CN108933657A - A kind of safe and reliable future network Realization Method of Communication - Google Patents

Abstract

The present invention provides a kind of safe and reliable future network Realization Method of Communication, and the future network includes router, interchanger, access node, equipment and server；Future network is divided into more than two domains, and each domain includes a server, a router, more than two interchangers, more than two access nodes and more than two equipment；Provided implementation method can obtain safely the data service of network offer to equipment through the invention, it can ensure Information Security simultaneously, shorten data acquisition delay and cost, it improves service quality, present invention can apply to the transmission of important information, such as the fields such as road conditions monitoring, vehicle management, it is with a wide range of applications.

Description

A kind of safe and reliable future network Realization Method of Communication

Technical field

The present invention relates to a kind of Realization Method of Communication, more particularly to a kind of safe and reliable future network to communicate and realize Method.

Background technique

Future network can be realized the multi-hop wireless communication between node and node as a kind of Novel Communication network.With Continuing to bring out for the continuous development of network technology and various new opplications, there is an urgent need to realize future network communication to meet use The application demand of family sharp increase.

Future network is as a kind of specific type, it and data grid technology, and traditional network is centered on address, therefore simultaneously It is unfavorable for the acquisition of data.For example, in an ip network, data are provided by destination node that purpose IP address determines, if should Destination node failure, then can not just provide data.And future network is data-centered, any node can provide number According to so as to shorten the delay and cost of data acquisition.

But how to realize that future network also needs further to study and inquire into.

Summary of the invention

Goal of the invention: can the technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide a kind of safety The future network Realization Method of Communication leaned on.

Technical solution: the invention discloses a kind of safe and reliable future network Realization Method of Communication, the future networks Including router, interchanger, access node, equipment and server；Future network is divided into more than two domains, and each domain includes One server, a router, more than two interchangers, more than two access nodes and more than two equipment；

One router has more than two Upstream Interface and more than two downstream interfaces, and the Upstream Interface is under Swimming interface is wireline interface, and each Upstream Interface is connected with a router, the downstream interface and server of router It is connected, remaining downstream interface is connected with interchanger；One interchanger has a Upstream Interface and more than two downstream interfaces, The Upstream Interface and downstream interface are wireline interface, and a Upstream Interface is connected with router or interchanger, under one Trip interface is connected with interchanger or access node；One access node has a wireline interface and a wireless interface, has Line interface is connected with interchanger, and wireless interface is connected with equipment；One equipment has a wireless interface, the wireless interface and access Node is connected；One server has a wireline interface, which is connected with router；Each interface by interface ID only One mark；

One router is by domain name unique identification, such as cslg/N6；One access node by location name unique identification, For describing the location information where the access node, such as CS/402, i.e. 402 laboratory of School of Computer Science；One equipment by One device name unique identification, device name have uniqueness in a domain；One server is by a server name Unique identification, server name have uniqueness in a domain；Interchanger does not need any name identification；

One router, one address of access node or device configuration is for communicating, and an address is by domain name, location name Claim and device name is constituted；The location name and device name of router are sky；The device name of access node is sky；One The domain name of equipment, location name and device name are not sky；

One server configures an address for communicating, and an address is by domain name, location name and server name It constitutes, the location name of the address is sky；

Server saves an equipment list, a position table and a domain table；One equipment list item is by device name, encryption Device name and key domain constitute；One position list item is made of location name domain and hash function domain；One domain list item It is made of domain name and hash function domain；

One device configuration, one code key, a location name configure a hash function, and a domain name configures a Kazakhstan Uncommon function；The code key and hash function are saved and are signed and issued by Third Party Authentication data center computer, and an equipment is to Tripartite's authentication data central computer is registered the code key to obtain oneself；Access node is counted to Third Party Authentication data center Calculation machine is registered the one-way Hash function to obtain oneself；Router is registered to Third Party Authentication data center computer To obtain oneself one-way Hash function；All servers share a key in network；

The equipment that server is registered to Third Party Authentication data center computer to obtain all devices in the domain of place Title and code key, the location name and one-way Hash function of all access nodes, the domain name and list of all-router in network The shared key of Servers-all into hash function and network；

Where server obtains in domain after the device name and code key of all devices, for each equipment, server wound An equipment list item is built, the device name of the equipment list item is the device name DV ' of the equipment, and key thresholding is the close of the equipment Key k ', the device name of encryption are the EDV ' being calculated according to formula (1), in formula (1), Encrypt1 be one it is symmetrical plus Close algorithm, such as DES (Data Encryption Standard, data encryption standards)；

EDV '=Encrypt1 (DV ', k ') formula (1)

Server obtain where in domain after the location name of all access nodes and hash function, for each access section Point, the server create a position list item, and the location name of the position list item is the location name of the access node, Hash letter Number field value is the hash function of access node configuration；

Server obtain in a network after the domain name of all-router and hash function, for each router, the clothes Business device creates a domain list item, and the domain name of the domain list item is the domain name of the router, and hash function thresholding is the configuration of routers Hash function；

Each router safeguards a domain routing table, and a domain route table items include domain name, interface ID, distance and life Period region；

The domain name of router R1 is DN1, the cryptographic Hash HDN of hash function H1, domain name DN1, as shown in formula (2)；

HDN1=H1 (DN1) formula (2)

Router R1 is periodically executed following processes and establishes domain routing table:

Step 101: starting；

Step 102: router R1 creates an address, which is HDN1, and location name and device name are sky；Road It sends one from each Upstream Interface by device R1 to give out information, which is the address of creation, destination address For sky, load as parameter d1, initial value 0；

Step 103: router is received from interface u1 give out information after, by this give out information load in parameter d1 value pass Increase 1；A domain route table items are judged whether there is, the domain name of the domain route table items is equal to the domain name of the source address to give out information And it is equal to parameter d1 apart from thresholding, and it is to then follow the steps 104, it is no to then follow the steps 105；

Step 104: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items Domain name be equal to the source address to give out information domain name and apart from thresholding be equal to parameter d1, by the interface ID of the domain route table items It is updated to u1, maximum value, such as 500ms is set by life cycle, executes step 109；

Step 105: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain The domain name of route table items is equal to the domain name of the source address to give out information and is less than parameter d1 apart from thresholding, if it is present holding Row step 110, it is no to then follow the steps 106；

Step 106: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain The domain name of route table items is equal to the domain name of the source address to give out information, if it is present executing step 107, otherwise executes step Rapid 108；

Step 107: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items Domain name be equal to the source address to give out information domain name, the interface ID of the domain route table items is updated to u1, will be apart from thresholding The parameter d1 being updated in the load that gives out information, sets maximum value for life cycle, executes step 109；

Step 108: receiving the router to give out information from interface u1 and create a domain route table items, the domain route table items Domain name be equal to the domain name of the source address to give out information, the interface ID of the domain route table items is equal to u1, and being equal to apart from thresholding should The parameter d1 to give out information in loading, sets maximum value for life cycle；

Step 109: the router that gives out information is received from interface u1 from all Upstream Interface other than interface u1 It forwards this to give out information, executes step 103；

Step 110: terminating；

If a router detects that the life cycle of a domain route table items decays to 0, the domain routing table is deleted ?.

Router establishes routing table by the above process, to obtain the routed path for reaching purpose router, above-mentioned mistake Journey reduces data communication delays and cost by controlling the length of routed path apart from thresholding；In addition, the above process The validity and real-time for ensuring routing iinformation by life cycle, from the success rate for ensuring data communication.

In the method for the invention, each router or interchanger save this earth's surface, and each local list item includes Location name domain, the domain interface ID and life cycle domain；

If the location name of access node AP1 is LN1, the hash function of access node AP1 is H2, access node AP1 According to the cryptographic Hash HLN1 of formula (3) calculating position title LN1；

HLN1=H2 (LN1) formula (3)

Access node AP1 is periodically executed operations described below and establishes this earth's surface:

Step 201: starting；

Step 202: access node AP1 creates an address, and the location name of the address is HLN1, domain name and device name For sky；Access node AP1 from wireline interface send it is local give out information, during which gives out information, source address be the ground constructed Location, destination address are sky, are loaded as sky；

Step 203: judgement is that router from downstream interface u2 or interchanger from downstream interface u3 receives local publication Message thens follow the steps 206 if it is router, no to then follow the steps 204；

Step 204: interchanger receives local give out information from downstream interface u3；The interchanger judges whether there is one Local list item, the location name of the local list item are that the local gives out information the location name of source address；If it does, the exchange The interface ID of the local list item is updated to u3 by machine, sets maximum value, such as 500ms for life cycle, otherwise the interchanger Create a local list item, the location name of the local list item gives out information the location name of source address for the local, interface ID Thresholding is u3, and life cycle is set as maximum value；

Step 205: receiving the interchanger locally to give out information from downstream interface u3 and forward the local to send out from Upstream Interface Cloth message executes step 203；

Step 206: router receives local give out information from downstream interface u2；The router judges whether there is one Local list item, the location name of the local list item are equal to the local and give out information the location name of source address；If it does, the road The interface ID of the local list item is updated to u2 by device, sets maximum value, such as 500ms for life cycle；Otherwise the routing Device creates a local list item, and the location name of the local list item gives out information the location name of source address equal to the local, connects Mouth ID thresholding is u2, and life cycle is set as maximum value；

Step 207: terminating；

If a router or interchanger detect that the life cycle of a local list item decays to 0, deleting should Local list item.

Access node establishes this earth's surface by the above process, to obtain the relevant information of access node, passes through interface ID Thresholding realizes the correct forwarding of message, so that it is guaranteed that the correctness of data communication；The above process ensures to connect by life cycle The validity and real-time of ingress information, from the success rate for ensuring data communication.

In the method for the invention, after server starting, periodically sends server and give out information, which gives out information Source address be sky, destination address be sky, load as sky, the router connecting with the server receives the service from interface f1 After device gives out information, interface f1 is saved as to the interface connecting with server；

It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, the domain of router R1 Entitled DN1, server S 1 are connected with router R1, and the device name of equipment V1 is VN1, are located in the D1 of domain, with access node AP1 Link is connected, and under conditions of the location name of access node AP1 is LN1, server S 1 is realized and equipment V1 by following processes Communication:

Step 301: starting；

Step 302: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position The location name of list item, the position list item is equal to location name LN1, selects an equipment list item, the implementor name of the equipment list item Claim to be equal to device name VN1；Server S 1 calculates the cryptographic Hash HDN1 of domain name DN1 using the hash function for the domain list item chosen, Using the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, the equipment list item chosen is utilized The server name ESN1 that key thresholding encryption server title SN1 is encrypted；Server S 1 constructs the address of oneself, the ground In location, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs the address of equipment V1, the address In, domain name HDN1, location name HLN1, device name are the device name encrypted in the equipment list item chosen；Server S1 sends a request message, and the source address of the request message is the address of oneself, and destination address is the address of equipment V1, load For sky；Router R1 checks this earth's surface after receiving the request message, selects a local list item, the location name of the local list item Claim the location name for being equal to the request message destination address, the interface forwarding identified from the domain interface ID for the local list item chosen The request message；

Step 303: judging whether access node AP1 from wireline interface receives the request message, be to then follow the steps 305, no to then follow the steps 304:

Step 304: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 303；

Step 305: access node AP1 forwards the request message from wireless interface；After equipment receives request message, utilize The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted；If encrypted device name Equal to the device name of the destination address of the request message received, 306 are thened follow the steps, it is no to then follow the steps 310；

Step 306: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains The response data of encryption；The equipment sends a response message, and the source address of the response message is the destination of the request message Location, the destination address of the response message are equal to the source address of the request message, load the response data for encryption；Access node After AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 307: if router R1 receives the response message, then follow the steps 309, it is no to then follow the steps 308；

Step 308: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 307；

Step 309: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, It is final to obtain response data and save the response data；

Step 310: terminating.

Server is realized communicated with the equipment in this domain by the above process；The above process passes through the interface of this earth's surface ID thresholding realizes the correct forwarding of data, so that it is guaranteed that the correctness of data communication；In addition, the above process is by encrypting come real The safety of data communication is showed.

In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1, and the shared key of server is k2 in network, is connect The location name of ingress AP1 is LN1, and under conditions of being located in the D1 of domain, server S 1 is realized by following processes and saved with access The communication of point AP1 connected all devices:

Step 401: starting；

Step 402: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position The location name of list item, the position list item is equal to location name LN1；Server S 1 utilizes the hash function meter for the domain list item chosen The cryptographic Hash HDN1 for calculating domain name DN1, utilizes the cryptographic Hash of the hash function calculating position title LN1 for the position list item chosen HLN1, the server name ESN1 encrypted using key k2 encryption server title SN1；Server S 1 constructs the ground of oneself Location, in the address, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs an address A1, In the address, domain name HDN1, location name HLN1, device name are sky；Server S 1 sends a request message, this is asked Ask the source address of message for the address of oneself, destination address is address A1, is loaded as sky；Router R1 receives the request message After check this earth's surface, select a local list item, the position of the location name of the local list item equal to the request message destination address Title is set, the interface identified from the domain interface ID for the local list item chosen forwards the request message；

Step 403: if access node AP1 receives the request message from wireline interface, thening follow the steps 405, otherwise Execute step 404:

Step 404: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 403；

Step 405: access node AP1 forwards the request message from wireless interface；

Step 406: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation and obtains The response data of encryption, the device name encrypted using the device name of the key pair oneself of oneself；This sets One address of standby building, the domain name and location name of the address be respectively equal to receive the domain name of the destination address of request message and Location name, the device name of the address are the device name of encryption, send a response message, the source address of the response message For the address of building, the destination address of the response message is equal to the source address of the request message, loads the response data for encryption； After access node AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 407: if router R1 receives the response message, then follow the steps 409, it is no to then follow the steps 408；

Step 408: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 407；

Step 409: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, It is final to obtain response data and save the response data；

Step 410: terminating.

Server realizes that all devices being connected with an access node are communicated by the above process；The above process is logical Encryption is crossed to realize the safety of data communication, in this way, malicious node can not obtain the data of network transmission, in addition, above-mentioned Process realizes the correct forwarding of data by the interface ID thresholding of this earth's surface, so that it is guaranteed that the correctness of data communication.

In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1；The server name of server S 2 is known as SN2, position In the D2 of domain, the router of domain D2 is R2, and the domain name of router R2 is DN2, and server S 2 is connected with router R2, equipment V2's Device name is VN2, is located in the D2 of domain, is connected with access node AP2 link, and the location name of access node AP2 is LN2, net Under conditions of the shared key of server is k2 in network, server S 1 realizes the communication with equipment V2 by following processes:

Step 501: starting；

Step 502: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 utilizes The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item Domain name be equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen； The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken The server name ESN3 that business device title SN2 is encrypted；Server S 1 utilizes key k2 encrypted location title LN2 and implementor name The data E3 for claiming VN2 to be encrypted；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is Sky, server name are known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is Sky, server name are known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is oneself Address, destination address be server S 2 address, load as encryption data E3；Router R1 receives the remote request message After check domain routing table, select a domain route table items, the domain name of the domain route table items is equal to the remote request message destination The domain name of location, the interface identified from the domain interface ID for the domain route table items chosen forward the remote request message；

Step 503: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 505, otherwise Execute step 504；

Step 504: router selects a domain route table items, the domain of the domain route table items after receiving remote request message Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote request message is sent out, step 503 is executed；

Step 505: router R2 forwards the remote request message received from the interface being connected with server S 2；Server After S2 receives remote request message, location name is obtained using the encryption data E3 in the load of key k2 decrypted remote request message Claim LN2 and device name VN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2, selects an equipment list item, and the device name of the equipment list item is equal to device name VN2；Server S 2 utilizes the position chosen The cryptographic Hash HLN2 for setting the hash function calculating position title LN2 of list item is encrypted using the key thresholding for the equipment list item chosen The server name ESN2 that server name SN2 is encrypted；Server S 2 constructs oneself address, and in the address, domain name is The domain name of the destination address of the remote request message received, location name are sky, and server name is known as ESN2；2 structure of server S Build the address of standby V2, in the address, domain name is the domain name of the destination address of the remote request message received, and location name is HLN2, device name are the encryption device name for the equipment list item chosen；Server S 2 sends a request message, the request The source address of message is the address of oneself, and destination address is the address of equipment V2, is loaded as the source address of the remote request message； Router R2 checks this earth's surface after receiving the request message, selects a local list item, the location name etc. of the local list item In the location name of the request message destination address, the interface identified from the domain interface ID for the local list item chosen forwards this to ask Seek message；

Step 506: if access node AP2 receives the request message from wireline interface, thening follow the steps 508, otherwise Execute step 507:

Step 507: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 506；

Step 508: access node AP2 forwards the request message from wireless interface；After equipment receives request message, utilize The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted；If encrypted device name Equal to the device name of the destination address of the request message received, 509 are thened follow the steps, it is no to then follow the steps 516；

Step 509: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains The response data of encryption；The equipment sends a response message, and the source address of the response message is the destination of the request message Location, the destination address of the response message are equal to the source address of the request message, load as the response data of encryption and the request Address in Message Payload；After access node AP2 receives the response message from wireless interface, the response is forwarded from wireline interface Message；

Step 510: if router R2 receives the response message, then follow the steps 512, it is no to then follow the steps 511；

Step 511: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 510；

Step 512: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item；Clothes Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2 Title ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, Location message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, should The source address of remote response message is the address of building, and destination address is the address in the response message load received, load For the response data of encryption；Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table , the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen The interface that the domain mouth ID is identified forwards the remote response message；

Step 513: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 515, otherwise Execute step 514；

Step 514: router selects a domain route table items, the domain of the domain route table items after receiving remote response message Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote response message is sent out, step 513 is executed；

Step 515: router R1 forwards the remote response message received from the interface being connected with server S 1；Server After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message Data save response data；

Step 516: terminating.

Server is realized communicated with remote equipment by the above process；The above process realizes data by routing table Correct route, due to data routed path be shortest path, reduce data communication delays and cost；On in addition, Stating process realizes the safety of data communication by encrypting.

In the method for the invention, it is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 Domain name for R1, router R1 is DN1, and server S 1 is connected with router R1, and the server name of server S 2 is known as SN2, position In the D2 of domain, the router of domain D2 is R2, and the domain name of router R2 is DN2, and server S 2 is connected with router R2, access node The location name of AP2 is LN2, is located in the D2 of domain, and under conditions of the shared key of server is k2 in network, server S 1 passes through Following processes are realized and the communication of the access node AP2 all devices being connected:

Step 601: starting；

Step 602: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 utilizes The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item Domain name be equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen； The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken The server name ESN3 that business device title SN2 is encrypted；Server S 1 is encrypted using key k2 encrypted location title LN2 Data E4；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, and server name is known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, and server name is known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is the address of oneself, destination address For the address of server S 2, load as encryption data E4；Router R1 checks domain routing table after receiving the remote request message, Select a domain route table items, the domain name of the domain route table items is equal to the domain name of the remote request message destination address, from choosing The interfaces that are identified of the domain interface ID of domain route table items forward the remote request message；

Step 603: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 605, otherwise Execute step 604；

Step 604: router selects a domain route table items, the domain of the domain route table items after receiving remote request message Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote request message is sent out, step 603 is executed；

Step 605: router R2 forwards the remote request message received from the interface being connected with server S 2；Server After S2 receives remote request message, location name is obtained using the encryption data E4 in the load of key k2 decrypted remote request message Claim LN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2；2 benefit of server S With the cryptographic Hash HLN2 of the hash function calculating position title LN2 for the position list item chosen, the close of the equipment list item chosen is utilized The server name ESN2 that key thresholding encryption server title SN2 is encrypted,；Server S 2 constructs the address of oneself, the ground In location, domain name is the domain name of the destination address of the remote request message received, and location name is sky, and server name is known as ESN2；In the building of server S 2 one address A2, address A2, domain name is the destination address of the remote request message received Domain name, location name HLN2, device name are sky；Server S 2 sends a request message, the source address of the request message For the address of oneself, destination address is address A2, is loaded as the source address of the remote request message；Router R2 receives this and asks This earth's surface is checked after seeking message, selects a local list item, and the location name of the local list item is equal to the request message destination The location name of location, the interface identified from the domain interface ID for the local list item chosen forward the request message；

Step 606: if access node AP2 receives the request message from wireline interface, thening follow the steps 608, otherwise Execute step 607:

Step 607: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 606；

Step 608: after access node AP2 receives request message from wireline interface, forwarding the request to disappear from wireless interface Breath；

Step 609: after equipment receives request message, executing cryptographic operation using the key pair response data of oneself and obtain The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself；The equipment An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message Title is set, the device name of the address is the device name of encryption, which sends a response message, the source of the response message Address is the address of building, and the destination address of the response message is equal to the source address of the request message, loads the response for encryption Address in data and request message load；After access node AP2 receives the response message from wireless interface, from wired Interface forwards the response message；

Step 610: if router R2 receives the response message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 610；

Step 612: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item；Clothes Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2 Title ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, Location message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, should The source address of remote response message is the address of building, and destination address is the address in the response message load received, load For the response data of encryption；Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table , the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen The interface that the domain mouth ID is identified forwards the remote response message；

Step 613: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 615, otherwise Execute step 614；

Step 614: router selects a domain route table items, the domain of the domain route table items after receiving remote response message Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote response message is sent out, step 613 is executed；

Step 615: router R1 forwards the remote response message received from the interface being connected with server S 1；Server After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message Data save response data；

Step 616: terminating.

Server realizes that all devices being connected with remote access node are communicated by the above process；The above process is logical Encryption is crossed to realize the safety of data communication, in this way, malicious node can not obtain the data of network transmission, in addition, above-mentioned Process realizes the correct forwarding of data by routing table, since the routed path of data is shortest path, reduces number According to communication delay and cost.

The utility model has the advantages that the present invention provides a kind of safe and reliable future network Realization Method of Communication, equipment passes through this hair Implementation method provided by bright can obtain safely the data service of network offer, while can ensure Information Security, shorten number According to delay and cost is obtained, improve service quality, present invention can apply to the transmission of important information, such as road conditions monitoring, The fields such as vehicle management, are with a wide range of applications.

Detailed description of the invention

The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, of the invention is above-mentioned And/or otherwise advantage will become apparent.

Fig. 1 establishes domain routing table flow diagram to be of the present invention.

Fig. 2 establishes this surface flow journey schematic diagram to be of the present invention.

Fig. 3 is local communication flow diagram of the present invention.

Fig. 4 is that local data of the present invention obtains flow diagram.

Fig. 5 is telecommunication flow diagram of the present invention.

Fig. 6 is Remote data service flow diagram of the present invention.

Specific embodiment:

The present invention provides a kind of safe and reliable future network Realization Method of Communication, equipment is provided through the invention Implementation method can obtain safely the data service of network offer, while can ensure Information Security, shorten data acquisition delay And cost, it improves service quality, present invention can apply to transmission of important information, such as road conditions monitoring, vehicle management etc. Field is with a wide range of applications.

Fig. 1 establishes domain routing table flow diagram to be of the present invention.The future network includes router, exchange Machine, access node, equipment and server；Future network is divided into more than two domains, and each domain includes a server, one Router, more than two interchangers, more than two access nodes and more than two equipment；

One router has more than two Upstream Interface and more than two downstream interfaces, and the Upstream Interface is under Swimming interface is wireline interface, and each Upstream Interface is connected with a router, the downstream interface and server of router It is connected, remaining downstream interface is connected with interchanger；One interchanger has a Upstream Interface and more than two downstream interfaces, The Upstream Interface and downstream interface are wireline interface, and a Upstream Interface is connected with router or interchanger, under one Trip interface is connected with interchanger or access node；One access node has a wireline interface and a wireless interface, has Line interface is connected with interchanger, and wireless interface is connected with equipment；One equipment has a wireless interface, the wireless interface and access Node is connected；One server has a wireline interface, which is connected with router；Each interface by interface ID only One mark；

One router is by domain name unique identification, such as cslg/N6；One access node by location name unique identification, For describing the location information where the access node, such as CS/402, i.e. 402 laboratory of School of Computer Science；One equipment by One device name unique identification, device name have uniqueness in a domain；One server is by a server name Unique identification, server name have uniqueness in a domain；Interchanger does not need any name identification；

One router, one address of access node or device configuration is for communicating, and an address is by domain name, location name Claim and device name is constituted；The location name and device name of router are sky；The device name of access node is sky；One The domain name of equipment, location name and device name are not sky；

One server configures an address for communicating, and an address is by domain name, location name and server name It constitutes, the location name of the address is sky；

Server saves an equipment list, a position table and a domain table；One equipment list item is by device name, encryption Device name and key domain constitute；One position list item is made of location name domain and hash function domain；One domain list item It is made of domain name and hash function domain；

One device configuration, one code key, a location name configure a hash function, and a domain name configures a Kazakhstan Uncommon function；The code key and hash function are saved and are signed and issued by Third Party Authentication data center computer, and an equipment is to Tripartite's authentication data central computer is registered the code key to obtain oneself；Access node is counted to Third Party Authentication data center Calculation machine is registered the one-way Hash function to obtain oneself；Router is registered to Third Party Authentication data center computer To obtain oneself one-way Hash function；All servers share a key in network；

The equipment that server is registered to Third Party Authentication data center computer to obtain all devices in the domain of place Title and code key, the location name and one-way Hash function of all access nodes, the domain name and list of all-router in network The shared key of Servers-all into hash function and network；

Where server obtains in domain after the device name and code key of all devices, for each equipment, server wound An equipment list item is built, the device name of the equipment list item is the device name DV ' of the equipment, and key thresholding is the close of the equipment Key k ', the device name of encryption are the EDV ' being calculated according to formula (1), in formula (1), Encrypt1 be one it is symmetrical plus Close algorithm, such as DES (Data Encryption Standard, data encryption standards)；

EDV '=Encrypt1 (DV ', k ') formula (1)

Server obtain where in domain after the location name of all access nodes and hash function, for each access section Point, the server create a position list item, and the location name of the position list item is the location name of the access node, Hash letter Number field value is the hash function of access node configuration；

Server obtain in a network after the domain name of all-router and hash function, for each router, the clothes Business device creates a domain list item, and the domain name of the domain list item is the domain name of the router, and hash function thresholding is the configuration of routers Hash function；

Each router safeguards a domain routing table, and a domain route table items include domain name, interface ID, distance and life Period region；

The domain name of router R1 is DN1, the cryptographic Hash HDN of hash function H1, domain name DN1, as shown in formula (2)；

HDN1=H1 (DN1) formula (2)

Router R1 is periodically executed following processes and establishes domain routing table:

Step 101: starting；

Step 102: router R1 creates an address, which is HDN1, and location name and device name are sky；Road It sends one from each Upstream Interface by device R1 to give out information, which is the address of creation, destination address For sky, load as parameter d1, initial value 0；

Step 103: router is received from interface u1 give out information after, by this give out information load in parameter d1 value pass Increase 1；A domain route table items are judged whether there is, the domain name of the domain route table items is equal to the domain name of the source address to give out information And it is equal to parameter d1 apart from thresholding, and it is to then follow the steps 104, it is no to then follow the steps 105；

Step 104: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items Domain name be equal to the source address to give out information domain name and apart from thresholding be equal to parameter d1, by the interface ID of the domain route table items It is updated to u1, maximum value, such as 500ms is set by life cycle, executes step 109；

Step 105: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain The domain name of route table items is equal to the domain name of the source address to give out information and is less than parameter d1 apart from thresholding, if it is present holding Row step 110, it is no to then follow the steps 106；

Step 106: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, the domain The domain name of route table items is equal to the domain name of the source address to give out information, if it is present executing step 107, otherwise executes step Rapid 108；

Step 107: receiving the router to give out information from interface u1 and select a domain route table items, the domain route table items Domain name be equal to the source address to give out information domain name, the interface ID of the domain route table items is updated to u1, will be apart from thresholding The parameter d1 being updated in the load that gives out information, sets maximum value for life cycle, executes step 109；

Step 108: receiving the router to give out information from interface u1 and create a domain route table items, the domain route table items Domain name be equal to the domain name of the source address to give out information, the interface ID of the domain route table items is equal to u1, and being equal to apart from thresholding should The parameter d1 to give out information in loading, sets maximum value for life cycle；

Step 109: the router that gives out information is received from interface u1 from all Upstream Interface other than interface u1 It forwards this to give out information, executes step 103；

Step 110: terminating；

If a router detects that the life cycle of a domain route table items decays to 0, the domain routing table is deleted ?.

Fig. 2 establishes this surface flow journey schematic diagram to be of the present invention.Each router or interchanger save a sheet Earth's surface, each local list item includes location name domain, the domain interface ID and life cycle domain；

If the location name of access node AP1 is LN1, the hash function of access node AP1 is H2, access node AP1 According to the cryptographic Hash HLN1 of formula (3) calculating position title LN1；

HLN1=H2 (LN1) formula (3)

Access node AP1 is periodically executed operations described below and establishes this earth's surface:

Step 201: starting；

Step 202: access node AP1 creates an address, and the location name of the address is HLN1, domain name and device name For sky；Access node AP1 from wireline interface send it is local give out information, during which gives out information, source address be the ground constructed Location, destination address are sky, are loaded as sky；

Step 203: judgement is that router from downstream interface u2 or interchanger from downstream interface u3 receives local publication Message thens follow the steps 206 if it is router, no to then follow the steps 204；

Step 204: interchanger receives local give out information from downstream interface u3；The interchanger judges whether there is one Local list item, the location name of the local list item are that the local gives out information the location name of source address；If it does, the exchange The interface ID of the local list item is updated to u3 by machine, sets maximum value, such as 500ms for life cycle, otherwise the interchanger Create a local list item, the location name of the local list item gives out information the location name of source address for the local, interface ID Thresholding is u3, and life cycle is set as maximum value；

Step 205: receiving the interchanger locally to give out information from downstream interface u3 and forward the local to send out from Upstream Interface Cloth message executes step 203；

Step 206: router receives local give out information from downstream interface u2；The router judges whether there is one Local list item, the location name of the local list item are equal to the local and give out information the location name of source address；If it does, the road The interface ID of the local list item is updated to u2 by device, sets maximum value, such as 500ms for life cycle；Otherwise the routing Device creates a local list item, and the location name of the local list item gives out information the location name of source address equal to the local, connects Mouth ID thresholding is u2, and life cycle is set as maximum value；

Step 207: terminating；

If a router or interchanger detect that the life cycle of a local list item decays to 0, deleting should Local list item.

Fig. 3 is local communication flow diagram of the present invention.After server starting, periodically sends server publication and disappear Breath, the source address which gives out information are sky, and destination address is sky, are loaded as sky, the router connecting with the server It is received after the server gives out information from interface f1, interface f1 is saved as to the interface connecting with server；

It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, the domain of router R1 Entitled DN1, server S 1 are connected with router R1, and the device name of equipment V1 is VN1, are located in the D1 of domain, with access node AP1 Link is connected, and under conditions of the location name of access node AP1 is LN1, server S 1 is realized and equipment V1 by following processes Communication:

Step 301: starting；

Step 302: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position The location name of list item, the position list item is equal to location name LN1, selects an equipment list item, the implementor name of the equipment list item Claim to be equal to device name VN1；Server S 1 calculates the cryptographic Hash HDN1 of domain name DN1 using the hash function for the domain list item chosen, Using the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, the equipment list item chosen is utilized The server name ESN1 that key thresholding encryption server title SN1 is encrypted；Server S 1 constructs the address of oneself, the ground In location, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs the address of equipment V1, the address In, domain name HDN1, location name HLN1, device name are the device name encrypted in the equipment list item chosen；Server S1 sends a request message, and the source address of the request message is the address of oneself, and destination address is the address of equipment V1, load For sky；Router R1 checks this earth's surface after receiving the request message, selects a local list item, the location name of the local list item Claim the location name for being equal to the request message destination address, the interface forwarding identified from the domain interface ID for the local list item chosen The request message；

Step 303: judging whether access node AP1 from wireline interface receives the request message, be to then follow the steps 305, no to then follow the steps 304:

Step 304: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 303；

Step 305: access node AP1 forwards the request message from wireless interface；After equipment receives request message, utilize The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted；If encrypted device name Equal to the device name of the destination address of the request message received, 306 are thened follow the steps, it is no to then follow the steps 310；

Step 306: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains The response data of encryption；The equipment sends a response message, and the source address of the response message is the destination of the request message Location, the destination address of the response message are equal to the source address of the request message, load the response data for encryption；Access node After AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 307: if router R1 receives the response message, then follow the steps 309, it is no to then follow the steps 308；

Step 308: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 307；

Step 309: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, It is final to obtain response data and save the response data；

Step 310: terminating.

Fig. 4 is that local data of the present invention obtains flow diagram.It is known as SN1 in the server name of server S 1, In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1, in network The shared key of server is k2, and the location name of access node AP1 is LN1, and under conditions of being located in the D1 of domain, server S 1 is logical Following processes are crossed to realize and the communication of the access node AP1 all devices being connected:

Step 401: starting；

Step 402: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position The location name of list item, the position list item is equal to location name LN1；Server S 1 utilizes the hash function meter for the domain list item chosen The cryptographic Hash HDN1 for calculating domain name DN1, utilizes the cryptographic Hash of the hash function calculating position title LN1 for the position list item chosen HLN1, the server name ESN1 encrypted using key k2 encryption server title SN1；Server S 1 constructs the ground of oneself Location, in the address, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs an address A1, In the address, domain name HDN1, location name HLN1, device name are sky；Server S 1 sends a request message, this is asked Ask the source address of message for the address of oneself, destination address is address A1, is loaded as sky；Router R1 receives the request message After check this earth's surface, select a local list item, the position of the location name of the local list item equal to the request message destination address Title is set, the interface identified from the domain interface ID for the local list item chosen forwards the request message；

Step 403: if access node AP1 receives the request message from wireline interface, thening follow the steps 405, otherwise Execute step 404:

Step 404: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 403；

Step 405: access node AP1 forwards the request message from wireless interface；

Step 406: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation and obtains The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself；The equipment An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message Title is set, the device name of the address is the device name of encryption, sends a response message, the source address of the response message is The address of building, the destination address of the response message are equal to the source address of the request message, load the response data for encryption；It connects After ingress AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 407: if router R1 receives the response message, then follow the steps 409, it is no to then follow the steps 408；

Step 408: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 407；

Step 409: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server After S1 receives response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message The device name of source address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, It is final to obtain response data and save the response data；

Step 410: terminating.

Fig. 5 is telecommunication flow diagram of the present invention.It is known as SN1 in the server name of server S 1, is located at In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1；Server S 2 Server name is known as SN2, is located in the D2 of domain, and the router of domain D2 is R2, and the domain name of router R2 is DN2, server S 2 and road It is connected by device R2, the device name of equipment V2 is VN2, it is located in the D2 of domain, is connected with access node AP2 link, access node AP2 Location name be LN2, under conditions of the shared key of server is k2 in network, server S 1 realized by following processes and The communication of equipment V2:

Step 501: starting；

Step 502: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 utilizes The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item Domain name be equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen； The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken The server name ESN3 that business device title SN2 is encrypted；Server S 1 utilizes key k2 encrypted location title LN2 and implementor name The data E3 for claiming VN2 to be encrypted；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is Sky, server name are known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is Sky, server name are known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is oneself Address, destination address be server S 2 address, load as encryption data E3；Router R1 receives the remote request message After check domain routing table, select a domain route table items, the domain name of the domain route table items is equal to the remote request message destination The domain name of location, the interface identified from the domain interface ID for the domain route table items chosen forward the remote request message；

Step 503: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 505, otherwise Execute step 504；

Step 504: router selects a domain route table items, the domain of the domain route table items after receiving remote request message Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote request message is sent out, step 503 is executed；

Step 505: router R2 forwards the remote request message received from the interface being connected with server S 2；Server After S2 receives remote request message, location name is obtained using the encryption data E3 in the load of key k2 decrypted remote request message Claim LN2 and device name VN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2, selects an equipment list item, and the device name of the equipment list item is equal to device name VN2；Server S 2 utilizes the position chosen The cryptographic Hash HLN2 for setting the hash function calculating position title LN2 of list item is encrypted using the key thresholding for the equipment list item chosen The server name ESN2 that server name SN2 is encrypted；Server S 2 constructs oneself address, and in the address, domain name is The domain name of the destination address of the remote request message received, location name are sky, and server name is known as ESN2；2 structure of server S Build the address of standby V2, in the address, domain name is the domain name of the destination address of the remote request message received, and location name is HLN2, device name are the encryption device name for the equipment list item chosen；Server S 2 sends a request message, the request The source address of message is the address of oneself, and destination address is the address of equipment V2, is loaded as the source address of the remote request message； Router R2 checks this earth's surface after receiving the request message, selects a local list item, the location name etc. of the local list item In the location name of the request message destination address, the interface identified from the domain interface ID for the local list item chosen forwards this to ask Seek message；

Step 506: if access node AP2 receives the request message from wireline interface, thening follow the steps 508, otherwise Execute step 507:

Step 507: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 506；

Step 508: access node AP2 forwards the request message from wireless interface；After equipment receives request message, utilize The device name of the key pair of oneself oneself carries out the device name that cryptographic operation is encrypted；If encrypted device name Equal to the device name of the destination address of the request message received, 509 are thened follow the steps, it is no to then follow the steps 516；

Step 509: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, obtains The response data of encryption；The equipment sends a response message, and the source address of the response message is the destination of the request message Location, the destination address of the response message are equal to the source address of the request message, load as the response data of encryption and the request Address in Message Payload；After access node AP2 receives the response message from wireless interface, the response is forwarded from wireline interface Message；

Step 510: if router R2 receives the response message, then follow the steps 512, it is no to then follow the steps 511；

Step 511: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 510；

Step 512: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item；Clothes Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2 Title ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, Location message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, should The source address of remote response message is the address of building, and destination address is the address in the response message load received, load For the response data of encryption；Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table , the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen The interface that the domain mouth ID is identified forwards the remote response message；

Step 513: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 515, otherwise Execute step 514；

Step 514: router selects a domain route table items, the domain of the domain route table items after receiving remote response message Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote response message is sent out, step 513 is executed；

Step 515: router R1 forwards the remote response message received from the interface being connected with server S 1；Server After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message Data save response data；

Step 516: terminating.

Fig. 6 is Remote data service flow diagram of the present invention.It is known as SN1 in the server name of server S 1, In the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, and server S 1 is connected with router R1, server The server name of S2 is known as SN2, is located in the D2 of domain, and the router of domain D2 is R2, and the domain name of router R2 is DN2, server S 2 It is connected with router R2, the location name of access node AP2 is LN2, is located in the D2 of domain, and the shared key of server is in network Under conditions of k2, server S 1 is realized and the communication of the access node AP2 all devices being connected by following processes:

Step 601: starting；

Step 602: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 utilizes The hash function for the domain list item chosen calculates the cryptographic Hash HDN1 of domain name DN1, and server S 1 selects a domain list item, the domain list item Domain name be equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen； The server name ESN2 that server S 1 is encrypted using key k2 encryption server title SN1 is encrypted using key k2 and is taken The server name ESN3 that business device title SN2 is encrypted；Server S 1 is encrypted using key k2 encrypted location title LN2 Data E4；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, and server name is known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, and server name is known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is the address of oneself, destination address For the address of server S 2, load as encryption data E4；Router R1 checks domain routing table after receiving the remote request message, Select a domain route table items, the domain name of the domain route table items is equal to the domain name of the remote request message destination address, from choosing The interfaces that are identified of the domain interface ID of domain route table items forward the remote request message；

Step 603: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 605, otherwise Execute step 604；

Step 604: router selects a domain route table items, the domain of the domain route table items after receiving remote request message Name is equal to the domain name of the destination address of the remote request message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote request message is sent out, step 603 is executed；

Step 605: router R2 forwards the remote request message received from the interface being connected with server S 2；Server After S2 receives remote request message, location name is obtained using the encryption data E4 in the load of key k2 decrypted remote request message Claim LN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2；2 benefit of server S With the cryptographic Hash HLN2 of the hash function calculating position title LN2 for the position list item chosen, the close of the equipment list item chosen is utilized The server name ESN2 that key thresholding encryption server title SN2 is encrypted,；Server S 2 constructs the address of oneself, the ground In location, domain name is the domain name of the destination address of the remote request message received, and location name is sky, and server name is known as ESN2；In the building of server S 2 one address A2, address A2, domain name is the destination address of the remote request message received Domain name, location name HLN2, device name are sky；Server S 2 sends a request message, the source address of the request message For the address of oneself, destination address is address A2, is loaded as the source address of the remote request message；Router R2 receives this and asks This earth's surface is checked after seeking message, selects a local list item, and the location name of the local list item is equal to the request message destination The location name of location, the interface identified from the domain interface ID for the local list item chosen forward the request message；

Step 606: if access node AP2 receives the request message from wireline interface, thening follow the steps 608, otherwise Execute step 607:

Step 607: the interchanger for receiving request message from Upstream Interface selects a local list item, the local list item Location name is equal to the location name of the destination address of the request message, connects from what the interface ID thresholding of the local list item was identified Mouth forwards the request message, executes step 606；

Step 608: after access node AP2 receives request message from wireline interface, forwarding the request to disappear from wireless interface Breath；

Step 609: after equipment receives request message, executing cryptographic operation using the key pair response data of oneself and obtain The number of responses of encryption, the device name encrypted using the device name of the key pair oneself of oneself；The equipment An address is constructed, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message Title is set, the device name of the address is the device name of encryption, which sends a response message, the source of the response message Address is the address of building, and the destination address of the response message is equal to the source address of the request message, loads the response for encryption Address in data and request message load；After access node AP2 receives the response message from wireless interface, from wired Interface forwards the response message；

Step 610: if router R2 receives the response message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes Step 610；

Step 612: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server After S2 receives response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source The device name of address decrypts the response data encrypted in response message load using the key thresholding of the equipment list item；Clothes Business device S2 encrypts the response data using key k2, the server encrypted using key k2 to server name SN2 Title ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, Location message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, should The source address of remote response message is the address of building, and destination address is the address in the response message load received, load For the response data of encryption；Router R2 checks domain routing table after receiving the remote response message, selects a domain routing table , the domain name of the domain route table items is equal to the domain name of the remote response message destination address, from connecing for the domain route table items chosen The interface that the domain mouth ID is identified forwards the remote response message；

Step 613: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 615, otherwise Execute step 614；

Step 614: router selects a domain route table items, the domain of the domain route table items after receiving remote response message Name is equal to the domain name of the destination address of the remote response message, and the interface identified from the interface ID thresholding of the domain route table items turns The remote response message is sent out, step 613 is executed；

Step 615: router R1 forwards the remote response message received from the interface being connected with server S 1；Server After S1 receives remote response message, responded using the encrypted response data in the load of key k2 decrypted remote response message Data save response data；

Step 616: terminating.

Embodiment 1

Based on the simulation parameter of table 1, the present embodiment simulates the safe and reliable future network communication of one of present invention Implementation method, performance evaluation are as follows: when volume of transmitted data is big, data communication delays are larger, when volume of transmitted data is smaller, number Smaller according to communication delay, average data communication delay is 1023ms.

1 simulation parameter of table

The present invention provides a kind of thinkings of safe and reliable future network Realization Method of Communication, implement the technical side There are many method and approach of case, the above is only a preferred embodiment of the present invention, it is noted that for the art For those of ordinary skill, various improvements and modifications may be made without departing from the principle of the present invention, these improvement It also should be regarded as protection scope of the present invention with retouching.The available prior art of each component part being not known in the present embodiment is subject to It realizes.

Claims (6)

1. a kind of safe and reliable future network Realization Method of Communication, which is characterized in that the future network includes router, hands over It changes planes, access node, equipment and server；Future network is divided into more than two domains, and each domain includes server, one A router, more than two interchangers, more than two access nodes and more than two equipment；

One router has more than two Upstream Interface and more than two downstream interfaces, and the Upstream Interface and downstream connect Mouth is wireline interface, and each Upstream Interface is connected with a router, and a downstream interface of router is connected with server, Remaining downstream interface is connected with interchanger；One interchanger has a Upstream Interface and more than two downstream interfaces, described Upstream Interface and downstream interface are wireline interface, and a Upstream Interface is connected with router or interchanger, and a downstream connects Mouth is connected with interchanger or access node；One access node has a wireline interface and a wireless interface, You Xianjie Mouth is connected with interchanger, and wireless interface is connected with equipment；One equipment has a wireless interface, the wireless interface and access node It is connected；One server has a wireline interface, which is connected with router；Each interface is uniquely marked by interface ID Know；

One router is by domain name unique identification, and an access node is by location name unique identification, for describing the access section Location information where point；For one equipment by a device name unique identification, device name has uniqueness in a domain； For one server by a server name unique identification, server name has uniqueness in a domain；

One router, one address of access node or device configuration for communicating, an address by domain name, location name with And device name is constituted；The location name and device name of router are sky；The device name of access node is sky；One equipment Domain name, location name and device name are not sky；

One server configures an address for communicating, and an address is made of domain name, location name and server name, The location name of the address is sky；

Server saves an equipment list, a position table and a domain table；One equipment list item by device name, encryption set Standby title and key domain are constituted；One position list item is made of location name domain and hash function domain；One domain list item is by domain Name and hash function domain are constituted；

One device configuration, one code key, a location name configure a hash function, and a domain name configures a Hash letter Number；The code key and hash function are saved and are signed and issued by Third Party Authentication data center computer, and an equipment is to third party Authentication data central computer is registered the code key to obtain oneself；Access node is to Third Party Authentication data center computer Registered the one-way Hash function to obtain oneself；Router is registered to Third Party Authentication data center computer to obtain It is derived from oneself one-way Hash function；All servers share a key in network；

Server is registered to Third Party Authentication data center computer to obtain the device name of all devices in the domain of place And code key, the location name and one-way Hash function of all access nodes the domain name of all-router and unidirectional are breathed out in network The shared key of Servers-all in uncommon function and network；

Where server obtains in domain after the device name and code key of all devices, for each equipment, server creation one A equipment list item, the device name of the equipment list item are the device name DV ' of the equipment, and key thresholding is the key of the equipment K ', the device name of encryption are the EDV ' being calculated according to formula (1), and in formula (1), Encrypt1 is a symmetric cryptography Algorithm；

EDV '=Encrypt1 (DV ', k ') formula (1)

Server obtain where in domain after the location name of all access nodes and hash function, should for each access node Server creates a position list item, and the location name of the position list item is the location name of the access node, hash function domain Value is the hash function of access node configuration；

Server obtain in a network after the domain name of all-router and hash function, for each router, the server A domain list item is created, the domain name of the domain list item is the domain name of the router, and hash function thresholding is the Kazakhstan of the configuration of routers Uncommon function；

Each router safeguards a domain routing table, and a domain route table items include domain name, interface ID, distance and life cycle Domain；

The domain name of router R1 is DN1, the cryptographic Hash HDN of hash function H1, domain name DN1, as shown in formula (2)；

HDN1=H1 (DN1) formula (2)

Router R1 is periodically executed following processes and establishes domain routing table:

Step 101: starting；

Step 102: router R1 creates an address, which is HDN1, and location name and device name are sky；Router R1 sends one from each Upstream Interface and gives out information, which is the address of creation, and destination address is sky, Load is parameter d1, initial value 0；

Step 103: router is received from interface u1 give out information after, by this give out information load in parameter d1 value be incremented by 1； Judge whether there is a domain route table items, the domain name of the domain route table items be equal to the domain name of the source address to give out information and away from Delocalization value is equal to parameter d1, is to then follow the steps 104, no to then follow the steps 105；

Step 104: receiving the router to give out information from interface u1 and select a domain route table items, the domain of the domain route table items Name is equal to the domain name of the source address to give out information and is equal to parameter d1 apart from thresholding, and the interface ID of the domain route table items is updated For u1, maximum value is set by life cycle, executes step 109；

Step 105: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, domain routing The domain name of list item is equal to the domain name of the source address to give out information and is less than parameter d1 apart from thresholding, if it is present executing step Rapid 110, it is no to then follow the steps 106；

Step 106: receiving the router to give out information from interface u1 and judge whether there is a domain route table items, domain routing The domain name of list item is equal to the domain name of the source address to give out information, if it is present step 107 is executed, it is no to then follow the steps 108；

Step 107: receiving the router to give out information from interface u1 and select a domain route table items, the domain of the domain route table items Name is equal to the domain name of the source address to give out information, and the interface ID of the domain route table items is updated to u1, will be updated apart from thresholding For the parameter d1 in the load that gives out information, maximum value is set by life cycle, executes step 109；

Step 108: receiving the router to give out information from interface u1 and create a domain route table items, the domain of the domain route table items Name is equal to the domain name of the source address to give out information, and the interface ID of the domain route table items is equal to u1, is equal to the publication apart from thresholding Parameter d1 in Message Payload, sets maximum value for life cycle；

Step 109: receiving the router to give out information from interface u1 and forwarded from all Upstream Interface other than interface u1 This gives out information, and executes step 103；

Step 110: terminating；

If a router detects that the life cycle of a domain route table items decays to 0, the domain route table items are deleted.

2. the safe and reliable future network Realization Method of Communication of one kind according to claim 1, which is characterized in that Mei Gelu One this earth's surface is saved by device or interchanger, each local list item includes location name domain, the domain interface ID and life cycle domain；

If the location name of access node AP1 is LN1, the hash function of access node AP1 is H2, access node AP1 according to The cryptographic Hash HLN1 of formula (3) calculating position title LN1；

HLN1=H2 (LN1) formula (3)

Access node AP1 is periodically executed operations described below and establishes this earth's surface:

Step 201: starting；

Step 202: access node AP1 creates an address, and the location name of the address is HLN1, and domain name and device name are It is empty；Access node AP1 from wireline interface send it is local give out information, during which gives out information, source address be the address constructed, Destination address is sky, is loaded as sky；

Step 203: judgement be router from downstream interface u2 or interchanger from downstream interface u3 receive it is local give out information, 206 are thened follow the steps if it is router, it is no to then follow the steps 204；

Step 204: interchanger receives local give out information from downstream interface u3；The interchanger judges whether there is a local List item, the location name of the local list item are that the local gives out information the location name of source address；If it does, the interchanger will The interface ID of the local list item is updated to u3, sets maximum value for life cycle, and otherwise the interchanger creates this earth's surface , the location name of the local list item is that the local gives out information the location name of source address, and interface ID thresholding is u3, Life Cycle Phase is set as maximum value；

Step 205: receiving the interchanger locally to give out information from downstream interface u3 and forward local publication to disappear from Upstream Interface Breath executes step 203；

Step 206: router receives local give out information from downstream interface u2；The router judges whether there is a local List item, the location name of the local list item are equal to the local and give out information the location name of source address；If it does, the router The interface ID of the local list item is updated to u2, sets maximum value for life cycle；Otherwise the router creates a local List item, the location name of the local list item are equal to the local and give out information the location name of source address, and interface ID thresholding is u2, raw The life period is set as maximum value；

Step 207: terminating；

If a router or interchanger detect that the life cycle of a local list item decays to 0, the local is deleted List item.

3. the safe and reliable future network Realization Method of Communication of one kind according to claim 1, which is characterized in that server It after starting, periodically sends server and gives out information, the source address which gives out information is sky, and destination address is sky, load For sky, the router connecting with the server receives after the server gives out information from interface f1, by interface f1 save as with The interface of server connection；

It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, server S 1 are connected with router R1, and the device name of equipment V1 is VN1, are located in the D1 of domain, with access node AP1 link It is connected, under conditions of the location name of access node AP1 is LN1, server S 1 is realized logical with equipment V1 by following processes Letter:

Step 301: starting；

Step 302: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position table , the location name of the position list item is equal to location name LN1, selects an equipment list item, the device name of the equipment list item Equal to device name VN1；Server S 1 calculates the cryptographic Hash HDN1 of domain name DN1, benefit using the hash function for the domain list item chosen With the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, the close of the equipment list item chosen is utilized The server name ESN1 that key thresholding encryption server title SN1 is encrypted；Server S 1 constructs the address of oneself, the address In, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs the address of equipment V1, the address In, domain name HDN1, location name HLN1, device name are the device name encrypted in the equipment list item chosen；Server S1 sends a request message, and the source address of the request message is the address of oneself, and destination address is the address of equipment V1, load For sky；Router R1 checks this earth's surface after receiving the request message, selects a local list item, the location name of the local list item Claim the location name for being equal to the request message destination address, the interface forwarding identified from the domain interface ID for the local list item chosen The request message；

Step 303: judge whether access node AP1 from wireline interface receives the request message, is to then follow the steps 305, it is no Then follow the steps 304:

Step 304: the interchanger for receiving request message from Upstream Interface selects a local list item, the position of the local list item Title is equal to the location name of the destination address of the request message, and the interface identified from the interface ID thresholding of the local list item turns The request message is sent out, step 303 is executed；

Step 305: access node AP1 forwards the request message from wireless interface；After equipment receives request message, oneself is utilized The device name of key pair oneself carry out the device name that is encrypted of cryptographic operation；If encrypted device name is equal to The device name of the destination address of the request message received, thens follow the steps 306, no to then follow the steps 310；

Step 306: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, is encrypted Response data；The equipment sends a response message, and the source address of the response message is the destination address of the request message, should The destination address of response message is equal to the source address of the request message, loads the response data for encryption；Access node AP1 is from nothing After line interface receives the response message, the response message is forwarded from wireline interface；

Step 307: if router R1 receives the response message, then follow the steps 309, it is no to then follow the steps 308；

Step 308: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes step 307；

Step 309: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server S 1 connects After receiving response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message source The device name of location decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, finally It obtains response data and saves the response data；

Step 310: terminating.

4. the safe and reliable future network Realization Method of Communication of one kind according to claim 1, which is characterized in that servicing The server name of device S1 is known as SN1, is located in the D1 of domain, and the router of domain D1 is R1, and the domain name of router R1 is DN1, server S1 is connected with router R1, and the shared key of server is k2 in network, and the location name of access node AP1 is LN1, is located at domain Under conditions of in D1, server S 1 is realized and the communication of the access node AP1 all devices being connected by following processes:

Step 401: starting；

Step 402: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1, selects a position table , the location name of the position list item is equal to location name LN1；Server S 1 is calculated using the hash function for the domain list item chosen The cryptographic Hash HDN1 of domain name DN1, using the cryptographic Hash HLN1 of the hash function calculating position title LN1 for the position list item chosen, The server name ESN1 encrypted using key k2 encryption server title SN1；Server S 1 constructs the address of oneself, should In address, domain name HDN1, location name is sky, and server name is known as ESN1；Server S 1 constructs an address A1, the address In, domain name HDN1, location name HLN1, device name are sky；Server S 1 sends a request message, the request message Source address be oneself address, destination address is address A1, is loaded as sky；Router R1 is checked after receiving the request message This earth's surface selects a local list item, and the location name of the local list item is equal to the location name of the request message destination address, The interface identified from the domain interface ID for the local list item chosen forwards the request message；

Step 403: if access node AP1 receives the request message from wireline interface, thening follow the steps 405, otherwise execute Step 404:

Step 404: the interchanger for receiving request message from Upstream Interface selects a local list item, the position of the local list item Title is equal to the location name of the destination address of the request message, and the interface identified from the interface ID thresholding of the local list item turns The request message is sent out, step 403 is executed；

Step 405: access node AP1 forwards the request message from wireless interface；

Step 406: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation and is encrypted Response data, the device name encrypted using the device name of the key pair oneself of oneself；The equipment structure An address is built, the domain name and location name of the address are respectively equal to receive domain name and the position of the destination address of request message Title, the device name of the address are the device name of encryption, send a response message, and the source address of the response message is structure The address built, the destination address of the response message are equal to the source address of the request message, load the response data for encryption；Access After node AP1 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 407: if router R1 receives the response message, then follow the steps 409, it is no to then follow the steps 408；

Step 408: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes step 407；

Step 409: router R1 forwards the response message received from the downstream interface connecting with server S 1；Server S 1 connects After receiving response message, an equipment list item is selected, the device name of the encryption of the equipment list item is equal to the response message source The device name of location decrypts the response data encrypted in response message load using the key thresholding of the equipment list item, finally It obtains response data and saves the response data；

Step 410: terminating.

5. the safe and reliable future network Realization Method of Communication of one kind according to claim 1, which is characterized in that

It is known as SN1 in the server name of server S 1, is located in the D1 of domain, the router of domain D1 is R1, and the domain name of router R1 is DN1, server S 1 are connected with router R1；The server name of server S 2 is known as SN2, is located in the D2 of domain, the router of domain D2 Domain name for R2, router R2 is DN2, and server S 2 is connected with router R2, and the device name of equipment V2 is VN2, is located at domain In D2, it is connected with access node AP2 link, the location name of access node AP2 is LN2, the shared key of server in network Under conditions of k2, server S 1 realizes the communication with equipment V2 by following processes:

Step 501: starting；

Step 502: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 is utilized and is chosen Domain list item hash function calculate domain name DN1 cryptographic Hash HDN1, server S 1 select a domain list item, the domain of the domain list item Name is equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen；Service The server name ESN2 that device S1 is encrypted using key k2 encryption server title SN1, utilizes key k2 encryption server The server name ESN3 that title SN2 is encrypted；Server S 1 utilizes key k2 encrypted location title LN2 and device name The data E3 that VN2 is encrypted；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, Server name is known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, Server name is known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is oneself Address, destination address are the address of server S 2, are loaded as encryption data E3；After router R1 receives the remote request message It checks domain routing table, selects a domain route table items, the domain name of the domain route table items is equal to the remote request message destination address Domain name, the interface identified from the domain interface ID for the domain route table items chosen forwards the remote request message；

Step 503: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 505, otherwise execute Step 504；

Step 504: router selects a domain route table items, the domain name etc. of the domain route table items after receiving remote request message In the domain name of the destination address of the remote request message, the interface forwarding identified from the interface ID thresholding of the domain route table items should Remote request message executes step 503；

Step 505: router R2 forwards the remote request message received from the interface being connected with server S 2；Server S 2 connects After receiving remote request message, location name is obtained using the encryption data E3 in the load of key k2 decrypted remote request message LN2 and device name VN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2, selects an equipment list item, and the device name of the equipment list item is equal to device name VN2；Server S 2 utilizes the position chosen The cryptographic Hash HLN2 for setting the hash function calculating position title LN2 of list item is encrypted using the key thresholding for the equipment list item chosen The server name ESN2 that server name SN2 is encrypted；Server S 2 constructs oneself address, and in the address, domain name is The domain name of the destination address of the remote request message received, location name are sky, and server name is known as ESN2；2 structure of server S Build the address of standby V2, in the address, domain name is the domain name of the destination address of the remote request message received, and location name is HLN2, device name are the encryption device name for the equipment list item chosen；Server S 2 sends a request message, the request The source address of message is the address of oneself, and destination address is the address of equipment V2, is loaded as the source address of the remote request message； Router R2 checks this earth's surface after receiving the request message, selects a local list item, the location name etc. of the local list item In the location name of the request message destination address, the interface identified from the domain interface ID for the local list item chosen forwards this to ask Seek message；

Step 506: if access node AP2 receives the request message from wireline interface, thening follow the steps 508, otherwise execute Step 507:

Step 507: the interchanger for receiving request message from Upstream Interface selects a local list item, the position of the local list item Title is equal to the location name of the destination address of the request message, and the interface identified from the interface ID thresholding of the local list item turns The request message is sent out, step 506 is executed；

Step 508: access node AP2 forwards the request message from wireless interface；After equipment receives request message, oneself is utilized The device name of key pair oneself carry out the device name that is encrypted of cryptographic operation；If encrypted device name is equal to The device name of the destination address of the request message received, thens follow the steps 509, no to then follow the steps 516；

Step 509: the key pair response data for receiving the equipment utilization oneself of request message executes cryptographic operation, is encrypted Response data；The equipment sends a response message, and the source address of the response message is the destination address of the request message, should The destination address of response message is equal to the source address of the request message, loads and bears for the response data of encryption and the request message Address in load；After access node AP2 receives the response message from wireless interface, the response message is forwarded from wireline interface；

Step 510: if router R2 receives the response message, then follow the steps 512, it is no to then follow the steps 511；

Step 511: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes step 510；

Step 512: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server S 2 connects After receiving response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source address Device name, decrypt the response data that encrypts in response message load using the key thresholding of the equipment list item；Server S2 encrypts the response data using key k2, the server name encrypted using key k2 to server name SN2 ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, position Message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, this is long-range The source address of response message is the address of building, and destination address is the address in the response message load received, is loaded to add Close response data；Router R2 checks domain routing table after receiving the remote response message, selects a domain route table items, should The domain name of domain route table items is equal to the domain name of the remote response message destination address, from the domain interface ID for the domain route table items chosen The interface identified forwards the remote response message；

Step 513: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 515, otherwise execute Step 514；

Step 514: router selects a domain route table items, the domain name etc. of the domain route table items after receiving remote response message In the domain name of the destination address of the remote response message, the interface forwarding identified from the interface ID thresholding of the domain route table items should Remote response message executes step 513；

Step 515: router R1 forwards the remote response message received from the interface being connected with server S 1；Server S 1 connects After receiving remote response message, number of responses is obtained using the encrypted response data in the load of key k2 decrypted remote response message According to preservation response data；

Step 516: terminating.

6. the safe and reliable future network Realization Method of Communication of one kind according to claim 1, which is characterized in that servicing The server name of device S1 is known as SN1, is located in the D1 of domain, and the router of domain D1 is R1, and the domain name of router R1 is DN1, server S1 is connected with router R1, and the server name of server S 2 is known as SN2, is located in the D2 of domain, and the router of domain D2 is R2, router The domain name of R2 is DN2, and server S 2 is connected with router R2, and the location name of access node AP2 is LN2, is located in the D2 of domain, net Under conditions of the shared key of server is k2 in network, server S 1 is connected by the realization of following processes with access node AP2 The communication of all devices:

Step 601: starting；

Step 602: server S 1 selects a domain list item, and the domain name of the domain list item is equal to domain name DN1；Server S 1 is utilized and is chosen Domain list item hash function calculate domain name DN1 cryptographic Hash HDN1, server S 1 select a domain list item, the domain of the domain list item Name is equal to domain name DN2；Server S 1 calculates the cryptographic Hash HDN2 of domain name DN2 using the hash function for the domain list item chosen；Service The server name ESN2 that device S1 is encrypted using key k2 encryption server title SN1, utilizes key k2 encryption server The server name ESN3 that title SN2 is encrypted；The number that server S 1 is encrypted using key k2 encrypted location title LN2 According to E4；Server S 1 constructs oneself address, and in the address, domain name HDN1, location name is sky, and server name is known as ESN2；Server S 1 constructs the address of server S 2, and in the address, domain name HDN2, location name is sky, and server name is known as ESN3；Server S 1 sends a remote request message, and the source address of the remote request message is the address of oneself, destination address For the address of server S 2, load as encryption data E4；Router R1 checks domain routing table after receiving the remote request message, Select a domain route table items, the domain name of the domain route table items is equal to the domain name of the remote request message destination address, from choosing The interfaces that are identified of the domain interface ID of domain route table items forward the remote request message；

Step 603: if router R2 receives the remote request message from Upstream Interface, thening follow the steps 605, otherwise execute Step 604；

Step 604: router selects a domain route table items, the domain name etc. of the domain route table items after receiving remote request message In the domain name of the destination address of the remote request message, the interface forwarding identified from the interface ID thresholding of the domain route table items should Remote request message executes step 603；

Step 605: router R2 forwards the remote request message received from the interface being connected with server S 2；Server S 2 connects After receiving remote request message, location name is obtained using the encryption data E4 in the load of key k2 decrypted remote request message LN2；Server S 2 selects a position list item, and the location name of the position list item is equal to location name LN2；Server S 2 utilizes The cryptographic Hash HLN2 of the hash function calculating position title LN2 for the position list item chosen, utilizes the key for the equipment list item chosen The server name ESN2 that thresholding encryption server title SN2 is encrypted,；Server S 2 constructs the address of oneself, the address In, domain name is the domain name of the destination address of the remote request message received, and location name is sky, and server name is known as ESN2； In the building of server S 2 one address A2, address A2, domain name is the domain name of the destination address of the remote request message received, Location name is HLN2, and device name is sky；Server S 2 sends a request message, and the source address of the request message is oneself Address, destination address be address A2, load as the source address of the remote request message；Router R2 receives the request message After check this earth's surface, select a local list item, the position of the location name of the local list item equal to the request message destination address Title is set, the interface identified from the domain interface ID for the local list item chosen forwards the request message；

Step 606: if access node AP2 receives the request message from wireline interface, thening follow the steps 608, otherwise execute Step 607:

Step 607: the interchanger for receiving request message from Upstream Interface selects a local list item, the position of the local list item Title is equal to the location name of the destination address of the request message, and the interface identified from the interface ID thresholding of the local list item turns The request message is sent out, step 606 is executed；

Step 608: after access node AP2 receives request message from wireline interface, forwarding the request message from wireless interface；

Step 609: after equipment receives request message, executing cryptographic operation using the key pair response data of oneself and encrypted Number of responses, the device name encrypted using the device name of the key pair oneself of oneself；The device build One address, the domain name and location name of the address are respectively equal to receive the domain name and location name of the destination address of request message Claim, the device name of the address is the device name of encryption, which sends a response message, the source address of the response message For the address of building, the destination address of the response message is equal to the source address of the request message, loads the response data for encryption And the address in request message load；After access node AP2 receives the response message from wireless interface, from wireline interface Forward the response message；

Step 610: if router R2 receives the response message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the interchanger for receiving response message from downstream interface forwards the response message from Upstream Interface, executes step 610；

Step 612: router R2 forwards the response message received from the downstream interface connecting with server S 2；Server S 2 connects After receiving response message, an equipment list item is selected, the encryption device name of the equipment list item is equal to the response message source address Device name, decrypt the response data that encrypts in response message load using the key thresholding of the equipment list item；Server S2 encrypts the response data using key k2, the server name encrypted using key k2 to server name SN2 ESN3；Server S 2 constructs the address of oneself, and the domain name of the address is equal to the domain name for receiving the source address of response message, position Message is sky, and server name is known as the server name ESN3 encrypted；Server S 2 sends a remote response message, this is long-range The source address of response message is the address of building, and destination address is the address in the response message load received, is loaded to add Close response data；Router R2 checks domain routing table after receiving the remote response message, selects a domain route table items, should The domain name of domain route table items is equal to the domain name of the remote response message destination address, from the domain interface ID for the domain route table items chosen The interface identified forwards the remote response message；

Step 613: if router R1 receives the remote response message from Upstream Interface, thening follow the steps 615, otherwise execute Step 614；

Step 614: router selects a domain route table items, the domain name etc. of the domain route table items after receiving remote response message In the domain name of the destination address of the remote response message, the interface forwarding identified from the interface ID thresholding of the domain route table items should Remote response message executes step 613；

Step 615: router R1 forwards the remote response message received from the interface being connected with server S 1；Server S 1 connects After receiving remote response message, number of responses is obtained using the encrypted response data in the load of key k2 decrypted remote response message According to preservation response data；

Step 616: terminating.