公开(公告)号：US08336093B2

公开(公告)日：2012-12-18

申请号：US11707575

申请日：2007-02-16

申请人： Young Ik Eom ,  Ka Eul Kim ,  Kwangsun Ko ,  Gyehyeon Gyeong ,  Seong Goo Kang ,  Yonghyeog Kang ,  Hyunjin Cho ,  Hyunsu Jang ,  Yong Woo Jung ,  Hyunwoo Choi

发明人： Young Ik Eom ,  Ka Eul Kim ,  Kwangsun Ko ,  Gyehyeon Gyeong ,  Seong Goo Kang ,  Yonghyeog Kang ,  Hyunjin Cho ,  Hyunsu Jang ,  Yong Woo Jung ,  Hyunwoo Choi

IPC分类号： G06F9/00

CPC分类号： H04L63/164

摘要： An abnormal Internet Protocol Security (IPSec) packet control system and method utilizes IPSec configuration and session data to detect whether or not packets encrypted by an extended header are abnormal. The IPSec packet control system can include an extended header processing unit that receives an IPSec packet and extracts the data to be used in traffic control; check units for checking the packets in the stages of IPSec configuration and IPSec communication that receive the extracted data to determine whether or not the IPSec packet has passed; and a control unit that allows the IPSec to pass or to be blocked according to a determination result from the check units for checking the IPSec configuration and communication packets, where abnormal IPSec packets are blocked using the IPSec configuration and session tables without requiring them to be decrypted and encrypted.

摘要翻译： 异常Internet协议安全（IPSec）数据包控制系统和方法利用IPSec配置和会话数据来检测扩展报头加密的数据包是否异常。 IPSec分组控制系统可以包括扩展头处理单元，其接收IPSec分组并提取要在业务控制中使用的数据; 检查接收提取数据的IPSec配置和IPSec通信阶段的报文检查单位，确定IPSec报文是否通过; 以及控制单元，其允许IPSec根据来自用于检查IPSec配置和通信分组的检查单元的确定结果通过或被阻止，其中使用IPSec配置和会话表阻止异常IPSec分组，而不需要它们 解密和加密。

公开(公告)号：US20080168551A1

公开(公告)日：2008-07-10

申请号：US11707575

申请日：2007-02-16

申请人： Young Ik Eom ,  Ka Eul Kim ,  Kwangsun Ko ,  Gyehyeon Gyeong ,  Seoung Goo Kang ,  Yonghyeog Kang ,  Hyunjin Cho ,  Hyunsu Jang ,  Yong Woo Jung ,  Hyunwoo Choi

发明人： Young Ik Eom ,  Ka Eul Kim ,  Kwangsun Ko ,  Gyehyeon Gyeong ,  Seoung Goo Kang ,  Yonghyeog Kang ,  Hyunjin Cho ,  Hyunsu Jang ,  Yong Woo Jung ,  Hyunwoo Choi

IPC分类号： G06F15/16

CPC分类号： H04L63/164

摘要： Disclosed are an abnormal Internet Protocol Security (IPSec) packet control system and method using IPSec configuration and session data which detects whether or not the packets encrypted by an Encapsulating Security Payload extended header are abnormal by using IPSec configuration and session data tables without decrypting them, thereby blocking harmful packets. The IPSec packet control system comprises: an extended header processing unit that receives an IPSec packet and extracts the data to be used in traffic control; check units for checking the packets in the stages of IPSec configuration and IPSec communication that receive the extracted data to determine whether or not the IPSec packet has passed; and a control unit that allows the IPSec to pass or to be blocked according to a determination result from the check units for checking the IPSec configuration and communication packets, whereby the abnormal IPSec packets are blocked using the IPSec configuration and session tables without decryption and encryption thereof, thereby processing the IPSec packet without performance degradation.

摘要翻译： 公开了使用IPSec配置和会话数据的异常互联网协议安全（IPSec）分组控制系统和方法，该方法通过使用IPSec配置和会话数据表来检测由封装安全有效载荷扩展报头加密的分组是否异常而不对其进行解密， 从而阻止有害数据包。 IPSec分组控制系统包括：扩展报头处理单元，接收IPSec报文并提取业务控制中要使用的数据; 检查接收提取数据的IPSec配置和IPSec通信阶段的报文检查单位，确定IPSec报文是否通过; 以及控制单元，其允许IPSec根据用于检查IPSec配置和通信分组的检查单元的确定结果通过或被阻塞，由此使用IPSec配置和会话表来阻止异常IPSec分组而不进行解密和加密 从而处理IPSec分组而不会降低性能。