Unlock instant, AI-driven research and patent intelligence for your innovation.

Method of identifying user identity by digital certificate based on separating mapping network

A digital certificate and user identity technology, applied in the network field, can solve problems such as host identity and host identifier not forming an effective binding, unable to confirm the identity information of the other party, and potential safety hazards, so as to standardize user network behavior and realize network security. Management function, good management effect

Inactive Publication Date: 2010-03-10
BEIJING JIAOTONG UNIV
View PDF0 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the basic exchange in the HIP protocol avoids many security problems, the host identity and the host identifier have not formed an effective binding, and the identity information of the other party cannot be confirmed during communication, which poses a great security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method of identifying user identity by digital certificate based on separating mapping network
  • Method of identifying user identity by digital certificate based on separating mapping network
  • Method of identifying user identity by digital certificate based on separating mapping network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0089] Embodiment 1: In this embodiment, the method of the present invention uses a digital certificate digest to construct a 128-bit access address to realize the separation of user identity and location.

[0090] Among them, the routing address of the access router uses a 128-bit IPv6 address. According to the address separation mapping network routing address allocation method, this embodiment assigns the routing address to the access router in an address aggregation manner according to the network topology. The access router has a certain A large number of routing addresses are used by the access terminal to facilitate terminal location management and data packet routing and forwarding; according to the IP address, the location management of the current domain of the access terminal can be realized, and the intermediate router can directly implement routing and forwarding based on the IP address without considering the identity issue.

[0091] The access address of the acce...

Embodiment 2

[0093] Embodiment 2: The network topology structure diagram of the network topology that realizes the real identity confirmation of the access terminal introduced in the address separation mapping network is as follows Figure 5 as shown, Figure 5 The schematic diagram of the process of authenticating terminal A by access router AR1 is as follows: Figure 6 shown.

[0094] exist Figure 6 Among them, in data packet P, N1 is the pseudo-random number generated by terminal A for this session; in data packet V, N1 is the pseudo-random number in P; N2 is the pseudo-random number generated by the access router in this session ; D-H is the initial parameter of the Diffie-Hellman key exchange; iface is the identification of the packet P arriving at the AR1 interface; HMAC rs is the message authentication code of N2, D-H, iface and other domains; rs is the password for accessing the route, which is cycled every minute.

[0095] In the data packet M, {Cert_1} represents the cipher...

Embodiment 3

[0107] Embodiment 3: The process of mutual confirmation of the real identities of both terminal A and terminal B introduced in the address separation mapping network by the present invention is as follows: Figure 7 shown.

[0108] exist Figure 7 In the data packet P', N4 is the pseudo-random number generated by terminal A for this session; in the data packet V', N4 is the pseudo-random number in P'; N5 is the pseudo-random number generated by terminal B in this session Pseudo-random number; D-H' is the initial parameter of the Diffie-Hellman key exchange; iface' is the identification of the data packet P arriving at the terminal B interface; HMAC rs‘ is the message authentication code of N5, D-H', iface' and other domains; rs' is the password of terminal B, which is cycled every minute.

[0109] In the data packet M', {Cert_1} represents the ciphertext of the digital certificate of the terminal A, and the encryption key is the session key obtained by calculating the Diffi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method of identifying user identity by a digital certificate based on a separating mapping network, which adopts an IP address as a routing address and constructs an accessaddress by the digital certificate. The method comprises the following steps: firstly acquiring the digital certificate from a certification authority when a user accesses to a network; then using thedigital certificate to confirm the user true identity so as to prevent an illegal user accessing to the network; and when carrying out mutual communication among communication terminals, confirmingrespective identity information by using the digital certificate. The invention introduces a system of using the digital certificate to confirm the user identity aiming at an address separating mapping network, and realizes the true identity identification of an access terminal and the mutual true identity identification between communication parties, thereby preventing the illegal user accessingto the network, standardizing the user network behavior and providing a safe network environment for the user.

Description

technical field [0001] The invention relates to a method for verifying user identity using a digital certificate based on a separate mapping network, and belongs to the field of network technology. Background technique [0002] In the TCP / IP protocol system, the IP address represents the network topological address and the host identity of the host. The dual function of this IP address simultaneously expressing the network topology position and the host identity severely limits the mobility of the host. When the host moves and changes its IP address, the communication parties cannot send or receive data on the originally created network layer communication link and the communication will be interrupted. One of the important reasons why the IP address is used as a location identifier and an identity identifier at the same time is that the original design of the Internet did not consider the movement of the host. With the increasing number of mobile devices on the Internet, t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L12/56H04L29/06H04L29/12
Inventor 刘颖唐建强周华春张宏科
Owner BEIJING JIAOTONG UNIV