KR20010066996A - ASIC of VPN using IP-Sec(internet protocol-security) - Google Patents

ASIC of VPN using IP-Sec(internet protocol-security) Download PDF

Info

Publication number
KR20010066996A
KR20010066996A KR1020000065993A KR20000065993A KR20010066996A KR 20010066996 A KR20010066996 A KR 20010066996A KR 1020000065993 A KR1020000065993 A KR 1020000065993A KR 20000065993 A KR20000065993 A KR 20000065993A KR 20010066996 A KR20010066996 A KR 20010066996A
Authority
KR
South Korea
Prior art keywords
asic
vpn
security
sec
internet protocol
Prior art date
Application number
KR1020000065993A
Other languages
Korean (ko)
Inventor
김명
Original Assignee
이광세
(주)시그엔
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이광세, (주)시그엔 filed Critical 이광세
Priority to KR1020000065993A priority Critical patent/KR20010066996A/en
Publication of KR20010066996A publication Critical patent/KR20010066996A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L21/00Processes or apparatus adapted for the manufacture or treatment of semiconductor or solid state devices or of parts thereof
    • H01L21/02Manufacture or treatment of semiconductor devices or of parts thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5619Network Node Interface, e.g. tandem connections, transit switching
    • H04L2012/5621Virtual private network [VPN]; Private-network - network-interface (P-NNI)

Abstract

PURPOSE: A one chip type IP(Internet Protocol) security based VPN(Virtual private Network) production method is provided to produce the IP security function by an ASIC(Application Specific Integrated Circuit) for using variously the functions of the VPN. CONSTITUTION: The method comprises steps of embedding an IP security program, defined by an RFC(Requests For Comments), in an ASIC, setting a coding/decoding algorithm at an external position of the ASIC to accept currently used various coding algorithms, and producing TCP-IP IO structure for making an Internet access easy. The ASIC device can be directly inserted in internal circuit of a conventional computer system or be interfaced with the conventional computer system.

Description

IP-Sec 기반의 VPN을 one-chip화{ASIC of VPN using IP-Sec(internet protocol-security)}ASIC of VPN using IP-Sec (internet protocol-security)}

본발명은 VPN(가상사설망)을 구성하는 핵심요소인 IP-Sec을 ASIC화 하여 공중망 network 상에서의 통신 /음성의 보안유지를 보편화시킴으로써 누구나 아주 쉽게 사용하기 위함이다.The present invention is to make it easy for anyone to use, by universalizing the security of communication / voice on public network network by converting IP-Sec, which is a key component of VPN (Virtual Private Network), to ASIC.

현재에는 이러한 VPN(가상사설망) 기능을 하기 위해서는 S/W를 computer system에 설치하거나 VPN 전용장비를 사용하여야만 하게 되어있다.Currently, in order to function as a virtual private network (VPN), S / W must be installed in a computer system or a dedicated VPN device must be used.

이러한 현재의 방법은 사용상의 제약과 비용 및 운영상의 어려움을 상당히 초래하고 있다.This current method introduces significant limitations in use, cost and operational difficulties.

본 발명은 VPN(가상사설망)기능중에서 가장 주가 되는 기능인 IP-Sec을 ASIC화함으로써 VPN 기능을 보다 다양하게 사용할수 있도록 하고저 한다.According to the present invention, the IP-Sec, which is the main function of the virtual private network (VPN) function, is made to ASIC so that the VPN function can be used in various ways.

세계 표준화된 RFC(Request for comments)에서 정의한 IP-Sec(internet protocol-security)방식에 따라,According to the IP-Sec (internet protocol-security) method defined in the world standardized Request for comments (RFC),

만들고자 하는 ASIC의 micro code를 사용 할수 있는 program을 개발하여 ASIC반도체 내에 직접 내장하고,Develop a program that can use ASIC micro code to make and embed directly in ASIC semiconductor,

IP-Sec의 암호화 및 복호화 하는 부분은 ASIC 반도체 외부에 위치하여 I/F 할 수 있도록 하며,The part of IP-Sec encryption and decryption is located outside the ASIC semiconductor to enable I / F.

internet의 입출력 부분은 ASIC 반도체내에 내장함으로써 ASIC 반 도체를 하나의 Gateway 형태의 반도체로 만든다.The input / output part of the internet is embedded in the ASIC semiconductor to make the ASIC semiconductor into a gateway type semiconductor.

이렇게 함으로써 암/복호화에 유연성(다양한 종류으 암호알고리즘)을 가질수 있고 또한 입출력의 설계를 Gateway 형태로 만듦으로써 쉽게 전자회로에 삽입하여 사용할 수 있도록 한다.By doing so, it is possible to have flexibility (various kinds of encryption algorithms) in encryption / decryption, and to make the design of input / output into gateway type so that it can be easily inserted into electronic circuits.

본 발명은 VPN(가상사설망)을 ASIC화함으로써 인터넷상의 음성 및 Data를 암호화하여 보안을 유지하기위함이다.The present invention is to maintain the security by encrypting voice and data on the Internet by ASIC VPN (Virtual Private Network).

좀더 상세한 설명을 하면 다음 과 같다.More detailed explanation is as follows.

(도표1)에서 RFC가 정의하는 IP-Sec은 ASIC에 내장할 수 있는 Program을 별도로 만들어 ASIC설계에 반영하며, IP-Sec의 암호화/복호화하는 암호알고리즘③은 ASIC의 외부에 두어 현재 사용하는 다양한 암호알고리즘에 유연하게 대처하여 사용할 수 있도록 하며, 이 ASIC반도체의 입출력을 TCP-IP구조④로 만듦으로써 인터넷에 연결을 용이하게 한다. 또한 본 ASIC 반도체의 이용방법(도표2)은 기존의 computer system 내부회로에 직접 삽입 ⓑ하여 인터넷ⓒ과 직접 연결하여 사용할 수도 있고, 또한 별도의 PCB(회로)를 구성하여 computer system과 interface를 시킬 수도 있다.In Figure 1, the IP-Sec defined by the RFC creates a separate program that can be embedded in the ASIC and reflects it in the ASIC design, and the encryption algorithm ③ that encrypts / decrypts the IP-Sec is placed outside the ASIC. It is possible to flexibly cope with the encryption algorithm and to make the connection to the Internet by making the input / output of this ASIC semiconductor into the TCP-IP structure④. In addition, the method of using this ASIC semiconductor (Figure 2) can be used by directly inserting into the existing computer system internal circuit ⓑ and directly connected to the Internetⓒ, or by configuring a separate PCB (circuit) to interface with the computer system. have.

본 발명은 VPN(가상사설망)기능의 핵심요소인 IP-Sec을 하나의 반도체로 만듦으로써 다양한 용도를 가질 뿐 아니라 소형화, 경량화에도 획기적으로 사용이 가능하다. 또한 공중망에서 통신하는 음성/Data에 보안을 유지시킴으로 인하여 향후 공중망에 사용되는 모든 기기들에 적용이 가능하다.The present invention can be used not only for various purposes but also for miniaturization and light weight by making IP-Sec, a key element of the virtual private network (VPN) function, into a single semiconductor. In addition, it can be applied to all devices used in the public network in the future by maintaining the security of voice / data communicating in the public network.

Claims (3)

RFC 근간의 IP-Sec의 ASIC 반도체 칩화ASIC semiconductor chipping of IP-Sec based on RFC IP-Sec 기능 중 암호알고리즘을 외부에 위치할 수 있도록 설계Designed to place encryption algorithm among IP-Sec functions externally ASIC과 외부와의 interface를 TCP/IP 방법으로 ASIC 반도체 내부에 내장시킨 방법A method of embedding the interface between the ASIC and the outside inside the ASIC semiconductor using the TCP / IP method
KR1020000065993A 2000-11-07 2000-11-07 ASIC of VPN using IP-Sec(internet protocol-security) KR20010066996A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020000065993A KR20010066996A (en) 2000-11-07 2000-11-07 ASIC of VPN using IP-Sec(internet protocol-security)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020000065993A KR20010066996A (en) 2000-11-07 2000-11-07 ASIC of VPN using IP-Sec(internet protocol-security)

Publications (1)

Publication Number Publication Date
KR20010066996A true KR20010066996A (en) 2001-07-12

Family

ID=19697771

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020000065993A KR20010066996A (en) 2000-11-07 2000-11-07 ASIC of VPN using IP-Sec(internet protocol-security)

Country Status (1)

Country Link
KR (1) KR20010066996A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100834270B1 (en) * 2005-10-06 2008-05-30 주식회사 케이티프리텔 Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6055575A (en) * 1997-01-28 2000-04-25 Ascend Communications, Inc. Virtual private network system and method
US6298060B1 (en) * 1998-04-30 2001-10-02 Nippon Telegraph And Telephone Corporation Layer 2 integrated access scheme
US6304100B1 (en) * 1999-04-27 2001-10-16 Mitsubishi Denki Kabushiki Kaisha Programmable semiconductor device providing security of circuit information
US6449272B1 (en) * 1998-05-08 2002-09-10 Lucent Technologies Inc. Multi-hop point-to-point protocol
US9999999B2 (en) * 2014-12-10 2018-06-19 Inglass S.P.A. Injector for plastic material injection molding apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6055575A (en) * 1997-01-28 2000-04-25 Ascend Communications, Inc. Virtual private network system and method
US6298060B1 (en) * 1998-04-30 2001-10-02 Nippon Telegraph And Telephone Corporation Layer 2 integrated access scheme
US6449272B1 (en) * 1998-05-08 2002-09-10 Lucent Technologies Inc. Multi-hop point-to-point protocol
US6304100B1 (en) * 1999-04-27 2001-10-16 Mitsubishi Denki Kabushiki Kaisha Programmable semiconductor device providing security of circuit information
US9999999B2 (en) * 2014-12-10 2018-06-19 Inglass S.P.A. Injector for plastic material injection molding apparatus

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100834270B1 (en) * 2005-10-06 2008-05-30 주식회사 케이티프리텔 Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same

Similar Documents

Publication Publication Date Title
US9210172B2 (en) Method and system for establishing a communications pipe between a personal security device and a remote computer system
US20040158716A1 (en) Authentication and authorisation based secure ip connections for terminals
CA2359673A1 (en) Self-generation of certificates using a secure microprocessor in a device for transferring digital information
SE0002446D0 (en) Method and arrangement in a communications network
HUP0400771A2 (en) Method for enabling pki functions in a smart card
NO20026003D0 (en) terminal communication system
GB2392343B (en) Communications protocols operable through network address translation (nat) type devices
WO2002095543A3 (en) Apparatus and method for providing secure network communication
TW200731736A (en) Semiconductor chip and configuring method thereof
GB2374497B (en) Facilitating legal interception of IP connections
JP2006524925A5 (en)
DE60231629D1 (en) DATA-TRANSMISSION PROCEDURE BETWEEN A LOCAL SERVER AND LOCAL CLIENTS
JP2007506202A (en) Remote IPSEC security relevance management
EP3671520A1 (en) Data retention device
KR20010066996A (en) ASIC of VPN using IP-Sec(internet protocol-security)
Okabe et al. Security architecture for control networks using IPsec and KINK
HK1058867A1 (en) Electronic security system and scheme for a communications network
MY128452A (en) Network authentication
CN111541681A (en) Language downloading method based on Internet of things
Kim et al. Kernel migration of transport layer security
EP1557978A4 (en) A security management method for an integrated access device of network
GB2403627B (en) Communication protocols operable through network address translation (nat) type devices
FR2834851A1 (en) Communications network/detectors/drivers interface module having layer between internet protocol/virtual network and mechanism authenticating detectors/drivers

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application