CN103595710B - A kind of integrated identification network connection identifier generates method - Google Patents
A kind of integrated identification network connection identifier generates method Download PDFInfo
- Publication number
- CN103595710B CN103595710B CN201310513557.0A CN201310513557A CN103595710B CN 103595710 B CN103595710 B CN 103595710B CN 201310513557 A CN201310513557 A CN 201310513557A CN 103595710 B CN103595710 B CN 103595710B
- Authority
- CN
- China
- Prior art keywords
- connection identifier
- mark
- node
- integrated identification
- identification network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method that integrated identification network connection identifier generates.Connection identifier provides the mark to service acquisition procedure in integrated identification network, it is simple to the network management to service acquisition procedure.This invention includes herein below: 1) connection identifier definition;2) connection identifier generates method;3) connection identifier conflict avoidance and the scheme kept out of the way;4) connection identifier and the compatibility of conventional internet.Connection identifier plays the important function formed a connecting link in integrated identification network, and it has ensured the safety of network, controllability and pipe with the mapping of service identifiers and access mark.The safety and reliability that connection identifier generates plays extremely important effect for the performance and optimization conventional internet ensureing integrated identification network.
Description
Technical field
The invention belongs to technical field of the computer network, relate to a kind of integrated identification network and connect
The generation method of mark.
Background technology
In conventional internet, link information and resource that data communication is set up are in dispersion and difficulty
On the position of management, thus result in the potential safety hazard of network and resource without controlled state.But,
In integrated identification network, the connection that data transmission is set up needs management method.To building
Vertical logic connects the management of corresponding resource and information can improve integrated identification network
Safety and pipe, avoid connecting simultaneously be in the potential safety hazard brought without controlled state such as based on
The attack of port and D/DOS attack.
For the research safe, managerial of the Internet, domestic and international study Internet person launches
Positive exploration and trial.They mainly study from following two branch, and a branch is exactly
Existing the Internet method is carried out perfect, with satisfied safety and the demand of management;Another branch
It is exactly to design a kind of brand-new architectural framework.Previous branch can only temporarily meet demand, along with
Safety and the change of management aspect demand, this method is just difficult to solve this problem well.
Later branch then can fundamentally design a kind of architectural framework, to solve safety and management etc.
Aspect problem is starting point, thus solves safety and managerial problem more up hill and dale.
The research of integrated identification network is exactly an example of latter research branch, integration
Mark network proposes four kinds of marks, and three kinds map and the novel system frame of two-level decision-making
Structure.Four kinds of marks include connection identifier, Route Distinguisher, connection identifier and service identifiers;Three kinds
Mapping includes service identifiers and connection identifier, connection identifier and access mark, accesses mark and road
By the mapping relations identified;Two-level decision-making includes Pervasive Service layer and exchange routing layer.One
The new architecture of bodyization mark network is solving internet security, controlled, can manage and extend
Relevant solution is provided in problem.
Connection identifier is incorporated in integrated identification network, it is ensured that network is to service acquisition mistake
The management that the logic set up in journey connects, improves the safety of network data transmission.Connect mark
Knowing the effect in integrated identification network data transmission procedure the most important, connection identifier generates
Method needs to consider the method that conflict avoidance and conflict are made a concession, former used by the generation of connection identifier
The safety mutual between interdependent node of beginning element is the most particularly significant.On the other hand, connection identifier
Complete structure be not the random string only referring to 160bit, also include corresponding attached
Information.The safety of the storage of these satellite informations, inquiry and interaction flow all should connect
It is considered during the generation of mark.
Summary of the invention
The integrated identification network connection identifier that it is an object of the invention to provide a kind of practicality is raw
The method become so that the data transmission procedure of integrated identification network be in can under the state of pipe also
Strengthen the safety of data transmission procedure.Although the present invention is this novel at integrated identification network
Architectural framework proposes, but can also be compatible with conventional internet.Below for summary of the invention
Elaboration mainly enter from integrated identification network with in terms of conventional internet compatibility the two
OK.
One aspect of the present invention, it is provided that the nodal analysis method relevant to connection identifier, including even
Connect mark management node and connection identifier mapping node.Connection identifier management node is positioned at integration
Mark server mesh portions, is responsible for generating connection identifier and distributing it mapping to connection identifier
Node;Connection identifier mapping node is positioned at the access network part of integrated identification network, is responsible for depositing
Storage, updates and replaces connection identifier information.The generation of connection identifier and satellite information thereof is with mutual
It is to complete under the collaborative work of connection identifier management node and connection identifier mapping node.
According to the present invention, integrated identification network provides the original unit needed for connection identifier generates
The flow process mutual between connection identifier interdependent node of element, only between communicating pair mutual it
For transmission connect provide resource and information, could connection identifier management node obtain connect
Primitive element needed for mark generation.The acquisition of these information, is the key generating connection identifier
Information.
According to the present invention, integrated identification network connection identifier management node is obtaining connection identifier
After generating required primitive element, method can be generated according to connection identifier and generate 160-bit random words
Symbol string is used for identifying and this time connects, in order to reduce the collision probability of connection identifier as far as possible, and also can be
Random number and timestamp is increased when generating connection identifier.Connection identifier itself simply one 160
Character string, it directly identify this transmitting procedure set up logic connect and the resource of correspondence
And information.
According to the present invention, connection identifier satellite information is in connection identifier composition indispensable one
Part, this satellite information indicates the attribute that set up logic connects in detail, specifically includes this
Logic connect source address, destination address, source port and destination interface and with transmit flow
The reserved location etc. that feature is relevant.Connection identifier and the complete map entry of satellite information composition thereof
Constitute connection identifier and generate whole results of process.
According to the present invention, the overall flow that connection identifier generates can be described as follows: client is sent out
Playing the connection to server, this solicited message is the company of being forwarded to after connection identifier mapping node
Connect mark management node.Connection identifier management node can record the relevant information such as client of this connection
End, the access mark of server and port etc..Connection identifier management node can be according to connecting mark
The generations method known generates the random number of 160-bit, and the relevant information recorded and this company
Connect mark to be mapped.Afterwards, connection identifier management node is by connection identifier and satellite information thereof
Map entry be distributed to connection identifier mapping node, and connection identifier is distributed to client and
Server.So far, the generation process of connection identifier terminates.
According to the present invention, connection identifier application in conventional internet can also realize safety etc.
Function.In conventional internet, the function of the node relevant to connection identifier be at router and
Realize respectively on name server.The function of connection identifier management node mainly takes in domain name
Realizing on business device, the function of connection identifier mapping node is mainly being connected with communicating pair node
Router on realize.The method that connection identifier generates is basically unchanged, the most different is exactly
When generating connection identifier in integrated identification network is the access mark of communicating pair, and
In conventional internet, then correspondence uses the IP address of communicating pair.During information is mutual,
Mainly carry out between name server and the router being connected with communicating pair.Overall connection
The flow process of mark generating method with in integrated identification network, there is no difference.
Accompanying drawing explanation
Fig. 1 is connection identifier management node relevant to connection identifier in the present invention and connection identifier
Mapping node distribution in a network;
Fig. 2 is that in the present invention, integrated identification network connection identifier generates method schematic diagram;
Fig. 3 is the map entry of connection identifier in integrated identification network in the present invention;
Fig. 4 is the overall flow signal of the connection identifier generation method of specific embodiment in the present invention
Figure;
When Fig. 5 is to be compatible with conventional internet in the present invention, connection identifier generates method schematic diagram;
The whole of method is generated based on connection identifier when Fig. 6 is to be compatible with conventional internet in the present invention
Body schematic flow sheet;
Connection identifier map entry schematic diagram when Fig. 7 is to be compatible with conventional internet in the present invention.
Detailed description of the invention
The technical content and a detailed description for the present invention, are described as follows in conjunction with accompanying drawing:
In integrated identification network, the overall flow of connection identifier generation method can describe such as
Under:
Fig. 1 is connection identifier management node relevant to connection identifier in the present invention and connects mark
Know mapping node.In FIG, connection identifier management node is positioned at core network part, in one
Change the generation being responsible for connection identifier in mark network;Connection identifier mapping node is positioned at access wet end
Point, integrated identification network is responsible for storage, updates connection identifier map entry.Connecting
The generation process of mark, by between connection identifier management node and connection identifier mapping node
Collaborative interactive connection identifier and satellite information thereof, form connection identifier map entry.
Fig. 2 is that in the present invention, integrated identification network connection identifier generates method schematic diagram.Logical
After letter both sides learn the essential information of service acquisition procedure alternately, according to the generation stream shown in Fig. 2
Cheng Shengcheng connection identifier.As Fig. 2 shows, the basic element that connection identifier generates includes source AID,
Purpose AID, random number and timestamp, the SHA-1 hash function of employing generates 160-bit's
Random number.The addition of random number and timestamp reduces the probability of connection identifier conflict, improves
The reliability of connection identifier.
Fig. 3 is the details of connection identifier map entry in the present invention.Connection identifier maps bar
Mesh includes the connection identifier of 160-bit and the satellite information of connection identifier.These satellite informations
Content contains the source AID of logic connection for service acquisition procedure foundation, purpose AID, source
The credit record of mouth, destination interface, data flow characteristics, authentication method and communicating pair.These
For connection identifier, satellite information ensures that the safety of data communication plays vital effect.?
In Fig. 3, CID represents connection identifier;CID-info represents the satellite information of connection identifier, Src
Mark is accessed in AID source, the access mark of Dst AID mesh, Src Port source port, Dst Port
Destination interface, Traffic characteristics flows feature, Authentication authentication information and
Credit list credit record.On the basis of trust model is set up, complete paired data complete
Property and safety, all of essential information has been mainly the process of paired data.
Fig. 4 is that the overall flow of the connection identifier generation method of specific embodiment in the present invention is shown
It is intended to.Topology in the diagram includes that client, server, router, connection identifier manage
Node and connection identifier mapping node.Embodiment in the present invention can be described as follows: visitor
When family end initiates connection request, request data package is sent to connection identifier mapping node, connects
This packet is forwarded to connection identifier management node, connection identifier record visitor by identity map node
Address that family end and server are used and port information.According to the generation method of connection identifier,
The information that the random number of generation 160-bit is recorded with these is mapped.When the connection generated
When mark is conflicted with already present connection identifier, it is secondary that connection identifier management node will be responsible for two
Connection identifier is become to replace newly-generated connection identifier, due to collision probability through test almost
Zero, the method that therefore secondary generates connection identifier and the conflict replaced is kept out of the way can solve well
This problem.
The generation method of connection identifier and the compatible aspect of conventional internet include following in
Hold:
Fig. 5, Fig. 6 and Fig. 7 are holding concurrently between specific embodiment and conventional internet in the present invention
Hold.Although connection identifier is to propose in integrated identification network, connection identifier and tradition interconnection
The compatibility of net also functions to positive effect for the problem solving existing conventional internet.At Fig. 5
In topology include client, server, router and name server (DNS).This
Embodiment in bright can be described as follows: when client initiates connection request, by number of request
Sending to connection identifier mapping node according to bag, this packet is forwarded to by connection identifier mapping node
Connection identifier management node, the IP address that connection identifier record client and server is used
And port information.According to the generation method of connection identifier, generate the random number of 160-bit and this
The information being recorded a bit is mapped.When the connection identifier generated rushes with already present connection identifier
Time prominent, connection identifier management node will be responsible for secondary and generate the company that connection identifier replacement is newly-generated
Connecing mark, owing to collision probability is almost nil through test, therefore secondary generates connection identifier also
The method that the conflict replaced is kept out of the way can solve this problem well.With conventional internet
Compatible aspect, communication means based on connection identifier divides with the change of router and name server
Not opening, only when they are supported the generation of connection identifier and use, connection identifier can be with
Conventional internet is compatible.
Last it is noted that obvious, above-described embodiment is only for clearly demonstrating the present invention
Example, and not restriction to embodiment.Ordinary skill people for art
For Yuan, change or the change of other multi-form can also be made on the basis of the above description
Dynamic.Here without also cannot all of embodiment be given exhaustive.And thus amplified out
Obviously change or change among still in protection scope of the present invention.
Claims (1)
1. the method that an integrated identification network connection identifier generates, it is characterised in that: for
The service acquisition procedure of integrated identification network provides mark, in integrated identification network, even
Connecing mark is the mark to service acquisition procedure, specifically includes patrolling of relating to service acquisition procedure
Collecting and connect and the mark of relevant information, the generation of connection identifier is to manage node at connection identifier
Complete, by being distributed to connection identifier mapping node and communicating pair node, connection identifier and
Satellite information according to demand based on connection identifier communication process be stored in communicating pair node and
The interdependent node of connection identifier;The generation method of connection identifier may include that 1) client carries
Go out service acquisition request;2) connection identifier management node obtains the mark generation of source and destination end
Connection identifier;3) connection identifier map information is distributed to connection identifier mapping node and client
End;4) communicate being used connection identifier by client;
During described connection identifier generates, in integrated identification network, propose and be connected mark
Two category nodes of sensible pass, two category nodes relevant to connection identifier include connection identifier management joint
Point and connection identifier mapping node, connection identifier management node is positioned at core network part, is responsible for even
Connect the generation of mark and the distribution work of connection identifier;Connection identifier mapping node is positioned at access
Mesh portions, is responsible for storage and updates connection identifier and the map entry of connection identifier satellite information,
Communication process based on connection identifier needs, by collaborative for this two category node allotment, to complete whole service
Acquisition process;
Described two category nodes, integrated identification network generates the functional module of connection identifier and includes:
1) primitive element needed for connection identifier generates is obtained;
2) according to the generation method of connection identifier, the connection identifier of 160-bit is generated;
3) conflict avoidance of connection identifier and conflict back-off method;
In described connection identifier, connection identifier and satellite information thereof collectively form complete connection mark
Knowing, the satellite information of connection identifier includes the access mark of communicating pair, port numbers, and credit is remembered
Record, authentication method and data flow characteristics, in the data transmission procedure in integrated identification network
Packet carries connection identifier, corresponding in order to inquire about this connection identifier at connection identifier mapping node
Satellite information, thus process and forward packet to destination, in view of packet information is passing
Replacement during defeated and forwarding, it is possible to hide the information relevant to data transmission procedure, thus
The safety of Logistics networks data transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310513557.0A CN103595710B (en) | 2013-10-25 | 2013-10-25 | A kind of integrated identification network connection identifier generates method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310513557.0A CN103595710B (en) | 2013-10-25 | 2013-10-25 | A kind of integrated identification network connection identifier generates method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103595710A CN103595710A (en) | 2014-02-19 |
| CN103595710B true CN103595710B (en) | 2016-11-23 |
Family
ID=50085692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310513557.0A Active CN103595710B (en) | 2013-10-25 | 2013-10-25 | A kind of integrated identification network connection identifier generates method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103595710B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107615704B (en) * | 2015-05-25 | 2021-06-25 | 邵通 | Device, method and system for preventing phishing |
| CN109803161A (en) * | 2019-01-14 | 2019-05-24 | 深圳市金锐显数码科技有限公司 | TV remote controlling method, device and terminal device |
| CN110958573B (en) * | 2019-11-22 | 2020-12-11 | 大连理工大学 | Mobile perception cooperative caching method based on consistent Hash under vehicle-mounted content center network |
| CN111935726B (en) * | 2020-07-10 | 2022-06-21 | 展讯半导体(成都)有限公司 | Communication processing method, master node, slave node, storage medium and system |
| CN113596059B (en) * | 2021-08-19 | 2023-06-20 | 中国电子科技集团公司电子科学研究院 | Method and system for realizing real-time three-layer network isolation in identification network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101690016A (en) * | 2007-07-10 | 2010-03-31 | 高通股份有限公司 | Apparatus and method of generating and maintaining non-orthogonal connection identifications (cids) for wireless peer-to-peer networks |
| CN103260149A (en) * | 2007-07-10 | 2013-08-21 | 高通股份有限公司 | Apparatus and method of generating and maintaining orthogonal connection identifications (cids) for wireless networks |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9155115B2 (en) * | 2011-10-18 | 2015-10-06 | Samsung Electronics Co., Ltd. | Method and apparatus for generating connection identifier for device-to-device communication |
-
2013
- 2013-10-25 CN CN201310513557.0A patent/CN103595710B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101690016A (en) * | 2007-07-10 | 2010-03-31 | 高通股份有限公司 | Apparatus and method of generating and maintaining non-orthogonal connection identifications (cids) for wireless peer-to-peer networks |
| CN103260149A (en) * | 2007-07-10 | 2013-08-21 | 高通股份有限公司 | Apparatus and method of generating and maintaining orthogonal connection identifications (cids) for wireless networks |
Non-Patent Citations (2)
| Title |
|---|
| 基于连接标识的对等模式会话迁移的设计与实现;孙亮;《中国优秀硕士论文全文数据库 信息科技辑》;20111115(第11期);第I139-76页 * |
| 基于连接标识的映射通信;刘畅 等;《电子学报》;20121015(第10期);第1920-1926页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103595710A (en) | 2014-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103595710B (en) | A kind of integrated identification network connection identifier generates method | |
| CN106506274B (en) | Dynamically-expandable efficient single-packet tracing method | |
| CN103716213B (en) | The method run in fixed access network and in a user device | |
| CN102594711B (en) | Message forwarding method and edge device therefor | |
| CN103139037B (en) | For realizing the method and apparatus of VLAN flexibly | |
| CN104184663B (en) | Communication means and device based on software defined network and integrated identification network | |
| CN104219125B (en) | The method, apparatus and system to be E-Packeted centered on information in network ICN | |
| CN104010049A (en) | Ethernet IP message packaging method based on SDN and network isolation and DHCP implementing method based on SDN | |
| CN103618801B (en) | Method, equipment and the system of a kind of P2P resource-sharing | |
| CN110489486A (en) | Generate method, seed node and the medium of block chain network | |
| CN106998297A (en) | A kind of virtual machine migration method and device | |
| CN105553711B (en) | Realize the network architecture and method of land, sea, air, outer space network integration | |
| CN106888145A (en) | A kind of VPN resource access methods and device | |
| CN104993993B (en) | A kind of message processing method, equipment and system | |
| CN104618919B (en) | Sensor network sensing node identifier resolution conformance test method | |
| CN104202398B (en) | The method of remote control, apparatus and system | |
| CN101895535A (en) | Network authentication method, device and system for identifying separate mapping network | |
| CN109005179A (en) | Network security tunnel establishing method based on port controlling | |
| CN104408777A (en) | Internet attendance management system and method based on P2P communication realized by NAT traversal | |
| CN108156067A (en) | It is a kind of to realize the method and system based on Ethernet Virtual Private Network | |
| CN108055263A (en) | Entity authentication Rights Management System and method in a kind of satellite communication network | |
| CN110035012A (en) | VPN traffic scheduling method based on SDN and the VPN flow scheduling system based on SDN | |
| CN104780522B (en) | A kind of method that LISP marks carrying access net supports terminal movement access | |
| CN107071075A (en) | The device and method of network address dynamic hop | |
| CN104486193B (en) | A kind of method and device for establishing network node interconnection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |