Method for controlling an internet information security system in an IP packet level
First Claim
Patent Images
1. A method for controlling an Internet information security system of a sender, in order to secure a packet in an IP level, comprising the steps of:
- (a) determining whether to select a security service on a packet basis by referring to security policy database and security association database, after generating an IP header of a packet that is intended to send;
(b) setting up a security policy by negotiating with a security policy control server of a receiver, when the security policy database and the security association database do not exist;
(c) negotiating security association with a key exchange server of the receiver, based on the determined security policy;
(d) storing the negotiated security association in a key management server;
(e) linking a security policy related with the security association; and
(f) sending the packet by applying IPsec (IP security protocol) and using the linked security policy and the security association.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling an Internet information security system of a sender, for packet security in an IP level, is provided. It is determined whether to select security services of packets by referring to security policy database and security association database. Security association is negotiated with a key exchange server of a receiver. The negotiated security association is stored in a key management server. A security policy related with the security association is linked. A packet is sent by using the linked security policy and the security association.
39 Citations
5 Claims
-
1. A method for controlling an Internet information security system of a sender, in order to secure a packet in an IP level, comprising the steps of:
-
(a) determining whether to select a security service on a packet basis by referring to security policy database and security association database, after generating an IP header of a packet that is intended to send;
(b) setting up a security policy by negotiating with a security policy control server of a receiver, when the security policy database and the security association database do not exist;
(c) negotiating security association with a key exchange server of the receiver, based on the determined security policy;
(d) storing the negotiated security association in a key management server;
(e) linking a security policy related with the security association; and
(f) sending the packet by applying IPsec (IP security protocol) and using the linked security policy and the security association. - View Dependent Claims (3, 4, 5)
-
-
2. A method for controlling an Internet information security system of a receiver, for packet security in an IP packet, comprising the steps of:
-
(g) determining a security service on a packet basis with reference to security association database, after reassembling a received packet and receiving the reassembled packet;
(h) removing an IPsec service that is applied to the packet by using the referred security association database; and
(i) inquiring a security policy control server in order to confirm that the applied information security service corresponds the security policy of the receiver.
-
Specification