CN116346492A - Data security management method based on APNv6 - Google Patents
Data security management method based on APNv6 Download PDFInfo
- Publication number
- CN116346492A CN116346492A CN202310414323.4A CN202310414323A CN116346492A CN 116346492 A CN116346492 A CN 116346492A CN 202310414323 A CN202310414323 A CN 202310414323A CN 116346492 A CN116346492 A CN 116346492A
- Authority
- CN
- China
- Prior art keywords
- message
- address
- node
- ipv6
- segment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 20
- 230000005540 biological transmission Effects 0.000 claims abstract description 10
- 238000000034 method Methods 0.000 claims abstract description 10
- 238000013507 mapping Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 5
- 230000011218 segmentation Effects 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 abstract 1
- 238000011161 development Methods 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 4
- 230000008447 perception Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/34—Source routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data security management method based on APNv 6. The method comprises the following steps: 1. the App terminal provider negotiates with the data security manager and reports the App ID, the user ID and the performance requirement information of the App to an application management server side. 2. When the host sends a message, the host generates a summary of the application information in the IP source address, the APN6 data packet and the time stamp and the serial number of the message, signs the message by using the shared secret key, and generates a message authentication code. 3. The service sensing node maintains an IP address-message authentication key list, verifies the message authentication code carried by the received message, and confirms application information of APN6 data packets which are successfully verified and not overtime; 4. and checking whether the identity grades of the AppID and the userID are matched or not for the message passing the verification signature. The IPv6 of the invention adopts 128bit address, has huge address space and provides flexible network programming space for SRv. Meanwhile, IPv6 supports the transmission of optional information using extension headers.
Description
Technical Field
The invention relates to the technical field of IPv6, data and network security, in particular to a data security management method of an application-aware network framework-APNv 6 based on IPv 6.
Background
Along with the development of network technology and the export of laws and regulations such as data security law, the construction of data security and the development of key system asset management work in various industries are greatly promoted. At present, the identification and analysis capability of the active management and control means of data is relatively lacking. In the face of massive application identification and data flow control, how to effectively identify and analyze information such as attribution, legal destination address and the like carried by the information and to statistically supplement a corresponding information base becomes a difficult problem faced by most enterprises and organizations.
Data security problems have long been and increasingly are becoming more and more serious, and "discrete" patch solutions have not been able to fully accommodate the current development needs of enterprises. How to integrate effective resources, balance data protection and business development, promote "systemized" data security management construction, and is a problem to be considered by industries and enterprises, so that a data security management framework and a management practice path conforming to IPv6+ and 5G,6G times are needed based on the current and future network frameworks.
With the popularization of IPv6 and the rapid construction of 5G infrastructure, we should conduct data security planning and research on the basis of such a platform in advance. In this context, an IPv 6-based application aware network framework, APN6, enables the network to perceive application identification and user rights by encapsulating the application's requirement information in data packets, facilitating data security management.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide a data security management method based on APNv6, wherein IPv6 is used as the next generation standard of IPv4, solves the problem of IPv4 address exhaustion, and improves the IP address. Compared with the 32bit address of IPv4, the IPv6 adopts the 128bit address, has huge address space, and provides flexible network programming space for SRv. Meanwhile, IPv6 supports the transmission of optional information (e.g., hop-by-hop option header, routing option header) using extension header, etc. SRv6 is the application of Segment Routing (SR) in the IPv6 data plane.
In order to achieve the above object, the present invention is realized by the following technical scheme: an APNv 6-based data security management method comprises the following steps:
1. the App terminal provider negotiates with the data security manager and reports the App ID, the user ID and the performance requirement information of the App to an application management server side.
2. When the host sends a message, the host generates a summary of application information such as AppID, user ID, PL and the like in an IP source address, a user ID, PL and the like of the message, and signs by using a shared secret key to generate a message authentication code.
3. The service sensing node maintains an IP address-message authentication key list, verifies the message authentication code carried by the received message, and confirms the application information of APN6 data packets which are successfully verified and not overtime.
4. Checking whether the identity grades of the App ID and the user ID are matched or not for the message passing the check signature, and mapping the message meeting the identity into a SRv path; for non-compliance, changing the application requirement to the default grade of the identity, and mapping the default grade into a SRv path.
When the user equipment uses the App/terminal application, the application information is carried into an APN6 data packet header, and a service perception edge node performs source address authentication and integrity detection on the IP message and checks whether the APN6 information is matched with the user permission.
In SRv, a segment is encoded as an IPv6 address and an ordered segment is encoded as an ordered list of IPv6 addresses. The active segment is specified by the destination address of the message and the next active segment is specified by the pointer in the segment routing header. In the SRv segment routing header, several key fields are contained: routing type, 8-bit routing type identifier, value 4; tag, tag newspaper Wen Leibie; segment list [0, ], n ], representing the 128bit IPv6 address of the nth segment. In a segment routing network, 3 types of nodes are involved: an SR source node, which initiates a node carrying segmented IPv6 message; SR transmission node, transmit the message to the node of the next segmentation; and the SR terminal node receives the node with the destination address configured as the local segment in the IPv6 message. In the process of SRv message processing, the SR source node carries an SR mechanism in SRv message 6 to manipulate the message trend, the SR transmission node forwards the message based on its IPv6 routing table and the destination address in SRv message, and the SR terminal node processes SRv message according to the configuration policy.
The invention has the beneficial effects that: the APN6 aims at enabling a network to sense application information so as to achieve the aim of application data security, wherein the application information carried by a message provides key information for network identification application and application identification knowledge, and IPv6 is used as the next generation standard of IPv4, so that the problem of IPv4 address exhaustion is solved, and the IP address is improved. Compared with the 32bit address of IPv4, the IPv6 adopts the 128bit address, has huge address space, and provides flexible network programming space for SRv. Meanwhile, IPv6 supports the transmission of optional information (e.g., hop-by-hop option header, routing option header) using extension header, etc. SRv6 is the application of Segment Routing (SR) in the IPv6 data plane.
Drawings
The invention is described in detail below with reference to the drawings and the detailed description;
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a diagram of a network architecture of the present invention;
Detailed Description
The invention is further described in connection with the following detailed description, in order to make the technical means, the creation characteristics, the achievement of the purpose and the effect of the invention easy to understand.
Referring to fig. 1, the present embodiment adopts the following technical scheme: an APNv 6-based data security management method comprises the following steps:
1. the App terminal provider negotiates with the data security manager and reports the App ID, the user ID and the performance requirement information of the App to an application management server side.
2. When the host sends a message, the host generates a summary of application information such as AppID, user ID, PL and the like in an IP source address, a user ID, PL and the like of the message, and signs by using a shared secret key to generate a message authentication code.
3. The service sensing node maintains an IP address-message authentication key list, verifies the message authentication code carried by the received message, and confirms the application information of APN6 data packets which are successfully verified and not overtime.
4. Checking whether the identity grades of the App ID and the user ID are matched or not for the message passing the check signature, and mapping the message meeting the identity into a SRv path; for non-compliance, changing the application requirement to the default grade of the identity, and mapping the default grade into a SRv path.
IPv6 network frame of aware application-APN 6. According to the designed application information format, the APN6 allows the application to package and carry the identification information and the demand information in the data packet, so that the network can carry out flow auditing and scheduling according to the application information.
IPv6 is used as the next generation standard of IPv4, solves the problem of IPv4 address exhaustion, and improves the IP address. Compared with the 32bit address of IPv4, the IPv6 adopts the 128bit address, has huge address space, and provides flexible network programming space for SRv. Meanwhile, IPv6 supports the transmission of optional information (e.g., hop-by-hop option header, routing option header) using extension header, etc. SRv6 is the application of Segment Routing (SR) in the IPv6 data plane. Month 3 of 2020, IETF passed the RFC of SRv, which followed the routing options header format and defined new routing options. The segment routing is based on a paradigm of source routing, and can realize a function of selectively sending messages to different destination addresses according to a plurality of different subnet or intranet addresses. In segment routing, a node manipulates messages through a segment routing mechanism, which is typically instantiated as ordered instructions, i.e., segments. Segment routing provides a mechanism: one flow is allowed to pass through a particular topology path, while only the state of the flow needs to be maintained at the ingress node of the segment route. One segment may be associated with a topology instruction, one topology local segment indicating that a node sends messages over a particular network interface, and one topology global segment indicating that an SR domain forwards messages over a particular path. A segment may also be associated with a service instruction, for example, limiting the number of messages that must be processed via the container or virtual machine to which the segment corresponds.
In SRv, a segment is encoded as an IPv6 address and an ordered segment is encoded as an ordered list of IPv6 addresses. The active segment is specified by the destination address of the message and the next active segment is specified by the pointer in the segment routing header. In the SRv segment routing header, several key fields are contained: routing type, 8-bit routing type identifier, value 4; tag, tag newspaper Wen Leibie; segment list [0, ], n ], representing the 128bit IPv6 address of the nth segment. In a segment routing network, 3 types of nodes are involved: an SR source node, which initiates a node carrying segmented IPv6 message; SR transmission node, transmit the message to the node of the next segmentation; and the SR terminal node receives the node with the destination address configured as the local segment in the IPv6 message. In the process of SRv message processing, the SR source node carries an SR mechanism in SRv message 6 to manipulate the message trend, the SR transmission node forwards the message based on its IPv6 routing table and the destination address in SRv message, and the SR terminal node processes SRv message according to the configuration policy.
In fig. 1, when an App/terminal application is used, a user equipment carries application information into an APN6 data packet header (an extension header of IPv6, such as a hop-by-hop option header), and a service aware edge node performs source address authentication and integrity detection on an IP packet, and checks whether APN6 information matches with a user's usage right: such as APP calls specific data in the database of the server. The APN6 option header contains the following information: the IPv6 application identification information of the design data packet occupies 80 bits;
the APN6 aims at enabling a network to sense application information to achieve the aim of application data security, wherein the application information carried by a message provides key information for identifying an application and knowing application identification, so that the application information format design is key to the APN6. The APN6 application information format design follows 3 principles.
1. Diversity of: a wide range of application identification information may be included.
2. Scalability: when new application information is proposed, flexible support is enabled.
3. High efficiency: when the router receives the message containing the APN6 message, the application identification information field in the message can be efficiently extracted and analyzed.
Example 1: application side scheme
The APN ID is directly generated by the application end side/cloud side application management server and encapsulated in a message, which is called an application side scheme. The end side/cloud side device directly encapsulates the application identification information and the requirement information (optional) into the IPv6 data packet extension header. In the APN6 network domain (including the head node), the corresponding fine network service of sensing application can be provided according to the application information carried in the message, such as mapping into SRV6 Policy, driving IFIT real-time performance monitoring, etc. The application side scheme needs the application and the terminal OS running the application to support the encapsulation of application information and requirements in a data message, and is easy to deploy in a scene of being owned and managed by one organization at the same time.
Example 2: network side scheme
The APN ID is generated by the network side edge device and encapsulated in a message, called a network side scheme. The APN ID information is not required to be packaged by the application end side/cloud side equipment, but is packaged by the network edge equipment of the perception application according to a preset policy, and the information source of application perception is quintuple information and/or two-layer interface information in the message. In this way, the application information carried in the very much message can provide the corresponding fine network service of the perception application in the APN6 network domain, the network side scheme does not need the ecological support of the application side, and the implementation is easier in network operators, industry networks and privately deployed.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (3)
1. The data security management method based on APNv6 is characterized by comprising the following steps of:
(1) The method comprises the steps that an App terminal provider negotiates with a data security manager and reports App ID, user ID and performance requirement information of an App to an application management server side;
(2) When a host sends a message, generating an abstract of the IP source address of the message, app ID, user ID, application information of PL in APN6 data packets, a time stamp and a serial number, and signing by using a shared secret key to generate a message authentication code;
(3) The service sensing node maintains an IP address-message authentication key list, verifies the message authentication code carried by the received message, and confirms application information of APN6 data packets which are successfully verified and not overtime;
(4) Checking whether the identity grades of the App ID and the user ID are matched or not for the message passing the check signature, and mapping the message meeting the identity into a SRv path; for non-compliance, changing the application requirement to the default grade of the identity, and mapping the default grade into a SRv path.
2. The data security management method based on APNv6 of claim 1, wherein when an App/terminal application is used, the user equipment carries application information into an APN6 data packet header, and a service aware edge node performs source address authentication and integrity detection on an IP packet, and checks whether the APN6 information matches with the user's use authority.
3. The method of claim 1, wherein in SRv6, a segment is encoded as an IPv6 address, and an ordered segment is encoded as an ordered list of IPv6 addresses; the active segment is designated by the destination address of the message, and the next active segment is designated by the pointer in the segment routing header; in the SRv segment routing header, several key fields are contained: routing type, 8-bit routing type identifier, value 4; tag, tag newspaper Wen Leibie; segment [0, ], n ], representing the 128bit IPv6 address of the nth segment; in a segment routing network, 3 types of nodes are involved: an SR source node, which initiates a node carrying segmented IPv6 message; SR transmission node, transmit the message to the node of the next segmentation; SR terminal node, receive IPv6 message destination address configure as the node of the local segmentation; in the process of SRv message processing, the SR source node carries an SR mechanism in SRv message 6 to manipulate the message trend, the SR transmission node forwards the message based on its IPv6 routing table and the destination address in SRv message, and the SR terminal node processes SRv message according to the configuration policy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310414323.4A CN116346492B (en) | 2023-04-18 | 2023-04-18 | APNv 6-based data security management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310414323.4A CN116346492B (en) | 2023-04-18 | 2023-04-18 | APNv 6-based data security management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116346492A true CN116346492A (en) | 2023-06-27 |
| CN116346492B CN116346492B (en) | 2024-05-14 |
Family
ID=86885846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310414323.4A Active CN116346492B (en) | 2023-04-18 | 2023-04-18 | APNv 6-based data security management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346492B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114389835A (en) * | 2021-12-01 | 2022-04-22 | 青海师范大学 | IPv6 option explicit source address encryption security verification gateway and verification method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302386A (en) * | 2016-07-25 | 2017-01-04 | 深圳信息职业技术学院 | A kind of method promoting IPv6 protocol data bag safety |
| US20190394211A1 (en) * | 2018-06-26 | 2019-12-26 | Cisco Technology, Inc. | Providing Processing and Network Efficiencies in Protecting Internet Protocol Version 6 Segment Routing Packets and Functions Using Security Segment Identifiers |
| CN112637183A (en) * | 2020-12-18 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Data message transmission method and device |
| CN113691448A (en) * | 2020-05-18 | 2021-11-23 | 华为技术有限公司 | SRv6 method for forwarding message in service chain, SFF and SF device |
| CN114338432A (en) * | 2020-09-25 | 2022-04-12 | 华为技术有限公司 | Method, device and equipment for transmitting message and computer readable storage medium |
-
2023
- 2023-04-18 CN CN202310414323.4A patent/CN116346492B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302386A (en) * | 2016-07-25 | 2017-01-04 | 深圳信息职业技术学院 | A kind of method promoting IPv6 protocol data bag safety |
| US20190394211A1 (en) * | 2018-06-26 | 2019-12-26 | Cisco Technology, Inc. | Providing Processing and Network Efficiencies in Protecting Internet Protocol Version 6 Segment Routing Packets and Functions Using Security Segment Identifiers |
| CN112189323A (en) * | 2018-06-26 | 2021-01-05 | 思科技术公司 | Segment routing using secure segment identifiers |
| CN113691448A (en) * | 2020-05-18 | 2021-11-23 | 华为技术有限公司 | SRv6 method for forwarding message in service chain, SFF and SF device |
| CN114338432A (en) * | 2020-09-25 | 2022-04-12 | 华为技术有限公司 | Method, device and equipment for transmitting message and computer readable storage medium |
| CN112637183A (en) * | 2020-12-18 | 2021-04-09 | 支付宝(杭州)信息技术有限公司 | Data message transmission method and device |
Non-Patent Citations (1)
| Title |
|---|
| Z. LI; S. PENG; HUAWEI TECHNOLOGIES; C. LI;C. XIE; CHINA TELECOM;D. VOYER; BELL CANADA; X. LI; TSINGHUA UNIVERSITY;P. LIU;CHINA MO: "Application-aware IPv6 Networking (APN6) Encapsulation draft-li-6man-app-aware-ipv6-network-02", IETF, 4 July 2020 (2020-07-04) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114389835A (en) * | 2021-12-01 | 2022-04-22 | 青海师范大学 | IPv6 option explicit source address encryption security verification gateway and verification method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116346492B (en) | 2024-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8584215B2 (en) | System and method for securing distributed exporting models in a network environment | |
| CN102055674B (en) | Internet protocol (IP) message as well as information processing method and device based on same | |
| CN113472729B (en) | Role-based access control policy auto-generation | |
| CN116346492B (en) | APNv 6-based data security management method | |
| US10785196B2 (en) | Encryption key management of client devices and endpoints within a protected network | |
| EP3900280A1 (en) | User data traffic handling | |
| US8336093B2 (en) | Abnormal IPSec packet control system using IPSec configuration and session data, and method thereof | |
| CN112202930B (en) | Method, POP and system for accessing mobile equipment to SD-WAN (secure digital-to-WAN) network | |
| CN107046506A (en) | A kind of message processing method, flow classifier and business function example | |
| CN111614538B (en) | Message forwarding method based on IPsec encapsulation protocol | |
| CN109167774B (en) | Data message and data stream safety mutual access method on firewall | |
| US20230113138A1 (en) | Application Information Verification Method, Packet Processing Method, And Apparatuses Thereof | |
| CN113810173A (en) | Method for checking application information, message processing method and device | |
| EP3624406B1 (en) | Packet forwarding in mpls network | |
| US6925507B1 (en) | Device and method for processing a sequence of information packets | |
| EP3907964A1 (en) | Method device and system for policy based packet processing | |
| CN108429732A (en) | A kind of method and system obtaining resource | |
| CN116132555A (en) | Message processing method and system | |
| CN107508739B (en) | Authentication method for transmitting data through VPN tunnel | |
| CN114915583A (en) | Message processing method, client device, server device, and medium | |
| CN117560179A (en) | Web application asset detection method based on APNv6 | |
| US20080222693A1 (en) | Multiple security groups with common keys on distributed networks | |
| CN111865805A (en) | Multicast GRE message processing method and system | |
| CN114257464B (en) | Charging method, charging device, communication equipment and readable storage medium | |
| He et al. | Network-layer accountability protocols: a survey |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |