Abnormal IPSec packet control system using IPSec configuration and session data, and method thereof
    1.
    发明申请
    Abnormal IPSec packet control system using IPSec configuration and session data, and method thereof 有权
    使用IPSec配置和会话数据的异常IPSec数据包控制系统及其方法

    公开(公告)号:US20080168551A1

    公开(公告)日:2008-07-10

    申请号:US11707575

    申请日:2007-02-16

    IPC分类号: G06F15/16

    CPC分类号: H04L63/164

    摘要: Disclosed are an abnormal Internet Protocol Security (IPSec) packet control system and method using IPSec configuration and session data which detects whether or not the packets encrypted by an Encapsulating Security Payload extended header are abnormal by using IPSec configuration and session data tables without decrypting them, thereby blocking harmful packets. The IPSec packet control system comprises: an extended header processing unit that receives an IPSec packet and extracts the data to be used in traffic control; check units for checking the packets in the stages of IPSec configuration and IPSec communication that receive the extracted data to determine whether or not the IPSec packet has passed; and a control unit that allows the IPSec to pass or to be blocked according to a determination result from the check units for checking the IPSec configuration and communication packets, whereby the abnormal IPSec packets are blocked using the IPSec configuration and session tables without decryption and encryption thereof, thereby processing the IPSec packet without performance degradation.

    摘要翻译: 公开了使用IPSec配置和会话数据的异常互联网协议安全(IPSec)分组控制系统和方法,该方法通过使用IPSec配置和会话数据表来检测由封装安全有效载荷扩展报头加密的分组是否异常而不对其进行解密, 从而阻止有害数据包。 IPSec分组控制系统包括:扩展报头处理单元,接收IPSec报文并提取业务控制中要使用的数据; 检查接收提取数据的IPSec配置和IPSec通信阶段的报文检查单位,确定IPSec报文是否通过; 以及控制单元,其允许IPSec根据用于检查IPSec配置和通信分组的检查单元的确定结果通过或被阻塞,由此使用IPSec配置和会话表来阻止异常IPSec分组而不进行解密和加密 从而处理IPSec分组而不会降低性能。