CN114301670A - Terminal authentication method, device, equipment and medium based on IPV6 address - Google Patents
Terminal authentication method, device, equipment and medium based on IPV6 address Download PDFInfo
- Publication number
- CN114301670A CN114301670A CN202111623055.4A CN202111623055A CN114301670A CN 114301670 A CN114301670 A CN 114301670A CN 202111623055 A CN202111623055 A CN 202111623055A CN 114301670 A CN114301670 A CN 114301670A
- Authority
- CN
- China
- Prior art keywords
- terminal
- target
- information
- sim card
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 38
- 230000005540 biological transmission Effects 0.000 claims abstract description 14
- 241000282461 Canis lupus Species 0.000 claims description 17
- 230000006870 function Effects 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 7
- 238000000605 extraction Methods 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000002441 reversible effect Effects 0.000 abstract description 6
- 239000000284 extract Substances 0.000 abstract description 2
- 238000004590 computer program Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 230000036961 partial effect Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000007726 management method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 241000160777 Hipparchia semele Species 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 230000000670 limiting effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000002829 reductive effect Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of Internet of things, and provides a terminal authentication method, a device, equipment and a medium based on an IPV6 address, which can generate an unique IPV6 address of each terminal based on information of a client, a card and the terminal, ensure that the generated address is unique and real, improve the safety and traceability, reversely analyze the IPV6 address based on an improved Husky algorithm during authentication to match the most probable client, card and terminal, and extract service data for transmission after authentication, thereby not only avoiding data leakage, but also reducing the pressure of a server and effectively improving the reverse control capability of the terminal of the Internet of things.
Description
Technical Field
The invention relates to the technical field of Internet of things, in particular to a terminal authentication method, device, equipment and medium based on an IPV6 address.
Background
With the continuous development of the business of the internet of things, the card opening business of the internet of things is also continuously increased, and the security risk of the terminal is also continuously improved.
In the prior art, the card identifier (such as a card number) needs to be carried when the internet of things card transmits data, so that client information, terminal information and the like have risks of data leakage.
At present, most Internet of things cards perform unified communication and end-to-end control based on an IPV4(Internet Protocol version 4) Protocol, but have the following disadvantages:
1) the IPv4 Address is exhausted, the requirement of the Internet of things of 'one object one Address, all objects are online' is difficult to meet, a private IPv4 Address is adopted, NAT (Network Address Translation) equipment needs to carry out session maintenance, and the resource utilization rate at the Network layer is low;
2) the terminal operation place is unattended and can be maliciously replaced or forged, the application of the Internet of things is heavy, the service is light and safe, and a basic security authentication mechanism is lacked;
3) the terminal access is only authenticated based on a Subscriber Identity Module (SIM) card, and the terminal Identity is lack of perception of an Internet Protocol (IP) network layer, which is not beneficial to safety tracing management;
4) in order to realize the control of the server to the terminal, the terminal needs to send heartbeat packets periodically to keep long connection, so that the power consumption is high, and the service life of equipment is shortened.
Disclosure of Invention
In view of the above, there is a need to provide a terminal authentication method, apparatus, device and medium based on IPV6 address, aiming at solving the problem of secure authentication of a terminal.
A terminal authentication method based on an IPV6 address, the terminal authentication method based on the IPV6 address comprises the following steps:
acquiring customer information, SIM card information and terminal information of each terminal, and generating an IPV6 address of each terminal according to the customer information, the SIM card information and the terminal information of each terminal;
responding to a first access request initiated by a target terminal to a target platform through a target network, and collecting a first data packet transmitted by the target terminal in the target network as a first packet;
extracting the IPV6 address of the head packet as a target address;
analyzing the target address by adopting a preset wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal;
authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information;
and when the access authority of the target terminal passes the authentication, extracting service data from the initial packet, and transmitting the service data to the target platform through the target network.
According to the preferred embodiment of the present invention, the acquiring the customer information, the SIM card information, and the terminal information of each terminal, and generating the IPV6 address of each terminal according to the customer information, the SIM card information, and the terminal information of each terminal includes:
when the fact that a customer opens a card is detected, obtaining a customer identification of the customer as customer information, and extracting first preset bit data in the customer identification to construct a first array;
encrypting the first array to obtain a prefix field;
when the fact that the terminal of the client is inserted into an SIM card and powered on is detected, reading an International Mobile Subscriber Identity (IMSI) of the SIM card, acquiring a system identity of the SIM card from the IMSI as SIM card information, and extracting second preset bit data of the SIM card to construct a second array;
acquiring a physical unclonable function of the terminal, generating a citizen network electronic identity of the terminal as the terminal information based on the physical unclonable function, and extracting third preset bit data of the citizen network electronic identity of the terminal to construct a third array;
splicing the second array and the third array to obtain a fourth array;
encrypting the fourth array to obtain a suffix field;
and splicing the prefix field and the suffix field to obtain the IPV6 address of the terminal.
According to the preferred embodiment of the present invention, the analyzing the target address by using the preset grayish wolf algorithm to obtain the target customer information, the target SIM card information and the target terminal information of the target terminal includes:
cutting the target address to obtain a cutting result, and determining at least one candidate client identifier, at least one candidate system identification code and at least one candidate citizen network electronic identity identifier according to the cutting result;
constructing a customer identification data set based on the at least one candidate customer identification;
constructing a card identification dataset based on the at least one candidate system identification code;
constructing a terminal identification data set based on the at least one candidate citizen network electronic identity;
acquiring the last active time of each element in the client identification data group, the card identification data group and the terminal identification data group;
respectively adding a timestamp to each element in the client identification data group, the card identification data group and the terminal identification data group based on the last active time of each element to obtain a client identification time data group, a card identification time data group and a terminal identification time data group;
establishing a time interval minimum model according to each element in the client identification time data group, the card identification time data group and the terminal identification time data group;
iterating the time interval minimum model based on a wolf algorithm to obtain a minimum time interval;
acquiring candidate client identifications corresponding to the minimum time interval as the target client information;
acquiring a candidate system identification code corresponding to the minimum time interval as the target SIM card information;
and acquiring the candidate citizen network electronic identity corresponding to the minimum time interval as the target terminal information.
According to a preferred embodiment of the present invention, the establishing a model with a minimum time interval according to each element in the client identifier time data group, the card identifier time data group, and the terminal identifier time data group includes:
calculating the square of the difference between each element in the customer identification time data set and each element in the card identification time data set to obtain each first square;
calculating the square of the difference between each element in the card identification time data group and each element in the terminal identification time data group to obtain each second square;
calculating the square of the difference between each element in the terminal identification time data group and each element in the client identification time data group to obtain each third square;
calculating the sum of each first square and each corresponding second square and each third square to obtain each first numerical value;
and performing evolution operation on the quotient of each first numerical value and a preset value to obtain the model with the minimum time interval.
According to a preferred embodiment of the present invention, the iterating the time interval minimum model based on the graying algorithm includes:
for each iteration, acquiring a first object arranged at the first position, a second object arranged at the second position and a third object arranged at the third position in the current iteration process;
configuring a first weight coefficient for the first object, a second weight coefficient for the second object, and a third weight coefficient for the third object, wherein the first weight coefficient is smaller than the second weight coefficient, and the first weight coefficient is smaller than the third weight coefficient;
and calculating the time interval of next iteration by using the first object, the second object and the third object after the weight coefficient is configured.
According to a preferred embodiment of the present invention, the authenticating the access right of the target terminal based on the target customer information, the target SIM card information, and the target terminal information includes:
comparing the target customer information, the target SIM card information and the target terminal information with customer information, SIM card information and terminal information adopted when the target address is generated;
when the target customer information is the same as the customer information adopted when the target address is generated, the target SIM card information is the same as the SIM card information adopted when the target address is generated, and the target terminal information is the same as the terminal information adopted when the target address is generated, determining that the access authority of the target terminal passes the authentication; or
And when the target customer information is different from the customer information adopted when the target address is generated, and/or the target SIM card information is different from the SIM card information adopted when the target address is generated, and/or the target terminal information is different from the terminal information adopted when the target address is generated, determining that the access authority of the target terminal is not authenticated.
According to a preferred embodiment of the invention, the method further comprises:
and when the access authority of the target terminal is not authenticated, intercepting the first packet and sending out warning information.
A terminal authentication device based on an IPV6 address, the terminal authentication device based on an IPV6 address comprises:
the generation unit is used for acquiring the client information, the SIM card information and the terminal information of each terminal and generating the IPV6 address of each terminal according to the client information, the SIM card information and the terminal information of each terminal;
the system comprises an acquisition unit, a first data packet and a second data packet, wherein the acquisition unit is used for responding to a first access request initiated by a target terminal to a target platform through a target network and acquiring the first data packet transmitted by the target terminal in the target network as a first packet;
the extraction unit is used for extracting the IPV6 address of the head packet as a target address;
the analysis unit is used for analyzing the target address by adopting a preset Grey wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal;
the authentication unit is used for authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information;
and the transmission unit is used for extracting service data from the head packet and transmitting the service data to the target platform through the target network when the access authority of the target terminal passes the authentication.
A computer device, the computer device comprising:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement the IPV6 address based terminal authentication method.
A computer readable storage medium having stored therein at least one instruction for execution by a processor in a computer device to implement the IPV6 address based terminal authentication method.
According to the technical scheme, the unique IPV6 address of each terminal can be generated based on information of three layers of the client, the card and the terminal, the generated address is unique and real, safety and traceability are improved, during authentication, the IPV6 address is reversely analyzed based on an improved Husky algorithm to match the most possible client, card and terminal, and service data are extracted for transmission during authentication, so that data leakage is avoided, server pressure is relieved, and reverse control capability of the terminal of the Internet of things is effectively improved.
Drawings
Fig. 1 is a flowchart of a preferred embodiment of the terminal authentication method based on IPV6 address of the present invention.
Fig. 2 is a functional block diagram of a preferred embodiment of the terminal authentication device based on IPV6 address in accordance with the present invention.
Fig. 3 is a schematic structural diagram of a computer device according to a preferred embodiment of the present invention for implementing a terminal authentication method based on IPV6 address.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flow chart of a preferred embodiment of the terminal authentication method based on IPV6 address according to the present invention. The order of the steps in the flow chart may be changed and some steps may be omitted according to different needs.
The terminal authentication method based on the IPV6 address is applied to one or more computer devices, where the computer devices are devices capable of automatically performing numerical calculation and/or information processing according to preset or stored instructions, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device may be any electronic product capable of performing human-computer interaction with a user, for example, a Personal computer, a tablet computer, a smart phone, a Personal Digital Assistant (PDA), a game machine, an interactive web Television (IPTV), an intelligent wearable device, and the like.
The computer device may also include a network device and/or a user device. The network device includes, but is not limited to, a single network server, a server group consisting of a plurality of network servers, or a Cloud Computing (Cloud Computing) based Cloud consisting of a large number of hosts or network servers.
The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like.
Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result.
The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The Network in which the computer device is located includes, but is not limited to, the internet, a wide area Network, a metropolitan area Network, a local area Network, a Virtual Private Network (VPN), and the like.
S10, obtaining customer information, SIM (Subscriber Identity Module) card information and terminal information of each terminal, and generating an IPV6(Internet Protocol Version 6, Version 6 of Internet Protocol) address of each terminal according to the customer information, the SIM card information and the terminal information of each terminal.
In at least one embodiment of the invention, the customer information may include a customer identification or the like.
In at least one embodiment of the present invention, the SIM card information may include a system identification code sID and the like.
In at least one embodiment of the present invention, the terminal information may include Electronic Identity (eID) or the like.
In at least one embodiment of the present invention, the acquiring the customer information, the SIM card information, and the terminal information of each terminal, and generating the IPV6 address of each terminal according to the customer information, the SIM card information, and the terminal information of each terminal includes:
when the fact that a customer opens a card is detected, obtaining a customer identification of the customer as customer information, and extracting first preset bit data in the customer identification to construct a first array;
encrypting the first array to obtain a prefix field;
when the fact that the terminal of the client is inserted into an SIM card and powered on is detected, reading an International Mobile Subscriber Identity (IMSI) of the SIM card, obtaining a system identification code of the SIM card from the International Mobile Subscriber Identity as the SIM card information, and extracting second preset bit data of the system identification code of the SIM card to construct a second array;
acquiring a Physical Unclonable Function (PUF) of the terminal, generating a citizen network electronic identity of the terminal as terminal information based on the physical unclonable function, and extracting third preset bit data of the citizen network electronic identity of the terminal to construct a third array;
splicing the second array and the third array to obtain a fourth array;
encrypting the fourth array to obtain a suffix field;
and splicing the prefix field and the suffix field to obtain the IPV6 address of the terminal.
The first preset position, the second preset position and the third preset position can be configured in a user-defined mode, such as the last six positions.
In this embodiment, the encryption processing may be performed by using a symmetric algorithm or an asymmetric algorithm, which is not limited in the present invention.
For example: when detecting that a user A opens a card, acquiring last six bits of data of a user identification of the user A, encrypting the extracted data to obtain 64 bits of the prefix field, further, when detecting that a terminal B of the user A is inserted into a SIM card C, acquiring last three bits of a system identification code of the SIM card C, acquiring last three bits of data of a citizen network electronic identity identification of the terminal B, splicing the acquired data, encrypting to obtain 64 bits of the suffix field, and splicing the prefix field and the suffix field to obtain 128 bits of an IPV6 address corresponding to the terminal B.
Through the embodiment, the unique IPV6 address of each terminal can be generated based on the information of the client, the card and the terminal, the generated address is unique and real, and the safety and the traceability are improved.
S11, responding to a first access request initiated by a target terminal to a target platform through a target network, and collecting a first data packet transmitted by the target terminal in the target network as a first packet.
In this embodiment, the target terminal may be any requester.
In this embodiment, the target network may be an internet of things.
In this embodiment, the target platform may be any application platform that processes a service.
In this embodiment, the first packet may be a first packet.
In this embodiment, when the target terminal initiates a first access request to the target platform through the target network, the first packet is collected for subsequent authentication, so that the security of data transmission is improved.
S12, extracting the IPV6 address of the first packet as a target address.
In this embodiment, the initial packet may carry a corresponding IPV6 address and related service data.
And S13, analyzing the target address by adopting a preset Grey wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal.
In at least one embodiment of the present invention, the analyzing the target address by using a preset grayish wolf algorithm to obtain the target customer information, the target SIM card information, and the target terminal information of the target terminal includes:
cutting the target address to obtain a cutting result, and determining at least one candidate client identifier, at least one candidate system identification code and at least one candidate citizen network electronic identity identifier according to the cutting result;
constructing a customer identification data set based on the at least one candidate customer identification;
constructing a card identification dataset based on the at least one candidate system identification code;
constructing a terminal identification data set based on the at least one candidate citizen network electronic identity;
acquiring the last active time of each element in the client identification data group, the card identification data group and the terminal identification data group;
respectively adding a timestamp to each element in the client identification data group, the card identification data group and the terminal identification data group based on the last active time of each element to obtain a client identification time data group, a card identification time data group and a terminal identification time data group;
establishing a time interval minimum model according to each element in the client identification time data group, the card identification time data group and the terminal identification time data group;
iterating the time interval minimum model based on a wolf algorithm to obtain a minimum time interval;
acquiring candidate client identifications corresponding to the minimum time interval as the target client information;
acquiring a candidate system identification code corresponding to the minimum time interval as the target SIM card information;
and acquiring the candidate citizen network electronic identity corresponding to the minimum time interval as the target terminal information.
Specifically, the cutting result may include three pieces of data, which are a partial field corresponding to the customer information, a partial field corresponding to the SIM card information, and a partial field corresponding to the terminal information.
Further, the at least one candidate customer identifier, the at least one candidate system identifier, and the at least one candidate citizen network electronic identity may be obtained by complementing the remaining corresponding fields from the designated database with the obtained partial fields.
In this embodiment, the client identification data group is constructed with each candidate client identification as an element.
For example: the customer identification data set constructed may be represented as: { u1, u2, u3, … …, un }, where n denotes the nth client.
Similarly, the card identification data group and the terminal identification data group may be constructed.
Specifically, the establishing a model with a minimum time interval according to each element in the client identifier time data group, the card identifier time data group, and the terminal identifier time data group includes:
calculating the square of the difference between each element in the customer identification time data set and each element in the card identification time data set to obtain each first square;
calculating the square of the difference between each element in the card identification time data group and each element in the terminal identification time data group to obtain each second square;
calculating the square of the difference between each element in the terminal identification time data group and each element in the client identification time data group to obtain each third square;
calculating the sum of each first square and each corresponding second square and each third square to obtain each first numerical value;
and performing evolution operation on the quotient of each first numerical value and a preset value to obtain the model with the minimum time interval.
Wherein the preset value may be 3.
Further, the iterating the time interval minimum model based on the grayling algorithm includes:
for each iteration, acquiring a first object arranged at the first position, a second object arranged at the second position and a third object arranged at the third position in the current iteration process;
configuring a first weight coefficient for the first object, a second weight coefficient for the second object, and a third weight coefficient for the third object, wherein the first weight coefficient is smaller than the second weight coefficient, and the first weight coefficient is smaller than the third weight coefficient;
and calculating the time interval of next iteration by using the first object, the second object and the third object after the weight coefficient is configured.
In the above embodiment, the customer, the SIM card and the terminal whose appearance time points are closest to each other can be found through the improved graying algorithm, which indicates that the association between the customer, the SIM card and the terminal is the strongest.
It can be understood that in the traditional gray wolf algorithm, the fixed target prey position weight factor easily results in local optimization and low accuracy.
In the embodiment, a nonlinear target prey position weight factor (i.e. a time factor) is introduced, so that the target transformation position is far away from a local optimal value and is biased to a possible global optimal value, thereby improving the global search capability at the initial stage of the algorithm, improving the capability of jumping out of the local optimal value at the later stage of the algorithm, and accelerating the convergence speed.
With the above embodiments, the IPV6 address can be backward resolved based on the modified graying algorithm to match out the most likely client, card and terminal.
And S14, authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information.
In at least one embodiment of the present invention, the authenticating the access right of the target terminal based on the target customer information, the target SIM card information, and the target terminal information includes:
comparing the target customer information, the target SIM card information and the target terminal information with customer information, SIM card information and terminal information adopted when the target address is generated;
when the target customer information is the same as the customer information adopted when the target address is generated, the target SIM card information is the same as the SIM card information adopted when the target address is generated, and the target terminal information is the same as the terminal information adopted when the target address is generated, determining that the access authority of the target terminal passes the authentication; or
And when the target customer information is different from the customer information adopted when the target address is generated, and/or the target SIM card information is different from the SIM card information adopted when the target address is generated, and/or the target terminal information is different from the terminal information adopted when the target address is generated, determining that the access authority of the target terminal is not authenticated.
Through the embodiment, the access authority of the target terminal can be authenticated from multiple dimensions based on the analyzed client information, the SIM card information and the terminal information, and the reliability and the accuracy of authentication are further improved.
And S15, when the access authority of the target terminal passes the authentication, extracting service data from the initial packet, and transmitting the service data to the target platform through the target network.
Through the embodiment, after passing the authentication, the service data is extracted and transmitted to the target platform through the target network, so that the leakage of client information, SIM card information and terminal information is avoided, the pressure of a server is reduced, and the reverse control capability of the terminal of the Internet of things is effectively improved.
In at least one embodiment of the invention, the method further comprises:
and when the access authority of the target terminal is not authenticated, intercepting the first packet and sending out warning information.
By intercepting the data packet sent by the terminal which does not pass the authentication and sending out the warning, the safety of data transmission in the network can be ensured, and the card and the terminal are prevented from being stolen.
According to the technical scheme, the unique IPV6 address of each terminal can be generated based on information of three layers of the client, the card and the terminal, the generated address is unique and real, safety and traceability are improved, during authentication, the IPV6 address is reversely analyzed based on an improved Husky algorithm to match the most possible client, card and terminal, and service data are extracted for transmission during authentication, so that data leakage is avoided, server pressure is relieved, and reverse control capability of the terminal of the Internet of things is effectively improved.
Fig. 2 is a functional block diagram of a preferred embodiment of the terminal authentication device based on IPV6 address according to the present invention. The terminal authentication device 11 based on the IPV6 address includes a generation unit 110, a collection unit 111, an extraction unit 112, an analysis unit 113, an authentication unit 114, and a transmission unit 115. The module/unit referred to in the present invention refers to a series of computer program segments that can be executed by the processor 13 and that can perform a fixed function, and that are stored in the memory 12. In the present embodiment, the functions of the modules/units will be described in detail in the following embodiments.
The generating unit 110 obtains client information, SIM (Subscriber Identity Module) card information, and terminal information of each terminal, and generates an IPV6(Internet Protocol Version 6, Version 6 of the Internet Protocol) address of each terminal according to the client information, the SIM card information, and the terminal information of each terminal.
In at least one embodiment of the invention, the customer information may include a customer identification or the like.
In at least one embodiment of the present invention, the SIM card information may include a system identification code sID and the like.
In at least one embodiment of the present invention, the terminal information may include Electronic Identity (eID) or the like.
In at least one embodiment of the present invention, the generating unit 110 obtains the customer information, the SIM card information, and the terminal information of each terminal, and generates the IPV6 address of each terminal according to the customer information, the SIM card information, and the terminal information of each terminal includes:
when the fact that a customer opens a card is detected, obtaining a customer identification of the customer as customer information, and extracting first preset bit data in the customer identification to construct a first array;
encrypting the first array to obtain a prefix field;
when the fact that the terminal of the client is inserted into an SIM card and powered on is detected, reading an International Mobile Subscriber Identity (IMSI) of the SIM card, obtaining a system identification code of the SIM card from the International Mobile Subscriber Identity as the SIM card information, and extracting second preset bit data of the system identification code of the SIM card to construct a second array;
acquiring a Physical Unclonable Function (PUF) of the terminal, generating a citizen network electronic identity of the terminal as terminal information based on the physical unclonable function, and extracting third preset bit data of the citizen network electronic identity of the terminal to construct a third array;
splicing the second array and the third array to obtain a fourth array;
encrypting the fourth array to obtain a suffix field;
and splicing the prefix field and the suffix field to obtain the IPV6 address of the terminal.
The first preset position, the second preset position and the third preset position can be configured in a user-defined mode, such as the last six positions.
In this embodiment, the encryption processing may be performed by using a symmetric algorithm or an asymmetric algorithm, which is not limited in the present invention.
For example: when detecting that a user A opens a card, acquiring last six bits of data of a user identification of the user A, encrypting the extracted data to obtain 64 bits of the prefix field, further, when detecting that a terminal B of the user A is inserted into a SIM card C, acquiring last three bits of a system identification code of the SIM card C, acquiring last three bits of data of a citizen network electronic identity identification of the terminal B, splicing the acquired data, encrypting to obtain 64 bits of the suffix field, and splicing the prefix field and the suffix field to obtain 128 bits of an IPV6 address corresponding to the terminal B.
Through the embodiment, the unique IPV6 address of each terminal can be generated based on the information of the client, the card and the terminal, the generated address is unique and real, and the safety and the traceability are improved.
In response to a first access request initiated by a target terminal to a target platform through a target network, the acquisition unit 111 acquires a first data packet transmitted by the target terminal in the target network as a first packet.
In this embodiment, the target terminal may be any requester.
In this embodiment, the target network may be an internet of things.
In this embodiment, the target platform may be any application platform that processes a service.
In this embodiment, the first packet may be a first packet.
In this embodiment, when the target terminal initiates a first access request to the target platform through the target network, the first packet is collected for subsequent authentication, so that the security of data transmission is improved.
Fetch unit 112 fetches the IPV6 address of the header packet as the destination address.
In this embodiment, the initial packet may carry a corresponding IPV6 address and related service data.
The parsing unit 113 parses the target address by using a preset grayish wolf algorithm to obtain target customer information, target SIM card information, and target terminal information of the target terminal.
In at least one embodiment of the present invention, the analyzing unit 113 analyzes the target address by using a preset grayish wolf algorithm, and obtaining the target customer information, the target SIM card information, and the target terminal information of the target terminal includes:
cutting the target address to obtain a cutting result, and determining at least one candidate client identifier, at least one candidate system identification code and at least one candidate citizen network electronic identity identifier according to the cutting result;
constructing a customer identification data set based on the at least one candidate customer identification;
constructing a card identification dataset based on the at least one candidate system identification code;
constructing a terminal identification data set based on the at least one candidate citizen network electronic identity;
acquiring the last active time of each element in the client identification data group, the card identification data group and the terminal identification data group;
respectively adding a timestamp to each element in the client identification data group, the card identification data group and the terminal identification data group based on the last active time of each element to obtain a client identification time data group, a card identification time data group and a terminal identification time data group;
establishing a time interval minimum model according to each element in the client identification time data group, the card identification time data group and the terminal identification time data group;
iterating the time interval minimum model based on a wolf algorithm to obtain a minimum time interval;
acquiring candidate client identifications corresponding to the minimum time interval as the target client information;
acquiring a candidate system identification code corresponding to the minimum time interval as the target SIM card information;
and acquiring the candidate citizen network electronic identity corresponding to the minimum time interval as the target terminal information.
Specifically, the cutting result may include three pieces of data, which are a partial field corresponding to the customer information, a partial field corresponding to the SIM card information, and a partial field corresponding to the terminal information.
Further, the at least one candidate customer identifier, the at least one candidate system identifier, and the at least one candidate citizen network electronic identity may be obtained by complementing the remaining corresponding fields from the designated database with the obtained partial fields.
In this embodiment, the client identification data group is constructed with each candidate client identification as an element.
For example: the customer identification data set constructed may be represented as: { u1, u2, u3, … …, un }, where n denotes the nth client.
Similarly, the card identification data group and the terminal identification data group may be constructed.
Specifically, the establishing a model with a minimum time interval according to each element in the client identifier time data group, the card identifier time data group, and the terminal identifier time data group includes:
calculating the square of the difference between each element in the customer identification time data set and each element in the card identification time data set to obtain each first square;
calculating the square of the difference between each element in the card identification time data group and each element in the terminal identification time data group to obtain each second square;
calculating the square of the difference between each element in the terminal identification time data group and each element in the client identification time data group to obtain each third square;
calculating the sum of each first square and each corresponding second square and each third square to obtain each first numerical value;
and performing evolution operation on the quotient of each first numerical value and a preset value to obtain the model with the minimum time interval.
Wherein the preset value may be 3.
Further, the iterating the time interval minimum model based on the grayling algorithm includes:
for each iteration, acquiring a first object arranged at the first position, a second object arranged at the second position and a third object arranged at the third position in the current iteration process;
configuring a first weight coefficient for the first object, a second weight coefficient for the second object, and a third weight coefficient for the third object, wherein the first weight coefficient is smaller than the second weight coefficient, and the first weight coefficient is smaller than the third weight coefficient;
and calculating the time interval of next iteration by using the first object, the second object and the third object after the weight coefficient is configured.
In the above embodiment, the customer, the SIM card and the terminal whose appearance time points are closest to each other can be found through the improved graying algorithm, which indicates that the association between the customer, the SIM card and the terminal is the strongest.
It can be understood that in the traditional gray wolf algorithm, the fixed target prey position weight factor easily results in local optimization and low accuracy.
In the embodiment, a nonlinear target prey position weight factor (i.e. a time factor) is introduced, so that the target transformation position is far away from a local optimal value and is biased to a possible global optimal value, thereby improving the global search capability at the initial stage of the algorithm, improving the capability of jumping out of the local optimal value at the later stage of the algorithm, and accelerating the convergence speed.
With the above embodiments, the IPV6 address can be backward resolved based on the modified graying algorithm to match out the most likely client, card and terminal.
The authentication unit 114 authenticates the access authority of the target terminal based on the target customer information, the target SIM card information, and the target terminal information.
In at least one embodiment of the present invention, the authenticating unit 114 authenticates the access right of the target terminal based on the target customer information, the target SIM card information, and the target terminal information includes:
comparing the target customer information, the target SIM card information and the target terminal information with customer information, SIM card information and terminal information adopted when the target address is generated;
when the target customer information is the same as the customer information adopted when the target address is generated, the target SIM card information is the same as the SIM card information adopted when the target address is generated, and the target terminal information is the same as the terminal information adopted when the target address is generated, determining that the access authority of the target terminal passes the authentication; or
And when the target customer information is different from the customer information adopted when the target address is generated, and/or the target SIM card information is different from the SIM card information adopted when the target address is generated, and/or the target terminal information is different from the terminal information adopted when the target address is generated, determining that the access authority of the target terminal is not authenticated.
Through the embodiment, the access authority of the target terminal can be authenticated from multiple dimensions based on the analyzed client information, the SIM card information and the terminal information, and the reliability and the accuracy of authentication are further improved.
When the access right of the target terminal passes the authentication, the transmission unit 115 extracts service data from the initial packet, and transmits the service data to the target platform through the target network.
Through the embodiment, after passing the authentication, the service data is extracted and transmitted to the target platform through the target network, so that the leakage of client information, SIM card information and terminal information is avoided, the pressure of a server is reduced, and the reverse control capability of the terminal of the Internet of things is effectively improved.
In at least one embodiment of the invention, when the access right of the target terminal is not authenticated, the head packet is intercepted and alarm information is sent out.
By intercepting the data packet sent by the terminal which does not pass the authentication and sending out the warning, the safety of data transmission in the network can be ensured, and the card and the terminal are prevented from being stolen.
According to the technical scheme, the unique IPV6 address of each terminal can be generated based on information of three layers of the client, the card and the terminal, the generated address is unique and real, safety and traceability are improved, during authentication, the IPV6 address is reversely analyzed based on an improved Husky algorithm to match the most possible client, card and terminal, and service data are extracted for transmission during authentication, so that data leakage is avoided, server pressure is relieved, and reverse control capability of the terminal of the Internet of things is effectively improved.
Fig. 3 is a schematic structural diagram of a computer device according to a preferred embodiment of the present invention for implementing a terminal authentication method based on IPV6 addresses.
The computer device 1 may comprise a memory 12, a processor 13 and a bus, and may further comprise a computer program stored in the memory 12 and executable on the processor 13, such as a terminal authentication program based on the IPV6 address.
It will be understood by those skilled in the art that the schematic diagram is merely an example of the computer device 1, and does not constitute a limitation to the computer device 1, the computer device 1 may have a bus-type structure or a star-shaped structure, the computer device 1 may further include more or less other hardware or software than those shown, or different component arrangements, for example, the computer device 1 may further include an input and output device, a network access device, etc.
It should be noted that the computer device 1 is only an example, and other electronic products that are currently available or may come into existence in the future, such as electronic products that can be adapted to the present invention, should also be included in the scope of the present invention, and are included herein by reference.
The memory 12 includes at least one type of readable storage medium, which includes flash memory, removable hard disks, multimedia cards, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disks, optical disks, etc. The memory 12 may in some embodiments be an internal storage unit of the computer device 1, for example a removable hard disk of the computer device 1. The memory 12 may also be an external storage device of the computer device 1 in other embodiments, such as a plug-in removable hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device 1. Further, the memory 12 may also include both an internal storage unit and an external storage device of the computer device 1. The memory 12 can be used not only for storing application software installed in the computer apparatus 1 and various kinds of data such as codes of a terminal authentication program based on the IPV6 address, etc., but also for temporarily storing data that has been output or is to be output.
The processor 13 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 13 is a Control Unit (Control Unit) of the computer device 1, connects various components of the entire computer device 1 by using various interfaces and lines, and executes various functions and processes data of the computer device 1 by running or executing programs or modules (for example, executing a terminal authentication program based on an IPV6 address, and the like) stored in the memory 12 and calling data stored in the memory 12.
The processor 13 executes the operating system of the computer device 1 and various installed application programs. The processor 13 executes the application program to implement the steps in each of the above-described embodiments of the IPV6 address-based terminal authentication method, such as the steps shown in fig. 1.
Illustratively, the computer program may be divided into one or more modules/units, which are stored in the memory 12 and executed by the processor 13 to accomplish the present invention. The one or more modules/units may be a series of computer readable instruction segments capable of performing certain functions, which are used to describe the execution of the computer program in the computer device 1. For example, the computer program may be divided into a generation unit 110, an acquisition unit 111, an extraction unit 112, a parsing unit 113, an authentication unit 114, a transmission unit 115.
The integrated unit implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a computer device, or a network device) or a processor (processor) to execute the parts of the terminal authentication method based on the IPV6 address according to the embodiments of the present invention.
The integrated modules/units of the computer device 1 may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented.
Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), random-access Memory, or the like.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one line is shown in FIG. 3, but this does not mean only one bus or one type of bus. The bus is arranged to enable connection communication between the memory 12 and at least one processor 13 or the like.
Although not shown, the computer device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 13 through a power management device, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The computer device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the computer device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the computer device 1 and other computer devices.
Optionally, the computer device 1 may further comprise a user interface, which may be a Display (Display), an input unit, such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the computer device 1 and for displaying a visualized user interface.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
Fig. 3 shows only the computer device 1 with the components 12-13, and it will be understood by a person skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the computer device 1 and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
With reference to fig. 1, the memory 12 of the computer device 1 stores a plurality of instructions to implement a terminal authentication method based on IPV6 address, and the processor 13 can execute the plurality of instructions to implement:
acquiring customer information, SIM card information and terminal information of each terminal, and generating an IPV6 address of each terminal according to the customer information, the SIM card information and the terminal information of each terminal;
responding to a first access request initiated by a target terminal to a target platform through a target network, and collecting a first data packet transmitted by the target terminal in the target network as a first packet;
extracting the IPV6 address of the head packet as a target address;
analyzing the target address by adopting a preset wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal;
authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information;
and when the access authority of the target terminal passes the authentication, extracting service data from the initial packet, and transmitting the service data to the target platform through the target network.
Specifically, the processor 13 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the instruction, which is not described herein again.
It should be noted that all the data involved in the present application are legally acquired.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The invention is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the present invention may also be implemented by one unit or means through software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A terminal authentication method based on an IPV6 address is characterized in that the terminal authentication method based on the IPV6 address comprises the following steps:
acquiring customer information, SIM card information and terminal information of each terminal, and generating an IPV6 address of each terminal according to the customer information, the SIM card information and the terminal information of each terminal;
responding to a first access request initiated by a target terminal to a target platform through a target network, and collecting a first data packet transmitted by the target terminal in the target network as a first packet;
extracting the IPV6 address of the head packet as a target address;
analyzing the target address by adopting a preset wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal;
authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information;
and when the access authority of the target terminal passes the authentication, extracting service data from the initial packet, and transmitting the service data to the target platform through the target network.
2. The IPV6 address-based terminal authentication method of claim 1, wherein the obtaining customer information, SIM card information, and terminal information for each terminal, and generating the IPV6 address for each terminal based on the customer information, SIM card information, and terminal information for each terminal comprises:
when the fact that a customer opens a card is detected, obtaining a customer identification of the customer as customer information, and extracting first preset bit data in the customer identification to construct a first array;
encrypting the first array to obtain a prefix field;
when the fact that the terminal of the client is inserted into an SIM card and powered on is detected, reading an International Mobile Subscriber Identity (IMSI) of the SIM card, acquiring a system identity of the SIM card from the IMSI as SIM card information, and extracting second preset bit data of the SIM card to construct a second array;
acquiring a physical unclonable function of the terminal, generating a citizen network electronic identity of the terminal as the terminal information based on the physical unclonable function, and extracting third preset bit data of the citizen network electronic identity of the terminal to construct a third array;
splicing the second array and the third array to obtain a fourth array;
encrypting the fourth array to obtain a suffix field;
and splicing the prefix field and the suffix field to obtain the IPV6 address of the terminal.
3. The IPV6 address-based terminal authentication method of claim 1, wherein the parsing the target address using a preset graying algorithm to obtain the target client information, the target SIM card information, and the target terminal information of the target terminal includes:
cutting the target address to obtain a cutting result, and determining at least one candidate client identifier, at least one candidate system identification code and at least one candidate citizen network electronic identity identifier according to the cutting result;
constructing a customer identification data set based on the at least one candidate customer identification;
constructing a card identification dataset based on the at least one candidate system identification code;
constructing a terminal identification data set based on the at least one candidate citizen network electronic identity;
acquiring the last active time of each element in the client identification data group, the card identification data group and the terminal identification data group;
respectively adding a timestamp to each element in the client identification data group, the card identification data group and the terminal identification data group based on the last active time of each element to obtain a client identification time data group, a card identification time data group and a terminal identification time data group;
establishing a time interval minimum model according to each element in the client identification time data group, the card identification time data group and the terminal identification time data group;
iterating the time interval minimum model based on a wolf algorithm to obtain a minimum time interval;
acquiring candidate client identifications corresponding to the minimum time interval as the target client information;
acquiring a candidate system identification code corresponding to the minimum time interval as the target SIM card information;
and acquiring the candidate citizen network electronic identity corresponding to the minimum time interval as the target terminal information.
4. The IPV6 address-based terminal authentication method of claim 3, wherein the establishing a time interval minimization model from each element in the client identification time data set, the card identification time data set, and the terminal identification time data set includes:
calculating the square of the difference between each element in the customer identification time data set and each element in the card identification time data set to obtain each first square;
calculating the square of the difference between each element in the card identification time data group and each element in the terminal identification time data group to obtain each second square;
calculating the square of the difference between each element in the terminal identification time data group and each element in the client identification time data group to obtain each third square;
calculating the sum of each first square and each corresponding second square and each third square to obtain each first numerical value;
and performing evolution operation on the quotient of each first numerical value and a preset value to obtain the model with the minimum time interval.
5. The IPV6 address-based terminal authentication method of claim 3, wherein the iterating the time interval minimum model based on the wolf algorithm includes:
for each iteration, acquiring a first object arranged at the first position, a second object arranged at the second position and a third object arranged at the third position in the current iteration process;
configuring a first weight coefficient for the first object, a second weight coefficient for the second object, and a third weight coefficient for the third object, wherein the first weight coefficient is smaller than the second weight coefficient, and the first weight coefficient is smaller than the third weight coefficient;
and calculating the time interval of next iteration by using the first object, the second object and the third object after the weight coefficient is configured.
6. The IPV6 address-based terminal authentication method of claim 1, wherein the authenticating the access right of the target terminal based on the target customer information, the target SIM card information, and the target terminal information includes:
comparing the target customer information, the target SIM card information and the target terminal information with customer information, SIM card information and terminal information adopted when the target address is generated;
when the target customer information is the same as the customer information adopted when the target address is generated, the target SIM card information is the same as the SIM card information adopted when the target address is generated, and the target terminal information is the same as the terminal information adopted when the target address is generated, determining that the access authority of the target terminal passes the authentication; or
And when the target customer information is different from the customer information adopted when the target address is generated, and/or the target SIM card information is different from the SIM card information adopted when the target address is generated, and/or the target terminal information is different from the terminal information adopted when the target address is generated, determining that the access authority of the target terminal is not authenticated.
7. The IPV6 address-based terminal authentication method of claim 1, wherein the method further comprises:
and when the access authority of the target terminal is not authenticated, intercepting the first packet and sending out warning information.
8. An IPV6 address-based terminal authentication device, characterized in that, the IPV6 address-based terminal authentication device comprises:
the generation unit is used for acquiring the client information, the SIM card information and the terminal information of each terminal and generating the IPV6 address of each terminal according to the client information, the SIM card information and the terminal information of each terminal;
the system comprises an acquisition unit, a first data packet and a second data packet, wherein the acquisition unit is used for responding to a first access request initiated by a target terminal to a target platform through a target network and acquiring the first data packet transmitted by the target terminal in the target network as a first packet;
the extraction unit is used for extracting the IPV6 address of the head packet as a target address;
the analysis unit is used for analyzing the target address by adopting a preset Grey wolf algorithm to obtain target customer information, target SIM card information and target terminal information of the target terminal;
the authentication unit is used for authenticating the access authority of the target terminal based on the target customer information, the target SIM card information and the target terminal information;
and the transmission unit is used for extracting service data from the head packet and transmitting the service data to the target platform through the target network when the access authority of the target terminal passes the authentication.
9. A computer device, characterized in that the computer device comprises:
a memory storing at least one instruction; and
a processor executing instructions stored in the memory to implement the IPV6 address-based terminal authentication method of any one of claims 1 to 7.
10. A computer-readable storage medium characterized by: the computer-readable storage medium has stored therein at least one instruction which is executed by a processor in a computer device to implement the IPV6 address-based terminal authentication method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111623055.4A CN114301670B (en) | 2021-12-28 | 2021-12-28 | Terminal authentication method, device, equipment and medium based on IPV6 address |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111623055.4A CN114301670B (en) | 2021-12-28 | 2021-12-28 | Terminal authentication method, device, equipment and medium based on IPV6 address |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301670A true CN114301670A (en) | 2022-04-08 |
| CN114301670B CN114301670B (en) | 2023-12-05 |
Family
ID=80972020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111623055.4A Active CN114301670B (en) | 2021-12-28 | 2021-12-28 | Terminal authentication method, device, equipment and medium based on IPV6 address |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301670B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116192419A (en) * | 2022-11-15 | 2023-05-30 | 中亿(深圳)信息科技有限公司 | Application program data safety protection method and device based on Internet of things card |
| CN117118765A (en) * | 2023-10-25 | 2023-11-24 | 易讯科技股份有限公司 | IPV6 identity security authentication method and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040213237A1 (en) * | 2000-06-29 | 2004-10-28 | Toshikazu Yasue | Network authentication apparatus and network authentication system |
| CN1809076A (en) * | 2006-01-26 | 2006-07-26 | 中国移动通信集团公司 | IPv6 terminal address generation and parsing method in communication network |
| US20190260577A1 (en) * | 2018-02-21 | 2019-08-22 | Verizon Patent And Licensing Inc. | GLOBAL IDENTIFICATION OF DEVICES BASED ON DESIGNATED IPv6 ADDRESS |
| CN110266518A (en) * | 2019-05-22 | 2019-09-20 | 清华大学 | The address IPv6 source tracing method, device and electronic equipment based on SDN |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| CN111343298A (en) * | 2020-02-28 | 2020-06-26 | 中星科源(北京)信息技术有限公司 | Method for generating IPv6 address, storage device and processing device |
| EP3713186A1 (en) * | 2019-03-19 | 2020-09-23 | Deutsche Telekom AG | Techniques for enabling unique utilization of identities within a communication network |
| CN112291204A (en) * | 2020-10-12 | 2021-01-29 | 清华大学 | Access request processing method and device and readable storage medium |
| CN112822218A (en) * | 2021-02-28 | 2021-05-18 | 新华三信息安全技术有限公司 | Access control method and device |
| CN113055176A (en) * | 2019-12-26 | 2021-06-29 | 中国电信股份有限公司 | Terminal authentication method and system, terminal device, P2P verification platform and medium |
-
2021
- 2021-12-28 CN CN202111623055.4A patent/CN114301670B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040213237A1 (en) * | 2000-06-29 | 2004-10-28 | Toshikazu Yasue | Network authentication apparatus and network authentication system |
| CN1809076A (en) * | 2006-01-26 | 2006-07-26 | 中国移动通信集团公司 | IPv6 terminal address generation and parsing method in communication network |
| US20190260577A1 (en) * | 2018-02-21 | 2019-08-22 | Verizon Patent And Licensing Inc. | GLOBAL IDENTIFICATION OF DEVICES BASED ON DESIGNATED IPv6 ADDRESS |
| CN111327561A (en) * | 2018-12-13 | 2020-06-23 | 中国电信股份有限公司 | Authentication method, system, authentication server, and computer-readable storage medium |
| EP3713186A1 (en) * | 2019-03-19 | 2020-09-23 | Deutsche Telekom AG | Techniques for enabling unique utilization of identities within a communication network |
| CN110266518A (en) * | 2019-05-22 | 2019-09-20 | 清华大学 | The address IPv6 source tracing method, device and electronic equipment based on SDN |
| CN113055176A (en) * | 2019-12-26 | 2021-06-29 | 中国电信股份有限公司 | Terminal authentication method and system, terminal device, P2P verification platform and medium |
| CN111343298A (en) * | 2020-02-28 | 2020-06-26 | 中星科源(北京)信息技术有限公司 | Method for generating IPv6 address, storage device and processing device |
| CN112291204A (en) * | 2020-10-12 | 2021-01-29 | 清华大学 | Access request processing method and device and readable storage medium |
| CN112822218A (en) * | 2021-02-28 | 2021-05-18 | 新华三信息安全技术有限公司 | Access control method and device |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116192419A (en) * | 2022-11-15 | 2023-05-30 | 中亿(深圳)信息科技有限公司 | Application program data safety protection method and device based on Internet of things card |
| CN116192419B (en) * | 2022-11-15 | 2023-09-26 | 中亿(深圳)信息科技有限公司 | Application program data safety protection method and device based on Internet of things card |
| CN117118765A (en) * | 2023-10-25 | 2023-11-24 | 易讯科技股份有限公司 | IPV6 identity security authentication method and system |
| CN117118765B (en) * | 2023-10-25 | 2023-12-22 | 易讯科技股份有限公司 | IPV6 identity security authentication method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301670B (en) | 2023-12-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2023056943A1 (en) | Internet of things rule engine-based terminal control method and apparatus, and device and medium | |
| CN114301670B (en) | Terminal authentication method, device, equipment and medium based on IPV6 address | |
| CN111901327A (en) | Cloud network vulnerability mining method and device, electronic equipment and medium | |
| CN111600850A (en) | Method, equipment and storage medium for detecting mine digging virtual currency | |
| CN114268508A (en) | Internet of things equipment secure access method, device, equipment and medium | |
| CN113806434B (en) | Big data processing method, device, equipment and medium | |
| CN112732567B (en) | Mock data testing method and device based on ip, electronic equipment and storage medium | |
| CN111949708A (en) | Multi-task prediction method, device, equipment and medium based on time sequence feature extraction | |
| CN115081538A (en) | Customer relationship identification method, device, equipment and medium based on machine learning | |
| CN114827354A (en) | Identity authentication information display method and device, electronic equipment and readable storage medium | |
| CN114185776A (en) | Big data point burying method, device, equipment and medium for application program | |
| CN116405332B (en) | Service request method, device, equipment and medium based on Nginx gateway | |
| CN116701233B (en) | Transaction system testing method, equipment and medium based on high concurrency report simulation | |
| CN112528265A (en) | Identity recognition method, device, equipment and medium based on online conference | |
| CN114666408B (en) | Market condition factor data transparent transmission method, device, equipment and medium based on Internet | |
| CN114268559B (en) | Directional network detection method, device, equipment and medium based on TF-IDF algorithm | |
| CN115314570B (en) | Data issuing method, device, equipment and medium based on protocol development framework | |
| US11233703B2 (en) | Extending encrypted traffic analytics with traffic flow data | |
| CN115001768A (en) | Data interaction method, device and equipment based on block chain and storage medium | |
| CN114185502A (en) | Log printing method, device, equipment and medium based on production line environment | |
| CN112559940A (en) | Page labeling method, device, equipment and medium | |
| CN114614993B (en) | System interaction method and device, electronic equipment and storage medium | |
| CN116843454B (en) | Channel information management method, device, equipment and medium | |
| CN117316359A (en) | Blood detection process tracking method, device, equipment and medium | |
| CN114417195A (en) | Data processing method, device, equipment and medium based on two-dimension code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |