DE60224917D1 - Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen - Google Patents
Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange PaketenInfo
- Publication number
- DE60224917D1 DE60224917D1 DE60224917T DE60224917T DE60224917D1 DE 60224917 D1 DE60224917 D1 DE 60224917D1 DE 60224917 T DE60224917 T DE 60224917T DE 60224917 T DE60224917 T DE 60224917T DE 60224917 D1 DE60224917 D1 DE 60224917D1
- Authority
- DE
- Germany
- Prior art keywords
- ike
- fragmenting
- reassembling
- restoring
- appropriate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/166—IP fragmentation; TCP segmentation
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/056,889 US7500102B2 (en) | 2002-01-25 | 2002-01-25 | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
| US56889 | 2002-01-25 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| DE60224917D1 true DE60224917D1 (de) | 2008-03-20 |
| DE60224917T2 DE60224917T2 (de) | 2009-01-29 |
Family
ID=22007176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| DE60224917T Expired - Lifetime DE60224917T2 (de) | 2002-01-25 | 2002-12-23 | Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US7500102B2 (de) |
| EP (1) | EP1333635B1 (de) |
| JP (1) | JP4271451B2 (de) |
| AT (1) | ATE385642T1 (de) |
| DE (1) | DE60224917T2 (de) |
Families Citing this family (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7500102B2 (en) | 2002-01-25 | 2009-03-03 | Microsoft Corporation | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
| US7558873B1 (en) | 2002-05-08 | 2009-07-07 | Nvidia Corporation | Method for compressed large send |
| US20030212735A1 (en) * | 2002-05-13 | 2003-11-13 | Nvidia Corporation | Method and apparatus for providing an integrated network of processors |
| US7437548B1 (en) * | 2002-07-11 | 2008-10-14 | Nvidia Corporation | Network level protocol negotiation and operation |
| US7370197B2 (en) | 2002-07-12 | 2008-05-06 | Microsoft Corporation | Method and system for authenticating messages |
| US7346771B2 (en) * | 2002-11-13 | 2008-03-18 | Nokia Corporation | Key distribution across networks |
| US7397797B2 (en) * | 2002-12-13 | 2008-07-08 | Nvidia Corporation | Method and apparatus for performing network processing functions |
| US7624264B2 (en) * | 2003-03-27 | 2009-11-24 | Microsoft Corporation | Using time to determine a hash extension |
| US7409544B2 (en) * | 2003-03-27 | 2008-08-05 | Microsoft Corporation | Methods and systems for authenticating messages |
| US7610487B2 (en) * | 2003-03-27 | 2009-10-27 | Microsoft Corporation | Human input security codes |
| US8261062B2 (en) * | 2003-03-27 | 2012-09-04 | Microsoft Corporation | Non-cryptographic addressing |
| US7620070B1 (en) | 2003-06-24 | 2009-11-17 | Nvidia Corporation | Packet processing with re-insertion into network interface circuitry |
| US7359983B1 (en) | 2003-06-24 | 2008-04-15 | Nvidia Corporation | Fragment processing utilizing cross-linked tables |
| US7913294B1 (en) | 2003-06-24 | 2011-03-22 | Nvidia Corporation | Network protocol processing for filtering packets |
| US7359380B1 (en) | 2003-06-24 | 2008-04-15 | Nvidia Corporation | Network protocol processing for routing and bridging |
| US8117273B1 (en) * | 2003-07-11 | 2012-02-14 | Mcafee, Inc. | System, device and method for dynamically securing instant messages |
| US7574603B2 (en) * | 2003-11-14 | 2009-08-11 | Microsoft Corporation | Method of negotiating security parameters and authenticating users interconnected to a network |
| US20050131835A1 (en) * | 2003-12-12 | 2005-06-16 | Howell James A.Jr. | System for pre-trusting of applications for firewall implementations |
| EP1562346A1 (de) * | 2004-02-06 | 2005-08-10 | Matsushita Electric Industrial Co., Ltd. | Verfahren und System für den zuverlässigen Abbau von IPSec-Sicherheitsverbindungen |
| US7929689B2 (en) | 2004-06-30 | 2011-04-19 | Microsoft Corporation | Call signs |
| IES20050439A2 (en) * | 2005-06-30 | 2006-08-09 | Asavie R & D Ltd | A method of network communication |
| US8086842B2 (en) | 2006-04-21 | 2011-12-27 | Microsoft Corporation | Peer-to-peer contact exchange |
| US8125907B2 (en) * | 2008-06-12 | 2012-02-28 | Talari Networks Incorporated | Flow-based adaptive private network with multiple WAN-paths |
| EP2242273A1 (de) * | 2009-04-14 | 2010-10-20 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Übertragungsschema für Informationen auf Textbasis |
| US8289970B2 (en) * | 2009-07-17 | 2012-10-16 | Microsoft Corporation | IPSec encapsulation mode |
| CN102025742A (zh) * | 2010-12-16 | 2011-04-20 | 成都市华为赛门铁克科技有限公司 | 一种ike报文的协商方法和设备 |
| US9185073B2 (en) | 2011-10-06 | 2015-11-10 | Qualcomm Incorporated | Systems and methods for data packet processing |
| CN102647251A (zh) * | 2012-03-26 | 2012-08-22 | 北京星网锐捷网络技术有限公司 | 数据传输方法及系统、发送端设备与接收端设备 |
| JP6221786B2 (ja) | 2014-01-31 | 2017-11-01 | 富士通株式会社 | 中継装置、通信システム、および、通信方法 |
| US9525661B2 (en) * | 2014-09-05 | 2016-12-20 | Alcatel Lucent | Efficient method of NAT without reassemling IPV4 fragments |
| US11258694B2 (en) * | 2017-01-04 | 2022-02-22 | Cisco Technology, Inc. | Providing dynamic routing updates in field area network deployment using Internet Key Exchange v2 |
| US11082408B2 (en) * | 2017-07-20 | 2021-08-03 | Michael T. Jones | Systems and methods for packet spreading data transmission with anonymized endpoints |
| US11108751B2 (en) * | 2017-10-27 | 2021-08-31 | Nicira, Inc. | Segmentation of encrypted segments in networks |
| US11206144B2 (en) | 2019-09-11 | 2021-12-21 | International Business Machines Corporation | Establishing a security association and authentication to secure communication between an initiator and a responder |
| US11201749B2 (en) * | 2019-09-11 | 2021-12-14 | International Business Machines Corporation | Establishing a security association and authentication to secure communication between an initiator and a responder |
Family Cites Families (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5959974A (en) * | 1996-12-02 | 1999-09-28 | International Business Machines Corporation | System and method for discovering path MTU of internet paths |
| FI105753B (fi) * | 1997-12-31 | 2000-09-29 | Ssh Comm Security Oy | Pakettien autentisointimenetelmä verkko-osoitemuutosten ja protokollamuunnosten läsnäollessa |
| US7032242B1 (en) * | 1998-03-05 | 2006-04-18 | 3Com Corporation | Method and system for distributed network address translation with network security features |
| US6055236A (en) * | 1998-03-05 | 2000-04-25 | 3Com Corporation | Method and system for locating network services with distributed network address translation |
| US6453357B1 (en) * | 1999-01-07 | 2002-09-17 | Cisco Technology, Inc. | Method and system for processing fragments and their out-of-order delivery during address translation |
| US6615357B1 (en) * | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
| US6957346B1 (en) * | 1999-06-15 | 2005-10-18 | Ssh Communications Security Ltd. | Method and arrangement for providing security through network address translations using tunneling and compensations |
| JP2001007858A (ja) | 1999-06-25 | 2001-01-12 | Sony Corp | 送信装置および送信方法、並びに媒体 |
| JP2001211147A (ja) | 2000-01-25 | 2001-08-03 | Advanced Mobile Telecommunications Security Technology Research Lab Co Ltd | キーエスクロー方法 |
| DE60135347D1 (de) | 2000-07-14 | 2008-09-25 | Irdeto Access Bv | Architektur zur gesicherten paketbasierten datenverteilung |
| JP2002044135A (ja) * | 2000-07-25 | 2002-02-08 | Mitsubishi Electric Corp | 暗号装置及び暗号通信システム |
| US6876669B2 (en) * | 2001-01-08 | 2005-04-05 | Corrigent Systems Ltd. | Packet fragmentation with nested interruptions |
| US20020165973A1 (en) * | 2001-04-20 | 2002-11-07 | Doron Ben-Yehezkel | Adaptive transport protocol |
| US20020184383A1 (en) | 2001-05-29 | 2002-12-05 | Docomo Communications Laboratories Usa, Inc. | Live mobile camera system with a communication protocol and a server cluster |
| FI111115B (fi) * | 2001-06-05 | 2003-05-30 | Nokia Corp | Menetelmä ja järjestelmä avainten vaihtoon tietoverkossa |
| FI118170B (fi) * | 2002-01-22 | 2007-07-31 | Netseal Mobility Technologies | Menetelmä ja järjestelmä viestin lähettämiseksi turvallisen yhteyden läpi |
| US7500102B2 (en) | 2002-01-25 | 2009-03-03 | Microsoft Corporation | Method and apparatus for fragmenting and reassembling internet key exchange data packets |
| US7120930B2 (en) * | 2002-06-13 | 2006-10-10 | Nvidia Corporation | Method and apparatus for control of security protocol negotiation |
| US7346770B2 (en) * | 2002-10-31 | 2008-03-18 | Microsoft Corporation | Method and apparatus for traversing a translation device with a security protocol |
| US7409544B2 (en) * | 2003-03-27 | 2008-08-05 | Microsoft Corporation | Methods and systems for authenticating messages |
| KR100651715B1 (ko) * | 2004-10-07 | 2006-12-01 | 한국전자통신연구원 | 차세대 인터넷에서 자동으로 주소를 생성하고 수락하는방법 및 이를 위한 데이터 구조 |
| WO2006068450A1 (en) | 2004-12-24 | 2006-06-29 | Samsung Electronics Co., Ltd. | System and method for providing mobility and secure tunnel using mobile internet protocol within internet key exchange protocol version 2 |
-
2002
- 2002-01-25 US US10/056,889 patent/US7500102B2/en not_active Expired - Lifetime
- 2002-12-23 AT AT02028878T patent/ATE385642T1/de not_active IP Right Cessation
- 2002-12-23 DE DE60224917T patent/DE60224917T2/de not_active Expired - Lifetime
- 2002-12-23 EP EP02028878A patent/EP1333635B1/de not_active Expired - Lifetime
-
2003
- 2003-01-27 JP JP2003018021A patent/JP4271451B2/ja not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| US20030142823A1 (en) | 2003-07-31 |
| EP1333635A3 (de) | 2005-06-08 |
| US7500102B2 (en) | 2009-03-03 |
| ATE385642T1 (de) | 2008-02-15 |
| EP1333635B1 (de) | 2008-02-06 |
| DE60224917T2 (de) | 2009-01-29 |
| EP1333635A2 (de) | 2003-08-06 |
| JP2003244233A (ja) | 2003-08-29 |
| JP4271451B2 (ja) | 2009-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE60224917D1 (de) | Verfahren und Vorrichtung zur Fragmentierung und Wiederzusammensetzung von Internet Key Exchange Paketen | |
| WO2003005666A3 (en) | An apparatus and method for secure, automated response to distributed denial of service attacks | |
| Kohler et al. | Datagram congestion control protocol (DCCP) | |
| Yaar et al. | SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks | |
| Lucena et al. | Covert channels in IPv6 | |
| US8688979B2 (en) | Means of mitigating denial of service attacks on IP fragmentation in high performance IPSEC gateways | |
| WO2001082548A3 (en) | Method and system for protection against denial of service attacks | |
| ATE412299T1 (de) | Verfahren zur übertragung von paketdaten in komprimierter form in einem kommunikationssystem | |
| ATE337661T1 (de) | Verfahren und vorrichtung zur bereitstellung von unterschiedlichen dienstqualitätsstufen in einer funkpaketdatendienstverbindung | |
| US20050268331A1 (en) | Extension to the firewall configuration protocols and features | |
| US7649913B2 (en) | Method and system for mitigating traffic congestions in a communication network | |
| WO2002082767A3 (en) | System and method for distributing security processing functions for network applications | |
| AU2003217931A1 (en) | Method and apparatus for header compression in a wireless lan | |
| EP1523149A3 (de) | System und Verfahren zur Überwachung der Verschlüsselungsfehler | |
| WO2001047169A3 (en) | A scheme for determining transport level information in the presence of ip security encryption | |
| US7916640B1 (en) | Buffer overflow prevention for network devices | |
| Floyd | Inappropriate TCP resets considered harmful | |
| Deore et al. | Survey denial of service classification and attack with protect mechanism for TCP SYN flooding attacks | |
| CN1536848A (zh) | 存取控制方法、中继装置和服务器 | |
| Mazurczyk et al. | Steganography in handling oversized IP packets | |
| US20140254612A1 (en) | Method and filter for erasing hidden data | |
| JP2006501527A (ja) | ネットワーク・サービスプロバイダおよびオペレータのサーバシステムに対する攻撃の確認と防御のための方法、データキャリア、コンピュータシステム、およびコンピュータプログラム | |
| GB0228713D0 (en) | Method and apparatus for secure TCP.IP communication | |
| CN112787905A (zh) | Mtu确定方法及系统、电子设备及存储介质 | |
| WO2001091397A3 (en) | Method and system for stopping hacker attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 8364 | No opposition during term of opposition |