DE60224917D1 - Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen - Google Patents
Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange PaketenInfo
- Publication number
- DE60224917D1 DE60224917D1 DE60224917T DE60224917T DE60224917D1 DE 60224917 D1 DE60224917 D1 DE 60224917D1 DE 60224917 T DE60224917 T DE 60224917T DE 60224917 T DE60224917 T DE 60224917T DE 60224917 D1 DE60224917 D1 DE 60224917D1
- Authority
- DE
- Germany
- Prior art keywords
- ike
- fragmenting
- reassembling
- restoring
- appropriate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/166—IP fragmentation; TCP segmentation
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/056,889 US7500102B2 (en) | 2002-01-25 | 2002-01-25 | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
US56889 | 2002-01-25 |
Publications (2)
Publication Number | Publication Date |
---|---|
DE60224917D1 true DE60224917D1 (de) | 2008-03-20 |
DE60224917T2 DE60224917T2 (de) | 2009-01-29 |
Family
ID=22007176
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE60224917T Expired - Lifetime DE60224917T2 (de) | 2002-01-25 | 2002-12-23 | Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen |
Country Status (5)
Country | Link |
---|---|
US (1) | US7500102B2 (de) |
EP (1) | EP1333635B1 (de) |
JP (1) | JP4271451B2 (de) |
AT (1) | ATE385642T1 (de) |
DE (1) | DE60224917T2 (de) |
Families Citing this family (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7500102B2 (en) | 2002-01-25 | 2009-03-03 | Microsoft Corporation | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
US7558873B1 (en) | 2002-05-08 | 2009-07-07 | Nvidia Corporation | Method for compressed large send |
US20030212735A1 (en) * | 2002-05-13 | 2003-11-13 | Nvidia Corporation | Method and apparatus for providing an integrated network of processors |
US7437548B1 (en) * | 2002-07-11 | 2008-10-14 | Nvidia Corporation | Network level protocol negotiation and operation |
US7370197B2 (en) | 2002-07-12 | 2008-05-06 | Microsoft Corporation | Method and system for authenticating messages |
US7346771B2 (en) * | 2002-11-13 | 2008-03-18 | Nokia Corporation | Key distribution across networks |
US7397797B2 (en) * | 2002-12-13 | 2008-07-08 | Nvidia Corporation | Method and apparatus for performing network processing functions |
US7624264B2 (en) * | 2003-03-27 | 2009-11-24 | Microsoft Corporation | Using time to determine a hash extension |
US7409544B2 (en) * | 2003-03-27 | 2008-08-05 | Microsoft Corporation | Methods and systems for authenticating messages |
US7610487B2 (en) * | 2003-03-27 | 2009-10-27 | Microsoft Corporation | Human input security codes |
US8261062B2 (en) * | 2003-03-27 | 2012-09-04 | Microsoft Corporation | Non-cryptographic addressing |
US7620070B1 (en) | 2003-06-24 | 2009-11-17 | Nvidia Corporation | Packet processing with re-insertion into network interface circuitry |
US7359983B1 (en) | 2003-06-24 | 2008-04-15 | Nvidia Corporation | Fragment processing utilizing cross-linked tables |
US7913294B1 (en) | 2003-06-24 | 2011-03-22 | Nvidia Corporation | Network protocol processing for filtering packets |
US7359380B1 (en) | 2003-06-24 | 2008-04-15 | Nvidia Corporation | Network protocol processing for routing and bridging |
US8117273B1 (en) * | 2003-07-11 | 2012-02-14 | Mcafee, Inc. | System, device and method for dynamically securing instant messages |
US7574603B2 (en) * | 2003-11-14 | 2009-08-11 | Microsoft Corporation | Method of negotiating security parameters and authenticating users interconnected to a network |
US20050131835A1 (en) * | 2003-12-12 | 2005-06-16 | Howell James A.Jr. | System for pre-trusting of applications for firewall implementations |
EP1562346A1 (de) * | 2004-02-06 | 2005-08-10 | Matsushita Electric Industrial Co., Ltd. | Verfahren und System für den zuverlässigen Abbau von IPSec-Sicherheitsverbindungen |
US7929689B2 (en) | 2004-06-30 | 2011-04-19 | Microsoft Corporation | Call signs |
IES20050439A2 (en) * | 2005-06-30 | 2006-08-09 | Asavie R & D Ltd | A method of network communication |
US8086842B2 (en) | 2006-04-21 | 2011-12-27 | Microsoft Corporation | Peer-to-peer contact exchange |
US8125907B2 (en) * | 2008-06-12 | 2012-02-28 | Talari Networks Incorporated | Flow-based adaptive private network with multiple WAN-paths |
EP2242273A1 (de) * | 2009-04-14 | 2010-10-20 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Übertragungsschema für Informationen auf Textbasis |
US8289970B2 (en) * | 2009-07-17 | 2012-10-16 | Microsoft Corporation | IPSec encapsulation mode |
CN102025742A (zh) * | 2010-12-16 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | 一种ike报文的协商方法和设备 |
US9185073B2 (en) | 2011-10-06 | 2015-11-10 | Qualcomm Incorporated | Systems and methods for data packet processing |
CN102647251A (zh) * | 2012-03-26 | 2012-08-22 | 北京星网锐捷网络技术有限公司 | 数据传输方法及系统、发送端设备与接收端设备 |
JP6221786B2 (ja) | 2014-01-31 | 2017-11-01 | 富士通株式会社 | 中継装置、通信システム、および、通信方法 |
US9525661B2 (en) * | 2014-09-05 | 2016-12-20 | Alcatel Lucent | Efficient method of NAT without reassemling IPV4 fragments |
US11258694B2 (en) * | 2017-01-04 | 2022-02-22 | Cisco Technology, Inc. | Providing dynamic routing updates in field area network deployment using Internet Key Exchange v2 |
US11082408B2 (en) * | 2017-07-20 | 2021-08-03 | Michael T. Jones | Systems and methods for packet spreading data transmission with anonymized endpoints |
US11108751B2 (en) * | 2017-10-27 | 2021-08-31 | Nicira, Inc. | Segmentation of encrypted segments in networks |
US11206144B2 (en) | 2019-09-11 | 2021-12-21 | International Business Machines Corporation | Establishing a security association and authentication to secure communication between an initiator and a responder |
US11201749B2 (en) * | 2019-09-11 | 2021-12-14 | International Business Machines Corporation | Establishing a security association and authentication to secure communication between an initiator and a responder |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5959974A (en) * | 1996-12-02 | 1999-09-28 | International Business Machines Corporation | System and method for discovering path MTU of internet paths |
FI105753B (fi) * | 1997-12-31 | 2000-09-29 | Ssh Comm Security Oy | Pakettien autentisointimenetelmä verkko-osoitemuutosten ja protokollamuunnosten läsnäollessa |
US7032242B1 (en) * | 1998-03-05 | 2006-04-18 | 3Com Corporation | Method and system for distributed network address translation with network security features |
US6055236A (en) * | 1998-03-05 | 2000-04-25 | 3Com Corporation | Method and system for locating network services with distributed network address translation |
US6453357B1 (en) * | 1999-01-07 | 2002-09-17 | Cisco Technology, Inc. | Method and system for processing fragments and their out-of-order delivery during address translation |
US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
US6957346B1 (en) * | 1999-06-15 | 2005-10-18 | Ssh Communications Security Ltd. | Method and arrangement for providing security through network address translations using tunneling and compensations |
JP2001007858A (ja) | 1999-06-25 | 2001-01-12 | Sony Corp | 送信装置および送信方法、並びに媒体 |
JP2001211147A (ja) | 2000-01-25 | 2001-08-03 | Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd | キーエスクロー方法 |
DE60135347D1 (de) | 2000-07-14 | 2008-09-25 | Irdeto Access Bv | Architektur zur gesicherten paketbasierten datenverteilung |
JP2002044135A (ja) * | 2000-07-25 | 2002-02-08 | Mitsubishi Electric Corp | 暗号装置及び暗号通信システム |
US6876669B2 (en) * | 2001-01-08 | 2005-04-05 | Corrigent Systems Ltd. | Packet fragmentation with nested interruptions |
US20020165973A1 (en) * | 2001-04-20 | 2002-11-07 | Doron Ben-Yehezkel | Adaptive transport protocol |
US20020184383A1 (en) | 2001-05-29 | 2002-12-05 | Docomo Communications Laboratories Usa, Inc. | Live mobile camera system with a communication protocol and a server cluster |
FI111115B (fi) * | 2001-06-05 | 2003-05-30 | Nokia Corp | Menetelmä ja järjestelmä avainten vaihtoon tietoverkossa |
FI118170B (fi) * | 2002-01-22 | 2007-07-31 | Netseal Mobility Technologies | Menetelmä ja järjestelmä viestin lähettämiseksi turvallisen yhteyden läpi |
US7500102B2 (en) | 2002-01-25 | 2009-03-03 | Microsoft Corporation | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
US7120930B2 (en) * | 2002-06-13 | 2006-10-10 | Nvidia Corporation | Method and apparatus for control of security protocol negotiation |
US7346770B2 (en) * | 2002-10-31 | 2008-03-18 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
US7409544B2 (en) * | 2003-03-27 | 2008-08-05 | Microsoft Corporation | Methods and systems for authenticating messages |
KR100651715B1 (ko) * | 2004-10-07 | 2006-12-01 | 한국전자통신연구원 | 차세대 인터넷에서 자동으로 주소를 생성하고 수락하는방법 및 이를 위한 데이터 구조 |
WO2006068450A1 (en) | 2004-12-24 | 2006-06-29 | Samsung Electronics Co., Ltd. | System and method for providing mobility and secure tunnel using mobile internet protocol within internet key exchange protocol version 2 |
-
2002
- 2002-01-25 US US10/056,889 patent/US7500102B2/en not_active Expired - Lifetime
- 2002-12-23 AT AT02028878T patent/ATE385642T1/de not_active IP Right Cessation
- 2002-12-23 DE DE60224917T patent/DE60224917T2/de not_active Expired - Lifetime
- 2002-12-23 EP EP02028878A patent/EP1333635B1/de not_active Expired - Lifetime
-
2003
- 2003-01-27 JP JP2003018021A patent/JP4271451B2/ja not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
US20030142823A1 (en) | 2003-07-31 |
EP1333635A3 (de) | 2005-06-08 |
US7500102B2 (en) | 2009-03-03 |
ATE385642T1 (de) | 2008-02-15 |
EP1333635B1 (de) | 2008-02-06 |
DE60224917T2 (de) | 2009-01-29 |
EP1333635A2 (de) | 2003-08-06 |
JP2003244233A (ja) | 2003-08-29 |
JP4271451B2 (ja) | 2009-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE60224917D1 (de) | Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen | |
WO2003005666A3 (en) | An apparatus and method for secure, automated response to distributed denial of service attacks | |
Kohler et al. | Datagram congestion control protocol (DCCP) | |
Yaar et al. | SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks | |
Lucena et al. | Covert channels in IPv6 | |
US8688979B2 (en) | Means of mitigating denial of service attacks on IP fragmentation in high performance IPSEC gateways | |
WO2001082548A3 (en) | Method and system for protection against denial of service attacks | |
ATE412299T1 (de) | Verfahren zur übertragung von paketdaten in komprimierter form in einem kommunikationssystem | |
ATE337661T1 (de) | Verfahren und vorrichtung zur bereitstellung von unterschiedlichen dienstqualitätsstufen in einer funkpaketdatendienstverbindung | |
US20050268331A1 (en) | Extension to the firewall configuration protocols and features | |
US7649913B2 (en) | Method and system for mitigating traffic congestions in a communication network | |
WO2002082767A3 (en) | System and method for distributing security processing functions for network applications | |
AU2003217931A1 (en) | Method and apparatus for header compression in a wireless lan | |
EP1523149A3 (de) | System und Verfahren zur Überwachung der Verschlüsselungsfehler | |
WO2001047169A3 (en) | A scheme for determining transport level information in the presence of ip security encryption | |
US7916640B1 (en) | Buffer overflow prevention for network devices | |
Floyd | Inappropriate TCP resets considered harmful | |
Deore et al. | Survey denial of service classification and attack with protect mechanism for TCP SYN flooding attacks | |
CN1536848A (zh) | 存取控制方法、中继装置和服务器 | |
Mazurczyk et al. | Steganography in handling oversized IP packets | |
US20140254612A1 (en) | Method and filter for erasing hidden data | |
JP2006501527A (ja) | ネットワーク・サービスプロバイダおよびオペレータのサーバシステムに対する攻撃の確認と防御のための方法、データキャリア、コンピュータシステム、およびコンピュータプログラム | |
GB0228713D0 (en) | Method and apparatus for secure TCP.IP communication | |
CN112787905A (zh) | Mtu确定方法及系统、电子设备及存储介质 | |
WO2001091397A3 (en) | Method and system for stopping hacker attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
8364 | No opposition during term of opposition |