CN110071984A

CN110071984A - A kind of network identity mapping method and system and terminal, mark gateway

Info

Publication number: CN110071984A
Application number: CN201810067623.9A
Authority: CN
Inventors: 谢大雄; 郝振武; 吴强; 张军
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2018-01-24
Filing date: 2018-01-24
Publication date: 2019-07-30
Also published as: WO2019144826A1

Abstract

This application discloses a kind of network identity mapping methods and system and terminal, mark gateway, and the network identity mapping method includes: the first corresponding relationship pre-established between the first Internet protocol address of terminal and network identity；Wherein, the user identifier of network identity and terminal is corresponding；According to first corresponding relationship to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.The application carries out the conversion of network identity by the first Internet protocol address of terminal and the first corresponding relationship of network identity to data packet, since the user identifier of network identity and terminal is corresponding, and it will not change with the variation of the first IP address, therefore, realizing through network identity indicates user identity, to improve supervisory efficiency.

Description

A kind of network identity mapping method and system and terminal, mark gateway

Technical field

This application involves internet area, espespecially a kind of network identity mapping method and system and terminal identify gateway.

Background technique

Conventional transmission control protocol (TCP, Transmission Control Protocol)/Internet protocol (IP, Internet Protocol) in network environment, terminal is by access network insertion into internet or enterprise network.Fig. 1 is correlation Technical network composed structure schematic diagram.As shown in Figure 1, comprising:

Terminal (UE, User Equipment): by wired or wireless access technology, it is connected to access gateway, by recognizing IP address is obtained from access gateway after card, then using the application server in IP address access internet or enterprise network；

Access gateway (AGW, Access Gateway): it is different according to different access technology specific forms, such as Packet gateway (PGW, Packet Gateway) in mobile communication, in fixed access BAS Broadband Access Server (BAS, Broadband Access Server), the three-tier switch in enterprise network, the gateway of internet of things in Internet of Things, in certificate server Cooperation under, terminal is authenticated, after certification passes through, from the IP address pond being locally configured with choosing the IP not occupied Distribute to user in location.Therefore with user on-position, the difference of turn-on time, the IP address that user obtains is also different.

Certificate server (AS, Authentication Server): cooperation access gateway recognizes the legitimacy of terminal Card, determines whether terminal allows to access network；

Internet/enterprise network (Internet/Intranet): the business of multiplicity is provided for terminal, terminal uses access net Close distribution IP address and internet/enterprise network in application server communication, IP address as terminal network layer mark, Identification terminal, and guarantee that data packet can correctly be sent to each terminal.

The distribution of usual IP address all uses dynamic IP addressing allocation plan, when user network position changes, just must An IP address must be reacquired, which can only use in the topology location (such as can only be in the administration model of the access gateway Enclose interior use), even if, due to being to dynamically distribute, different time access, the IP address of distribution also can in addition in consolidated network position It is different.

It can be seen that, IP address of terminal is dynamic change from the discussion above, by the IP that carries in IP data packet Location can not be directly linked to user, i.e., present internet or enterprise network are an anonymous networks, this is highly detrimental to network prison Pipe (such as user identity trace to the source, user's behaviors analysis).The relevant technologies distribute log by IP come what is traced to the source, and there are efficiency The low problem low with accuracy.

Summary of the invention

This application provides a kind of network identity mapping methods and system and terminal, mark gateway, can pass through network Mark is to indicate user identity, to improve supervisory efficiency.

This application provides a kind of network identity mapping methods, comprising:

Pre-establish the first corresponding relationship between the first Internet protocol address of terminal and network identity；Wherein, net Network mark is corresponding with the user identifier of terminal；

According to first corresponding relationship to from the terminal or be sent to the terminal data packet carry out network identity Conversion.

Optionally, first corresponding relationship of establishing includes:

Receive the access information of the terminal；Wherein, access information includes the Internet protocol of user identifier and terminal Location；

The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.

Optionally, this method further include:

When being not received by the access information within a preset time, first corresponding relationship is deleted, is managed to mark Reason server sends the offline message of the terminal；

Alternatively, Xiang Suoshu ID management server sends the terminal when receiving the offline message of the terminal Offline message, receives the confirmation message of the ID management server, deletes first corresponding relationship, and to the terminal Return to confirmation message.

Optionally, the corresponding network identity of the inquiry user identifier includes:

In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched The network identity answered；

Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user's mark Know；Receive the network identity that the ID management server returns.

Optionally, this method further include:

Information update message is sent to ID management server；

The confirmation message that the ID management server returns is received, Xiang Suoshu terminal returns to confirmation message.

Optionally, the network identity includes the second Internet protocol address；It is described according to the first corresponding relationship to coming from The conversion that the data packet of terminal carries out network identity includes:

Obtain the first Internet protocol address of the terminal in the data packet from the terminal；At described first pair It should be related to the corresponding network identity of middle lookup first Internet protocol address；By the institute in the data packet from the terminal It states the first Internet protocol address and replaces with the network identity found；

Alternatively, the conversion for carrying out network identity to the data packet for being sent to terminal according to the first corresponding relationship includes:

Obtain the network identity being sent in the data packet of the terminal；The network is searched in first corresponding relationship Identify corresponding first Internet protocol address；Network identity in the data packet for being sent to the terminal is replaced with described first Internet protocol address.

Optionally, the network identity includes the second Internet protocol address and port range, described corresponding according to first Relationship to come self terminal data packet carry out network identity conversion include:

Obtain the first Internet protocol address and the terminal of the terminal in the data packet from the terminal First port；

The corresponding network identity of Internet protocol address of the terminal is searched in the first corresponding relationship；

First Internet protocol address of the terminal in the data packet from the terminal replaced with and is found Second Internet protocol address of network identity replaces the first port of the terminal in the data packet from the terminal For in the port range of the network identity found not using second port；

Establish between the first Internet protocol address, first port, the second Internet protocol address and second port Three corresponding relationships.

Present applicant proposes a kind of network identity mapping methods, comprising:

Obtain access information；Wherein, access information includes the first Internet protocol address of user identifier and terminal；

Access information is sent to mark gateway.

Optionally, it is described by access information be sent to mark gateway include:

The access information is sent to the mark according to the third Internet protocol address of preconfigured mark gateway Know gateway；

Alternatively, the third internet of the mark gateway returned according to domain name system when parsing the domain name of the mark gateway The access information is sent to the mark gateway by protocol address；

Alternatively, the third Internet protocol address of the mark gateway sent according to access gateway sends the access information To the mark gateway.

Optionally, this method further include:

Offline message is sent to the mark gateway；

The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharges the of the terminal One Internet protocol address.

The acquisition network identity request of mark gateway is received, the network identity request carries user identifier；

In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched The network identity answered；Alternatively, according to user identifier distribute network identity, and save between user identifier and network identity second Corresponding relationship；

Network identity is sent to mark gateway.

Optionally, further include User Status in second corresponding relationship, the User Status includes at least one of: It is online, offline.

Optionally, this method further include:

When receiving information update message, updates second corresponding relationship and return to confirmation message to mark gateway；

Alternatively, the User Status in second corresponding relationship is updated to when receiving the offline message of terminal It is offline, and confirmation message is returned to mark gateway.

Present applicant proposes a kind of mark gateways, comprising:

Module is established, is corresponded to for pre-establishing first between the first Internet protocol address of terminal and network identity Relationship；Wherein, the user identifier of network identity and terminal is corresponding；

Conversion module, for according to first corresponding relationship to from the terminal or being sent to the data packet of the terminal Carry out the conversion of network identity.

Optionally, the module of establishing is specifically used for:

Receive the access information of the terminal；Wherein, access information includes the Internet protocol of user identifier and terminal Location；The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.

Present applicant proposes a kind of terminals, comprising:

Module is obtained, for obtaining access information；Wherein, access information includes the Internet protocol of user identifier and terminal Address；

First sending module, for access information to be sent to mark gateway.

Optionally, first sending module is also used to:

Offline message is sent to the mark gateway；

The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharge the mutual of the terminal Networking protocol address.

Present applicant proposes a kind of ID management servers, comprising:

Receiving module, for receiving the acquisition network identity request of mark gateway, the network identity request, which carries, to be used Family mark；

Processing module, for searching in the second corresponding relationship between pre-set user identifier and network identity The corresponding network identity of the user identifier；Alternatively, distributing network identity according to user identifier, and save user identifier and network The second corresponding relationship between mark；

Second sending module, for network identity to be sent to mark gateway.

It is described present applicant proposes a kind of mark gateway, including first processor and the first computer readable storage medium The first instruction is stored in first computer readable storage medium, when first instruction is executed by the first processor, Realize any of the above-described kind of network identity mapping method.

Present applicant proposes a kind of terminal, including second processor and second computer readable storage medium storing program for executing, described second It is stored with the second instruction in computer readable storage medium, when second instruction is executed by the second processor, realizes Any of the above-described kind of network identity mapping method.

Present applicant proposes a kind of ID management servers, including third processor and third computer-readable storage medium Matter is stored with third instruction in the third computer readable storage medium, when the third is instructed by the third processor When execution, any of the above-described kind of network identity mapping method is realized.

Present applicant proposes a kind of computer readable storage mediums, are stored thereon with computer program, which is characterized in that institute State the step of any of the above-described kind of network identity mapping method is realized when computer program is executed by processor.

Present applicant proposes a kind of network identity mapped systems, comprising:

Terminal, for obtaining access information；Wherein, access information includes the first Internet protocol of user identifier and terminal Address；Access information is sent to mark gateway；

Gateway is identified, for receiving the access information of the terminal；Wherein, access information includes user identifier and terminal First Internet protocol address；The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update； According to first corresponding relationship to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.

Optionally, the mark gateway is specifically used for realizing the corresponding network of the inquiry user identifier in the following ways Mark:

It is sent to ID management server and obtains network identity request, the network identity request carries user identifier；It connects Receive the network identity that the ID management server returns；

The network identity mapped system further include:

ID management server, for receiving the acquisition network identity request of mark gateway, the network identity request Carry user identifier；In the second corresponding relationship between pre-set user identifier and network identity, the user is searched Identify corresponding network identity；Alternatively, distributing network identity according to user identifier, and save between user identifier and network identity The second corresponding relationship；Network identity is sent to mark gateway.

Compared with the relevant technologies, the application includes: to pre-establish the first Internet protocol address and network identity of terminal Between the first corresponding relationship；Wherein, the user identifier of network identity and terminal is corresponding；According to first corresponding relationship to next The conversion of network identity is carried out from the terminal or the data packet for being sent to the terminal.The application passes through the first internet of terminal First corresponding relationship of protocol address and network identity carries out the conversion of network identity to data packet, due to network identity and terminal User identifier it is corresponding, and will not change with the variation of the first IP address, it is thereby achieved that being indicated by network identity User identity, to improve supervisory efficiency.

Other features and advantage will illustrate in the following description, also, partly become from specification It obtains it is clear that being understood and implementing the application.The purpose of the application and other advantages can be by specifications, right Specifically noted structure is achieved and obtained in claim and attached drawing.

Detailed description of the invention

Attached drawing is used to provide to further understand technical scheme, and constitutes part of specification, with this The embodiment of application is used to explain the technical solution of the application together, does not constitute the limitation to technical scheme.

Fig. 1 is that the relevant technologies network forms structural schematic diagram；

Fig. 2 is that the application network forms structural schematic diagram；

Fig. 3 is the flow chart that the application identifies gateway side network identity mapping method；

Fig. 4 is the flow chart of the application terminal side network identity mapping method；

Fig. 5 is the flow chart of the application ID management server side network identity mapping method；

Fig. 6 is the structure composition schematic diagram of first embodiment of the invention terminal；

Fig. 7 is the interaction schematic diagram of second embodiment of the invention network identity mapping method；

Fig. 8 is the interaction schematic diagram of line process under third embodiment of the invention terminal；

Fig. 9 is the interaction schematic diagram of the method for the mobile more preferable access gateway of fourth embodiment of the invention terminal；

Figure 10 is the interaction schematic diagram of fifth embodiment of the invention User Status maintenance process；

Figure 11 is the structure composition schematic diagram that the application identifies gateway；

Figure 12 is the structure composition schematic diagram of the application terminal；

Figure 13 is the structure composition schematic diagram of the application ID management server；

Figure 14 is the structure composition schematic diagram that the application another kind identifies gateway；

Figure 15 is the structure composition schematic diagram of the application another kind terminal；

Figure 16 is the structure composition schematic diagram of the application another kind ID management server；

Figure 17 is the structure composition schematic diagram of the application network identity mapped system.

Specific embodiment

For the purposes, technical schemes and advantages of the application are more clearly understood, below in conjunction with attached drawing to the application Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application Feature can mutual any combination.

Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable Sequence executes shown or described step.

In the relevant technologies network AGW and AS mutual cooperation the legitimacy of terminal is authenticated, certification pass through after, AGW from The IP address not occupied, which is chosen, in the IP address pond being locally configured distributes to terminal, later, IP address of the terminal based on distribution The application server in internet or enterprise network is accessed, during being somebody's turn to do, since the IP address of terminal distribution is dynamic change, number Can not know it is which user sends according to the IP address carried in packet, be highly detrimental to network supervision.

The application indicates user identity using network identity (NID, Network ID), realize by network identity come User identity is indicated, to improve supervisory efficiency.

Optionally, the network composed structure based on the relevant technologies referring to fig. 2, and increases mark client in the terminal (IDC, Identity Client), and between AGW and application server increase mark gateway or increase mark gateway and ID management server (IDGW, Identity Gateway) safeguards the network identity of user, is not changing existing network base In the case where Infrastructure, realizing through network identity indicates user identity, to improve supervisory efficiency.

Referring to Fig. 3, present applicant proposes a kind of network identity mapping methods, are applied to mark gateway, comprising:

Step 300 pre-establishes the first corresponding relationship between the first Internet protocol address of terminal and network identity.

In the application, since the user identifier of network identity and terminal is corresponding, and will not be with the variation of the first IP address And change, it is thereby achieved that user identity is indicated by network identity, to improve supervisory efficiency.

In the application, the first corresponding relationship can be with static configuration, can also be with dynamic configuration.

When the first corresponding relationship of dynamic configuration, various ways can be used.For example, receiving the access information of terminal；It looks into The corresponding network identity of user identifier is ask, first for saving or updating between the first Internet protocol address and network identity corresponds to Relationship.For another example, the access information of terminal is received, is terminal distribution network identity, saves the first corresponding relationship.

In the application, access information includes the first Internet protocol (IP, Internet of user identifier and terminal Protocol) address.

Wherein, user identifier can be user name, mail address, telephone number etc..

In one alternate embodiment, access information further include access way (such as 3G/4G access, Wireless Fidelity (wifi, Wireless Fidelity) access etc.), accessing position information, the relevant informations such as turn-on time information.

In one alternate embodiment, the facility information of terminal is also received.

Wherein, facility information includes at least one of: Terminal Equipment Identifier, component information, hardware state, software shape State.

In the application, access information is received by way of the notification message or keep-alive message that receive terminal, notice disappears Breath or keep-alive message include access information.Optionally, notification message or keep-alive message further include facility information.

In the application, the form of network identity can be the form or the second IP address+port range of the second IP address Form, such as using the second IP address 202.100.100.100 indicate network identity, or use the second IP address 202.100.100.100+ port range (1024~2047) indicates network identity.

In the application, the corresponding network identity of user identifier can be inquired using any one of following methods.

One, the second corresponding relationship between user identifier and network identity is preset, is searched in the second corresponding relationship The corresponding network identity of user identifier.

Two, it is sent to ID management server and obtains network identity request, carry user identifier in network identity request；It connects Receive the network identity that ID management server returns.

In the application, after the corresponding network identity of inquiry user identifier, if not saving the network identity pair before The first corresponding relationship answered then directly saves the first corresponding pass of the network identity of the first IP address and inquiry in access information System；If being saved corresponding first corresponding relationship of the network identity, the first IP address in access information before When the first IP address difference corresponding with the network identity inquired in the first corresponding relationship, the first corresponding relationship is updated.

Step 301, according to the first corresponding relationship to come self terminal or be sent to terminal data packet carry out network identity turn It changes.

Specifically, (one) when network identity use the second IP address form when,

If receiving the data packet for carrying out self terminal, the source internet protocol address word for carrying out the data packet of self terminal is obtained First IP address of the terminal in section searches the corresponding network identity of the first IP address of terminal in the first corresponding relationship, will The first IP address come in the source internet protocol address field of the data packet of self terminal replaces with the network identity found, so The data packet of self terminal in future is sent to the application server in internet or enterprise network afterwards.In this way, in internet or enterprise network It is middle to replace the first IP address to indicate user identity using network identity, since network identity and user identifier are corresponding, and will not Change with the variation of the first IP address, this improves supervisory efficiency.

In above situation, when in the first corresponding relationship search less than terminal the corresponding network identity of the first IP address When, the data that discarding carrys out self terminal include；Alternatively, carrying out Network address translators (NAT, Network to the data packet for carrying out self terminal Address Translation), guarantee business can be normally carried out；Alternatively, carrying out NAT to the data packet for carrying out self terminal, but limit The range of data packet transmission processed, for example the lower application server of security level can only be transmitted to.

If receiving the data packet for being sent to terminal, the purpose Internet protocol address for being sent to the data packet of terminal is obtained Network identity in field, Network Search identifies the first IP address of corresponding terminal in the first corresponding relationship, will be sent to end Network identity in the purpose Internet protocol address field of the data packet at end replaces with the first IP address found, then will Data packet is sent to terminal.

In above situation, when searching the first IP address corresponding less than network identity in the first corresponding relationship, abandon It is sent to the data packet of terminal；Alternatively, carrying out NAT to the data packet for being sent to terminal.

(2) when network identity uses the second IP address+port range form,

If receiving the data packet for carrying out self terminal for the first time, the source IP address field for carrying out the data packet of self terminal is obtained In terminal the first IP address and the terminal in source port field first port；Terminal is searched in the first corresponding relationship The corresponding network identity of first IP address；Future self terminal data packet source IP address field in the first IP address replace with Second IP address of the network identity found, future self terminal data packet source port field in terminal first port Replace in the port range of the network identity found not using second port, and establish the first IP address, first end Third corresponding relationship between mouth, the second IP address and second port.

If subsequent receive the data packet for carrying out self terminal again, the first IP address is first searched in third corresponding relationship Second IP address of network identity corresponding with first port and the second port of network identity, future self terminal data packet The first IP address in source IP address field replaces with the second IP address found, future self terminal data packet source port First port in field replaces with the second port found；

If searching corresponding less than the first IP address and first port the second IP address and the in third corresponding relationship Two-port netwerk then searches the corresponding network identity of the first IP address in the first corresponding relationship；Future self terminal data packet source The first IP address in IP address field replaces with the second IP address of the network identity found, future self terminal data packet Source port field in first port replace in the port range of the network identity found not using second port, And establish the third corresponding relationship between the first IP address, first port, the second IP address and second port.

In above situation, when searching network identity corresponding less than the first IP address in the first corresponding relationship, then abandon Carry out the data packet of self terminal；Alternatively, carrying out network address port conversion (NAPT, Network to the data packet for carrying out self terminal Address Port Translation), guarantee business can be normally carried out；Alternatively, being carried out to the data packet for carrying out self terminal NAPT, guarantee business can be normally carried out, but limit the range of data packet transmission, for example can only to be transmitted to security level lower Application server.

If receiving the data packet for being sent to terminal, the mesh for being sent to the data packet of terminal is searched in third corresponding relationship IP address field in network identity the second IP address and the network identity in destination port field second port it is corresponding The first IP address and first port, the second IP address in the purpose IP address field for being sent to the data packet of terminal is replaced with Second port in the destination port field for being sent to the data packet of terminal is replaced with and to be found by the first IP address found First port.

In above situation, when in third corresponding relationship search less than the data packet for being sent to terminal purpose IP address field In network identity the second IP address and the network identity in destination port field corresponding first IP address of second port When with first port, the data packet for being sent to terminal is abandoned；Alternatively, carrying out NAPT to the data packet for being sent to terminal.

In above situation, when within a certain period of time without using third corresponding relationship carry out network identity conversion when, can To delete third corresponding relationship, to save memory space.

In one alternate embodiment, when the access information and/or facility information that receive change, this method is also wrapped It includes:

To ID management server send information update message so that ID management server update User Status and/or Access information and/or facility information；When receiving the confirmation message of ID management server return, confirmation is returned to terminal and is disappeared Breath.

In one alternate embodiment, this method further include:

When being not received by notification message or keep-alive message within a preset time, or receiving the offline message of terminal, Delete the first corresponding relationship.

Wherein, when receiving the offline message of terminal, confirmation message can be returned to terminal, so that terminal receives really Recognize offline after message and discharges IP address；Confirmation message can not also be returned to terminal.

When receiving the offline message of terminal, the offline message of terminal can also be sent to ID management server, is made The User Status in ID management server the second corresponding relationship of update is obtained, in the confirmation message for receiving ID management server When, the first corresponding relationship and third corresponding relationship are deleted, and return to confirmation message to terminal.

When being not received by notification message or keep-alive message within a preset time, can also be sent out to ID management server It makes arrangements for his funeral the offline message at end, so that ID management server updates the User Status in the second corresponding relationship.

Referring to fig. 4, present applicant proposes a kind of network identity mapping methods, are applied to terminal, comprising:

Step 400 obtains access information.

In the application, access information includes the first IP address of user identifier and terminal.

Wherein, user identifier can be user name, mail address, telephone number etc..

In one alternate embodiment, the facility information of terminal is also obtained.

Access information is sent to mark gateway by step 401.

In the application, when access information is sent to mark gateway, with needing to know in advance the 3rd IP of mark gateway Location can specifically know the third IP address of mark gateway using following any mode.

One, the third IP address of mark gateway is pre-configured in terminal；

Two, the domain name of mark gateway is pre-configured in terminal, domain name system (DNS, Domain Name System) is solving When the domain name of analysis mark gateway, the third IP address of mark gateway is returned according to the on-position of user；

Three, access gateway will identify the 3rd IP of gateway when the first IP address that will distribute to terminal is sent to terminal Address or domain name are sent to terminal.

In the application, access information can be sent to by mark gateway, notification message by notification message or keep-alive message Or keep-alive message includes access information.Optionally, notification message or keep-alive message further include facility information.

Specifically, can periodically send a notification message or keep-alive message to mark gateway；

Alternatively, sending a notification message or keep-alive message when access information changes to mark gateway；

Alternatively, sending a notification message or keep-alive message when facility information changes to mark gateway.

In one alternate embodiment, when terminal needs offline, this method further include:

Offline message is sent to mark gateway；When receiving the confirmation message that mark gateway returns, controlling terminal is offline, And discharge the first IP address of terminal.

Above-mentioned network identity mapping method can realize that mark client is by the way that mark client is arranged in the terminal One component of terminal can obtain access information, facility information from the other assemblies of terminal.To not change existing end On the basis of the hardware configuration at end, realizing through network identity indicates user identity, to improve supervisory efficiency.

Referring to Fig. 5, present applicant proposes a kind of network identity mapping methods, are applied to ID management server, comprising:

Step 500, the acquisition network identity request for receiving mark gateway, the network identity request carry user's mark Know.

In the application, network identity request can also carry at least one of: the facility information of terminal, is connect access way Enter location information, turn-on time information.

In step 501, the second corresponding relationship between pre-set user identifier and network identity, the use is searched Family identifies corresponding network identity；Alternatively, distribute network identity according to user identifier, and save user identifier and network identity it Between the second corresponding relationship.

In the application, the corresponding relationship between user identifier and network identity can be one-to-one relationship, Huo Zheyi To more relationships.When the corresponding relationship between user identifier and network identity be one-to-many corresponding relationship when, can according to Family mark, other access informations or facility information choose suitable network identity.For example, the second corresponding relationship further include with down toward It is one of few:

The facility information of terminal, access way, accessing position information, turn-on time information, User Status.

Wherein, the User Status includes at least one of: online, offline.

In this way, if network identity request also carries at least one of: the facility information of terminal, access way, access Location information, turn-on time information then search user identifier and the corresponding network of at least one of in the second corresponding relationship Mark: the facility information of terminal, access way, accessing position information, turn-on time information.

When it is implemented, the second corresponding relationship can be pair between user identifier, turn-on time information and network identity It should be related to, and network identity request carries user identifier and turn-on time information, then search user's mark in the second corresponding relationship Know network identity corresponding with turn-on time information.

In the application, when distributing network identity according to user identifier, one can be chosen from network identity resource pool not The network identity used is allocated.

Network identity is sent to mark gateway by step 502.

In one alternate embodiment, this method further include:

When receiving information update message, updates the second corresponding relationship and return to confirmation message to mark gateway.

Wherein, information update message includes at least one of: facility information, the access information of terminal.

In one alternate embodiment, this method further include:

When receiving the offline message of terminal, the User Status in the second corresponding relationship is updated to it is offline, and to It identifies gateway and returns to confirmation message.

The specific implementation process of the network identity mapping method of the application is discussed in detail below by specific embodiment.

First embodiment

Fig. 6 is the structure composition schematic diagram of first embodiment of the invention terminal.As shown in fig. 6, a typical terminal is logical Often comprising underlying hardware and the program module run on underlying hardware.

Wherein, underlying hardware includes: central processing unit, memory or memory, modem etc..

Program module includes: operating system, the communication module for driving modem and application program etc.

Program module is typically stored in memory or memory, is executed by central processing unit.

Wherein, communication module can drive modem to be communicated, such as online access access gateway, reception access First IP address of gateway distribution；Or it is offline leave access gateway, discharge the first IP address；

Application program is logical using above-mentioned first IP address and internet or the application server of enterprise network under online state Letter, provides a user business.

Mark client is increased in the present embodiment terminal, has interactive interface and ability with communication module, specifically,

1, it is capable of the online or offline of communication control module；

2, the online or offline of communication module can be perceived；

3, it is able to use the first IP address and passes through communication module and mark gateway communication；

4, access information can be obtained from communication module, such as obtain the online user identifier used of user, terminal the One IP address, turn-on time information, accessing position information etc..

Optionally, mark gateway can be interacted with underlying hardware obtains facility information.

In the structure composition of above-mentioned terminal, mark client is a component being superimposed upon on associated terminal framework, not shadow Ring the basic function of associated component, the especially function of application program, the compatibility having had.

Second embodiment

Fig. 7 is the interaction schematic diagram of second embodiment of the invention network identity mapping method.As shown in fig. 7, this method packet It includes:

Step 700, terminal are linked into access gateway, and certificate server authenticates the legitimacy of user.

In this step, specific verification process and access way are closely related, and details are not described herein.

In this step, terminal is identified during being linked into access gateway using user identifier, and user identifier can be with For user name (such as QQ user name), mail address, telephone number.

Step 701, after certification passes through, access gateway be the first IP address of terminal distribution.

In this step, the first IP address generally uses dynamic allocation mode.

Step 702, the mark client of terminal send a notification message to mark gateway, and user's mark is carried in notification message Know, the first IP address of distribution, and can further comprise facility information, other access informations.

In this step, facility information includes but is not limited to Terminal Equipment Identifier, component information, hardware state, application state.

Access information can also further comprise access way (such as 3G/4G access, Wifi access), accessing position information, connect Angle of incidence information etc..

In this step, mark client is a component of terminal, and access letter can be obtained from the other assemblies of terminal Breath, facility information.

In the present embodiment, mark client needs to know the ground of mark gateway when sending a notification message to mark gateway Location, specific acquisition modes include but is not limited to:

1) the third IP address of mark gateway is pre-configured in terminal；

2) domain name of mark gateway is pre-configured in terminal, DNS is in domain name mapping, according to the accessing position information of user Return to the third IP address of mark gateway；

3) access gateway is when distributing the first IP address, the third IP address or domain name of access gateway notice mark gateway.

Step 703, mark gateway are sent to ID management server obtains NID request, wherein user identifier is carried, into one Step can be with Portable device information, other access informations.

Step 704, ID management server inquire corresponding NID in the second corresponding relationship of user identifier and NID, and NID is sent to mark gateway.

In this step, the second corresponding relationship of user identifier and NID is configured in ID management server, it is most basic Corresponding relationship is one-to-one relationship, and may further be one-to-many relationship.In one-to-one relationship, management service is identified Device directly acquires NID according to user identifier, and in one-to-many relationship, ID management server is according to user identifier, equipment mark The suitable NID of selections such as knowledge, other accessing position informations.

In this step, NID form can be the second IP address or the second IP address+port range, such as use the 2nd IP Address 202.100.100.100 expression NID, or the second IP address 202.100.100.100+ port range of use (1024~ 2047) NID is indicated.

According to different representations, NID is also different in the position of data packet, if come from using the second IP address It carries in source IP address field in the data packet of terminal, is carried in the destination IP field in the data packet for being sent to terminal；Such as Fruit uses the second IP address+port range, takes in the source IP address field and source port field in the data packet for carrying out self terminal Band carries in the purpose IP address field and destination port field in the data packet for being sent to terminal.

Step 705, mark gateway establish the first corresponding relationship between the first IP address of terminal and NID, to mark visitor Family end returns to confirmation message.

It can also include user identifier in the first corresponding relationship in this step.

Hereafter step 706 when mark gateway receives carrys out the upstream data packet of self terminal, mark gateway carries out network identity Conversion, is converted to NID for the first IP address and first port of the first IP address of terminal in data packet or terminal.

In this step, terminal can pass through NID unique identification user in internet or enterprise network.Specifically, when NID makes When being indicated with the second IP address, mark gateway is replaced with the of the terminal in the source IP address field of data packet with IP address NID, source port remain unchanged, this process and Network address translators (Network Address Translation, abbreviation NAT) Function is similar.

When NID is indicated using the second IP address+port range, mark gateway will be in the source IP address field of data packet First IP address of terminal replaces with the second IP address of NID, and the source first port in data packet is replaced with to the port model of NID In enclosing not using second port, this process and network address port convert (Network Address Port Translation, abbreviation NAPT) function is similar；

When executing the above process, the first IP address, first port will be established, between the second IP address and second port Third corresponding relationship, and safeguard the state of the third corresponding relationship, such as the third corresponding relationship does not count within a certain period of time According to stream, the third corresponding relationship will be discharged.

Step 707, mark gateway send the data packet comprising NID to the application server in internet or government and enterprises' net.

Step 708, application server send the data packet comprising NID, and data packet is sent to mark gateway.

Step 709, mark gateway according to NID inquire the first corresponding relationship, determine corresponding terminal the first IP address and Then the second IP address of NID in purpose IP address field in data packet is replaced with terminal by the first port of terminal First IP address, the second port of NID replaces with the first port of terminal in destination port, then delivers a packet to end End.

The above process is identical to the processing of downstream data flow with NAT, NAPT technology.

Follow-up data packet repeats step 706~709, it should be noted that and mark gateway receives subsequent upstream data packet, It first looks for the presence or absence of third corresponding relationship, if so, in the conversion for carrying out network identity by existing third corresponding relationship, If not provided, establishing third corresponding relationship according to the process in step 706.

If mark gateway has received the data packet for carrying out self terminal before step 702~705 are completed, gateway is identified Data packet can be handled in the following way:

1) packet discard；

2) NAT or NAPT is carried out according to the relevant technologies, guarantee business can be normally carried out；

3) NAT or NAPT is carried out according to the relevant technologies, but limits the range that data packet can be transmitted, for example can only be transmitted to The low application server of security level required

2) and 3) in, the first IP address of carried terminal in the data packet transmitted in internet or government and enterprises' network, or First IP address+first port, no longer can unique identification user.

3rd embodiment

Fig. 8 is the interaction schematic diagram of line process under third embodiment of the invention terminal.As shown in Figure 8, comprising:

Step 800~805, it is identical as step 700~705.

Step 806, mark client perceive user offline, if user's operation client is offline, to enter off-line state；

Step 807, mark client send offline message to mark gateway；

Step 808, mark gateway send offline message to ID management server；

Step 809, the User Status identified in management service the second corresponding relationship of update are offline, return confirmation sound It answers；

Step 810, mark gateway logging off users, delete the first corresponding relationship and third corresponding relationship having built up, together When delete data packet forward relationship；

Step 811, mark gateway return to confirmation response to mark client；

Step 812, mark client controlling terminal are offline, discharge the first IP address.

Fourth embodiment

Fig. 9 is the interaction schematic diagram of the method for the mobile more preferable access gateway of fourth embodiment of the invention terminal.Such as Fig. 9 institute Show, when terminal moves, from the replacement of access gateway 1 to access gateway 2, the first IP address that network is distributed also is had occurred more It changes, implementation procedure is as follows:

Step 900, the process described according to second embodiment, terminal pass through access gateway 1, mark gateway access internet Or the application server of enterprise network；

Step 901, terminal occur it is mobile etc. due to, terminal is linked into access gateway 2；

Step 902, access gateway 2 are new first IP address of terminal distribution；

Step 903, mark client perceive access and change, and send a notification message to mark gateway, wherein carrying The information such as user identifier and new first IP address, mark gateway update the first corresponding relationship；

Step 904, optional, mark gateway sends information update message to mark net management server；

Step 905, mark net management the second corresponding relationship of server update, accessing position information, Yong Huzhuan such as user State returns to confirmation message；

Step 906, mark gateway return to confirmation message to mark net client；

Step 907~910, identical as step 706~709, at this moment terminal is communicated using new first IP address, mark Gateway completes the conversion of new first IP address and network identity.

From the present embodiment as can be seen that after user replaces access gateway, the first IP address changes, but interconnecting Used network identity remains unchanged in net/enterprise network, directly can position user by network identity in this way, strengthen net Network ability to supervise.

5th embodiment

Figure 10 is the interaction schematic diagram of fifth embodiment of the invention User Status maintenance process.As shown in Figure 10, comprising:

It is step 1000~1005, identical as step 700~705 in second embodiment.

Step 1006, mark client and mark gateway all enable keep alive timer, identify the keep-alive timing of client-side The period of device is less than the period of the timer of mark gateway.

Step 1007,1008, mark client keep alive timer time-out, mark client send notice to mark gateway and disappear Breath or keep-alive message；

If step 1009, access information have update, identifies gateway and disappear to ID management server transmission information update Breath, otherwise jumps directly to step 1011；

Step 1010, ID management server return to confirmation message；

Step 1011, mark gateway return to confirmation message to mark client；

Step 1012, mark gateway resetting keep alive timer, maintenance user online status are constant；

If step 1013, terminal are offline, mark client can not send a notification message again to mark gateway or keep-alive disappears Breath, the keep alive timer identified on gateway at this time can time-out spilling；

Step 1014, mark gateway think that terminal has been off, then nullify the terminal, and delete all correspondences of the terminal Relationship；

Step 1015, mark gateway send the offline message of terminal to ID management server；

User Status in second corresponding relationship is updated to offline, return confirmation by step 1016, ID management server Message.

By the above process, network side is capable of the presence of correct maintenance terminal.

Based on the above method, on the basis of not changing conventional network equipment, pass through deployment mark gateway, mark management clothes Business device, is enhanced terminal function, realizes the purpose for being carried out identity user using network identity, facilitate network supervision, is realized fast Speed such as is traced to the source at the functions.

Referring to Figure 11, present applicant proposes a kind of mark gateways, comprising:

Optionally, the module of establishing is specifically used for:

Receive the access information of the terminal；Wherein, access information includes the first internet protocol of user identifier and terminal Discuss address；The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.

Optionally, the module of establishing is specifically used for:

The notification message or keep-alive message of the terminal are received, the notification message or the keep-alive message include described connect Enter information, access information includes the first Internet protocol address of user identifier and terminal；It is corresponding to inquire the user identifier Network identity saves or updates first corresponding relationship.

Optionally, the module of establishing is also used to:

When being not received by the notification message or the keep-alive message within a preset time, it is corresponding to delete described first Relationship；

Optionally, the module of establishing is specifically used for realizing the corresponding network of the inquiry user identifier in the following ways Mark:

Optionally, the module of establishing is also used to:

Information update message is sent to ID management server；

Optionally, the network identity includes the second Internet protocol address；The conversion module is specifically used for:

Obtain the first Internet protocol address of the terminal in the data packet from the terminal；At described first pair It should be related to the middle corresponding network identity of the first Internet protocol address for searching the terminal；By the data packet from the terminal In the first Internet protocol address of the terminal replace with the network identity found；

Obtain the network identity being sent in the data packet of the terminal；The network is searched in first corresponding relationship Identify the first Internet protocol address of corresponding terminal；Network identity in the data packet for being sent to the terminal is replaced with and is looked into First Internet protocol address of the terminal found.

Optionally, the conversion module is also used to:

When in first corresponding relationship search less than the terminal the corresponding network identity of the first internet address When, the data packet from the terminal is abandoned, or include carrying out Network address translators to the data from the terminal；

Alternatively, when the first internet for searching terminal corresponding less than the network identity in first corresponding relationship When protocol address, the data packet for being sent to the terminal is abandoned, or Network address translators is carried out to the data packet for being sent to the terminal.

Optionally, the network identity includes the second Internet protocol address and port range, and the conversion module is specific For:

The corresponding network identity of the first Internet protocol address of the terminal is searched in the first corresponding relationship；

Establish the first Internet protocol address, the first port of terminal, the second Internet protocol of network identity of terminal Third corresponding relationship between address and the second port of network identity.

Optionally, the conversion module is also used to:

When in first corresponding relationship search less than the terminal the corresponding network of the first Internet protocol address When mark, the data packet from the terminal is abandoned, or network address port conversion is carried out to the data packet from the terminal.

Referring to Figure 12, present applicant proposes a kind of terminals, comprising:

Module is obtained, for obtaining access information；Wherein, access information includes the first internet of user identifier and terminal Protocol address；

First sending module, for access information to be sent to mark gateway.

Optionally, first sending module is specifically used for:

It sends a notification message to the mark gateway or keep-alive message, the notification message or the keep-alive message include institute State access information.

Optionally, first sending module is specifically used for:

Periodically the notification message or the keep-alive message are sent to the mark gateway；

Alternatively, sending the notification message or the keep-alive to the mark gateway when the access information changes Message.

Optionally, first sending module is also used to:

Offline message is sent to the mark gateway；

Referring to Figure 13, present applicant proposes a kind of ID management servers, comprising:

Second sending module, for network identity to be sent to mark gateway.

Optionally, the receiving module is also used to: receiving information update message；

The processing module is also used to: updating second corresponding relationship；

Second sending module is also used to: returning to confirmation message to mark gateway.

Optionally, the receiving module is also used to: receiving the offline message of terminal；

The processing module is also used to: the User Status in second corresponding relationship being updated to offline；

Referring to Figure 14, present applicant proposes a kind of mark gateways, including first processor and the first computer-readable storage Medium is stored with the first instruction in first computer readable storage medium, which is characterized in that when first instruction is by institute When stating first processor execution, any of the above-described kind of network identity mapping method is realized.

Referring to Figure 15, present applicant proposes a kind of terminal, including second processor and second computer readable storage medium storing program for executing, The second instruction is stored in the second computer readable storage medium storing program for executing, which is characterized in that when second instruction is by described the When two processors execute, any of the above-described kind of network identity mapping method is realized.

Referring to Figure 16, present applicant proposes a kind of ID management servers, including third processor and third computer can Storage medium is read, third instruction is stored in the third computer readable storage medium, which is characterized in that when the third refers to When enabling by third processor execution, any of the above-described kind of network identity mapping method is realized.

Above-mentioned computer readable storage medium comprises at least one of the following: flash memory, hard disk, multimedia card, card-type memory (for example, safe digital card (SD card, Secure Digital Memory Card) or data register (DX, Data Register) memory etc.), random access storage device (RAM, Random Access Memory), static random-access storage Device (SRAM, Static Random Access Memory), read-only memory (ROM, Read Only Memory), electrically erasable Except programmable read only memory (EEPROM, Electrically Erasable Programmable Read-Only Memory), programmable read only memory (PROM, Programmable Read-Only Memory), magnetic storage, disk, CD etc..

Above-mentioned processor can be central processing unit (CPU, Central Processing Unit), controller, microcontroller Device, microprocessor or other data processing chips etc..

Referring to Figure 17, present applicant proposes a kind of network identity mapped systems, comprising:

Optionally, mark gateway, which is specifically used for realizing in the following ways, inquires the corresponding network mark of the user identifier Know:

Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user's mark Know；Receive the network identity that the ID management server returns；

Network identity mapped system further include:

Optionally, terminal is specifically used for:

Obtain access information；Wherein, access information includes the first Internet protocol address of user identifier and terminal；To institute It states mark gateway to send a notification message or keep-alive message, the notification message or the keep-alive message include the access information；

Mark gateway is specifically used:

The notification message or keep-alive message of the terminal are received, the notification message or the keep-alive message include described connect Enter information；The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update；According to described first Corresponding relationship is to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.

Optionally, terminal is also used to:

Offline message is sent to the mark gateway；The confirmation message that the mark gateway returns is received, described in control Terminal is offline, and discharges the first Internet protocol address of the terminal；

Mark gateway is also used to:

Alternatively, Xiang Suoshu ID management server sends the terminal when receiving the offline message of the terminal Offline message, receives the confirmation message of the ID management server, deletes first corresponding relationship, and to the terminal Return to confirmation message；

ID management server is also used to:

When receiving the offline message of terminal, the User Status in second corresponding relationship is updated to it is offline, And confirmation message is returned to mark gateway.

Although embodiment disclosed by the application is as above, the content only for ease of understanding the application and use Embodiment is not limited to the application.Technical staff in any the application fields, is taken off not departing from the application Under the premise of the spirit and scope of dew, any modification and variation, but the application can be carried out in the form and details of implementation Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.

Claims

1. a kind of network identity mapping method, comprising:

Pre-establish the first corresponding relationship between the first Internet protocol address of terminal and network identity；Wherein, network mark Know corresponding with the user identifier of terminal；

According to first corresponding relationship to turn from the terminal or the data packet progress network identity for being sent to the terminal It changes.

2. network identity mapping method according to claim 1, which is characterized in that described to establish the first corresponding relationship packet It includes:

Receive the access information of the terminal；Wherein, access information includes the Internet protocol address of user identifier and terminal；

3. network identity mapping method according to claim 2, which is characterized in that this method further include:

When being not received by the access information within a preset time, first corresponding relationship is deleted, to mark management clothes Business device sends the offline message of the terminal；

Alternatively, Xiang Suoshu ID management server sends the offline of the terminal when receiving the offline message of the terminal Message receives the confirmation message of the ID management server, deletes first corresponding relationship, and return to the terminal Confirmation message.

4. network identity mapping method according to claim 2, which is characterized in that the corresponding net of the inquiry user identifier Network identifies

In the second corresponding relationship between pre-set user identifier and network identity, it is corresponding to search the user identifier Network identity；

Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user identifier；It connects Receive the network identity that the ID management server returns.

5. network identity mapping method according to claim 2, which is characterized in that this method further include:

Information update message is sent to ID management server；

6. network identity mapping method according to claim 1, which is characterized in that the network identity includes the second interconnection FidonetFido address；It is described to include: to the conversion for the data packet progress network identity for carrying out self terminal according to the first corresponding relationship

Obtain the first Internet protocol address of the terminal in the data packet from the terminal；In the described first corresponding pass The corresponding network identity of first Internet protocol address is searched in system；By described in the data packet from the terminal One Internet protocol address replaces with the network identity found；

Obtain the network identity being sent in the data packet of the terminal；The network identity is searched in first corresponding relationship Corresponding first Internet protocol address；Network identity in the data packet for being sent to the terminal is replaced with into first interconnection FidonetFido address.

7. network identity mapping method according to claim 1, which is characterized in that the network identity includes the second interconnection FidonetFido address and port range, the conversion for carrying out network identity to the data packet for carrying out self terminal according to the first corresponding relationship Include:

Obtain the data packet from the terminal in the terminal the first Internet protocol address and the terminal first Port；

First Internet protocol address of the terminal in the data packet from the terminal is replaced with into the network found Second Internet protocol address of mark, the first port of the terminal in the data packet from the terminal is replaced with and is looked into In the port range of the network identity found not using second port；

Establish the third pair between the first Internet protocol address, first port, the second Internet protocol address and second port It should be related to.

8. a kind of network identity mapping method, comprising:

Access information is sent to mark gateway.

9. network identity mapping method according to claim 8, which is characterized in that described that access information is sent to mark Gateway includes:

The access information is sent to the mark net according to the third Internet protocol address of preconfigured mark gateway It closes；

Alternatively, the third Internet protocol of the mark gateway returned according to domain name system when parsing the domain name of the mark gateway The access information is sent to the mark gateway by address；

Alternatively, the access information is sent to institute by the third Internet protocol address of the mark gateway sent according to access gateway State mark gateway.

10. network identity mapping method according to claim 8 or claim 9, which is characterized in that this method further include:

Offline message is sent to the mark gateway；

The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharges the first of the terminal mutually Networking protocol address.

11. a kind of network identity mapping method, comprising:

In the second corresponding relationship between pre-set user identifier and network identity, it is corresponding to search the user identifier Network identity；Alternatively, distribute network identity according to user identifier, and save between user identifier and network identity second corresponds to Relationship；

Network identity is sent to mark gateway.

12. network identity mapping method according to claim 10, which is characterized in that also wrapped in second corresponding relationship User Status is included, the User Status includes at least one of: online, offline.

13. network identity mapping method according to claim 12, which is characterized in that this method further include:

Alternatively, when receiving the offline message of terminal, the User Status in second corresponding relationship is updated to it is offline, And confirmation message is returned to mark gateway.

14. a kind of mark gateway, comprising:

Module is established, for pre-establishing the first corresponding pass between the first Internet protocol address of terminal and network identity System；Wherein, the user identifier of network identity and terminal is corresponding；

Conversion module, for according to first corresponding relationship to from the terminal or be sent to the terminal data packet carry out The conversion of network identity.

15. mark gateway according to claim 14, which is characterized in that the module of establishing is specifically used for:

Receive the access information of the terminal；Wherein, access information includes the Internet protocol address of user identifier and terminal；It looks into The corresponding network identity of the user identifier is ask, first corresponding relationship is saved or update.

16. a kind of terminal, comprising:

Module is obtained, for obtaining access information；Wherein, access information includes the Internet protocol of user identifier and terminal Location；

First sending module, for access information to be sent to mark gateway.

17. terminal according to claim 16, which is characterized in that first sending module is also used to:

Offline message is sent to the mark gateway；

The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharge the internet of the terminal Protocol address.

18. a kind of ID management server, comprising:

Receiving module, for receiving the acquisition network identity request of mark gateway, the network identity request carries user's mark Know；

Processing module, in the second corresponding relationship between pre-set user identifier and network identity, described in lookup The corresponding network identity of user identifier；Alternatively, distributing network identity according to user identifier, and save user identifier and network identity Between the second corresponding relationship；

Second sending module, for network identity to be sent to mark gateway.

19. a kind of mark gateway, including first processor and the first computer readable storage medium, described first is computer-readable The first instruction is stored in storage medium, which is characterized in that when first instruction is executed by the first processor, realize Network identity mapping method as described in claim 1~7.

20. a kind of terminal, including second processor and second computer readable storage medium storing program for executing, the second computer readable storage The second instruction is stored in medium, which is characterized in that when second instruction is executed by the second processor, realize as weighed Benefit require 8~10 described in network identity mapping method.

21. a kind of ID management server, including third processor and third computer readable storage medium, the third is calculated Third instruction is stored in machine readable storage medium storing program for executing, which is characterized in that when third instruction is executed by the third processor When, realize the network identity mapping method as described in claim 11~13.

22. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of network identity mapping method as described in claim 1~13 is realized when being executed by processor.

23. a kind of network identity mapped system, comprising:

Terminal, for obtaining access information；Wherein, access information includes the first Internet protocol of user identifier and terminal Location；Access information is sent to mark gateway；

Gateway is identified, for receiving the access information of the terminal；Wherein, access information includes the first of user identifier and terminal Internet protocol address；The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update；According to First corresponding relationship is to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.

24. network identity mapped system according to claim 23, which is characterized in that the mark gateway is specifically used for adopting The corresponding network identity of the inquiry user identifier is realized with the following methods:

It is sent to ID management server and obtains network identity request, the network identity request carries user identifier；Receive institute State the network identity of ID management server return；

The network identity mapped system further include:

ID management server, for receiving the acquisition network identity request of mark gateway, the network identity request is carried User identifier；In the second corresponding relationship between pre-set user identifier and network identity, the user identifier is searched Corresponding network identity；Alternatively, distribute network identity according to user identifier, and save between user identifier and network identity the Two corresponding relationships；Network identity is sent to mark gateway.