CN109347836B - IPv6 network node identity safety protection method - Google Patents

IPv6 network node identity safety protection method Download PDF

Info

Publication number
CN109347836B
CN109347836B CN201811249923.5A CN201811249923A CN109347836B CN 109347836 B CN109347836 B CN 109347836B CN 201811249923 A CN201811249923 A CN 201811249923A CN 109347836 B CN109347836 B CN 109347836B
Authority
CN
China
Prior art keywords
node
router
key
subnet
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811249923.5A
Other languages
Chinese (zh)
Other versions
CN109347836A (en
Inventor
王俊
向宏
苗春华
韩正甫
丁东平
尹凯
王剑
宋星星
陈红艳
金丽
束杨宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Asky Quantum Technology Co Ltd
Original Assignee
Anhui Asky Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Asky Quantum Technology Co Ltd filed Critical Anhui Asky Quantum Technology Co Ltd
Priority to CN201811249923.5A priority Critical patent/CN109347836B/en
Publication of CN109347836A publication Critical patent/CN109347836A/en
Application granted granted Critical
Publication of CN109347836B publication Critical patent/CN109347836B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Abstract

The invention discloses an IPv6 network node identity security protection method, which comprises the steps of injecting a group of keys K1 into an initial network access router of a node A and the node A, wherein the node A stores a unicast IP address of the initial network access router; the node A acquires a temporary subnet IP address; the node A sends an Internet access request message to the subnet I router by using the temporary subnet IP address; the subnet I router acquires a key K1 of the initial network access router; the subnet I router encrypts the unique PIN code and the random number of the subnet I router by using a key K1 and feeds back the encrypted PIN code and the random number to the node A; the node A decrypts the encrypted ciphertext X by adopting the key K1, and the node A calculates the correct decrypted PIN code, the random number and the MAC address of the node A to obtain an interface identifier of the global unicast IP address; the invention adopts the safety application and the combined operation to obtain the 64-bit address behind the IPv6 unicast address of the node, thereby effectively hiding the IPv6 network node identity.

Description

IPv6 network node identity safety protection method
Technical Field
The invention relates to the technical field of IPv6 networks, in particular to an IPv6 network node identity security protection method.
Background
With the implementation of the IPv6 development plan and the rapid expansion of the mobile Internet and the Internet of things, the network environment is changing day by day. At present, the construction of IPv6 servers is started in many countries, and IPv6 dual-stack transformation and IPv6 wireless networks are gradually implemented. The internet mainstream application supports IPv6 access, the user access flow is rapidly increased, the number of various novel node devices accessed to the network is increased explosively, real world information is transmitted in a virtual network more and more, but an IP address in an IPv6 protocol is fixed and public, and the personal behavior and privacy information of user nodes are completely exposed on the internet.
Note: a network node refers to a unit having an independent address in a network and having a function of transmitting or receiving data, and may be a redistribution point of the network, such as a switch, a router, a server, or an end of the network, such as a sensor, a personal computer, or the like.
With the deployment of the IPv6 network, each network node can allocate a globally unique unicast IP address, see fig. 1, where fig. 1 is a unicast IP address structure of the IPv6 network; the IP address has 128 bits, the first 64 bits are subnet prefixes, and the IP address can be changed when accessing different subnets; the last 64 bits are the interface identifier, which is typically generated from the physical address of the node device (EUI-64 is the next generation network adapter MAC address, encoded with 64 bits). Due to the uniqueness of the EUI-64 address, the last 64 bits of the IP address of the node device are unchanged no matter which subnet the node device accesses, which results in the risk that the node device is always tracked in the network.
For the problem that the node identity cannot be concealed, RFC4941 describes another method of generating an IPv6 interface identifier, i.e., randomly generating a set of 64-bit numbers as the interface identifier. The group of random numbers are actually the last 64 bits of the 128-bit MD5 value of the historical IP address of the node, the calculation method protects the identity information of the node to a certain extent, but a malicious user can obtain the future IP address combination of the node by using the same calculation through the historical IP address of the node, and then the node after the IP conversion can be found through address scanning.
Therefore, the identity security problem of the IPv6 network node has not been effectively solved, and the privacy of the next generation network node and the user faces a serious challenge.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an IPv6 network node identity security protection method aiming at the defects of the prior art, the IPv6 network node identity security protection method adopts security application and combined operation to obtain 64-bit addresses after IPv6 unicast addresses of nodes, so that the IPv6 network node identity can be effectively hidden, and the privacy of users and the security of networks are greatly protected.
In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:
an IPv6 network node identity security protection method includes the following steps:
step 1: a router registered by a node A to be accessed to the Internet is used as an initial network access router of the node A, the same group of keys K1 are injected into the initial network access router and the node A, and the node A stores a globally unique unicast IP address of the initial network access router and a key group number corresponding to K1;
step 2: the node A discovers a subnet I router through a neighbor discovery protocol of IPv6 and acquires a random temporary subnet IP address distributed by the subnet I router;
step 3, the node A sends a request message for accessing the Internet to the subnet I router by using the obtained temporary subnet IP address, wherein the request message comprises the globally unique unicast IP address of the initial network access router of the node A and a key group number corresponding to the key K1;
and 4, step 4: the subnet I router queries an initial network access router of the node A through a globally unique unicast IP address in the request message, and acquires a key K1 which is in the initial network access router and corresponds to the key group number in the request message in a key relay mode;
and 5: the subnet I router encrypts a 64-bit subnet I router unique PIN code and a group of 64-bit random numbers by using the acquired key K1 to obtain an encrypted ciphertext X;
step 6: the subnet I router feeds back the encrypted ciphertext X to the node A;
and 7: after obtaining the feedback message of the subnet I router, the node A decrypts the encrypted ciphertext X by adopting a self key K1 to obtain a PIN code and a random number, and feeds back the hash value of the PIN code and the random number to the subnet I router;
and 8: the subnet I router judges whether the hash value of the PIN code and the random number fed back by the node A is consistent with the unique PIN code of the node A and the hash value of a group of 64-bit random numbers, if so, a correct message is fed back to the node A, otherwise, the step 6 is returned to re-send the encrypted ciphertext X to the node A until the subnet I router feeds back the correct message to the node A;
and step 9: after the node A acquires the correct message fed back by the subnet I router, the correct PIN code, the random number and the MAC address of the node A are combined and calculated to obtain a 64-bit numerical value, and the 64-bit numerical value is used as an interface identifier of the globally unique unicast IP address of the node A.
As a further improved technical solution of the present invention, the step 1 includes:
judging whether a node A to be accessed to the Internet needs to be registered, if the node A is registered in one router in the Internet, executing the step 2, otherwise, storing the MAC address of the node A in the router at the nearest position to complete the registration; the router registered by the node A is an initial network access router of the node A, the same group of keys K1 are injected into the initial network access router and the node A, and the node A stores the globally unique unicast IP address of the initial network access router and the key group number corresponding to the key K1.
As a further improved technical solution of the present invention, the step 4 includes:
(1) the subnet I router inquires the initial network-accessing router of the node A through the globally unique unicast IP address in the request message;
(2) the subnet I router sends a key request to an initial network access router of the node A, wherein the key request comprises a key group number;
(3) a subnet I router acquires a key K1 which is in the initial network access router and corresponds to the key group number by adopting a key relay mode;
the key relay method comprises the following steps:
a node x and a node y are arranged between the subnet I router and the initial network access router, the subnet I router is adjacent to the node x region and shares a pair of keys KxThe node x is adjacent to the node y area and shares a pair of keys KxyAnd the node y is adjacent to the initial network access router area, is interconnected with the initial network access router area and shares a pair of secret keys Ky
The initial network access router adopts a secret key KyEncrypting a key K1 corresponding to the key group number to obtain a ciphertext Ky1And the ciphertext Ky1Transmitting to the node y;
the node y adopts a secret key KyFor ciphertext Ky1Decrypting to obtain a key K1; the node y adopts a secret key KxyEncrypting the key K1 to obtain a ciphertext Kxy1And the ciphertext Kxy1To node x;
node x employs a secret key KxyFor ciphertext Kxy1Decrypting to obtain a key K1; node x employs a secret key KxEncrypting the key K1 to obtain a ciphertext Kx1And the ciphertext Kx1Transmitting to a subnet I router;
subnet I router adopts secret key KxFor ciphertext Kx1Decryption is performed to obtain the key K1.
4. The IPv6 network node identity security protection method according to claim 2, wherein the calculation formula for performing the combination calculation on the correct PIN code, random number and MAC address of node a in step 9 is as follows:
Figure BDA0001841427560000031
wherein Y is a 64-bit value, X1 is a PIN code, X2 is a random number, and X3 is the MAC address of node A.
The invention has the beneficial effects that: the IPv6 network node identity security protection method can effectively hide the IPv6 network node identity, is different from the existing mode that 64-bit addresses are fixed after IPv6 unicast addresses or are random according to a certain rule, the invention adopts security application and combined operation to obtain 64-bit addresses after IPv6 unicast addresses, so that the relationship between the interface identifier of a globally unique unicast IP address and the node is hidden and protected, and malicious users cannot obtain the security application and operation process of the interface identifier of the unicast IP address and cannot be tracked in the network; and the subnets accessed by the nodes are different, the interface identifiers of the IP addresses are different, and the security is higher, so that the identities of the IPv6 network nodes can be effectively hidden; in addition, when a supervision department needs supervision, the node identity can be checked by using the address operation information safely stored in the subnet router, so that the condition that an illegal user inquires the node identity in the network can be avoided, the supervision department can also check the source of illegal information release, and the privacy of the user and the network safety are greatly protected.
Drawings
Fig. 1 shows the unicast IP address structure of IPv6 network.
Fig. 2 is a schematic diagram of a network connection of nodes in the embodiment.
Fig. 3 is a schematic diagram of a key relay method in the embodiment.
Fig. 4 is a sequence diagram of node a applying for an interface identifier for a globally unique unicast IP address.
Detailed Description
The following further describes embodiments of the present invention with reference to fig. 1 to 4:
fig. 1 is a unicast IP address structure of IPv6 network, where the IP address has 128 bits, the first 64 bits are subnet prefixes, and changes occur when accessing different subnets; the last 64 bits are the interface identifier, which is typically generated from the physical address of the node device.
For the identity hiding requirement of the unicast IP address of the network node, the embodiment generates 64 bits of the unicast address by using the combined operation of MAC + PIN + KEY (where KEY is a random number below), does not affect normal data communication on the premise of strictly ensuring the identity information of the node, and can also enable a monitoring department to identify the identity of the node under the authorization condition.
Referring to fig. 2, fig. 2 shows a node network connection, in which a node a and a node B access a subnet I and connect to the internet through a subnet I router, and each region of the internet has a summary router, and the summary routers form interconnection and intercommunication among regions, such as a region a summary router, a region B summary router, and a region C summary router in the figure.
In this embodiment, taking node a as an example, the steps of generating a globally unique unicast address of node a are described as follows:
referring to fig. 4, an IPv6 network node identity security protection method includes the following steps:
step 1: before accessing the Internet, the node A firstly judges whether the node A needs to be registered, if the node A is registered in one router in the Internet, the step 2 is executed, otherwise, the MAC address of the node A is stored in the router at the nearest position to complete the registration; the router registered by the node A is an initial network access router of the node A, the same group of keys K1 are injected into the initial network access router and the node A, and the node A stores the globally unique unicast IP address of the initial network access router and the key group number corresponding to K1;
step 2: when the node A accesses the subnet I, the node A discovers a subnet I router through a neighbor discovery protocol of IPv6 and acquires a random temporary subnet IP address distributed by the subnet I router; the node A applies for a temporary subnet IP address to a subnet I router, and the subnet I router distributes a random temporary subnet IP address to the node A;
step 3, the node A sends a request message for accessing the Internet to the subnet I router by using the obtained temporary subnet IP address, wherein the request message comprises the globally unique unicast IP address of the initial network access router of the node A and a key group number corresponding to the key K1;
and 4, step 4: the subnet I router queries an initial network access router of the node A through a globally unique unicast IP address in the request message, and acquires a key K1 which is in the initial network access router and corresponds to the key group number in the request message in a key relay mode;
and 5: the subnet I router encrypts a 64-bit subnet I router unique PIN code and a group of 64-bit random numbers by using the acquired key K1 to obtain an encrypted ciphertext X;
step 6: the subnet I router feeds back the encrypted ciphertext X to the node A;
and 7: after obtaining the feedback message of the subnet I router, the node A decrypts the encrypted ciphertext X by adopting a self key K1 to obtain a PIN code and a random number, and feeds back a hash value of the PIN code and the random number to the subnet I router for confirming whether the node A receives a correct message;
and 8: the subnet I router judges whether the hash value of the PIN code and the random number fed back by the node A is consistent with the unique PIN code of the node A and the hash value of a group of 64-bit random numbers, if so, a correct message is fed back to the node A, otherwise, the step 6 is returned to re-send the encrypted ciphertext X to the node A until the subnet I router feeds back the correct message to the node A;
and step 9: after the node A acquires the correct message fed back by the subnet I router, the correct PIN code, the random number and the MAC address of the node A are combined and calculated to obtain a 64-bit numerical value, and the 64-bit numerical value is used as an interface identifier of the globally unique unicast IP address of the node A. The combination calculation method can be the result of exclusive or of the three or other algorithms.
The xor formula in step 9 for performing the combination calculation of the correct PIN code, the random number, and the MAC address of the node a is:
Figure BDA0001841427560000051
wherein Y is a 64-bit value, X1 is a PIN code, X2 is a random number, and X3 is the MAC address of node A.
Step 4 in this embodiment specifically includes:
(1) the subnet I router inquires the initial network-accessing router of the node A through the globally unique unicast IP address in the request message;
(2) the subnet I router sends a key request to an initial network access router of the node A, wherein the key request comprises a key group number;
(3) a subnet I router acquires a key K1 which is in the initial network access router and corresponds to the key group number by adopting a key relay mode;
as shown in fig. 3, a key relay manner is implemented by combining a plurality of relay points in a certain topology structure, an xor operation is performed on a key of a relay point, the key is transmitted to a next node after the xor operation, and finally, a global key can be obtained between any two users, so that the cross-domain sharing of the key is implemented, where a node x and a node y in fig. 3 represent a summary router in different areas, and specifically includes:
as shown in fig. 3, a node x and a node y (which belong to a relay point) are provided between the subnet I router and the initial network-accessing router, and the subnet I router is adjacent to the node x and shares a pair of keys KxThe node x is adjacent to the node y area and shares a pair of keys KxyAnd the node y is adjacent to the initial network access router area, is interconnected with the initial network access router area and shares a pair of secret keys Ky
The initial network access router adopts a secret key KyEncrypting a key K1 corresponding to the key group number to obtain a ciphertext Ky1And the ciphertext Ky1Transmitting to the node y;
the node y adopts a secret key KyFor ciphertext Ky1Decrypting to obtain a key K1; the node y adopts a secret key KxyEncrypting the key K1 to obtain a ciphertext Kxy1And the ciphertext Kxy1To node x;
node x employs a secret key KxyFor ciphertext Kxy1Decrypting to obtain a key K1; node x employs a secret key KxEncrypting the key K1 to obtain a ciphertext Kx1And the ciphertext Kx1Transmitting to a subnet I router;
subnet I router adopts secret key KxFor ciphertext Kx1Decryption is performed to obtain the key K1.
The number of nodes between the subnet I router and the initial network-accessing router is not limited, and the key K1 can be obtained by key relay.
Node a may access on any subnet, the procedure is consistent with that described above. At this time, if the supervision is needed, the IP packet is analyzed, the subnet I router can be found first, and then the corresponding IP address is calculated by using the PIN value and the random number stored in the subnet I router, so that the identity of the node a which is concealed can be correctly identified.
The IP address acquisition mode of the IPv6 network node is compatible with the existing IPv6 address distribution mode, and the encryption transmission data among the routes is compatible with the IPSec protocol.
The IPv6 identity security technical method can effectively hide the IPv6 network node identity, is different from the existing mode that the 64-bit address behind the IPv6 unicast address is fixed or random according to a certain rule, the invention adopts the method of obtaining the 64-bit address behind the IPv6 unicast address by security application and operation, so that the relation between the IP address and the node is hidden and protected, and when a supervision department needs to supervise, the node identity can be checked by using the address operation information safely stored in the subnet router, thereby not only preventing an illegal user from inquiring the node identity in the network, but also enabling a supervision department to trace the source of illegal information release, and greatly protecting the privacy of the user and the security of the network.
The scope of the present invention includes, but is not limited to, the above embodiments, and the present invention is defined by the appended claims, and any alterations, modifications, and improvements that may occur to those skilled in the art are all within the scope of the present invention.

Claims (3)

1. An identity security protection method for an IPv6 network node is characterized by comprising the following steps:
step 1: a router registered by a node A to be accessed to the Internet is used as an initial network access router of the node A, the same group of keys K1 are injected into the initial network access router and the node A, and the node A stores a globally unique unicast IP address of the initial network access router and a key group number corresponding to K1;
step 2: the node A discovers a subnet I router through a neighbor discovery protocol of IPv6 and acquires a random temporary subnet IP address distributed by the subnet I router;
step 3, the node A sends a request message for accessing the Internet to the subnet I router by using the obtained temporary subnet IP address, wherein the request message comprises the globally unique unicast IP address of the initial network access router of the node A and a key group number corresponding to the key K1;
and 4, step 4: the subnet I router queries an initial network access router of the node A through a globally unique unicast IP address in the request message, and acquires a key K1 which is in the initial network access router and corresponds to the key group number in the request message in a key relay mode;
and 5: the subnet I router encrypts a 64-bit subnet I router unique PIN code and a group of 64-bit random numbers by using the acquired key K1 to obtain an encrypted ciphertext X;
step 6: the subnet I router feeds back the encrypted ciphertext X to the node A;
and 7: after obtaining the feedback message of the subnet I router, the node A decrypts the encrypted ciphertext X by adopting a self key K1 to obtain a PIN code and a random number, and feeds back the hash value of the PIN code and the random number to the subnet I router;
and 8: the subnet I router judges whether the hash value of the PIN code and the random number fed back by the node A is consistent with the unique PIN code of the node A and the hash value of a group of 64-bit random numbers, if so, a correct message is fed back to the node A, otherwise, the step 6 is returned to re-send the encrypted ciphertext X to the node A until the subnet I router feeds back the correct message to the node A;
and step 9: after acquiring a correct message fed back by the subnet I router, the node A performs combined calculation on a correct PIN code, a random number and the MAC address of the node A to obtain a 64-bit numerical value, and the 64-bit numerical value is used as an interface identifier of a global unique unicast IP address of the node A;
the step 4 comprises the following steps:
(1) the subnet I router inquires the initial network-accessing router of the node A through the globally unique unicast IP address in the request message;
(2) the subnet I router sends a key request to an initial network access router of the node A, wherein the key request comprises a key group number;
(3) a subnet I router acquires a key K1 which is in the initial network access router and corresponds to the key group number by adopting a key relay mode;
the key relay method comprises the following steps:
subnet I router anda node x and a node y are arranged between the initial network-accessing routers, and a subnet I router is adjacent to the node x region and shares a pair of keys KxThe node x is adjacent to the node y area and shares a pair of keys KxyAnd the node y is adjacent to the initial network access router area, is interconnected with the initial network access router area and shares a pair of secret keys Ky
The initial network access router adopts a secret key KyEncrypting a key K1 corresponding to the key group number to obtain a ciphertext Ky1And the ciphertext Ky1Transmitting to the node y;
the node y adopts a secret key KyFor ciphertext Ky1Decrypting to obtain a key K1; the node y adopts a secret key KxyEncrypting the key K1 to obtain a ciphertext Kxy1And the ciphertext Kxy1To node x;
node x employs a secret key KxyFor ciphertext Kxy1Decrypting to obtain a key K1; node x employs a secret key KxEncrypting the key K1 to obtain a ciphertext Kx1And the ciphertext Kx1Transmitting to a subnet I router;
subnet I router adopts secret key KxFor ciphertext Kx1Decryption is performed to obtain the key K1.
2. The IPv6 network node identity security method according to claim 1, wherein step 1 includes:
judging whether a node A to be accessed to the Internet needs to be registered, if the node A is registered in one router in the Internet, executing the step 2, otherwise, storing the MAC address of the node A in the router at the nearest position to complete the registration; the router registered by the node A is an initial network access router of the node A, the same group of keys K1 are injected into the initial network access router and the node A, and the node A stores the globally unique unicast IP address of the initial network access router and the key group number corresponding to the key K1.
3. The IPv6 network node identity security protection method according to claim 2, wherein the calculation formula for performing the combination calculation on the correct PIN code, random number and MAC address of node a in step 9 is as follows:
Y=X1⊕X2⊕X3 (1);
wherein Y is a 64-bit value, X1 is a PIN code, X2 is a random number, and X3 is the MAC address of node A.
CN201811249923.5A 2018-10-25 2018-10-25 IPv6 network node identity safety protection method Active CN109347836B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811249923.5A CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811249923.5A CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Publications (2)

Publication Number Publication Date
CN109347836A CN109347836A (en) 2019-02-15
CN109347836B true CN109347836B (en) 2020-12-15

Family

ID=65311739

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811249923.5A Active CN109347836B (en) 2018-10-25 2018-10-25 IPv6 network node identity safety protection method

Country Status (1)

Country Link
CN (1) CN109347836B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131491A (en) * 2019-12-30 2020-05-08 哈尔滨工业大学 IPv 6-based data transmission method for power plant data acquisition system
CN117201005B (en) * 2023-09-08 2024-03-15 国家计算机网络与信息安全管理中心江苏分中心 IPv6 address dynamic coding method based on ZUC encryption and decryption and application method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101277257A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Method, apparatus and system for dynamically updating DNS
CN101902482A (en) * 2010-08-23 2010-12-01 中国电信股份有限公司 Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
CN102769677A (en) * 2012-07-20 2012-11-07 清华大学 IPv6 address setting method for real user identity information and server
US8688807B2 (en) * 2011-08-18 2014-04-01 Cisco Technology, Inc. Deriving unique local addresses from device names
CN105791226A (en) * 2014-12-23 2016-07-20 中国电信股份有限公司 Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI493948B (en) * 2012-08-22 2015-07-21 Hon Hai Prec Ind Co Ltd System, device and method for reducing network address header

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155196A (en) * 2006-09-27 2008-04-02 中国电信股份有限公司 Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same
CN101277257A (en) * 2007-03-26 2008-10-01 华为技术有限公司 Method, apparatus and system for dynamically updating DNS
CN101902482A (en) * 2010-08-23 2010-12-01 中国电信股份有限公司 Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
US8688807B2 (en) * 2011-08-18 2014-04-01 Cisco Technology, Inc. Deriving unique local addresses from device names
CN102769677A (en) * 2012-07-20 2012-11-07 清华大学 IPv6 address setting method for real user identity information and server
CN105791226A (en) * 2014-12-23 2016-07-20 中国电信股份有限公司 Method, device and system of identifying user identity based on IPv6 (Internet Protocol version 6) address

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Security and Privacy Considerations for IPv6 Address Generation Mechanisms;A. Cooper et al;《IETF》;20160331;全文 *
浅谈IPv6地址的无状态自动发现;虞军伟;《网络通讯与安全》;20051231;全文 *

Also Published As

Publication number Publication date
CN109347836A (en) 2019-02-15

Similar Documents

Publication Publication Date Title
JP4033868B2 (en) Method and apparatus for processing authentication in IPv6 network
CN101965722B (en) Re-establishment of a security association
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
US20070189528A1 (en) Wireless LAN transmitting and receiving apparatus and key distribution method
US7757272B1 (en) Method and apparatus for dynamic mapping
JP2002247047A (en) Session shared key sharing method, radio terminal authenticating method, radio terminal and base station device
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
US8707041B2 (en) Protecting a BSF entity from attack
CN112332901B (en) Heaven and earth integrated mobile access authentication method and device
CN103313242A (en) Secret key verification method and device
US11917061B2 (en) Decentralized and/or hybrid decentralized secure cryptographic key storage method
CN109347836B (en) IPv6 network node identity safety protection method
Katz Wpa vs. wpa2: Is wpa2 really an improvement on wpa?
CN109246124B (en) Active defense method for encrypted information
Rana et al. Common security protocols for wireless networks: A comparative analysis
KR101591306B1 (en) Method and apparatus for communication using virtual MAC address
Latha et al. Mds-wlan: Maximal data security in wlan for resisting potential threats
Niewolski et al. Security architecture for authorized anonymous communication in 5G MEC
Kong et al. ESCORT: a decentralized and localized access control system for mobile wireless access to secured domains
Choudhury et al. Security Extension for Relaxed Trust Requirement in Non3GPP Access to the EPS.
Amjad Security enhancement of IPv6 using advance encryption standard and Diffie Hellman
CN116887274A (en) Terminal identity authentication system and method
Lu et al. A comparison study of IKE protocols
CN116866001A (en) Method and device for accessing terminal equipment to gateway based on key management system
Murugesan et al. Closed WiFi Hotspot-Truly Hidden Network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant