WO2010133127A1 - 主机标识标签获取方法及系统 - Google Patents

主机标识标签获取方法及系统 Download PDF

Info

Publication number
WO2010133127A1
WO2010133127A1 PCT/CN2010/072429 CN2010072429W WO2010133127A1 WO 2010133127 A1 WO2010133127 A1 WO 2010133127A1 CN 2010072429 W CN2010072429 W CN 2010072429W WO 2010133127 A1 WO2010133127 A1 WO 2010133127A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
hit
host identification
update message
newly generated
Prior art date
Application number
PCT/CN2010/072429
Other languages
English (en)
French (fr)
Inventor
张大成
徐小虎
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to JP2012511129A priority Critical patent/JP2012527794A/ja
Priority to BRPI1012808A priority patent/BRPI1012808A2/pt
Priority to EP10777331A priority patent/EP2434716A1/en
Publication of WO2010133127A1 publication Critical patent/WO2010133127A1/zh
Priority to US13/302,853 priority patent/US20120072513A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5076Update or notification mechanisms, e.g. DynDNS

Definitions

  • the embodiments of the present invention relate to communication technologies, and in particular, to a method and system for acquiring a host identification label. Background technique
  • the IP address bears the dual meaning of being used to identify the location of the IP device/node in the network and the identity of the communication node.
  • the IP address allocation In order to ensure the scalability of the routing system, the IP address allocation must be compatible with the network topology, but since the IP address is also used as the host identifier, and the allocation is often based on the organization (rather than the topology) structure, and needs to be relatively stable. .
  • the dual meaning of the IP address also objectively creates a tight coupling between the transport layer and the network layer.
  • the transport layer uses the ⁇ transport layer protocol, source IP address, destination IP address, source port number, destination port number> five-tuple to indicate the connection between the nodes.
  • This quintuple should be in the whole process of a connection. It remains unchanged, but when the IP address changes due to mobile or dynamic IP re-allocation or multi-homing, the quintuple corresponding to the connection changes, and the connection that is carrying the communication is interrupted. In addition, the update and upgrade of the transport layer protocol will have a huge impact on the transport layer protocol.
  • the Internet Engineering Task Force Internet (IETF) host identity protocol (Host Identity) The Protocol, HIP) working group introduced a comprehensive solution that introduces a new host identity protocol layer and a new namespace between the network layer and the transport layer. Thereby, the transport layer protocol and the network layer protocol are separated.
  • the transport layer uses the host identifier, and the HIP completes the conversion of the host identifier to the IP address.
  • HIT Host Identity Tag
  • HIT is a 128-bit binary number generated by HI through an encryption chaos algorithm, which is a flat, single-level structure. Except for the host ID, there is no other information.
  • the security strength of the key gradually decreases as time passes and the number of uses increases. When the security strength of the key drops to a certain level, or the key is cracked, it needs to be replaced.
  • the replacement of the host public key means a change in the host HIT. When a host HIT changes, the host needs to know its potential visitors in some way. If the potential visitors are not notified, the two cannot communicate normally. Summary of the invention
  • An embodiment of the present invention provides a method for acquiring a host identification label, where the method includes: receiving an update message including a newly generated host identification label HIT;
  • a newly generated host identification tag HIT is obtained from the update message.
  • An embodiment of the present invention provides a method for acquiring a host identification label, where the method includes: the third-party server receives an update message including a newly generated host identification label HIT, and establishes a mapping relationship between the old and new host identification labels;
  • the host obtains the newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
  • the embodiment of the present invention provides a host identification label obtaining system, the system includes: a first host, configured to send an update message including a newly generated host identification label HIT; and a second host, configured to send from the first host Obtain the newly generated host identification label HITo in the update message
  • An embodiment of the present invention provides a host identification label obtaining system, where the system includes: a first host, configured to send an update message including a newly generated host identification tag HIT; and a third-party server, configured to receive the update message, and Establish a mapping relationship between new and old host identification labels;
  • the second host is configured to obtain a newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
  • the method and system for acquiring the host identification label obtain the latest HIT by directly obtaining the latest HIT and the current IP address of the host from the update message, or obtaining the latest HIT according to the mapping relationship between the newly generated new and old host identification labels received by the third-party server. Normal communication is possible.
  • Embodiment 1 is a flowchart of Embodiment 1 of a method for acquiring a host identification label according to the present invention
  • FIG. 2 is a schematic diagram of HIT changes in a host interaction process according to the present invention.
  • Embodiment 3 is a flowchart of Embodiment 2 of a method for acquiring a host identification label according to the present invention
  • FIG. 4 is a schematic structural diagram of Embodiment 1 of a host identification label obtaining system according to the present invention
  • FIG. 5 is a schematic structural diagram of Embodiment 2 of a host identification label obtaining system according to the present invention.
  • the method for obtaining a host identification label in the embodiment of the present invention includes:
  • a newly generated host identification tag HIT is obtained from the update message.
  • the method for obtaining the host identification label in the second embodiment of the present invention includes:
  • the third-party server receives the update message including the newly generated host identification tag HIT, and establishes a mapping relationship between the new and old host identification tags;
  • the host obtains the newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
  • the above method separately completes the acquisition of the newly generated HIT for a scenario without a third-party server or a third-party server.
  • FIG. 1 it is a flowchart of Embodiment 1 of a method for acquiring a host identification label of the present invention, where the method includes:
  • the first host sends an update message that includes the newly generated host identity tag HIT to the second host.
  • an Update packet in a HIP packet can be used to transmit an update message in communication; in this embodiment, a update packet can be used to transmit a HIT update message, which can include newly generated The validity period and signature of the HIT, etc.; and the first host can transmit the HIT update message before the old HIT expires through the newly created secure channel or the established secure channel, wherein, if the HIT update message is ready to be sent, if it has not been established If a secure channel exists, a new secure channel is created, and the HIT update message is sent through the newly created secure channel; the secure channel refers to a mechanism for the communication parties to securely transmit information in an insecure network environment.
  • the function of a secure channel includes protecting the confidentiality of information, freshness, and confirming the correctness of the source.
  • this feature can also be implemented using traditional security protocols such as IPsec, SSL, and HTTPs.
  • the second host receives the update message from the first host, and obtains the newly generated HIT from the update message, that is, the new HIT, and obtains the IP address corresponding to the current first host, so that the first host and the second can be implemented. Normal communication between hosts.
  • the foregoing second host may be established or will establish a communication connection with the first host.
  • the change process of the HIT is as shown in FIG. 2, first, the first host and the second host use the old HIT to establish a communication channel through the four-step handshake mechanism, the first host
  • the update message may be transmitted through the established communication channel; of course, if a communication channel has been established between the first host and the second host, the update message may be directly transmitted through the communication channel; after receiving the update message, the second host receives the update message.
  • the Security Parameter Index (SPI) identifies the session, and the HIT update does not have any effect on the session.
  • FIG. 3 it is a flowchart of Embodiment 2 of a method for acquiring a host identification label of the present invention, where the method includes:
  • the first host sends an update message that includes the newly generated host identity tag HIT to the third-party server.
  • the third-party server may be a domain name server (DNS), or may be a mapping server for the host identification label HIT to the Internet Protocol IP address, or may be a convergence point server (RVS), etc., where the host identification label HIT to the Internet Protocol IP address
  • DNS domain name server
  • RVS convergence point server
  • the mapping server may include a distributed hash table (DHT) or the like;
  • the old HIT may use the old HIT-based secure channel established by the HIT handshake protocol to send the update message before the old HIT expires.
  • the security channel may also be established through other security protocols.
  • the third-party server receives the update message, and establishes a mapping relationship between the old and new host identifier labels.
  • the third-party server After receiving the update message, the third-party server associates the new HIT carried in the update message with the old HIT, and establishes a mapping relationship between the old and new host identification labels, such as the mapping relationship between the old HIT and the current latest HIT, or the old one.
  • a mapping relationship between HIT and HIT in different periods;
  • the second host uses the old HIT, and obtains the newly generated host identification label HIT according to the mapping relationship between the new and old host identification labels; for example, when the first host updates the HIT, it notifies the third-party server such as RVS, and the RVS maintains the first The mapping of the expired HIT of the host to the current HIT; therefore, when the second host accesses the RVS with the expired HIT of the first host, the current HIT information of the first host is obtained, so that the second host can perform normal communication with the first host;
  • the specific implementation manner of the second host obtaining the current HIT information of the first host may be: the second host sends a message to the RVS, the RVS returns a no relevant HIT through a notification message, and the second host requests the old HIT to The new HIT mapping service, the RVS sends a message containing the old and new HIT mapping relationship to the second host, and the second host acquires a new HIT according to the new and old HIT mapping relationship.
  • the method for obtaining the host identification label is obtained by directly obtaining the latest HIT and the IP address corresponding to the host from the update message, or obtaining the latest HIT according to the mapping relationship between the newly generated new and old host identification labels received by the third-party server, thereby A communication channel can be established between the first host and the second host for normal communication, and the upper layer application protocol does not cause an error, so that the tongue can continue.
  • the safety strength of HI can be within the allowable range, making communication safer.
  • FIG. 4 it is a schematic structural diagram of Embodiment 1 of a host identification label obtaining system according to the present invention.
  • the system includes: a first host 11 configured to send an update message including a newly generated host identification label HIT; Obtaining a newly generated host identification label HITo from the update message sent by the first host 11
  • the second host obtains, from the update message, the newly generated host identification label of the first host and the current IP address corresponding to the first host, so that normal communication with the first host is possible.
  • the first host may include: a first sending module, configured to send the update message by using a newly created secure channel; and a second sending module, configured to send the update message by using a established secure channel.
  • the host identification label acquisition system acquires the newly generated HIT and the main body of the present invention
  • the process of the first embodiment of the device identification label acquisition method is the same, and details are not described herein.
  • the host identification label obtaining system sends an update message to the second host by using the first host, and the second host directly obtains the newly generated HIT of the first host and the current IP address of the first host from the update message, thereby performing the Normal communication.
  • FIG. 5 it is a schematic structural diagram of Embodiment 2 of a host identification label obtaining system according to the present invention.
  • the system includes: a first host 11 configured to send an update message including a newly generated host identification label HIT;
  • the second host 12 is configured to obtain a newly generated host identification label HIT according to the mapping relationship between the old host identification label HIT and the new and old host identification labels.
  • the third-party server may include a domain name server, a convergence point server, a host identification tag HIT to a mapping server of an Internet Protocol IP address, and the like, and the mapping server of the host identification tag HIT to the Internet Protocol IP address may include a distributed hash table DHT. Wait.
  • the second host may obtain the current status of the second host according to the newly generated host identification label HIT. Corresponding IP address, so that normal communication with the first host can be performed.
  • the process of obtaining the newly generated HIT by the system is the same as the process of the second embodiment of the host identification tag obtaining method of the present invention, and details are not described herein.
  • the host identification label obtaining system sends an update message to the third server by using the first host, and the third server establishes a new old and old host identification label mapping relationship according to the new HIP carried in the update message, and the second host maps the relationship according to the new and old host identification labels. And the old HIT acquires the newly generated HIT, so that normal communication can be performed. In addition, the safety strength of HI can be within the allowable range, making communication safer.
  • the embodiment of the present invention or a part thereof may be implemented by software, and the corresponding software program may be stored in a readable storage medium such as an optical disk, a hard disk, a floppy disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Description

主机标识标签获取方法及系统
本申请要求于 2009 年 5 月 22 日提交中国专利局、 申请号为 200910085509.X, 发明名称为 "主机标识标签获取方式及系统" 的中国专 利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域
本发明实施例涉及通信技术, 特别涉及一种主机标识标签获取方法及 系统。 背景技术
随着互联网络的发展,其运行的环境及承载的业务发生了很大的变化, 其最初的设计逐渐显露出局限性。
导致上述局限性的主要原因之一是 IP地址承担了双重含义, 即既被用 来标识 IP设备 /节点在网络中的位置, 又代表通信节点的身份。 为了保证路 由系统的可扩展性,IP地址分配必须与网络拓朴相适合,但是由于 IP地址同 时作为主机标识,且分配往往是基于组织(而不是拓朴) 结构来分配的,而且 需要相对稳定。 同时 IP地址的双重含义也客观地造成了传输层和网络层的 紧密耦合。 另外, 传输层使用 <传输层协议、 源 IP地址、 目的 IP地址、 源 端口号、 目的端口号 >五元组来表示节点之间的连接, 这个五元组在一个连 接的整个过程中应该是保持不变的, 可是当移动或动态 IP重分配或多归属 等原因导致 IP地址发生变化时, 连接所对应的五元组也就发生了变化, 正 在承载通信的连接就会因此中断。 另外, 传输层协议的更新升级也会对传 输层协议造成巨大的影响。
为了实现身份标志和网络拓朴位置的分离, 工程任务组 (Internet Engineering Task Force Internet , IETF ) 的主机标识协议 ( Host Identity Protocol, HIP )工作组推出了一个综合性的解决方案, 此方案是在网络层 和传输层之间引入了新的主机标识协议层和新的命名空间。 由此, 使得传 输层协议和网络层协议分离。 传输层使用主机标识, 由 HIP完成主机标识 向 IP地址的转化。
主机标识协议所使用的标志称为主机标识 (Host Identity, HI ) , HI 实质上是一对公私钥对中的公钥;由于 HI 的长度因不同的公钥系统算法而 千差万别, 所以在实际协议中通常使用固定长度的主机标识标签(Host Identity Tag, HIT ) 。 HIT为 128位二进制数, 由 HI经过加密混乱算法生 成, 为扁平化、 单一层次的结构。 除了作为主机标识外, 不含其他任何的 信息。 另外, 密钥的安全强度随着时间的流逝以及使用次数的增加, 会逐 渐地降低。 当密钥的安全强度降到一定级别的时候,或者密钥被破解的时候 就需要更换。 主机公钥的更换意味着主机 HIT的变化。 当一个主机 HIT发 生变化的时候, 主机需要通过某种方式令其潜在的访问者知晓, 若不通知 潜在的访问者, 则二者无法进行正常的通信。 发明内容
本发明实施例提供一种主机标识标签获取方法及系统, 以获取最新的
HIT, 从而可以进行正常通信。
本发明实施例提供了一种主机标识标签获取方法, 该方法包括: 接收包含新生成的主机标识标签 HIT的更新消息;
从所述更新消息中获得新生成的主机标识标签 HIT。
本发明实施例提供了一种主机标识标签获取方法, 该方法包括: 第三方服务器接收包含新生成的主机标识标签 HIT的更新消息, 建立 新旧主机标识标签的映射关系;
主机根据旧的主机标识标签 HIT和所述新旧主机标识标签的映射关 系, 获得新生成的主机标识标签 HIT。 本发明实施例提供了一种主机标识标签获取系统, 该系统包括: 第一主机, 用于发送包含新生成的主机标识标签 HIT的更新消息; 第二主机, 用于从所述第一主机发送的更新消息中获得新生成的主机 标识标签 HITo
本发明实施例提供了一种主机标识标签获取系统, 该系统包括: 第一主机, 用于发送包含新生成的主机标识标签 HIT的更新消息; 第三方服务器, 用于接收所述更新消息, 并建立新旧主机标识标签的 映射关系;
第二主机, 用于根据旧的主机标识标签 HIT和所述新旧主机标识标签 的映射关系, 获得新生成的主机标识标签 HIT。
上述主机标识标签获取方法及系统, 通过从更新消息中直接获取最新 的 HIT和主机当前的 IP地址, 或利用第三方服务器根据接收的新生成的新 旧主机标识标签的映射关系获得最新的 HIT, 从而可以进行正常的通信。 附图说明
图 1为本发明主机标识标签获取方法实施例一的流程图;
图 2为本发明主机交互过程中的 HIT变化示意图;
图 3为本发明主机标识标签获取方法实施例二的流程图;
图 4为本发明主机标识标签获取系统实施例一的结构示意图; 图 5为本发明主机标识标签获取系统实施例二的结构示意图。 具体实施方式
下面通过附图和实施例, 对本发明的技术方案做进一步的详细描述。 本发明实施例一主机标识标签获取方法包括:
接收包含新生成的主机标识标签 HIT的更新消息;
从所述更新消息中获得新生成的主机标识标签 HIT。 本发明实施例二主机标识标签获取方法包括:
第三方服务器接收包含新生成的主机标识标签 HIT的更新消息, 建立 新旧主机标识标签的映射关系;
主机根据旧的主机标识标签 HIT和所述新旧主机标识标签的映射关 系, 获得新生成的主机标识标签 HIT。
上述方法分别针对没有第三方服务器或有第三方服务器的场景完成新 生成的 HIT的获取, 下面描述新生成的 HIT的获取过程:
如图 1所示, 为本发明主机标识标签获取方法实施例一的流程图, 该 方法包括:
101、第一主机向第二主机发送包含新生成的主机标识标签 HIT的更新 消息;
例如, HIP数据包中的更新 ( Update )包( packets )可以用来在通信中 传送更新消息;在本实施例中可采用 update包来传送 HIT更新消息,该 HIT 更新消息中可以包括新生成的 HIT的有效期和签名等; 并且第一主机可以 通过新建的安全通道或已建立的安全通道在旧的 HIT过期前传送该 HIT更 新消息, 其中, 在准备发送该 HIT更新消息之前, 若没有已建立的安全通 道存在, 则新建安全通道, 并通过该新建的安全通道来发送该 HIT更新消 息; 安全通道指的是一种是通讯双方在不安全的网络环境中能够安全传送 信息的机制。 一个安全通道的功能包括保护信息的机密性, 新鲜性, 确认 消息来源的正确性。 除了通过标准的 HIP基本握手协议建立安全通道之外, 还可以使用 IPsec, SSL, HTTPs等传统的安全协议来实现此功能。
102、 从上述更新消息中获得新生成的主机标识标签 HIT。
第二主机接收来自第一主机的更新消息, 并从该更新消息中获得新生 成的 HIT, 即新的 HIT, 及获得当前第一主机所对应的 IP地址, 因而可以 实现第一主机和第二主机间的正常通信。
另外, 上述第二主机可以为与第一主机已建立或将要建立通信连接的 相关主机, 上述第一主机和第二主机进行交互过程中, HIT 的变化过程如 图 2所示, 首先第一主机和第二主机利用旧的 HIT通过四步握手机制建立 通信信道, 第一主机可以通过该建立的通信信道传送更新消息; 当然, 若 第一主机和第二主机之间已经建立了通信信道, 则可直接通过该通信信道 传送给更新消息; 第二主机接收该更新消息后, 获得该更新消息中携带的 新的 HIT; 其中, 图 2中的 T1表示新 HIT生成的时间, T2表示旧 HIT过 期的时间; 另夕卜,完成握手以后,第一主机可以使用安全参数索引(Security Parameter Index, SPI )标识进行会话, 则 HIT的更新不会对该会话产生任 何影响。
如图 3所示, 为本发明主机标识标签获取方法实施例二的流程图, 该 方法包括:
201、第一主机向第三方服务器发送包含新生成的主机标识标签 HIT的 更新消息;
该第三方服务器可以为域名服务器(DNS ) , 也可以为主机标识标签 HIT到互联网协议 IP地址的映射服务器, 还可以为汇聚点服务器(RVS ) 等, 其中主机标识标签 HIT到互联网协议 IP地址的映射服务器可以包括分 布式哈希表 ( DHT )等;
上述第一主机在有新生成的 HIT之后, 旧的 HIT过期之前, 可以利用 通过 HIT握手协议建立的基于旧的 HIT的安全通道来发送该更新消息; 当 然, 还可以通过其他安全协议构建安全通道来发送该更新消息;
202、 第三方服务器接收该更新消息, 并建立新旧主机标识标签的映射 关系;
第三方服务器接收该更新消息后, 会将更新消息中的携带的新的 HIT 和旧的 HIT关联起来, 建立新旧主机标识标签的映射关系如旧的 HIT与当 前最新的 HIT的映射关系或旧的 HIT与不同时期的 HIT的映射关系;
203、 ^居旧的主机标识标签 HIT和上述新旧主机标识标签的映射关 系, 获得新生成的主机标识标签 HIT。
第二主机利用旧的 HIT, 并根据新旧主机标识标签的映射关系, 获得 新生成的主机标识标签 HIT; 例如, 当第一主机更新 HIT时会通知到第三 方服务器如 RVS, RVS会维护第一主机的过期 HIT到当前 HIT的映射; 因 此当第二主机用第一主机的过期 HIT访问 RVS时,会获得第一主机的当前 HIT信息, 以便第二主机可以和第一主机间进行正常通信; 举例来说, 第 二主机获得第一主机当前 HIT信息的具体实现方法可以为: 第二主机发送 消息给 RVS, RVS通过通知(notification ) 消息返回没有相关 HIT, 第二 主机则会请求旧 HIT到新 HIT映射服务, RVS会发送包含新旧 HIT映射关 系的消息给第二主机, 第二主机根据该新旧 HIT映射关系获取新的 HIT。
上述主机标识标签获取方法, 通过从更新消息中直接获取最新的 HIT 和主机当前所对应的 IP地址, 或利用第三方服务器根据接收的新生成的新 旧主机标识标签的映射关系获得最新的 HIT, 从而第一主机和第二主机之 间可以建立通信通道进行正常通信, 进而上层应用协议不会出现错误, 使 得^舌可以继续进行。 另外可以使 HI的安全强度在允许的范围内, 从而使 通讯更安全。
如图 4所示,为本发明主机标识标签获取系统实施例一的结构示意图, 该系统包括: 第一主机 11, 用于发送包含新生成的主机标识标签 HIT的更 新消息; 第二主机 12, 用于从上述第一主机 11发送的更新消息中获得新生 成的主机标识标签 HITo
其中, 上述第二主机从该更新消息中获得第一主机新生成的主机标识 标签和第一主机当前所对应的 IP地址,以便可以和第一主机进行正常通信。
上述第一主机为了发送更新消息, 具体可以包括: 第一发送模块, 用 于通过新建的安全通道发送上述更新消息; 第二发送模块, 用于通过已建 立的安全通道发送上述更新消息。
另外, 该主机标识标签获取系统获取新生成的 HIT的过程与本发明主 机标识标签获取方法实施例一的过程相同, 在此不赘述。
上述主机标识标签获取系统,通过第一主机向第二主机发送更新消息, 第二主机从上述更新消息中直接获取第一主机新生成的 HIT和第一主机当 前所对应的 IP地址, 从而可以进行正常通信。
如图 5所示,为本发明主机标识标签获取系统实施例二的结构示意图, 该系统包括: 第一主机 11, 用于发送包含新生成的主机标识标签 HIT的更 新消息; 第三方服务器 13, 用于接收上述更新消息, 并建立新旧主机标识 标签的映射关系; 第二主机 12, 用于根据旧的主机标识标签 HIT和上述新 旧主机标识标签的映射关系, 获得新生成的主机标识标签 HIT。
其中, 第三方服务器可以包括域名服务器、 汇聚点服务器和主机标识 标签 HIT到互联网协议 IP地址的映射服务器等, 且上述主机标识标签 HIT 到互联网协议 IP地址的映射服务器可以包括分布式哈希表 DHT等。
当上述第三方服务器为主机标识标签 HIT到互联网协议 IP地址的映射 服务器时, 上述第二主机获得新生成的主机标识标签 HIT之后, 还可以根 据新生成的主机标识标签 HIT获得第二主机当前所对应的 IP地址, 以便可 以和第一主机进行正常通信。
另夕卜, 该系统获取新生成的 HIT的过程与本发明主机标识标签获取方 法实施例二的过程相同, 在此不赘述。
上述主机标识标签获取系统, 通过第一主机向第三服务器发送更新消 息, 第三服务器根据更新消息中携带的新的 HIP建立新旧主机标识标签映 射关系, 第二主机根据该新旧主机标识标签映射关系和旧的 HIT获取新生 成的 HIT, 从而可以进行正常通信。 另外可以使 HI的安全强度在允许的范 围内, 从而使通讯更安全。
本发明实施例或者其中的一部分, 可以利用软件实现, 相应的软件程 序可以存储在可读取的存储介质中, 例如光盘, 硬盘, 软盘等。
最后应说明的是, 以上实施例仅用以说明本发明的技术方案而非限制, 尽管参照较佳实施例对本发明进行了详细说明, 本领域的普通技术人员应 当理解, 可以对本发明的技术方案进行修改或者等同替换, 而不脱离本发 明技术方案的精神和范围。

Claims

权利要求
1、 一种主机标识标签获取方法, 其特征在于包括:
接收包含新生成的主机标识标签 HIT的更新消息;
从所述更新消息中获得新生成的主机标识标签 HIT。
2、 根据权利要求 1所述的主机标识标签获取方法,其特征在于所述接 收包含新生成的主机标识标签 HIT的更新消息包括:
通过新建的安全通道或已建立的安全通道接收包含新生成的主机标识 标签 HIT的更新消息。
3、 一种主机标识标签获取方法, 其特征在于包括:
第三方服务器接收包含新生成的主机标识标签 HIT的更新消息, 建立 新旧主机标识标签的映射关系;
主机才 据旧的主机标识标签 HIT 和所述新旧主机标识标签的映射关 系, 获得新生成的主机标识标签 HIT。
4、 根据权利要求 3所述的主机标识标签获取方法, 其特征在于, 所述更新消息通过新建的安全通道或已建立的安全通道被传送; 所述第三方服务器包括域名服务器或汇聚点服务器 RVS或主机标识标 签 HIT到互联网协议 IP地址的映射服务器。
5、 根据权利要求 4所述的主机标识标签获取方法,其特征在于所述第 三方服务器为 HIT到互联网协议 IP地址的映射服务器时, 所述获得新生成 的主机标识标签 HIT之后还包括:
才艮据新生成的主机标识标签 HIT获得主机当前所对应的 IP地址。
6、 一种主机标识标签获取系统, 其特征在于包括:
第一主机, 用于发送包含新生成的主机标识标签 HIT的更新消息; 第二主机, 用于从所述第一主机发送的更新消息中获得新生成的主机 标识标签 HITo
7、 根据权利要求 6所述的主机标识标签获取系统,其特征在于所述第 一主机包括:
第一发送模块, 用于通过新建的安全通道发送所述更新消息; 第二发送模块, 用于通过已建立的安全通道发送所述更新消息。
8、 一种主机标识标签获取系统, 其特征在于包括:
第一主机, 用于发送包含新生成的主机标识标签 HIT的更新消息; 第三方服务器, 用于接收所述更新消息, 并建立新旧主机标识标签的 映射关系;
第二主机, 用于根据旧的主机标识标签 HIT和所述新旧主机标识标签 的映射关系, 获得新生成的主机标识标签 HIT。
9、 根据权利要求 8所述的主机标识标签获取系统,其特征在于所述第 三方服务器包括域名服务器或汇聚点服务器 RVS或主机标识标签 HIT到互 联网协议 IP地址的映射服务器。
10、 根据权利要求 9所述的主机标识标签获取系统, 其特征在于所述 第三方服务器为主机标识标签 HIT到互联网协议 IP地址的映射服务器时, 所述第二主机获得新生成的主机标识标签 HIT之后, 根据新生成的主机标 识标签 HIT获得第一主机当前所对应的 IP地址。
PCT/CN2010/072429 2009-05-22 2010-05-04 主机标识标签获取方法及系统 WO2010133127A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2012511129A JP2012527794A (ja) 2009-05-22 2010-05-04 ホストアイデンティティタグ取得のための方法およびシステム
BRPI1012808A BRPI1012808A2 (pt) 2009-05-22 2010-05-04 método e sistema para obter uma etiqueta de identificação de hospedeiro
EP10777331A EP2434716A1 (en) 2009-05-22 2010-05-04 Method and system for acquiring host identity tag
US13/302,853 US20120072513A1 (en) 2009-05-22 2011-11-22 Method and system for obtaining host identity tag

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910085509XA CN101895522A (zh) 2009-05-22 2009-05-22 主机标识标签获取方法及系统
CN200910085509.X 2009-05-22

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/302,853 Continuation US20120072513A1 (en) 2009-05-22 2011-11-22 Method and system for obtaining host identity tag

Publications (1)

Publication Number Publication Date
WO2010133127A1 true WO2010133127A1 (zh) 2010-11-25

Family

ID=43104589

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/072429 WO2010133127A1 (zh) 2009-05-22 2010-05-04 主机标识标签获取方法及系统

Country Status (6)

Country Link
US (1) US20120072513A1 (zh)
EP (1) EP2434716A1 (zh)
JP (1) JP2012527794A (zh)
CN (1) CN101895522A (zh)
BR (1) BRPI1012808A2 (zh)
WO (1) WO2010133127A1 (zh)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752266B (zh) * 2011-04-20 2015-11-25 中国移动通信集团公司 访问控制方法及其设备
US20130238782A1 (en) * 2012-03-09 2013-09-12 Alcatel-Lucent Usa Inc. Method and apparatus for identifying an application associated with an ip flow using dns data
CN106603513A (zh) * 2016-11-30 2017-04-26 中国人民解放军理工大学 基于主机标识的资源访问控制方法以及系统
WO2021152349A1 (en) * 2020-01-30 2021-08-05 Telefonaktiebolaget Lm Ericsson (Publ) Ipsec privacy protection
CN115987782B (zh) * 2023-03-20 2023-06-06 建信金融科技有限责任公司 云主机名的生成方法、装置、设备、存储介质和程序产品

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN1809075A (zh) * 2006-01-23 2006-07-26 北京交通大学 一种建立一体化网络服务的方法
WO2007134640A1 (en) * 2006-05-24 2007-11-29 Telefonaktiebolaget Lm Ericsson (Publ) Delegation based mobility management
WO2008138853A1 (en) * 2007-05-11 2008-11-20 Telefonaktiebolaget Lm Ericsson (Publ) Hip node reachability
CN101350807A (zh) * 2007-07-20 2009-01-21 华为技术有限公司 多地址空间移动网络架构、主机信息注册及数据发送方法

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004178448A (ja) * 2002-11-28 2004-06-24 Nippon Telegr & Teleph Corp <Ntt> ピアツーピア通信のための名前管理方法、システム装置、処理プログラム及び該プログラムを記録した記憶媒体
GB2426672B (en) * 2005-05-27 2009-12-16 Ericsson Telefon Ab L M Host identity protocol method and apparatus
EP1814279B1 (en) * 2006-01-31 2010-09-29 NTT DoCoMo, Inc. Method and apparatus for implementing bearer mobility
ES2378783T3 (es) * 2007-02-12 2012-04-17 Telefonaktiebolaget Lm Ericsson (Publ) Delegación de señalización en una red en movimiento
WO2008151672A1 (en) * 2007-06-14 2008-12-18 Telefonaktiebolaget Lm Ericsson (Publ) Network-based local mobility management
US7969933B2 (en) * 2007-08-03 2011-06-28 Kapsch Trafficcom Ag System and method for facilitating a persistent application session with anonymity between a mobile host and a network host
US20100284400A1 (en) * 2007-10-15 2010-11-11 Melen Jan Provisioning mobility services to legacy terminals

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN1809075A (zh) * 2006-01-23 2006-07-26 北京交通大学 一种建立一体化网络服务的方法
WO2007134640A1 (en) * 2006-05-24 2007-11-29 Telefonaktiebolaget Lm Ericsson (Publ) Delegation based mobility management
WO2008138853A1 (en) * 2007-05-11 2008-11-20 Telefonaktiebolaget Lm Ericsson (Publ) Hip node reachability
CN101350807A (zh) * 2007-07-20 2009-01-21 华为技术有限公司 多地址空间移动网络架构、主机信息注册及数据发送方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2434716A4 *

Also Published As

Publication number Publication date
EP2434716A4 (en) 2012-03-28
JP2012527794A (ja) 2012-11-08
EP2434716A1 (en) 2012-03-28
BRPI1012808A2 (pt) 2018-01-16
US20120072513A1 (en) 2012-03-22
CN101895522A (zh) 2010-11-24

Similar Documents

Publication Publication Date Title
JP4579934B2 (ja) レガシーノードとhipノード間のホストアイデンティティプロトコル(hip)接続を確立するためのアドレス指定方法及び装置
JP5804439B2 (ja) Id/ロケータ分離ベースのネットワークにおいてネームレジストリ,ネットワークアクセスおよびデータ通信を安全に行う方法
JP4727126B2 (ja) 近距離無線コンピューティング装置用のセキュア・ネットワーク・アクセスの提供
CN101416176B (zh) 动态主机配置和网络访问验证
JP4625125B2 (ja) マルチ鍵暗号化生成アドレスを用いたセキュアなアドレスプロキシ
WO2011041967A1 (zh) 匿名通信的方法、注册方法、信息收发方法及系统
WO2010063242A1 (zh) 时钟同步的方法、设备以及网络系统
WO2013013481A1 (zh) 接入认证方法、设备、服务器及系统
Lopez et al. Pceps: Usage of tls to provide a secure transport for the path computation element communication protocol (pcep)
WO2010133127A1 (zh) 主机标识标签获取方法及系统
JP2004166002A (ja) 通信装置、境界ルータ装置、サーバ装置、通信システム、通信方法、ルーティング方法、通信プログラム及びルーティングプログラム
WO2009143739A1 (zh) 管理和查询映射信息的方法、设备及通信系统
Crabbe et al. Path computation element communication protocol (pcep) extensions for stateful pce
WO2011120276A1 (zh) 一种终端实现连接建立的方法及系统
JP4586721B2 (ja) 通信中にアドレス変更が可能な通信装置、システム及び通信方法
WO2011072549A1 (zh) 非lisp站点与lisp站点通信的方法、装置及系统
US10841283B2 (en) Smart sender anonymization in identity enabled networks
WO2010124549A1 (zh) 获取公钥的方法、装置和系统
JP2007166552A (ja) 通信装置及び暗号通信方法
JP2014022969A (ja) マルチホーム通信方法およびシステム
JP4805185B2 (ja) ゲートウェイ装置およびセッション管理方法
CA2419865C (en) Providing secure network access for short-range wireless computing devices
Lopez et al. RFC 8253: PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)
WO2011100876A1 (zh) 一种实现网络侧去附着过程的方法及系统
Venaas Independent Submission S. Winter Internet-Draft RESTENA Intended status: Informational M. McCauley Expires: August 11, 2008 OSC

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10777331

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2012511129

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2010777331

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 4889/KOLNP/2011

Country of ref document: IN

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: PI1012808

Country of ref document: BR

ENP Entry into the national phase

Ref document number: PI1012808

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20111122