CN109005026A - A kind of network communication implementation method for supporting secret protection - Google Patents

Abstract

The present invention provides a kind of network communication implementation method for supporting secret protection, the network includes ordinary node and forwarding device, and forwarding device includes router, interchanger and access node；Network is divided into more than two domains, and each domain includes a routing, more than two interchangers, more than two access nodes and more than two ordinary nodes；Provided implementation method can obtain safely the data service of network offer to the node through the invention, it is accordingly possible to ensure security simultaneously, shorten data acquisition delay and cost, it improves service quality, present invention can apply to the transmission of important information, such as the fields such as road conditions monitoring, vehicle management, it is with a wide range of applications.

Description

A kind of network communication implementation method for supporting secret protection

Technical field

The present invention relates to a kind of network communication implementation method more particularly to a kind of network communications for supporting secret protection Implementation method.

Background technique

Future network can be realized the multi-hop wireless communication between node and node.With the continuous development of network technology with And various new opplications continue to bring out, there is an urgent need to realize quick network communication to apply need with meet user's sharp increase It asks.

For future network as a kind of specific type, it is data-centered, and traditional network is centered on address, therefore simultaneously It is unfavorable for the acquisition of data.For example, in an ip network, data are provided by destination node that purpose IP address determines, if should Destination node failure, then can not just provide data.And future network is data-centered, any node can provide number According to so as to shorten the delay and cost of data acquisition.

But how to realize that data-centered network also needs further to study and inquire into.

Summary of the invention

Goal of the invention: hidden the technical problem to be solved by the present invention is in view of the deficiencies of the prior art, provide a kind of support The network communication implementation method of private protection.

Technical solution: the invention discloses a kind of network communication implementation method for supporting secret protection, the network includes Ordinary node and forwarding device, forwarding device include router, interchanger and access node；Network is divided into more than two Domain, each domain include a routing, more than two interchangers, more than two access nodes and more than two common sections Point；Access node is forwarding device, has forwarding capability, and ordinary node does not have forwarding capability；

One router has more than two upstream wireline interfaces and more than two downstream wireline interfaces, each upstream Interface is connected with a router, and each downstream interface is connected with interchanger；One interchanger have a upstream wireline interface with More than two downstream wireline interfaces, a Upstream Interface are connected with router or interchanger, a downstream interface with exchange Machine or access node are connected；One access node has a upstream wireline interface and a downstream wireless interface, and upstream connects Mouth is connected with interchanger, and downstream interface is connected with ordinary node；One ordinary node has a wireless interface, with access node Downstream interface link is connected；For each interface by interface ID unique identification, interface ID is that the interface of i is abbreviated as interface i；One access All ordinary nodes that node is connected with the downstream interface link of the access node constitute a subnet；

One router is by domain name unique identification, such as cslg/N6；One access node by subnet title unique identification, Such as CS/402, i.e. 402 laboratory of School of Computer Science；One ordinary node is by an ordinary node title unique identification, commonly Nodename has uniqueness in a domain；Interchanger does not need any name identification；The network configuration is breathed out between one domain Wish function, hash function in one domain of each configuration of territory；Between domain in hash function and domain hash function by Third Party Authentication number It saves and signs and issues according to central computer, an ordinary node, access node or router are counted to Third Party Authentication data center Calculation machine is registered to obtain between domain hash function and hash function in the domain in domain where oneself；

One ordinary node, access node or router configure address in an inter-domain addresses and domain；Inter-domain addresses By domain name, subnet title and ordinary node title are constituted；Address is made of domain name, subnet title and ordinary node title in domain；

The entitled sky of subnet title and ordinary node of the inter-domain addresses of router, the subnet name of address in the domain of router Claim and the entitled sky of ordinary node；The entitled sky of the ordinary node of the inter-domain addresses of access node, in the domain of access node address The entitled sky of ordinary node；The ordinary node title of the inter-domain addresses of one ordinary node be not it is empty, ordinary node The ordinary node title of address is not empty in domain；

Each router and interchanger safeguard a forwarding table, and a forwarding-table item includes subnet title between domain, son in domain User name claims, interface ID and life cycle domain；

The entitled SN1 of the subnet of access node AP1 is located at domain D1, and the router of domain D1 is R1, and the domain name of router R1 is DN1, access node AP1 obtain between domain hash function H2 in hash function H1 and domain, such as MD5 (Message Digest Algorithm, the entitled Message Digest Algorithm 5 of Chinese), access node AP1 utilizes hash function H1 between domain to calculate subnet Cryptographic Hash HSN1 between the domain of title SN1, access node AP1 are calculated in the domain of subnet title SN1 using hash function H2 in domain and are breathed out Uncommon value HSN2, access node AP1 using cryptographic Hash HDN2 in the domain of hash function H2 calculating domain name DN1 in domain, as formula (1)~ Shown in formula (3)；Access node AP1 executes following processes and establishes forwarding table:

HSN1=H1 (SN1) formula (1)

HSN2=H2 (SN1) formula (2)

HDN2=H2 (DN1) formula (3)

Step 101: starting；

Step 102: access node AP1 creates address in a domain, and the domain name of address is to breathe out in the domain of domain name DN1 in the domain Wish value HDN2, cryptographic Hash HSN2 in the domain of the entitled subnet title SN1 of subnet, the entitled sky of ordinary node；Access node AP1 from Upstream wireline interface sends one and gives out information, which is the address of building, and destination address is sky, load The cryptographic Hash HSN1 between the domain of subnet title SN1；

Step 103: judgement is that router R1 receives publication from downstream interface f2 from downstream interface f1 or interchanger and disappears Breath thens follow the steps 106 if it is router R1, no to then follow the steps 104；

Step 104: interchanger checks forwarding table, if there is a forwarding-table item, subnet name in the domain of the forwarding-table item Claim the subnet title for being equal to the source address that gives out information, which then is updated to send out by subnet title between the domain of the forwarding-table item Cryptographic Hash HSN1 between domain in cloth Message Payload, is updated to f2 for interface ID, sets maximum value, such as 1s for life cycle, Otherwise, which creates a forwarding-table item, and subnet title is equal to the source address that gives out information in the domain of the forwarding-table item Subnet title, subnet title is equal to cryptographic Hash HSN1, interface ID between domain in the load that gives out information between the domain of the forwarding-table item Equal to f2, life cycle is maximum value；

Step 105: receiving the interchanger to give out information from downstream interface f2 and forward this to give out information from Upstream Interface, hold Row step 103；

Step 106: router R1 checks forwarding table, if there is a forwarding-table item, subnet in the domain of the forwarding-table item Title is equal to the subnet title of the source address that gives out information, and subnet title between the domain of the forwarding-table item is then updated to by router R1 Cryptographic Hash HSN1 between the domain to give out information in loading, is updated to f1 for interface ID, sets maximum value for life cycle, otherwise, Router R1 creates a forwarding-table item, and subnet title is equal to the subnet name of the source address that gives out information in the domain of the forwarding-table item Claiming, subnet title is equal to cryptographic Hash HSN1, interface ID between the domain in the load that gives out information and is equal to f1 between the domain of the forwarding-table item, Life cycle is maximum value；

Step 107: terminating.

Access node establishes forwarding table by the above process to establish optimal routed path by forwarding table, forwards Table realizes the correct forwarding of message by interface ID, so that it is guaranteed that the correctness of communication, meanwhile, the above process passes through life cycle Ensure the real-time and validity of forwarding table, so that it is guaranteed that the validity and correctness of communication.

In the method for the invention, router safeguards a domain table, domain list item include domain name, distance, interface ID and Life cycle domain；Router R1 is located in the D1 of domain, domain name DN1, between router R1 acquisition domain after hash function H1, uses Hash Cryptographic Hash HDN1 then executes following processes and establishes domain table as shown in formula (4) between the domain of function H1 calculating domain name DN1:

HDN1=H1 (DN1) formula (4)

Step 201: starting；

Step 202: router R1 creates an inter-domain addresses, and the domain name of the inter-domain addresses is cryptographic Hash HDN1, subnet name Claim and ordinary node title is sky；Router R1 sends a domain and gives out information, and the source address which gives out information is building Inter-domain addresses, destination address is sky, is loaded as parameter t1, and the initial value of parameter t1 is 0；

Step 203: router receives after domain gives out information from Upstream Interface u1, parameter domain to be given out information in load The value of t1 is incremented by 1, which detects the domain table of oneself, judges whether there is a domain list item, and the domain name of the domain list item is equal to The domain give out information source address domain name and apart from thresholding be less than the domain give out information load in parameter t1, if it is execute step Rapid 204, it is no to then follow the steps 205；

Step 204: receiving the router that domain gives out information from Upstream Interface u1 and abandon the domain and give out information, execute step 209；

Step 205: receiving the domain table that the router that domain gives out information detects oneself from Upstream Interface u1, judge whether to deposit In a domain list item, the domain name of the domain list item be equal to the domain give out information source address domain name and be equal to or more than apart from thresholding The domain gives out information parameter t1 in load, no to then follow the steps 207 if it is thening follow the steps 206；

Step 206: the router that domain gives out information, which is received, from Upstream Interface u1 selects a domain list item, the domain list item Domain name be equal to the domain give out information source address domain name and apart from thresholding be equal to or more than the domain give out information load in parameter The domain list item is updated to the parameter t1 that the domain gives out information in load apart from thresholding by t1, the router, and interface ID is updated to U1, life cycle are set as maximum value, such as 500ms, execute step 208；

Step 207: the router that domain gives out information, which is received, from Upstream Interface u1 creates a domain list item, the domain list item Domain name is equal to the domain and gives out information the domain name of source address, is equal to the domain apart from thresholding and gives out information parameter t1, interface ID in load Equal to u1, life cycle is set as maximum value；

Step 208: receiving router that domain gives out information from each of other than interface u1 from Upstream Interface u1 Trip interface forwards the domain to give out information, and executes step 203；

Step 209: terminating.

Router establishes domain table by the above process to establish the optimal routed path between not same area, domain by domain table Table realizes the correct forwarding of message by interface ID, so that it is guaranteed that communication is just by realizing shortest route path apart from thresholding True property, meanwhile, the above process ensures the real-time and validity of forwarding table by life cycle, so that it is guaranteed that communication is effective Property and correctness.

It is DN1 in the domain name of router R1, hash function is the condition of H2 in the domain in place domain in the method for the invention Under, router R1 is periodically executed the domain name that operations described below issues oneself:

Step 301: starting；

Step 302: router R1 creates address in a domain, and the domain name of address is to be calculated using hash function H2 in the domain The cryptographic Hash of obtained domain name DN1, subnet title and the entitled sky of ordinary node；Router R1 is from each downstream interface sending domain Name gives out information, and the source address which gives out information is address in the domain of building, and destination address is sky, loads as domain name DN1；

Step 303: judgement is that access node or interchanger receive the domain name from Upstream Interface and give out information, if it is Access node thens follow the steps 305, no to then follow the steps 304；

Step 304: interchanger receives after the domain name gives out information from Upstream Interface, saves the domain name and gives out information load In domain name DN1, then forward the domain name to give out information from each downstream interface, execute step 303；

Step 305: access node receives after the domain name gives out information from Upstream Interface, save the domain name give out information it is negative Then the subnet title of oneself is added to the domain name and given out information in load by the domain name DN1 in load, should from downstream interface forwarding Domain name gives out information；

Step 306: ordinary node receives after domain name gives out information, and saves the domain name that the domain name gives out information in load The subnet title of DN1 and place subnet；

Step 307: terminating.

Router issues the domain name of oneself by the above process, in this way, node can save router publication domain name with And the subnet of place subnet is to obtain required data from the subnet.Since the above process is encrypted by hash function, because For the safety for realizing domain name publication.

In the method for the invention, an access node, interchanger and router respectively save an Aggregation Table, and one Polymerizeing list item includes source address, destination address and interface ID；In the entitled NN1 of the ordinary node of ordinary node N1, it is located at domain D1 In, the router in the D1 of domain is R1, and the domain name of router R1 is DN1, and ordinary node N1 is connected with access node AP1 link, connects The entitled SN1 of the subnet of ingress AP1, the entitled NN2 of the ordinary node of ordinary node N2 are located in the D1 of domain, with access node AP1 link is connected, and hash function is H1 between domain, under conditions of hash function is H2 in the domain of domain D1, under ordinary node N1 passes through State the communication of process realization and ordinary node N2:

Step 401: starting；

Step 402: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to utilize hash function in the domain The cryptographic Hash for the domain name DN1 that H2 is calculated, the entitled subnet title SN1's being calculated using hash function H2 of subnet Cryptographic Hash, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 is that ordinary node N2 creates address in domain, and the domain name of address is the domain name DN1 being calculated using hash function H2 in the domain Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node title For the cryptographic Hash for the ordinary node title NN2 being calculated using hash function H2；Ordinary node N1 is ordinary node N2 creation Inter-domain addresses, the domain name of the inter-domain addresses are the cryptographic Hash using the hash function H1 domain name DN1 being calculated, and subnet is entitled Using the cryptographic Hash of the hash function H1 subnet title SN1 being calculated, ordinary node is entitled to be calculated using hash function H1 The cryptographic Hash of obtained ordinary node title NN2；Ordinary node N1 sends a request message, and the source address of the request message is Address in the domain of oneself, destination address are address in the domain of ordinary node N2, are loaded as the inter-domain addresses of ordinary node N2；

Step 403: access node AP1 checks Aggregation Table after receiving request message from downstream interface；It judges whether there is One polymerization list item, the source address of the polymerization list item are equal to the source address of the request message, and destination address is equal to the request message Destination address, it is no to then follow the steps 404 if it is thening follow the steps 410；

Step 404: the access node AP1 for receiving request message from downstream interface creates a polymerization list item, the polymerization The source address and destination address of list item are respectively equal to the source address and destination address of the request message, and interface ID, which is equal to, receives this The interface ID of the interface of request message；Access node AP1 checks Aggregation Table, if at least there are two polymerization list items, the two The destination address of polymerization list item is equal to the destination address of the request message received or at least there is a polymerization list item, this is poly- The destination address for closing list item is equal to inter-domain addresses in request message load, thens follow the steps 410, no to then follow the steps 405；

Step 405: if detecting the mesh of the request message from the access node AP1 that downstream interface receives request message Address subnet title be equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain, then hold Row step 406, it is no to then follow the steps 413；

Step 406: the access node AP1 for receiving request message from downstream interface forwards the request to disappear from downstream interface Breath；

Step 407: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 409, no to then follow the steps 408；

Step 408；The ordinary node for receiving the request message abandons the request message, executes step 410；

Step 409: the ordinary node for receiving the request message sends a response message, the source address of the response message For the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads as request Inter-domain addresses and response data in Message Payload；

Step 410: access node AP1 checks Aggregation Table after receiving response message；Access node AP1 chooses all purposes Address is equal to the polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, Access node AP1 executes operations described below: the destination address of the response message is updated to the source of the polymerization list item by access node AP1 Address thresholding, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item；

Step 411: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 412, no to then follow the steps 413；

Step 412: receive the response message ordinary node save the response message load in response data；

Step 413: terminating.

Node realizes the communication with local node by the above process, and the above process realizes request by Aggregation Table and gathers It closes, in this way, multiple nodes can obtain response data by a data communication, to reduce data communication delays and cost.

In the method for the invention, in the entitled NN1 of the ordinary node of ordinary node N1, it is located in the D1 of domain, in the D1 of domain Router is R1, and the domain name of router R1 is DN1, and ordinary node N1 is connected with access node AP1 link, access node AP1's The entitled SN1 of subnet；The entitled NN3 of the ordinary node of ordinary node N3 is located in the D1 of domain, is connected with access node AP3 link, The entitled SN3 of the subnet of access node AP3, hash function is H1 between domain, under conditions of hash function is H2 in the domain of domain D1, Ordinary node N1 realizes the communication with ordinary node N3 by following processes:

Step 501: starting；

Step 502: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to utilize hash function in the domain The cryptographic Hash for the domain name DN1 that H2 is calculated, the entitled subnet title SN1's being calculated using hash function H2 of subnet Cryptographic Hash, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 is that ordinary node N3 creates address in domain, and the domain name of address is the domain name DN1 being calculated using hash function H2 in the domain Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node title For the cryptographic Hash for the ordinary node title NN3 being calculated using hash function H2；Ordinary node N1 is ordinary node N3 creation Inter-domain addresses, the domain name of the inter-domain addresses are the cryptographic Hash using the hash function H1 domain name DN1 being calculated, and subnet is entitled Using the cryptographic Hash of the hash function H1 subnet title SN1 being calculated, ordinary node is entitled to be calculated using hash function H1 The cryptographic Hash of obtained ordinary node title NN3；Ordinary node N1 sends a request message, and the source address of the request message is Address in the domain of oneself, destination address are address in the domain of ordinary node N3, are loaded as the inter-domain addresses of ordinary node N3；

Step 503: forwarding device checks Aggregation Table after receiving request message from interface x1；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 514, it is no to then follow the steps 504；

Step 504: the forwarding device for receiving request message from interface x1 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x1；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, or at least there is a polymerization list item, the destination address of the polymerization list item is loaded equal to the request message In inter-domain addresses, then follow the steps 514, it is no to then follow the steps 505；

Step 505: if the forwarding device for receiving the request message is AP1, thening follow the steps 506, otherwise execute step Rapid 508；

Step 506: if the access node AP1 for receiving request message detects the son of the destination address of the request message User name claims to then follow the steps not equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain 507, it is no to then follow the steps 518；

Step 507: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step Rapid 503；

Step 508: if the forwarding device for receiving the request message is AP3, thening follow the steps 510, otherwise execute step Rapid 509；

Step 509: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding Subnet title is equal to the subnet title of the request message destination address between subnet title or domain in the domain of list item, then from this turn The interface that the interface ID of forwarding list item is identified forwards the request message, executes step 503；

Step 510: if the access node AP3 for receiving request message detects the son of the destination address of the request message User name claims to be equal to then follow the steps 511 using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain, It is no to then follow the steps 518；

Step 511: the access node AP3 for receiving request message forwards the request message from downstream interface；

Step 512: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 513, no to then follow the steps 514；

Step 513: the ordinary node for receiving the request message sends a response message, the source address of the response message Equal to the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads to ask Ask inter-domain addresses and response data in Message Payload；

Step 514: if ordinary node receives the response message, then follow the steps 516, it is no to then follow the steps 515；

Step 515: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, forwarding Equipment executes operations described below: the destination address of the response message is updated to the source address field of the polymerization list item by the forwarding device Value, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item, execute step 514；

Step 516: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 517, no to then follow the steps 518；

Step 517: receive the response message ordinary node save the response message load in response data；

Step 518: terminating.

Node realizes the communication with node by the above process, and the above process carries out the correct of message by forwarding table and turns Hair, ensures that the correctness of data communication, request polymerization is realized by Aggregation Table, in this way, multiple nodes can pass through One time data communication obtains response data, to reduce data communication delays and cost.

In the method for the invention, in the entitled NN1 of the ordinary node of ordinary node N1, it is located in the D1 of domain, in the D1 of domain Router is R1, and the domain name of router R1 is DN1, and ordinary node N1 is connected with access node AP1 link, access node AP1's The entitled SN1 of subnet, the entitled NN4 of the ordinary node of ordinary node N4 are located in the D2 of domain, and the router in the D2 of domain is R2, road It is DN2 by the domain name of device R2, ordinary node N4 is connected with access node AP4 link, the entitled SN4 of the subnet of access node AP4, Hash function is H1 between domain, and hash function is H2 in the domain of domain D1, under conditions of hash function is H3 in the domain of domain D2, commonly Node N1 realizes the communication with ordinary node N4 by following processes:

Step 601: starting；

Step 602: ordinary node N1 creates the inter-domain addresses of oneself, and the domain name of the inter-domain addresses is to utilize hash function The cryptographic Hash for the domain name DN1 that H1 is calculated, the entitled subnet title SN1's being calculated using hash function H1 of subnet Cryptographic Hash, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H1 of ordinary node；Ordinary node N1 is that ordinary node N4 creates inter-domain addresses, and the domain name of the inter-domain addresses is the domain name DN2 being calculated using hash function H1 Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN4 being calculated using hash function H1 of subnet, ordinary node title For the cryptographic Hash for the ordinary node title NN4 being calculated using hash function H1；Ordinary node N1 sends a request message, The source address of the request message is the inter-domain addresses of oneself, and destination address is the inter-domain addresses of ordinary node N4, and it is common for loading The ordinary node title NN4 of node N4；

Step 603: forwarding device checks Aggregation Table after receiving request message from interface x2；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 629, it is no to then follow the steps 604；

Step 604: the forwarding device for receiving request message from interface x2 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x2；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, thens follow the steps 621, no to then follow the steps 605；

Step 605: if the forwarding device for receiving the request message is AP1, thening follow the steps 606, otherwise execute step Rapid 608；

Step 606: if the access node AP1 for receiving request message detects the son of the destination address of the request message User name claims not equal to the Hash using oneself subnet title that hash function H1 is calculated between hash function H2 or domain in domain Value, thens follow the steps 607, no to then follow the steps 629；

Step 607: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step Rapid 603；

Step 608: if router R1 receives the request message, then follow the steps 610, it is no to then follow the steps 609；

Step 609: the forwarding device for receiving request message forwards the request message from Upstream Interface, executes step 603；

Step 610: if router R2 receives the request message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the router for receiving request message checks domain table, selects a domain list item, the domain name of the domain list item Equal to the domain name of the request message destination address, the interface identified from the interface ID of the domain list item forwards the request message, holds Row step 610；

Step 612: after router R2 receives the request message from Upstream Interface, a forwarding table is selected, the forwarding table Subnet title is equal to the subnet title of the request message destination address between domain, constructs address in a domain, in the domain domain of address The cryptographic Hash of the entitled domain name DN1 being calculated using hash function H3, subnet name in the domain of the entitled forwarding-table item of subnet Claim, the ordinary node title NN4's in the entitled request message load being calculated using hash function H3 of ordinary node Cryptographic Hash；Router R2 deletes ordinary node title NN4 from request message load, and the address of building is added to the request In the load of message, the interface identified from the interface ID of the forwarding-table item forwards the request message；

Step 613: the forwarding device for receiving request message from interface x3 checks Aggregation Table；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 621, it is no to then follow the steps 614；

Step 614: the forwarding device for receiving request message from interface x3 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x3；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, or at least there is a polymerization list item, the destination address of the polymerization list item is loaded equal to the request message In address, then follow the steps 621, it is no to then follow the steps 615；

Step 615: if the forwarding device for receiving the request message is AP4, thening follow the steps 617, otherwise execute step Rapid 616；

Step 616: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding Subnet title is equal to the subnet title of the request message destination address between subnet title or domain in the domain of list item, then from this turn The interface that the interface ID of forwarding list item is identified forwards the request message, executes step 615；

Step 617: if the access node AP4 for receiving request message detects the son of the destination address of the request message User name, which claims to be equal in the domain using oneself the subnet title being calculated of hash function H3 in hash function H1 between domain or domain, to be breathed out Uncommon value, thens follow the steps 618, no to then follow the steps 629；

Step 618: the access node AP4 for receiving request message forwards the request message from downstream interface；

Step 619: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H3 domain name DN3 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN4 that H3 is calculated, ordinary node is entitled be calculated using hash function H3 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN2 being calculated Value, the cryptographic Hash of the entitled subnet title SN4 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 620, no to then follow the steps 621；

Step 620: the ordinary node for receiving the request message sends a response message, the source address of the response message Equal to the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads to ask Ask the address in Message Payload and response data；

Step 621: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of address in domain in the response message source address or load, for each polymerization list item chosen, forwarding Equipment executes operations described below: the destination address of the response message is updated to the source address field of the polymerization list item by the forwarding device Value, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item；

Step 622: if the forwarding device for receiving response message is R2, then follow the steps 623, it is no to then follow the steps 621；

Step 623: if router R1 receives the response message, then follow the steps 625, it is no to then follow the steps 624；

Step 624: the router for receiving response message checks domain table, selects a domain list item, the domain name of the domain list item Equal to the domain name of the response message destination address, the interface identified from the interface ID of the domain list item forwards the response message, holds Row step 623；

Step 625: judgement is that ordinary node or forwarding device receive the response message, is then held if it is ordinary node Row step 627, it is no to then follow the steps 626；

Step 626: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of address in the response message source address or load, for each polymerization list item chosen, forwarding device Execute operations described below: the destination address of the response message is updated to the source address thresholding of the polymerization list item by the forwarding device, from The interface that the interface ID thresholding of the polymerization list item is identified sends the response message, deletes the polymerization list item, executes step 625；

Step 627: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 628, no to then follow the steps 629；

Step 628: receive the response message ordinary node save the response message load in response data；

Step 629: terminating.

Node realizes the communication with remote node by the above process, the above process by hash function encrypted from And the safety of data communication is realized, in addition, the above process carries out the correct forwarding of message by domain table and forwarding table, thus The correctness for ensuring data communication realizes request polymerization by Aggregation Table, in this way, multiple nodes can pass through a data Communication obtains response data, to reduce data communication delays and cost.

The utility model has the advantages that the present invention provides a kind of network communication implementation method for supporting secret protection, the node passes through Implementation method provided by the present invention can obtain safely the data service of network offer, be accordingly possible to ensure security simultaneously, shorten number According to delay and cost is obtained, improve service quality, present invention can apply to the transmission of important information, such as road conditions monitoring, The fields such as vehicle management, are with a wide range of applications.

Detailed description of the invention

The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, of the invention is above-mentioned And/or otherwise advantage will become apparent.

Fig. 1 establishes forwarding table flow diagram to be of the present invention.

Fig. 2 is table flow diagram in domain of the present invention.

Fig. 3 is publication flow diagram of the present invention.

Fig. 4 is local communication flow diagram of the present invention.

Fig. 5 is data acquisition flow diagram of the present invention.

Fig. 6 is Remote data service flow diagram of the present invention.

Specific embodiment:

The present invention provides a kind of network communication implementation method for supporting secret protection, the node is mentioned through the invention The implementation method of confession can obtain safely the data service of network offer, be accordingly possible to ensure security simultaneously, shorten data acquisition delay And cost, it improves service quality, present invention can apply to transmission of important information, such as road conditions monitoring, vehicle management etc. Field is with a wide range of applications.

Fig. 1 establishes forwarding table flow diagram to be of the present invention.The network includes ordinary node and forwarding device, Forwarding device includes router, interchanger and access node；Network is divided into more than two domains, and each domain includes a road By, more than two interchangers, more than two access nodes and more than two ordinary nodes；

One router has more than two upstream wireline interfaces and more than two downstream wireline interfaces, each upstream Interface is connected with a router, and each downstream interface is connected with interchanger；One interchanger have a upstream wireline interface with More than two downstream wireline interfaces, a Upstream Interface are connected with router or interchanger, a downstream interface with exchange Machine or access node are connected；One access node has a upstream wireline interface and a downstream wireless interface, and upstream connects Mouth is connected with interchanger, and downstream interface is connected with ordinary node；One ordinary node has a wireless interface, with access node Downstream interface link is connected；For each interface by interface ID unique identification, interface ID is that the interface of i is abbreviated as interface i；One access All ordinary nodes that node is connected with the downstream interface link of the access node constitute a subnet；

One router is by domain name unique identification, and an access node is by subnet title unique identification, an ordinary node By an ordinary node title unique identification, ordinary node title has uniqueness in a domain；

Hash function between one domain of the network configuration, hash function in one domain of each configuration of territory；Hash function between domain And hash function is saved and is signed and issued by Third Party Authentication data center computer in domain, an ordinary node, access node or Person's router is registered to Third Party Authentication data center computer to obtain hash function and domain where oneself between domain Hash function in domain；

One ordinary node, access node or router configure address in an inter-domain addresses and domain；Inter-domain addresses By domain name, subnet title and ordinary node title are constituted；Address is made of domain name, subnet title and ordinary node title in domain；

The entitled sky of subnet title and ordinary node of the inter-domain addresses of router, the subnet name of address in the domain of router Claim and the entitled sky of ordinary node；The entitled sky of the ordinary node of the inter-domain addresses of access node, in the domain of access node address The entitled sky of ordinary node；The ordinary node title of the inter-domain addresses of one ordinary node be not it is empty, ordinary node The ordinary node title of address is not empty in domain；

Each router and interchanger safeguard a forwarding table, and a forwarding-table item includes subnet title between domain, son in domain User name claims, interface ID and life cycle domain；

The entitled SN1 of the subnet of access node AP1 is located at domain D1, and the router of domain D1 is R1, and the domain name of router R1 is DN1, access node AP1 obtain between domain that hash function H2, access node AP1 utilize Hash letter between domain in hash function H1 and domain Cryptographic Hash HSN1 between the domain of number H1 calculating subnet title SN1, access node AP1 calculate subnet title using hash function H2 in domain Cryptographic Hash HSN2 in the domain of SN1, access node AP1 calculate cryptographic Hash HDN2 in the domain of domain name DN1 using hash function H2 in domain, As shown in formula (1)~formula (3)；Access node AP1 executes following processes and establishes forwarding table:

HSN1=H1 (SN1) formula (1)

HSN2=H2 (SN1) formula (2)

HDN2=H2 (DN1) formula (3)

Step 101: starting；

Step 102: access node AP1 creates address in a domain, and the domain name of address is to breathe out in the domain of domain name DN1 in the domain Wish value HDN2, cryptographic Hash HSN2 in the domain of the entitled subnet title SN1 of subnet, the entitled sky of ordinary node；Access node AP1 from Upstream wireline interface sends one and gives out information, which is the address of building, and destination address is sky, load The cryptographic Hash HSN1 between the domain of subnet title SN1；

Step 103: judgement is that router R1 receives publication from downstream interface f2 from downstream interface f1 or interchanger and disappears Breath thens follow the steps 106 if it is router R1, no to then follow the steps 104；

Step 104: interchanger checks forwarding table, if there is a forwarding-table item, subnet name in the domain of the forwarding-table item Claim the subnet title for being equal to the source address that gives out information, which then is updated to send out by subnet title between the domain of the forwarding-table item Cryptographic Hash HSN1 between domain in cloth Message Payload, is updated to f2 for interface ID, sets maximum value for life cycle, otherwise, should Interchanger creates a forwarding-table item, and subnet title is equal to the subnet name of the source address that gives out information in the domain of the forwarding-table item Claim, subnet title is equal to cryptographic Hash HSN1, interface ID between the domain in the load that gives out information and is equal between the domain of the forwarding-table item F2, life cycle are maximum value；

Step 105: receiving the interchanger to give out information from downstream interface f2 and forward this to give out information from Upstream Interface, hold Row step 103；

Step 106: router R1 checks forwarding table, if there is a forwarding-table item, subnet in the domain of the forwarding-table item Title is equal to the subnet title of the source address that gives out information, and subnet title between the domain of the forwarding-table item is then updated to by router R1 Cryptographic Hash HSN1 between the domain to give out information in loading, is updated to f1 for interface ID, sets maximum value for life cycle, otherwise, Router R1 creates a forwarding-table item, and subnet title is equal to the subnet name of the source address that gives out information in the domain of the forwarding-table item Claiming, subnet title is equal to cryptographic Hash HSN1, interface ID between the domain in the load that gives out information and is equal to f1 between the domain of the forwarding-table item, Life cycle is maximum value；

Step 107: terminating.

Fig. 2 is table flow diagram in domain of the present invention.Router safeguards that a domain table, a domain list item include domain Name, distance, interface ID and life cycle domain；Router R1 is located in the D1 of domain, domain name DN1, and router R1 obtains Hash between domain After function H1, cryptographic Hash HDN1 then executes following mistakes as shown in formula (4) between the domain of domain name DN1 is calculated with hash function H1 The domain Cheng Jianli table:

HDN1=H1 (DN1) formula (4)

Step 201: starting；

Step 202: router R1 creates an inter-domain addresses, and the domain name of the inter-domain addresses is cryptographic Hash HDN1, subnet name Claim and ordinary node title is sky；Router R1 sends a domain and gives out information, and the source address which gives out information is building Inter-domain addresses, destination address is sky, is loaded as parameter t1, and the initial value of parameter t1 is 0；

Step 203: router receives after domain gives out information from Upstream Interface u1, parameter domain to be given out information in load The value of t1 is incremented by 1, which detects the domain table of oneself, judges whether there is a domain list item, and the domain name of the domain list item is equal to The domain give out information source address domain name and apart from thresholding be less than the domain give out information load in parameter t1, if it is execute step Rapid 204, it is no to then follow the steps 205；

Step 204: receiving the router that domain gives out information from Upstream Interface u1 and abandon the domain and give out information, execute step 209；

Step 205: receiving the domain table that the router that domain gives out information detects oneself from Upstream Interface u1, judge whether to deposit In a domain list item, the domain name of the domain list item be equal to the domain give out information source address domain name and be equal to or more than apart from thresholding The domain gives out information parameter t1 in load, no to then follow the steps 207 if it is thening follow the steps 206；

Step 206: the router that domain gives out information, which is received, from Upstream Interface u1 selects a domain list item, the domain list item Domain name be equal to the domain give out information source address domain name and apart from thresholding be equal to or more than the domain give out information load in parameter The domain list item is updated to the parameter t1 that the domain gives out information in load apart from thresholding by t1, the router, and interface ID is updated to U1, life cycle are set as maximum value, execute step 208；

Step 207: the router that domain gives out information, which is received, from Upstream Interface u1 creates a domain list item, the domain list item Domain name is equal to the domain and gives out information the domain name of source address, is equal to the domain apart from thresholding and gives out information parameter t1, interface ID in load Equal to u1, life cycle is set as maximum value；

Step 208: receiving router that domain gives out information from each of other than interface u1 from Upstream Interface u1 Trip interface forwards the domain to give out information, and executes step 203；

Step 209: terminating.

Fig. 3 is publication flow diagram of the present invention.It is DN1 in the domain name of router R1, is breathed out in the domain in place domain Under conditions of uncommon function is H2, router R1 is periodically executed the domain name that operations described below issues oneself:

Step 301: starting；

Step 302: router R1 creates address in a domain, and the domain name of address is to be calculated using hash function H2 in the domain The cryptographic Hash of obtained domain name DN1, subnet title and the entitled sky of ordinary node；Router R1 is from each downstream interface sending domain Name gives out information, and the source address which gives out information is address in the domain of building, and destination address is sky, loads as domain name DN1；

Step 303: judgement is that access node or interchanger receive the domain name from Upstream Interface and give out information, if it is Access node thens follow the steps 305, no to then follow the steps 304；

Step 304: interchanger receives after the domain name gives out information from Upstream Interface, saves the domain name and gives out information load In domain name DN1, then forward the domain name to give out information from each downstream interface, execute step 303；

Step 305: access node receives after the domain name gives out information from Upstream Interface, save the domain name give out information it is negative Then the subnet title of oneself is added to the domain name and given out information in load by the domain name DN1 in load, should from downstream interface forwarding Domain name gives out information；

Step 306: ordinary node receives after domain name gives out information, and saves the domain name that the domain name gives out information in load The subnet title of DN1 and place subnet；

Step 307: terminating.

Fig. 4 is local communication flow diagram of the present invention.One access node, interchanger and router are respectively An Aggregation Table is saved, a polymerization list item includes source address, destination address and interface ID；In the ordinary node of ordinary node N1 Entitled NN1 is located in the D1 of domain, and the router in the D1 of domain is R1, and the domain name of router R1 is DN1, ordinary node N1 and access Node AP1 link is connected, and the entitled SN1 of the subnet of access node AP1, the entitled NN2 of the ordinary node of ordinary node N2 are located at In the D1 of domain, it is connected with access node AP1 link, hash function is H1 between domain, and hash function is the condition of H2 in the domain of domain D1 Under, ordinary node N1 realizes the communication with ordinary node N2 by following processes:

Step 401: starting；

Step 402: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to utilize hash function H2 in the domain The cryptographic Hash for the domain name DN1 being calculated, the Kazakhstan of the entitled subnet title SN1 being calculated using hash function H2 of subnet Uncommon value, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 Address in domain is created for ordinary node N2, the domain name of address is to utilize the hash function H2 domain name DN1's being calculated in the domain Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node are entitled Utilize the cryptographic Hash of the hash function H2 ordinary node title NN2 being calculated；Ordinary node N1 is that ordinary node N2 creates domain Between address, the domain names of the inter-domain addresses is to utilize the cryptographic Hash of the hash function H1 domain name DN1 being calculated, the entitled benefit of subnet With the cryptographic Hash of the hash function H1 subnet title SN1 being calculated, ordinary node is entitled to be calculated using hash function H1 The cryptographic Hash of the ordinary node title NN2 arrived；Ordinary node N1 sends a request message, and the source address of the request message is certainly Address in oneself domain, destination address are address in the domain of ordinary node N2, are loaded as the inter-domain addresses of ordinary node N2；

Step 403: access node AP1 checks Aggregation Table after receiving request message from downstream interface；It judges whether there is One polymerization list item, the source address of the polymerization list item are equal to the source address of the request message, and destination address is equal to the request message Destination address, it is no to then follow the steps 404 if it is thening follow the steps 410；

Step 404: the access node AP1 for receiving request message from downstream interface creates a polymerization list item, the polymerization The source address and destination address of list item are respectively equal to the source address and destination address of the request message, and interface ID, which is equal to, receives this The interface ID of the interface of request message；Access node AP1 checks Aggregation Table, if at least there are two polymerization list items, the two The destination address of polymerization list item is equal to the destination address of the request message received or at least there is a polymerization list item, this is poly- The destination address for closing list item is equal to inter-domain addresses in request message load, thens follow the steps 410, no to then follow the steps 405；

Step 405: if detecting the mesh of the request message from the access node AP1 that downstream interface receives request message Address subnet title be equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain, then hold Row step 406, it is no to then follow the steps 413；

Step 406: the access node AP1 for receiving request message from downstream interface forwards the request to disappear from downstream interface Breath；

Step 407: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 409, no to then follow the steps 408；

Step 408；The ordinary node for receiving the request message abandons the request message, executes step 410；

Step 409: the ordinary node for receiving the request message sends a response message, the source address of the response message For the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads as request Inter-domain addresses and response data in Message Payload；

Step 410: access node AP1 checks Aggregation Table after receiving response message；Access node AP1 chooses all purposes Address is equal to the polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, Access node AP1 executes operations described below: the destination address of the response message is updated to the source of the polymerization list item by access node AP1 Address thresholding, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item；

Step 411: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 412, no to then follow the steps 413；

Step 412: receive the response message ordinary node save the response message load in response data；

Step 413: terminating.

Fig. 5 is data acquisition flow diagram of the present invention.In the entitled NN1 of the ordinary node of ordinary node N1, In the D1 of domain, the router in the D1 of domain is R1, and the domain name of router R1 is DN1, ordinary node N1 and access node AP1 link It is connected, the entitled SN1 of the subnet of access node AP1；The entitled NN3 of the ordinary node of ordinary node N3 is located in the D1 of domain, and connects Ingress AP3 link is connected, the entitled SN3 of the subnet of access node AP3, and hash function is H1, Hash in the domain of domain D1 between domain Under conditions of function is H2, ordinary node N1 realizes the communication with ordinary node N3 by following processes:

Step 501: starting；

Step 502: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to utilize hash function in the domain The cryptographic Hash for the domain name DN1 that H2 is calculated, the entitled subnet title SN1's being calculated using hash function H2 of subnet Cryptographic Hash, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 is that ordinary node N3 creates address in domain, and the domain name of address is the domain name DN1 being calculated using hash function H2 in the domain Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node title For the cryptographic Hash for the ordinary node title NN3 being calculated using hash function H2；Ordinary node N1 is ordinary node N3 creation Inter-domain addresses, the domain name of the inter-domain addresses are the cryptographic Hash using the hash function H1 domain name DN1 being calculated, and subnet is entitled Using the cryptographic Hash of the hash function H1 subnet title SN1 being calculated, ordinary node is entitled to be calculated using hash function H1 The cryptographic Hash of obtained ordinary node title NN3；Ordinary node N1 sends a request message, and the source address of the request message is Address in the domain of oneself, destination address are address in the domain of ordinary node N3, are loaded as the inter-domain addresses of ordinary node N3；

Step 503: forwarding device checks Aggregation Table after receiving request message from interface x1；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 514, it is no to then follow the steps 504；

Step 504: the forwarding device for receiving request message from interface x1 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x1；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, or at least there is a polymerization list item, the destination address of the polymerization list item is loaded equal to the request message In inter-domain addresses, then follow the steps 514, it is no to then follow the steps 505；

Step 505: if the forwarding device for receiving the request message is AP1, thening follow the steps 506, otherwise execute step Rapid 508；

Step 506: if the access node AP1 for receiving request message detects the son of the destination address of the request message User name claims to then follow the steps not equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain 507, it is no to then follow the steps 518；

Step 507: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step Rapid 503；

Step 508: if the forwarding device for receiving the request message is AP3, thening follow the steps 510, otherwise execute step Rapid 509；

Step 509: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding Subnet title is equal to the subnet title of the request message destination address between subnet title or domain in the domain of list item, then from this turn The interface that the interface ID of forwarding list item is identified forwards the request message, executes step 503；

Step 510: if the access node AP3 for receiving request message detects the son of the destination address of the request message User name claims to be equal to then follow the steps using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain 511, it is no to then follow the steps 518；

Step 511: the access node AP3 for receiving request message forwards the request message from downstream interface；

Step 512: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 513, no to then follow the steps 514；

Step 513: the ordinary node for receiving the request message sends a response message, the source address of the response message Equal to the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads to ask Ask inter-domain addresses and response data in Message Payload；

Step 514: if ordinary node receives the response message, then follow the steps 516, it is no to then follow the steps 515；

Step 515: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, forwarding Equipment executes operations described below: the destination address of the response message is updated to the source address field of the polymerization list item by the forwarding device Value, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item, execute step 514；

Step 516: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 517, no to then follow the steps 518；

Step 517: receive the response message ordinary node save the response message load in response data；

Step 518: terminating.

Fig. 6 is Remote data service flow diagram of the present invention.It is entitled in the ordinary node of ordinary node N1 NN1 is located in the D1 of domain, and the router in the D1 of domain is R1, and the domain name of router R1 is DN1, ordinary node N1 and access node AP1 Link is connected, the entitled SN1 of the subnet of access node AP1, the entitled NN4 of the ordinary node of ordinary node N4, is located in the D2 of domain, Router in the D2 of domain is R2, and the domain name of router R2 is DN2, and ordinary node N4 is connected with access node AP4 link, is accessed The entitled SN4 of the subnet of node AP4, hash function is H1 between domain, and hash function is H2, Kazakhstan in the domain of domain D2 in the domain of domain D1 Under conditions of uncommon function is H3, ordinary node N1 realizes the communication with ordinary node N4 by following processes:

Step 601: starting；

Step 602: ordinary node N1 creates the inter-domain addresses of oneself, and the domain name of the inter-domain addresses is to utilize hash function The cryptographic Hash for the domain name DN1 that H1 is calculated, the entitled subnet title SN1's being calculated using hash function H1 of subnet Cryptographic Hash, the cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H1 of ordinary node；Ordinary node N1 is that ordinary node N4 creates inter-domain addresses, and the domain name of the inter-domain addresses is the domain name DN2 being calculated using hash function H1 Cryptographic Hash, the cryptographic Hash of the entitled subnet title SN4 being calculated using hash function H1 of subnet, ordinary node title For the cryptographic Hash for the ordinary node title NN4 being calculated using hash function H1；Ordinary node N1 sends a request message, The source address of the request message is the inter-domain addresses of oneself, and destination address is the inter-domain addresses of ordinary node N4, and it is common for loading The ordinary node title NN4 of node N4；

Step 603: forwarding device checks Aggregation Table after receiving request message from interface x2；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 629, it is no to then follow the steps 604；

Step 604: the forwarding device for receiving request message from interface x2 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x2；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, thens follow the steps 621, no to then follow the steps 605；

Step 605: if the forwarding device for receiving the request message is AP1, thening follow the steps 606, otherwise execute step Rapid 608；

Step 606: if the access node AP1 for receiving request message detects the son of the destination address of the request message User name claims not equal to the Hash using oneself subnet title that hash function H1 is calculated between hash function H2 or domain in domain Value, thens follow the steps 607, no to then follow the steps 629；

Step 607: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step Rapid 603；

Step 608: if router R1 receives the request message, then follow the steps 610, it is no to then follow the steps 609；

Step 609: the forwarding device for receiving request message forwards the request message from Upstream Interface, executes step 603；

Step 610: if router R2 receives the request message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the router for receiving request message checks domain table, selects a domain list item, the domain name of the domain list item Equal to the domain name of the request message destination address, the interface identified from the interface ID of the domain list item forwards the request message, holds Row step 610；

Step 612: after router R2 receives the request message from Upstream Interface, a forwarding table is selected, the forwarding table Subnet title is equal to the subnet title of the request message destination address between domain, constructs address in a domain, in the domain domain of address The cryptographic Hash of the entitled domain name DN1 being calculated using hash function H3, subnet name in the domain of the entitled forwarding-table item of subnet Claim, the ordinary node title NN4's in the entitled request message load being calculated using hash function H3 of ordinary node Cryptographic Hash；Router R2 deletes ordinary node title NN4 from request message load, and the address of building is added to the request In the load of message, the interface identified from the interface ID of the forwarding-table item forwards the request message；

Step 613: the forwarding device for receiving request message from interface x3 checks Aggregation Table；If there is an Aggregation Table , the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, Then follow the steps 621, it is no to then follow the steps 614；

Step 614: the forwarding device for receiving request message from interface x3 creates a polymerization list item, the polymerization list item Source address and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x3；Forwarding device is looked into See Aggregation Table, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request received and disappears The destination address of breath, or at least there is a polymerization list item, the destination address of the polymerization list item is loaded equal to the request message In address, then follow the steps 621, it is no to then follow the steps 615；

Step 615: if the forwarding device for receiving the request message is AP4, thening follow the steps 617, otherwise execute step Rapid 616；

Step 616: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding Subnet title is equal to the subnet title of the request message destination address between subnet title or domain in the domain of list item, then from this turn The interface that the interface ID of forwarding list item is identified forwards the request message, executes step 615；

Step 617: if the access node AP4 for receiving request message detects the son of the destination address of the request message User name, which claims to be equal in the domain using oneself the subnet title being calculated of hash function H3 in hash function H1 between domain or domain, to be breathed out Uncommon value, thens follow the steps 618, no to then follow the steps 629；

Step 618: the access node AP4 for receiving request message forwards the request message from downstream interface；

Step 619: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H3 domain name DN3 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN4 that H3 is calculated, ordinary node is entitled be calculated using hash function H3 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN2 being calculated Value, the cryptographic Hash of the entitled subnet title SN4 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the request message, thens follow the steps 620, no to then follow the steps 621；

Step 620: the ordinary node for receiving the request message sends a response message, the source address of the response message Equal to the destination address of the request message, the destination address of the response message is equal to the source address of the request message, loads to ask Ask the address in Message Payload and response data；

Step 621: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of address in domain in the response message source address or load, for each polymerization list item chosen, forwarding Equipment executes operations described below: the destination address of the response message is updated to the source address field of the polymerization list item by the forwarding device Value, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item；

Step 622: if the forwarding device for receiving response message is R2, then follow the steps 623, it is no to then follow the steps 621；

Step 623: if router R1 receives the response message, then follow the steps 625, it is no to then follow the steps 624；

Step 624: the router for receiving response message checks domain table, selects a domain list item, the domain name of the domain list item Equal to the domain name of the response message destination address, the interface identified from the interface ID of the domain list item forwards the response message, holds Row step 623；

Step 625: judgement is that ordinary node or forwarding device receive the response message, is then held if it is ordinary node Row step 627, it is no to then follow the steps 626；

Step 626: forwarding device checks Aggregation Table after receiving response message；The forwarding device chooses all purposes address Equal to the polymerization list item of address in the response message source address or load, for each polymerization list item chosen, forwarding device Execute operations described below: the destination address of the response message is updated to the source address thresholding of the polymerization list item by the forwarding device, from The interface that the interface ID thresholding of the polymerization list item is identified sends the response message, deletes the polymerization list item, executes step 625；

Step 627: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；The domain The domain name of interior address is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to utilize hash function The cryptographic Hash for the subnet title SN1 that H2 is calculated, ordinary node is entitled be calculated using hash function H2 oneself The cryptographic Hash of ordinary node title；The domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN1 being calculated Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title of oneself that uncommon function H1 is calculated；If in the domain of the ordinary node between address or domain Address is equal to the destination address of the response message, thens follow the steps 628, no to then follow the steps 629；

Step 628: receive the response message ordinary node save the response message load in response data；

Step 629: terminating.

Embodiment 1

Based on the simulation parameter of table 1, the present embodiment simulates the network communication that one of present invention supports secret protection Implementation method, performance evaluation are as follows: when source node at a distance from destination node farther out when, data communication cost is larger, when source save When the distance of point and destination node is smaller, data communication cost is smaller, and data communication average cost is 5.8.

1 simulation parameter of table

The present invention provides a kind of thinkings of network communication implementation method for supporting secret protection, implement the technical side There are many method and approach of case, the above is only a preferred embodiment of the present invention, it is noted that for the art For those of ordinary skill, various improvements and modifications may be made without departing from the principle of the present invention, these improvement It also should be regarded as protection scope of the present invention with retouching.The available prior art of each component part being not known in the present embodiment is subject to It realizes.

Claims (6)

1. a kind of network communication implementation method for supporting secret protection, which is characterized in that the network includes ordinary node and turns Equipment is sent out, forwarding device includes router, interchanger and access node；Network is divided into more than two domains, and each domain includes One routing, more than two interchangers, more than two access nodes and more than two ordinary nodes；

One router has more than two upstream wireline interfaces and more than two downstream wireline interfaces, each Upstream Interface It is connected with a router, each downstream interface is connected with interchanger；One interchanger has a upstream wireline interface and two Above downstream wireline interface, a Upstream Interface are connected with router or interchanger, downstream interface and interchanger or Person's access node is connected；One access node has a upstream wireline interface and a downstream wireless interface, Upstream Interface with Interchanger is connected, and downstream interface is connected with ordinary node；One ordinary node has a wireless interface, the downstream with access node Interface link is connected；For each interface by interface ID unique identification, interface ID is that the interface of i is abbreviated as interface i；One access node All ordinary nodes being connected with the downstream interface link of the access node constitute a subnet；

One router is by domain name unique identification, and an access node is by subnet title unique identification, and an ordinary node is by one A ordinary node title unique identification, ordinary node title have uniqueness in a domain；

Hash function between one domain of the network configuration, hash function in one domain of each configuration of territory；Between domain hash function and Hash function is saved and is signed and issued by Third Party Authentication data center computer in domain, an ordinary node, access node or road It is registered from device to Third Party Authentication data center computer to obtain between domain hash function and where oneself in the domain in domain Hash function；

One ordinary node, access node or router configure address in an inter-domain addresses and domain；Inter-domain addresses are by domain Name, subnet title and ordinary node title are constituted；Address is made of domain name, subnet title and ordinary node title in domain；

The entitled sky of subnet title and ordinary node of the inter-domain addresses of router, in the domain of router the subnet title of address and The entitled sky of ordinary node；The entitled sky of the ordinary node of the inter-domain addresses of access node, address is general in the domain of access node Logical nodename is sky；The ordinary node title of the inter-domain addresses of one ordinary node be not it is empty, in the domain of an ordinary node The ordinary node title of address is not empty；

Each router and interchanger safeguard a forwarding table, and a forwarding-table item includes subnet title between domain, subnet name in domain Claim, interface ID and life cycle domain；

The entitled SN1 of the subnet of access node AP1 is located at domain D1, and the router of domain D1 is R1, and the domain name of router R1 is DN1, Access node AP1 obtains between domain that hash function H2, access node AP1 utilize hash function H1 between domain in hash function H1 and domain Cryptographic Hash HSN1 between the domain of calculating subnet title SN1, access node AP1 calculate subnet title SN1 using hash function H2 in domain Domain in cryptographic Hash HSN2, access node AP1 calculates cryptographic Hash HDN2 in the domain of domain name DN1 using hash function H2 in domain, such as Shown in formula (1)~formula (3)；Access node AP1 executes following processes and establishes forwarding table:

HSN1=H1 (SN1) formula (1)

HSN2=H2 (SN1) formula (2)

HDN2=H2 (DN1) formula (3)

Step 101: starting；

Step 102: access node AP1 creates address in a domain, and the domain name of address is cryptographic Hash in the domain of domain name DN1 in the domain HDN2, cryptographic Hash HSN2 in the domain of the entitled subnet title SN1 of subnet, the entitled sky of ordinary node；Access node AP1 is from upstream Wireline interface sends one and gives out information, which is the address of building, and destination address is sky, loads as son User name claims cryptographic Hash HSN1 between the domain of SN1；

Step 103: judgement is that router R1 is received from downstream interface f2 from downstream interface f1 or interchanger and given out information, such as Fruit is that router R1 thens follow the steps 106, no to then follow the steps 104；

Step 104: interchanger checks forwarding table, if there is a forwarding-table item, subnet title etc. in the domain of the forwarding-table item In the subnet title of the source address that gives out information, which is then updated to publication for subnet title between the domain of the forwarding-table item and disappears Cryptographic Hash HSN1 between domain in breath load, is updated to f2 for interface ID, sets maximum value for life cycle, otherwise, the exchange Machine creates a forwarding-table item, and subnet title is equal to the subnet title of the source address that gives out information in the domain of the forwarding-table item, should Subnet title is equal to cryptographic Hash HSN1, interface ID between the domain in the load that gives out information and is equal to f2, life between the domain of forwarding-table item Period is maximum value；

Step 105: receiving the interchanger to give out information from downstream interface f2 and forward this to give out information from Upstream Interface, execute step Rapid 103；

Step 106: router R1 checks forwarding table, if there is a forwarding-table item, subnet title in the domain of the forwarding-table item Equal to the subnet title of the source address that gives out information, subnet title between the domain of the forwarding-table item then is updated to issue by router R1 Cryptographic Hash HSN1 between domain in Message Payload, is updated to f1 for interface ID, sets maximum value for life cycle, otherwise, routing Device R1 creates a forwarding-table item, and subnet title is equal to the subnet title of the source address that gives out information in the domain of the forwarding-table item, Subnet title is equal to cryptographic Hash HSN1 between the domain in the load that gives out information between the domain of the forwarding-table item, and interface ID is equal to f1, raw The life period is maximum value；

Step 107: terminating.

2. a kind of network communication implementation method for supporting secret protection according to claim 1, which is characterized in that router Safeguard that a domain table, a domain list item include domain name, distance, interface ID and life cycle domain；Router R1 is located in the D1 of domain, domain Between entitled DN1, router R1 acquisition domain after hash function H1, cryptographic Hash HDN1 between the domain of domain name DN1 is calculated with hash function H1, As shown in formula (4), then executes following processes and establishes domain table:

HDN1=H1 (DN1) formula (4)

Step 201: starting；

Step 202: router R1 creates an inter-domain addresses, and the domain names of the inter-domain addresses is cryptographic Hash HDN1, subnet title and Ordinary node title is sky；Router R1 sends a domain and gives out information, and the source address which gives out information is the domain of building Between address, destination address is sky, is loaded as parameter t1, and the initial value of parameter t1 is 0；

Step 203: router receives after domain gives out information from Upstream Interface u1, parameter t1's domain to be given out information in load Value is incremented by 1, which detects the domain table of oneself, judges whether there is a domain list item, and the domain name of the domain list item is equal to the domain The domain name for the source address that gives out information and it is less than the domain apart from thresholding and gives out information parameter t1 in load, if it is thens follow the steps 204, it is no to then follow the steps 205；

Step 204: receiving the router that domain gives out information from Upstream Interface u1 and abandon the domain and give out information, execute step 209；

Step 205: receiving the domain table that the router that domain gives out information detects oneself from Upstream Interface u1, judge whether there is one A domain list item, the domain name of the domain list item be equal to the domain give out information source address domain name and be equal to or more than the domain apart from thresholding Give out information parameter t1 in load, no to then follow the steps 207 if it is thening follow the steps 206；

Step 206: receiving the router that domain gives out information from Upstream Interface u1 and select a domain list item, the domain name of the domain list item Equal to the domain give out information source address domain name and apart from thresholding be equal to or more than the domain give out information load in parameter t1, should The domain list item is updated to the parameter t1 that the domain gives out information in load apart from thresholding by router, and interface ID is updated to u1, raw The life period is set as maximum value, executes step 208；

Step 207: receiving the router that domain gives out information from Upstream Interface u1 and create a domain list item, the domain name of the domain list item It gives out information the domain name of source address equal to the domain, is equal to the domain apart from thresholding and gives out information parameter t1 in load, interface ID is equal to U1, life cycle are set as maximum value；

Step 208: receiving the router that domain gives out information from Upstream Interface u1 and connect from each upstream other than interface u1 Mouth forwards the domain to give out information, and executes step 203；

Step 209: terminating.

3. a kind of network communication implementation method for supporting secret protection according to claim 1, which is characterized in that routing The domain name of device R1 is DN1, and under conditions of hash function is H2 in the domain in place domain, router R1 is periodically executed operations described below publication The domain name of oneself:

Step 301: starting；

Step 302: router R1 creates address in a domain, and the domain name of address is to be calculated using hash function H2 in the domain Domain name DN1 cryptographic Hash, subnet title and the entitled sky of ordinary node；Router R1 sends domain name hair from each downstream interface Cloth message, the source address which gives out information are address in the domain of building, and destination address is sky, are loaded as domain name DN1；

Step 303: judgement is that access node or interchanger receive the domain name from Upstream Interface and give out information, if it is access Node thens follow the steps 305, no to then follow the steps 304；

Step 304: interchanger receives after the domain name gives out information from Upstream Interface, saves the domain name and gives out information in load Then domain name DN1 forwards the domain name to give out information from each downstream interface, execute step 303；

Step 305: access node receives after the domain name gives out information from Upstream Interface, saves the domain name and gives out information in load Domain name DN1, the subnet title of oneself is then added to the domain name and is given out information in load, forwards the domain name from downstream interface It gives out information；

Step 306: ordinary node receives after domain name gives out information, save the domain name DN1 that the domain name gives out information in load with And the subnet title of place subnet；

Step 307: terminating.

4. a kind of network communication implementation method for supporting secret protection according to claim 1, which is characterized in that one connects Ingress, interchanger and router respectively save an Aggregation Table, and a polymerization list item includes source address, destination address and connects Mouth ID；In the entitled NN1 of the ordinary node of ordinary node N1, it is located in the D1 of domain, the router in the D1 of domain is R1, router R1's Domain name is DN1, and ordinary node N1 is connected with access node AP1 link, the entitled SN1 of the subnet of access node AP1, ordinary node The entitled NN2 of the ordinary node of N2 is located in the D1 of domain, is connected with access node AP1 link, and hash function is H1, domain D1 between domain Domain in hash function be H2 under conditions of, ordinary node N1 by following processes realize and ordinary node N2 communication:

Step 401: starting；

Step 402: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to be calculated using hash function H2 in the domain The cryptographic Hash of obtained domain name DN1, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, The cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 is general Logical node N2 creates address in domain, and the domain name of address is the Hash for utilizing the hash function H2 domain name DN1 being calculated in the domain Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title NN2 that uncommon function H2 is calculated；Ordinary node N1 is that ordinary node N2 creates inter-domain addresses, The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, and subnet is entitled to utilize Hash The cryptographic Hash for the subnet title SN1 that function H1 is calculated, ordinary node is entitled be calculated using hash function H1 it is general The cryptographic Hash of logical nodename NN2；Ordinary node N1 sends a request message, and the source address of the request message is the domain of oneself Interior address, destination address are address in the domain of ordinary node N2, are loaded as the inter-domain addresses of ordinary node N2；

Step 403: access node AP1 checks Aggregation Table after receiving request message from downstream interface；Judge whether there is one It polymerize list item, the source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the mesh of the request message Address, it is no to then follow the steps 404 if it is thening follow the steps 410；

Step 404: the access node AP1 for receiving request message from downstream interface creates a polymerization list item, the polymerization list item Source address and destination address be respectively equal to the source address and destination address of the request message, interface ID, which is equal to, receives the request The interface ID of the interface of message；Access node AP1 checks Aggregation Table, if at least there are two polymerization list items, the two polymerizations The destination address of list item is equal to the destination address of the request message received or at least there is a polymerization list item, the Aggregation Table Destination address be equal to the inter-domain addresses in request message load, then follow the steps 410, it is no to then follow the steps 405；

Step 405: if detecting the destination of the request message from the access node AP1 that downstream interface receives request message The subnet title of location is equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain, then executes step Rapid 406, it is no to then follow the steps 413；

Step 406: the access node AP1 for receiving request message from downstream interface forwards the request message from downstream interface；

Step 407: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to be counted using hash function H2 The cryptographic Hash of obtained subnet title SN1, oneself common that ordinary node is entitled to be calculated using hash function H2 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN1 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the request message, 409 are thened follow the steps, it is no to then follow the steps 408；

Step 408；The ordinary node for receiving the request message abandons the request message, executes step 410；

Step 409: the ordinary node for receiving the request message sends a response message, and the source address of the response message is should The destination address of request message, the destination address of the response message are equal to the source address of the request message, load as request message Inter-domain addresses and response data in load；

Step 410: access node AP1 checks Aggregation Table after receiving response message；Access node AP1 chooses all purposes address Equal to the polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, access Node AP1 executes operations described below: the destination address of the response message is updated to the source address of the polymerization list item by access node AP1 Thresholding, the interface identified from the interface ID thresholding of the polymerization list item send the response message, delete the polymerization list item；

Step 411: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to be counted using hash function H2 The cryptographic Hash of obtained subnet title SN1, oneself common that ordinary node is entitled to be calculated using hash function H2 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN1 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the response message, 412 are thened follow the steps, it is no to then follow the steps 413；

Step 412: receive the response message ordinary node save the response message load in response data；

Step 413: terminating.

5. a kind of network communication implementation method for supporting secret protection according to claim 1, which is characterized in that common The entitled NN1 of the ordinary node of node N1 is located in the D1 of domain, and the router in the D1 of domain is R1, and the domain name of router R1 is DN1, Ordinary node N1 is connected with access node AP1 link, the entitled SN1 of the subnet of access node AP1；The common section of ordinary node N3 The entitled NN3 of point, is located in the D1 of domain, is connected with access node AP3 link, the entitled SN3 of the subnet of access node AP3, between domain Hash function is H1, and under conditions of hash function is H2 in the domain of domain D1, ordinary node N1 is by the realization of following processes and commonly The communication of node N3:

Step 501: starting；

Step 502: ordinary node N1 creates address in the domain of oneself, and the domain name of address is to be calculated using hash function H2 in the domain The cryptographic Hash of obtained domain name DN1, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, The cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H2 of ordinary node；Ordinary node N1 is general Logical node N3 creates address in domain, and the domain name of address is the Hash for utilizing the hash function H2 domain name DN1 being calculated in the domain Value, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H2 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title NN3 that uncommon function H2 is calculated；Ordinary node N1 is that ordinary node N3 creates inter-domain addresses, The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, and subnet is entitled to utilize Hash The cryptographic Hash for the subnet title SN1 that function H1 is calculated, ordinary node is entitled be calculated using hash function H1 it is general The cryptographic Hash of logical nodename NN3；Ordinary node N1 sends a request message, and the source address of the request message is the domain of oneself Interior address, destination address are address in the domain of ordinary node N3, are loaded as the inter-domain addresses of ordinary node N3；

Step 503: forwarding device checks Aggregation Table after receiving request message from interface x1；If there is a polymerization list item, The source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, then Step 514 is executed, it is no to then follow the steps 504；

Step 504: the forwarding device for receiving request message from interface x1 creates polymerization list item, the source of the polymerization list item Location and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x1；Forwarding device is checked poly- Table is closed, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request message received Destination address, or at least there is a polymerization list item, the destination address of the polymerization list item is equal in request message load Inter-domain addresses, then follow the steps 514, no to then follow the steps 505；

Step 505: if the forwarding device for receiving the request message is AP1, then follow the steps 506, it is no to then follow the steps 508；

Step 506: if the access node AP1 for receiving request message detects the subnet name of the destination address of the request message Claim not equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain, thening follow the steps 507, it is no Then follow the steps 518；

Step 507: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step 503；

Step 508: if the forwarding device for receiving the request message is AP3, then follow the steps 510, it is no to then follow the steps 509；

Step 509: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding-table item Domain between subnet title or domain subnet title be equal to the request message destination address subnet title, then from the forwarding table The interface that the interface ID of item is identified forwards the request message, executes step 503；

Step 510: if the access node AP3 for receiving request message detects the subnet name of the destination address of the request message Claim to be equal to then follow the steps 511, otherwise using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H2 in domain Execute step 518；

Step 511: the access node AP3 for receiving request message forwards the request message from downstream interface；

Step 512: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to be counted using hash function H2 The cryptographic Hash of obtained subnet title SN1, oneself common that ordinary node is entitled to be calculated using hash function H2 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN1 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the request message, 513 are thened follow the steps, it is no to then follow the steps 514；

Step 513: the ordinary node for receiving the request message sends a response message, and the source address of the response message is equal to The destination address of the request message, the destination address of the response message are equal to the source address of the request message, load and disappear for request Inter-domain addresses and response data in breath load；

Step 514: if ordinary node receives the response message, then follow the steps 516, it is no to then follow the steps 515；

Step 515: forwarding device checks Aggregation Table after receiving response message；The forwarding device is chosen all purposes address and is equal to The polymerization list item of inter-domain addresses in the response message source address or load, for each polymerization list item chosen, forwarding device Execute operations described below: the destination address of the response message is updated to the source address thresholding of the polymerization list item by the forwarding device, from The interface that the interface ID thresholding of the polymerization list item is identified sends the response message, deletes the polymerization list item, executes step 514；

Step 516: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to be counted using hash function H2 The cryptographic Hash of obtained subnet title SN1, oneself common that ordinary node is entitled to be calculated using hash function H2 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN1 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the response message, 517 are thened follow the steps, it is no to then follow the steps 518；

Step 517: receive the response message ordinary node save the response message load in response data；

Step 518: terminating.

6. a kind of network communication implementation method for supporting secret protection according to claim 1, which is characterized in that common The entitled NN1 of the ordinary node of node N1 is located in the D1 of domain, and the router in the D1 of domain is R1, and the domain name of router R1 is DN1, Ordinary node N1 is connected with access node AP1 link, the common section of the subnet of access node AP1 entitled SN1, ordinary node N4 The entitled NN4 of point, is located in the D2 of domain, and the router in the D2 of domain is R2, and the domain name of router R2 is DN2, ordinary node N4 with connect Ingress AP4 link is connected, the entitled SN4 of the subnet of access node AP4, and hash function is H1, Hash in the domain of domain D1 between domain Function is H2, and under conditions of hash function is H3 in the domain of domain D2, ordinary node N1 is realized by following processes and ordinary node The communication of N4:

Step 601: starting；

Step 602: ordinary node N1 creates the inter-domain addresses of oneself, and the domain name of the inter-domain addresses is to be calculated using hash function H1 The cryptographic Hash of obtained domain name DN1, the cryptographic Hash of the entitled subnet title SN1 being calculated using hash function H1 of subnet, The cryptographic Hash of the entitled ordinary node title NN1 being calculated using hash function H1 of ordinary node；Ordinary node N1 is general Logical node N4 creates inter-domain addresses, and the domain name of the inter-domain addresses is the Hash using the hash function H1 domain name DN2 being calculated Value, the cryptographic Hash of the entitled subnet title SN4 being calculated using hash function H1 of subnet, ordinary node is entitled to utilize Kazakhstan The cryptographic Hash for the ordinary node title NN4 that uncommon function H1 is calculated；Ordinary node N1 sends a request message, which disappears The source address of breath is the inter-domain addresses of oneself, and destination address is the inter-domain addresses of ordinary node N4, is loaded as ordinary node N4's Ordinary node title NN4；

Step 603: forwarding device checks Aggregation Table after receiving request message from interface x2；If there is a polymerization list item, The source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, then Step 629 is executed, it is no to then follow the steps 604；

Step 604: the forwarding device for receiving request message from interface x2 creates polymerization list item, the source of the polymerization list item Location and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x2；Forwarding device is checked poly- Table is closed, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request message received Destination address, thens follow the steps 621, no to then follow the steps 605；

Step 605: if the forwarding device for receiving the request message is AP1, then follow the steps 606, it is no to then follow the steps 608；

Step 606: if the access node AP1 for receiving request message detects the subnet name of the destination address of the request message Claim not equal to the cryptographic Hash using oneself subnet title that hash function H1 is calculated between hash function H2 or domain in domain, then Step 607 is executed, it is no to then follow the steps 629；

Step 607: the access node AP1 for receiving request message forwards the request message from Upstream Interface, and executes step 603；

Step 608: if router R1 receives the request message, then follow the steps 610, it is no to then follow the steps 609；

Step 609: the forwarding device for receiving request message forwards the request message from Upstream Interface, executes step 603；

Step 610: if router R2 receives the request message, then follow the steps 612, it is no to then follow the steps 611；

Step 611: the router for receiving request message checks domain table, selects a domain list item, and the domain name of the domain list item is equal to The domain name of the request message destination address, the interface identified from the interface ID of the domain list item forward the request message, execute step Rapid 610；

Step 612: after router R2 receives the request message from Upstream Interface, a forwarding table is selected, between the domain of the forwarding table Subnet title is equal to the subnet title of the request message destination address, constructs address in a domain, the domain name of address is in the domain Using the cryptographic Hash of the hash function H3 domain name DN1 being calculated, subnet title in the domain of the entitled forwarding-table item of subnet is general Logical nodename is the Hash of the ordinary node title NN4 in the request message load being calculated using hash function H3 Value；Router R2 deletes ordinary node title NN4 from request message load, and the address of building is added to the request message Load in, the interface identified from the interface ID of the forwarding-table item forwards the request message；

Step 613: the forwarding device for receiving request message from interface x3 checks Aggregation Table；If there is a polymerization list item, The source address of the polymerization list item is equal to the source address of the request message, and destination address is equal to the destination address of the request message, then Step 621 is executed, it is no to then follow the steps 614；

Step 614: the forwarding device for receiving request message from interface x3 creates polymerization list item, the source of the polymerization list item Location and destination address are respectively equal to the source address and destination address of the request message, and interface ID is equal to x3；Forwarding device is checked poly- Table is closed, if at least there are two polymerization list items, the destination address of the two polymerization list items is equal to the request message received Destination address, or at least there is a polymerization list item, the destination address of the polymerization list item is equal in request message load Address, thens follow the steps 621, no to then follow the steps 615；

Step 615: if the forwarding device for receiving the request message is AP4, then follow the steps 617, it is no to then follow the steps 616；

Step 616: the forwarding device for receiving the request message checks forwarding table, selects a forwarding-table item, the forwarding-table item Domain between subnet title or domain subnet title be equal to the request message destination address subnet title, then from the forwarding table The interface that the interface ID of item is identified forwards the request message, executes step 615；

Step 617: if the access node AP4 for receiving request message detects the subnet name of the destination address of the request message Claim to be equal to using cryptographic Hash in the domain of oneself the subnet title being calculated of hash function H3 in hash function H1 between domain or domain, Then follow the steps 618, it is no to then follow the steps 629；

Step 618: the access node AP4 for receiving request message forwards the request message from downstream interface；

Step 619: after ordinary node receives the request message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H3 domain name DN3 being calculated, and subnet is entitled to be counted using hash function H3 The cryptographic Hash of obtained subnet title SN4, oneself common that ordinary node is entitled to be calculated using hash function H3 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN2 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN4 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the request message, 620 are thened follow the steps, it is no to then follow the steps 621；

Step 620: the ordinary node for receiving the request message sends a response message, and the source address of the response message is equal to The destination address of the request message, the destination address of the response message are equal to the source address of the request message, load and disappear for request Address and response data in breath load；

Step 621: forwarding device checks Aggregation Table after receiving response message；The forwarding device is chosen all purposes address and is equal to In the response message source address or load in domain address polymerization list item, for each polymerization list item chosen, forwarding device Execute operations described below: the destination address of the response message is updated to the source address thresholding of the polymerization list item by the forwarding device, from The interface that the interface ID thresholding of the polymerization list item is identified sends the response message, deletes the polymerization list item；

Step 622: if the forwarding device for receiving response message is R2, then follow the steps 623, it is no to then follow the steps 621；

Step 623: if router R1 receives the response message, then follow the steps 625, it is no to then follow the steps 624；

Step 624: the router for receiving response message checks domain table, selects a domain list item, and the domain name of the domain list item is equal to The domain name of the response message destination address, the interface identified from the interface ID of the domain list item forward the response message, execute step Rapid 623；

Step 625: judgement is that ordinary node or forwarding device receive the response message, then executes step if it is ordinary node Rapid 627, it is no to then follow the steps 626；

Step 626: forwarding device checks Aggregation Table after receiving response message；The forwarding device is chosen all purposes address and is equal to The polymerization list item of address in the response message source address or load, for each polymerization list item chosen, forwarding device is executed Operations described below: the destination address of the response message is updated to the source address thresholding of the polymerization list item by the forwarding device, poly- from this The interface that the interface ID thresholding of conjunction list item is identified sends the response message, deletes the polymerization list item, executes step 625；

Step 627: after ordinary node receives the response message, creating address and inter-domain addresses in the domain of oneself；Ground in the domain The domain name of location is the cryptographic Hash using the hash function H2 domain name DN1 being calculated, and subnet is entitled to be counted using hash function H2 The cryptographic Hash of obtained subnet title SN1, oneself common that ordinary node is entitled to be calculated using hash function H2 The cryptographic Hash of nodename；The domain name of the inter-domain addresses is the cryptographic Hash using the hash function H1 domain name DN1 being calculated, son User name is known as the cryptographic Hash using the hash function H1 subnet title SN1 being calculated, and ordinary node is entitled to utilize Hash letter The cryptographic Hash for the ordinary node title of oneself that number H1 is calculated；If address or inter-domain addresses in the domain of the ordinary node Equal to the destination address of the response message, 628 are thened follow the steps, it is no to then follow the steps 629；

Step 628: receive the response message ordinary node save the response message load in response data；

Step 629: terminating.