X data are filled after authentication data, wherein first Position data are 1, the module that second is 0 to L.
In addition, the authentication data format analysis processing module 204 can also be used in after filling X data trailers, filling is recognized Demonstrate,prove the initial data length of data.
The function of each functional module of IPsec message format processing unit can be according to the above method described in the embodiment of the present invention Method specific implementation in embodiment, specific implementation process are referred to the associated description of above method embodiment, herein not It repeats again.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the invention also provides a kind of IPsec message format processing equipments, referring to Fig. 3, IPsec message format Processing equipment 3 can include:
Memory 31, for storing computer program;
Processor 32 is realized for executing computer program at IPsec message format described in any one embodiment as above The step of reason method.
The function of each functional module of IPsec message format processing equipment can be according to the above method described in the embodiment of the present invention Method specific implementation in embodiment, specific implementation process are referred to the associated description of above method embodiment, herein not It repeats again.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored with IPsec message format processing journey Sequence, when the IPsec message format processing routine is executed by processor as above at IPsec message format described in any one embodiment The step of reason method.
The function of each functional module of computer readable storage medium described in the embodiment of the present invention can be according to above method reality The method specific implementation in example is applied, specific implementation process is referred to the associated description of above method embodiment, herein no longer It repeats.
From the foregoing, it will be observed that IP packet data format is uniformly processed the embodiment of the present invention, realize in different bit wides The versatility of IPSec under TCP (UDP)/IP network, improves code specification, improves IPsec performance.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other The difference of embodiment, same or similar part may refer to each other between each embodiment.For being filled disclosed in embodiment For setting, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part Explanation.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
It to a kind of IPsec message format processing method provided by the present invention, device, equipment and computer-readable deposits above Storage media is described in detail.It is used herein that a specific example illustrates the principle and implementation of the invention, The above description of the embodiment is only used to help understand the method for the present invention and its core ideas.It should be pointed out that for this technology For the those of ordinary skill in field, without departing from the principle of the present invention, several improvement can also be carried out to the present invention And modification, these improvements and modifications also fall within the scope of protection of the claims of the present invention.

Claims (10)

1. a kind of IPsec message format processing method characterized by comprising
The IP packet data that receiving mac layer is sent, and purpose IP address is read from the IP packet data;
Obtain the new source IP address fed back after Security Policy Database is matched according to the destination IP address and new purpose IP address;
If new source IP address and new purpose IP address are not complete zero, according to the new purpose IP address query safe associated data Library obtains encryption key;
According to the encryption key, the IP packet data are encrypted based on predetermined encryption data format, are added Close message data;
New IP header is generated for the IP packet data, and will be added to by the authentication data of default authentication data format analysis processing The IP packet data trailer, as new IP packet data;
The encryption message data and the new IP packet data are transmitted.
2. IPsec message format processing method according to claim 1, which is characterized in that described close according to the encryption Key is encrypted the IP packet data based on predetermined encryption data format, obtains encryption message data and includes:
The encryption key is 128bit, and the encryption key is sent to ESP output module;
The length of the IP packet data is filled with 128 integral multiples, and will be after filling according to 128bit data packet format IP packet data be sent to the ESP output module so that the ESP output module using the encryption key to the IP Message data is encrypted;
The 128bit encryption message data for caching ESP output module output, generates ESP head, using as the encryption message Data.
3. IPsec message format processing method according to claim 2, which is characterized in that described by the IP packet number According to length be filled with 128 integral multiples and include:
The filling data length L of the IP packet data is calculated using following formula:
L=112- (l) mod128, l are the length of the IP packet data;
After the IP packet data fill L data, wherein a data be 1, second to L be 0.
4. IPsec message format processing method according to claim 3, which is characterized in that described in the IP packet number After L data of rear filling, further includes:
After filling L data trailers, filling 8bit filling data length and the next header of 8bit.
5. IPsec message format processing method according to claim 1, which is characterized in that described to pass through pre- setting authentication number According to the authentication data of format analysis processing are as follows:
The encryption key is 128bit, and the length of the authentication data of caching is filled to 512, and by filled certification number According to being sent to the ESP output module;
The 128bit authentication data for receiving the ESP output module output, as recognizing by default authentication data format analysis processing Demonstrate,prove data.
6. IPsec message format processing method according to claim 5, which is characterized in that the certification number by caching According to length fill to 512 and include:
The filling data length X of the authentication data is calculated using following formula:
X mod512=448;
After the authentication data fill X data, wherein a data be 1, second to L be 0.
7. IPsec message format processing method according to claim 6, which is characterized in that described in the authentication data Afterwards after X data of filling, further includes:
After filling X data trailers, the initial data length of the authentication data is filled.
8. a kind of IPsec message format processing unit characterized by comprising
IP packet data cache module for the IP packet data that receiving mac layer is sent, and is read from the IP packet data Purpose IP address;
Encryption key obtains module, feeds back after Security Policy Database is matched according to the destination IP address for obtaining New source IP address and new purpose IP address;If new source IP address and new purpose IP address are not complete zero, according to the new purpose IP address query safe linked database, obtains encryption key;
Message data processing module is encrypted, for being reported to the IP based on predetermined encryption data format according to the encryption key Literary data are encrypted, and obtain encryption message data;
Authentication data format analysis processing module, for carrying out format based on authentication data of the default authentication data format analysis processing to caching Processing;
IP packet sending module, for generating new IP header for the IP packet data, and will be by default authentication data lattice The authentication data of formula processing is added to the IP packet data trailer, as new IP packet data;By the encryption message data It is transmitted with the new IP packet data.
9. a kind of IPsec message format processing equipment, which is characterized in that including processor, the processor is for executing storage The step of the IPsec message format processing method as described in any one of claim 1 to 7 is realized when the computer program stored in device Suddenly.
10. a kind of computer readable storage medium, which is characterized in that be stored with IPsec on the computer readable storage medium Message format processing routine realizes such as claim 1 to 7 times when the IPsec message format processing routine is executed by processor The step of one IPsec message format processing method.
CN201910016308.8A 2019-01-08 2019-01-08 IPsec message format processing method, device, equipment and storage medium Active CN109639721B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910016308.8A CN109639721B (en) 2019-01-08 2019-01-08 IPsec message format processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910016308.8A CN109639721B (en) 2019-01-08 2019-01-08 IPsec message format processing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109639721A true CN109639721A (en) 2019-04-16
CN109639721B CN109639721B (en) 2022-02-22

Family

ID=66060161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910016308.8A Active CN109639721B (en) 2019-01-08 2019-01-08 IPsec message format processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109639721B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147382A (en) * 2019-12-31 2020-05-12 杭州迪普科技股份有限公司 Message forwarding method and device
CN113014567A (en) * 2021-02-19 2021-06-22 清华大学 Internet IP message data verification processing method, device and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110113236A1 (en) * 2009-11-02 2011-05-12 Sylvain Chenard Methods, systems, and computer readable media for offloading internet protocol security (ipsec) processing using an ipsec proxy mechanism
CN102882789A (en) * 2012-09-17 2013-01-16 华为技术有限公司 Data message processing method, system and equipment
CN102891848A (en) * 2012-09-25 2013-01-23 汉柏科技有限公司 Method for carrying out encryption and decryption by using IPSec security association
CN103220273A (en) * 2013-03-19 2013-07-24 汉柏科技有限公司 Method and system for central processing unit (CPU) to forward message rapidly
US20140208115A1 (en) * 2013-01-21 2014-07-24 Canon Kabushiki Kaisha Communication apparatus, method for controlling communication apparatus, and program
WO2016165277A1 (en) * 2015-04-16 2016-10-20 中兴通讯股份有限公司 Ipsec diversion implementing method and apparatus
CN107483639A (en) * 2017-09-25 2017-12-15 山东渔翁信息技术股份有限公司 The method, apparatus and equipment converted between serial data and wireless network data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110113236A1 (en) * 2009-11-02 2011-05-12 Sylvain Chenard Methods, systems, and computer readable media for offloading internet protocol security (ipsec) processing using an ipsec proxy mechanism
CN102882789A (en) * 2012-09-17 2013-01-16 华为技术有限公司 Data message processing method, system and equipment
CN102891848A (en) * 2012-09-25 2013-01-23 汉柏科技有限公司 Method for carrying out encryption and decryption by using IPSec security association
US20140208115A1 (en) * 2013-01-21 2014-07-24 Canon Kabushiki Kaisha Communication apparatus, method for controlling communication apparatus, and program
CN103220273A (en) * 2013-03-19 2013-07-24 汉柏科技有限公司 Method and system for central processing unit (CPU) to forward message rapidly
WO2016165277A1 (en) * 2015-04-16 2016-10-20 中兴通讯股份有限公司 Ipsec diversion implementing method and apparatus
CN107483639A (en) * 2017-09-25 2017-12-15 山东渔翁信息技术股份有限公司 The method, apparatus and equipment converted between serial data and wireless network data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
肖波: "基于IPSec协议的安全联盟涉及及其应用", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147382A (en) * 2019-12-31 2020-05-12 杭州迪普科技股份有限公司 Message forwarding method and device
CN111147382B (en) * 2019-12-31 2021-09-21 杭州迪普科技股份有限公司 Message forwarding method and device
CN113014567A (en) * 2021-02-19 2021-06-22 清华大学 Internet IP message data verification processing method, device and system

Also Published As

Publication number Publication date
CN109639721B (en) 2022-02-22

Similar Documents

Publication Publication Date Title
US8885826B2 (en) Transmission/reception system, transmission device, reception device, authentication device, user device, method executed by the aforementioned, and program
CN109450852B (en) Network communication encryption and decryption method and electronic equipment
CN104184740B (en) Trusted transmission method, trusted third party and credible delivery system
US6223287B1 (en) Method for establishing a secured communication channel over the internet
CN103929299B (en) Self-securing lightweight network message transmitting method with address as public key
CN105959265B (en) A kind of electronics fills out single system and its method
US20020023209A1 (en) Encryption and decryption of digital messages in packet transmitting networks
US8745381B2 (en) Methods, systems, and computer readable media for performing encapsulating security payload (ESP) rehashing
CN106453314B (en) The method and device of data encrypting and deciphering
CN112260926B (en) Data transmission system, method, device, equipment and storage medium of virtual private network
US20100306540A1 (en) Encryption processing method and encryption processing device
CN109922047B (en) Image transmission system and method
CN107947917A (en) A kind of method and device for generating whitepack key
CN109639721A (en) IPsec message format processing method, device, equipment and storage medium
US20120087490A1 (en) Method And Arrangement For Protecting File-Based Information
CN109976770A (en) A kind of ECU writes with a brush dipped in Chinese ink method, system and relevant device
CN112187448A (en) Data encryption method and system
CN111192050B (en) Digital asset private key storage and extraction method and device
WO2014197071A1 (en) Secured embedded data encryption systems
CN110532814A (en) Data processing equipment and operation method for this
CN109118187A (en) Restoration methods, device and the computer readable storage medium of block chain wallet
CN105871858A (en) Method and system for ensuring high data safety
TW201001290A (en) Network task offload apparatus and method thereof
CN112187449B (en) Quantum database query method, encryption and decryption method and system
JP2022519671A (en) How to authenticate messages in resource-constrained systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant