CN113259393B - Data forwarding method and device based on multi-level nodes - Google Patents
Data forwarding method and device based on multi-level nodes Download PDFInfo
- Publication number
- CN113259393B CN113259393B CN202110717317.7A CN202110717317A CN113259393B CN 113259393 B CN113259393 B CN 113259393B CN 202110717317 A CN202110717317 A CN 202110717317A CN 113259393 B CN113259393 B CN 113259393B
- Authority
- CN
- China
- Prior art keywords
- node
- request
- address
- target
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
Abstract
The present disclosure provides a data forwarding method and device based on multi-level nodes, including: the user side redirects a request for accessing a target, which is input by a user, and sends the redirected request to the multi-level node network; the starting node of the multi-level node network receives the redirected request, replaces the IP address of the user side in the request with the IP address of the user side and forwards the IP address to the next node in the multi-level node network; after receiving a request sent by a previous node, an intermediate node in the multi-level node network replaces an IP address in the request with an IP address of the intermediate node and forwards the IP address to a next node in the multi-level node network; and after receiving the request sent by the previous node, the termination node in the multi-level node network replaces the IP address in the request with the own IP address and forwards the IP address to the target. In this way, the user's own geographic location and personal information can be effectively hidden when the user side accesses the target through the internet.
Description
Technical Field
Embodiments of the present disclosure relate generally to the field of communications technologies, and in particular, to a data forwarding method and apparatus based on multiple levels of nodes.
Background
Under the large environment of the global Internet, users directly access the target service through the Internet under the conventional condition; in this case, the objective is to directly find out information such as the IP address of the user, and even to directly obtain personal information of the user by some security means. This access does not present any security or concealment to the user.
Aiming at some special application scenes, a user needs to hide own geographic position, personal information and the like, so that an accessed target cannot inquire a source end user, and a communication network with only one hop is built by adopting an open source Shadow socks tool aiming at the personal user. The public anonymous network of TOR/I2P can also be used directly as a springboard. The Shadows sockets are open-source tools, only one-hop communication links can be constructed, and the possibility of successful tracing is greatly increased when the target is traced; meanwhile, because the tool is particularly popular for individual users, the flow characteristics of the tool are particularly obvious and easy to recognize, different blocking means are adopted to block the flow, and the tool is unusable. The anonymous network of TOR/I2P is a closed source product and is not typically exposed directly for use by individual users.
In the prior art, a data forwarding method capable of effectively hiding the geographic position and personal information of a user when the user accesses a target through the internet so that the accessed target cannot inquire a source end user is lacked.
Disclosure of Invention
According to the embodiment of the disclosure, a data forwarding scheme is provided, which can effectively hide the geographic position and personal information of a user when a user side accesses a target through the internet, so that the information of a source user is difficult to be queried by the accessed target.
In a first aspect of the present disclosure, a data forwarding method based on multiple levels of nodes is provided, including:
the user side redirects a request for accessing a target, which is input by a user, and sends the redirected request to the multi-level node network;
the starting node of the multi-level node network receives the redirected request, replaces the IP address of the user side in the request with the IP address of the user side and forwards the IP address to the next node in the multi-level node network;
after receiving a request sent by a previous node, an intermediate node in the multi-level node network replaces an IP address in the request with an IP address of the intermediate node and forwards the IP address to a next node in the multi-level node network;
and after receiving the request sent by the previous node, the termination node in the multi-level node network replaces the IP address in the request with the own IP address and forwards the IP address to the target.
In some embodiments, after the user terminal receives the request for accessing the target input by the user and before the request is redirected, the method further includes:
planning a node path for forwarding the redirected request according to the pre-stored node information, and determining the forwarding sequence of the redirected request in the node path.
In some embodiments, the planning a node path for forwarding the redirected request according to the pre-stored node information, and determining a forwarding order of the redirected request in the node path includes:
determining the order of nodes forwarding the redirected request according to a distance value between pre-stored characteristic values of the nodes, and generating a node path, wherein the characteristic values of the nodes are determined by the following dimensions:
traceability of node data packets, degree of control of nodes, ease of analyzing information data in nodes, and manual assignment of traceability of nodes.
In some embodiments, said determining an order of nodes forwarding the redirected request according to a pre-stored distance value between characteristic values of the nodes comprises:
determining a node with the maximum distance value of the characteristic value of the node corresponding to the target according to the node identifier corresponding to the target, and using the node as a previous hop node of the target;
taking the node with the second largest distance value from the characteristic value of the node of the first n hops of the target as the node of the first n +1 hops of the target;
wherein n is a natural number greater than 1 and less than or equal to m, and m is the number of nodes needing to pass through.
In some embodiments, the redirecting the request for accessing the target, which is input by the user, by the user end, and sending the redirected request to the multi-level node network includes:
the user side redirects a request for accessing a target, which is input by a user, to an initial node of the multi-level node network, encrypts the request by using a pre-agreed secret key, and sends the encrypted request to the initial node.
In some embodiments, after the initial node of the multi-level node network receives the redirected request, the method further comprises:
the initial node decrypts the encrypted request by using a pre-agreed secret key, analyzes the redirected request obtained after decryption, and determines the IP address of the user side.
In some embodiments, prior to said sending the redirected request to the multi-level node network, the method further comprises:
signing the request by using a pre-distributed identity identifier, and sending the signed request to a multi-level node network;
the analyzing, by the originating node, the redirected request to determine the IP address of the user side includes:
and the starting node extracts the identity of the signature in the redirected request, verifies the validity of the identity, responds to the validity of the identity, analyzes the redirected request and determines the IP address of the user side.
In a second aspect of the present disclosure, there is provided a data forwarding apparatus based on multiple levels of nodes, including:
the user side is used for redirecting the request of the access target input by the user and sending the redirected request to the multi-level node network;
the system comprises a multi-level node network, a network management system and a network management system, wherein the multi-level node network comprises an initial node, at least one intermediate node and a termination node, wherein the initial node is used for receiving a redirected request, replacing an IP address of a user side in the request with an IP address of the user side, and forwarding the request to a next node in the multi-level node network; the intermediate node is used for replacing an IP address in the request with an IP address of the intermediate node and then forwarding the IP address to a next node in the multi-level node network after receiving the request sent by the previous node; and the termination node is used for replacing the IP address in the request with the IP address of the termination node and then forwarding the IP address to the target after receiving the request sent by the previous node.
In a third aspect of the present disclosure, an electronic device is provided, comprising a memory having stored thereon a computer program and a processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method as set forth above.
By the data forwarding method based on the multi-level nodes, when a user side accesses a target through the Internet, the geographic position and personal information of the user can be effectively hidden, so that the information of a source end user is difficult to query by the accessed target.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
fig. 1 shows a flowchart of a data forwarding method based on multiple levels of nodes according to a first embodiment of the present disclosure;
fig. 2 shows a flowchart of a data forwarding method based on multiple levels of nodes according to a second embodiment of the present disclosure;
fig. 3 is a functional structure diagram of a data forwarding apparatus based on multiple stages of nodes according to a third embodiment of the present disclosure;
fig. 4 shows a schematic structural diagram of a data forwarding apparatus based on multiple levels of nodes in the fourth embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The data forwarding method based on the multi-level nodes is used for effectively hiding the geographic position and personal information of a user when the user side accesses a target through the Internet.
Specifically, as shown in fig. 1, it is a flowchart of a data forwarding method based on multiple levels of nodes according to a first embodiment of the present disclosure. The data forwarding method based on the multi-level nodes of this embodiment may include the following steps:
s101: and the user side redirects the request for accessing the target, which is input by the user, and sends the redirected request to the multi-level node network.
The data forwarding method based on the multi-level nodes is used for hiding the information of the user when the user accesses the target through the internet, so that the target is difficult to acquire the information of the user in the process of tracing the source.
The method of this embodiment may be implemented by a software program, where the software program includes a terminal program and a node program, where the terminal program is deployed at a user end, and is used to redirect a request for accessing a target input by a user, and forward the request to a node network after repackaging the request, and the node program is deployed in a multi-level node network, specifically, on each level of nodes in the multi-level node network, and the node program is used to replace an IP address in a request for accessing the target, forwarded by the user end or an upper level node, sent by the user, and replace the IP address in the request with an IP address of its own, and forward the request to a lower level node or an accessed target. Therefore, when the target traces the source end user, the tracing is to forward the request to the IP address of the node of the target instead of the IP address of the user end, and the tracing can only trace the IP address of each level of node step by step, thereby increasing the tracing difficulty to a certain extent and further realizing the hiding and protection of the information of the user end (namely the user).
In this embodiment, a request for accessing a target input by a user is a direct access target or a target accessed through a determined node, and in order to hide information of the user, a forwarding path of the request (i.e., selection of nodes and/or an order of nodes) may be changed, at this time, the request needs to be redirected through a user end, and is sent to a multi-level node network, where the multi-level node network may be a predetermined network composed of a plurality of nodes, or a network composed of nodes after a forwarding node in an original node network is replaced.
S102: and the starting node of the multi-level node network receives the redirected request, replaces the IP address of the user side in the request with the IP address of the user side and forwards the IP address to the next node in the multi-level node network.
In this embodiment, the multi-level node network includes a plurality of nodes, and an access request sent by a user through a user side is forwarded between nodes in the multi-level node network step by step, where a node receiving the access request sent by the user side is an initial node of the multi-level node network, a node sending the access request to a target is a termination node, and nodes other than the initial node and the termination node are intermediate nodes.
When the starting node receives a request sent by a user side, the IP address of the user side contained in the request is replaced by the IP address of the starting node, namely the IP address of the starting node, and the request after the IP address is replaced is forwarded to the next node in the multi-level node network.
S103: after receiving a request sent by a previous node, an intermediate node in the multi-level node network replaces an IP address in the request with an IP address of the intermediate node and forwards the IP address to a next node in the multi-level node network.
After receiving a request sent by a previous node, an intermediate node in the multi-level node network replaces an IP address in the request with an IP address of the intermediate node and forwards the IP address to a next node in the multi-level node network. That is, the IP address in the request changes once every time the request for accessing the target sent by the client is forwarded once in the multi-level node network, and in the tracing process, the IP address of the node at the previous level can be usually traced.
S104: and after receiving the request sent by the previous node, the termination node in the multi-level node network replaces the IP address in the request with the own IP address and forwards the IP address to the target.
In this embodiment, after the user end receives the request of the access target input by the user, the node path for forwarding the redirected request may be further planned according to the pre-stored node information, a forwarding order of the redirected request in the node path is determined, and then the received request is redirected.
Specifically, the user side may determine, according to a distance value between pre-stored characteristic values of nodes, an order of nodes forwarding the redirected request, and generate a node path, where the characteristic value of a node is determined by the following dimensions:
(1) the traceability of the data packet, namely whether the node can track the tracing single packet data or not and whether the characteristic information of the data packet can be obtained or not, wherein the value of the dimension can account for 25% of the values of all four dimensions, and is reduced by 5% when one condition is met; (2) determining the control degree of the node, namely determining whether the control degree of the node is reflection control, springboard control, fee standard springboard control, zombie control or physical control, wherein the value of the dimensionality can account for 25% of all four dimensionality values, the adjacent levels of the control degree are decreased by 5%, the value corresponding to the initial level is 25%, for example, the value corresponding to the reflection control is 25%, and the value corresponding to the physical control is 5%; (3) the difficulty of analyzing information data in the node is mainly embodied in two aspects, namely whether the connectivity of a node network meets a first preset condition and whether the accessibility of the node meets a second preset condition, wherein the first preset condition can be whether the number of other nodes connected with the node is larger than a target value or not, the second preset condition can be whether the visited quantity of the node in a preset time period is larger than the target value or not, the initial value of the dimensionality is 25%, and the condition of each aspect is reduced by 5% on the basis of the initial value when the initial value is met; (4) and assigning the traceability of the nodes according to the artificial experience values. When the assignment is carried out manually, assignment can be carried out on the traceability of the nodes by referring to the frequency of the area names appearing in the current news or the relevant network information.
The total traceability value of the characteristic region is 1, that is, the traceability corresponding to each of the four dimensions is 25%, that is, 0.25, and of course, the traceability corresponding to each dimension may be dynamically adjusted according to actual needs.
The following describes a process for calculating a total value of traceability of nodes by taking a specific example as an example, for example, a node can track single package data of traceability and can obtain feature information of a data package, the degree of control of the node is springboard control, connectivity of a network of nodes meets a first preset condition, accessibility of the node does not meet a second preset condition, and an artificial value is 0.18, and the traceability of the node corresponds to a value of (0.25-0.05-0.05) + (0.25-0.05) + (0.18 = 0.73. The above processes are only exemplary descriptions of the technical solutions of the present application, and should not be understood as limitations of the technical solutions of the present application, and in some other embodiments of the present disclosure, the proportional value of each dimension may be adjusted, and the specific value of each dimension may also be adjusted according to actual needs.
After the traceability of the nodes is assigned, the node paths can be determined according to the distances between the characteristic values of the nodes. Specifically, a node closest to a target may be taken as a previous-hop node of the target; taking the node with the second largest distance value from the characteristic value of the node of the first n hops of the target as the node of the first n +1 hops of the target; wherein n is a natural number greater than 1 and less than or equal to m, m is the number of nodes needing to pass through, and the distance value of the characteristic value is the absolute value of the difference value of the characteristic values of the two nodes.
According to the data forwarding method based on the multi-level nodes, when the user side accesses the target through the Internet, the geographic position and the personal information of the user can be effectively hidden, so that the information of the source-end user is difficult to query by the accessed target.
Fig. 2 is a flowchart of a data forwarding method based on multiple levels of nodes according to a second embodiment of the present disclosure. In this embodiment, the data forwarding method based on multiple levels of nodes includes the following steps:
s201: the user side redirects a request for accessing a target, which is input by a user, to an initial node of the multi-level node network, encrypts the request by using a pre-agreed secret key, and sends the encrypted request to the initial node.
In this embodiment, after the user redirects the request for accessing the target input by the user, the request may be encrypted by using a predetermined key, where the key may be a symmetric key or an asymmetric key, and the encrypted request is sent to the originating node. Therefore, in the process of sending the request from the user side to the initial node, even if the request is acquired by other people, the IP address of the user side cannot be directly obtained.
S202: the initial node decrypts the encrypted request by using a pre-agreed secret key, analyzes the redirected request obtained after decryption, and determines the IP address of the user side.
Since the user terminal encrypts the request, the start node needs to decrypt the encrypted request after receiving the encrypted request, and analyze the decrypted request to determine the IP address of the user terminal included in the request, so as to replace the IP address of the user terminal.
S203: and the starting node of the multi-level node network receives the redirected request, replaces the IP address of the user side in the request with the IP address of the user side and forwards the IP address to the next node in the multi-level node network.
S204: after receiving a request sent by a previous node, an intermediate node in the multi-level node network converts an IP address of the intermediate node into a binary character sequence, correspondingly replaces the corresponding binary character with a hexadecimal character to generate a converted IP address of the intermediate node, replaces the IP address in the request with the IP address of the intermediate node, and forwards the IP address to a next node in the multi-level node network.
Specifically, 8 characters in hexadecimal characters are randomly generated by using a random number generation algorithm, the generated 8 characters are made to correspond to 0 or 1 in a binary character, then the corresponding 0 character or 1 character is replaced by using a random one of the generated 8 characters, and the corresponding 1 character or 0 character is replaced by using a random one of the remaining 8 characters.
For example, binary 0 characters may correspond to (0, 3, 4, 6, 7, a, b, f) in hexadecimal characters, binary 1 characters may correspond to (1, 2, 5, 8, 9, c, d, e) in hexadecimal characters, and for the IP address 192.168.1.1, the IP address is first converted into a binary character sequence of 11000000.10101000.00000001.00000001, then the 0 characters may be replaced by a random one of (0, 3, 4, 6, 7, a, b, f), the 1 characters may be replaced by a random one of (1, 2, 5, 8, 9, c, d, e), and the IP address of the replaced binary character sequence may be 8933446 a.cddbb000.4746333e.3436373d, which may be similar expression forms.
The intermediate node can pre-agree the encryption method, so that the replaced IP address can be transmitted between the intermediate nodes, when the last hop node of the intermediate node receives the request with the replaced IP address, the IP address is replaced by the IP address of the intermediate node, the IP address of the intermediate node is not replaced by the binary system, and the request replaced by the IP address of the intermediate node is sent to the terminating node.
S205: and after receiving the request sent by the previous node, the termination node in the multi-level node network replaces the IP address in the request with the own IP address and forwards the IP address to the target.
According to the data forwarding method based on the multi-level nodes, when the user side accesses the target through the Internet, the geographic position and the personal information of the user can be effectively hidden, so that the information of the source-end user is difficult to query by the accessed target.
Further, as an optional embodiment of the present disclosure, in the above embodiment, the method further comprises: and the starting node plans the node path for forwarding the redirected request according to the pre-stored information of other nodes, and determines the forwarding sequence of the redirected request in subsequent nodes, namely, when a user side accesses a target, the starting node plans the node path once according to the accessed target, so that the tracing difficulty is increased, and the information of the user is protected.
As another optional embodiment of the present disclosure, in the above embodiment, before the sending the redirected request to the multi-level node network, the method further comprises:
the user side signs the request by using the pre-distributed identity identification and sends the signed request to the multi-level node network; the analyzing, by the originating node, the redirected request to determine the IP address of the user side includes: and the starting node extracts the identity of the signature in the redirected request, verifies the validity of the identity, responds to the validity of the identity, analyzes the redirected request and determines the IP address of the user side. Therefore, other nodes can be prevented from impersonating the nodes in the multi-level node network to invade the multi-level node network, and the safety of the multi-level node network is improved.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in this specification are all alternative embodiments and that the acts and modules involved are not necessarily essential to the disclosure.
The above is a description of embodiments of the method, and the embodiments of the apparatus are further described below.
Fig. 3 is a schematic functional structure diagram of a data forwarding apparatus based on multiple levels of nodes according to a third embodiment of the present disclosure. The data forwarding apparatus based on multi-level nodes of this embodiment includes:
a user terminal 301, configured to redirect a request for accessing a target input by a user, and send the redirected request to a multi-level node network;
a multi-level node network 302, where the multi-level node network includes an initial node, at least one intermediate node, and a termination node, where the initial node is configured to receive a redirected request, replace an IP address of the user side in the request with an IP address of the user side, and forward the IP address to a next node in the multi-level node network; the intermediate node is used for replacing an IP address in the request with an IP address of the intermediate node and then forwarding the IP address to a next node in the multi-level node network after receiving the request sent by the previous node; and the termination node is used for replacing the IP address in the request with the IP address of the termination node and then forwarding the IP address to the target after receiving the request sent by the previous node.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
FIG. 4 shows a schematic block diagram of an electronic device 400 that may be used to implement embodiments of the present disclosure. As shown, device 400 includes a Central Processing Unit (CPU) 401 that may perform various appropriate actions and processes in accordance with computer program instructions stored in a Read Only Memory (ROM) 402 or loaded from a storage unit 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data required for the operation of the device 400 can also be stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
A number of components in device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, or the like; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408 such as a magnetic disk, optical disk, or the like; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a load programmable logic device (CPLD), and the like.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
Claims (8)
1. A data forwarding method based on multi-level nodes is characterized by comprising the following steps:
determining the order of nodes for forwarding the redirected request according to the distance value between the pre-stored characteristic values of the nodes, and generating a node path, wherein the characteristic values of the nodes are determined by the following dimensions:
traceability of node data packets, degree of control of nodes, degree of difficulty in analyzing information data in nodes, and assignment of traceability of nodes manually;
the user side receives a request for accessing the target, which is input by a user, redirects the request for accessing the target, and sends the redirected request to the multi-level node network;
the starting node of the multi-level node network receives the redirected request, replaces the IP address of the user side in the request with the IP address of the user side and forwards the IP address to the next node in the multi-level node network;
after receiving a request sent by a previous node, an intermediate node in the multi-level node network replaces an IP address in the request with an IP address of the intermediate node and forwards the IP address to a next node in the multi-level node network;
and after receiving the request sent by the previous node, the termination node in the multi-level node network replaces the IP address in the request with the own IP address and forwards the IP address to the target.
2. The multi-stage node-based data forwarding method of claim 1, wherein the determining the order of the nodes forwarding the redirected request according to the distance values between the pre-stored characteristic values of the nodes comprises:
determining a node with the maximum distance value of the characteristic value of the node corresponding to the target according to the node identifier corresponding to the target, and using the node as a previous hop node of the target;
taking the node with the second largest distance value from the characteristic value of the node of the first n hops of the target as the node of the first n +1 hops of the target;
wherein n is a natural number greater than 1 and less than or equal to m, and m is the number of nodes needing to pass through.
3. The multi-level-node-based data forwarding method of claim 1, wherein the user terminal redirects a request for accessing a target input by a user, and sends the redirected request to the multi-level node network, comprising:
the user side redirects a request for accessing a target, which is input by a user, to an initial node of the multi-level node network, encrypts the request by using a pre-agreed secret key, and sends the encrypted request to the initial node.
4. The multi-stage node-based data forwarding method of claim 3, wherein after the initial node of the multi-stage node network receives the redirected request, the method further comprises:
the initial node decrypts the encrypted request by using a pre-agreed secret key, analyzes the redirected request obtained after decryption, and determines the IP address of the user side.
5. The multi-stage node-based data forwarding method of claim 4, wherein prior to sending the redirected request to the multi-stage node network, the method further comprises:
signing the request by using a pre-distributed identity identifier, and sending the signed request to a multi-level node network;
the analyzing, by the originating node, the redirected request to determine the IP address of the user side includes:
and the starting node extracts the identity of the signature in the redirected request, verifies the validity of the identity, responds to the validity of the identity, analyzes the redirected request and determines the IP address of the user side.
6. An apparatus for performing the multi-level node-based data forwarding method of any one of claims 1 to 5, comprising:
the user side is used for receiving a request for accessing the target, which is input by a user, redirecting the request for accessing the target, which is input by the user, and sending the redirected request to the multi-level node network;
the system comprises a multi-level node network, a network management system and a network management system, wherein the multi-level node network comprises an initial node, at least one intermediate node and a termination node, wherein the initial node is used for receiving a redirected request, replacing an IP address of a user side in the request with an IP address of the user side, and forwarding the request to a next node in the multi-level node network; the intermediate node is used for replacing an IP address in the request with an IP address of the intermediate node and then forwarding the IP address to a next node in the multi-level node network after receiving the request sent by the previous node; and the termination node is used for replacing the IP address in the request with the IP address of the termination node and then forwarding the IP address to the target after receiving the request sent by the previous node.
7. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor, when executing the program, implements the method of any of claims 1-5.
8. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110717317.7A CN113259393B (en) | 2021-06-28 | 2021-06-28 | Data forwarding method and device based on multi-level nodes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110717317.7A CN113259393B (en) | 2021-06-28 | 2021-06-28 | Data forwarding method and device based on multi-level nodes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113259393A CN113259393A (en) | 2021-08-13 |
| CN113259393B true CN113259393B (en) | 2021-09-24 |
Family
ID=77189983
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110717317.7A Active CN113259393B (en) | 2021-06-28 | 2021-06-28 | Data forwarding method and device based on multi-level nodes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113259393B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277534B (en) * | 2022-09-26 | 2023-01-06 | 安徽华云安科技有限公司 | Link construction method, electronic device and computer-readable storage medium |
| CN116418600B (en) * | 2023-06-09 | 2023-08-15 | 安徽华云安科技有限公司 | Node security operation and maintenance method, device, equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101505263B (en) * | 2008-02-05 | 2011-10-26 | 华为技术有限公司 | Method and device for maintaining routing information |
| CN102624935A (en) * | 2011-01-26 | 2012-08-01 | 华为技术有限公司 | Method, device and system for forwarding packet |
| CN102316176B (en) * | 2011-07-27 | 2015-03-25 | 中国科学院计算机网络信息中心 | Packet processing and tracing methods, apparatuses thereof and systems thereof |
| CN111800423A (en) * | 2020-07-06 | 2020-10-20 | 中国工商银行股份有限公司 | Method, system, computing device and medium for processing IP address |
-
2021
- 2021-06-28 CN CN202110717317.7A patent/CN113259393B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113259393A (en) | 2021-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| CN107689869B (en) | User password management method and server | |
| US9990507B2 (en) | Adapting decoy data present in a network | |
| US10447669B2 (en) | System and method for key exchange based on authentication information | |
| CN113259393B (en) | Data forwarding method and device based on multi-level nodes | |
| US11943695B2 (en) | Network channel switching method and apparatus, device, and storage medium | |
| TWI659300B (en) | Method and device for providing equipment identification | |
| US9621519B2 (en) | System and method for key exchange based on authentication information | |
| US20150281239A1 (en) | Provision of access privileges to a user | |
| CN109657107B (en) | Terminal matching method and device based on third-party application | |
| CN113438172B (en) | Data transmission method and device based on multi-level node network | |
| WO2015003503A1 (en) | Network device, terminal device and information security improving method | |
| US20170099144A1 (en) | Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system | |
| CN103488922A (en) | Method and equipment for providing verification code | |
| KR20150045790A (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| CN105721154B (en) | Encryption protection method based on Android platform communication interface | |
| CN105516170A (en) | Wi-Fi hotspot information sharing and connecting method and device and electronic equipment | |
| CN114338510B (en) | Data forwarding method and system for controlling and forwarding separation | |
| WO2020025056A1 (en) | Method, device, system, and mobile terminal for security authorization | |
| CN111327561B (en) | Authentication method, system, authentication server, and computer-readable storage medium | |
| CN105812313A (en) | Method and server for restoring session, and method and server for generating session credential | |
| CN104573418A (en) | Method and system used for authorizing a change within a computer system | |
| CN113922972B (en) | Data forwarding method and device based on MD5 identification code | |
| CN110958255B (en) | Data transmission method and device, electronic equipment and storage medium | |
| CN108055356A (en) | A kind of information processing method, server, client and readable storage medium storing program for executing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |