Unlock instant, AI-driven research and patent intelligence for your innovation.

Method of identifying user identity by digital certificate based on separating mapping network

A digital certificate and user identity technology, applied in the network field, can solve problems such as inability to confirm the identity information of the other party, potential safety hazards, and failure to form an effective binding between the host identity and the host identifier, so as to standardize user network behavior, manage well, and Effects of implementing network manageability features

Inactive Publication Date: 2011-11-23
BEIJING JIAOTONG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the basic exchange in the HIP protocol avoids many security problems, the host identity and the host identifier have not formed an effective binding, and the identity information of the other party cannot be confirmed during communication, which poses a great security risk

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method of identifying user identity by digital certificate based on separating mapping network
  • Method of identifying user identity by digital certificate based on separating mapping network
  • Method of identifying user identity by digital certificate based on separating mapping network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0089] Embodiment 1: In this embodiment, the method of the present invention uses a digital certificate digest to construct a 128-bit access address to realize the separation of user identity and location.

[0090] Among them, the routing address of the access router uses a 128-bit IPv6 address, and the network routing address allocation method is mapped according to address separation. In this embodiment, the access router is allocated routing addresses in the address aggregation manner according to the network topology, and the access router has a certain A large number of routing addresses are used by the access terminal to facilitate terminal location management and data packet routing and forwarding; according to the IP address, the current domain location management of the access terminal can be implemented, and the intermediate router can directly implement routing and forwarding based on the IP address regardless of identity.

[0091] The access address of the access router ...

Embodiment 2

[0093] Embodiment 2: The present invention introduces in the address separation mapping network the network topology structure diagram that realizes the real identity confirmation of the access terminal is as follows: Figure 5 As shown, Figure 5 The schematic diagram of the authentication process of terminal A by the access router AR1 is as follows: Image 6 Shown.

[0094] in Image 6 In the data packet P, N1 is the pseudo-random number generated by the terminal A for this session; in the data packet V, N1 is the pseudo-random number in P; N2 is the pseudo-random number generated by the access router in this session ; DH is the initial parameter of Diffie-Hellman key exchange; iface is the identification of the data packet P arriving at the AR1 interface; HMAC rs It is the message authentication code of N2, D-H, iface and other domains; rs is the password for accessing the router, which recurs every minute.

[0095] In the data packet M, {Cert_1} represents the ciphertext of the...

Embodiment 3

[0107] Embodiment 3: The process of mutual confirmation of the true identities of terminal A and terminal B introduced in the address separation mapping network of the present invention is as follows: Figure 7 Shown.

[0108] in Figure 7 In the data packet P', N4 is the pseudo random number generated by the terminal A for this session; in the data packet V', N4 is the pseudo random number in P'; N5 is the pseudo random number generated by the terminal B in this session Pseudo-random number; D-H' is the initial parameter of the Diffie-Hellman key exchange; iface' is the identification of the data packet P arriving at the terminal B interface; HMAC rs‘ It is the message authentication code of N5, D-H’, iface’ and other domains; rs’ is the password of terminal B, which recurs every minute.

[0109] In the data packet M', {Cert_1} represents the ciphertext of the digital certificate of the terminal A, and the encryption key is the session key obtained by calculating the Diffie-Hellm...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method of identifying user identity by a digital certificate based on a separating mapping network, which adopts an IP address as a routing address and constructs an access address by the digital certificate. The method comprises the following steps: firstly acquiring the digital certificate from a certification authority when a user accesses to a network; then using the digital certificate to confirm the user true identity so as to prevent an illegal user accessing to the network; and when carrying out mutual communication among communication terminals, confirmingrespective identity information by using the digital certificate. The invention introduces a system of using the digital certificate to confirm the user identity aiming at an address separating mapping network, and realizes the true identity identification of an access terminal and the mutual true identity identification between communication parties, thereby preventing the illegal user accessingto the network, standardizing the user network behavior and providing a safe network environment for the user.

Description

Technical field [0001] The invention relates to a method for verifying user identity based on a separate mapping network using a digital certificate, and belongs to the field of network technology. Background technique [0002] In the TCP / IP protocol system, the IP address represents the network topology address and host identity of the host. The dual function of this IP address representing the network topology location and host identity at the same time severely limits the mobility of the host. When the host moves to change its IP address, the two communicating parties cannot send or receive data on the originally created network layer communication link and the communication will be interrupted. One of the important reasons why the IP address is used as both a location identifier and an identity identifier is that the initial design of the Internet did not consider the movement of hosts. With the increase of mobile devices on the Internet, the disadvantages of semantic overlo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L12/56H04L29/06H04L29/12
Inventor 刘颖唐建强周华春张宏科
Owner BEIJING JIAOTONG UNIV