WO2020154865A1 - Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations - Google Patents

Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations Download PDF

Info

Publication number
WO2020154865A1
WO2020154865A1 PCT/CN2019/073507 CN2019073507W WO2020154865A1 WO 2020154865 A1 WO2020154865 A1 WO 2020154865A1 CN 2019073507 W CN2019073507 W CN 2019073507W WO 2020154865 A1 WO2020154865 A1 WO 2020154865A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
identity
user
content
identification
Prior art date
Application number
PCT/CN2019/073507
Other languages
English (en)
Chinese (zh)
Inventor
李挥
邬江兴
张昕淳
兰巨龙
徐恪
陈世胜
魏进武
伊鹏
陆以勤
马军锋
李胜飞
蒲敏谦
张云勇
陈孟尝
朱江
刘文印
韩永祥
侯韩旭
胡嘉伟
李文军
杨昕
王菡
邢凯轩
Original Assignee
北京大学深圳研究生院
国家数字交换系统工程技术研究中心
中国电信股份有限公司深圳分公司
中国联合网络通信有限公司研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京大学深圳研究生院, 国家数字交换系统工程技术研究中心, 中国电信股份有限公司深圳分公司, 中国联合网络通信有限公司研究院 filed Critical 北京大学深圳研究生院
Priority to PCT/CN2019/073507 priority Critical patent/WO2020154865A1/fr
Priority to CN201980005057.1A priority patent/CN111373704B/zh
Publication of WO2020154865A1 publication Critical patent/WO2020154865A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to the field of computers, and in particular to a method, system and storage medium for supporting multi-mode identification network addressing to gradually remove IP.
  • the Internet has become an indispensable part of social development. As a carrier of information, it has penetrated into various fields of human life including national politics, economic development, culture, education, and medical health. .
  • the core service of the Internet is the domain name resolution service, which completes the process of mapping between IP addresses and target servers.
  • the Cisco report predicts that the global mobile phone share will be 69% in 2019, and its wireless data traffic will reach 292 billion GB, of which streaming media will account for about 80%.
  • CCN has changed from the traditional focus on server and host IP addresses to just whether the content of the data meets the requirements. Users no longer care about which host provides services. It's about how to get data faster, more accurately, and more efficiently. So in this age when content is king, researchers have devised a content-based network architecture. After several years of development, significant results have been achieved in the CCN architecture and test bed construction. However, due to its subversive network architecture, there are many technical difficulties in its network deployment and large-scale deployment. CCN only builds the overall network from the content as the core, and does not consider the reasonable planning and application of user identification and satellite ground-air identification in the future Internet of Everything era, which leads to the defect of insufficient scalability when facing different business processes. At the same time, the CCN network does not manage the security of the content reasonably, and cannot solve the problems of data leakage in the IP network at this stage.
  • DNS resolution The domain name resolution service is the most important core service of the Internet. Through DNS, users can access the Internet more conveniently, without the need to remember IP addresses that can be directly read by machines but are difficult for humans to understand and remember.
  • the DNS protocol is an application layer protocol, running on top of the UDP protocol, using port number 53.
  • DNS uses a tree-like directory structure to distribute the management of host names among different levels of DNS servers. Through a hierarchical management strategy, the current stage of rapid resolution and access from IP to domain names can be realized.
  • the general structure of Internet host domain name is: host name. third-level domain name. second-level domain name. top-level domain name.
  • the top-level domain name of the Internet is registered and managed by the Internet Network Association Domain Name Registration and Inquiry Committee (ICANN) responsible for network address allocation. It also assigns a unique IP address to each host on the Internet.
  • ICANN Internet Network Association Domain Name Registration and Inquiry Committee
  • the resolution process is roughly as follows: When a DNS user needs to query the name used in the program, it will query the local DNS server to resolve the name. Each query message sent by the user includes 3 pieces of information to specify the question that the server should answer.
  • DNS queries are resolved in a variety of different ways. Users can sometimes answer queries on the spot by using cached information obtained from previous queries.
  • the DNS server can use its own resource record information cache to answer the query, and can also query or contact other DNS servers on behalf of the requesting user to completely resolve the name, and then return the response to the user.
  • DNS domain name management
  • the DNS system is a centralized recursive architecture system, making it vulnerable to DDoS and other network attacks.
  • privacy issues the Internet’s effective privacy protection strategies at this stage have led to serious data theft and abuse.
  • the present invention provides a method for supporting multi-mode identification network addressing and progressively removing IP, which is characterized in that it includes constructing a network, which is divided into hierarchical network domains from top to bottom, wherein the top-level domain of the network is divided by each country
  • a top-level identity management node government agencies form a global alliance to jointly manage the generation, registration and analysis management of the logo. All network resources in the network will be locked on the blockchain; the first-level domain and the following levels are the corresponding administrative or professional institutions Management, logo management methods, logo registration schemes and consensus algorithms within the domain can be different;
  • Each domain has a corresponding network supervision node.
  • the network supervision node is responsible for user management, logo registration, inter-identity intercommunication and logo routing services in the domain.
  • each network supervision node There are multi-mode identifications for content network identification, spatial geographic location identification, identity information and IP address; the upper and lower domains use network supervision nodes as data access interfaces to achieve hierarchical data transmission; individual users include individual users in the traditional sense and The terminal nodes in the Internet of Things era are network access nodes with mobile characteristics in the network.
  • Enterprise users include government agencies, professional institutions, companies, and organizations with content publishing rights;
  • the network supports network layer routing addressing in which multiple identities including identity, content, geographic location and IP address coexist, and the content identities of all resources in the network are bound to the publisher’s identity.
  • the geographical location identification of the user when logging in to the network and the network resources accessed will be recorded on the blockchain of the network supervision node of the domain for security supervision and data protection
  • the method includes an identity registration step and a network resource request step;
  • the logo registration step includes:
  • Step 1 Register the resource: the network node receives the user's resource registration content, and the network node adds the geospatial location identifier and the identity identifier of the content publisher according to the location node where the content is stored;
  • Step 2 Network node authentication: After the network node in this domain receives the identity registration request transmitted by the user, the network node will review its content and user information, then register the resource identity, and then register the generated identity Request to upload to the upper level domain and add the local identification prefix;
  • Step 3 Identity registration request transmission: After the upper-level network node receives the identity registration request, it will transmit its registration identity message to the controller of its domain according to the set data transmission protocol for subsequent authentication and registration operations;
  • Step 4 Identity verification: After receiving the identity registration request of its subordinate network domain, the network node in the top-level domain will verify the requested data and return the corresponding confirmation signal to the original application node; at the same time, it will adopt the design A distributed storage scheme is set to ensure that all registered logos cannot be tampered with. The original identification information will be stored in the distributed database of the top-level domain. After a set time has passed, the entire network will synchronize the corresponding database. To confirm that the resource identification information between each top-level domain name is equal and unified;
  • the network resource request step includes:
  • Step A query request: send a query request to the nearest network node
  • Step B local identification data query: When the nearest multi-mode network node receives the request from the user, it will distinguish according to the query identification. If it is an IP address, continue the traditional DNS query process, if it is an identity or content identification , Then query the forwarding table, the forwarding table records whether the identification content exists in the local database, if it is, then return the corresponding identification content, otherwise go to step C;
  • Step C request for query transmission: when there is no corresponding identification content in the local database, upload the query request to the upper-level network node. After receiving the query request sent by the next-level network node, follows steps A to B to query. If the corresponding identification content is queried, it will be returned to the corresponding content identification to the next-level network node. Otherwise, the query request will be passed to the upper-level network node until the top-level domain Network node
  • Step D identification query verification and intercommunication: If the top-level domain node finds the related registered identification, it will automatically issue the related shortest path according to the dynamic topology of the existing network. There are many related links on the forwarding line in the network.
  • the modular network node will receive the new forwarding path table and establish a data transmission path through multi-hop routing; if the node in the top-level domain does not find the corresponding identifier, at the same time query the database for other network identifier information corresponding to the identifier, proceed to step E;
  • Step E Issuing the identification request: The network node in the top-level domain will issue the query request to the specified network domain according to the original identification and the first prefix after the conversion, until it reaches the lowest-level network node specified by the query request for local Query; if the corresponding identification content is successfully queried, the corresponding resource content will be passed to the query requester, otherwise, the query error message will be returned.
  • the resources in the network system all have corresponding multiple identifiers to refer to their content name, publisher identity, and spatial geographic location.
  • the identifiers Through the binding and intercommunication between the identifiers, all parties in the network
  • the content publishing and access behavior of the Internet can be effectively controlled and supervised; at the same time, the multi-mode network identity is directly used in the addressing process of the network layer.
  • users Through the dynamic matching and intercommunication technology of the multi-mode identity, users can choose between methods to deal with complex and changeable application requirements and network environments.
  • the addressing process is based on the following three types of identification:
  • Content name-oriented addressing Use hierarchical character strings to identify each resource in the network.
  • multi-mode network nodes have forwarding information tables with names as keys to record each resource. Forwarding port information corresponding to each name; data transmission is carried out in a user-driven manner: the content requester enters the content list into the interest message and sends it to the network; the multi-mode network node records the arrival port of the interest message in the pending In the interest table, and query the forwarding information table to forward the message until it reaches a content holder; by querying the pending interest table, the data packet containing the requested content will be traced back to the request along the arrival path of the interest message
  • the content name-oriented addressing process decouples the data itself and the specific location of the data, providing greater flexibility for the network system;
  • Identity-oriented addressing Identity is used to uniquely refer to a user locally or globally. The user's behavior on the network, including the release and access to network resources, will be subject to the specific authority determined by its identity, and any behavior Identity information that can be traced back to the user;
  • Location information can not only represent geographic location in the real sense, but also virtual location in abstract space. To prevent ambiguity during addressing, the location of two users in this system will not Coincidence occurs; the addressing process for spatial and geographic location is: multi-mode network nodes calculate the geometric distance between each neighbor and the destination, and greedily select the smallest one as the forwarding object.
  • the identity identifier includes the public key, the user's own certificate ID, and the IMEI code of the mobile phone.
  • a security mechanism based on identification and a combination matrix is adopted.
  • the key management agency holds the user’s private key distribution; the public key matrix is held by each network node and is used for data signature authentication; the key management agency uses the user’s identity ID and the private key matrix (r ij ).
  • each identification ID can uniquely generate a string Subscript sequence:
  • GenerateSub(ID) ⁇ i 1 , i 2 ,...i l , j 1 , j 2 ,...j l ⁇
  • GenerateSub(ID) represents the function of generating subscripts from the identity ID, i 1 , i 2 ... i l represent the row coordinates of the matrix, and j 1 , j 2 ... j l represent the column coordinates of the matrix;
  • the private key corresponding to the ID is the sum of the subscript corresponding items in the private key matrix:
  • r ID represents the user's private key, Represents the elements with row coordinates i 1 , i 2 ... i l and column coordinates j 1 , j 2 ... j l in the private key matrix (r ij );
  • the public key corresponding to the ID can be calculated by the verifier through the public key matrix and the identity ID:
  • R ID represents the public key of the user, Represents the elements with row coordinates i 1 , i 2 ... i l and column coordinates j 1 , j 2 ... j l in the public key matrix (R ij );
  • (r ID , R ID ) constitutes a private-public key pair relationship. In this way, not only the one-to-one binding between the identity and the public key is completed, and the supervisability and traceability of network behavior are guaranteed. It also saves the frequent public key request process, and improves the actual performance of the network.
  • the method includes an inter-passing process between name and identity.
  • the name of the content is bound to the identity of the original publisher, and a verifiable extension is adopted. Used to identify network resources, the form is as follows:
  • UniqueID A is the globally unique identity of publisher A. There will be no collision. The user’s public-private key pair is generated from this identity; SubID A is the secondary identity used by A when publishing the content. The same user may have multiple identities; Name is a hierarchical content name; Sig (Name, PrK A ) is A's signature on the content name; when the content is received by the user or cached by the multi-mode network node, its The signature must be verified to ensure its legitimacy; the data structure of the prefix tree is used to support the storage and query operations of names and identities. In the prefix tree, each connection edge of the root node corresponds to a user, and we use global uniqueness The identity identifier UniqueID A is used to refer to each user.
  • Each user node records the entries and spatial location information of the F forwarding information table corresponding to the user.
  • the second layer of the prefix tree represents what each user has Multiple identities, if user A1 is If the resource Name1 is released, its corresponding name node will become the identity
  • the name node will record the signature Sig (Name1, PrK A1 ), as well as the entry and space location information of the forwarding information table corresponding to the name.
  • the name and identity identification can be completed , Or the mutual conversion between multiple identities owned by the same user.
  • the method includes the conversion process between location, name and identity.
  • each user corresponds to a unique real or virtual spatial geographic location identifier, and
  • its location identifier For a certain content name in the network, in order to reduce the routing delay, we set its location identifier to "the position of the nearest node holding the content corresponding to the name", which is calculated and delivered by the upper control node; by setting the corresponding The location information is recorded in the prefix tree, which can complete the interoperability from the name, identity to the spatial geographic location; in order to prevent the location of each user from colliding, we use the spatial geographic location-identity hash table to complete the mapping between them operating.
  • the method includes user management and privacy protection policies.
  • user management and privacy protection policies when all user terminals send identification registration requests in the network, they will bind corresponding identification information to ensure the normal operation of the network.
  • the user uses a specified hash function and adds the user’s identity information to generate an identity certificate.
  • the identity certificate will be the identity proof of the user in the network, and the spatial geographic location identifier will be used as the user’s auxiliary identification information; ,
  • the system will send the user’s public key to the network supervision node, and then the user uses his own identity certificate to sign the identity registration request, and sends it to the network supervision node together with the identity registration request; the network supervision node first uses the same
  • the hash function verifies the legitimacy of the user from the received logo registration request, then decrypts the attached signature according to the user’s public key, compares the two hash values, and if they are the same, it can be confirmed that the signature belongs to the user;
  • the registration request is confirmed by the network supervision node.
  • the system will store the user’s identity certificate in distributed data to ensure that the identification content will be traced and supervised in the future; the system will classify the network content published by the user, and when the user accesses network resources The access authority will be determined based on the identity information of its visitors.
  • the method includes the step of personal user accessing the network.
  • the step of personal user accessing the network when the user accesses the network system through the traditional Internet, the network node will record the MAC address of the user terminal as an identity identifier Stored in the network, it will also record the spatial geographic location of the user terminal in the form of three-dimensional coordinates. For mobile phone users, the IMEI code of the mobile phone will be recorded as part of the identity authentication information at the same time.
  • Corresponding gateway equipment is installed at the border of the, to ensure that users can access Internet resources through a variety of network identifiers; when users access the network through the new network identifier, relevant identity information will be stored in the user’s local node, including but not limited to the user’s fingerprint , Iris and other biological information with traceable user identity, the identity information is only stored locally in the user node to generate user signatures, and is not transmitted in the multi-mode identity network; at the same time, the identity of the individual user is identified with various content identifications published In combination, its identity is used as an addressing identifier for the network content, which facilitates other nodes in the network to directly address network resources through user identifiers, and improves the efficiency of network resource query.
  • the method includes the step of enterprise user accessing the network.
  • the enterprise user will bind the identity identification code issued by the government or professional organization as the identity identifier to log on to the network, and the The network resources will also be bound to their corporate identity information, and the network resources issued by corporate users and the spatial geographic location identification of the server will be recorded on the blockchain of the network supervision node in the domain for security supervision and data protection.
  • the present invention also provides a system supporting multi-mode identification network addressing progressively IP, including: a memory, a processor, and a computer program stored on the memory, the computer program is configured to be called by the processor Implement the steps of the method described in the present invention.
  • the present invention also provides a computer-readable storage medium that stores a computer program, and the computer program is configured to implement the steps of the method of the present invention when called by a processor.
  • the present invention proposes a new network multi-mode identification generation management and routing addressing system that integrates blockchain, and uses multi-mode identification dynamic adaptation and intercommunication technology to break through the existing network IP layer fineness The performance and security bottlenecks of the waist; the use of distributed blockchain consensus algorithms to achieve the original wish of Internet co-management and co-governance All network resources of the network will be locked on the blockchain to ensure that the network resources are authentic and not tampered with; high-performance, low-overhead distributed storage technology is used to realize the security and non-tampering of multi-mode identification routing;
  • the introduction of user real-name registration and network login management strategies combined with biometric identity information and signature strategies for privacy protection are introduced to reduce system management costs and improve the privacy and security of access node information.
  • Figure 1 is a diagram of the overall architecture of the present invention.
  • Figure 2 is a schematic diagram of the security mechanism based on the identity identification and the combined matrix of the present invention.
  • Figure 3 is a schematic diagram of the data structure of the prefix tree of the present invention.
  • Multi-mode identification network a network where multiple routing identifications coexist.
  • the coexistence of multiple routes refers to the establishment of a network routing process that satisfies various constraint attributes based on a specific addressing mode (polymorphic addressing). It mainly supports the coexistence of multiple network architectures to meet the needs of multiple application services.
  • SDN Software Defined Network
  • CCN Content-Centric Networking
  • data network named data network.
  • the name is used as the network routing identifier, and the content is cached through multi-mode network nodes, so that data transmission is faster and the retrieval efficiency of content can be improved.
  • the present invention discloses a method for supporting multi-mode identification network addressing to gradually remove IP.
  • Figure 1 shows the overall network architecture of the present invention.
  • the entire new multi-mode identification network system is divided into hierarchical network domains from top to bottom. .
  • the top-level domains of the network are managed by the government agencies of various countries as the top-level identity management nodes, and they jointly maintain an alliance chain to reach a consensus of the entire network and realize the original wish of Internet co-management and co-governance. All network resources on the network will be locked on the blockchain to ensure that the network resources are authentic and not tampered with.
  • the first-level domains and other domains are managed by corresponding countries and professional institutions.
  • the logo management methods, logo registration schemes and consensus algorithms in their domains can be different, and their specific implementation details can also be different.
  • Low coupling is used to ensure the security between systems And to realize the particularity and customization between each level.
  • the upper and lower domains use network supervisory nodes as data access interfaces to realize hierarchical data transmission.
  • the power of Internet management and control is handed over to Internet participants all over the world, and is no longer monopolized by an independent organization. It realizes multilateral co-management, co-governance and sharing of cyberspace in the post-IP era, and equality and openness.
  • Each domain has a corresponding network supervision node, which is mainly responsible for services such as user management, identity registration, identity conversion and identity routing in the domain.
  • each network supervision node has content-oriented network identity, spatial geographic location identity, identity information and IP address And other multi-mode logos.
  • Individual users include individual users in the traditional sense and terminal nodes in the Internet of Things era that have mobile network access nodes in the network.
  • Enterprise users include government agencies, professional organizations, companies, and websites with content publishing rights and other organizations.
  • the new network supports network layer routing addressing where multiple identifiers such as identity identifiers, content identifiers, spatial geographic location identifiers, and IP address identifiers coexist.
  • the content identifiers of all resources in its network will be bound to the identity of the publisher.
  • the spatial information identifiers and network resources accessed when users log on to the network will be recorded on the blockchain of the network supervision node of the domain for use Security supervision and data protection.
  • the network is for content identification and identity identification.
  • Information publishers pursuing high-credibility services will publish their information on the new logo, which will naturally lead to the de-IPization of network traffic and systems.
  • the present invention includes the user access network process, specifically including the steps of individual users accessing the network and enterprise users accessing the network.
  • the IP identification is not used as the main routing identification in this network.
  • the network node When a user accesses the network system through the traditional Internet, the network node will record the MAC address of the user terminal as an identification and store it in the network in the form of cn/guangdong/shenzhen/44-8A-5B-85-58-D2.
  • the spatial geographic location identifier of the user terminal will be recorded in the form of three-dimensional spatial coordinates.
  • the IMEI code of the mobile phone will be recorded as part of the identity authentication information.
  • Corresponding gateway equipment is provided at the boundary of each network domain to ensure that users can access Internet resources through multiple network identifiers.
  • Bind the specific identity of an individual user with the various content identities that it publishes, and its identity is used as an addressing identifier for the network content, which facilitates the other nodes in the network to directly route and address network resources through the user’s identity, improving The efficiency of network resource query.
  • Enterprise users will bind the ID code issued by the government or professional organization as their identity to log on to the network, and the network resources they publish will also be bound to their corporate identity information.
  • the network resources issued by the enterprise users and the spatial information identification of the server will be recorded on the blockchain of the network supervision node of the domain for security supervision and data protection.
  • the present invention includes a network routing scheme, which includes an identification registration step and a network resource request step.
  • the logo registration step includes:
  • Step 1 Register resources: The network node receives the user's resource registration content, that is, in the network, any resource that can be routed must be registered with the network node before being accessed by other network devices. So the user must first register the content named "/pku/movie/hello.mkv" to any network node. Claim its ownership of the content. At the same time, the network node will add the geospatial location identifier and the identity identifier of the content publisher according to the location node where the content is stored.
  • Step 2 Network node authentication: After the network node in this domain receives the identity registration request transmitted by the user, the network node will review its content and user information (review includes manual review or automatic review, and automatic review can use blocks Chain smart contract), then register the resource identifier, and then upload the generated identifier registration request to the upper-level domain and add the local identifier prefix;
  • Step 3 Identity registration request transmission: After the upper-level network node receives the identity registration request, it will transmit its registration identity message to the controller of its domain according to the set data transmission protocol for subsequent authentication and registration operations;
  • Step 4 Identity verification: After receiving the identity registration request of its subordinate network domain, the network node in the top-level domain will verify the requested data and return the corresponding confirmation signal to the original application node; at the same time, it will adopt the design A distributed storage scheme is set to ensure that all registered logos cannot be tampered with. The original identification information will be stored in the distributed database of the top-level domain. After a set time has passed, the entire network will synchronize the corresponding database. To confirm that the resource identification information between each top-level domain name is equal and unified.
  • the network resource request step includes:
  • Step A query request: send a query request to the nearest network node; when the requested content has been registered on the network, the client can use the corresponding uniform resource identifier to obtain the required network resources.
  • Step B local identification data query: When the nearest multi-mode network node receives the request from the user, it will distinguish according to the query identification. If it is an IP address, continue the traditional DNS query process, if it is an identity or content identification , Then query the forwarding table, the forwarding table records whether the identification content exists in the local database, if it is, then return the corresponding identification content, otherwise go to step C;
  • Step C request for query transmission: when there is no corresponding identification content in the local database, upload the query request to the upper-level network node. After receiving the query request sent by the next-level network node, follows steps A to B to query. If the corresponding identification content is queried, it will be returned to the corresponding content identification to the next-level network node. Otherwise, the query request will be passed to the upper-level network node until the top-level domain Network node
  • Step D identification query verification and intercommunication: If the top-level domain node finds the related registered identification, it will automatically issue the related shortest path according to the dynamic topology of the existing network. There are many related links on the forwarding line in the network.
  • the modular network node will receive the new forwarding path table and establish a data transmission path through multi-hop routing; if the node in the top-level domain does not find the corresponding identifier, at the same time query the database for other network identifier information corresponding to the identifier, proceed to step E;
  • Step E Issuing the identification request: The network node in the top-level domain will issue the query request to the specified network domain according to the original identification and the first prefix after the conversion, until it reaches the lowest-level network node specified by the query request for local Query; if the corresponding identification content is successfully queried, the corresponding resource content will be passed to the query requester, otherwise, the query error message will be returned.
  • Multi-mode identification network addressing
  • the resources in the new network system have a variety of corresponding identifiers to refer to their content name, publisher identity, network location and other information.
  • the content release and access of all parties in the network Behavior can be effectively controlled and supervised.
  • the user can choose between multiple addressing methods to cope with complex and changeable applications.
  • Demands and network environment have improved the stability and adaptability of the system, and made it possible for us to design more innovative intelligent addressing strategies in the future.
  • the addressing process is mainly based on the following three identifiers (with the advancement of technology, it can be extended to include other identifiers):
  • Multi-mode network nodes Similar to Named Data Networking (NDN), we use hierarchical strings to identify each resource in the network, like "com/ndn/pku/document/01.pdf" .
  • FIB forwarding information table
  • the data transmission is carried out in a user-driven manner: the content requester enters the content list into the Interest message and sends it to the network; the multi-mode network node records the arrival port of the interest message in the pending interest table (Pending Information).
  • the name-oriented addressing process decouples the data itself and the specific location of the data, which provides greater flexibility for the network system. At the same time, the name can convey richer information, effectively solving the semantic overload of the IP address. problem.
  • Identity-oriented addressing Identity is used to uniquely refer to a user locally or globally. Commonly used identities include public keys, user IDs, IMEI codes of mobile phones, and so on. The user’s behavior on the network, including the release and access to network resources, will be subject to the specific authority determined by his identity, and any behavior can be traced back to the user’s identity information, thereby improving the network’s supervisability and eliminating The breeding ground for wrongdoing.
  • spatial geographic location can not only represent geographic location in a realistic sense, such as Beidou satellite system or GPS global positioning location information, but also represent virtual locations in abstract space, such as mapping the network to geometric space The mathematical coordinates obtained by the back node. In order to prevent ambiguity in the addressing process, the positions of the two users in this system will not overlap.
  • the location-oriented addressing process is generally based on distance calculation, that is, multi-mode network nodes calculate the geometric distance between each neighbor and the destination, and greedily select the smallest one as the forwarding object. Because this method has very small storage occupation and computational overhead, location-oriented addressing can effectively deal with the expansion of the routing table when the network is large, thereby improving the scalability of the network.
  • the name-oriented addressing process separates the data from the specific location, providing greater flexibility and scalability; but in contrast, the unbinding of data and location also introduces certain security risks.
  • the existing content center network architecture usually uses "verifiable names" for the data request process, that is, each name must include the publisher's public key acquisition method, and the publisher's signature on the name and content .
  • each name must include the publisher's public key acquisition method, and the publisher's signature on the name and content .
  • its signature must first be verified to ensure the integrity, safety and reliability of its name and content.
  • this system adopts a public and private key generation scheme based on identification and a combination matrix.
  • the brief description of the scheme is as follows:
  • ECC Elliptic Curve Cryptography
  • the private key matrix is only held by the key management agency and used for the user's private key distribution; while the public key matrix is held by each network node and used for data signature authentication.
  • the key management agency generates the user’s private key r ID through the user’s identity ID and private key matrix (r ij ).
  • the private key generation process can be implemented in the following ways: based on an encryption chip and In cryptographic operations, each identification ID can uniquely generate a sequence of subscripts:
  • GenerateSub(ID) ⁇ i 1 , i 2 ,...i l , j 1 , j 2 ,...j l ⁇
  • GenerateSub(ID) represents the function of generating subscripts from the identity ID, i 1 , i 2 ... i l represent the row coordinates of the matrix, and j 1 , j 2 ... j l represent the column coordinates of the matrix;
  • the private key corresponding to the ID is the sum of the subscript corresponding items in the private key matrix:
  • r ID represents the user's private key, Represents the elements with row coordinates i 1 , i 2 ... i l and column coordinates j 1 , j 2 ... j l in the private key matrix (r ij );
  • the public key corresponding to the ID can be calculated by the verifier through the public key matrix and the identity ID:
  • R ID represents the public key of the user, Represents the elements with row coordinates i 1 , i 2 ... i l and column coordinates j 1 , j 2 ... j l in the public key matrix (R ij );
  • UniqueID A is the globally unique identity of publisher A. There will be no collision. The user’s public-private key pair is generated from this identity; SubID A is the secondary identity used by A when publishing the content. The same user may have multiple identities; Name is a hierarchical content name; Sig (Name, PrK A ) is A's signature on the content name. Before the content is received by the user or cached by the multi-mode network node, based on the above-mentioned security mechanism, its signature must be verified to ensure its legality. As a result, any resource in the network can be traced back to its original publisher, ensuring the supervision of publishing behavior and the security of network transmission.
  • the identity can be regarded as a special form of the extension name, that is, the content name is empty. Therefore, we use the prefix tree as a data structure to support the storage and query operations of the name and identity. :
  • Figure 3 is an example of a prefix tree with component granularity.
  • Each connection edge of the root node corresponds to a user.
  • Each user node records the FIB entry and spatial location information corresponding to the user.
  • the second level of the tree represents the multiple identities owned by each user. If user A1 is If the resource Name1 is released, its corresponding name node will become the identity
  • the name node will record the signature Sig (Name1, PrK A1 ), as well as the FIB entry and space location information corresponding to the name.
  • the prefix tree compresses and merges the same prefix information, thereby reducing storage overhead; 2.
  • the nature of the prefix tree determines that it naturally supports the longest prefix matching (Longest Prefix Matching, LPM) query mode, consistent with the matching mode of the name in the FIB; 3.
  • LPM Longest Prefix Matching
  • each user corresponds to a unique real or virtual spatial location identifier.
  • its location identifier For a certain name in the network, in order to reduce the routing delay, we set its location identifier to "hold the name The nearest node location of the corresponding content is calculated and delivered by the upper control node.
  • the system will send the user's public key to the network supervision node. Then the user signs the identity registration request with his own identity certificate and sends it to the network supervision node together with the identity registration request.
  • the network supervision node first uses the same hash function as the user to verify the legitimacy of the user from the received identification registration request, and then decrypts the additional signature according to the user's public key.
  • the system will store the user's identity certificate in the distributed data to ensure the traceability and supervision of the logo content in the future.
  • the system requires that all logos must be registered before they can be routed in the network and the identity information of the publisher must be added when the logo is registered, which can effectively reduce the spread of illegal network content on the network.
  • the new network system will introduce rights management strategies.
  • the system will classify the network content posted by users. When users access network resources, they will determine their access permissions based on the identity information of their visitors, such as restricting the daily online time and game time of specific groups such as students. Online content classification can effectively protect the physical and mental health of minors and promote the development of reasonable and compliant Internet content.
  • the present invention discloses a system that supports multi-mode identification network addressing and progressive IP, including: a memory, a processor, and a computer program stored on the memory, and the computer program is configured to be implemented when called by the processor The steps of the method of the present invention.
  • the present invention also discloses a computer-readable storage medium, the computer-readable storage medium stores a computer program, and the computer program is configured to implement the steps of the method of the present invention when called by a processor.
  • the domain name resolution service is no longer provided by the specific 13 servers and their affiliated mirror servers.
  • the power of Internet management and control is handed over to Internet participants all over the world, and is no longer monopolized by an independent organization. It realizes multilateral co-management, co-governance and sharing of cyberspace in the post-IP era, and equality and openness.
  • the multi-mode identity network realizes global co-management through decentralized blockchain technology, which prevents country domain names from being erased by specific countries and improves the security of the national network.
  • all parties’ published content and access behaviors are effectively protected and managed, and their access to the network cannot be denied, which reduces the country’s network supervision costs.
  • the new multi-mode identity network improves the overall addressing efficiency of the network by introducing multiple network identities, especially identity identities that naturally support mobility. Reduce the operation and maintenance costs of network service providers due to mobile users in traditional networks. At the same time, the security of the network has been greatly improved, effectively reducing the network security risks of ISPs.
  • the enterprise user will bind the identity identification code issued by the government or professional organization as the identity mark to log in to the network, and the network resources issued by it will also bind its corporate identity information. Since its content is locked on the blockchain, the risk of tampering by hackers is avoided.
  • the individual user will bind the corresponding biometric identity information and other identity authentication information as an identity identifier to log in to the network, and the network resources it publishes will also bind its identity information.
  • the spatial information identification and network resources accessed by individual users when they log on to the network will be recorded on the blockchain of the network supervision node in the domain for security supervision and data protection.
  • the network supervision node will refuse to register, delete and punish violating network resources and malicious users in the network. Compared with the privacy and security problems of traditional IP networks, this network system has good privacy protection and security.
  • the new multi-mode identity network introduces a hierarchical management mechanism while identity registration.
  • the content they visit is subject to effective management in accordance with local government regulations. Reduce the possibility of minors indulging in the Internet and effectively purify minors’ online environment.
  • the network will pay more attention to the network resource itself or the user itself rather than the storage location of traditional network resources. It avoids the performance problem of the traditional IP network and greatly improves the efficiency of network resource transmission.
  • each identification can uniquely generate the key pair of the elliptic curve encryption algorithm . Therefore, only relying on the public key matrix and the identity of the issuer, the recipient of the data can calculate its public key, thereby completing its signature verification.
  • This mechanism not only binds the identity identifier to the cryptographic information, which is conducive to identity-oriented network management; it also eliminates the frequent public key distribution and request process, and improves the efficiency of network utilization.
  • An addressing strategy that supports multi-mode network identification is proposed. Through the mutual conversion between name identification, identity identification and spatial location identification, users can flexibly choose the most suitable addressing method to cope with complex and changeable network environments And actual demand, thereby enhancing the adaptability of the system. At the same time, the binding of the network resource name and the original publisher's identity improves the supervisability and traceability of network behavior, and ensures the safety and reliability of network transmission.
  • a gradual deployment expansion plan for a smooth transition of the network is proposed, which can support the existing DNS domain name resolution system without changing the system architecture. Users can access the network in a variety of ways and gradually replace it. Existing domain name resolution system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé et un système d'élimination d'IP progressive prenant en charge un adressage de réseau d'identificateurs multi-mode et un support d'informations. La présente invention concerne un nouveau système de gestion de génération d'identifiant multi-mode de réseau et un système d'adressage de routage incorporant une chaîne de blocs, et les performances et le goulot d'étranglement de sécurité des réseaux existants dépendant complètement de la couche IP sont éliminés au moyen d'une technologie d'adaptation et d'interfonctionnement d'identifiant multi-mode dynamique. La gestion et la gouvernance d'Internet collectives sont réalisées au moyen d'un algorithme de consensus à chaîne de blocs distribuée. Toutes les ressources de réseau d'un réseau sont verrouillées et mémorisées dans la chaîne de blocs, ce qui garantit que les ressources de réseau sont authentiques et fiables et ne peuvent pas être falsifiées. Un adressage d'identification multi-mode sécurisé et inviolable est obtenu au moyen d'une technologie de mémorisation distribuée efficace et à faible surdébit. De plus, un enregistrement de nom réel d'utilisateur et une politique de gestion de connexion de réseau incorporant des informations biométriques et une politique de signature destinée à une protection de confidentialité sont utilisés, ce qui permet de réduire les coûts de gestion de système et d'améliorer la sécurité de confidentialité des informations de nœud d'accès.
PCT/CN2019/073507 2019-01-28 2019-01-28 Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations WO2020154865A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/073507 WO2020154865A1 (fr) 2019-01-28 2019-01-28 Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations
CN201980005057.1A CN111373704B (zh) 2019-01-28 2019-01-28 一种支持多模标识网络寻址渐进去ip的方法、系统及存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/073507 WO2020154865A1 (fr) 2019-01-28 2019-01-28 Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations

Publications (1)

Publication Number Publication Date
WO2020154865A1 true WO2020154865A1 (fr) 2020-08-06

Family

ID=71212620

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/073507 WO2020154865A1 (fr) 2019-01-28 2019-01-28 Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations

Country Status (2)

Country Link
CN (1) CN111373704B (fr)
WO (1) WO2020154865A1 (fr)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112200502A (zh) * 2020-11-19 2021-01-08 苏州协同创新智能制造装备有限公司 一种工业互联网标识解析方法
CN112989313A (zh) * 2021-01-14 2021-06-18 国网上海市电力公司 一种标识注册方法、装置、电子设备及存储介质
CN113055363A (zh) * 2021-03-02 2021-06-29 南通大学 一种基于区块链信任机制的标识解析系统实现方法
CN113452668A (zh) * 2021-03-12 2021-09-28 深圳市百佳华网络科技有限公司 物联网终端接入监控方法、计算机程序及存储介质
CN114944933A (zh) * 2022-04-12 2022-08-26 中国人民解放军战略支援部队信息工程大学 基于异构标识的多模态网络高鲁棒控制方法、控制器及系统
CN115065719A (zh) * 2022-06-09 2022-09-16 深圳创维数字技术有限公司 设备交互接入方法、装置、电子设备及可读存储介质
CN115242702A (zh) * 2022-09-22 2022-10-25 广州优刻谷科技有限公司 一种物联网节点最优路径规划方法及系统
CN115296826A (zh) * 2022-10-10 2022-11-04 佛山赛思禅科技有限公司 多边共管多标识天地一体化智能网联汽车高安全专网系统
CN116418600A (zh) * 2023-06-09 2023-07-11 安徽华云安科技有限公司 节点安全运维方法、装置、设备以及存储介质
CN116527248A (zh) * 2023-04-19 2023-08-01 佛山赛思禅科技有限公司 支持量子标识在网络层路由寻址的高安全通信方法及系统
CN116633692A (zh) * 2023-07-24 2023-08-22 天津大学合肥创新发展研究院 一种服务器、数据安全系统及方法
CN116527248B (zh) * 2023-04-19 2024-05-28 佛山赛思禅科技有限公司 支持量子标识在网络层路由寻址的高安全通信方法及系统

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112100234B (zh) * 2020-08-12 2021-09-10 北京大学 基于随机共识的图式账本的内容寻址方法和系统
CN114554567A (zh) * 2020-11-24 2022-05-27 华为技术有限公司 通信的方法及通信装置
CN112565094B (zh) * 2020-12-09 2023-04-07 之江实验室 一种多模态网络拓扑结构
CN112597771A (zh) * 2020-12-29 2021-04-02 重庆邮电大学 基于前缀树合并的中文文本纠错方法
CN112804152B (zh) * 2020-12-30 2022-06-17 佛山赛思禅科技有限公司 一种支持分组通信网络寻址路由标识不断演进的方法及系统
CN113765808A (zh) * 2021-06-16 2021-12-07 北京交通大学 一种网络路由方法、系统、装置及电子设备
CN114629631B (zh) * 2021-07-21 2024-01-09 国网河南省电力公司信息通信公司 基于联盟链的数据可信交互方法、系统及电子设备
CN114189468B (zh) * 2021-11-02 2024-04-12 云端领航(北京)通信科技股份有限公司 一种基于标识分簇的多标识网络体系路由方法
CN114048517B (zh) * 2022-01-14 2022-05-20 北京大学深圳研究生院 区块链的双通道共识系统和方法、计算机可读存储介质
CN115664799B (zh) * 2022-10-25 2023-06-06 江苏海洋大学 一种应用于信息技术安全的数据交换方法和系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338150A (zh) * 2013-07-19 2013-10-02 中国人民解放军信息工程大学 信息通信网络体系结构建立方法、装置、服务器和路由器
CN108064444A (zh) * 2017-04-19 2018-05-22 北京大学深圳研究生院 一种基于区块链的域名解析系统
CN108124502A (zh) * 2017-03-31 2018-06-05 北京大学深圳研究生院 一种基于联盟链的顶级域名管理方法及系统

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10230526B2 (en) * 2014-12-31 2019-03-12 William Manning Out-of-band validation of domain name system records
US10075298B2 (en) * 2015-06-02 2018-09-11 ALTR Solutions, Inc. Generation of hash values within a blockchain
CN108366136B (zh) * 2017-12-29 2021-04-06 北京世纪互联宽带数据中心有限公司 一种域名的解析方法及装置
CN108429765B (zh) * 2018-05-28 2021-10-26 北京奇虎科技有限公司 基于区块链实现域名解析的方法、服务器和存储介质
CN108366138B (zh) * 2018-05-28 2021-10-26 北京奇虎科技有限公司 域名操作方法、系统及电子设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338150A (zh) * 2013-07-19 2013-10-02 中国人民解放军信息工程大学 信息通信网络体系结构建立方法、装置、服务器和路由器
CN108124502A (zh) * 2017-03-31 2018-06-05 北京大学深圳研究生院 一种基于联盟链的顶级域名管理方法及系统
CN108064444A (zh) * 2017-04-19 2018-05-22 北京大学深圳研究生院 一种基于区块链的域名解析系统

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112200502A (zh) * 2020-11-19 2021-01-08 苏州协同创新智能制造装备有限公司 一种工业互联网标识解析方法
CN112989313A (zh) * 2021-01-14 2021-06-18 国网上海市电力公司 一种标识注册方法、装置、电子设备及存储介质
CN112989313B (zh) * 2021-01-14 2024-05-14 国网上海市电力公司 一种标识注册方法、装置、电子设备及存储介质
CN113055363A (zh) * 2021-03-02 2021-06-29 南通大学 一种基于区块链信任机制的标识解析系统实现方法
CN113055363B (zh) * 2021-03-02 2023-07-04 南通大学 一种基于区块链信任机制的标识解析系统实现方法
CN113452668A (zh) * 2021-03-12 2021-09-28 深圳市百佳华网络科技有限公司 物联网终端接入监控方法、计算机程序及存储介质
CN114944933B (zh) * 2022-04-12 2023-05-12 中国人民解放军战略支援部队信息工程大学 基于异构标识的多模态网络高鲁棒控制方法、控制器及系统
CN114944933A (zh) * 2022-04-12 2022-08-26 中国人民解放军战略支援部队信息工程大学 基于异构标识的多模态网络高鲁棒控制方法、控制器及系统
CN115065719A (zh) * 2022-06-09 2022-09-16 深圳创维数字技术有限公司 设备交互接入方法、装置、电子设备及可读存储介质
CN115065719B (zh) * 2022-06-09 2023-07-14 深圳创维数字技术有限公司 设备交互接入方法、装置、电子设备及可读存储介质
CN115242702A (zh) * 2022-09-22 2022-10-25 广州优刻谷科技有限公司 一种物联网节点最优路径规划方法及系统
CN115296826A (zh) * 2022-10-10 2022-11-04 佛山赛思禅科技有限公司 多边共管多标识天地一体化智能网联汽车高安全专网系统
CN116527248A (zh) * 2023-04-19 2023-08-01 佛山赛思禅科技有限公司 支持量子标识在网络层路由寻址的高安全通信方法及系统
CN116527248B (zh) * 2023-04-19 2024-05-28 佛山赛思禅科技有限公司 支持量子标识在网络层路由寻址的高安全通信方法及系统
CN116418600A (zh) * 2023-06-09 2023-07-11 安徽华云安科技有限公司 节点安全运维方法、装置、设备以及存储介质
CN116418600B (zh) * 2023-06-09 2023-08-15 安徽华云安科技有限公司 节点安全运维方法、装置、设备以及存储介质
CN116633692A (zh) * 2023-07-24 2023-08-22 天津大学合肥创新发展研究院 一种服务器、数据安全系统及方法
CN116633692B (zh) * 2023-07-24 2023-10-13 天津大学合肥创新发展研究院 一种服务器、数据安全系统及方法

Also Published As

Publication number Publication date
CN111373704A (zh) 2020-07-03
CN111373704B (zh) 2022-03-29

Similar Documents

Publication Publication Date Title
WO2020154865A1 (fr) Procédé et système d'élimination d'ip progressive prenant en charge un adressage de réseau d'identifiants multi-mode et support d'informations
Chen et al. Trust architecture and reputation evaluation for internet of things
Hu et al. A survey on data provenance in IoT
Lyu et al. SBAC: A secure blockchain-based access control framework for information-centric networking
Yu et al. Blockchain-based solutions to security and privacy issues in the internet of things
CN110945853B (zh) 基于联盟链投票共识算法产生及管理多模标识网络的方法
CN108064444B (zh) 一种基于区块链的域名解析系统
Ren et al. Potential identity resolution systems for the industrial Internet of Things: A survey
CN109327481B (zh) 一种基于区块链的全网统一在线认证方法及系统
US9047462B2 (en) Computer account management system and realizing method thereof
CN103262063B (zh) 用于在内容导向网络中创建和管理虚拟专用组的方法和设备
Chen et al. BIdM: A blockchain-enabled cross-domain identity management system
Li et al. Trust-enhanced content delivery in blockchain-based information-centric networking
CN111368230A (zh) 一种基于区块链的工业互联网标识的处理方法及装置
CN112702402A (zh) 基于区块链技术实现政务信息资源共享和交换的系统、方法、装置、处理器及其存储介质
WO2021036707A1 (fr) Architecture de réseau souverain post-ip
RU2373572C2 (ru) Система и способ для разрешения имен
US20230024127A1 (en) Community server for secure hosting of community forums via network operating system in secure data network
US20230012373A1 (en) Directory server providing tag enforcement and network entity attraction in a secure peer-to-peer data network
EP3817320B1 (fr) Système à base de chaîne de blocs pour l'émission et la validation de certificats
Wang et al. Blockzone: A blockchain-based dns storage and retrieval scheme
Chai et al. BHE-AC: A blockchain-based high-efficiency access control framework for Internet of Things
Xu et al. deController: a Web3 native cyberspace infrastructure perspective
Yang et al. An access control model based on blockchain master-sidechain collaboration
Li et al. Three-tier storage framework based on TBchain and IPFS for protecting IoT security and privacy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19913272

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19913272

Country of ref document: EP

Kind code of ref document: A1