WO2010133127A1 - 主机标识标签获取方法及系统 - Google Patents
主机标识标签获取方法及系统 Download PDFInfo
- Publication number
- WO2010133127A1 WO2010133127A1 PCT/CN2010/072429 CN2010072429W WO2010133127A1 WO 2010133127 A1 WO2010133127 A1 WO 2010133127A1 CN 2010072429 W CN2010072429 W CN 2010072429W WO 2010133127 A1 WO2010133127 A1 WO 2010133127A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- host
- hit
- host identification
- update message
- newly generated
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5076—Update or notification mechanisms, e.g. DynDNS
Definitions
- the embodiments of the present invention relate to communication technologies, and in particular, to a method and system for acquiring a host identification label. Background technique
- the IP address bears the dual meaning of being used to identify the location of the IP device/node in the network and the identity of the communication node.
- the IP address allocation In order to ensure the scalability of the routing system, the IP address allocation must be compatible with the network topology, but since the IP address is also used as the host identifier, and the allocation is often based on the organization (rather than the topology) structure, and needs to be relatively stable. .
- the dual meaning of the IP address also objectively creates a tight coupling between the transport layer and the network layer.
- the transport layer uses the ⁇ transport layer protocol, source IP address, destination IP address, source port number, destination port number> five-tuple to indicate the connection between the nodes.
- This quintuple should be in the whole process of a connection. It remains unchanged, but when the IP address changes due to mobile or dynamic IP re-allocation or multi-homing, the quintuple corresponding to the connection changes, and the connection that is carrying the communication is interrupted. In addition, the update and upgrade of the transport layer protocol will have a huge impact on the transport layer protocol.
- the Internet Engineering Task Force Internet (IETF) host identity protocol (Host Identity) The Protocol, HIP) working group introduced a comprehensive solution that introduces a new host identity protocol layer and a new namespace between the network layer and the transport layer. Thereby, the transport layer protocol and the network layer protocol are separated.
- the transport layer uses the host identifier, and the HIP completes the conversion of the host identifier to the IP address.
- HIT Host Identity Tag
- HIT is a 128-bit binary number generated by HI through an encryption chaos algorithm, which is a flat, single-level structure. Except for the host ID, there is no other information.
- the security strength of the key gradually decreases as time passes and the number of uses increases. When the security strength of the key drops to a certain level, or the key is cracked, it needs to be replaced.
- the replacement of the host public key means a change in the host HIT. When a host HIT changes, the host needs to know its potential visitors in some way. If the potential visitors are not notified, the two cannot communicate normally. Summary of the invention
- An embodiment of the present invention provides a method for acquiring a host identification label, where the method includes: receiving an update message including a newly generated host identification label HIT;
- a newly generated host identification tag HIT is obtained from the update message.
- An embodiment of the present invention provides a method for acquiring a host identification label, where the method includes: the third-party server receives an update message including a newly generated host identification label HIT, and establishes a mapping relationship between the old and new host identification labels;
- the host obtains the newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
- the embodiment of the present invention provides a host identification label obtaining system, the system includes: a first host, configured to send an update message including a newly generated host identification label HIT; and a second host, configured to send from the first host Obtain the newly generated host identification label HITo in the update message
- An embodiment of the present invention provides a host identification label obtaining system, where the system includes: a first host, configured to send an update message including a newly generated host identification tag HIT; and a third-party server, configured to receive the update message, and Establish a mapping relationship between new and old host identification labels;
- the second host is configured to obtain a newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
- the method and system for acquiring the host identification label obtain the latest HIT by directly obtaining the latest HIT and the current IP address of the host from the update message, or obtaining the latest HIT according to the mapping relationship between the newly generated new and old host identification labels received by the third-party server. Normal communication is possible.
- Embodiment 1 is a flowchart of Embodiment 1 of a method for acquiring a host identification label according to the present invention
- FIG. 2 is a schematic diagram of HIT changes in a host interaction process according to the present invention.
- Embodiment 3 is a flowchart of Embodiment 2 of a method for acquiring a host identification label according to the present invention
- FIG. 4 is a schematic structural diagram of Embodiment 1 of a host identification label obtaining system according to the present invention
- FIG. 5 is a schematic structural diagram of Embodiment 2 of a host identification label obtaining system according to the present invention.
- the method for obtaining a host identification label in the embodiment of the present invention includes:
- a newly generated host identification tag HIT is obtained from the update message.
- the method for obtaining the host identification label in the second embodiment of the present invention includes:
- the third-party server receives the update message including the newly generated host identification tag HIT, and establishes a mapping relationship between the new and old host identification tags;
- the host obtains the newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
- the above method separately completes the acquisition of the newly generated HIT for a scenario without a third-party server or a third-party server.
- FIG. 1 it is a flowchart of Embodiment 1 of a method for acquiring a host identification label of the present invention, where the method includes:
- the first host sends an update message that includes the newly generated host identity tag HIT to the second host.
- an Update packet in a HIP packet can be used to transmit an update message in communication; in this embodiment, a update packet can be used to transmit a HIT update message, which can include newly generated The validity period and signature of the HIT, etc.; and the first host can transmit the HIT update message before the old HIT expires through the newly created secure channel or the established secure channel, wherein, if the HIT update message is ready to be sent, if it has not been established If a secure channel exists, a new secure channel is created, and the HIT update message is sent through the newly created secure channel; the secure channel refers to a mechanism for the communication parties to securely transmit information in an insecure network environment.
- the function of a secure channel includes protecting the confidentiality of information, freshness, and confirming the correctness of the source.
- this feature can also be implemented using traditional security protocols such as IPsec, SSL, and HTTPs.
- the second host receives the update message from the first host, and obtains the newly generated HIT from the update message, that is, the new HIT, and obtains the IP address corresponding to the current first host, so that the first host and the second can be implemented. Normal communication between hosts.
- the foregoing second host may be established or will establish a communication connection with the first host.
- the change process of the HIT is as shown in FIG. 2, first, the first host and the second host use the old HIT to establish a communication channel through the four-step handshake mechanism, the first host
- the update message may be transmitted through the established communication channel; of course, if a communication channel has been established between the first host and the second host, the update message may be directly transmitted through the communication channel; after receiving the update message, the second host receives the update message.
- the Security Parameter Index (SPI) identifies the session, and the HIT update does not have any effect on the session.
- FIG. 3 it is a flowchart of Embodiment 2 of a method for acquiring a host identification label of the present invention, where the method includes:
- the first host sends an update message that includes the newly generated host identity tag HIT to the third-party server.
- the third-party server may be a domain name server (DNS), or may be a mapping server for the host identification label HIT to the Internet Protocol IP address, or may be a convergence point server (RVS), etc., where the host identification label HIT to the Internet Protocol IP address
- DNS domain name server
- RVS convergence point server
- the mapping server may include a distributed hash table (DHT) or the like;
- the old HIT may use the old HIT-based secure channel established by the HIT handshake protocol to send the update message before the old HIT expires.
- the security channel may also be established through other security protocols.
- the third-party server receives the update message, and establishes a mapping relationship between the old and new host identifier labels.
- the third-party server After receiving the update message, the third-party server associates the new HIT carried in the update message with the old HIT, and establishes a mapping relationship between the old and new host identification labels, such as the mapping relationship between the old HIT and the current latest HIT, or the old one.
- a mapping relationship between HIT and HIT in different periods;
- the second host uses the old HIT, and obtains the newly generated host identification label HIT according to the mapping relationship between the new and old host identification labels; for example, when the first host updates the HIT, it notifies the third-party server such as RVS, and the RVS maintains the first The mapping of the expired HIT of the host to the current HIT; therefore, when the second host accesses the RVS with the expired HIT of the first host, the current HIT information of the first host is obtained, so that the second host can perform normal communication with the first host;
- the specific implementation manner of the second host obtaining the current HIT information of the first host may be: the second host sends a message to the RVS, the RVS returns a no relevant HIT through a notification message, and the second host requests the old HIT to The new HIT mapping service, the RVS sends a message containing the old and new HIT mapping relationship to the second host, and the second host acquires a new HIT according to the new and old HIT mapping relationship.
- the method for obtaining the host identification label is obtained by directly obtaining the latest HIT and the IP address corresponding to the host from the update message, or obtaining the latest HIT according to the mapping relationship between the newly generated new and old host identification labels received by the third-party server, thereby A communication channel can be established between the first host and the second host for normal communication, and the upper layer application protocol does not cause an error, so that the tongue can continue.
- the safety strength of HI can be within the allowable range, making communication safer.
- FIG. 4 it is a schematic structural diagram of Embodiment 1 of a host identification label obtaining system according to the present invention.
- the system includes: a first host 11 configured to send an update message including a newly generated host identification label HIT; Obtaining a newly generated host identification label HITo from the update message sent by the first host 11
- the second host obtains, from the update message, the newly generated host identification label of the first host and the current IP address corresponding to the first host, so that normal communication with the first host is possible.
- the first host may include: a first sending module, configured to send the update message by using a newly created secure channel; and a second sending module, configured to send the update message by using a established secure channel.
- the host identification label acquisition system acquires the newly generated HIT and the main body of the present invention
- the process of the first embodiment of the device identification label acquisition method is the same, and details are not described herein.
- the host identification label obtaining system sends an update message to the second host by using the first host, and the second host directly obtains the newly generated HIT of the first host and the current IP address of the first host from the update message, thereby performing the Normal communication.
- FIG. 5 it is a schematic structural diagram of Embodiment 2 of a host identification label obtaining system according to the present invention.
- the system includes: a first host 11 configured to send an update message including a newly generated host identification label HIT;
- the second host 12 is configured to obtain a newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
- the third-party server may include a domain name server, a convergence point server, a host identification tag HIT to a mapping server of an Internet Protocol IP address, and the like, and the mapping server of the host identification tag HIT to the Internet Protocol IP address may include a distributed hash table DHT. Wait.
- the second host may obtain the current status of the second host according to the newly generated host identification label HIT. Corresponding IP address, so that normal communication with the first host can be performed.
- the process of obtaining the newly generated HIT by the system is the same as the process of the second embodiment of the host identification tag obtaining method of the present invention, and details are not described herein.
- the host identification label obtaining system sends an update message to the third server by using the first host, and the third server establishes a new old and old host identification label mapping relationship according to the new HIP carried in the update message, and the second host maps the relationship according to the new and old host identification labels. And the old HIT acquires the newly generated HIT, so that normal communication can be performed. In addition, the safety strength of HI can be within the allowable range, making communication safer.
- the embodiment of the present invention or a part thereof may be implemented by software, and the corresponding software program may be stored in a readable storage medium such as an optical disk, a hard disk, a floppy disk or the like.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012511129A JP2012527794A (ja) | 2009-05-22 | 2010-05-04 | ホストアイデンティティタグ取得のための方法およびシステム |
BRPI1012808A BRPI1012808A2 (pt) | 2009-05-22 | 2010-05-04 | método e sistema para obter uma etiqueta de identificação de hospedeiro |
EP10777331A EP2434716A1 (en) | 2009-05-22 | 2010-05-04 | Method and system for acquiring host identity tag |
US13/302,853 US20120072513A1 (en) | 2009-05-22 | 2011-11-22 | Method and system for obtaining host identity tag |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910085509XA CN101895522A (zh) | 2009-05-22 | 2009-05-22 | 主机标识标签获取方法及系统 |
CN200910085509.X | 2009-05-22 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/302,853 Continuation US20120072513A1 (en) | 2009-05-22 | 2011-11-22 | Method and system for obtaining host identity tag |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010133127A1 true WO2010133127A1 (zh) | 2010-11-25 |
Family
ID=43104589
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2010/072429 WO2010133127A1 (zh) | 2009-05-22 | 2010-05-04 | 主机标识标签获取方法及系统 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20120072513A1 (zh) |
EP (1) | EP2434716A1 (zh) |
JP (1) | JP2012527794A (zh) |
CN (1) | CN101895522A (zh) |
BR (1) | BRPI1012808A2 (zh) |
WO (1) | WO2010133127A1 (zh) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102752266B (zh) * | 2011-04-20 | 2015-11-25 | 中国移动通信集团公司 | 访问控制方法及其设备 |
US20130238782A1 (en) * | 2012-03-09 | 2013-09-12 | Alcatel-Lucent Usa Inc. | Method and apparatus for identifying an application associated with an ip flow using dns data |
CN106603513A (zh) * | 2016-11-30 | 2017-04-26 | 中国人民解放军理工大学 | 基于主机标识的资源访问控制方法以及系统 |
WO2021152349A1 (en) * | 2020-01-30 | 2021-08-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Ipsec privacy protection |
CN115987782B (zh) * | 2023-03-20 | 2023-06-06 | 建信金融科技有限责任公司 | 云主机名的生成方法、装置、设备、存储介质和程序产品 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801764A (zh) * | 2006-01-23 | 2006-07-12 | 北京交通大学 | 一种基于身份与位置分离的互联网接入方法 |
CN1809075A (zh) * | 2006-01-23 | 2006-07-26 | 北京交通大学 | 一种建立一体化网络服务的方法 |
WO2007134640A1 (en) * | 2006-05-24 | 2007-11-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Delegation based mobility management |
WO2008138853A1 (en) * | 2007-05-11 | 2008-11-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Hip node reachability |
CN101350807A (zh) * | 2007-07-20 | 2009-01-21 | 华为技术有限公司 | 多地址空间移动网络架构、主机信息注册及数据发送方法 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004178448A (ja) * | 2002-11-28 | 2004-06-24 | Nippon Telegr & Teleph Corp <Ntt> | ピアツーピア通信のための名前管理方法、システム装置、処理プログラム及び該プログラムを記録した記憶媒体 |
GB2426672B (en) * | 2005-05-27 | 2009-12-16 | Ericsson Telefon Ab L M | Host identity protocol method and apparatus |
EP1814279B1 (en) * | 2006-01-31 | 2010-09-29 | NTT DoCoMo, Inc. | Method and apparatus for implementing bearer mobility |
ES2378783T3 (es) * | 2007-02-12 | 2012-04-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Delegación de señalización en una red en movimiento |
WO2008151672A1 (en) * | 2007-06-14 | 2008-12-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Network-based local mobility management |
US7969933B2 (en) * | 2007-08-03 | 2011-06-28 | Kapsch Trafficcom Ag | System and method for facilitating a persistent application session with anonymity between a mobile host and a network host |
US20100284400A1 (en) * | 2007-10-15 | 2010-11-11 | Melen Jan | Provisioning mobility services to legacy terminals |
-
2009
- 2009-05-22 CN CN200910085509XA patent/CN101895522A/zh active Pending
-
2010
- 2010-05-04 EP EP10777331A patent/EP2434716A1/en not_active Withdrawn
- 2010-05-04 JP JP2012511129A patent/JP2012527794A/ja active Pending
- 2010-05-04 WO PCT/CN2010/072429 patent/WO2010133127A1/zh active Application Filing
- 2010-05-04 BR BRPI1012808A patent/BRPI1012808A2/pt not_active IP Right Cessation
-
2011
- 2011-11-22 US US13/302,853 patent/US20120072513A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801764A (zh) * | 2006-01-23 | 2006-07-12 | 北京交通大学 | 一种基于身份与位置分离的互联网接入方法 |
CN1809075A (zh) * | 2006-01-23 | 2006-07-26 | 北京交通大学 | 一种建立一体化网络服务的方法 |
WO2007134640A1 (en) * | 2006-05-24 | 2007-11-29 | Telefonaktiebolaget Lm Ericsson (Publ) | Delegation based mobility management |
WO2008138853A1 (en) * | 2007-05-11 | 2008-11-20 | Telefonaktiebolaget Lm Ericsson (Publ) | Hip node reachability |
CN101350807A (zh) * | 2007-07-20 | 2009-01-21 | 华为技术有限公司 | 多地址空间移动网络架构、主机信息注册及数据发送方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2434716A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP2434716A4 (en) | 2012-03-28 |
JP2012527794A (ja) | 2012-11-08 |
EP2434716A1 (en) | 2012-03-28 |
BRPI1012808A2 (pt) | 2018-01-16 |
US20120072513A1 (en) | 2012-03-22 |
CN101895522A (zh) | 2010-11-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4579934B2 (ja) | レガシーノードとhipノード間のホストアイデンティティプロトコル(hip)接続を確立するためのアドレス指定方法及び装置 | |
JP5804439B2 (ja) | Id/ロケータ分離ベースのネットワークにおいてネームレジストリ,ネットワークアクセスおよびデータ通信を安全に行う方法 | |
JP4727126B2 (ja) | 近距離無線コンピューティング装置用のセキュア・ネットワーク・アクセスの提供 | |
CN101416176B (zh) | 动态主机配置和网络访问验证 | |
JP4625125B2 (ja) | マルチ鍵暗号化生成アドレスを用いたセキュアなアドレスプロキシ | |
WO2011041967A1 (zh) | 匿名通信的方法、注册方法、信息收发方法及系统 | |
WO2010063242A1 (zh) | 时钟同步的方法、设备以及网络系统 | |
WO2013013481A1 (zh) | 接入认证方法、设备、服务器及系统 | |
Lopez et al. | Pceps: Usage of tls to provide a secure transport for the path computation element communication protocol (pcep) | |
WO2010133127A1 (zh) | 主机标识标签获取方法及系统 | |
JP2004166002A (ja) | 通信装置、境界ルータ装置、サーバ装置、通信システム、通信方法、ルーティング方法、通信プログラム及びルーティングプログラム | |
WO2009143739A1 (zh) | 管理和查询映射信息的方法、设备及通信系统 | |
Crabbe et al. | Path computation element communication protocol (pcep) extensions for stateful pce | |
WO2011120276A1 (zh) | 一种终端实现连接建立的方法及系统 | |
JP4586721B2 (ja) | 通信中にアドレス変更が可能な通信装置、システム及び通信方法 | |
WO2011072549A1 (zh) | 非lisp站点与lisp站点通信的方法、装置及系统 | |
US10841283B2 (en) | Smart sender anonymization in identity enabled networks | |
WO2010124549A1 (zh) | 获取公钥的方法、装置和系统 | |
JP2007166552A (ja) | 通信装置及び暗号通信方法 | |
JP2014022969A (ja) | マルチホーム通信方法およびシステム | |
JP4805185B2 (ja) | ゲートウェイ装置およびセッション管理方法 | |
CA2419865C (en) | Providing secure network access for short-range wireless computing devices | |
Lopez et al. | RFC 8253: PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP) | |
WO2011100876A1 (zh) | 一种实现网络侧去附着过程的方法及系统 | |
Venaas | Independent Submission S. Winter Internet-Draft RESTENA Intended status: Informational M. McCauley Expires: August 11, 2008 OSC |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10777331 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012511129 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010777331 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4889/KOLNP/2011 Country of ref document: IN |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: PI1012808 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: PI1012808 Country of ref document: BR Kind code of ref document: A2 Effective date: 20111122 |