A kind of safe and reliable future network Realization Method of Communication
Technical field
The present invention relates to a kind of Realization Method of Communication, more particularly to a kind of safe and reliable future network to communicate and realize
Method.
Background technique
Future network can be realized the multi-hop wireless communication between node and node as a kind of Novel Communication network.With
Continuing to bring out for the continuous development of network technology and various new opplications, there is an urgent need to realize future network communication to meet use
The application demand of family sharp increase.
Future network is as a kind of specific type, it and data grid technology, and traditional network is centered on address, therefore simultaneously
It is unfavorable for the acquisition of data.For example, in an ip network, data are provided by destination node that purpose IP address determines, if should
Destination node failure, then can not just provide data.And future network is data-centered, any node can provide number
According to so as to shorten the delay and cost of data acquisition.
But how to realize that future network also needs further to study and inquire into.
Summary of the invention
Goal of the invention: can the technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide a kind of safety
The future network Realization Method of Communication leaned on.
Technical solution: the invention discloses a kind of safe and reliable future network Realization Method of Communication, the future networks
Including router, interchanger, access node, equipment and server;Future network is divided into more than two domains, and each domain includes
One server, a router, more than two interchangers, more than two access nodes and more than two equipment;
One router has more than two Upstream Interface and more than two downstream interfaces, and the Upstream Interface is under
Swimming interface is wireline interface, and each Upstream Interface is connected with a router, the downstream interface and server of router
It is connected, remaining downstream interface is connected with interchanger;One interchanger has a Upstream Interface and more than two downstream interfaces,
The Upstream Interface and downstream interface are wireline interface, and a Upstream Interface is connected with router or interchanger, under one
Trip interface is connected with interchanger or access node;One access node has a wireline interface and a wireless interface, has
Line interface is connected with interchanger, and wireless interface is connected with equipment;One equipment has a wireless interface, the wireless interface and access
Node is connected;One server has a wireline interface, which is connected with router;Each interface by interface ID only
One mark;
One router is by domain name unique identification, such as cslg/N6;One access node by location name unique identification,
For describing the location information where the access node, such as CS/402, i.e. 402 laboratory of School of Computer Science;One equipment by
One device name unique identification, device name have uniqueness in a domain;One server is by a server name
Unique identification, server name have uniqueness in a domain;Interchanger does not need any name identification;
One router, one address of access node or device configuration is for communicating, and an address is by domain name, location name
Claim and device name is constituted;The location name and device name of router are sky;The device name of access node is sky;One
The domain name of equipment, location name and device name are not sky;
One server configures an address for communicating, and an address is by domain name, location name and server name
It constitutes, the location name of the address is sky;
Server saves an equipment list, a position table and a domain table;One equipment list item is by device name, encryption
Device name and key domain constitute;One position list item is made of location name domain and hash function domain;One domain list item
It is made of domain name and hash function domain;
One device configuration, one code key, a location name configure a hash function, and a domain name configures a Kazakhstan
Uncommon function;The code key and hash function are saved and are signed and issued by Third Party Authentication data center computer, and an equipment is to
Tripartite's authentication data central computer is registered the code key to obtain oneself;Access node is counted to Third Party Authentication data center
Calculation machine is registered the one-way Hash function to obtain oneself;Router is registered to Third Party Authentication data center computer
To obtain oneself one-way Hash function;All servers share a key in network;
The equipment that server is registered to Third Party Authentication data center computer to obtain all devices in the domain of place
Title and code key, the location name and one-way Hash function of all access nodes, the domain name and list of all-router in network
The shared key of Servers-all into hash function and network;
Where server obtains in domain after the device name and code key of all devices, for each equipment, server wound
An equipment list item is built, the device name of the equipment list item is the device name DV ' of the equipment, and key thresholding is the close of the equipment
Key k ', the device name of encryption are the EDV ' being calculated according to formula (1), in formula (1), Encrypt1 be one it is symmetrical plus
Close algorithm, such as DES (Data Encryption Standard, data encryption standards);
EDV '=Encrypt1 (DV ', k ') formula (1)
Server obtain where in domain after the location name of all access nodes and hash function, for each access section
Point, the server create a position list item, and the location name of the position list item is the location name of the access node, Hash letter
Number field value is the hash function of access node configuration;
Server obtain in a network after the domain name of all-router and hash function, for each router, the clothes
Business device creates a domain list item, and the domain name of the domain list item is the domain name of the router, and hash function thresholding is the configuration of routers
Hash function;
Each router safeguards a domain routing table, and a domain route table items include domain name, interface ID, distance and life
Period region;
The domain name of router R1 is DN1, the cryptographic Hash HDN of hash function H1, domain name DN1, as shown in formula (2);
HDN1=H1 (DN1) formula (2)
Router R1 is periodically executed following processes and establishes domain routing table:
Step 101: starting;
Step 102: router R1 creates an address, which is HDN1, and location name and device name are sky;Road
It sends one from each Upstream Interface by device R1 to give out information, which is the address of creation, destination address
For sky, load as parameter d1, initial value 0;
Step 103: router is received from interface u1 give out information after, by this give out information load in parameter d1 value pass
Increase 1;A domain route table items are judged whether there is, the domain name of the domain route table items is equal to the domain name of the source address to give out information
And it is equal to parameter d1 apart from thresholding, and it is to then follow the steps 104, it is no to then follow the steps 105;
Step 104: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items
Domain name be equal to the source address to give out information domain name and apart from thresholding be equal to parameter d1, by the interface ID of the domain route table items
It is updated to u1, maximum value, such as 500ms is set by life cycle, executes step 109;
Step 105: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain
The domain name of route table items is equal to the domain name of the source address to give out information and is less than parameter d1 apart from thresholding, if it is present holding
Row step 110, it is no to then follow the steps 106;
Step 106: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain
The domain name of route table items is equal to the domain name of the source address to give out information, if it is present executing step 107, otherwise executes step
Rapid 108;
Step 107: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items
Domain name be equal to the source address to give out information domain name, the interface ID of the domain route table items is updated to u1, will be apart from thresholding
The parameter d1 being updated in the load that gives out information, sets maximum value for life cycle, executes step 109;
Step 108: receiving the router to give out information from interface u1 and create a domain route table items, the domain route table items
Domain name be equal to the domain name of the source address to give out information, the interface ID of the domain route table items is equal to u1, and being equal to apart from thresholding should
The parameter d1 to give out information in loading, sets maximum value for life cycle;
Step 109: the router that gives out information is received from interface u1 from all Upstream Interface other than interface u1
It forwards this to give out information, executes step 103;
Step 110: terminating;
If a router detects that the life cycle of a domain route table items decays to 0, the domain routing table is deleted
?.
Router establishes routing table by the above process, to obtain the routed path for reaching purpose router, above-mentioned mistake
Journey reduces data communication delays and cost by controlling the length of routed path apart from thresholding;In addition, the above process
The validity and real-time for ensuring routing iinformation by life cycle, from the success rate for ensuring data communication.
In the method for the invention, each router or interchanger save this earth's surface, and each local list item includes
Location name domain, the domain interface ID and life cycle domain;
If the location name of access node AP1 is LN1, the hash function of access node AP1 is H2, access node AP1
According to the cryptographic Hash HLN1 of formula (3) calculating position title LN1;
HLN1=H2 (LN1) formula (3)
Access node AP1 is periodically executed operations described below and establishes this earth's surface:
Step 201: starting;
Step 202: access node AP1 creates an address, and the location name of the address is HLN1, domain name and device name
For sky;Access node AP1 from wireline interface send it is local give out information, during which gives out information, source address be the ground constructed
Location, destination address are sky, are loaded as sky;
Step 203: judgement is that router from downstream interface u2 or interchanger from downstream interface u3 receives local publication
Message thens follow the steps 206 if it is router, no to then follow the steps 204;
Step 204: interchanger receives local give out information from downstream interface u3;The interchanger judges whether there is one
Local list item, the location name of the local list item are that the local gives out information the location name of source address;If it does, the exchange
The interface ID of the local list item is updated to u3 by machine, sets maximum value, such as 500ms for life cycle, otherwise the interchanger
Create a local list item, the location name of the local list item gives out information the location name of source address for the local, interface ID
Thresholding is u3, and life cycle is set as maximum value;
Step 205: receiving the interchanger locally to give out information from downstream interface u3 and forward the local to send out from Upstream Interface
Cloth message executes step 203;
Step 206: router receives local give out information from downstream interface u2;The router judges whether there is one
Local list item, the location name of the local list item are equal to the local and give out information the location name of source address;If it does, the road
The interface ID of the local list item is updated to u2 by device, sets maximum value, such as 500ms for life cycle;Otherwise the routing
Device creates a local list item, and the location name of the local list item gives out information the location name of source address equal to the local, connects
Mouth ID thresholding is u2, and life cycle is set as maximum value;
Step 207: terminating;
If a router or interchanger detect that the life cycle of a local list item decays to 0, deleting should
Local list item.
Access node establishes this earth's surface by the above process, to obtain the relevant information of access node, passes through interface ID
Thresholding realizes the correct forwarding of message, so that it is guaranteed that the correctness of data communication;The above process ensures to connect by life cycle
The validity and real-time of ingress information, from the success rate for ensuring data communication.
In the method for the invention, after server starting, periodically sends server and give out information, which gives out information
Source address be sky, destination address be sky, load as sky, the router connecting with the server receives the service from interface f1
After device gives out information, interface f1 is saved as to the interface connecting with server;
It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, the domain of router R1
Entitled DN1, server S 1 are connected with router R1, and the device name of equipment V1 is VN1, are located in the D1 of domain, with access node AP1
Link is connected, and under conditions of the location name of access node AP1 is LN1, server S 1 is realized and equipment V1 by following processes
Communication:
Step 301: starting;
Step 302: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position
The location name of list item, the position list item is equal to location name LN1, selects an equipment list item, the implementor name of the equipment list item
Claim to be equal to device name VN1;Server S 1 calculates the cryptographic Hash HDN1 of domain name DN1 using the hash function for the domain list item chosen,
Using the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, the equipment list item chosen is utilized
The server name ESN1 that key thresholding encryption server title SN1 is encrypted;Server S 1 constructs the address of oneself, the ground
In location, domain name HDN1, location name is sky, and server name is known as ESN1;Server S 1 constructs the address of equipment V1, the address
In, domain name HDN1, location name HLN1, device name are the device name encrypted in the equipment list item chosen;Server
S1 sends a request message, and the source address of the request message is the address of oneself, and destination address is the address of equipment V1, load
For sky;Router R1 checks this earth's surface after receiving the request message, selects a local list item, the location name of the local list item
Claim the location name for being equal to the request message destination address, the interface forwarding identified from the domain interface ID for the local list item chosen
The request message;
Step 303: judging whether access node AP1 from wireline interface receives the request message, be to then follow the steps
305, no to then follow the steps 304:
Step 304: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 303;
Step 305: access node AP1 forwards the request message from wireless interface;After equipment receives request message, utilize
The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted;If encrypted device name
Equal to the device name of the destination address of the request message received, 306 are thened follow the steps, it is no to then follow the steps 310;
Step 306: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains
The response data of encryption;The equipment sends a response message, and the source address of the response message is the destination of the request message
Location, the destination address of the response message are equal to the source address of the request message, load the response data for encryption;Access node
After AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface;
Step 307: if router R1 receives the response message, then follow the steps 309, it is no to then follow the steps 308;
Step 308: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 307;
Step 309: router R1 forwards the response message received from the downstream interface connecting with server S 1;Server
After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message
The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item,
It is final to obtain response data and save the response data;
Step 310: terminating.
Server is realized communicated with the equipment in this domain by the above process;The above process passes through the interface of this earth's surface
ID thresholding realizes the correct forwarding of data, so that it is guaranteed that the correctness of data communication;In addition, the above process is by encrypting come real
The safety of data communication is showed.
In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1
Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1, and the shared key of server is k2 in network, is connect
The location name of ingress AP1 is LN1, and under conditions of being located in the D1 of domain, server S 1 is realized by following processes and saved with access
The communication of point AP1 connected all devices:
Step 401: starting;
Step 402: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position
The location name of list item, the position list item is equal to location name LN1;Server S 1 utilizes the hash function meter for the domain list item chosen
The cryptographic Hash HDN1 for calculating domain name DN1, utilizes the cryptographic Hash of the hash function calculating position title LN1 for the position list item chosen
HLN1, the server name ESN1 encrypted using key k2 encryption server title SN1;Server S 1 constructs the ground of oneself
Location, in the address, domain name HDN1, location name is sky, and server name is known as ESN1;Server S 1 constructs an address A1,
In the address, domain name HDN1, location name HLN1, device name are sky;Server S 1 sends a request message, this is asked
Ask the source address of message for the address of oneself, destination address is address A1, is loaded as sky;Router R1 receives the request message
After check this earth's surface, select a local list item, the position of the location name of the local list item equal to the request message destination address
Title is set, the interface identified from the domain interface ID for the local list item chosen forwards the request message;
Step 403: if access node AP1 receives the request message from wireline interface, thening follow the steps 405, otherwise
Execute step 404:
Step 404: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 403;
Step 405: access node AP1 forwards the request message from wireless interface;
Step 406: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation and obtains
The response data of encryption, the device name encrypted using the device name of the key pair oneself of oneself;This sets
One address of standby building, the domain name and location name of the address be respectively equal to receive the domain name of the destination address of request message and
Location name, the device name of the address are the device name of encryption, send a response message, the source address of the response message
For the address of building, the destination address of the response message is equal to the source address of the request message, loads the response data for encryption;
After access node AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface;
Step 407: if router R1 receives the response message, then follow the steps 409, it is no to then follow the steps 408;
Step 408: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 407;
Step 409: router R1 forwards the response message received from the downstream interface connecting with server S 1;Server
After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message
The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item,
It is final to obtain response data and save the response data;
Step 410: terminating.
Server realizes that all devices being connected with an access node are communicated by the above process;The above process is logical
Encryption is crossed to realize the safety of data communication, in this way, malicious node can not obtain the data of network transmission, in addition, above-mentioned
Process realizes the correct forwarding of data by the interface ID thresholding of this earth's surface, so that it is guaranteed that the correctness of data communication.
In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1
Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1;The server name of server S 2 is known as SN2, position
In the D2 of domain, the router of domain D2 is R2, and the domain name of router R2 is DN2, and server S 2 is connected with router R2, equipment V2's
Device name is VN2, is located in the D2 of domain, is connected with access node AP2 link, and the location name of access node AP2 is LN2, net
Under conditions of the shared key of server is k2 in network, server S 1 realizes the communication with equipment V2 by following processes:
Step 501: starting;
Step 502: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1;Server S 1 utilizes
The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item
Domain name be equal to domain name DN2;Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen;
The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken
The server name ESN3 that business device title SN2 is encrypted;Server S 1 utilizes key k2 encrypted location title LN2 and implementor name
The data E3 for claiming VN2 to be encrypted;Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is
Sky, server name are known as ESN2;Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is
Sky, server name are known as ESN3;Server S 1 sends a remote request message, and the source address of the remote request message is oneself
Address, destination address be server S 2 address, load as encryption data E3;Router R1 receives the remote request message
After check domain routing table, select a domain route table items, the domain name of the domain route table items is equal to the remote request message destination
The domain name of location, the interface identified from the domain interface ID for the domain route table items chosen forward the remote request message;
Step 503: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 505, otherwise
Execute step 504;
Step 504: router selects a domain route table items, the domain of the domain route table items after receiving remote request message
Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote request message is sent out, step 503 is executed;
Step 505: router R2 forwards the remote request message received from the interface being connected with server S 2;Server
After S2 receives remote request message, location name is obtained using the encryption data E3 in the load of key k2 decrypted remote request message
Claim LN2 and device name VN2;Server S 2 selects a position list item, and the location name of the position list item is equal to location name
LN2, selects an equipment list item, and the device name of the equipment list item is equal to device name VN2;Server S 2 utilizes the position chosen
The cryptographic Hash HLN2 for setting the hash function calculating position title LN2 of list item is encrypted using the key thresholding for the equipment list item chosen
The server name ESN2 that server name SN2 is encrypted;Server S 2 constructs oneself address, and in the address, domain name is
The domain name of the destination address of the remote request message received, location name are sky, and server name is known as ESN2;2 structure of server S
Build the address of standby V2, in the address, domain name is the domain name of the destination address of the remote request message received, and location name is
HLN2, device name are the encryption device name for the equipment list item chosen;Server S 2 sends a request message, the request
The source address of message is the address of oneself, and destination address is the address of equipment V2, is loaded as the source address of the remote request message;
Router R2 checks this earth's surface after receiving the request message, selects a local list item, the location name etc. of the local list item
In the location name of the request message destination address, the interface identified from the domain interface ID for the local list item chosen forwards this to ask
Seek message;
Step 506: if access node AP2 receives the request message from wireline interface, thening follow the steps 508, otherwise
Execute step 507:
Step 507: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 506;
Step 508: access node AP2 forwards the request message from wireless interface;After equipment receives request message, utilize
The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted;If encrypted device name
Equal to the device name of the destination address of the request message received, 509 are thened follow the steps, it is no to then follow the steps 516;
Step 509: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains
The response data of encryption;The equipment sends a response message, and the source address of the response message is the destination of the request message
Location, the destination address of the response message are equal to the source address of the request message, load as the response data of encryption and the request
Address in Message Payload;After access node AP2 receives the response message from wireless interface, the response is forwarded from wireline interface
Message;
Step 510: if router R2 receives the response message, then follow the steps 512, it is no to then follow the steps 511;
Step 511: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 510;
Step 512: router R2 forwards the response message received from the downstream interface connecting with server S 2;Server
After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source
The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item;Clothes
Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2
Title ESN3;Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message,
Location message is sky, and server name is known as the server name ESN3 encrypted;Server S 2 sends a remote response message, should
The source address of remote response message is the address of building, and destination address is the address in the response message load received, load
For the response data of encryption;Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table
, the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen
The interface that the domain mouth ID is identified forwards the remote response message;
Step 513: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 515, otherwise
Execute step 514;
Step 514: router selects a domain route table items, the domain of the domain route table items after receiving remote response message
Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote response message is sent out, step 513 is executed;
Step 515: router R1 forwards the remote response message received from the interface being connected with server S 1;Server
After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message
Data save response data;
Step 516: terminating.
Server is realized communicated with remote equipment by the above process;The above process realizes data by routing table
Correct route, due to data routed path be shortest path, reduce data communication delays and cost;On in addition,
Stating process realizes the safety of data communication by encrypting.
In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1
Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1, and the server name of server S 2 is known as SN2, position
In the D2 of domain, the router of domain D2 is R2, and the domain name of router R2 is DN2, and server S 2 is connected with router R2, access node
The location name of AP2 is LN2, is located in the D2 of domain, and under conditions of the shared key of server is k2 in network, server S 1 passes through
Following processes are realized and the communication of the access node AP2 all devices being connected:
Step 601: starting;
Step 602: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1;Server S 1 utilizes
The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item
Domain name be equal to domain name DN2;Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen;
The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken
The server name ESN3 that business device title SN2 is encrypted;Server S 1 is encrypted using key k2 encrypted location title LN2
Data E4;Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, and server name is known as
ESN2;Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, and server name is known as
ESN3;Server S 1 sends a remote request message, and the source address of the remote request message is the address of oneself, destination address
For the address of server S 2, load as encryption data E4;Router R1 checks domain routing table after receiving the remote request message,
Select a domain route table items, the domain name of the domain route table items is equal to the domain name of the remote request message destination address, from choosing
The interfaces that are identified of the domain interface ID of domain route table items forward the remote request message;
Step 603: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 605, otherwise
Execute step 604;
Step 604: router selects a domain route table items, the domain of the domain route table items after receiving remote request message
Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote request message is sent out, step 603 is executed;
Step 605: router R2 forwards the remote request message received from the interface being connected with server S 2;Server
After S2 receives remote request message, location name is obtained using the encryption data E4 in the load of key k2 decrypted remote request message
Claim LN2;Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2;2 benefit of server S
With the cryptographic Hash HLN2 of the hash function calculating position title LN2 for the position list item chosen, the close of the equipment list item chosen is utilized
The server name ESN2 that key thresholding encryption server title SN2 is encrypted,;Server S 2 constructs the address of oneself, the ground
In location, domain name is the domain name of the destination address of the remote request message received, and location name is sky, and server name is known as
ESN2;In the building of server S 2 one address A2, address A2, domain name is the destination address of the remote request message received
Domain name, location name HLN2, device name are sky;Server S 2 sends a request message, the source address of the request message
For the address of oneself, destination address is address A2, is loaded as the source address of the remote request message;Router R2 receives this and asks
This earth's surface is checked after seeking message, selects a local list item, and the location name of the local list item is equal to the request message destination
The location name of location, the interface identified from the domain interface ID for the local list item chosen forward the request message;
Step 606: if access node AP2 receives the request message from wireline interface, thening follow the steps 608, otherwise
Execute step 607:
Step 607: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 606;
Step 608: after access node AP2 receives request message from wireline interface, forwarding the request to disappear from wireless interface
Breath;
Step 609: after equipment receives request message, executing cryptographic operation using the key pair response data of oneself and obtain
The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself;The equipment
An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message
Title is set, the device name of the address is the device name of encryption, which sends a response message, the source of the response message
Address is the address of building, and the destination address of the response message is equal to the source address of the request message, loads the response for encryption
Address in data and request message load;After access node AP2 receives the response message from wireless interface, from wired
Interface forwards the response message;
Step 610: if router R2 receives the response message, then follow the steps 612, it is no to then follow the steps 611;
Step 611: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 610;
Step 612: router R2 forwards the response message received from the downstream interface connecting with server S 2;Server
After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source
The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item;Clothes
Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2
Title ESN3;Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message,
Location message is sky, and server name is known as the server name ESN3 encrypted;Server S 2 sends a remote response message, should
The source address of remote response message is the address of building, and destination address is the address in the response message load received, load
For the response data of encryption;Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table
, the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen
The interface that the domain mouth ID is identified forwards the remote response message;
Step 613: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 615, otherwise
Execute step 614;
Step 614: router selects a domain route table items, the domain of the domain route table items after receiving remote response message
Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote response message is sent out, step 613 is executed;
Step 615: router R1 forwards the remote response message received from the interface being connected with server S 1;Server
After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message
Data save response data;
Step 616: terminating.
Server realizes that all devices being connected with remote access node are communicated by the above process;The above process is logical
Encryption is crossed to realize the safety of data communication, in this way, malicious node can not obtain the data of network transmission, in addition, above-mentioned
Process realizes the correct forwarding of data by routing table, since the routed path of data is shortest path, reduces number
According to communication delay and cost.
The utility model has the advantages that the present invention provides a kind of safe and reliable future network Realization Method of Communication, equipment passes through this hair
Implementation method provided by bright can obtain safely the data service of network offer, while can ensure Information Security, shorten number
According to delay and cost is obtained, improve service quality, present invention can apply to the transmission of important information, such as road conditions monitoring,
The fields such as vehicle management, are with a wide range of applications.
Detailed description of the invention
The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, of the invention is above-mentioned
And/or otherwise advantage will become apparent.
Fig. 1 establishes domain routing table flow diagram to be of the present invention.
Fig. 2 establishes this surface flow journey schematic diagram to be of the present invention.
Fig. 3 is local communication flow diagram of the present invention.
Fig. 4 is that local data of the present invention obtains flow diagram.
Fig. 5 is telecommunication flow diagram of the present invention.
Fig. 6 is Remote data service flow diagram of the present invention.
Specific embodiment:
The present invention provides a kind of safe and reliable future network Realization Method of Communication, equipment is provided through the invention
Implementation method can obtain safely the data service of network offer, while can ensure Information Security, shorten data acquisition delay
And cost, it improves service quality, present invention can apply to transmission of important information, such as road conditions monitoring, vehicle management etc.
Field is with a wide range of applications.
Fig. 1 establishes domain routing table flow diagram to be of the present invention.The future network includes router, exchange
Machine, access node, equipment and server;Future network is divided into more than two domains, and each domain includes a server, one
Router, more than two interchangers, more than two access nodes and more than two equipment;
One router has more than two Upstream Interface and more than two downstream interfaces, and the Upstream Interface is under
Swimming interface is wireline interface, and each Upstream Interface is connected with a router, the downstream interface and server of router
It is connected, remaining downstream interface is connected with interchanger;One interchanger has a Upstream Interface and more than two downstream interfaces,
The Upstream Interface and downstream interface are wireline interface, and a Upstream Interface is connected with router or interchanger, under one
Trip interface is connected with interchanger or access node;One access node has a wireline interface and a wireless interface, has
Line interface is connected with interchanger, and wireless interface is connected with equipment;One equipment has a wireless interface, the wireless interface and access
Node is connected;One server has a wireline interface, which is connected with router;Each interface by interface ID only
One mark;
One router is by domain name unique identification, such as cslg/N6;One access node by location name unique identification,
For describing the location information where the access node, such as CS/402, i.e. 402 laboratory of School of Computer Science;One equipment by
One device name unique identification, device name have uniqueness in a domain;One server is by a server name
Unique identification, server name have uniqueness in a domain;Interchanger does not need any name identification;
One router, one address of access node or device configuration is for communicating, and an address is by domain name, location name
Claim and device name is constituted;The location name and device name of router are sky;The device name of access node is sky;One
The domain name of equipment, location name and device name are not sky;
One server configures an address for communicating, and an address is by domain name, location name and server name
It constitutes, the location name of the address is sky;
Server saves an equipment list, a position table and a domain table;One equipment list item is by device name, encryption
Device name and key domain constitute;One position list item is made of location name domain and hash function domain;One domain list item
It is made of domain name and hash function domain;
One device configuration, one code key, a location name configure a hash function, and a domain name configures a Kazakhstan
Uncommon function;The code key and hash function are saved and are signed and issued by Third Party Authentication data center computer, and an equipment is to
Tripartite's authentication data central computer is registered the code key to obtain oneself;Access node is counted to Third Party Authentication data center
Calculation machine is registered the one-way Hash function to obtain oneself;Router is registered to Third Party Authentication data center computer
To obtain oneself one-way Hash function;All servers share a key in network;
The equipment that server is registered to Third Party Authentication data center computer to obtain all devices in the domain of place
Title and code key, the location name and one-way Hash function of all access nodes, the domain name and list of all-router in network
The shared key of Servers-all into hash function and network;
Where server obtains in domain after the device name and code key of all devices, for each equipment, server wound
An equipment list item is built, the device name of the equipment list item is the device name DV ' of the equipment, and key thresholding is the close of the equipment
Key k ', the device name of encryption are the EDV ' being calculated according to formula (1), in formula (1), Encrypt1 be one it is symmetrical plus
Close algorithm, such as DES (Data Encryption Standard, data encryption standards);
EDV '=Encrypt1 (DV ', k ') formula (1)
Server obtain where in domain after the location name of all access nodes and hash function, for each access section
Point, the server create a position list item, and the location name of the position list item is the location name of the access node, Hash letter
Number field value is the hash function of access node configuration;
Server obtain in a network after the domain name of all-router and hash function, for each router, the clothes
Business device creates a domain list item, and the domain name of the domain list item is the domain name of the router, and hash function thresholding is the configuration of routers
Hash function;
Each router safeguards a domain routing table, and a domain route table items include domain name, interface ID, distance and life
Period region;
The domain name of router R1 is DN1, the cryptographic Hash HDN of hash function H1, domain name DN1, as shown in formula (2);
HDN1=H1 (DN1) formula (2)
Router R1 is periodically executed following processes and establishes domain routing table:
Step 101: starting;
Step 102: router R1 creates an address, which is HDN1, and location name and device name are sky;Road
It sends one from each Upstream Interface by device R1 to give out information, which is the address of creation, destination address
For sky, load as parameter d1, initial value 0;
Step 103: router is received from interface u1 give out information after, by this give out information load in parameter d1 value pass
Increase 1;A domain route table items are judged whether there is, the domain name of the domain route table items is equal to the domain name of the source address to give out information
And it is equal to parameter d1 apart from thresholding, and it is to then follow the steps 104, it is no to then follow the steps 105;
Step 104: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items
Domain name be equal to the source address to give out information domain name and apart from thresholding be equal to parameter d1, by the interface ID of the domain route table items
It is updated to u1, maximum value, such as 500ms is set by life cycle, executes step 109;
Step 105: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain
The domain name of route table items is equal to the domain name of the source address to give out information and is less than parameter d1 apart from thresholding, if it is present holding
Row step 110, it is no to then follow the steps 106;
Step 106: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain
The domain name of route table items is equal to the domain name of the source address to give out information, if it is present executing step 107, otherwise executes step
Rapid 108;
Step 107: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items
Domain name be equal to the source address to give out information domain name, the interface ID of the domain route table items is updated to u1, will be apart from thresholding
The parameter d1 being updated in the load that gives out information, sets maximum value for life cycle, executes step 109;
Step 108: receiving the router to give out information from interface u1 and create a domain route table items, the domain route table items
Domain name be equal to the domain name of the source address to give out information, the interface ID of the domain route table items is equal to u1, and being equal to apart from thresholding should
The parameter d1 to give out information in loading, sets maximum value for life cycle;
Step 109: the router that gives out information is received from interface u1 from all Upstream Interface other than interface u1
It forwards this to give out information, executes step 103;
Step 110: terminating;
If a router detects that the life cycle of a domain route table items decays to 0, the domain routing table is deleted
?.
Fig. 2 establishes this surface flow journey schematic diagram to be of the present invention.Each router or interchanger save a sheet
Earth's surface, each local list item includes location name domain, the domain interface ID and life cycle domain;
If the location name of access node AP1 is LN1, the hash function of access node AP1 is H2, access node AP1
According to the cryptographic Hash HLN1 of formula (3) calculating position title LN1;
HLN1=H2 (LN1) formula (3)
Access node AP1 is periodically executed operations described below and establishes this earth's surface:
Step 201: starting;
Step 202: access node AP1 creates an address, and the location name of the address is HLN1, domain name and device name
For sky;Access node AP1 from wireline interface send it is local give out information, during which gives out information, source address be the ground constructed
Location, destination address are sky, are loaded as sky;
Step 203: judgement is that router from downstream interface u2 or interchanger from downstream interface u3 receives local publication
Message thens follow the steps 206 if it is router, no to then follow the steps 204;
Step 204: interchanger receives local give out information from downstream interface u3;The interchanger judges whether there is one
Local list item, the location name of the local list item are that the local gives out information the location name of source address;If it does, the exchange
The interface ID of the local list item is updated to u3 by machine, sets maximum value, such as 500ms for life cycle, otherwise the interchanger
Create a local list item, the location name of the local list item gives out information the location name of source address for the local, interface ID
Thresholding is u3, and life cycle is set as maximum value;
Step 205: receiving the interchanger locally to give out information from downstream interface u3 and forward the local to send out from Upstream Interface
Cloth message executes step 203;
Step 206: router receives local give out information from downstream interface u2;The router judges whether there is one
Local list item, the location name of the local list item are equal to the local and give out information the location name of source address;If it does, the road
The interface ID of the local list item is updated to u2 by device, sets maximum value, such as 500ms for life cycle;Otherwise the routing
Device creates a local list item, and the location name of the local list item gives out information the location name of source address equal to the local, connects
Mouth ID thresholding is u2, and life cycle is set as maximum value;
Step 207: terminating;
If a router or interchanger detect that the life cycle of a local list item decays to 0, deleting should
Local list item.
Fig. 3 is local communication flow diagram of the present invention.After server starting, periodically sends server publication and disappear
Breath, the source address which gives out information are sky, and destination address is sky, are loaded as sky, the router connecting with the server
It is received after the server gives out information from interface f1, interface f1 is saved as to the interface connecting with server;
It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, the domain of router R1
Entitled DN1, server S 1 are connected with router R1, and the device name of equipment V1 is VN1, are located in the D1 of domain, with access node AP1
Link is connected, and under conditions of the location name of access node AP1 is LN1, server S 1 is realized and equipment V1 by following processes
Communication:
Step 301: starting;
Step 302: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position
The location name of list item, the position list item is equal to location name LN1, selects an equipment list item, the implementor name of the equipment list item
Claim to be equal to device name VN1;Server S 1 calculates the cryptographic Hash HDN1 of domain name DN1 using the hash function for the domain list item chosen,
Using the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, the equipment list item chosen is utilized
The server name ESN1 that key thresholding encryption server title SN1 is encrypted;Server S 1 constructs the address of oneself, the ground
In location, domain name HDN1, location name is sky, and server name is known as ESN1;Server S 1 constructs the address of equipment V1, the address
In, domain name HDN1, location name HLN1, device name are the device name encrypted in the equipment list item chosen;Server
S1 sends a request message, and the source address of the request message is the address of oneself, and destination address is the address of equipment V1, load
For sky;Router R1 checks this earth's surface after receiving the request message, selects a local list item, the location name of the local list item
Claim the location name for being equal to the request message destination address, the interface forwarding identified from the domain interface ID for the local list item chosen
The request message;
Step 303: judging whether access node AP1 from wireline interface receives the request message, be to then follow the steps
305, no to then follow the steps 304:
Step 304: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 303;
Step 305: access node AP1 forwards the request message from wireless interface;After equipment receives request message, utilize
The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted;If encrypted device name
Equal to the device name of the destination address of the request message received, 306 are thened follow the steps, it is no to then follow the steps 310;
Step 306: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains
The response data of encryption;The equipment sends a response message, and the source address of the response message is the destination of the request message
Location, the destination address of the response message are equal to the source address of the request message, load the response data for encryption;Access node
After AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface;
Step 307: if router R1 receives the response message, then follow the steps 309, it is no to then follow the steps 308;
Step 308: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 307;
Step 309: router R1 forwards the response message received from the downstream interface connecting with server S 1;Server
After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message
The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item,
It is final to obtain response data and save the response data;
Step 310: terminating.
Fig. 4 is that local data of the present invention obtains flow diagram.It is known as SN1 in the server name of server S 1,
In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1, in network
The shared key of server is k2, and the location name of access node AP1 is LN1, and under conditions of being located in the D1 of domain, server S 1 is logical
Following processes are crossed to realize and the communication of the access node AP1 all devices being connected:
Step 401: starting;
Step 402: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position
The location name of list item, the position list item is equal to location name LN1;Server S 1 utilizes the hash function meter for the domain list item chosen
The cryptographic Hash HDN1 for calculating domain name DN1, utilizes the cryptographic Hash of the hash function calculating position title LN1 for the position list item chosen
HLN1, the server name ESN1 encrypted using key k2 encryption server title SN1;Server S 1 constructs the ground of oneself
Location, in the address, domain name HDN1, location name is sky, and server name is known as ESN1;Server S 1 constructs an address A1,
In the address, domain name HDN1, location name HLN1, device name are sky;Server S 1 sends a request message, this is asked
Ask the source address of message for the address of oneself, destination address is address A1, is loaded as sky;Router R1 receives the request message
After check this earth's surface, select a local list item, the position of the location name of the local list item equal to the request message destination address
Title is set, the interface identified from the domain interface ID for the local list item chosen forwards the request message;
Step 403: if access node AP1 receives the request message from wireline interface, thening follow the steps 405, otherwise
Execute step 404:
Step 404: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 403;
Step 405: access node AP1 forwards the request message from wireless interface;
Step 406: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation and obtains
The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself;The equipment
An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message
Title is set, the device name of the address is the device name of encryption, sends a response message, the source address of the response message is
The address of building, the destination address of the response message are equal to the source address of the request message, load the response data for encryption;It connects
After ingress AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface;
Step 407: if router R1 receives the response message, then follow the steps 409, it is no to then follow the steps 408;
Step 408: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 407;
Step 409: router R1 forwards the response message received from the downstream interface connecting with server S 1;Server
After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message
The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item,
It is final to obtain response data and save the response data;
Step 410: terminating.
Fig. 5 is telecommunication flow diagram of the present invention.It is known as SN1 in the server name of server S 1, is located at
In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1;Server S 2
Server name is known as SN2, is located in the D2 of domain, and the router of domain D2 is R2, and the domain name of router R2 is DN2, server S 2 and road
It is connected by device R2, the device name of equipment V2 is VN2, it is located in the D2 of domain, is connected with access node AP2 link, access node AP2
Location name be LN2, under conditions of the shared key of server is k2 in network, server S 1 realized by following processes and
The communication of equipment V2:
Step 501: starting;
Step 502: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1;Server S 1 utilizes
The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item
Domain name be equal to domain name DN2;Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen;
The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken
The server name ESN3 that business device title SN2 is encrypted;Server S 1 utilizes key k2 encrypted location title LN2 and implementor name
The data E3 for claiming VN2 to be encrypted;Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is
Sky, server name are known as ESN2;Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is
Sky, server name are known as ESN3;Server S 1 sends a remote request message, and the source address of the remote request message is oneself
Address, destination address be server S 2 address, load as encryption data E3;Router R1 receives the remote request message
After check domain routing table, select a domain route table items, the domain name of the domain route table items is equal to the remote request message destination
The domain name of location, the interface identified from the domain interface ID for the domain route table items chosen forward the remote request message;
Step 503: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 505, otherwise
Execute step 504;
Step 504: router selects a domain route table items, the domain of the domain route table items after receiving remote request message
Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote request message is sent out, step 503 is executed;
Step 505: router R2 forwards the remote request message received from the interface being connected with server S 2;Server
After S2 receives remote request message, location name is obtained using the encryption data E3 in the load of key k2 decrypted remote request message
Claim LN2 and device name VN2;Server S 2 selects a position list item, and the location name of the position list item is equal to location name
LN2, selects an equipment list item, and the device name of the equipment list item is equal to device name VN2;Server S 2 utilizes the position chosen
The cryptographic Hash HLN2 for setting the hash function calculating position title LN2 of list item is encrypted using the key thresholding for the equipment list item chosen
The server name ESN2 that server name SN2 is encrypted;Server S 2 constructs oneself address, and in the address, domain name is
The domain name of the destination address of the remote request message received, location name are sky, and server name is known as ESN2;2 structure of server S
Build the address of standby V2, in the address, domain name is the domain name of the destination address of the remote request message received, and location name is
HLN2, device name are the encryption device name for the equipment list item chosen;Server S 2 sends a request message, the request
The source address of message is the address of oneself, and destination address is the address of equipment V2, is loaded as the source address of the remote request message;
Router R2 checks this earth's surface after receiving the request message, selects a local list item, the location name etc. of the local list item
In the location name of the request message destination address, the interface identified from the domain interface ID for the local list item chosen forwards this to ask
Seek message;
Step 506: if access node AP2 receives the request message from wireline interface, thening follow the steps 508, otherwise
Execute step 507:
Step 507: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 506;
Step 508: access node AP2 forwards the request message from wireless interface;After equipment receives request message, utilize
The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted;If encrypted device name
Equal to the device name of the destination address of the request message received, 509 are thened follow the steps, it is no to then follow the steps 516;
Step 509: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains
The response data of encryption;The equipment sends a response message, and the source address of the response message is the destination of the request message
Location, the destination address of the response message are equal to the source address of the request message, load as the response data of encryption and the request
Address in Message Payload;After access node AP2 receives the response message from wireless interface, the response is forwarded from wireline interface
Message;
Step 510: if router R2 receives the response message, then follow the steps 512, it is no to then follow the steps 511;
Step 511: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 510;
Step 512: router R2 forwards the response message received from the downstream interface connecting with server S 2;Server
After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source
The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item;Clothes
Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2
Title ESN3;Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message,
Location message is sky, and server name is known as the server name ESN3 encrypted;Server S 2 sends a remote response message, should
The source address of remote response message is the address of building, and destination address is the address in the response message load received, load
For the response data of encryption;Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table
, the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen
The interface that the domain mouth ID is identified forwards the remote response message;
Step 513: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 515, otherwise
Execute step 514;
Step 514: router selects a domain route table items, the domain of the domain route table items after receiving remote response message
Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote response message is sent out, step 513 is executed;
Step 515: router R1 forwards the remote response message received from the interface being connected with server S 1;Server
After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message
Data save response data;
Step 516: terminating.
Fig. 6 is Remote data service flow diagram of the present invention.It is known as SN1 in the server name of server S 1,
In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1, server
The server name of S2 is known as SN2, is located in the D2 of domain, and the router of domain D2 is R2, and the domain name of router R2 is DN2, server S 2
It is connected with router R2, the location name of access node AP2 is LN2, is located in the D2 of domain, and the shared key of server is in network
Under conditions of k2, server S 1 is realized and the communication of the access node AP2 all devices being connected by following processes:
Step 601: starting;
Step 602: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1;Server S 1 utilizes
The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item
Domain name be equal to domain name DN2;Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen;
The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken
The server name ESN3 that business device title SN2 is encrypted;Server S 1 is encrypted using key k2 encrypted location title LN2
Data E4;Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, and server name is known as
ESN2;Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, and server name is known as
ESN3;Server S 1 sends a remote request message, and the source address of the remote request message is the address of oneself, destination address
For the address of server S 2, load as encryption data E4;Router R1 checks domain routing table after receiving the remote request message,
Select a domain route table items, the domain name of the domain route table items is equal to the domain name of the remote request message destination address, from choosing
The interfaces that are identified of the domain interface ID of domain route table items forward the remote request message;
Step 603: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 605, otherwise
Execute step 604;
Step 604: router selects a domain route table items, the domain of the domain route table items after receiving remote request message
Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote request message is sent out, step 603 is executed;
Step 605: router R2 forwards the remote request message received from the interface being connected with server S 2;Server
After S2 receives remote request message, location name is obtained using the encryption data E4 in the load of key k2 decrypted remote request message
Claim LN2;Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2;2 benefit of server S
With the cryptographic Hash HLN2 of the hash function calculating position title LN2 for the position list item chosen, the close of the equipment list item chosen is utilized
The server name ESN2 that key thresholding encryption server title SN2 is encrypted,;Server S 2 constructs the address of oneself, the ground
In location, domain name is the domain name of the destination address of the remote request message received, and location name is sky, and server name is known as
ESN2;In the building of server S 2 one address A2, address A2, domain name is the destination address of the remote request message received
Domain name, location name HLN2, device name are sky;Server S 2 sends a request message, the source address of the request message
For the address of oneself, destination address is address A2, is loaded as the source address of the remote request message;Router R2 receives this and asks
This earth's surface is checked after seeking message, selects a local list item, and the location name of the local list item is equal to the request message destination
The location name of location, the interface identified from the domain interface ID for the local list item chosen forward the request message;
Step 606: if access node AP2 receives the request message from wireline interface, thening follow the steps 608, otherwise
Execute step 607:
Step 607: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item
Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified
Mouth forwards the request message, executes step 606;
Step 608: after access node AP2 receives request message from wireline interface, forwarding the request to disappear from wireless interface
Breath;
Step 609: after equipment receives request message, executing cryptographic operation using the key pair response data of oneself and obtain
The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself;The equipment
An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message
Title is set, the device name of the address is the device name of encryption, which sends a response message, the source of the response message
Address is the address of building, and the destination address of the response message is equal to the source address of the request message, loads the response for encryption
Address in data and request message load;After access node AP2 receives the response message from wireless interface, from wired
Interface forwards the response message;
Step 610: if router R2 receives the response message, then follow the steps 612, it is no to then follow the steps 611;
Step 611: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes
Step 610;
Step 612: router R2 forwards the response message received from the downstream interface connecting with server S 2;Server
After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source
The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item;Clothes
Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2
Title ESN3;Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message,
Location message is sky, and server name is known as the server name ESN3 encrypted;Server S 2 sends a remote response message, should
The source address of remote response message is the address of building, and destination address is the address in the response message load received, load
For the response data of encryption;Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table
, the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen
The interface that the domain mouth ID is identified forwards the remote response message;
Step 613: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 615, otherwise
Execute step 614;
Step 614: router selects a domain route table items, the domain of the domain route table items after receiving remote response message
Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns
The remote response message is sent out, step 613 is executed;
Step 615: router R1 forwards the remote response message received from the interface being connected with server S 1;Server
After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message
Data save response data;
Step 616: terminating.
Embodiment 1
Based on the simulation parameter of table 1, the present embodiment simulates the safe and reliable future network communication of one of present invention
Implementation method, performance evaluation are as follows: when volume of transmitted data is big, data communication delays are larger, when volume of transmitted data is smaller, number
Smaller according to communication delay, average data communication delay is 1023ms.
1 simulation parameter of table
The present invention provides a kind of thinkings of safe and reliable future network Realization Method of Communication, implement the technical side
There are many method and approach of case, the above is only a preferred embodiment of the present invention, it is noted that for the art
For those of ordinary skill, various improvements and modifications may be made without departing from the principle of the present invention, these improvement
It also should be regarded as protection scope of the present invention with retouching.The available prior art of each component part being not known in the present embodiment is subject to
It realizes.