CN102255983B - Entity identifier allocation system, source tracing and authentication methods and server - Google Patents
Entity identifier allocation system, source tracing and authentication methods and server Download PDFInfo
- Publication number
- CN102255983B CN102255983B CN201110210819.7A CN201110210819A CN102255983B CN 102255983 B CN102255983 B CN 102255983B CN 201110210819 A CN201110210819 A CN 201110210819A CN 102255983 B CN102255983 B CN 102255983B
- Authority
- CN
- China
- Prior art keywords
- distribution
- node
- distribution node
- authorization message
- leaf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
Abstract
The embodiment of the invention provides an entity identifier allocation system, a source tracing method, an authentication method and a server. The tree entity identifier (EI) allocation system adopted by the embodiment of the invention allocates EI resources/EIs to each EI allocation node/network access entity except an EI allocation root node by superior allocation nodes only after the EI allocation nodes/network access entities except the EI allocation root node are authenticated, generates the authorization information of each EI allocation node/network access entity and can authenticate the network access entities according to the authorization information of the EIs in the EI allocation system when the network access entities constructing Internet protocol (IP) addresses by using the allocated EIs make requests of accessing a network so as to simultaneously satisfy the needs of source traceability and user identity verifiability on the basis of acquiring relatively more fixed identifiers by the network access entities.
Description
Technical field
The embodiment of the present invention relates to networking technology area, especially a kind of entity identifier distribution system, trace to the source, authentication method and server.
Background technology
Under the architecture of current internet, IP address is network access entity (as main frame and user's) identify label, is again the positioning mark of network access entity.In actual applications, because network access entity often converts on-position, IP address also can change thereupon, and this makes network access entity cannot obtain relatively-stationary entity identification.
For this reason, Institute of Electrical and Electric Engineers (Institute of Electrical and Electronics Engineers, abbreviation IEEE) 64 expansion unique identifier (64-bit extended unique identifier have been proposed, be called for short IEEE-EUI64), IEEE-EUI64 is that a kind of host MAC address that utilizes generates behind IPv6 address the address generation mode of 64.In this address generation mode, the route prefix of IPv6 address (IPv6 address first 64) obtains by the advertising of route of router on link (normally the first hop router), and interface ID (IPv6 address latter 64) is converted to by the MAC Address of 48.Because MAC Address is distributed to NIC manufacturer by IEEE, be accompanied by the sale of network interface card and complete distribution, so MAC Address lacks management system natively, there is following problem:
1) be difficult to trace to the source
Although the distribution of MAC Address is also independent of ISP's (Internet Service Provider is called for short ISP), the design original intention of IEEE-EUI64 is for " plug and play " function being provided, there is no considering in too many authentication.MAC Address does not have the such login mechanism in IP address and public resolution system, and the host information that it is corresponding and user's information cannot be inquired about.MAC Address does not also have safe binding mechanism with the behavioral agent of the Internet, and the MAC user that can leave forges.
2) the address generation mode of IEEE-EUI64 mode lacks authentication mechanism
Which can not provide the checking to IP address authenticity, so main frame user can unrestrictedly construct IP address by revising MAC Address.
Key calculated address (Cryptographically Generated Addresses, be called for short CGA) is the another kind of address generation mechanism based on IPv6 self-configuring mechanism, and rear 64 PKI Hash by address user of CGA address generate.Although CGA can be used for verifying the authenticity of IP address, user's identity information cannot be resolved.That is to say, user can construct different CGA addresses with different PKIs at different time and hide the identity of oneself.In addition, also have some improvement technology such as identifier fixer network agreement (Identifier-Locator Network Protocol is called for short ILNP), wherein part technology also needs the working mechanism's correct to IP, and feasibility is poor.
In realizing process of the present invention, inventor finds: the method that in prior art, network access entity obtains relative constant mark cannot meet the demand that can trace to the source and can verify with user's identity simultaneously.
Summary of the invention
The embodiment of the present invention provides a kind of entity identifier distribution system, traces to the source, authentication method and server, and the method that obtains relative constant mark to solve network access entity in prior art cannot meet simultaneously can trace to the source and the problem of the demand that user's identity can be verified.
On the one hand, the embodiment of the present invention provides a kind of entity identifier distribution system, comprising: the entity identifier EI of tree-shaped connection distributes root node, intergrade EI distribution node and leaf EI distribution node;
Described EI distributes root node, for distributing the next stage EI distribution node of EI resource to carry out authentication to request, is verified backward described next stage EI distribution node and distributes EI resource, generates the authorization message of described next stage EI distribution node;
Described intergrade EI distribution node, for distributing EI resource to the request of upper level EI distribution node, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the next stage EI distribution node of EI resource to carry out authentication, be verified backward described next stage EI distribution node and distribute EI resource, generate the authorization message of described next stage EI distribution node;
Described leaf EI distribution node, be used for to upper level EI distribution node request EI resource, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the network access entity of EI to carry out authentication, be verified backward described network access entity and distribute EI so that described network access entity generates IP address according to described EI, generate the authorization message of described network access entity.
On the other hand, the embodiment of the present invention provides a kind of source tracing method based on above-mentioned entity identifier distribution system, comprising:
EI based on to be traced to the source, the authorization message that the equipment of tracing to the source distributes root node to inquire about described EI distribution object to EI;
Described EI distributes root node to the described equipment of tracing to the source, to return to the sign of next stage EI distribution node, and described next stage EI distribution node distributes root node to distribute the EI resource obtaining to comprise described EI from described EI;
The described equipment of tracing to the source distributes the authorization message of described EI distribution object to described next stage EI distribution node inquiry, until receive the sign of leaf EI distribution node, described leaf EI distribution node distributes the EI resource obtaining to comprise described EI;
The authorization message that the described equipment of tracing to the source is inquired about described EI distribution object to described leaf EI distribution node;
Described leaf EI distribution node is determined the authorization message of distributing the EI distribution object that obtains described EI, and the equipment of tracing to the source described in the authorization message of described EI distribution object is sent to.
On the other hand, the embodiment of the present invention provides a kind of access authentication method based on above-mentioned entity identifier distribution system, comprising:
Receive the access authentication request that network access entity sends, the entity identifier EI that the source IP address of described access authentication request comprises described network access entity;
From described EI distribution system, obtain the authorization message of described EI distribution object;
According to the authorization message of described EI distribution object, described network access entity is carried out to access authentication.
On the other hand, the embodiment of the present invention provides a kind of access authentication server, mutual with entity identifier distribution system as above, comprising:
Receiver module, the access authentication request sending for receiving network access entity, the entity identifier EI that the source IP address of described access authentication request comprises described network access entity;
Acquisition module, for obtaining the authorization message of described EI distribution object from described EI distribution system;
Authentication module, for carrying out access authentication according to the authorization message of described EI distribution object to described network access entity.
A technical scheme tool in a plurality of technical schemes has the following advantages or beneficial effect above:
The embodiment of the present invention adopts tree-like entity identifier EI distribution system, each EI distribution node/network access entity except EI distributes root node all needs to carry out could distribute and obtain EI resource/EI from upper level distribution node after authentication, generated the authorization message of each EI distribution node/network access entity, can when using the network access entity request access network that distributes the EI structure IP address obtaining, according to the authorization message of this EI in EI distribution system, to network access entity, carry out authentication, make to obtain on the basis of relative constant mark at network access entity, meet simultaneously and can trace to the source and demand that user's identity can be verified.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The structural representation of a kind of entity identifier EI distribution system embodiment that Fig. 1 provides for the embodiment of the present invention.
Fig. 2 is a kind of application schematic diagram embodiment illustrated in fig. 1.
The schematic flow sheet of a kind of source tracing method embodiment based on EI distribution system that Fig. 3 provides for the embodiment of the present invention.
The schematic flow sheet of a kind of access authentication method embodiment based on EI distribution system that Fig. 4 provides for the embodiment of the present invention.
The structural representation of a kind of access authentication server example based on EI distribution system that Fig. 5 provides for the embodiment of the present invention.
Embodiment
For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
The structural representation of a kind of entity identifier that Fig. 1 provides for the embodiment of the present invention (Entity Identifier is called for short EI) distribution system embodiment.As shown in Figure 1, this system comprises:
EI distributes root node 11, intergrade EI distribution node 12 and leaf EI distribution node 13;
EI distributes root node 11, for distributing the next stage EI distribution node of EI resource to carry out authentication to request, is verified backward described next stage EI distribution node and distributes EI resource, generates the authorization message of described next stage EI distribution node;
Intergrade EI distribution node 12, for distributing EI resource to the request of upper level EI distribution node, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the next stage EI distribution node of EI resource to carry out authentication, be verified backward described next stage EI distribution node and distribute EI resource, generate the authorization message of described next stage EI distribution node;
Leaf EI distribution node 13, be used for to upper level EI distribution node request EI resource, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the network access entity of EI to carry out authentication, be verified backward described network access entity and distribute EI so that described network access entity generates IP address according to described EI, generate the authorization message of described network access entity.
In application, intergrade EI distribution node 12 may have one or more levels, and the division of the distribution level of EI neither be fixed, and in EI distribution system, each subtree can be adjusted according to actual conditions.The present embodiment is not construed as limiting this.For instance, if intergrade EI distribution node has two-stage, distribute with EI that root node 11 is direct-connected can be called top EI distribution node, can be called secondary EI distribution node with leaf EI distribution node is direct-connected.In EI distribution system, distribute upstream to carry out authentication to the distribution object of EI, be verified backward its downstream and authorize EI resource, be responsible for safeguarding the assignment information of EI or EI section.As shown in Figure 2, EI distributes the EI resource that root node is 40/8 by prefix to distribute to top EI distribution node A, wherein 40/8 represents the EI prefix starting with 0x40, represent the EI resource of a segment identification polymerization, EI distributes the EI resource that root node is 41/8 by prefix to distribute to top EI distribution node B, and the EI resource that is 4F/8 by prefix has been distributed to top EI distribution node X; Its resource of EI that top EI distribution node B is 410001/24 by prefix is distributed to secondary EI distribution structure A, and its resource of the EI that is 41FFFF/24 by prefix is distributed to secondary EI distribution structure X; The EI resource that secondary EI distributor gear A is 4100010001/40 by prefix has been distributed to EI assignment agent A (being leaf EI distribution node), and the EI resource that is 410001FFFF/40 by prefix has been distributed to EI assignment agent X; EI assignment agent X has distributed to network access entity H1 by the EI of 410001FFFFAB5678, and the EI of 410001FFFF5EF987 has been distributed to network access entity H2.
The authorization message here can comprise the sign that EI resource distribution object distributes the EI resource obtaining, sign, the PKI of described EI resource distribution object, described EI resource allocator's the information such as sign conventionally.Wherein, described EI resource identifies with EI prefix conventionally, if described EI resource distribution object is network access entity, authorization message also comprises the term of validity of described EI alternatively.Certainly, the content of authorization message can delete or expand according to the demand of practical application, and the present embodiment is not construed as limiting this.
In an optional embodiment of the present invention, in order to facilitate third party to inquire about the distribution condition of EI resource/EI and authorization message, described system also comprises:
EI information root server 21, intergrade EI information server 22 and leaf EI information server 23;
EI information root server 21, distribute root node 11 corresponding with EI, the authorization message of distributing the EI resource distribution object of root node 11 for storing EI, EI distributes the authorization message of the EI resource distribution object of root node 11 to comprise that EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of the EI information server that described EI resource distribution object is corresponding and EI distribute the sign of root node 11;
Intergrade EI information server 22, corresponding one by one with intergrade EI distribution node 12, for storing the authorization message of the EI resource distribution object of corresponding intergrade EI distribution node 12, the authorization message of the EI resource distribution object of described intergrade EI distribution node comprises that described EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of the EI information server that described EI resource distribution object is corresponding and the sign of intergrade EI distribution node 12;
Leaf EI information server 23, corresponding one by one with leaf EI distribution node 13, for storing the authorization message of the EI distribution object of corresponding leaf EI distribution node 13, the authorization message of the EI distribution object of described leaf EI distribution node comprises that described EI distribution object distributes the EI obtaining, the identity information of described EI distribution object, PKI, the sign of leaf EI distribution node 13;
EI distribute root node 11 specifically for, after being verified, to described next stage EI distribution node, send authorization message and the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node sent to EI information root server 21;
Intergrade EI distribution node 12 specifically for, receive authorization message and the private key of the described intergrade EI distribution node of upper level EI distribution node transmission, and after being verified, to described next stage EI distribution node, send the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node is sent to corresponding intergrade EI information server 22;
Leaf EI distribution node 13 specifically for, receive authorization message and the private key of the described leaf EI distribution node of upper level EI distribution node transmission, and after being verified, to described network access entity, send the private key of described network access entity, and the authorization message of described network access entity is sent to corresponding leaf EI information server 23.
The private key is here corresponding with the PKI of the resource/EI of EI described in authorization message distribution object, and the information that EI resource/EI distribution object is crossed by private key signature, can verify with the PKI in authorization message.Certainly, can when issuing PKI, issue private key, can be also that EI resource/EI distribution object (as network access entity) self generates PKI and private key, then PKI informed to EI resource/EI allocator, and the present embodiment is not construed as limiting this.In application, each EI information server can also be preserved the authorization message of self.
Table 1 has provided a kind of possible EI resource authorization information, and table 2 has provided the EI authorization message example of single granularity.
The authorization message sample table of table 1 EI resource
The authorization message sample table of table 2 EI
It should be noted that, network access entity obtains after the EI of leaf EI distribution node distribution, can generate ,GaiIP address, IP address as the sign of this network access entity access network according to described EI.In application, due to the prefix of the IP address on-position for marked network access entity, so the position correlation of IP address cannot change under existing internet architecture, the identify label of partly carrying network access entity at the non-Route Distinguisher in IPv6 address is sought in the IPv6 address based on EI.IPv6 address structure based on EI can be as shown in table 3.
Table 3
| Network prefix (64bits) | Entity identifier EI (64bits) |
As shown in table 3, network prefix is the station location marker of network access entity, as broad as long with traditional IPv6 address prefix.EI is the bit string of 64 bits, 0x332277880101FFFF for example, and it serves as the stable identify label of network access entity, with the position of network access entity and ownership person's variation, does not change.The different allocators of EI have determined the effective range of EI, and table 4 has provided the example of the relation of the manager of EI distribution system and the EI effective range of its distribution.When main frame is roamed between different input fields, Access Network controlled entity, as the first hop router or DynamicHost arrange agreement (Dynamic Host Configuration Protocol, be called for short DHCP) server, the network prefix part of IPv6 address is provided to main frame, be first 64 of IPv6 address, main frame is by the network prefix part of 64 and distribute the EI obtaining to form routable IPv6 address.Two kinds of EI way to manages mentioning in table 4 are two kinds of implementations of the IPv6 address based on EI, also implement scene for two kinds that are the present embodiment, wherein Internet basic resource distributor gear can be the Internet digital distribution mechanism (Internet Assigned Numbers Authority is called for short IANA) etc.
Table 4
| The manager of EI distribution system | The effective range of EI |
| Internet basic resource distributor gear | The whole world is unique |
| The Internet access provider | Access provider inside is unique |
IPv6 address based on EI can compatible current main-stream the IPv6 address self-configuration function based on MAC Address.According to existing standard and standard, the IPv6 address self-configuration method based on MAC Address is set as 0xFFFE by " middle 16 bits " in latter 64 of IPv6 address regularly.Design for fear of the IPv6 address based on EI has influence on the IPv6 address self-configuration method based on MAC Address, in the present embodiment can using behind IPv6 address 64 centre 16 bits as sign types value, if sign types value is 0xFFFE, latter 64 that this IPv6 address is described are not used EI configuration, it is traditional IPv6 address, can use MAC Address to generate, when sign types value is worth for other, illustrate that this IPv6 address is the IPv6 address based on EI, for example, when sign types value is while being 0x1234, this EI can be used for marked network access entity.
The way of above-mentioned 64 definition " sign types value " behind IPv6 address has reduced the impact that the IPv6 address design based on EI reduces IPv6 address space.On the other hand, the distribution of IPv6 address is at present that 64Wei Wei unit carried out in the past, also be the distribution of IPv6 address actual be the distribution of network prefix, therefore behind IPv6 address, the design of 64 is exactly the redundancy for address to a great extent, impossible 264 main frames of carry on a link in practical application, the application of the IPv6 address based on EI can improve the utilance of whole IPv6 address space.
The embodiment of the present invention adopts tree-like entity identifier EI distribution system, each EI distribution node/network access entity except EI distributes root node all needs to carry out could distribute and obtain EI resource/EI from upper level distribution node after authentication, generated the authorization message of each EI distribution node/network access entity, can when using the network access entity request access network that distributes the EI structure IP address obtaining, according to the authorization message of this EI in EI distribution system, to network access entity, carry out authentication, make to obtain on the basis of relative constant mark at network access entity, meet simultaneously and can trace to the source and demand that user's identity can be verified.
The schematic flow sheet of a kind of source tracing method embodiment based on EI distribution system that Fig. 3 provides for the embodiment of the present invention.The EI distribution system is here the system as described in a kind of EI distribution system embodiment providing as the embodiment of the present invention, and as shown in Figure 3, the method comprises:
Step 301, the EI based on to be traced to the source, the authorization message that the equipment of tracing to the source distributes root node to inquire about described EI distribution object to EI;
The equipment of tracing to the source is here generally network management device, can initiate the flow process of tracing to the source shown in Fig. 4 for any EI, by the address information of distributing root node with outer machine-processed pre-configured EI.Here EI distribution object authorization message comprise described EI distribution object and distribute the EI obtaining, the identity information of described EI distribution object, PKI, the sign of described leaf EI distribution node, and the term of validity of described EI etc.In application, the equipment of tracing to the source can only be inquired about any one or more information that the authorization message of described EI distribution object comprises, and the present embodiment is not construed as limiting this.
Step 302, described EI distribute root node to the described equipment of tracing to the source, to return to the authorization message of next stage EI distribution node, and described next stage EI distribution node distributes root node to distribute the EI resource obtaining to comprise described EI from described EI;
Step 303, described in the equipment of tracing to the source to the inquiry of described next stage EI distribution node, distribute the authorization message of described EI distribution object, until receive the authorization message of leaf EI distribution node, described leaf EI distribution node distributes the EI resource obtaining to comprise described EI;
In application, according to the level of described EI distribution system, the number of times that the equipment of tracing to the source is traced to the source step by step may need one or many, and the present embodiment is not construed as limiting this.In addition, the authorization message that EI distribution node at different levels are returned can also be with the encrypted private key of self, and the equipment of tracing to the source verifies with corresponding PKI the authorization message that EI distribution node at different levels are returned step by step.For instance, the authorization message of the next stage EI distribution node that the equipment of tracing to the source sends from EI distribution root node, extract the PKI of this next stage EI distribution node, the authorization message of the EI of the next stage again distribution node of then with this PKI, this next stage EI distribution node being returned is verified.
Step 304, described in the equipment of the tracing to the source authorization message of inquiring about described EI distribution object to described leaf EI distribution node;
Step 305, described leaf EI distribution node are determined the authorization message of distributing the EI distribution object that obtains described EI, and the equipment of tracing to the source described in the authorization message of described EI distribution object is sent to.
More preferably, if each EI distribution node has all configured EI information server, so that external query interface to be provided,, in above-mentioned steps, the equipment of tracing to the source can directly be inquired about the authorization message of described EI distribution object to corresponding EI information server.Under this scene, step 301 specifically comprises:
The authorization message that the equipment of tracing to the source distributes EI information root server corresponding to root node to inquire about described EI distribution object to EI;
Step 302 specifically comprises:
Described EI information root server returns to the sign of next stage EI distribution node to the described equipment of tracing to the source;
Step 303 specifically comprises:
The authorization message that the described equipment of tracing to the source distributes described EI distribution object to next stage EI information server inquiry corresponding to described next stage EI distribution node;
Step 304 specifically comprises:
The authorization message that the described equipment of tracing to the source is inquired about described EI distribution object to leaf EI information server corresponding to described leaf EI distribution node;
Step 305 specifically comprises:
Described leaf EI information server is determined the authorization message of described EI distribution object, and the equipment of tracing to the source described in the authorization message of described EI distribution object is sent to.
For instance, as shown in Figure 2, first the equipment of tracing to the source initiate to EI information root server corresponding to EI allocation tree root node is 410001FFFFAB5678 analysis request for EI, this EI information server carries out prefix matching according to the assignment information of EI resource and 410001FFFFAB5678, by matching result, be also responsible for safeguarding that the addressing information of the EI information server of EI section 41/8 is told the equipment of tracing to the source; By that analogy, the equipment of tracing to the source has successively obtained EI section 410001/24, the addressing information of the EI information server of EI section 410001FFFF/40; The analysis request of initiation by from the leaf EI information server to 410001FFFF/40 to 410001FFFFAB5678, the equipment of tracing to the source has obtained analysis result, the authorization message of the EI distribution object that EI is 410001FFFFAB5678.The equipment of tracing to the source can customize different analysis request according to demand, can once ask all authorization messages of EI, also can in analysis request, indicate needed authorization message, for example, and the term of validity of inquiry EI.
The technological means that the present embodiment has adopted the tree-like framework based on EI distribution system to inquire about step by step, can realize tracing to the source of EI, obtains the relevant information of EI distribution object.
The schematic flow sheet of a kind of access authentication method embodiment based on EI distribution system that Fig. 4 provides for the embodiment of the present invention.The EI distribution system is here the system as described in a kind of EI distribution system embodiment providing as the embodiment of the present invention, and as shown in Figure 4, the method comprises:
The access authentication request that step 401, reception network access entity send, the source IP address of described access authentication request comprises the EI of described network access entity;
For instance, access authentication server receives the access authentication request that network access entity sends.Before step 401, network access entity distributes the EI that has obtained self from described EI distribution system, and has constructed the IP address of self according to this EI and network prefix, namely the source IP address of described access authentication request.
The EI distribution system here can generate the authorization message of described EI distribution object when distributing described EI, and this authorization message comprises the sign of described EI distribution object conventionally, and PKI etc.
Conventionally EI distribution system is distributing described EI also described authorization message can be handed down to described EI distribution object.When described authorization message comprises PKI, private key corresponding to this PKI also can also be handed down to described EI distribution object.When described EI distribution object is initiated access authentication request, can to this access authentication request, sign with described private key, in step 303, can to this access authentication request, carry out signature verification according to the PKI the authorization message of the described EI distribution object obtaining from EI distribution system like this, if be verified the identity of confirming this network access entity, allow its access network, if checking is not by refusing this network access entity access network.Alternatively, described EI distribution object also can carry the sign of self in described access authentication request, in step 403, can to the sign of the network access entity in this access authentication request, compare according to the sign of the EI distribution object the authorization message of the described EI distribution object obtaining from EI distribution system, if consistent confirm the identity of this network access entity, allow its access network, if inconsistent, refuse this network access entity access network.The present embodiment is not construed as limiting this.
In an optional embodiment of the present invention, step 402 specifically can comprise:
From described network access entity, obtain the authorization message of described network access entity;
Resolve the authorization message of described network access entity, determine the leaf EI distribution node of distributing described EI;
Leaf EI information server corresponding to described leaf EI distribution node obtains the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node.
Here the authorization message of network access entity comprises the sign of distributing the allocator of described EI to described network access entity, according to the framework of EI distribution system, distributes the normally leaf EI distribution node of EI to network access entity.In application, network access entity can also be included in its authorization message in access authentication request, and the present embodiment is not construed as limiting this.
In another alternative embodiment of the present invention, step 402 specifically can comprise:
The authorization message of inquiring about described EI distribution object to EI information root server;
Receive the authorization message that described EI that described EI information root server returns distributes the next stage EI distribution node of root node, the distributed EI resource of described next stage EI distribution node comprises described EI;
To the next stage EI information server that described next stage EI distribution node is corresponding, inquire about the authorization message of described EI distribution object, until receive the authorization message of the described leaf EI distribution node that upper level EI information server corresponding to the upper level EI distribution node of described leaf EI distribution node return;
From leaf EI information server corresponding to described leaf EI distribution node, obtain the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node.
Under above-mentioned scene, access authentication server directly inquires about to EI distribution system the authorization message that obtains described EI distribution object step by step according to the EI of described network access entity.A kind of source tracing method embodiment based on EI distribution system that said process can provide with reference to the embodiment of the present invention.
In another alternative embodiment of the present invention, after obtaining the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node, before step 403, can also comprise:
If described leaf EI distribution node is in trust list, from described trust list, obtain the PKI of described leaf EI distribution node, the EI distribution node that described trust list comprises at least one trust and corresponding PKI, described EI distribution node is that EI distributes root node, intergrade EI distribution node or leaf EI distribution node.
The sign of the EI distribution node that the trust list here comprises access authentication server trust and corresponding PKI thereof, the addressing information that also comprises alternatively the EI information server that the EI distribution node of trust is corresponding, EI distribution node comprises EI and distributes root node, intergrade EI distribution node or leaf EI distribution node.Conventionally this trust list at least comprises the sign that EI distributes root node, if show in the authorization message of certain network access entity/EI distribution node, the allocator of its EI/EI resource is that EI distributes root node, and this EI distributes root node not in trust list, illustrate that the EI in this authorization message distributes root node to forge, authentication failed.
Alternatively, if described leaf EI distribution node, not in described trust list, is determined the upper level EI distribution node of described leaf EI distribution node;
If described upper level EI distribution node is in described trust list, from described trust list, obtain the PKI of described upper level EI distribution node, and obtain from upper level EI information server corresponding to described upper level EI distribution node the authorization message of crossing described leaf EI distribution node by the private key signature of described upper level EI distribution node;
According to the PKI of described upper level EI distribution node, the authorization message of the described leaf EI distribution node of crossing by the private key signature of described upper level EI distribution node is carried out to signature verification;
After being verified, resolve the authorization message of described leaf EI distribution node, determine the PKI of described leaf EI distribution node.
Here, if described leaf EI distribution node is not in described trust list, can also initiatively to leaf EI information server corresponding to described leaf EI distribution node, inquire about the authorization message of described leaf EI distribution node, or adopt the method be similar to described in a kind of source tracing method embodiment based on EI distribution system that the embodiment of the present invention provides to distribute root node to trace to the source step by step from the EI trusting and obtain the authorization message of described leaf EI distribution node, then according to the allocator's field in the authorization message of described leaf EI distribution node, determine the upper level EI distribution node of described leaf EI distribution node.The present embodiment is not construed as limiting this.
It should be noted that, in application, may pass through the checking step by step of a plurality of upper levels until authenticate to the EI distribution node of trust, the present embodiment is not construed as limiting this.In addition, because EI distributes root node, be the EI distribution node of trusting, if therefore described upper level EI distribution node, not in described trust list, can also comprise:
Determine whether described upper level EI distribution node is that EI distributes root node, if EI distributes root node and described EI to distribute root node not in described trust list, checking is not passed through, and finishes.
Further, when above-mentioned be verified step by step after, can also by originally not in trust list but the EI distribution node being this time verified join in described trust list, after being verified described in, also comprise:
Described leaf EI distribution node is joined in described trust list.
In another alternative embodiment of the present invention, the signature of the private key that described access authentication request also comprises described network access entity to described access authentication request, after obtaining the PKI of described leaf EI distribution node, step 403 specifically can comprise:
According to the PKI of described leaf EI distribution node, the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node is carried out to signature verification;
After being verified, resolve the authorization message of described EI distribution object, determine the PKI of described EI distribution object;
According to the PKI of described EI distribution object, described access authentication request is carried out to signature verification.
In addition, the authorization message of described EI distribution object can also comprise the term of validity of described EI, under this scene, also comprises:
After the signature verification of described access authentication request is passed through, according to the term of validity of described EI, described access authentication request is carried out to validity verification.
The present embodiment has adopted the access authentication request that network access entity sends that receives, the EI that the source IP address of described access authentication request comprises described network access entity, from described EI distribution system, obtain the authorization message of described EI distribution object, according to the authorization message of described EI distribution object, described network access entity is carried out the technological means of access authentication, the authorization message generating in the time of can distributing EI based on EI distribution system is carried out access authentication to network access entity, has realized the checking to station address authenticity.
The structural representation of a kind of access authentication server example that Fig. 5 provides for the embodiment of the present invention.System interaction described in a kind of EI distribution system embodiment that this access authentication server and the embodiment of the present invention provide, as shown in Figure 5, this server comprises:
The specific implementation of the present embodiment is with reference to a kind of access authentication embodiment based on EI distribution system provided by the invention.The present embodiment has adopted the access authentication request that network access entity sends that receives, the EI that the source IP address of described access authentication request comprises described network access entity, from described EI distribution system, obtain the authorization message of described EI distribution object, according to the authorization message of described EI distribution object, described network access entity is carried out the technological means of access authentication, the authorization message generating in the time of can distributing EI based on EI distribution system is carried out access authentication to network access entity, has realized the checking to station address authenticity.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in a computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method embodiment; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Finally it should be noted that: above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. the access authentication method based on entity identifier distribution system, is characterized in that, comprising:
Receive the access authentication request that network access entity sends, the entity identifier EI that the source IP address of described access authentication request comprises described network access entity;
From described EI distribution system, obtain the authorization message of described EI distribution object;
According to the authorization message of described EI distribution object, described network access entity is carried out to access authentication;
Wherein, described EI distribution system, comprising: the entity identifier EI of tree-shaped connection distributes root node, intergrade EI distribution node and leaf EI distribution node;
Described EI distributes root node, for distributing the next stage EI distribution node of EI resource to carry out authentication to request, is verified backward described next stage EI distribution node and distributes EI resource, generates the authorization message of described next stage EI distribution node;
Described intergrade EI distribution node, for distributing EI resource to the request of upper level EI distribution node, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the next stage EI distribution node of EI resource to carry out authentication, be verified backward described next stage EI distribution node and distribute EI resource, generate the authorization message of described next stage EI distribution node;
Described leaf EI distribution node, be used for to upper level EI distribution node request EI resource, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the network access entity of EI to carry out authentication, be verified backward described network access entity and distribute EI so that described network access entity generates IP address according to described EI, generate the authorization message of described network access entity.
2. method according to claim 1, is characterized in that, the described authorization message of obtaining described EI distribution object from described EI distribution system specifically comprises:
From described network access entity, obtain the authorization message of described network access entity;
Resolve the authorization message of described network access entity, determine the leaf EI distribution node of distributing described EI;
From leaf EI information server corresponding to described leaf EI distribution node, obtain the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node;
Wherein, described EI distribution system also comprises: EI information root server, intergrade EI information server and leaf EI information server;
Described EI information root server, distribute root node corresponding with described EI, the authorization message of distributing the EI resource distribution object of root node for storing described EI, described EI distributes the authorization message of the EI resource distribution object of root node to comprise that EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of the EI information server that described EI resource distribution object is corresponding and described EI distribute the sign of root node;
Described intergrade EI information server, corresponding one by one with described intergrade EI distribution node, for storing the authorization message of the EI resource distribution object of corresponding intergrade EI distribution node, the authorization message of the EI resource distribution object of described intergrade EI distribution node comprises that described EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of EI information server that described EI resource distribution object is corresponding and the sign of described intergrade EI distribution node;
Described leaf EI information server, corresponding one by one with described leaf EI distribution node, for storing the authorization message of the EI distribution object of corresponding leaf EI distribution node, the authorization message of the EI distribution object of described leaf EI distribution node comprises that described EI distribution object distributes the EI obtaining, the identity information of described EI distribution object, PKI, the sign of described leaf EI distribution node;
Described EI distribute root node specifically for, after being verified, to described next stage EI distribution node, send authorization message and the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node sent to described EI information root server;
Described intergrade EI distribution node specifically for, receive authorization message and the private key of the described intergrade EI distribution node of upper level EI distribution node transmission, and after being verified, to described next stage EI distribution node, send the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node is sent to corresponding intergrade EI information server;
Described leaf EI distribution node specifically for, receive authorization message and the private key of the described leaf EI distribution node of upper level EI distribution node transmission, and after being verified, to described network access entity, send the private key of described network access entity, and the authorization message of described network access entity is sent to corresponding leaf EI information server.
3. method according to claim 1, is characterized in that, the described authorization message of obtaining described EI distribution object from described EI distribution system specifically comprises:
The authorization message of inquiring about described EI distribution object to EI information root server;
Receive the authorization message that described EI that described EI information root server returns distributes the next stage EI distribution node of root node, the distributed EI resource of described next stage EI distribution node comprises described EI;
To the next stage EI information server that described next stage EI distribution node is corresponding, inquire about the authorization message of described EI distribution object, until receive the authorization message of the described leaf EI distribution node that upper level EI information server corresponding to the upper level EI distribution node of described leaf EI distribution node return;
From leaf EI information server corresponding to described leaf EI distribution node, obtain the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node;
Wherein, described EI distribution system also comprises: EI information root server, intergrade EI information server and leaf EI information server;
Described EI information root server, distribute root node corresponding with described EI, the authorization message of distributing the EI resource distribution object of root node for storing described EI, described EI distributes the authorization message of the EI resource distribution object of root node to comprise that EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of the EI information server that described EI resource distribution object is corresponding and described EI distribute the sign of root node;
Described intergrade EI information server, corresponding one by one with described intergrade EI distribution node, for storing the authorization message of the EI resource distribution object of corresponding intergrade EI distribution node, the authorization message of the EI resource distribution object of described intergrade EI distribution node comprises that described EI resource distribution object distributes the sign of the EI resource obtaining, sign, the PKI of described EI resource distribution object, the sign of EI information server that described EI resource distribution object is corresponding and the sign of described intergrade EI distribution node;
Described leaf EI information server, corresponding one by one with described leaf EI distribution node, for storing the authorization message of the EI distribution object of corresponding leaf EI distribution node, the authorization message of the EI distribution object of described leaf EI distribution node comprises that described EI distribution object distributes the EI obtaining, the identity information of described EI distribution object, PKI, the sign of described leaf EI distribution node;
Described EI distribute root node specifically for, after being verified, to described next stage EI distribution node, send authorization message and the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node sent to described EI information root server;
Described intergrade EI distribution node specifically for, receive authorization message and the private key of the described intergrade EI distribution node of upper level EI distribution node transmission, and after being verified, to described next stage EI distribution node, send the private key of described next stage EI distribution node, and the authorization message of described next stage EI distribution node is sent to corresponding intergrade EI information server;
Described leaf EI distribution node specifically for, receive authorization message and the private key of the described leaf EI distribution node of upper level EI distribution node transmission, and after being verified, to described network access entity, send the private key of described network access entity, and the authorization message of described network access entity is sent to corresponding leaf EI information server.
4. according to the method in claim 2 or 3, describedly according to the authorization message of described EI distribution object, described network access entity is carried out before access authentication also comprising:
If described leaf EI distribution node is in trust list, from described trust list, obtain the PKI of described leaf EI distribution node, the EI distribution node that described trust list comprises at least one trust and corresponding PKI, described EI distribution node is that EI distributes root node, intergrade EI distribution node or leaf EI distribution node.
5. according to the method in claim 2 or 3, it is characterized in that, describedly according to the authorization message of described EI distribution object, described network access entity carried out before access authentication also comprising:
If described leaf EI distribution node, not in described trust list, is determined the upper level EI distribution node of described leaf EI distribution node;
If described upper level EI distribution node is in described trust list, from described trust list, obtain the PKI of described upper level EI distribution node, and obtain from upper level EI information server corresponding to described upper level EI distribution node the authorization message of crossing described leaf EI distribution node by the private key signature of described upper level EI distribution node;
According to the PKI of described upper level EI distribution node, the authorization message of the described leaf EI distribution node of crossing by the private key signature of described upper level EI distribution node is carried out to signature verification;
After being verified, resolve the authorization message of described leaf EI distribution node, determine the PKI of described leaf EI distribution node.
6. method according to claim 5, is characterized in that, described in also comprise after being verified:
Described leaf EI distribution node is joined in described trust list.
7. according to the arbitrary described method of claim 4-6, it is characterized in that, the signature of the private key that described access authentication request also comprises described network access entity to described access authentication request, describedly carries out access authentication according to the authorization message of described EI distribution object to described network access entity and specifically comprises:
According to the PKI of described leaf EI distribution node, the authorization message of the described EI distribution object of crossing by the private key signature of described leaf EI distribution node is carried out to signature verification;
After being verified, resolve the authorization message of described EI distribution object, determine the PKI of described EI distribution object;
According to the PKI of described EI distribution object, described access authentication request is carried out to signature verification.
8. method according to claim 7, is characterized in that, the authorization message of described EI distribution object also comprises the term of validity of described EI, also comprises:
After the signature verification of described access authentication request is passed through, according to the term of validity of described EI, described access authentication request is carried out to validity verification.
9. method according to claim 5, is characterized in that, also comprises:
If whether described upper level EI distribution node not in described trust list, is determined described upper level EI distribution node is that EI distributes root node, if EI distributes root node and described EI to distribute root node not in described trust list, checking is not passed through, and finishes.
10. an access authentication server, is characterized in that, mutual with entity identifier EI distribution system, comprising:
Receiver module, the access authentication request sending for receiving network access entity, the entity identifier EI that the source IP address of described access authentication request comprises described network access entity;
Acquisition module, for obtaining the authorization message of described EI distribution object from described EI distribution system;
Authentication module, for carrying out access authentication according to the authorization message of described EI distribution object to described network access entity;
Wherein, described EI distribution system, comprising: the entity identifier EI of tree-shaped connection distributes root node, intergrade EI distribution node and leaf EI distribution node;
Described EI distributes root node, for distributing the next stage EI distribution node of EI resource to carry out authentication to request, is verified backward described next stage EI distribution node and distributes EI resource, generates the authorization message of described next stage EI distribution node;
Described intergrade EI distribution node, for distributing EI resource to the request of upper level EI distribution node, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the next stage EI distribution node of EI resource to carry out authentication, be verified backward described next stage EI distribution node and distribute EI resource, generate the authorization message of described next stage EI distribution node;
Described leaf EI distribution node, be used for to upper level EI distribution node request EI resource, and in distribution, obtain after the EI resource of described upper level EI distribution node distribution, to request, distribute the network access entity of EI to carry out authentication, be verified backward described network access entity and distribute EI so that described network access entity generates IP address according to described EI, generate the authorization message of described network access entity.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110210819.7A CN102255983B (en) | 2011-07-26 | 2011-07-26 | Entity identifier allocation system, source tracing and authentication methods and server |
| PCT/CN2011/083696 WO2013013479A1 (en) | 2011-07-26 | 2011-12-08 | Entity identifier allocation system, tracing and authentication method and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110210819.7A CN102255983B (en) | 2011-07-26 | 2011-07-26 | Entity identifier allocation system, source tracing and authentication methods and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102255983A CN102255983A (en) | 2011-11-23 |
| CN102255983B true CN102255983B (en) | 2014-03-05 |
Family
ID=44982972
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110210819.7A Active CN102255983B (en) | 2011-07-26 | 2011-07-26 | Entity identifier allocation system, source tracing and authentication methods and server |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102255983B (en) |
| WO (1) | WO2013013479A1 (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102255983B (en) * | 2011-07-26 | 2014-03-05 | 中国科学院计算机网络信息中心 | Entity identifier allocation system, source tracing and authentication methods and server |
| CN104283953B (en) * | 2014-09-30 | 2017-08-11 | 清华大学 | A kind of position information share system and sharing method |
| CN106454935B (en) * | 2016-08-25 | 2020-04-14 | 广州中国科学院计算机网络信息中心 | Method and system for publishing and discovering article traceability information in M2M system |
| CN108259326B (en) * | 2016-12-29 | 2020-06-26 | 华为技术有限公司 | Routing table updating method and device, distribution node and leaf message forwarding equipment |
| CN109714444A (en) * | 2018-12-04 | 2019-05-03 | 中国电子技术标准化研究院 | A kind of method of registration management, system and node |
| CN112036909A (en) * | 2020-08-25 | 2020-12-04 | 重庆邮电大学 | Product information tracing system and method based on IPv6 virtual connection |
| CN114448936B (en) * | 2022-01-28 | 2023-10-20 | 广州根链国际网络研究院有限公司 | IPv 6-based network transmission rule verification method capable of encoding traceability |
| CN115987940B (en) * | 2022-12-05 | 2024-04-19 | 中国联合网络通信集团有限公司 | Telecom identification method, device and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1359574A (en) * | 1999-07-06 | 2002-07-17 | 松下电器产业株式会社 | Distributed group key management scheme for secure many-to-many communication |
| US6629243B1 (en) * | 1998-10-07 | 2003-09-30 | Nds Limited | Secure communications system |
| CN101426201A (en) * | 2008-12-16 | 2009-05-06 | 北京工业大学 | Safe effective instant authentication method in wireless Mesh network |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101210339B1 (en) * | 2006-10-10 | 2012-12-18 | 삼성전자주식회사 | Method for generating node identifier in k-nary tree |
| CN101707763B (en) * | 2009-12-03 | 2012-10-17 | 常熟理工学院 | Method for achieving automatic configuration of IPv6 addresses for wireless sensor network |
| CN101707764B (en) * | 2009-12-03 | 2011-12-07 | 常熟理工学院 | Realization method of next generation all-IP wireless sensor network |
| CN102014377B (en) * | 2011-01-06 | 2012-11-28 | 常熟理工学院 | Distributed wireless sensor network-based IPv6 address configuration implementing method |
| CN102255983B (en) * | 2011-07-26 | 2014-03-05 | 中国科学院计算机网络信息中心 | Entity identifier allocation system, source tracing and authentication methods and server |
-
2011
- 2011-07-26 CN CN201110210819.7A patent/CN102255983B/en active Active
- 2011-12-08 WO PCT/CN2011/083696 patent/WO2013013479A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6629243B1 (en) * | 1998-10-07 | 2003-09-30 | Nds Limited | Secure communications system |
| CN1359574A (en) * | 1999-07-06 | 2002-07-17 | 松下电器产业株式会社 | Distributed group key management scheme for secure many-to-many communication |
| CN101426201A (en) * | 2008-12-16 | 2009-05-06 | 北京工业大学 | Safe effective instant authentication method in wireless Mesh network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102255983A (en) | 2011-11-23 |
| WO2013013479A1 (en) | 2013-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255983B (en) | Entity identifier allocation system, source tracing and authentication methods and server | |
| CN106851632B (en) | A kind of method and device of smart machine access WLAN | |
| CN110800331B (en) | Network verification method, related equipment and system | |
| CN102761630B (en) | Real user identity information-oriented IPv6 (Internet Protocol Version 6) address distribution method | |
| US8630420B2 (en) | Method for auto-configuration of a network terminal address | |
| US7962584B2 (en) | Usage of host generating interface identifiers in DHCPv6 | |
| CN101960814B (en) | IP address delegation | |
| CN109714447B (en) | Domain name generation method and system based on block chain domain name system | |
| CN101924801B (en) | IP (Internet Protocol) address management method and system as well as DHCP (Dynamic Host Configuration Protocol) server | |
| CN101867625B (en) | Method for allocating IPv6 address and home gateway | |
| CN103078877B (en) | Based on the user authentication of DNS and domain name access control method and system | |
| US8566584B2 (en) | Method, apparatus, and system for processing dynamic host configuration protocol message | |
| CN102255916A (en) | Access authentication method, device, server and system | |
| TW201838374A (en) | Representing unique device identifiers in hierarchical device certificates as fully qualified domain names (fqdn) | |
| CN109688243B (en) | Sensing node IPv 6address allocation method based on trusted identity | |
| CN103780711A (en) | Address assignment method and address assignment system for intelligent access type decision, and AAA system | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN105592180A (en) | Portal authentication method and device | |
| CN106535089A (en) | Machine to machine virtual private network | |
| CN101697522A (en) | Virtual private network networking method, communication system and related equipment | |
| CN102056170B (en) | Mobile terminal user authentication method and system | |
| CN111866201A (en) | IPv6 multicast address generation method and device | |
| Li et al. | Secure DHCPv6 mechanism for DHCPv6 security and privacy protection | |
| US20150264010A1 (en) | Internet protocol version 6 address configuration method | |
| CN115580498B (en) | Cross-network communication method in converged network and converged network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210207 Address after: 100190 room 506, building 2, courtyard 4, South 4th Street, Zhongguancun, Haidian District, Beijing Patentee after: CHINA INTERNET NETWORK INFORMATION CENTER Address before: 100190 No. four, four South Street, Haidian District, Beijing, Zhongguancun Patentee before: Computer Network Information Center, Chinese Academy of Sciences |