CN113055359B - IPv6 domain name data privacy protection method based on block chain and related equipment - Google Patents

IPv6 domain name data privacy protection method based on block chain and related equipment Download PDF

Info

Publication number
CN113055359B
CN113055359B CN202110215389.1A CN202110215389A CN113055359B CN 113055359 B CN113055359 B CN 113055359B CN 202110215389 A CN202110215389 A CN 202110215389A CN 113055359 B CN113055359 B CN 113055359B
Authority
CN
China
Prior art keywords
domain name
ipv6 address
block chain
ipv6
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110215389.1A
Other languages
Chinese (zh)
Other versions
CN113055359A (en
Inventor
魏桂臣
许放
徐鑫
邢宁哲
白巍
张宏亮
杨寒冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
State Grid Chongqing Electric Power Co Ltd
Global Energy Interconnection Research Institute
State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Beijing Zhongdian Feihua Communication Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
State Grid Chongqing Electric Power Co Ltd
Global Energy Interconnection Research Institute
State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Beijing Zhongdian Feihua Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd, State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, State Grid Chongqing Electric Power Co Ltd, Global Energy Interconnection Research Institute, State Grid Jibei Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd, Beijing Zhongdian Feihua Communication Co Ltd filed Critical Electric Power Research Institute of State Grid Chongqing Electric Power Co Ltd
Priority to CN202110215389.1A priority Critical patent/CN113055359B/en
Publication of CN113055359A publication Critical patent/CN113055359A/en
Application granted granted Critical
Publication of CN113055359B publication Critical patent/CN113055359B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/302Administrative registration, e.g. for domain names at internet corporation for assigned names and numbers [ICANN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

One or more embodiments of the present specification provide a block chain-based IPv6 domain name data privacy protection method and related devices. The method comprises the following steps: firstly, public information of a super node of a block chain is used for covering a registered domain name in a domain name registration stage. And then, distributing the IPv6 address according to the preset intelligent contract on the block chain, and encrypting the distributed address to obtain the address for domain name resolution. The privacy problems of a user in registering a new domain name, distributing an address and analyzing the address are comprehensively considered, and privacy protection is performed aiming at each step of domain name analysis, so that privacy data protection and domain name analysis communication data safety protection of a domain name registrant are realized.

Description

IPv6 domain name data privacy protection method based on block chain and related equipment
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a block chain-based IPv6 domain name data privacy protection method and related device.
Background
The Domain Name Service (DNS) is the basic service of the internet for enabling the location of domain names to host IP addresses. For internet users, almost all network activities require finding and locating the corresponding network resources through DNS. Thus, DNS contains a wealth of sensitive information relating to the user's internet access behavior. However, security was not a major concern at the beginning of DNS design, since DNS is crucial for the normal operation of the internet, protecting the data provided by DNS, where domain privacy protection is naturally an important concern.
IPv6 (internet protocol version 6) technology is widely used because it can greatly expand the available space of addresses. In the related art, the relation between the IP address and the domain name in the IPv6 is bound by the DNS server. The method is limited by the dependence of an Internet domain name resolution service on an overseas root server, domain name privacy faces the risks of 'orphism', 'blinding', 'disappearing' and 'hijacking', and huge potential safety hazards of uncontrollable domain name resolution exist. Meanwhile, domain name registrar information can be easily viewed through WHOIS, and domain name privacy data face the risk of being revealed. Based on this, an IPv6 domain name data privacy protection scheme with higher security is needed.
Disclosure of Invention
In view of this, one or more embodiments of the present disclosure are directed to a block chain-based IPv6 domain name data privacy protection method and related device.
In view of the above, one or more embodiments of the present specification provide a block chain-based internet protocol version 6 IPv6 domain name data privacy protection method, including:
in response to receiving the domain name registration request, a domain name system at a super node of the blockchain performs the following operations:
covering domain name registration information carried in the domain name registration request by using public information of the super node so as to anonymize the domain name registration information;
and distributing a first IPv6 address for the domain name registration information according to a preset intelligent contract on the block chain, and encrypting the first IPv6 address by using the public key of the super node to generate a second IPv6 address for domain name resolution.
Based on the same inventive concept, one or more embodiments of the present specification further provide a domain name system, disposed at a super node of a blockchain, for protecting IPv6 domain name data privacy, including:
a registration module configured to: in response to receiving a domain name registration request, covering domain name registration information carried in the domain name registration request by using public information of the super node so as to anonymize the domain name registration information; and distributing a first IPv6 address for the domain name registration information according to a preset intelligent contract on the block chain, and encrypting the first IPv6 address by using the public key of the super node to generate a second IPv6 address for domain name resolution.
Further, the domain name system further includes:
a parsing module configured to: responding to a received domain name resolution request from a visitor, and acquiring a white list and/or a black list in a public reputation library on the block chain; and in response to determining that the visitor is a legal visitor according to the white list and/or the black list, retrieving the second IPv6 address corresponding to the target domain name carried in the domain name resolution request from a domain name database, performing encryption verification on the retrieved second IPv6 address according to a predetermined common identification mechanism, and sending the encrypted and verified second IPv6 address to the visitor.
Based on the same inventive concept, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the method as described in any one of the above items when executing the program.
Based on the same inventive concept, one or more embodiments of the present specification also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform the method as any one of the above.
As can be seen from the foregoing, the block chain-based IPv6 domain name data privacy protection method and related device provided in one or more embodiments of the present specification comprehensively consider privacy problems of a user when registering a new domain name, allocating an address, and accessing acquired data, and perform privacy protection for each step of domain name resolution, thereby implementing privacy data protection for a domain name registrar and security protection for domain name resolution communication data.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, it is obvious that the drawings in the description below are only one or more embodiments of the present specification, and that other drawings may be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a block chain-based IPv6 domain name data privacy protection method according to one or more embodiments of the present disclosure;
FIG. 2 is a schematic diagram of domain name registration and address assignment in accordance with one or more embodiments of the present disclosure;
fig. 3 is a flow diagram illustrating privacy protection for communication during domain name resolution according to one or more embodiments of the disclosure;
fig. 4 is a schematic structural diagram of a domain name system for protecting privacy of IPv6 domain name data according to one or more embodiments of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to one or more embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present specification should have the ordinary meaning as understood by those of ordinary skill in the art to which this disclosure belongs. The use of "first," "second," and similar terms in one or more embodiments of the specification is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item preceding the word comprises the element or item listed after the word and its equivalent, but does not exclude other elements or items.
One or more embodiments of the present specification provide an IPv6 domain name data privacy protection scheme based on a block chain, and specifically, a registered domain name is covered by using public information of a super node of the block chain at a domain name registration stage. And then, distributing the IPv6 address according to the preset intelligent contract on the block chain, and encrypting the distributed address to obtain the address for domain name resolution.
Therefore, according to the IPv6 domain name data privacy protection scheme based on the block chain provided by one or more embodiments of the specification, privacy problems of a user in registering a new domain name, allocating an address and analyzing the address are comprehensively considered, and privacy protection is performed on each step of domain name analysis, so that privacy data protection and domain name analysis communication data safety protection of a domain name registrant are realized.
The technical solutions of one or more embodiments of the present specification are described in detail below with reference to specific embodiments.
Referring to fig. 1, a block chain-based IPv6 domain name data privacy protection method according to an embodiment of the present specification includes the following steps:
step S101, in response to receiving the domain name registration request, the domain name system at the super node of the blockchain performs the following operations:
and step S102, covering the domain name registration information carried in the domain name registration request by using the public information of the super node so as to anonymize the domain name registration information.
In the step, the private data of the domain name registration is protected by adopting a mode that the public information of the super node covers and registers the new domain name information, and the super node information of which block chain the domain name registration is in is adopted for covering so as to realize the anonymization of the private data of the domain name registration.
In one or more embodiments of the present specification, the block chain includes, but is not limited to, public, private, and federation chains.
Step S103, according to the preset intelligent contract on the block chain, a first IPv6 address is distributed to the domain name registration information, and the first IPv6 address is encrypted by the public key of the super node to generate a second IPv6 address for domain name resolution.
In this embodiment, referring to fig. 2, the last 4 bytes of the first IPv6 address are encrypted by an intelligent contract to generate two different IPv6 addresses, the public key of the domain name registration node is used for encryption to obtain a second IPv6 address, the private key of the domain name registration node is used for encryption to obtain a third IPv6 address, the second IPv6 address is used for domain name resolution of a block chain (public chain, private chain, alliance chain, etc.), and the third IPv6 address is used for a registrar to modify or change information.
In one or more embodiments of the present specification, the block chain-based IPv6 domain name data privacy protection method further includes the following steps:
and acquiring a white list and/or a black list in the public credit database on the block chain.
And providing analysis service for the visitor according to the white list and the black list.
In this step, private data can be guaranteed in a white list or black list mixed mode, an analysis service is provided for an accessor according to the white list or the black list, the accessor is allowed to access in response to determining that an accessor address is within a white list range and outside a black list range, the second IPv6 address corresponding to a target domain name carried in the domain name analysis request is retrieved from a domain name database, the retrieved second IPv6 address is encrypted and verified according to a predetermined consensus mechanism, the encrypted and verified second IPv6 address is sent to the accessor, and otherwise, the accessor is denied access.
As an example, website a has three sub-websites A1, A2, A3, and when website a is in the white list, but sub-website A2 under website a is in the black list, only website a, website A1, and website A3 are allowed to be accessed.
In one or more embodiments of the present specification, cryptographically verifying the retrieved second IPv6 address according to a predetermined consensus mechanism includes: the packet is encapsulated by an Authentication Header (AH) and an Encapsulating Security Payload (ESP) and sent to the visitor.
In the step, the ESP encrypts the data content by adopting an IPv6 address random array extraction mode, and the ESP tail provides ring signature decryption; and an AH tunnel mode is adopted to provide digital signatures for the encrypted data contents, so that the communication data security and the super node information security of the analysis system are ensured.
In this step, referring to fig. 3, after the requesting party sends the domain name request, the blacklist and the whitelist in the investigation consensus layer are obtained, the corresponding domain name address request is judged and responded according to the mixture of the blacklist and the whitelist, then the domain name request is sent to the ring signature consensus layer, and the domain name request is completed by the HA digital signature, the ESP encryption and the ESP signature verification, and finally the data packet of the domain name request result is returned.
As an example, a domain name resolution server based on a federation chain is established, 32 super nodes are set in different provinces under the federation chain, and the super node public information is self configuration information of the super node, which may include but is not limited to name, mail, home, address, such as
The name is as follows: BJ-DNS
E, mail: com.BJ-DNS S @ BJ-DNS
Attribution: a company Limited
Address: XX mansion in Hai lake area of Beijing
Telephone: 010-8281821
And E, postcode: 100192
The user zhang three applies for the domain name in this federation chain, and the information can be filled in as follows:
name: zhang san
And (4) contacting the telephone: 186xxxxxxxx
E, mail: 186xxxxxxxx @163.Com
Attribution: personal
Address: XX mansion in Hai lake area of Beijing
And E, postcode: 100192
In order to meet the requirement of privacy safety, all registered information of Zhang III is replaced by BJ-DNS super nodes by a alliance chain, all displayed domain name information is BJ-DNS super node covering information when domain name information of Zhang III is searched by the outside, and only public corresponding information of BJ-DNS can be seen by inquiring the registration information of BJ-DNS001.Com.cn by the outside.
And (3) completing domain name application and distributing an IPv6 address by combining with an intelligent contract, such as: 1050 0.
After the address allocation is finished, the communication privacy data security layer is guaranteed to be a mode of mixing a white list or a black list, the white list can be addresses on certain chains or super node addresses or addresses of certain countries, the black list mainly aims at a certain address on a certain chain or a single address of a super node or a single address of a certain country, the mixing is to use the white list and the black list simultaneously by including the relation, and only the addresses in the ranges of the white list and the black list are allowed to access. In order to ensure the data security in the communication process, an AH tunnel mode is adopted, a new IPv6 header and an AH are encapsulated outside an original IP data packet, and digital signature verification is carried out at the same time, wherein a digital signature is added in all data packet headers to verify the header (AH). The AH authenticates the user by means of a digital signature known only to the holder of the key. The AH also maintains data integrity because the digital signature of the data header can detect it no matter how small changes are loaded during transmission. Authentication of IPv6 is mainly accomplished by an Authentication Header (AH). The verification header is a safety extension header of IPv6, and provides integrity and data source verification for the IP data packet, thereby preventing anti-replay attack and avoiding IP spoofing attack. The Encapsulating Security Payload (ESP) strictly ensures the confidentiality of the transmission information by fully encrypting all data and loading contents of a data packet, so that other users can be prevented from opening the contents of information exchange by monitoring, and only trusted users have keys to open the contents. The IPv6 address random array extraction is adopted for encryption, the ESP tail provides ring signature decryption, and the ESP can also provide verification and maintain the integrity of data. The AH and ESP are combined, and when combined, the ESP can be protected by the AH.
It should be noted that the method of one or more embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and is completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of one or more embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above description describes certain embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any embodiment method, one or more embodiments of the present specification further provide a domain name system for protecting the privacy of IPv6 domain name data. The domain name system for protecting the privacy of IPv6 domain name data is arranged at a super node of a block chain and used for protecting the privacy of IPv6 domain name data, and comprises the following steps:
a registration module configured to: in response to receiving a domain name registration request, covering domain name registration information carried in the domain name registration request by using public information of the super node so as to anonymize the domain name registration information; and distributing a first IPv6 address for the domain name registration information according to a preset intelligent contract on the block chain, and encrypting the first IPv6 address by using the public key of the super node to generate a second IPv6 address for domain name resolution.
Referring to fig. 4, in one or more embodiments of the present specification, the domain name system for protecting privacy of IPv6 domain name data further includes:
a parsing module configured to: responding to a received domain name resolution request from a visitor, and acquiring a white list and/or a black list in a public reputation library on the block chain; and in response to the fact that the visitor is a legal visitor according to the white list and/or the black list, retrieving the second IPv6 address corresponding to the target domain name carried in the domain name resolution request from a domain name database, carrying out encryption verification on the retrieved second IPv6 address according to a preset common identification mechanism, and sending the second IPv6 address after the encryption verification to the visitor.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
The apparatus in the foregoing embodiment is used to implement the corresponding block chain-based IPv6 domain name data privacy protection method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method in any embodiment, one or more embodiments of the present specification further provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where when the processor executes the computer program, the block chain-based IPv6 domain name data privacy protection method in any embodiment is implemented.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static Memory device, a dynamic Memory device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component within the device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various sensors, etc., and the output devices may include a display, speaker, vibrator, indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, bluetooth and the like).
The bus 1050 includes a path to transfer information between various components of the device, such as the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement the corresponding block chain-based IPv6 domain name data privacy protection method in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-described embodiment methods, one or more embodiments of the present specification further provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the block chain based IPv6 domain name data privacy protection method according to any of the above-described embodiments.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
The computer instructions stored in the storage medium of the foregoing embodiment are used to enable the computer to execute the method for protecting privacy of IPv6 domain name data based on a block chain according to any foregoing embodiment, and have the beneficial effects of corresponding method embodiments, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the spirit of the present disclosure, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the present description as described above, which are not provided in detail for the sake of brevity.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures, such as Dynamic RAM (DRAM), may use the discussed embodiments.
It is intended that the one or more embodiments of the present specification embrace all such alternatives, modifications and variations as fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of one or more embodiments of the present disclosure are intended to be included within the scope of the present disclosure.

Claims (8)

1. A block chain-based IP 6 th edition IPv6 domain name data privacy protection method is characterized by comprising the following steps:
in response to receiving the domain name registration request, a domain name system at a super node of the blockchain performs the following operations:
covering domain name registration information carried in the domain name registration request by using public information of the super node so as to anonymize the domain name registration information;
according to a preset intelligent contract on the block chain, distributing a first IPv6 address for the domain name registration information, and encrypting the first IPv6 address by using a public key of the super node to generate a second IPv6 address for domain name resolution;
wherein the method further comprises:
in response to receiving a domain name resolution request from a visitor, the domain name system performs the following operations:
acquiring a white list and/or a black list in a public credit library on the block chain;
and in response to the fact that the visitor is a legal visitor according to the white list and/or the black list, retrieving the second IPv6 address corresponding to the target domain name carried in the domain name resolution request from a domain name database, carrying out encryption verification on the retrieved second IPv6 address according to a preset common identification mechanism, and sending the second IPv6 address after the encryption verification to the visitor.
2. The method of claim 1, wherein encrypting the first IPv6 address with the public key of the supernode comprises:
encrypting the last 4 bytes of the first IPv6 address with the public key of the super node.
3. The method of claim 1, wherein cryptographically verifying the retrieved second IPv6 address according to a predetermined consensus mechanism comprises:
digitally signing the second IPv6 address by encapsulating the second IPv6 address with AH by verifying a header AH tunnel pattern.
4. The method of claim 3, wherein cryptographically verifying the retrieved second IPv6 address according to a predetermined consensus mechanism further comprises:
the second IPv6 address is encrypted by encapsulating the security payload ESP.
5. The method of claim 4, wherein encrypting the second IPv6 address through ESP comprises:
and encrypting the second IPv6 address in a random array extraction mode, and performing ring signature verification at the tail of the ESP.
6. A domain name system disposed at a supernode of a blockchain for protecting IPv6 domain name data privacy, comprising:
a registration module configured to: in response to receiving a domain name registration request, covering domain name registration information carried in the domain name registration request by using public information of the super node so as to anonymize the domain name registration information; according to a preset intelligent contract on the block chain, distributing a first IPv6 address for the domain name registration information, and encrypting the first IPv6 address by using a public key of the super node to generate a second IPv6 address for domain name resolution;
wherein, still include:
a parsing module configured to: responding to a received domain name resolution request from a visitor, and acquiring a white list and/or a black list in a public reputation library on the block chain; and in response to determining that the visitor is a legal visitor according to the white list and/or the black list, retrieving the second IPv6 address corresponding to the target domain name carried in the domain name resolution request from a domain name database, performing encryption verification on the retrieved second IPv6 address according to a predetermined common identification mechanism, and sending the encrypted and verified second IPv6 address to the visitor.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable by the processor, characterized in that the processor implements the method according to any of claims 1 to 5 when executing the computer program.
8. A non-transitory computer readable storage medium having stored thereon computer instructions which, when executed by a computer, cause the computer to implement the method of any one of claims 1 to 5.
CN202110215389.1A 2021-02-25 2021-02-25 IPv6 domain name data privacy protection method based on block chain and related equipment Active CN113055359B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110215389.1A CN113055359B (en) 2021-02-25 2021-02-25 IPv6 domain name data privacy protection method based on block chain and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110215389.1A CN113055359B (en) 2021-02-25 2021-02-25 IPv6 domain name data privacy protection method based on block chain and related equipment

Publications (2)

Publication Number Publication Date
CN113055359A CN113055359A (en) 2021-06-29
CN113055359B true CN113055359B (en) 2023-01-31

Family

ID=76509161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110215389.1A Active CN113055359B (en) 2021-02-25 2021-02-25 IPv6 domain name data privacy protection method based on block chain and related equipment

Country Status (1)

Country Link
CN (1) CN113055359B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114218608B (en) * 2021-12-31 2023-02-14 深圳达实旗云健康科技有限公司 API registration type-based data privacy protection method, storage medium and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413228A (en) * 2018-12-20 2019-03-01 全链通有限公司 IPv6 generation method and system based on block chain domain name system
CN109819068A (en) * 2019-03-19 2019-05-28 全链通有限公司 User terminal and its block chain domain name analytic method
CN110392128A (en) * 2019-08-20 2019-10-29 清华大学 The quasi- zero-address IPv6 method and system for disclosing web services are provided
WO2019221468A1 (en) * 2018-05-16 2019-11-21 주식회사 케이티 Method for providing personal domain name service, and access control method and system using personal domain name
WO2020120672A1 (en) * 2018-12-14 2020-06-18 Sony Corporation Communication network node, methods, and a mobile terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3631659A4 (en) * 2017-05-22 2021-03-17 Haventec PTY LTD System for blockchain based domain name and ip number register
CN109729080B (en) * 2018-12-20 2021-05-11 全链通有限公司 Access attack protection method and system based on block chain domain name system
CN109981814A (en) * 2019-03-19 2019-07-05 全链通有限公司 Domain name information inquiry method and system based on block chain network service node
US11277373B2 (en) * 2019-07-24 2022-03-15 Lookout, Inc. Security during domain name resolution and browsing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019221468A1 (en) * 2018-05-16 2019-11-21 주식회사 케이티 Method for providing personal domain name service, and access control method and system using personal domain name
WO2020120672A1 (en) * 2018-12-14 2020-06-18 Sony Corporation Communication network node, methods, and a mobile terminal
CN109413228A (en) * 2018-12-20 2019-03-01 全链通有限公司 IPv6 generation method and system based on block chain domain name system
CN109819068A (en) * 2019-03-19 2019-05-28 全链通有限公司 User terminal and its block chain domain name analytic method
CN110392128A (en) * 2019-08-20 2019-10-29 清华大学 The quasi- zero-address IPv6 method and system for disclosing web services are provided

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
互联网标识隐私保护政策及技术研究;闫宏强等;《计算机系统应用》;20191215;第28卷(第12期);第19-26页 *

Also Published As

Publication number Publication date
CN113055359A (en) 2021-06-29

Similar Documents

Publication Publication Date Title
US9049013B2 (en) Trusted security zone containers for the protection and confidentiality of trusted service manager data
JP6431037B2 (en) System and method for identifying secure applications when connected to a network
CN107528865B (en) File downloading method and system
US10992656B2 (en) Distributed profile and key management
US8977857B1 (en) System and method for granting access to protected information on a remote server
CN107979615B (en) Message encryption sending and authentication method, device, client and firewall
KR20160055130A (en) Method and system related to authentication of users for accessing data networks
US11729171B1 (en) Preventing leakage of cookie data
US11812273B2 (en) Managing network resource permissions for applications using an application catalog
JP2021527858A (en) Location-based access to access-controlled resources
EP2803008B1 (en) System and method related to drm
CN109039997B (en) Secret key obtaining method, device and system
CN113055359B (en) IPv6 domain name data privacy protection method based on block chain and related equipment
US11443023B2 (en) Distributed profile and key management
US9648002B2 (en) Location-based user disambiguation
CN106295366B (en) Sensitive data identification method and device
CN110198540B (en) Portal authentication method and device
CN110875903B (en) Security defense method and device
CN113691508A (en) Data transmission method, system, device, computer equipment and storage medium
JP6965885B2 (en) Information processing equipment, information processing methods, and programs
US9998444B2 (en) Chaining of use case-specific entity identifiers
US20230229752A1 (en) Attestation of application identity for inter-app communications
Dashti Mobile cloud computing security frameworks: A review
CN116962445A (en) Data processing system, method and device
CN117176367A (en) Application sharing method based on block chain, file sharing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant