IPsec communication method, communication control apparatus, and network camera
First Claim
Patent Images
1. A communication control apparatus comprising:
- a security policy database that stores a security policy for each communicating terminal with which an encoded communication is performed;
a security association database that stores an entry including an encoding parameter for each communicating terminal;
a storage unit that stores a security policy in said security policy database using a source IP address of a reception packet; and
a policy deletion unit that determines, when an entry for a communicating terminal is deleted from said security association database, whether a security policy for the communicating terminal is effective and deletes the security policy when the security policy is determined not to be effective,wherein, when an entry is deleted from said security association database, said policy deletion unit sets a time limit in a lifetime included in a security policy corresponding to the entry, decreases the time limit as time passes as long as there is no other entry referring to the security policy, and deletes a security policy from said security policy database when the lifetime becomes 0, andwhen an entry is deleted from said security association database and another entry is referring to a security policy corresponding to the deleted entry, said policy deletion unit sets the lifetime to infinity.
3 Assignments
0 Petitions
Accused Products
Abstract
When a packet arrives from a communication terminal apparatus, i.e., a communicating terminal with which the IPsec communication is performed, a source IP address is recognized from an IP header of the packet and a security policy is registered in an SPD. At the same time, an encoding parameter for the encoded communication with the communicating terminal is registered in an SAD. When an SA entry is deleted from the SAD, the security policy for the communicating terminal is deleted from the SPD, as long as there is no other entry that is referring to the security policy corresponding to the deleted SA entry.
6 Citations
5 Claims
-
1. A communication control apparatus comprising:
-
a security policy database that stores a security policy for each communicating terminal with which an encoded communication is performed; a security association database that stores an entry including an encoding parameter for each communicating terminal; a storage unit that stores a security policy in said security policy database using a source IP address of a reception packet; and a policy deletion unit that determines, when an entry for a communicating terminal is deleted from said security association database, whether a security policy for the communicating terminal is effective and deletes the security policy when the security policy is determined not to be effective, wherein, when an entry is deleted from said security association database, said policy deletion unit sets a time limit in a lifetime included in a security policy corresponding to the entry, decreases the time limit as time passes as long as there is no other entry referring to the security policy, and deletes a security policy from said security policy database when the lifetime becomes 0, and when an entry is deleted from said security association database and another entry is referring to a security policy corresponding to the deleted entry, said policy deletion unit sets the lifetime to infinity. - View Dependent Claims (2, 5)
-
-
3. An IPsec communication method that performs IPsec communication using a security policy database and a security association database, the security policy database storing a security policy for each communicating terminal with which an encoded communication is performed, the security association database storing an entry including an encoding parameter for each communicating terminal, the method comprising:
-
storing a security policy in the security policy database using a source IP address of a reception packet; determining, when an entry for a communicating terminal is deleted from the security association database, whether a security policy for the communicating terminal is effective; deleting the security policy when the security policy is determined not to be effective, when an entry is deleted from said security association database, setting a time limit in a lifetime included in a security policy corresponding to the entry; decreasing the time limit as time passes as long as there is no other entry referring to the security policy; deleting the security policy from said security policy database when the lifetime becomes 0; and when an entry is deleted from said security association database and another entry is referring to a security policy corresponding to the deleted entry, setting the lifetime to infinity. - View Dependent Claims (4)
-
Specification