CN1223137C - Method of verificating data safety transmission - Google Patents
Method of verificating data safety transmission Download PDFInfo
- Publication number
- CN1223137C CN1223137C CN 02117818 CN02117818A CN1223137C CN 1223137 C CN1223137 C CN 1223137C CN 02117818 CN02117818 CN 02117818 CN 02117818 A CN02117818 A CN 02117818A CN 1223137 C CN1223137 C CN 1223137C
- Authority
- CN
- China
- Prior art keywords
- sequence number
- security alliance
- packet
- alliance
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The present invention relates to a method of verifying data safety transmission by the sequence numbers of safety alliances. The three sequence number marks of transmission sequence numbers (card_send_seq), reception sequence numbers (card_recv_seq) and verification sequence numbers (card_last_recv_seq) and the field of a state mark symbol (card_last_check_result) are added in each safety alliance (SA) structure; a user verifies whether encryption cards generate an error or not in the data processing process by safety alliances (SA) by detecting the marks; simultaneously, each safety alliance (SA) used by the encryption cards is detected in definite time by a host; the specific positions of the safety alliances generating problems are determined by the marks, and are updated in time for correcting the error. The method has the advantages of convenience and simplicity, avoids using a wrong safety alliance for continuously verifying and processing relevant data packets, and ensures data safety transmission.
Description
Technical field
The present invention relates to the processing method that a kind of logarithm reportedly is input into capable encrypted authentication, exactly, relate to a kind of method of verificating data safety transmission.The technical field that belongs to the secret or secure communication device in the digital information transmission.
Background technology
Along with developing rapidly of internet, online data transmission safety problem more and more receives insider's extraordinarily concern.Now, many communication protocols, rules and method all provide the encryption of data or authentication function, guarantee the safe transmission of data.At present widely used is IPSec (Internet ProtocolSecurity) agreement.
Ipsec protocol is a kind of protocol suite, includes: AH (Authentication Header) checking agreement, ESP (Encapsulation Security Protocol) encapsulating security payload (esp), IKE (InternetKey Exchange) internet key exchange protocol etc.The ipsec protocol support generates security alliance SA (Security Association) by manual configuration mode or the automatic negotiation mode of IKE agreement.This security alliance SA is the basis of IPSec, and it has determined to be used for effective life period of transcoding mode, key and key in the ipsec protocol of protected data bag safety etc.In a word, security alliance SA is the basic foundation that data are encrypted or verified, we can say that also each packet that need encrypt or verify processing all can dispose or generate the corresponding particular safety SA of alliance.
Now, though most encrypted authentication work is to finish in host computer system (being the host software system of router), also there are some companies that the encrypted authentication of data is transferred on the veneer (being encrypted card) and realize, can improve processing speed of data greatly like this.The encrypted card of applicant development be exactly one based on ipsec protocol, be specifically designed to the hardware integrated circuit board of data encryption checking.Because the generation of security alliance SA, maintenance are all finished by main frame, encrypted card itself is encryption or the checking processing of finishing data according to the backup of the SA of Host Security alliance of its preservation, so in control to data, there be certain separating in main frame with encrypted card, has therefore produced the consistent problem that how to guarantee encrypted card security alliance SA and the SA of Host Security alliance.For this reason, the applicant has defined a series of control commands to encrypted card, comprises interpolation, deletion, binding (being applied to the AH+ESP agreement) of security alliance SA etc.
In order to realize the communication between encrypted card and the main frame, the applicant has defined a kind of special message frame header structure, wherein includes type of message (command/other), message attributes (command property/data attribute/other) and other information relevant with data.For example the sign of the security alliance SA of each packet correspondence all is that the overall situation is unique, and promptly each security alliance SA has different signs; It also is unique that the sequence number of each packet indicates for certain SA, promptly has different sequence numbers respectively with all relevant packets of certain SA and indicates or the like.This message frame head transmits between encrypted card and main frame together in company with packet itself.Now, along with people to data encrypt, the improving constantly of safe transmission performance requirement, use encrypted card to become a kind of development trend.Present host computer system is to the management method of SA, if do not use encrypted card, when the SA that does not perhaps need host computer system is safeguarded monitors in real time, reached good effect.Simultaneously,, flow timeout mechanism overtime by the time that the IKE agreement provides comes the regular update security alliance SA, can guarantee the correctness of SA reliablely.But, relative when life cycle than growing or not using timeout mechanism, just have no idea the Security Association that makes a mistake in data processing is in time upgraded.
Under normal circumstances, the SA information between main frame and the encrypted card is consistent, and the packet that encrypted card issues main frame also can both correctly be encrypted or processing such as checking.But, in case abnormal conditions occur, mistake has taken place in which bar security alliance SA of specifically locating if desired on the encrypted card when deal with data, and corresponding security alliance SA upgraded, during the consistency of the security alliance SA between real-time servicing encrypted card and the main frame, it is powerless that existing treatment mechanism just seems.
At present, the problem that certain security alliance SA that encrypted card is preserved occurs, mainly be divided into two kinds of situations: first kind, when the packet that encrypted card issues main frame in alliance safe in utilization carries out encrypted authentication discovery mistake, it can abandon this packet, and returns a message frame head that includes this packet error to host computer system.At this moment, host computer system can be noted down the packet number of being lost by the statistical information of oneself; But whether losing of the specified data of but having no idea bag be relevant with this encrypted card, perhaps specifically owing to which bar Security Association causes, thereby the phenomenon that makes the packet corresponding with this mistake security alliance SA of follow-up transmission will continue to be lost can't in time be corrected.Second kind, the pairing security alliance SA of the packet that does not exist main frame to issue on the encrypted card has perhaps abandoned this packet in processing procedure, and does not feed back any information to main frame.In this case, if main frame has no idea to know this security alliance SA problem having taken place, will cause encrypted card to continue to abandon the packet of this SA correspondence.
Summary of the invention
The purpose of this invention is to provide the whether implementation method of safe transmission of a kind of alliance safe in utilization sequence number verification msg, this method be solve two kinds of abnormal problems of above-mentioned encrypted card than good method, whether can detect each Security Association more easily on encrypted card makes a mistake, and the location finds out the Security Association of generation problem and upgrades it in time, the processing of this Security Association related data packets made a mistake once more avoiding.
The object of the present invention is achieved like this: whether a kind of alliance safe in utilization sequence number verification msg the implementation method of safe transmission, it is characterized in that: this method is to add transmit Sequence Number (card_send_seq) in the structure of every security alliance SA, receive sequence number (card_recv_seq) and three sequence numbers of checking sequence number (card_last_recv_seq) indicate and a state indications (card_last_check_result) symbol, then, send mutually data between main frame and the encrypted card, detect these and indicate verify whether encrypted card makes a mistake in the SA of alliance safe in utilization carries out the process of data processing; Simultaneously, main frame regularly detects employed every the security alliance SA of encrypted card, utilizes these to indicate to determine the particular location of the security alliance SA of generation problem; Comprise the following steps:
(1) use ipsec protocol to consult automatically by IKE or manual configuration generation security alliance SA, and the transmitting Sequence Number of this security alliance SA, receive sequence number and checking sequence number and state indications carried out initialization, be provided with respectively transmit Sequence Number, receive sequence number, checking sequence number and state indications be 0;
(2) find pairing security alliance SA by main frame according to the feature of data own, obtain transmitting Sequence Number of this security alliance SA; And this is transmitted Sequence Number add value after 1 as the sequence number DataSequence of this packet with can add to simultaneously in the described data packet message frame head in the sign of unique this security alliance SA of sign of the overall situation, send to encrypted card together with packet and handle; Also transmitting Sequence Number of this security alliance SA added 1, the expression main frame has sent a packet that sequence number is DataSequence to encrypted card;
(3) encrypted card receives the packet that main frame sends, indicate according to the security alliance SA in this data packet message frame head earlier and find corresponding security alliance SA, information by this security alliance SA is verified processing to this packet, and according to verifying that the result generates new message frame head or error message: if be proved to be successful, then generate the packet behind the encrypted authentication, original value in the data packet message frame head that security alliance SA in its message frame head indicates and sequence of data packet DataSequence all sends with main frame is consistent, if authentication failed, then generation error information; Then this message frame head or error message are sent back to main frame together with the packet after handling;
(4) main frame receives the packet that the encrypted card foldback is returned, and obtains the sequence number DataSequence of security alliance SA sign and this packet from this data packet message frame head; Sign according to security alliance SA obtains corresponding security alliance SA again, and the sequence number of this security alliance SA carried out following processing: add 1 if the sequence number DataSequence of this packet equals the receive sequence number of this security alliance SA, the checking processing that the pairing packet of this security alliance SA is described belongs to normal condition, this packet is the current desired packet that obtains from encrypted card of main frame, and the sequence number DataSequence of this packet that receive sequence number equals to receive is set; If the sequence number DataSequence of packet is not equal to the receive sequence number of this security alliance SA and adds 1, illustrate that encrypted card is in using this security alliance SA deal with data packet procedures, there has been packet to be lost, this packet is not the current desired packet that obtains from encrypted card of main frame, export information " this SA has had packet to be dropped " this moment, and the receive sequence number that this security alliance SA is set simultaneously is the sequence number DataSequence of this packet of receiving;
(5) main frame carries out regularly detecting to each bar security alliance SA of encrypted card use by timer: whether the checking sequence number of judging this security alliance SA respectively equals its receive sequence number and transmits Sequence Number, whether the state indications that also will judge this security alliance SA equals 1, handles accordingly respectively according to the different situations of above-mentioned sequence number and state indications again:
If the checking sequence number of this Security Association equals receive sequence number, but is not equal to when transmitting Sequence Number, be divided into two kinds of situations and handle:
(A) if the state indications is 0, then the state indications is set to 1;
(B) if the state indications is 1, then this security alliance SA is upgraded error correction, and send corresponding prompt information to the user;
For other situations of sequence number, think that then encrypted card is normal to the processing of packet, the checking sequence number is set simultaneously equals receive sequence number.
Transmit Sequence Number (card_send_seq) of described security alliance SA is the sequence number of mark main frame to each packet that encrypted card sent.
Transmitting Sequence Number of described security alliance SA is need according to the feature of this packet itself, determine that its pairing security alliance SA obtains when encrypted card sends packet at main frame.
The feature of described this packet itself includes: the information of the source address of this IP data packet messages, destination address class.
Described security alliance SA receive sequence number (card_recv_seq) is the sequence number of the packet that received from encrypted card of mark main frame.
Described security alliance SA receive sequence number is when main frame receives the packet that encrypted card returns, and indicates according to the security alliance SA in its message frame head, finds corresponding security alliance SA to obtain.
Described security alliance SA checking sequence number (card_last_recv_seq) is when the mark last time each bar security alliance SA being detected, the receive sequence number of the security alliance SA that this is detected.
Described security alliance SA checking sequence number is when being used for regularly detecting security alliance SA, matches with the transmitting Sequence Number of this security alliance SA, receive sequence number, determines whether the current state of this security alliance SA is normal.
Described security alliance SA state indications (card_last_check_result) is the symbol of the current state of mark security alliance SA.
Described security alliance SA state indications has two kinds: when the state indications is 0, illustrate that this security alliance SA was normal when the last time was detected security alliance SA; When the state indications is 1, illustrate that this security alliance SA had occurred unusually when the last time was detected security alliance SA.
When using encrypted card to carry out the data verification processing, main frame will be safeguarded the identical Security Association of a cover respectively with encrypted card, because the quantity of Security Association is many, it is also relatively large to use these Security Associations to carry out the data volume of encrypted authentication, if find mistake during the encrypted card verification msg, specifically locate is that mistake appears in which bar Security Association, and prior art is to be difficult to realize.Method of the present invention is by Security Association being provided with some sequence numbers and state symbol, carry out analysis and judgement at the different situations of these sequence numbers and state symbol again, whether can make things convenient for, detect quickly and easily each Security Association makes a mistake, and the Security Association present position of generation problem is found in the location, can or add correct Security Association to encrypted card again by the negotiation of this Security Association of triggering then, upgrade error correction; Thereby avoid making a mistake once more, transmission guarantees data security.
Description of drawings
Fig. 1 is that whether correct main frame and encrypted card use Security Association sequence number in the inventive method and sequence of data packet number to detect its corresponding Security Association flow chart.
Fig. 2 is that main frame uses the inventive method regularly to detect each bar Security Association, with the flow chart of the definite position of the Security Association of finding out the generation problem.
Embodiment
The present invention is the whether implementation method of safe transmission of a kind of alliance safe in utilization sequence number verification msg, whether it is to add transmit Sequence Number (card_send_seq), receive sequence number (card_recv_seq) and three sequence numbers of checking sequence number (card_last_recv_seq) indicate and a state indications (card_last_check_result) symbol in the structure of every security alliance SA, make a mistake in the SA of alliance safe in utilization carries out the process of data processing by the detection of these signs being verified encrypted card; Simultaneously, main frame regularly detects employed every the security alliance SA of encrypted card, utilizes these to indicate to determine the particular location of the Security Association of generation problem.
This method includes following operating procedure:
A, at first use the Sec agreement automatically to consult or manual configuration generates security alliance SA, and the transmitting Sequence Number of this security alliance SA, receive sequence number and checking sequence number and state indications are carried out initialization by IKE; This initialization be provided with respectively transmit Sequence Number, receive sequence number, checking sequence number and state indications be 0; Do not send, also do not receive packet from encrypted card to encrypted card in order to indicate current this security alliance SA, the state of this security alliance SA is normal simultaneously.
Send mutually data between B, main frame and the encrypted card, and the process that three sequence numbers and the state indications of corresponding security alliance SA are wherein handled respectively includes the following step (referring to Fig. 1):
B1, at first to find pairing security alliance SA to the own feature of data that encrypted card sends according to it, obtain transmit Sequence Number (card_send_seq) of this security alliance SA by main frame; And the value that this is transmitted Sequence Number (card_send_seq) adds after 1 is added in the data packet message frame head as the sequence number (DataSequence) of this packet, also can indicate territory, and send to encrypted card together with packet and handle in this security alliance SA that the sign that the overall situation indicates this security alliance SA is uniquely added in this data packet message frame head; Simultaneously transmitting Sequence Number of this security alliance SA added 1, the expression main frame has sent a packet that sequence number is DataSequence to encrypted card;
B2, encrypted card receives the packet that main frame sends, indicate according to this security alliance SA in this data packet message frame head earlier and find corresponding security alliance SA, information by this security alliance SA is verified processing to this packet, then generate new message frame head: if be proved to be successful according to the checking result, then generate the packet behind the encrypted authentication, numerical value in the raw data packets message frame head that security alliance SA in its message frame head indicates and sequence of data packet number (DataSequence) all sends with main frame is consistent, if authentication failed, then generation error information; Then this message frame head or the error message that produced are sent back to host computer system together with the packet after handling;
B3, host computer system receive the packet that the encrypted card foldback is returned, and obtain earlier the sequence number (DataSequence) of this security alliance SA sign and this packet from this data packet message frame head; Sign according to this security alliance SA obtains corresponding security alliance SA then, and the sequence number of this security alliance SA carried out following processing: add 1 if the sequence number of this packet (DataSequence) equals the receive sequence number (card_recv_seq) of this security alliance SA, the checking processing that the pairing packet of this security alliance SA is described belongs to normal condition, this packet is the current desired packet that obtains from encrypted card of main frame, and the sequence number (DataSequence) of this packet that receive sequence number (card_recv_seq) equals to receive is set; If the sequence number of this packet (DataSequence) is not equal to the receive sequence number (card_recv_seq) of this security alliance SA and adds 1, illustrate that encrypted card is in using this security alliance SA deal with data packet procedures, there has been packet to be lost, this packet is not the current desired packet that obtains from encrypted card of main frame, export information " this security alliance SA has had packet to be dropped " this moment, and the receive sequence number (card_recv_seq) that this security alliance SA is set simultaneously is the sequence number (DataSequence) of this packet of receiving.This is because at this moment, every its sequence of data packet number (DataSequence) all has been dropped in the processing procedure of encrypted card greater than current receive sequence number (card_recv_seq) and less than all packets of the current sequence of data packet that receives number (DataSequence), and their corresponding error information is not returned yet.The purpose of Chu Liing is in order to make encrypted card avoid making a mistake once more when proceeding the checking processing like this.
C, main frame regularly detect each bar security alliance SA that encrypted card uses by timer, utilize three sequence numbers and state indications to determine the particular location of the Security Association of generation problem.Its process includes the following step (referring to Fig. 2):
Main frame is when regularly detecting each security alliance SA, whether the checking sequence number of at first judging this security alliance SA equals its receive sequence number, whether the checking sequence number of then judging this security alliance SA equals it transmits Sequence Number, whether the state indications that also will judge this security alliance SA equals 1, handles accordingly respectively according to the different situations of above-mentioned sequence number and state indications again:
If being the checking sequence number (card_last_recv_seq) of 0 a certain security alliance SA, initial value equals receive sequence number (card_recv_seq), and be not equal to transmit Sequence Number (card_send_seq), promptly transmitting Sequence Number, (card_recv_seq) is unequal for (card_send_seq) and receive sequence number, explanation main frame in this sense cycle does not receive packet from encrypted card, but has sent packet to encrypted card; Promptly mistake may appear in packet the processing on encrypted card relevant with this security alliance SA in this sense cycle, this mistake is meant packet discard, and feed back to main frame without any error message, or the encrypted card feedack is still in the process of transmission.This is relatively independent because of host computer system and encrypted card system, might be also " on the road " of between transmission of this encrypted card feedack.At this moment, being divided into two kinds of situations handles respectively:
(1) if the state indications (card_last_check_result) of this security alliance SA is 0, represent that this security alliance SA is normal in last once detection, the state indications (card_last_check_result) that this security alliance SA then is set is 1, the corresponding copy of this security alliance SA on encrypted card may make a mistake in this sense cycle to note down, also may just on encrypted card, handle, will send it back main frame subsequently;
(2) if the state indications (card_last_check_result) of this security alliance SA is 1, represent that this security alliance SA of previous cycle makes a mistake at the copy on the encrypted card copy of this security alliance SA (even do not exist) on encrypted card, and carried out mark.At this moment need to come this security alliance SA on the encrypted card is upgraded error correction by issuing the order of adding security alliance SA, simultaneously to user prompt: this security alliance SA makes a mistake;
Think all that for other situations of sequence number encrypted card is normal to the processing of packet.For example the checking sequence number (card_last_recv_seq) of this security alliance SA is not equal to its receive sequence number (card_recv_seq), explanation once received the packet relevant with this security alliance SA of encrypted card feedback in this sense cycle, promptly encrypted card is normal to the processing procedure that main frame feeds back this security alliance SA related data packets in over and done with a period of time, can think that the copy of this security alliance SA on encrypted card is correct, the checking sequence number (card_last_recv_seq) that this security alliance SA is set equals its receive sequence number (card_recv_seq), it is 0 that its state sign (card_last_check_result) is set simultaneously, indicates that this security alliance SA state is normal.
For example transmit Sequence Number (card_send_seq) of this security alliance SA equals its receive sequence number (card_recv_seq) again, promptly the packet to the encrypted card transmission that this security alliance SA is relevant has all obtained the feedback of encrypted card, illustrate that the copy of this security alliance SA on encrypted card is correct, the checking sequence number (card_last_recv_seq) that this security alliance SA then is set equals receive sequence number (card_recv_seq), it is 0 that its state sign (card_last_check_result) is set simultaneously, indicates that this security alliance SA state is normal.
This is because in above-mentioned processing procedure of the present invention, and transmit Sequence Number (card_send_seq) of each security alliance SA equals host computer system sequence of data packet number (DataSequence) of up-to-date (being sequence number number maximum) in encrypted card all packets that send, relevant with this security alliance SA all the time.And the sequence of data packet number (DataSequence) of up-to-date (being sequence number number maximum) the receive sequence number of each security alliance SA (card_recv_seq) also equals all the time that host computer system receives from encrypted card, relevant all packets with this security alliance SA.So in theory, if no matter encrypted card has all fed back to main frame to the result of each packet (is the packet behind the encrypted authentication that obtains after correct the processing, still the error message that provides after the discovery mistake in the processing procedure), for same security alliance SA, its transmit Sequence Number (card_send_seq) should be and its receive sequence number (card_recv_seq) equal (suppose that encrypted card all disposes to all relevant packets of this security alliance SA, its feedack is also all received by main frame).
Method of the present invention was carried out analogue simulation and test at computer, and implemented test in the encrypted card project of applicant's development, the practice of test and test proof, and this method is feasible, and reliable operation, has realized the goal of the invention of expection.
Claims (10)
1, a kind of method of verificating data safety transmission, it is characterized in that: this method is to add transmit Sequence Number (card_send_seq), receive sequence number (card_recv_seq) and three sequence numbers of checking sequence number (card_last_recv_seq) to indicate and a state indications (card_last_check_result) symbol in the structure of every security alliance SA, then, send mutually data between main frame and the encrypted card, detect these and indicate verify whether encrypted card makes a mistake in the SA of alliance safe in utilization carries out the process of data processing; Simultaneously, main frame regularly detects employed every the security alliance SA of encrypted card, utilizes these to indicate to determine the particular location of the security alliance SA of generation problem; Comprise the following steps:
(1) use ipsec protocol to consult automatically by IKE or manual configuration generation security alliance SA, and the transmitting Sequence Number of this security alliance SA, receive sequence number and checking sequence number and state indications carried out initialization, be provided with respectively transmit Sequence Number, receive sequence number, checking sequence number and state indications be 0;
(2) find pairing security alliance SA by main frame according to the feature of data own, obtain transmitting Sequence Number of this security alliance SA; And this is transmitted Sequence Number add value after 1 as the sequence number DataSequence of this packet with can add to simultaneously in the described data packet message frame head in the sign of unique this security alliance SA of sign of the overall situation, send to encrypted card together with packet and handle; Also transmitting Sequence Number of this security alliance SA added 1, the expression main frame has sent a packet that sequence number is DataSequence to encrypted card;
(3) encrypted card receives the packet that main frame sends, indicate according to the security alliance SA in this data packet message frame head earlier and find corresponding security alliance SA, information by this security alliance SA is verified processing to this packet, and according to verifying that the result generates new message frame head or error message: if be proved to be successful, then generate the packet behind the encrypted authentication, original value in the data packet message frame head that security alliance SA in its message frame head indicates and sequence of data packet DataSequence all sends with main frame is consistent, if authentication failed, then generation error information; Then this message frame head or error message are sent back to main frame together with the packet after handling;
(4) main frame receives the packet that the encrypted card foldback is returned, and obtains the sequence number DataSequence of security alliance SA sign and this packet from this data packet message frame head; Sign according to security alliance SA obtains corresponding security alliance SA again, and the sequence number of this security alliance SA carried out following processing: add 1 if the sequence number DataSequence of this packet equals the receive sequence number of this security alliance SA, the checking processing that the pairing packet of this security alliance SA is described belongs to normal condition, this packet is the current desired packet that obtains from encrypted card of main frame, and the sequence number DataSequence of this packet that receive sequence number equals to receive is set; If the sequence number DataSequence of packet is not equal to the receive sequence number of this security alliance SA and adds 1, illustrate that encrypted card is in using this security alliance SA deal with data packet procedures, there has been packet to be lost, this packet is not the current desired packet that obtains from encrypted card of main frame, export information " this SA has had packet to be dropped " this moment, and the receive sequence number that this security alliance SA is set simultaneously is the sequence number DataSequence of this packet of receiving;
(5) main frame carries out regularly detecting to each bar security alliance SA of encrypted card use by timer: whether the checking sequence number of judging this security alliance SA respectively equals its receive sequence number and transmits Sequence Number, whether the state indications that also will judge this security alliance SA equals 1, handles accordingly respectively according to the different situations of above-mentioned sequence number and state indications again:
If the checking sequence number of this Security Association equals receive sequence number, but is not equal to when transmitting Sequence Number, be divided into two kinds of situations and handle:
(A) if the state indications is 0, then the state indications is set to 1;
(B) if the state indications is 1, then this security alliance SA is upgraded error correction, and send corresponding prompt information to the user;
For other situations of sequence number, think that then encrypted card is normal to the processing of packet, the checking sequence number is set simultaneously equals receive sequence number.
2, the method for verificating data safety transmission according to claim 1, it is characterized in that: transmitting Sequence Number of described security alliance SA is the sequence number of mark main frame to each packet that encrypted card sent.
3, the method for verificating data safety transmission according to claim 2, it is characterized in that: transmitting Sequence Number of described security alliance SA is need be when encrypted card sends packet at main frame, according to the feature of this packet itself, determine that its pairing security alliance SA obtains.
4, the method for verificating data safety transmission according to claim 3, it is characterized in that: the feature of described this packet itself includes: the information of the source address of this IP data packet messages, destination address class.
5, the method for verificating data safety according to claim 1 transmission is characterized in that: described security alliance SA receive sequence number is the sequence number of the packet that received from encrypted card of mark main frame.
6, the method for verificating data safety transmission according to claim 5, it is characterized in that: described security alliance SA receive sequence number is when main frame receives the packet that encrypted card returns, indicate according to the security alliance SA in its message frame head, find corresponding security alliance SA to obtain.
7, the method for verificating data safety transmission according to claim 1, it is characterized in that: described security alliance SA checking sequence number (card_last_recv_seq) is when the mark last time each bar security alliance SA being detected, the receive sequence number of the security alliance SA that this is detected.
8, the method for verificating data safety transmission according to claim 7, it is characterized in that: described security alliance SA checking sequence number is when being used for regularly detecting security alliance SA, match with the transmitting Sequence Number of this security alliance SA, receive sequence number, determine whether the current state of this security alliance SA is normal.
9, the method for verificating data safety transmission according to claim 1, it is characterized in that: described security alliance SA state indications (card_last_check_result) is the symbol of the current state of mark security alliance SA.
10, the method for verificating data safety transmission according to claim 9, it is characterized in that: described security alliance SA state indications has two kinds: when the state indications is 0, illustrate that this security alliance SA was normal when the last time was detected security alliance SA; When the state indications is 1, illustrate that this security alliance SA had occurred unusually when the last time was detected security alliance SA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02117818 CN1223137C (en) | 2002-05-22 | 2002-05-22 | Method of verificating data safety transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02117818 CN1223137C (en) | 2002-05-22 | 2002-05-22 | Method of verificating data safety transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1414730A CN1414730A (en) | 2003-04-30 |
| CN1223137C true CN1223137C (en) | 2005-10-12 |
Family
ID=4744529
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02117818 Expired - Fee Related CN1223137C (en) | 2002-05-22 | 2002-05-22 | Method of verificating data safety transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1223137C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075427A (en) * | 2011-01-18 | 2011-05-25 | 中兴通讯股份有限公司 | Security association-based IPSec message processing method and device |
| CN104735060B (en) * | 2015-03-09 | 2018-02-09 | 清华大学 | Router and its verification method of datum plane information and checking device |
-
2002
- 2002-05-22 CN CN 02117818 patent/CN1223137C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1414730A (en) | 2003-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6427169B1 (en) | Parsing a packet header | |
| US7159030B1 (en) | Associating a packet with a flow | |
| US8245032B2 (en) | Method to authenticate packet payloads | |
| US11164674B2 (en) | Multimodal cryptographic data communications in a remote patient monitoring environment | |
| US9294270B2 (en) | Detection of stale encryption policy by group members | |
| US8391485B2 (en) | Stealth message transmission in a network | |
| US20090089574A1 (en) | System, method and program for protecting communication | |
| EP1692811A1 (en) | Methods, systems and computer program products for automatic rekeying in an authentication environment | |
| US8683572B1 (en) | Method and apparatus for providing continuous user verification in a packet-based network | |
| US20090113065A1 (en) | Integrity mechanism for file transfer in communications networks | |
| US20020191785A1 (en) | Apparatus and method for encrypting and decrypting data with incremental data validation | |
| US10862675B2 (en) | Method for exchanging messages between security-relevant devices | |
| CN1149787C (en) | Method of adding subscriber's security confirmation to simple network management protocol | |
| WO2022099683A1 (en) | Data transmission method and apparatus, device, system, and storage medium | |
| US7634655B2 (en) | Efficient hash table protection for data transport protocols | |
| CN1223137C (en) | Method of verificating data safety transmission | |
| CN111193730B (en) | IoT trusted scene construction method and device | |
| CN112615820A (en) | Replay attack detection method, device, equipment and storage medium | |
| US6968498B1 (en) | System and method for verifying validity of transmission data based on a numerical identifier for the data | |
| WO2008014666A1 (en) | An apparatus and a method for reporting the error of each level of the tunnel data packet in a communication network | |
| CN117667788B (en) | Data interaction method, computer system, electronic device and storage medium | |
| CN114884736B (en) | Safety protection method and device for explosion attack prevention | |
| US20070226486A1 (en) | Telnet security system and operation method thereof | |
| CN117667788A (en) | Data interaction method, computer system, electronic device and storage medium | |
| CN117834240A (en) | Automatic access method and system for equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20051012 Termination date: 20110522 |