CN110071984A - A kind of network identity mapping method and system and terminal, mark gateway - Google Patents
A kind of network identity mapping method and system and terminal, mark gateway Download PDFInfo
- Publication number
- CN110071984A CN110071984A CN201810067623.9A CN201810067623A CN110071984A CN 110071984 A CN110071984 A CN 110071984A CN 201810067623 A CN201810067623 A CN 201810067623A CN 110071984 A CN110071984 A CN 110071984A
- Authority
- CN
- China
- Prior art keywords
- network identity
- terminal
- user identifier
- mark
- corresponding relationship
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/301—Name conversion
Abstract
This application discloses a kind of network identity mapping methods and system and terminal, mark gateway, and the network identity mapping method includes: the first corresponding relationship pre-established between the first Internet protocol address of terminal and network identity;Wherein, the user identifier of network identity and terminal is corresponding;According to first corresponding relationship to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.The application carries out the conversion of network identity by the first Internet protocol address of terminal and the first corresponding relationship of network identity to data packet, since the user identifier of network identity and terminal is corresponding, and it will not change with the variation of the first IP address, therefore, realizing through network identity indicates user identity, to improve supervisory efficiency.
Description
Technical field
This application involves internet area, espespecially a kind of network identity mapping method and system and terminal identify gateway.
Background technique
Conventional transmission control protocol (TCP, Transmission Control Protocol)/Internet protocol (IP,
Internet Protocol) in network environment, terminal is by access network insertion into internet or enterprise network.Fig. 1 is correlation
Technical network composed structure schematic diagram.As shown in Figure 1, comprising:
Terminal (UE, User Equipment): by wired or wireless access technology, it is connected to access gateway, by recognizing
IP address is obtained from access gateway after card, then using the application server in IP address access internet or enterprise network;
Access gateway (AGW, Access Gateway): it is different according to different access technology specific forms, such as
Packet gateway (PGW, Packet Gateway) in mobile communication, in fixed access BAS Broadband Access Server (BAS,
Broadband Access Server), the three-tier switch in enterprise network, the gateway of internet of things in Internet of Things, in certificate server
Cooperation under, terminal is authenticated, after certification passes through, from the IP address pond being locally configured with choosing the IP not occupied
Distribute to user in location.Therefore with user on-position, the difference of turn-on time, the IP address that user obtains is also different.
Certificate server (AS, Authentication Server): cooperation access gateway recognizes the legitimacy of terminal
Card, determines whether terminal allows to access network;
Internet/enterprise network (Internet/Intranet): the business of multiplicity is provided for terminal, terminal uses access net
Close distribution IP address and internet/enterprise network in application server communication, IP address as terminal network layer mark,
Identification terminal, and guarantee that data packet can correctly be sent to each terminal.
The distribution of usual IP address all uses dynamic IP addressing allocation plan, when user network position changes, just must
An IP address must be reacquired, which can only use in the topology location (such as can only be in the administration model of the access gateway
Enclose interior use), even if, due to being to dynamically distribute, different time access, the IP address of distribution also can in addition in consolidated network position
It is different.
It can be seen that, IP address of terminal is dynamic change from the discussion above, by the IP that carries in IP data packet
Location can not be directly linked to user, i.e., present internet or enterprise network are an anonymous networks, this is highly detrimental to network prison
Pipe (such as user identity trace to the source, user's behaviors analysis).The relevant technologies distribute log by IP come what is traced to the source, and there are efficiency
The low problem low with accuracy.
Summary of the invention
This application provides a kind of network identity mapping methods and system and terminal, mark gateway, can pass through network
Mark is to indicate user identity, to improve supervisory efficiency.
This application provides a kind of network identity mapping methods, comprising:
Pre-establish the first corresponding relationship between the first Internet protocol address of terminal and network identity;Wherein, net
Network mark is corresponding with the user identifier of terminal;
According to first corresponding relationship to from the terminal or be sent to the terminal data packet carry out network identity
Conversion.
Optionally, first corresponding relationship of establishing includes:
Receive the access information of the terminal;Wherein, access information includes the Internet protocol of user identifier and terminal
Location;
The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.
Optionally, this method further include:
When being not received by the access information within a preset time, first corresponding relationship is deleted, is managed to mark
Reason server sends the offline message of the terminal;
Alternatively, Xiang Suoshu ID management server sends the terminal when receiving the offline message of the terminal
Offline message, receives the confirmation message of the ID management server, deletes first corresponding relationship, and to the terminal
Return to confirmation message.
Optionally, the corresponding network identity of the inquiry user identifier includes:
In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched
The network identity answered;
Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user's mark
Know;Receive the network identity that the ID management server returns.
Optionally, this method further include:
Information update message is sent to ID management server;
The confirmation message that the ID management server returns is received, Xiang Suoshu terminal returns to confirmation message.
Optionally, the network identity includes the second Internet protocol address;It is described according to the first corresponding relationship to coming from
The conversion that the data packet of terminal carries out network identity includes:
Obtain the first Internet protocol address of the terminal in the data packet from the terminal;At described first pair
It should be related to the corresponding network identity of middle lookup first Internet protocol address;By the institute in the data packet from the terminal
It states the first Internet protocol address and replaces with the network identity found;
Alternatively, the conversion for carrying out network identity to the data packet for being sent to terminal according to the first corresponding relationship includes:
Obtain the network identity being sent in the data packet of the terminal;The network is searched in first corresponding relationship
Identify corresponding first Internet protocol address;Network identity in the data packet for being sent to the terminal is replaced with described first
Internet protocol address.
Optionally, the network identity includes the second Internet protocol address and port range, described corresponding according to first
Relationship to come self terminal data packet carry out network identity conversion include:
Obtain the first Internet protocol address and the terminal of the terminal in the data packet from the terminal
First port;
The corresponding network identity of Internet protocol address of the terminal is searched in the first corresponding relationship;
First Internet protocol address of the terminal in the data packet from the terminal replaced with and is found
Second Internet protocol address of network identity replaces the first port of the terminal in the data packet from the terminal
For in the port range of the network identity found not using second port;
Establish between the first Internet protocol address, first port, the second Internet protocol address and second port
Three corresponding relationships.
Present applicant proposes a kind of network identity mapping methods, comprising:
Obtain access information;Wherein, access information includes the first Internet protocol address of user identifier and terminal;
Access information is sent to mark gateway.
Optionally, it is described by access information be sent to mark gateway include:
The access information is sent to the mark according to the third Internet protocol address of preconfigured mark gateway
Know gateway;
Alternatively, the third internet of the mark gateway returned according to domain name system when parsing the domain name of the mark gateway
The access information is sent to the mark gateway by protocol address;
Alternatively, the third Internet protocol address of the mark gateway sent according to access gateway sends the access information
To the mark gateway.
Optionally, this method further include:
Offline message is sent to the mark gateway;
The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharges the of the terminal
One Internet protocol address.
Present applicant proposes a kind of network identity mapping methods, comprising:
The acquisition network identity request of mark gateway is received, the network identity request carries user identifier;
In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched
The network identity answered;Alternatively, according to user identifier distribute network identity, and save between user identifier and network identity second
Corresponding relationship;
Network identity is sent to mark gateway.
Optionally, further include User Status in second corresponding relationship, the User Status includes at least one of:
It is online, offline.
Optionally, this method further include:
When receiving information update message, updates second corresponding relationship and return to confirmation message to mark gateway;
Alternatively, the User Status in second corresponding relationship is updated to when receiving the offline message of terminal
It is offline, and confirmation message is returned to mark gateway.
Present applicant proposes a kind of mark gateways, comprising:
Module is established, is corresponded to for pre-establishing first between the first Internet protocol address of terminal and network identity
Relationship;Wherein, the user identifier of network identity and terminal is corresponding;
Conversion module, for according to first corresponding relationship to from the terminal or being sent to the data packet of the terminal
Carry out the conversion of network identity.
Optionally, the module of establishing is specifically used for:
Receive the access information of the terminal;Wherein, access information includes the Internet protocol of user identifier and terminal
Location;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.
Present applicant proposes a kind of terminals, comprising:
Module is obtained, for obtaining access information;Wherein, access information includes the Internet protocol of user identifier and terminal
Address;
First sending module, for access information to be sent to mark gateway.
Optionally, first sending module is also used to:
Offline message is sent to the mark gateway;
The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharge the mutual of the terminal
Networking protocol address.
Present applicant proposes a kind of ID management servers, comprising:
Receiving module, for receiving the acquisition network identity request of mark gateway, the network identity request, which carries, to be used
Family mark;
Processing module, for searching in the second corresponding relationship between pre-set user identifier and network identity
The corresponding network identity of the user identifier;Alternatively, distributing network identity according to user identifier, and save user identifier and network
The second corresponding relationship between mark;
Second sending module, for network identity to be sent to mark gateway.
It is described present applicant proposes a kind of mark gateway, including first processor and the first computer readable storage medium
The first instruction is stored in first computer readable storage medium, when first instruction is executed by the first processor,
Realize any of the above-described kind of network identity mapping method.
Present applicant proposes a kind of terminal, including second processor and second computer readable storage medium storing program for executing, described second
It is stored with the second instruction in computer readable storage medium, when second instruction is executed by the second processor, realizes
Any of the above-described kind of network identity mapping method.
Present applicant proposes a kind of ID management servers, including third processor and third computer-readable storage medium
Matter is stored with third instruction in the third computer readable storage medium, when the third is instructed by the third processor
When execution, any of the above-described kind of network identity mapping method is realized.
Present applicant proposes a kind of computer readable storage mediums, are stored thereon with computer program, which is characterized in that institute
State the step of any of the above-described kind of network identity mapping method is realized when computer program is executed by processor.
Present applicant proposes a kind of network identity mapped systems, comprising:
Terminal, for obtaining access information;Wherein, access information includes the first Internet protocol of user identifier and terminal
Address;Access information is sent to mark gateway;
Gateway is identified, for receiving the access information of the terminal;Wherein, access information includes user identifier and terminal
First Internet protocol address;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update;
According to first corresponding relationship to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.
Optionally, the mark gateway is specifically used for realizing the corresponding network of the inquiry user identifier in the following ways
Mark:
It is sent to ID management server and obtains network identity request, the network identity request carries user identifier;It connects
Receive the network identity that the ID management server returns;
The network identity mapped system further include:
ID management server, for receiving the acquisition network identity request of mark gateway, the network identity request
Carry user identifier;In the second corresponding relationship between pre-set user identifier and network identity, the user is searched
Identify corresponding network identity;Alternatively, distributing network identity according to user identifier, and save between user identifier and network identity
The second corresponding relationship;Network identity is sent to mark gateway.
Compared with the relevant technologies, the application includes: to pre-establish the first Internet protocol address and network identity of terminal
Between the first corresponding relationship;Wherein, the user identifier of network identity and terminal is corresponding;According to first corresponding relationship to next
The conversion of network identity is carried out from the terminal or the data packet for being sent to the terminal.The application passes through the first internet of terminal
First corresponding relationship of protocol address and network identity carries out the conversion of network identity to data packet, due to network identity and terminal
User identifier it is corresponding, and will not change with the variation of the first IP address, it is thereby achieved that being indicated by network identity
User identity, to improve supervisory efficiency.
Other features and advantage will illustrate in the following description, also, partly become from specification
It obtains it is clear that being understood and implementing the application.The purpose of the application and other advantages can be by specifications, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical scheme, and constitutes part of specification, with this
The embodiment of application is used to explain the technical solution of the application together, does not constitute the limitation to technical scheme.
Fig. 1 is that the relevant technologies network forms structural schematic diagram;
Fig. 2 is that the application network forms structural schematic diagram;
Fig. 3 is the flow chart that the application identifies gateway side network identity mapping method;
Fig. 4 is the flow chart of the application terminal side network identity mapping method;
Fig. 5 is the flow chart of the application ID management server side network identity mapping method;
Fig. 6 is the structure composition schematic diagram of first embodiment of the invention terminal;
Fig. 7 is the interaction schematic diagram of second embodiment of the invention network identity mapping method;
Fig. 8 is the interaction schematic diagram of line process under third embodiment of the invention terminal;
Fig. 9 is the interaction schematic diagram of the method for the mobile more preferable access gateway of fourth embodiment of the invention terminal;
Figure 10 is the interaction schematic diagram of fifth embodiment of the invention User Status maintenance process;
Figure 11 is the structure composition schematic diagram that the application identifies gateway;
Figure 12 is the structure composition schematic diagram of the application terminal;
Figure 13 is the structure composition schematic diagram of the application ID management server;
Figure 14 is the structure composition schematic diagram that the application another kind identifies gateway;
Figure 15 is the structure composition schematic diagram of the application another kind terminal;
Figure 16 is the structure composition schematic diagram of the application another kind ID management server;
Figure 17 is the structure composition schematic diagram of the application network identity mapped system.
Specific embodiment
For the purposes, technical schemes and advantages of the application are more clearly understood, below in conjunction with attached drawing to the application
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
In the relevant technologies network AGW and AS mutual cooperation the legitimacy of terminal is authenticated, certification pass through after, AGW from
The IP address not occupied, which is chosen, in the IP address pond being locally configured distributes to terminal, later, IP address of the terminal based on distribution
The application server in internet or enterprise network is accessed, during being somebody's turn to do, since the IP address of terminal distribution is dynamic change, number
Can not know it is which user sends according to the IP address carried in packet, be highly detrimental to network supervision.
The application indicates user identity using network identity (NID, Network ID), realize by network identity come
User identity is indicated, to improve supervisory efficiency.
Optionally, the network composed structure based on the relevant technologies referring to fig. 2, and increases mark client in the terminal
(IDC, Identity Client), and between AGW and application server increase mark gateway or increase mark gateway and
ID management server (IDGW, Identity Gateway) safeguards the network identity of user, is not changing existing network base
In the case where Infrastructure, realizing through network identity indicates user identity, to improve supervisory efficiency.
Referring to Fig. 3, present applicant proposes a kind of network identity mapping methods, are applied to mark gateway, comprising:
Step 300 pre-establishes the first corresponding relationship between the first Internet protocol address of terminal and network identity.
In the application, since the user identifier of network identity and terminal is corresponding, and will not be with the variation of the first IP address
And change, it is thereby achieved that user identity is indicated by network identity, to improve supervisory efficiency.
In the application, the first corresponding relationship can be with static configuration, can also be with dynamic configuration.
When the first corresponding relationship of dynamic configuration, various ways can be used.For example, receiving the access information of terminal;It looks into
The corresponding network identity of user identifier is ask, first for saving or updating between the first Internet protocol address and network identity corresponds to
Relationship.For another example, the access information of terminal is received, is terminal distribution network identity, saves the first corresponding relationship.
In the application, access information includes the first Internet protocol (IP, Internet of user identifier and terminal
Protocol) address.
Wherein, user identifier can be user name, mail address, telephone number etc..
In one alternate embodiment, access information further include access way (such as 3G/4G access, Wireless Fidelity (wifi,
Wireless Fidelity) access etc.), accessing position information, the relevant informations such as turn-on time information.
In one alternate embodiment, the facility information of terminal is also received.
Wherein, facility information includes at least one of: Terminal Equipment Identifier, component information, hardware state, software shape
State.
In the application, access information is received by way of the notification message or keep-alive message that receive terminal, notice disappears
Breath or keep-alive message include access information.Optionally, notification message or keep-alive message further include facility information.
In the application, the form of network identity can be the form or the second IP address+port range of the second IP address
Form, such as using the second IP address 202.100.100.100 indicate network identity, or use the second IP address
202.100.100.100+ port range (1024~2047) indicates network identity.
In the application, the corresponding network identity of user identifier can be inquired using any one of following methods.
One, the second corresponding relationship between user identifier and network identity is preset, is searched in the second corresponding relationship
The corresponding network identity of user identifier.
Two, it is sent to ID management server and obtains network identity request, carry user identifier in network identity request;It connects
Receive the network identity that ID management server returns.
In the application, after the corresponding network identity of inquiry user identifier, if not saving the network identity pair before
The first corresponding relationship answered then directly saves the first corresponding pass of the network identity of the first IP address and inquiry in access information
System;If being saved corresponding first corresponding relationship of the network identity, the first IP address in access information before
When the first IP address difference corresponding with the network identity inquired in the first corresponding relationship, the first corresponding relationship is updated.
Step 301, according to the first corresponding relationship to come self terminal or be sent to terminal data packet carry out network identity turn
It changes.
Specifically, (one) when network identity use the second IP address form when,
If receiving the data packet for carrying out self terminal, the source internet protocol address word for carrying out the data packet of self terminal is obtained
First IP address of the terminal in section searches the corresponding network identity of the first IP address of terminal in the first corresponding relationship, will
The first IP address come in the source internet protocol address field of the data packet of self terminal replaces with the network identity found, so
The data packet of self terminal in future is sent to the application server in internet or enterprise network afterwards.In this way, in internet or enterprise network
It is middle to replace the first IP address to indicate user identity using network identity, since network identity and user identifier are corresponding, and will not
Change with the variation of the first IP address, this improves supervisory efficiency.
In above situation, when in the first corresponding relationship search less than terminal the corresponding network identity of the first IP address
When, the data that discarding carrys out self terminal include;Alternatively, carrying out Network address translators (NAT, Network to the data packet for carrying out self terminal
Address Translation), guarantee business can be normally carried out;Alternatively, carrying out NAT to the data packet for carrying out self terminal, but limit
The range of data packet transmission processed, for example the lower application server of security level can only be transmitted to.
If receiving the data packet for being sent to terminal, the purpose Internet protocol address for being sent to the data packet of terminal is obtained
Network identity in field, Network Search identifies the first IP address of corresponding terminal in the first corresponding relationship, will be sent to end
Network identity in the purpose Internet protocol address field of the data packet at end replaces with the first IP address found, then will
Data packet is sent to terminal.
In above situation, when searching the first IP address corresponding less than network identity in the first corresponding relationship, abandon
It is sent to the data packet of terminal;Alternatively, carrying out NAT to the data packet for being sent to terminal.
(2) when network identity uses the second IP address+port range form,
If receiving the data packet for carrying out self terminal for the first time, the source IP address field for carrying out the data packet of self terminal is obtained
In terminal the first IP address and the terminal in source port field first port;Terminal is searched in the first corresponding relationship
The corresponding network identity of first IP address;Future self terminal data packet source IP address field in the first IP address replace with
Second IP address of the network identity found, future self terminal data packet source port field in terminal first port
Replace in the port range of the network identity found not using second port, and establish the first IP address, first end
Third corresponding relationship between mouth, the second IP address and second port.
If subsequent receive the data packet for carrying out self terminal again, the first IP address is first searched in third corresponding relationship
Second IP address of network identity corresponding with first port and the second port of network identity, future self terminal data packet
The first IP address in source IP address field replaces with the second IP address found, future self terminal data packet source port
First port in field replaces with the second port found;
If searching corresponding less than the first IP address and first port the second IP address and the in third corresponding relationship
Two-port netwerk then searches the corresponding network identity of the first IP address in the first corresponding relationship;Future self terminal data packet source
The first IP address in IP address field replaces with the second IP address of the network identity found, future self terminal data packet
Source port field in first port replace in the port range of the network identity found not using second port,
And establish the third corresponding relationship between the first IP address, first port, the second IP address and second port.
In above situation, when searching network identity corresponding less than the first IP address in the first corresponding relationship, then abandon
Carry out the data packet of self terminal;Alternatively, carrying out network address port conversion (NAPT, Network to the data packet for carrying out self terminal
Address Port Translation), guarantee business can be normally carried out;Alternatively, being carried out to the data packet for carrying out self terminal
NAPT, guarantee business can be normally carried out, but limit the range of data packet transmission, for example can only to be transmitted to security level lower
Application server.
If receiving the data packet for being sent to terminal, the mesh for being sent to the data packet of terminal is searched in third corresponding relationship
IP address field in network identity the second IP address and the network identity in destination port field second port it is corresponding
The first IP address and first port, the second IP address in the purpose IP address field for being sent to the data packet of terminal is replaced with
Second port in the destination port field for being sent to the data packet of terminal is replaced with and to be found by the first IP address found
First port.
In above situation, when in third corresponding relationship search less than the data packet for being sent to terminal purpose IP address field
In network identity the second IP address and the network identity in destination port field corresponding first IP address of second port
When with first port, the data packet for being sent to terminal is abandoned;Alternatively, carrying out NAPT to the data packet for being sent to terminal.
In above situation, when within a certain period of time without using third corresponding relationship carry out network identity conversion when, can
To delete third corresponding relationship, to save memory space.
In one alternate embodiment, when the access information and/or facility information that receive change, this method is also wrapped
It includes:
To ID management server send information update message so that ID management server update User Status and/or
Access information and/or facility information;When receiving the confirmation message of ID management server return, confirmation is returned to terminal and is disappeared
Breath.
In one alternate embodiment, this method further include:
When being not received by notification message or keep-alive message within a preset time, or receiving the offline message of terminal,
Delete the first corresponding relationship.
Wherein, when receiving the offline message of terminal, confirmation message can be returned to terminal, so that terminal receives really
Recognize offline after message and discharges IP address;Confirmation message can not also be returned to terminal.
When receiving the offline message of terminal, the offline message of terminal can also be sent to ID management server, is made
The User Status in ID management server the second corresponding relationship of update is obtained, in the confirmation message for receiving ID management server
When, the first corresponding relationship and third corresponding relationship are deleted, and return to confirmation message to terminal.
When being not received by notification message or keep-alive message within a preset time, can also be sent out to ID management server
It makes arrangements for his funeral the offline message at end, so that ID management server updates the User Status in the second corresponding relationship.
Referring to fig. 4, present applicant proposes a kind of network identity mapping methods, are applied to terminal, comprising:
Step 400 obtains access information.
In the application, access information includes the first IP address of user identifier and terminal.
Wherein, user identifier can be user name, mail address, telephone number etc..
In one alternate embodiment, access information further include access way (such as 3G/4G access, Wireless Fidelity (wifi,
Wireless Fidelity) access etc.), accessing position information, the relevant informations such as turn-on time information.
In one alternate embodiment, the facility information of terminal is also obtained.
Wherein, facility information includes at least one of: Terminal Equipment Identifier, component information, hardware state, software shape
State.
Access information is sent to mark gateway by step 401.
In the application, when access information is sent to mark gateway, with needing to know in advance the 3rd IP of mark gateway
Location can specifically know the third IP address of mark gateway using following any mode.
One, the third IP address of mark gateway is pre-configured in terminal;
Two, the domain name of mark gateway is pre-configured in terminal, domain name system (DNS, Domain Name System) is solving
When the domain name of analysis mark gateway, the third IP address of mark gateway is returned according to the on-position of user;
Three, access gateway will identify the 3rd IP of gateway when the first IP address that will distribute to terminal is sent to terminal
Address or domain name are sent to terminal.
In the application, access information can be sent to by mark gateway, notification message by notification message or keep-alive message
Or keep-alive message includes access information.Optionally, notification message or keep-alive message further include facility information.
Specifically, can periodically send a notification message or keep-alive message to mark gateway;
Alternatively, sending a notification message or keep-alive message when access information changes to mark gateway;
Alternatively, sending a notification message or keep-alive message when facility information changes to mark gateway.
In one alternate embodiment, when terminal needs offline, this method further include:
Offline message is sent to mark gateway;When receiving the confirmation message that mark gateway returns, controlling terminal is offline,
And discharge the first IP address of terminal.
Above-mentioned network identity mapping method can realize that mark client is by the way that mark client is arranged in the terminal
One component of terminal can obtain access information, facility information from the other assemblies of terminal.To not change existing end
On the basis of the hardware configuration at end, realizing through network identity indicates user identity, to improve supervisory efficiency.
Referring to Fig. 5, present applicant proposes a kind of network identity mapping methods, are applied to ID management server, comprising:
Step 500, the acquisition network identity request for receiving mark gateway, the network identity request carry user's mark
Know.
In the application, network identity request can also carry at least one of: the facility information of terminal, is connect access way
Enter location information, turn-on time information.
In step 501, the second corresponding relationship between pre-set user identifier and network identity, the use is searched
Family identifies corresponding network identity;Alternatively, distribute network identity according to user identifier, and save user identifier and network identity it
Between the second corresponding relationship.
In the application, the corresponding relationship between user identifier and network identity can be one-to-one relationship, Huo Zheyi
To more relationships.When the corresponding relationship between user identifier and network identity be one-to-many corresponding relationship when, can according to
Family mark, other access informations or facility information choose suitable network identity.For example, the second corresponding relationship further include with down toward
It is one of few:
The facility information of terminal, access way, accessing position information, turn-on time information, User Status.
Wherein, the User Status includes at least one of: online, offline.
In this way, if network identity request also carries at least one of: the facility information of terminal, access way, access
Location information, turn-on time information then search user identifier and the corresponding network of at least one of in the second corresponding relationship
Mark: the facility information of terminal, access way, accessing position information, turn-on time information.
When it is implemented, the second corresponding relationship can be pair between user identifier, turn-on time information and network identity
It should be related to, and network identity request carries user identifier and turn-on time information, then search user's mark in the second corresponding relationship
Know network identity corresponding with turn-on time information.
In the application, when distributing network identity according to user identifier, one can be chosen from network identity resource pool not
The network identity used is allocated.
Network identity is sent to mark gateway by step 502.
In one alternate embodiment, this method further include:
When receiving information update message, updates the second corresponding relationship and return to confirmation message to mark gateway.
Wherein, information update message includes at least one of: facility information, the access information of terminal.
In one alternate embodiment, this method further include:
When receiving the offline message of terminal, the User Status in the second corresponding relationship is updated to it is offline, and to
It identifies gateway and returns to confirmation message.
The specific implementation process of the network identity mapping method of the application is discussed in detail below by specific embodiment.
First embodiment
Fig. 6 is the structure composition schematic diagram of first embodiment of the invention terminal.As shown in fig. 6, a typical terminal is logical
Often comprising underlying hardware and the program module run on underlying hardware.
Wherein, underlying hardware includes: central processing unit, memory or memory, modem etc..
Program module includes: operating system, the communication module for driving modem and application program etc.
Program module is typically stored in memory or memory, is executed by central processing unit.
Wherein, communication module can drive modem to be communicated, such as online access access gateway, reception access
First IP address of gateway distribution;Or it is offline leave access gateway, discharge the first IP address;
Application program is logical using above-mentioned first IP address and internet or the application server of enterprise network under online state
Letter, provides a user business.
Mark client is increased in the present embodiment terminal, has interactive interface and ability with communication module, specifically,
1, it is capable of the online or offline of communication control module;
2, the online or offline of communication module can be perceived;
3, it is able to use the first IP address and passes through communication module and mark gateway communication;
4, access information can be obtained from communication module, such as obtain the online user identifier used of user, terminal the
One IP address, turn-on time information, accessing position information etc..
Optionally, mark gateway can be interacted with underlying hardware obtains facility information.
In the structure composition of above-mentioned terminal, mark client is a component being superimposed upon on associated terminal framework, not shadow
Ring the basic function of associated component, the especially function of application program, the compatibility having had.
Second embodiment
Fig. 7 is the interaction schematic diagram of second embodiment of the invention network identity mapping method.As shown in fig. 7, this method packet
It includes:
Step 700, terminal are linked into access gateway, and certificate server authenticates the legitimacy of user.
In this step, specific verification process and access way are closely related, and details are not described herein.
In this step, terminal is identified during being linked into access gateway using user identifier, and user identifier can be with
For user name (such as QQ user name), mail address, telephone number.
Step 701, after certification passes through, access gateway be the first IP address of terminal distribution.
In this step, the first IP address generally uses dynamic allocation mode.
Step 702, the mark client of terminal send a notification message to mark gateway, and user's mark is carried in notification message
Know, the first IP address of distribution, and can further comprise facility information, other access informations.
In this step, facility information includes but is not limited to Terminal Equipment Identifier, component information, hardware state, application state.
Access information can also further comprise access way (such as 3G/4G access, Wifi access), accessing position information, connect
Angle of incidence information etc..
In this step, mark client is a component of terminal, and access letter can be obtained from the other assemblies of terminal
Breath, facility information.
In the present embodiment, mark client needs to know the ground of mark gateway when sending a notification message to mark gateway
Location, specific acquisition modes include but is not limited to:
1) the third IP address of mark gateway is pre-configured in terminal;
2) domain name of mark gateway is pre-configured in terminal, DNS is in domain name mapping, according to the accessing position information of user
Return to the third IP address of mark gateway;
3) access gateway is when distributing the first IP address, the third IP address or domain name of access gateway notice mark gateway.
Step 703, mark gateway are sent to ID management server obtains NID request, wherein user identifier is carried, into one
Step can be with Portable device information, other access informations.
Step 704, ID management server inquire corresponding NID in the second corresponding relationship of user identifier and NID, and
NID is sent to mark gateway.
In this step, the second corresponding relationship of user identifier and NID is configured in ID management server, it is most basic
Corresponding relationship is one-to-one relationship, and may further be one-to-many relationship.In one-to-one relationship, management service is identified
Device directly acquires NID according to user identifier, and in one-to-many relationship, ID management server is according to user identifier, equipment mark
The suitable NID of selections such as knowledge, other accessing position informations.
In this step, NID form can be the second IP address or the second IP address+port range, such as use the 2nd IP
Address 202.100.100.100 expression NID, or the second IP address 202.100.100.100+ port range of use (1024~
2047) NID is indicated.
According to different representations, NID is also different in the position of data packet, if come from using the second IP address
It carries in source IP address field in the data packet of terminal, is carried in the destination IP field in the data packet for being sent to terminal;Such as
Fruit uses the second IP address+port range, takes in the source IP address field and source port field in the data packet for carrying out self terminal
Band carries in the purpose IP address field and destination port field in the data packet for being sent to terminal.
Step 705, mark gateway establish the first corresponding relationship between the first IP address of terminal and NID, to mark visitor
Family end returns to confirmation message.
It can also include user identifier in the first corresponding relationship in this step.
Hereafter step 706 when mark gateway receives carrys out the upstream data packet of self terminal, mark gateway carries out network identity
Conversion, is converted to NID for the first IP address and first port of the first IP address of terminal in data packet or terminal.
In this step, terminal can pass through NID unique identification user in internet or enterprise network.Specifically, when NID makes
When being indicated with the second IP address, mark gateway is replaced with the of the terminal in the source IP address field of data packet with IP address
NID, source port remain unchanged, this process and Network address translators (Network Address Translation, abbreviation NAT)
Function is similar.
When NID is indicated using the second IP address+port range, mark gateway will be in the source IP address field of data packet
First IP address of terminal replaces with the second IP address of NID, and the source first port in data packet is replaced with to the port model of NID
In enclosing not using second port, this process and network address port convert (Network Address Port
Translation, abbreviation NAPT) function is similar;
When executing the above process, the first IP address, first port will be established, between the second IP address and second port
Third corresponding relationship, and safeguard the state of the third corresponding relationship, such as the third corresponding relationship does not count within a certain period of time
According to stream, the third corresponding relationship will be discharged.
Step 707, mark gateway send the data packet comprising NID to the application server in internet or government and enterprises' net.
Step 708, application server send the data packet comprising NID, and data packet is sent to mark gateway.
Step 709, mark gateway according to NID inquire the first corresponding relationship, determine corresponding terminal the first IP address and
Then the second IP address of NID in purpose IP address field in data packet is replaced with terminal by the first port of terminal
First IP address, the second port of NID replaces with the first port of terminal in destination port, then delivers a packet to end
End.
The above process is identical to the processing of downstream data flow with NAT, NAPT technology.
Follow-up data packet repeats step 706~709, it should be noted that and mark gateway receives subsequent upstream data packet,
It first looks for the presence or absence of third corresponding relationship, if so, in the conversion for carrying out network identity by existing third corresponding relationship,
If not provided, establishing third corresponding relationship according to the process in step 706.
If mark gateway has received the data packet for carrying out self terminal before step 702~705 are completed, gateway is identified
Data packet can be handled in the following way:
1) packet discard;
2) NAT or NAPT is carried out according to the relevant technologies, guarantee business can be normally carried out;
3) NAT or NAPT is carried out according to the relevant technologies, but limits the range that data packet can be transmitted, for example can only be transmitted to
The low application server of security level required
2) and 3) in, the first IP address of carried terminal in the data packet transmitted in internet or government and enterprises' network, or
First IP address+first port, no longer can unique identification user.
3rd embodiment
Fig. 8 is the interaction schematic diagram of line process under third embodiment of the invention terminal.As shown in Figure 8, comprising:
Step 800~805, it is identical as step 700~705.
Step 806, mark client perceive user offline, if user's operation client is offline, to enter off-line state;
Step 807, mark client send offline message to mark gateway;
Step 808, mark gateway send offline message to ID management server;
Step 809, the User Status identified in management service the second corresponding relationship of update are offline, return confirmation sound
It answers;
Step 810, mark gateway logging off users, delete the first corresponding relationship and third corresponding relationship having built up, together
When delete data packet forward relationship;
Step 811, mark gateway return to confirmation response to mark client;
Step 812, mark client controlling terminal are offline, discharge the first IP address.
Fourth embodiment
Fig. 9 is the interaction schematic diagram of the method for the mobile more preferable access gateway of fourth embodiment of the invention terminal.Such as Fig. 9 institute
Show, when terminal moves, from the replacement of access gateway 1 to access gateway 2, the first IP address that network is distributed also is had occurred more
It changes, implementation procedure is as follows:
Step 900, the process described according to second embodiment, terminal pass through access gateway 1, mark gateway access internet
Or the application server of enterprise network;
Step 901, terminal occur it is mobile etc. due to, terminal is linked into access gateway 2;
Step 902, access gateway 2 are new first IP address of terminal distribution;
Step 903, mark client perceive access and change, and send a notification message to mark gateway, wherein carrying
The information such as user identifier and new first IP address, mark gateway update the first corresponding relationship;
Step 904, optional, mark gateway sends information update message to mark net management server;
Step 905, mark net management the second corresponding relationship of server update, accessing position information, Yong Huzhuan such as user
State returns to confirmation message;
Step 906, mark gateway return to confirmation message to mark net client;
Step 907~910, identical as step 706~709, at this moment terminal is communicated using new first IP address, mark
Gateway completes the conversion of new first IP address and network identity.
From the present embodiment as can be seen that after user replaces access gateway, the first IP address changes, but interconnecting
Used network identity remains unchanged in net/enterprise network, directly can position user by network identity in this way, strengthen net
Network ability to supervise.
5th embodiment
Figure 10 is the interaction schematic diagram of fifth embodiment of the invention User Status maintenance process.As shown in Figure 10, comprising:
It is step 1000~1005, identical as step 700~705 in second embodiment.
Step 1006, mark client and mark gateway all enable keep alive timer, identify the keep-alive timing of client-side
The period of device is less than the period of the timer of mark gateway.
Step 1007,1008, mark client keep alive timer time-out, mark client send notice to mark gateway and disappear
Breath or keep-alive message;
If step 1009, access information have update, identifies gateway and disappear to ID management server transmission information update
Breath, otherwise jumps directly to step 1011;
Step 1010, ID management server return to confirmation message;
Step 1011, mark gateway return to confirmation message to mark client;
Step 1012, mark gateway resetting keep alive timer, maintenance user online status are constant;
If step 1013, terminal are offline, mark client can not send a notification message again to mark gateway or keep-alive disappears
Breath, the keep alive timer identified on gateway at this time can time-out spilling;
Step 1014, mark gateway think that terminal has been off, then nullify the terminal, and delete all correspondences of the terminal
Relationship;
Step 1015, mark gateway send the offline message of terminal to ID management server;
User Status in second corresponding relationship is updated to offline, return confirmation by step 1016, ID management server
Message.
By the above process, network side is capable of the presence of correct maintenance terminal.
Based on the above method, on the basis of not changing conventional network equipment, pass through deployment mark gateway, mark management clothes
Business device, is enhanced terminal function, realizes the purpose for being carried out identity user using network identity, facilitate network supervision, is realized fast
Speed such as is traced to the source at the functions.
Referring to Figure 11, present applicant proposes a kind of mark gateways, comprising:
Module is established, is corresponded to for pre-establishing first between the first Internet protocol address of terminal and network identity
Relationship;Wherein, the user identifier of network identity and terminal is corresponding;
Conversion module, for according to first corresponding relationship to from the terminal or being sent to the data packet of the terminal
Carry out the conversion of network identity.
Optionally, the module of establishing is specifically used for:
Receive the access information of the terminal;Wherein, access information includes the first internet protocol of user identifier and terminal
Discuss address;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.
Optionally, the module of establishing is specifically used for:
The notification message or keep-alive message of the terminal are received, the notification message or the keep-alive message include described connect
Enter information, access information includes the first Internet protocol address of user identifier and terminal;It is corresponding to inquire the user identifier
Network identity saves or updates first corresponding relationship.
Optionally, the module of establishing is also used to:
When being not received by the notification message or the keep-alive message within a preset time, it is corresponding to delete described first
Relationship;
Alternatively, Xiang Suoshu ID management server sends the terminal when receiving the offline message of the terminal
Offline message, receives the confirmation message of the ID management server, deletes first corresponding relationship, and to the terminal
Return to confirmation message.
Optionally, the module of establishing is specifically used for realizing the corresponding network of the inquiry user identifier in the following ways
Mark:
In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched
The network identity answered;
Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user's mark
Know;Receive the network identity that the ID management server returns.
Optionally, the module of establishing is also used to:
Information update message is sent to ID management server;
The confirmation message that the ID management server returns is received, Xiang Suoshu terminal returns to confirmation message.
Optionally, the network identity includes the second Internet protocol address;The conversion module is specifically used for:
Obtain the first Internet protocol address of the terminal in the data packet from the terminal;At described first pair
It should be related to the middle corresponding network identity of the first Internet protocol address for searching the terminal;By the data packet from the terminal
In the first Internet protocol address of the terminal replace with the network identity found;
Alternatively, the conversion for carrying out network identity to the data packet for being sent to terminal according to the first corresponding relationship includes:
Obtain the network identity being sent in the data packet of the terminal;The network is searched in first corresponding relationship
Identify the first Internet protocol address of corresponding terminal;Network identity in the data packet for being sent to the terminal is replaced with and is looked into
First Internet protocol address of the terminal found.
Optionally, the conversion module is also used to:
When in first corresponding relationship search less than the terminal the corresponding network identity of the first internet address
When, the data packet from the terminal is abandoned, or include carrying out Network address translators to the data from the terminal;
Alternatively, when the first internet for searching terminal corresponding less than the network identity in first corresponding relationship
When protocol address, the data packet for being sent to the terminal is abandoned, or Network address translators is carried out to the data packet for being sent to the terminal.
Optionally, the network identity includes the second Internet protocol address and port range, and the conversion module is specific
For:
Obtain the first Internet protocol address and the terminal of the terminal in the data packet from the terminal
First port;
The corresponding network identity of the first Internet protocol address of the terminal is searched in the first corresponding relationship;
First Internet protocol address of the terminal in the data packet from the terminal replaced with and is found
Second Internet protocol address of network identity replaces the first port of the terminal in the data packet from the terminal
For in the port range of the network identity found not using second port;
Establish the first Internet protocol address, the first port of terminal, the second Internet protocol of network identity of terminal
Third corresponding relationship between address and the second port of network identity.
Optionally, the conversion module is also used to:
When in first corresponding relationship search less than the terminal the corresponding network of the first Internet protocol address
When mark, the data packet from the terminal is abandoned, or network address port conversion is carried out to the data packet from the terminal.
Referring to Figure 12, present applicant proposes a kind of terminals, comprising:
Module is obtained, for obtaining access information;Wherein, access information includes the first internet of user identifier and terminal
Protocol address;
First sending module, for access information to be sent to mark gateway.
Optionally, first sending module is specifically used for:
The access information is sent to the mark according to the third Internet protocol address of preconfigured mark gateway
Know gateway;
Alternatively, the third internet of the mark gateway returned according to domain name system when parsing the domain name of the mark gateway
The access information is sent to the mark gateway by protocol address;
Alternatively, the third Internet protocol address of the mark gateway sent according to access gateway sends the access information
To the mark gateway.
Optionally, first sending module is specifically used for:
It sends a notification message to the mark gateway or keep-alive message, the notification message or the keep-alive message include institute
State access information.
Optionally, first sending module is specifically used for:
Periodically the notification message or the keep-alive message are sent to the mark gateway;
Alternatively, sending the notification message or the keep-alive to the mark gateway when the access information changes
Message.
Optionally, first sending module is also used to:
Offline message is sent to the mark gateway;
The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharges the of the terminal
One Internet protocol address.
Referring to Figure 13, present applicant proposes a kind of ID management servers, comprising:
Receiving module, for receiving the acquisition network identity request of mark gateway, the network identity request, which carries, to be used
Family mark;
Processing module, for searching in the second corresponding relationship between pre-set user identifier and network identity
The corresponding network identity of the user identifier;Alternatively, distributing network identity according to user identifier, and save user identifier and network
The second corresponding relationship between mark;
Second sending module, for network identity to be sent to mark gateway.
Optionally, further include User Status in second corresponding relationship, the User Status includes at least one of:
It is online, offline.
Optionally, the receiving module is also used to: receiving information update message;
The processing module is also used to: updating second corresponding relationship;
Second sending module is also used to: returning to confirmation message to mark gateway.
Optionally, the receiving module is also used to: receiving the offline message of terminal;
The processing module is also used to: the User Status in second corresponding relationship being updated to offline;
Second sending module is also used to: returning to confirmation message to mark gateway.
Referring to Figure 14, present applicant proposes a kind of mark gateways, including first processor and the first computer-readable storage
Medium is stored with the first instruction in first computer readable storage medium, which is characterized in that when first instruction is by institute
When stating first processor execution, any of the above-described kind of network identity mapping method is realized.
Referring to Figure 15, present applicant proposes a kind of terminal, including second processor and second computer readable storage medium storing program for executing,
The second instruction is stored in the second computer readable storage medium storing program for executing, which is characterized in that when second instruction is by described the
When two processors execute, any of the above-described kind of network identity mapping method is realized.
Referring to Figure 16, present applicant proposes a kind of ID management servers, including third processor and third computer can
Storage medium is read, third instruction is stored in the third computer readable storage medium, which is characterized in that when the third refers to
When enabling by third processor execution, any of the above-described kind of network identity mapping method is realized.
Present applicant proposes a kind of computer readable storage mediums, are stored thereon with computer program, which is characterized in that institute
State the step of any of the above-described kind of network identity mapping method is realized when computer program is executed by processor.
Above-mentioned computer readable storage medium comprises at least one of the following: flash memory, hard disk, multimedia card, card-type memory
(for example, safe digital card (SD card, Secure Digital Memory Card) or data register (DX, Data
Register) memory etc.), random access storage device (RAM, Random Access Memory), static random-access storage
Device (SRAM, Static Random Access Memory), read-only memory (ROM, Read Only Memory), electrically erasable
Except programmable read only memory (EEPROM, Electrically Erasable Programmable Read-Only
Memory), programmable read only memory (PROM, Programmable Read-Only Memory), magnetic storage, disk,
CD etc..
Above-mentioned processor can be central processing unit (CPU, Central Processing Unit), controller, microcontroller
Device, microprocessor or other data processing chips etc..
Referring to Figure 17, present applicant proposes a kind of network identity mapped systems, comprising:
Terminal, for obtaining access information;Wherein, access information includes the first Internet protocol of user identifier and terminal
Address;Access information is sent to mark gateway;
Gateway is identified, for receiving the access information of the terminal;Wherein, access information includes user identifier and terminal
First Internet protocol address;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update;
According to first corresponding relationship to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.
Optionally, mark gateway, which is specifically used for realizing in the following ways, inquires the corresponding network mark of the user identifier
Know:
In the second corresponding relationship between pre-set user identifier and network identity, the user identifier pair is searched
The network identity answered;
Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user's mark
Know;Receive the network identity that the ID management server returns;
Network identity mapped system further include:
ID management server, for receiving the acquisition network identity request of mark gateway, the network identity request
Carry user identifier;In the second corresponding relationship between pre-set user identifier and network identity, the user is searched
Identify corresponding network identity;Alternatively, distributing network identity according to user identifier, and save between user identifier and network identity
The second corresponding relationship;Network identity is sent to mark gateway.
Optionally, terminal is specifically used for:
Obtain access information;Wherein, access information includes the first Internet protocol address of user identifier and terminal;To institute
It states mark gateway to send a notification message or keep-alive message, the notification message or the keep-alive message include the access information;
Mark gateway is specifically used:
The notification message or keep-alive message of the terminal are received, the notification message or the keep-alive message include described connect
Enter information;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update;According to described first
Corresponding relationship is to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.
Optionally, terminal is also used to:
Offline message is sent to the mark gateway;The confirmation message that the mark gateway returns is received, described in control
Terminal is offline, and discharges the first Internet protocol address of the terminal;
Mark gateway is also used to:
When being not received by the notification message or the keep-alive message within a preset time, it is corresponding to delete described first
Relationship;
Alternatively, Xiang Suoshu ID management server sends the terminal when receiving the offline message of the terminal
Offline message, receives the confirmation message of the ID management server, deletes first corresponding relationship, and to the terminal
Return to confirmation message;
ID management server is also used to:
When receiving the offline message of terminal, the User Status in second corresponding relationship is updated to it is offline,
And confirmation message is returned to mark gateway.
Although embodiment disclosed by the application is as above, the content only for ease of understanding the application and use
Embodiment is not limited to the application.Technical staff in any the application fields, is taken off not departing from the application
Under the premise of the spirit and scope of dew, any modification and variation, but the application can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (24)
1. a kind of network identity mapping method, comprising:
Pre-establish the first corresponding relationship between the first Internet protocol address of terminal and network identity;Wherein, network mark
Know corresponding with the user identifier of terminal;
According to first corresponding relationship to turn from the terminal or the data packet progress network identity for being sent to the terminal
It changes.
2. network identity mapping method according to claim 1, which is characterized in that described to establish the first corresponding relationship packet
It includes:
Receive the access information of the terminal;Wherein, access information includes the Internet protocol address of user identifier and terminal;
The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update.
3. network identity mapping method according to claim 2, which is characterized in that this method further include:
When being not received by the access information within a preset time, first corresponding relationship is deleted, to mark management clothes
Business device sends the offline message of the terminal;
Alternatively, Xiang Suoshu ID management server sends the offline of the terminal when receiving the offline message of the terminal
Message receives the confirmation message of the ID management server, deletes first corresponding relationship, and return to the terminal
Confirmation message.
4. network identity mapping method according to claim 2, which is characterized in that the corresponding net of the inquiry user identifier
Network identifies
In the second corresponding relationship between pre-set user identifier and network identity, it is corresponding to search the user identifier
Network identity;
Network identity request is obtained alternatively, sending to ID management server, the network identity request carries user identifier;It connects
Receive the network identity that the ID management server returns.
5. network identity mapping method according to claim 2, which is characterized in that this method further include:
Information update message is sent to ID management server;
The confirmation message that the ID management server returns is received, Xiang Suoshu terminal returns to confirmation message.
6. network identity mapping method according to claim 1, which is characterized in that the network identity includes the second interconnection
FidonetFido address;It is described to include: to the conversion for the data packet progress network identity for carrying out self terminal according to the first corresponding relationship
Obtain the first Internet protocol address of the terminal in the data packet from the terminal;In the described first corresponding pass
The corresponding network identity of first Internet protocol address is searched in system;By described in the data packet from the terminal
One Internet protocol address replaces with the network identity found;
Alternatively, the conversion for carrying out network identity to the data packet for being sent to terminal according to the first corresponding relationship includes:
Obtain the network identity being sent in the data packet of the terminal;The network identity is searched in first corresponding relationship
Corresponding first Internet protocol address;Network identity in the data packet for being sent to the terminal is replaced with into first interconnection
FidonetFido address.
7. network identity mapping method according to claim 1, which is characterized in that the network identity includes the second interconnection
FidonetFido address and port range, the conversion for carrying out network identity to the data packet for carrying out self terminal according to the first corresponding relationship
Include:
Obtain the data packet from the terminal in the terminal the first Internet protocol address and the terminal first
Port;
The corresponding network identity of Internet protocol address of the terminal is searched in the first corresponding relationship;
First Internet protocol address of the terminal in the data packet from the terminal is replaced with into the network found
Second Internet protocol address of mark, the first port of the terminal in the data packet from the terminal is replaced with and is looked into
In the port range of the network identity found not using second port;
Establish the third pair between the first Internet protocol address, first port, the second Internet protocol address and second port
It should be related to.
8. a kind of network identity mapping method, comprising:
Obtain access information;Wherein, access information includes the first Internet protocol address of user identifier and terminal;
Access information is sent to mark gateway.
9. network identity mapping method according to claim 8, which is characterized in that described that access information is sent to mark
Gateway includes:
The access information is sent to the mark net according to the third Internet protocol address of preconfigured mark gateway
It closes;
Alternatively, the third Internet protocol of the mark gateway returned according to domain name system when parsing the domain name of the mark gateway
The access information is sent to the mark gateway by address;
Alternatively, the access information is sent to institute by the third Internet protocol address of the mark gateway sent according to access gateway
State mark gateway.
10. network identity mapping method according to claim 8 or claim 9, which is characterized in that this method further include:
Offline message is sent to the mark gateway;
The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharges the first of the terminal mutually
Networking protocol address.
11. a kind of network identity mapping method, comprising:
The acquisition network identity request of mark gateway is received, the network identity request carries user identifier;
In the second corresponding relationship between pre-set user identifier and network identity, it is corresponding to search the user identifier
Network identity;Alternatively, distribute network identity according to user identifier, and save between user identifier and network identity second corresponds to
Relationship;
Network identity is sent to mark gateway.
12. network identity mapping method according to claim 10, which is characterized in that also wrapped in second corresponding relationship
User Status is included, the User Status includes at least one of: online, offline.
13. network identity mapping method according to claim 12, which is characterized in that this method further include:
When receiving information update message, updates second corresponding relationship and return to confirmation message to mark gateway;
Alternatively, when receiving the offline message of terminal, the User Status in second corresponding relationship is updated to it is offline,
And confirmation message is returned to mark gateway.
14. a kind of mark gateway, comprising:
Module is established, for pre-establishing the first corresponding pass between the first Internet protocol address of terminal and network identity
System;Wherein, the user identifier of network identity and terminal is corresponding;
Conversion module, for according to first corresponding relationship to from the terminal or be sent to the terminal data packet carry out
The conversion of network identity.
15. mark gateway according to claim 14, which is characterized in that the module of establishing is specifically used for:
Receive the access information of the terminal;Wherein, access information includes the Internet protocol address of user identifier and terminal;It looks into
The corresponding network identity of the user identifier is ask, first corresponding relationship is saved or update.
16. a kind of terminal, comprising:
Module is obtained, for obtaining access information;Wherein, access information includes the Internet protocol of user identifier and terminal
Location;
First sending module, for access information to be sent to mark gateway.
17. terminal according to claim 16, which is characterized in that first sending module is also used to:
Offline message is sent to the mark gateway;
The confirmation message that the mark gateway returns is received, controls that the terminal is offline, and discharge the internet of the terminal
Protocol address.
18. a kind of ID management server, comprising:
Receiving module, for receiving the acquisition network identity request of mark gateway, the network identity request carries user's mark
Know;
Processing module, in the second corresponding relationship between pre-set user identifier and network identity, described in lookup
The corresponding network identity of user identifier;Alternatively, distributing network identity according to user identifier, and save user identifier and network identity
Between the second corresponding relationship;
Second sending module, for network identity to be sent to mark gateway.
19. a kind of mark gateway, including first processor and the first computer readable storage medium, described first is computer-readable
The first instruction is stored in storage medium, which is characterized in that when first instruction is executed by the first processor, realize
Network identity mapping method as described in claim 1~7.
20. a kind of terminal, including second processor and second computer readable storage medium storing program for executing, the second computer readable storage
The second instruction is stored in medium, which is characterized in that when second instruction is executed by the second processor, realize as weighed
Benefit require 8~10 described in network identity mapping method.
21. a kind of ID management server, including third processor and third computer readable storage medium, the third is calculated
Third instruction is stored in machine readable storage medium storing program for executing, which is characterized in that when third instruction is executed by the third processor
When, realize the network identity mapping method as described in claim 11~13.
22. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of network identity mapping method as described in claim 1~13 is realized when being executed by processor.
23. a kind of network identity mapped system, comprising:
Terminal, for obtaining access information;Wherein, access information includes the first Internet protocol of user identifier and terminal
Location;Access information is sent to mark gateway;
Gateway is identified, for receiving the access information of the terminal;Wherein, access information includes the first of user identifier and terminal
Internet protocol address;The corresponding network identity of the user identifier is inquired, first corresponding relationship is saved or update;According to
First corresponding relationship is to the conversion from the terminal or the data packet progress network identity for being sent to the terminal.
24. network identity mapped system according to claim 23, which is characterized in that the mark gateway is specifically used for adopting
The corresponding network identity of the inquiry user identifier is realized with the following methods:
It is sent to ID management server and obtains network identity request, the network identity request carries user identifier;Receive institute
State the network identity of ID management server return;
The network identity mapped system further include:
ID management server, for receiving the acquisition network identity request of mark gateway, the network identity request is carried
User identifier;In the second corresponding relationship between pre-set user identifier and network identity, the user identifier is searched
Corresponding network identity;Alternatively, distribute network identity according to user identifier, and save between user identifier and network identity the
Two corresponding relationships;Network identity is sent to mark gateway.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810067623.9A CN110071984A (en) | 2018-01-24 | 2018-01-24 | A kind of network identity mapping method and system and terminal, mark gateway |
PCT/CN2019/071730 WO2019144826A1 (en) | 2018-01-24 | 2019-01-15 | Network identifier mapping method and system, terminal, and identification gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810067623.9A CN110071984A (en) | 2018-01-24 | 2018-01-24 | A kind of network identity mapping method and system and terminal, mark gateway |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110071984A true CN110071984A (en) | 2019-07-30 |
Family
ID=67365539
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810067623.9A Pending CN110071984A (en) | 2018-01-24 | 2018-01-24 | A kind of network identity mapping method and system and terminal, mark gateway |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110071984A (en) |
WO (1) | WO2019144826A1 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111465003A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Method and device for addressing card-free terminal |
CN113556414A (en) * | 2021-09-18 | 2021-10-26 | 浙江国利信安科技有限公司 | Method, gateway device and storage medium for inter-network communication |
CN113568811A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Distributed safety monitoring data processing method |
CN113691858A (en) * | 2021-08-31 | 2021-11-23 | Vidaa美国公司 | Display device and interface display method |
WO2021248971A1 (en) * | 2020-06-12 | 2021-12-16 | 中兴通讯股份有限公司 | Network access method, electronic device, and storage medium |
CN113923707A (en) * | 2021-12-10 | 2022-01-11 | 中移(上海)信息通信科技有限公司 | Terminal monitoring method, device, network equipment, control system and terminal |
CN114363331A (en) * | 2021-12-22 | 2022-04-15 | 上海浦东发展银行股份有限公司 | Communication method, system, computer device and storage medium |
CN112866379B (en) * | 2021-01-15 | 2022-05-31 | 浪潮云信息技术股份公司 | Access method and device of microservice |
CN114615230A (en) * | 2022-03-14 | 2022-06-10 | 芯河半导体科技(无锡)有限公司 | Traceable NAPT dynamic address mapping method |
CN114710470A (en) * | 2020-12-16 | 2022-07-05 | 华为技术有限公司 | Communication system, method and device |
CN114900559A (en) * | 2022-04-11 | 2022-08-12 | 北京声智科技有限公司 | Management system, terminal, management method, and storage medium |
CN116405927A (en) * | 2023-05-30 | 2023-07-07 | 中国铁道科学研究院集团有限公司通信信号研究所 | Method for hierarchical processing of functional addressing and rapid maintenance of functional numbers |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113810349B (en) * | 2020-06-17 | 2023-05-12 | 腾讯科技(深圳)有限公司 | Data transmission method, device, computer equipment and storage medium |
US20220200952A1 (en) * | 2020-12-21 | 2022-06-23 | Oracle International Corporation | Network address translation between networks |
CN113438335B (en) * | 2021-06-10 | 2022-09-06 | 深圳市广和通无线股份有限公司 | Routing method, device, equipment and storage medium |
CN113507531A (en) * | 2021-06-15 | 2021-10-15 | 山东伏羲智库互联网研究院 | Internet of things identification analysis method, edge gateway, electronic equipment and storage medium |
CN114338634B (en) * | 2021-12-29 | 2023-12-01 | 杭州盈高科技有限公司 | Data processing method and device |
CN114598735A (en) * | 2022-01-30 | 2022-06-07 | 阿里巴巴(中国)有限公司 | Data processing method and system |
CN115277827A (en) * | 2022-07-26 | 2022-11-01 | 中国电信股份有限公司 | Cloud resource configuration method, system, device, equipment and storage medium |
CN115348191B (en) * | 2022-08-24 | 2024-01-09 | 北京首信科技股份有限公司 | Internet of things terminal data acquisition method and device in wireless VPDN (virtual private digital network) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105306612A (en) * | 2014-07-15 | 2016-02-03 | 中兴通讯股份有限公司 | Method for acquiring identifier of terminal in network and management network element |
CN106790732A (en) * | 2015-11-24 | 2017-05-31 | 中兴通讯股份有限公司 | Address conversion method, apparatus and system, network identity control method and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016144230A1 (en) * | 2015-03-06 | 2016-09-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Method, network device, computer program and computer program product for mobile service chaining |
-
2018
- 2018-01-24 CN CN201810067623.9A patent/CN110071984A/en active Pending
-
2019
- 2019-01-15 WO PCT/CN2019/071730 patent/WO2019144826A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105306612A (en) * | 2014-07-15 | 2016-02-03 | 中兴通讯股份有限公司 | Method for acquiring identifier of terminal in network and management network element |
CN106790732A (en) * | 2015-11-24 | 2017-05-31 | 中兴通讯股份有限公司 | Address conversion method, apparatus and system, network identity control method and device |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111465003A (en) * | 2020-04-01 | 2020-07-28 | 中国联合网络通信集团有限公司 | Method and device for addressing card-free terminal |
CN111465003B (en) * | 2020-04-01 | 2022-05-13 | 中国联合网络通信集团有限公司 | Method and device for addressing card-free terminal |
WO2021248971A1 (en) * | 2020-06-12 | 2021-12-16 | 中兴通讯股份有限公司 | Network access method, electronic device, and storage medium |
CN114710470A (en) * | 2020-12-16 | 2022-07-05 | 华为技术有限公司 | Communication system, method and device |
CN112866379B (en) * | 2021-01-15 | 2022-05-31 | 浪潮云信息技术股份公司 | Access method and device of microservice |
CN113568811A (en) * | 2021-07-28 | 2021-10-29 | 中国南方电网有限责任公司 | Distributed safety monitoring data processing method |
CN113691858A (en) * | 2021-08-31 | 2021-11-23 | Vidaa美国公司 | Display device and interface display method |
CN113556414A (en) * | 2021-09-18 | 2021-10-26 | 浙江国利信安科技有限公司 | Method, gateway device and storage medium for inter-network communication |
CN113923707A (en) * | 2021-12-10 | 2022-01-11 | 中移(上海)信息通信科技有限公司 | Terminal monitoring method, device, network equipment, control system and terminal |
WO2023103669A1 (en) * | 2021-12-10 | 2023-06-15 | 中移(上海)信息通信科技有限公司 | Terminal monitoring method and apparatus, network device, control system and terminal |
CN114363331A (en) * | 2021-12-22 | 2022-04-15 | 上海浦东发展银行股份有限公司 | Communication method, system, computer device and storage medium |
CN114615230A (en) * | 2022-03-14 | 2022-06-10 | 芯河半导体科技(无锡)有限公司 | Traceable NAPT dynamic address mapping method |
CN114615230B (en) * | 2022-03-14 | 2024-01-19 | 芯河半导体科技(无锡)有限公司 | NAPT dynamic address mapping method capable of backtracking |
CN114900559A (en) * | 2022-04-11 | 2022-08-12 | 北京声智科技有限公司 | Management system, terminal, management method, and storage medium |
CN116405927A (en) * | 2023-05-30 | 2023-07-07 | 中国铁道科学研究院集团有限公司通信信号研究所 | Method for hierarchical processing of functional addressing and rapid maintenance of functional numbers |
CN116405927B (en) * | 2023-05-30 | 2023-09-22 | 中国铁道科学研究院集团有限公司通信信号研究所 | Method for hierarchical processing of functional addressing and rapid maintenance of functional numbers |
Also Published As
Publication number | Publication date |
---|---|
WO2019144826A1 (en) | 2019-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110071984A (en) | A kind of network identity mapping method and system and terminal, mark gateway | |
US11528226B2 (en) | Network validation with dynamic tunneling | |
US10142159B2 (en) | IP address allocation | |
EP2843910B1 (en) | Address allocation method, device, and system | |
WO2016155300A1 (en) | Remote control system and remote control method for wireless terminal device | |
US20120297087A1 (en) | Method And Apparatus For Message Distribution In A Device Management System | |
CN107465529B (en) | Client terminal equipment management method, system and automatic configuration server | |
CN108737585B (en) | IP address allocation method and device | |
CN105245629B (en) | Host communication method based on DHCP and device | |
WO2023015815A1 (en) | Access system for internet of things terminal, method, apparatus, and storage medium | |
JP5518202B2 (en) | End-to-end call implementation method, end-to-end call terminal and system | |
KR101319418B1 (en) | Information providing method, home gateway and home network system | |
CN104427010A (en) | NAT (network address translation) method and device applied to DVPN (dynamic virtual private network) | |
CN106453683A (en) | Method for centralized access management of cameras | |
WO2020083288A1 (en) | Safety defense method and apparatus for dns server, and communication device and storage medium | |
CN103546304A (en) | Business processing method, equipment and system | |
CN110012118B (en) | Method and controller for providing Network Address Translation (NAT) service | |
CN109474713B (en) | Message forwarding method and device | |
JP2013506358A5 (en) | ||
EP4246936A1 (en) | Data processing method, function device and readable storage medium | |
CN105450585A (en) | Information transmission method and device | |
US10419392B2 (en) | Method, device and system for implementing address sharing | |
CN106878481B (en) | Method, device and system for acquiring Internet Protocol (IP) address | |
CN104780229A (en) | Method of setting cloud server IP address through cloud terminal, system and cloud system | |
CN103916489B (en) | The many IP of a kind of single domain name domain name analytic method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190730 |
|
RJ01 | Rejection of invention patent application after publication |