CN103259792B - The method determining cipher code renewal time - Google Patents
The method determining cipher code renewal time Download PDFInfo
- Publication number
- CN103259792B CN103259792B CN201310157738.4A CN201310157738A CN103259792B CN 103259792 B CN103259792 B CN 103259792B CN 201310157738 A CN201310157738 A CN 201310157738A CN 103259792 B CN103259792 B CN 103259792B
- Authority
- CN
- China
- Prior art keywords
- renewal time
- cipher code
- code renewal
- negotiation
- fire wall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention provides a kind of method determining cipher code renewal time, and described method includes: S1: when IPSEC tunnel carries out cipher code renewal time negotiation, it is judged that the negotiation type in IPSEC tunnel;S2: determine cipher code renewal time according to the negotiation type in IPSEC tunnel.The present invention, by providing a kind of method determining cipher code renewal time, holds consultation in the case of two ends IKE cipher code renewal time is inconsistent, and is prevented from distance connection and goes offline.
Description
Technical field
The present invention relates to fire wall field, particularly to a kind of method determining cipher code renewal time.
Background technology
Under normal circumstances, IPSEC(Internet Protocol Security, the Internet protocol security
Property) foundation in tunnel is divided into two kinds, and a kind of is between the CFS to CFS between fire wall and fire wall
Connection, another kind is the connection between fire wall and PC.When holding consultation in IPSEC tunnel
Time, it is necessary to assure the IKE(Internet key exchange at two ends, IKE) key
Update time consistency, otherwise it would appear that the problem that goes offline of distance connection.
Summary of the invention
(1) solve the technical problem that
Present invention solves the technical problem that and be: a kind of method determining cipher code renewal time is provided,
Hold consultation in the case of two ends IKE cipher code renewal time is inconsistent, and be prevented from far-end and connect
Enter to go offline.
(2) technical scheme
The present invention provides a kind of method determining cipher code renewal time, and described method includes:
S1: when IPSEC tunnel carries out cipher code renewal time negotiation, it is judged that IPSEC tunnel
Consult type;
S2: determine cipher code renewal time according to the negotiation type in IPSEC tunnel.
Preferably, the negotiation type in IPSEC tunnel includes: the association between fire wall to fire wall
Business and fire wall are to the negotiation of PC.
Preferably, it is fire wall between fire wall when the negotiation type judging IPSEC tunnel
During negotiation, it is judged that the length of the cipher code renewal time of two ends fire wall, during by short key updating
Between as consult cipher code renewal time.
Preferably, it is fire wall to the association between PC when the negotiation type judging IPSEC tunnel
Shang Shi, it is judged that the length of the cipher code renewal time of fire wall end and PC end, by long key updating
Time is as the cipher code renewal time consulted.
(3) beneficial effect
The present invention is by providing a kind of method determining cipher code renewal time, when two ends IKE key
Update in the case of Time Inconsistency and hold consultation, and be prevented from distance connection and go offline.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that the present invention provides.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical side in the embodiment of the present invention
Case is clearly and completely described.
The present invention provides a kind of method determining cipher code renewal time, as it is shown in figure 1, described method
Including:
S1: when IPSEC tunnel carries out cipher code renewal time negotiation, it is judged that IPSEC tunnel
Consult type;
S2: determine cipher code renewal time according to the negotiation type in IPSEC tunnel.
The negotiation type in IPSEC tunnel includes: the negotiation between fire wall to fire wall and fire prevention
Wall is to the negotiation of PC.
When the negotiation type judging IPSEC tunnel is fire wall to negotiation between fire wall,
Judge the length of the cipher code renewal time of two ends fire wall, using short cipher code renewal time as association
The cipher code renewal time of business.
Fire wall is big to fire wall IPSEC tunneling data flow, selects short close of two ends fire wall
Key updates the time as the cipher code renewal time consulted, it is therefore prevented that hacker's Brute Force password.
When the negotiation type judging IPSEC tunnel is fire wall to negotiation between PC, sentence
The length of the cipher code renewal time of disconnected fire wall end and PC end, using long cipher code renewal time as
The cipher code renewal time consulted.
Fire wall is little to the IPSEC tunneling data flow of PC, there will be when updating IKE key
The situation of flow interrupt, when the cipher code renewal time of selection two ends length is as the key updating consulted
Between so that the time that hacker's Brute Force needs can be longer.
Embodiment of above is merely to illustrate the present invention, and not limitation of the present invention, relevant
The those of ordinary skill of technical field, without departing from the spirit and scope of the present invention,
Can also make a variety of changes and modification, the technical scheme of the most all equivalents falls within the present invention
Category, the scope of patent protection of the present invention should be defined by the claims.
Claims (1)
1. the method determining cipher code renewal time, it is characterised in that described method includes:
S1: when IPSEC tunnel carries out cipher code renewal time negotiation, it is judged that IPSEC tunnel
Consult type;
S2: determine cipher code renewal time according to the negotiation type in IPSEC tunnel;
Wherein, the negotiation type in IPSEC tunnel includes: the negotiation between fire wall to fire wall
Negotiation with fire wall to PC;
When the negotiation type judging IPSEC tunnel is fire wall to negotiation between fire wall,
Judge the length of the cipher code renewal time of two ends fire wall, using short cipher code renewal time as association
The cipher code renewal time of business;
When the negotiation type judging IPSEC tunnel is fire wall to negotiation between PC, sentence
The length of the cipher code renewal time of disconnected fire wall end and PC end, using long cipher code renewal time as
The cipher code renewal time consulted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310157738.4A CN103259792B (en) | 2013-04-28 | 2013-04-28 | The method determining cipher code renewal time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310157738.4A CN103259792B (en) | 2013-04-28 | 2013-04-28 | The method determining cipher code renewal time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103259792A CN103259792A (en) | 2013-08-21 |
| CN103259792B true CN103259792B (en) | 2016-08-31 |
Family
ID=48963489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310157738.4A Expired - Fee Related CN103259792B (en) | 2013-04-28 | 2013-04-28 | The method determining cipher code renewal time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103259792B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162794B (en) * | 2015-09-23 | 2018-04-27 | 北京汉柏科技有限公司 | A kind of IPSEC key updating methods and equipment using stipulated form |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101400059A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Cipher key updating method and device under active state |
| CN102711104A (en) * | 2006-09-07 | 2012-10-03 | 华为技术有限公司 | Method for determining secret key updating time and secret key using entity |
-
2013
- 2013-04-28 CN CN201310157738.4A patent/CN103259792B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102711104A (en) * | 2006-09-07 | 2012-10-03 | 华为技术有限公司 | Method for determining secret key updating time and secret key using entity |
| CN101400059A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Cipher key updating method and device under active state |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103259792A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE602005022671D1 (en) | PROVISION OF POSITION INFORMATION IN A VISITED NETWORK | |
| WO2007060286A3 (en) | Method, system and corresponding program products and devices for voip-communication | |
| CN204631969U (en) | Control of bluetooth access locking device and system | |
| CN104123769B (en) | The unblanking of a kind of safety intelligent lock, close lock control method | |
| WO2011109766A3 (en) | Input parameter filtering for web application security | |
| WO2005084403A3 (en) | Technique for maintaining secure network connections | |
| FI20050770A7 (en) | Authentication in the context of security policy | |
| CN103259792B (en) | The method determining cipher code renewal time | |
| CN203659017U (en) | USB interface lock | |
| CN106027244A (en) | Integrated distributed electric automobile controller secure communication method and system | |
| CN103312713B (en) | Security association negotiation method, device and the network equipment | |
| CN103491077B (en) | Bounce-back wooden horse controls the method and system of end network behavior reconstruction | |
| CN203149581U (en) | USB isolation device | |
| CN105763546A (en) | High-reliability remote maintenance method | |
| CN101436241A (en) | Computer network security control system | |
| FI20085430A7 (en) | Policy guidance in the communication system | |
| WO2005111841A3 (en) | System, apparatuses, methods and computer-readable media for determining security status of computer before establishing connection thereto | |
| ATE553627T1 (en) | REDIVERTING THE DATA FLOW OF A SECONDARY PDP TO A PRIMARY PDP PRIOR TO ESTABLISHING THE SECONDARY PDP CONTEXT | |
| CN204401864U (en) | Anti-shock, thermal insulating wall brick | |
| CN203840552U (en) | Wireless sensor network for construction displacement monitoring of underground substation | |
| WO2015022701A3 (en) | Method and system of routing and handover of secure communication without knowledge of private/secret key | |
| Ellis | A Comparison of Cryptographic Key Exchanges using Sage Mathematics Software | |
| CN105320546A (en) | Method of utilizing efficient virtual machine technology for managing Android application software | |
| CN105138909B (en) | A kind of method protecting Computer Data Security | |
| CN202931384U (en) | Computer network security control device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160831 Termination date: 20180428 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |