An address generation method, apparatus and electronic device

By selecting and padding specific addresses during the IPv6 address generation process, the problem of MAC addresses being easily reverse-engineered is solved, thereby achieving privacy protection for terminal devices and reducing the risk of privacy leaks.

CN117061480BActive Publication Date: 2026-06-23CHINA TELECOM CORP LTD TECHNOLOGY INNOVATION CENTER +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA TELECOM CORP LTD TECHNOLOGY INNOVATION CENTER
Filing Date
2023-08-03
Publication Date
2026-06-23

AI Technical Summary

Technical Problem

In existing IPv6 address generation methods, the MAC address of the terminal device can be easily reversed by the server through the EUI-64 protocol, leading to the risk of privacy leakage.

Method used

When generating an IPv6 address, the first candidate address (M bits) is selected from the network address sequence in the routing advertisement message, and the second candidate address (N bits) is selected from the MAC address to generate the target IP address. This ensures that the MAC address does not contain the complete vendor ID identifier. The address is reversed by using the set padding order and flag bit processing.

Benefits of technology

This reduces the risk of privacy leaks from terminal devices, as the server cannot determine the origin of the terminal device through the existing EUI-64 protocol, thus improving the security of the terminal device.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN117061480B_ABST
    Figure CN117061480B_ABST
Patent Text Reader

Abstract

The application provides an address generation method and device and electronic equipment, and relates to the technical field of communication. In the application, when it is determined that a routing announcement message issued by a network side is received, M-bit first candidate addresses are selected from a network address sequence of the routing announcement message, and N-bit second candidate addresses are selected from MAC addresses, then the M-bit first candidate addresses and the N-bit second candidate addresses are filled into a target IP address according to a set filling sequence to generate the target IP address. In this way, a server cannot obtain complete MAC addresses based on EUI-64 protocol address reverse calculation, and the security of terminal device privacy can be improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of communication technology, and in particular to an address generation method, apparatus and electronic device. Background Technology

[0002] An Internet Protocol address (IP address) is an identifier used by terminal devices to connect to the Internet. There are two versions of IP addresses: IPv4 and IPv6. IPv6 is used to solve the problem of IPv4 address exhaustion.

[0003] In an IPv6 network, a Dynamic Host Configuration Protocol (DHCP) server can be used to configure the IPv6 address, IP prefix, and / or other network protocols required by terminal devices operating on the IPv6 network. In addition, to facilitate the automatic generation of IPv6 addresses for communication by terminal devices when a DHCP server is not available in the IPv6 network, the EUI-64 protocol, which automatically configures stateless IPv6 addresses, can also be used.

[0004] The EUI-64 protocol first converts the terminal device's 48-bit Media Access Control Address (MAC address) into an EUI-64 address according to a set protocol standard. Then, it inserts a set number of characters into the EUI-64 address to obtain the interface identifier (64 bits) in the IPv6 address. Finally, it adds the fixed IPv6 prefix issued by the network side to the interface identifier to obtain the target IPv6 address.

[0005] However, when a terminal device accesses the Internet, the server can use the target IPv6 address generated by the EUI-64 protocol to reverse-engineer the MAC address of the terminal device. Since the MAC address includes a 24-bit vendor ID identifier and a 24-bit extended identifier, the origin of the terminal device can be determined based on the obtained MAC address, which increases the risk of privacy leakage of the terminal device. Summary of the Invention

[0006] This invention application provides an address generation method, apparatus, and electronic device to enhance the security of terminal device privacy. The specific technical solution is as follows:

[0007] Firstly, this application provides an address generation method, including:

[0008] When it is determined that a routing advertisement message sent by the network side has been received, M first candidate addresses are selected from the network address sequence of the routing advertisement message, and N second candidate addresses are selected from the MAC addresses. The address set consisting of the N second candidate addresses does not contain all vendor ID identifiers. The network address sequence represents the prefix information of the network to which the terminal device is to connect. M and N are both positive integers greater than or equal to zero.

[0009] The M-bit first candidate address and the N-bit second candidate address are filled into the target IP address according to the set filling order to generate the target IP address.

[0010] Based on the above method, the network server cannot reverse-engineer the address to obtain the MAC address based on the existing EUI-64 protocol. Even if the network server can obtain the MAC address, since the generated target IP address does not contain a complete 24-bit vendor ID identifier, the network server cannot determine the source of the terminal device based on the reverse-engineered MAC address, thereby improving the security of terminal device privacy.

[0011] In one possible implementation, the step of selecting M first candidate addresses from the network address sequence of the route advertisement message received from the network side and selecting N second candidate addresses from the MAC addresses includes:

[0012] Identify the identifier bytes in the route advertisement message;

[0013] Determine whether the value of the newly added flag bit in the identifier byte is 1;

[0014] If so, the M-bit first candidate address is selected from the network address sequence, and the N-bit second candidate address is selected from the MAC address;

[0015] If not, then determine that the EUI-64 protocol will be used as the address generation rule for the target IP address.

[0016] Based on the above methods, it is possible to determine whether the terminal device uses a method that supports IPv6 address privacy protection or the EUI-64 protocol to generate the target IP address (IPv6 address), thereby reducing the risk of terminal device privacy leakage.

[0017] In one possible implementation, selecting M first candidate addresses from the network address sequence of the routing advertisement message includes:

[0018] Determine the total number of address bits for the candidate addresses selected from the network address sequence;

[0019] Determine whether the total number of address bits is within the set address bit range;

[0020] If so, then select the first candidate address with the same number of bits as the total address from the network address sequence;

[0021] If not, a feedback message indicating that the total number of address bits does not conform to the target IP address generation rules is sent to the network side.

[0022] Based on the above method, a first set of candidate addresses that conform to the target IP address generation rules can be selected from the network address sequence, ensuring the identifiability of the generated target IP address.

[0023] In one possible implementation, the step of filling the target IP address with the M-bit first candidate address and the N-bit second candidate address in a predetermined filling order to generate the target IP address includes:

[0024] The first candidate addresses in the M-bit first candidate address are filled in the filling order, and the N-bit second candidate addresses are filled into the lower N positions of the target IP address. The remaining positions of the target IP address are filled with random numbers to obtain the filled IP address.

[0025] Determine whether the value of the address type flag in the filled IP address is zero;

[0026] If so, then the filled IP address shall be used as the target IP address;

[0027] If not, the value in the address type flag is set to zero, and the target IP address is generated.

[0028] Based on the above method, the network server cannot reverse-engineer the address to obtain the MAC address based on the existing EUI-64 protocol. Even if the network server obtains the MAC address, since the target IP address is generated based on the M-bit first candidate address in the network prefix and the N-bit second candidate address in the MAC address, and the N-bit second candidate address does not contain a complete 24-bit vendor ID identifier, the network server cannot determine the device source of the terminal device based on the reverse-engineered MAC address, thus reducing the risk of terminal device privacy leakage.

[0029] Secondly, this application provides an address generation apparatus, comprising:

[0030] The data filtering module is used to select M first candidate addresses from the network address sequence of the routing announcement message when it is determined that a routing announcement message has been received from the network side, and to select N second candidate addresses from the MAC address. The address set consisting of the N second candidate addresses does not contain all vendor ID identifiers. The network address sequence represents the prefix information of the network to which the terminal device is to connect. M and N are both positive integers greater than or equal to zero.

[0031] The address generation module is used to fill the target IP address with the M-bit first candidate address and the N-bit second candidate address in a set filling order to generate the target IP address.

[0032] In one possible implementation, the data filtering module is specifically used for:

[0033] Identify the identifier bytes in the route advertisement message;

[0034] Determine whether the value of the newly added flag bit in the identifier byte is 1;

[0035] If so, the M-bit first candidate address is selected from the network address sequence, and the N-bit second candidate address is selected from the MAC address;

[0036] If not, then determine that the EUI-64 protocol will be used as the address generation rule for the target IP address.

[0037] In one possible implementation, the data filtering module is specifically used for:

[0038] Determine the total number of address bits for the candidate addresses selected from the network address sequence;

[0039] Determine whether the total number of address bits is within the set address bit range;

[0040] If so, then select the first candidate address with the same number of bits as the total address from the network address sequence;

[0041] If not, a feedback message indicating that the total number of address bits does not conform to the target IP address generation rules is sent to the network side.

[0042] In one possible implementation, the address generation module is specifically used for:

[0043] The first candidate addresses in the M-bit first candidate address are filled in the filling order, and the N-bit second candidate addresses are filled into the lower N positions of the target IP address. The remaining positions of the target IP address are filled with random numbers to obtain the filled IP address.

[0044] Determine whether the value of the address type flag in the filled IP address is zero;

[0045] If so, then the filled IP address shall be used as the target IP address;

[0046] If not, the value in the address type flag is set to zero, and the target IP address is generated.

[0047] Thirdly, this application provides an electronic device, comprising:

[0048] Memory, used to store computer programs;

[0049] When a processor executes a computer program stored in the memory, it implements the steps of the address generation method described above.

[0050] Fourthly, this application provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of the address generation method described above.

[0051] For the various aspects of the second to fourth aspects mentioned above, and the technical effects that each aspect may achieve, please refer to the above description of the technical effects that can be achieved for the first aspect or the various possible solutions in the first aspect, which will not be repeated here. Attached Figure Description

[0052] Figure 1 A flowchart of an address generation method provided in this application;

[0053] Figure 2 A schematic diagram of the address generation system architecture provided for this application;

[0054] Figure 3 A flowchart of a target IP address generation method provided in this application;

[0055] Figure 4 A schematic diagram of an address generation device provided in this application;

[0056] Figure 5 This is a schematic diagram of the structure of an electronic device provided in this application. Detailed Implementation

[0057] To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings. The specific operational methods in the method embodiments can also be applied to the device embodiments or system embodiments. It should be noted that in the description of this application, "multiple" is understood as "at least two". "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, and B existing alone. A connected to B can represent: A and B directly connected, and A and B connected through C. Furthermore, in the description of this application, terms such as "first" and "second" are used only for distinguishing the purpose of description and should not be construed as indicating or implying relative importance or order.

[0058] The embodiments of this application will now be described in detail with reference to the accompanying drawings.

[0059] An Internet Protocol (IP) address is an identifier used by terminal devices to connect to the Internet. There are two versions of IP addresses, such as IPv4 and IPv6. IPv6 is used to address the problem of IPv4 address exhaustion.

[0060] In an IPv6 network, a Dynamic Host Configuration Protocol (DHCP) server can be used to configure the IPv6 address, IP prefix, and / or other network protocols required by terminal devices operating on the IPv6 network. In addition, to facilitate the automatic generation of IPv6 addresses for communication by terminal devices when there is no DHCP server in the IPv6 network, the EUI-64 protocol for automatic configuration of stateless IPv6 addresses can also be used.

[0061] The EUI-64 protocol first converts the terminal device's 48-bit Media Access Control address into an EUI-64 address according to the set protocol standard. Then, it inserts a set number of characters into the EUI-64 address to obtain the interface identifier (64 bits) in the IPv6 address. Finally, it adds the fixed IPv6 prefix issued by the network side to the interface identifier to obtain the target IPv6 address.

[0062] However, when a terminal device accesses the Internet, the server can use the target IPv6 address generated by the EUI-64 protocol to reverse-engineer the MAC address of the terminal device. Since the MAC address includes a 24-bit vendor ID identifier and a 24-bit extended identifier, the origin of the terminal device can be determined based on the obtained MAC address, which increases the risk of privacy leakage of the terminal device.

[0063] In view of this, in order to reduce the risk of privacy leakage of terminal devices and to prevent the server from obtaining the complete MAC address even when it reverse-engineers the EUI-64 protocol, this application provides an address generation method, which specifically includes: when it is determined that a routing advertisement message sent by the network side has been received, selecting M bits as the first candidate address from the network address sequence of the routing advertisement message, and selecting N bits as the second candidate address from the MAC address, and filling the M bits of the first candidate address and the N bits of the second candidate address into the target IP address according to the set filling order to generate the target IP address.

[0064] The method provided in this application enables a terminal device to generate a target IP address according to a set target IP address generation rule, combined with the N-bit second candidate address in the MAC address and the M-bit first candidate address in the network address sequence. Even if the server can deduce the MAC address, since the MAC address does not contain a complete manufacturer ID identifier, the server cannot determine the device origin of the terminal device based on the deduce MAC address, thereby reducing the risk of privacy leakage of the terminal device.

[0065] Reference Figure 1 The diagram shown is a flowchart of an address generation method provided in an embodiment of this application. The method includes:

[0066] S1, upon confirming that a routing advertisement message has been received from the network side, selects M first candidate addresses from the network address sequence of the routing advertisement message and N second candidate addresses from the MAC addresses.

[0067] Firstly, the method provided in this application can be applied to Figure 2 The system architecture shown includes a network server, a network side, and a terminal device, and the method provided in this application can run on the terminal device.

[0068] Network servers include servers that provide various types of services to terminal devices. For example, Internet Service Providers (ICPs) provide Internet access services, value-added services, and information services to terminal devices or users.

[0069] The network side can be an interface connected to upstream devices or the network, such as the WAN interface of a router. The network side instructs the hosts in the link to configure their IP addresses by periodically sending routing announcement messages (router announcements) to the terminal devices.

[0070] Terminal devices include various types of hosts, such as fixed or mobile network terminals like PCs, tablets, and mobile phones. Terminal devices can also send Router Solicitation (RS) requests to the network side in order to obtain Router Advertisement (RA) returned by the network side based on the RS, thereby obtaining router information in the link. This application does not impose specific restrictions on the type or number of terminal devices.

[0071] In the embodiments of this application, as shown in the appendix Figure 3 As shown, before receiving the routing advertisement message sent by the network side, the terminal device automatically generates a link-local address for the interface based on the link-local address prefix and the link layer address of the interface. In other words, when the terminal device starts the IPv6 protocol stack, each interface of the terminal device will be automatically configured with a link-local address at startup. The link-local address is used for communication between nodes on the link-local interface in the neighbor discovery protocol and stateless autoconfiguration process, and data packets using the link-local address as the source address or destination address will not be forwarded to other links.

[0072] After generating a link-local address, the terminal device can send a router request to the network side and wait for the network side to return a corresponding routing advertisement message based on the router request. In some embodiments, the network side can also send routing advertisement messages to the terminal device according to a set message sending period, for example, sending a routing advertisement message to the terminal device once every 10 minutes. This application does not impose specific restrictions on the size of the message sending period or the method by which the terminal device obtains the routing advertisement message.

[0073] In this embodiment of the application, when the terminal device determines that it has received a routing advertisement message sent by the network side, it can first identify the identifier byte in the routing advertisement message. The identifier byte is the Flag byte of the prefix (network address sequence) in the RA message. The identifier bytes are shown in Table 1 below:

[0074]

[0075] Table 1

[0076] Among them, L Flag is the on-link flag. If L Flag is 1, it means that the prefix can be used for on-link determination; otherwise, it means that the prefix is ​​not used for on-link determination. A Flag is the Autonomous Address-configuration Flag. If A Flag is 1, it means that the prefix is ​​used for stateless address configuration; otherwise, it is used for stateful address configuration. R Flag is the Router Address Flag, used for Mobile IPv6. If R Flag is 1, it means that the Prefix field contains not only prefix information but also the address of the router that sent the RA message. Reserved is a reserved bit.

[0077] In this application embodiment, P Flag is a newly added flag bit provided by this application. Setting P Flag to 1 indicates that the terminal device can generate the interface identifier in a way that supports IPv6 address privacy protection; setting PFlag to 0 indicates that the interface identifier can be generated in a way that supports EUI-64 protocol. Furthermore, this application can enable P Flag, R Flag, AFlag, and O Flag in sequence. Compared with the existing Flag byte: 1100:0000, i.e., 0xC0, the Flag byte of this application changes to: 1101:0000, i.e., 0xD0.

[0078] As shown in Table 1, after the terminal device identifies the identifier byte in the routing advertisement message, it can determine the method for generating the target IP address based on the value of the newly added flag bit (P Flag) in the flag byte. The specific steps for determining the method for generating the target IP address are as follows:

[0079] The terminal device determines whether the value of the newly added flag bit in the identifier byte is 1;

[0080] If the newly added flag is set to 1, then the method of generating the target IP address that supports IPv6 address privacy protection is determined. That is, M bits of the first candidate address are selected from the network address sequence, and N bits of the second candidate address are selected from the MAC address. The target IP address is generated based on the M bits of the first candidate address and the N bits of the second candidate address.

[0081] If the value of the newly added flag is 0, then the EUI-64 protocol will be used as the address generation method for the target IP address. That is, the target IP address will be generated based on the MAC address containing a 24-bit vendor ID identifier, a 24-bit extended identifier, and the fixed IPv6 prefix issued by the network side.

[0082] By setting additional identifier bits, terminal devices can generate target IP addresses in a manner that supports IPv6 address privacy protection or the EUI-64 protocol, thereby improving the security and privacy of terminal devices.

[0083] In this embodiment, to ensure that the target IP address (IPv6 address) generated by the terminal device meets the 128-bit requirement and can hide the vendor ID identifier in the MAC address, this application selects candidate addresses with a set total address length from the network prefix issued by the network side to generate the target IP address. The specific steps are as follows:

[0084] The terminal device first determines the total number of address bits for the candidate addresses selected from the network address sequence (network prefix). The total number of address bits can be determined based on the prefix length information of the IPv6 address broadcast in the RA message. For example, the format of the network prefix is: XXXX:XXXX:XXXX:XXXX:XXYY:YYYY:YY00:0000 / L, where X and Y represent hexadecimal integers, x represents a binary number, and L represents the prefix length information (total number of address bits) of the IP address broadcast in the RA message. When L is 64, the terminal device determines to select XXXX:XXXX:XXXX:XXXX from the network prefix as the first set of candidate addresses.

[0085] The terminal device determines whether the total address length falls within a set address length range. This range can be A bits to B bits, where A and B are positive integers greater than or equal to zero. Preferably, since the minimum prefix length for internationally allocated IPv6 addresses is currently 16, A can be set to 16. Because an IPv6 address is 128 bits long, and to allow for tracing the terminal device based on the 24-bit Extended Identifier (EUI) in the MAC address in case of a fault, B can be set to any positive integer greater than 16 and less than or equal to 104.

[0086] When a terminal device determines that the total number of address bits is within a set range of address bits, it can select M first candidate addresses that are the same as the total number of address bits from the network address sequence to obtain the first candidate address set.

[0087] When a terminal device determines that the total address length deviates from the set address length range, for example, when the total address length is 10 or 125, it sends a feedback message to the network side indicating that the total address length does not conform to the target IP address generation rules. For example, when the total address length is determined to be less than or equal to 16, the terminal device can send a first feedback message to the network side indicating that the prefix length of the IP address broadcast in the RA message is too short, and prompt the network side to modify the total address length, then resend the RA update message.

[0088] When a terminal device determines that the total address length is greater than 104, it can send a second feedback message to the network side, indicating that the prefix length of the IP address broadcast by the RA message is too long and may pose a risk to the correct identification and security of the terminal. The message will then prompt the network side to modify the total address length and resend the RA update message.

[0089] By using the above method, a first set of candidate addresses that conform to the target IP address generation rules can be selected from the network address sequence, ensuring the identifiability of the generated target IP address.

[0090] S2: Fill the target IP address with the M-bit first candidate address and the N-bit second candidate address in the set filling order to generate the target IP address.

[0091] In this embodiment, to reduce the risk of terminal privacy leakage and prevent the server from obtaining the complete MAC address even through address reverse engineering based on the EUI-64 protocol, this application sets the 7th bit (address type identifier) ​​of the highest byte (8 bits) of the 48-bit MAC address to zero. When the address type identifier is 0, it indicates that the MAC address is a global address. In some embodiments, if a target IP address is generated according to the EUI-64 protocol, typically FF-FE (HEX) needs to be inserted between the first 24 bits and the last 24 bits of the 48-bit MAC address. Then, the address type identifier is inverted to 1, and finally, a fixed 64-bit network prefix is ​​added to generate the IP address. For example, if the MAC address is 00:11:22:33:44:55, after inserting FF-FE into the MAC address, the interface identifier is obtained as 00:11:22:FF:FE:33:44:55. Then, the address type identifier (U / L bits) is inverted to 1, resulting in the update interface identifier: 0000 00. 1 0:11:22:FF:FE:33:44:55, or 02:11:22:FF:FE:33:44:55, a total of 64 bits. Finally, a 64-bit network prefix is ​​added before updating the interface identifier to generate the IP address. As can be seen from the above, the 7th bit of the highest byte (8 bits) of the MAC address, which represents the address type, is located at the 71st bit (64+7) of the IP address.

[0092] Preferably, this application sets the 71st bit of the generated IP address to 0. After the server obtains the terminal IP address, if the address is reversed according to the EUI-64 protocol, the 71st bit identifier is 1, which is not the global MAC address value used by the global unicast address. Therefore, the network server cannot reverse the address and obtain the MAC address based on the existing EUI-64 protocol.

[0093] In this embodiment, after obtaining the M-bit first candidate address, the terminal device can first determine whether M is less than or equal to 70. If M is determined to be less than or equal to 70, that is, the first candidate address does not contain an address type identifier, the terminal device can fill the M-bit first candidate address into the target IP address according to a set filling order. Specifically, the terminal device can fill the M-bit first candidate address into the target IP address in the order of high byte to low byte, as the first M bits of the target IP address. Then, it can use random numbers or fixed values ​​to fill the positions from the Mth to the 70th bits and the positions from the 72nd to the 104th bits (the remaining positions) of the target IP address. Finally, it can select the N-bit second candidate address that does not contain the complete 24-bit vendor ID identifier from the MAC address, where N is a positive integer greater than or equal to zero, and fill the N-bit second candidate address into the target IP address.

[0094] Preferably, to facilitate tracing the terminal device based on the EUI portion of the MAC address when a terminal device malfunctions, N can be 24, and the EUI portion of the MAC address, i.e., the lower 24 bits of the MAC address, can be used. The lower 24 bits of the MAC address are filled into bits 104 to 128 of the target IP address to generate the target IPv6 address. For example, if the network prefix issued by the network side is 2001:1111:2222:33:: / 56, and the MAC address of the terminal device is 01-00-5e-12-34-56, and the fixed value 0 is used to fill bits M to 70 and bits 72 to 104 of the IP address, then the generated target IP address (IPv6 address) is: 2001:1111:2222:3300:000 0 000:0000:0012:3456 This application does not impose specific restrictions on the filling order of the first candidate address, and the corresponding filling order can be adjusted according to the actual application requirements.

[0095] In this embodiment, when M is determined to be greater than 70 (and less than 104), i.e., the first candidate address contains an address type identifier, the M bits of the first candidate address are first filled into the target IP address according to the filling order described above. Then, the N bits of the second candidate address are filled into the lower N positions of the target IP address, i.e., the positions from the 104th to the 128th bits of the target IP address. Then, the M+1th to the 104th bits (remaining positions) of the target IP address are filled with a fixed value or a random number to obtain the filled IP address. Finally, it is determined whether the value of the address type flag bit in the filled IP address is zero, i.e., whether the value of the 71st flag bit is zero. If it is, the filled address is used as the target IP address. If the value of the address type flag bit is not zero, the value of the address type flag bit is set to zero to obtain an updated filled IP address, which is then used as the target IP address.

[0096] For example, assuming the prefix is ​​2001:1111:2222:3344:5566:: / 80, and the MAC address of the terminal device is 01-00-5e-12-34-56, and the M+1 to 104th bits of the IP address are filled with the fixed value 0, the generated padded IP address would be 2001:1111:2222:3344:501. 0 The generated IP address 166:0000:0012:3456, with its address type flag set to 0, can be used as an IPv6 address. Assuming the prefix is ​​2001:1111:2222:3344:5366:: / 80, and the terminal device's MAC address remains unchanged, the generated IP address will be 2001:1111:2222:3344:500. 1 Since the address type flag of the generated filled IP address is 1, the value of the address type flag is set to zero, resulting in the updated filled IP address 2001:1111:2222:3344:500. 0 166:0000:0012:3456 will update and populate the IP address as the target IP address.

[0097] In one possible implementation, after obtaining M bits of first candidate address and N bits of second candidate address, the terminal device can sequentially fill the first candidate address bits from the M bits of the first candidate address into the target IP address in descending order of the target IP address; and fill the second candidate address bits from the N bits of the second candidate address into the N positions of the lower bits of the target IP address. The remaining unfilled positions in the target IP address are filled with random numbers or fixed values ​​to obtain a filled IP address; finally, it is determined whether the address type flag bit in the filled IP address is zero. If the address type flag bit is zero, the filled IP address is used as the target IP address; if the address type flag bit is not zero, the value of the address type flag bit is set to zero to obtain an updated filled IP address, which is then used as the target IP address.

[0098] In summary, the method provided in this application, by setting an additional flag bit in the identifier byte, allows the terminal device to choose between using a method that supports IPv6 address privacy protection or the EUI-64 protocol to generate the target IP address (IPv6 address). When the terminal device generates the target IP address using the method that supports IPv6 address privacy protection, by setting the 7th bit of the address type identifier in the highest byte of the MAC address (the 71st bit in the target IP address) to zero, the network server cannot reverse-engineer the address based on the existing EUI-64 protocol to obtain the MAC address. In addition, since the target IP address is generated based on the M bits of the first candidate address in the network prefix and the N bits of the second candidate address in the MAC address, and the N bits of the second candidate address do not contain the complete 24-bit vendor ID identifier, even if the network server obtains the MAC address, it cannot obtain the complete 24-bit vendor ID identifier based on the reverse-engineered MAC address, thereby determining the device source of the terminal device and reducing the risk of terminal device privacy leakage.

[0099] Based on the methods provided in the above embodiments, this application also provides an address generation apparatus, such as... Figure 4 The diagram shown is a structural schematic of an address generation device according to an embodiment of this application. The device includes:

[0100] The data filtering module 401 is used to select M first candidate addresses from the network address sequence of the routing announcement message when it is determined that a routing announcement message sent by the network side has been received, and to select N second candidate addresses from the MAC address. The address set consisting of the N second candidate addresses does not contain all vendor ID identifiers. The network address sequence represents the prefix information of the network to which the terminal device is to connect. M and N are both positive integers greater than or equal to zero.

[0101] The address generation module 402 is used to fill the M-bit first candidate address and the N-bit second candidate address into the target IP address according to a set filling order, thereby generating the target IP address.

[0102] In one possible implementation, the data filtering module 401 is specifically used for:

[0103] Identify the identifier bytes in the route advertisement message;

[0104] Determine whether the value of the newly added flag bit in the identifier byte is 1;

[0105] If so, the M-bit first candidate address is selected from the network address sequence, and the N-bit second candidate address is selected from the MAC address;

[0106] If not, then determine that the EUI-64 protocol will be used as the address generation rule for the target IP address.

[0107] In one possible implementation, the data filtering module 401 is specifically used for:

[0108] Determine the total number of address bits for the candidate addresses selected from the network address sequence;

[0109] Determine whether the total number of address bits is within the set address bit range;

[0110] If so, then select the first candidate address with the same number of bits as the total address from the network address sequence;

[0111] If not, a feedback message indicating that the total number of address bits does not conform to the target IP address generation rules is sent to the network side.

[0112] In one possible implementation, the address generation module 402 is specifically used for:

[0113] The first candidate addresses in the M-bit first candidate address are filled in the filling order, and the N-bit second candidate addresses are filled into the lower N positions of the target IP address. The remaining positions of the target IP address are filled with random numbers to obtain the filled IP address.

[0114] Determine whether the value of the address type flag in the filled IP address is zero;

[0115] If so, then the filled IP address shall be used as the target IP address;

[0116] If not, the value in the address type flag is set to zero, and the target IP address is generated.

[0117] Based on the same inventive concept, this application also provides an electronic device that can realize the function of the aforementioned address generation device, see reference. Figure 5 The electronic device includes:

[0118] At least one processor 501 and a memory 502 connected to at least one processor 501. In this embodiment, the specific connection medium between the processor 501 and the memory 502 is not limited. Figure 5 The example shown is the connection between processor 501 and memory 502 via bus 500. Bus 500 is... Figure 5 The connections between other components are indicated by thick lines and are for illustrative purposes only, not as limiting information. The Bus 500 can be divided into address bus, data bus, control bus, etc., for ease of representation. Figure 5The term 501 is represented by a single thick line, but this does not imply that there is only one bus or one type of bus. Alternatively, the processor 501 can also be called a controller; there is no restriction on the name.

[0119] In this embodiment, memory 502 stores instructions executable by at least one processor 501. By executing the instructions stored in memory 502, at least one processor 501 can perform the address generation method described above. Processor 501 can implement... Figure 4 The functions of each module in the device shown.

[0120] The processor 501 is the control center of the device. It can connect to various parts of the control device through various interfaces and lines. By running or executing instructions stored in memory 502 and calling data stored in memory 502, the processor can perform various functions and process data, thereby monitoring the device as a whole.

[0121] In one possible design, processor 501 may include one or more processing units. Processor 501 may integrate an application processor and a modem processor, wherein the application processor mainly handles the operating system, user interface, and applications, and the modem processor mainly handles wireless communication. It is understood that the modem processor may also not be integrated into processor 501. In some embodiments, processor 501 and memory 502 may be implemented on the same chip; in some embodiments, they may also be implemented on separate chips.

[0122] Processor 501 can be a general-purpose processor, such as a central processing unit (CPU), digital signal processor, application-specific integrated circuit, field-programmable gate array or other programmable logic device, discrete gate or transistor logic device, or discrete hardware component, capable of implementing or executing the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor can be a microprocessor or any conventional processor. The steps of the address generation method disclosed in the embodiments of this application can be directly manifested as execution by a hardware processor, or execution by a combination of hardware and software modules within the processor.

[0123] Memory 502, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. Memory 502 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (RAM), static random access memory (SRAM), programmable read-only memory (PROM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), magnetic storage, magnetic disk, optical disk, etc. Memory 502 can be any other medium capable of carrying or storing desired program code in the form of instructions or data structures that can be accessed by a computer, but is not limited thereto. In the embodiments of this application, memory 502 can also be a circuit or any other device capable of implementing storage functions for storing program instructions and / or data.

[0124] By designing and programming the processor 501, the code corresponding to the address generation method described in the foregoing embodiments can be embedded into the chip, thereby enabling the chip to execute the code during operation. Figure 1 The steps of the address generation method in the illustrated embodiment are as follows. How to design and program the processor 501 is a technique well-known to those skilled in the art and will not be described further here.

[0125] Based on the same inventive concept, embodiments of this application also provide a storage medium storing computer instructions that, when executed on a computer, cause the computer to perform the address generation method described above.

[0126] In some possible implementations, various aspects of the address generation method provided in this application may also be implemented as a program product comprising program code that, when the program product is run on a device, causes the control device to perform the steps in the address generation method according to the various exemplary embodiments of this application described above.

[0127] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0128] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0129] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0130] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0131] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if such modifications and variations fall within the scope of the claims of this application and their equivalents, this application also intends to include such modifications and variations.

Claims

1. An address generation method, characterized in that, include: When it is determined that a routing advertisement message sent by the network side has been received, M first candidate addresses are selected from the network address sequence of the routing advertisement message, and N second candidate addresses are selected from the MAC addresses. The address set consisting of the N second candidate addresses does not contain all vendor ID identifiers. The network address sequence represents the prefix information of the network to which the terminal device is to connect. M and N are both positive integers greater than or equal to zero. The first candidate addresses in the M-bit first candidate address are filled in sequentially according to the set filling order, and the N-bit second candidate addresses are filled into the N positions of the lower bits of the target IPv6 address. The remaining positions of the target IPv6 address are filled with random numbers or fixed values ​​to obtain the final target IPv6 address.

2. The method as described in claim 1, characterized in that, When it is determined that a routing advertisement message sent by the network side has been received, the step of selecting M first candidate addresses from the network address sequence of the routing advertisement message and selecting N second candidate addresses from the MAC addresses includes: Identify the identifier bytes in the route advertisement message; Determine whether the value of the newly added flag bit in the identifier byte is 1; If so, the M-bit first candidate address is selected from the network address sequence, and the N-bit second candidate address is selected from the MAC address; If not, then determine that the EUI-64 protocol will be used as the address generation rule for the target IP v6 address.

3. The method as described in claim 1, characterized in that, The step of selecting M first candidate addresses from the network address sequence of the routing advertisement message includes: Determine the total number of address bits for the candidate addresses selected from the network address sequence; Determine whether the total number of address bits is within the set address bit range; If so, then select the first candidate address with the same number of bits as the total address from the network address sequence; If not, a feedback message indicating that the total number of address bits does not conform to the target IPv6 address generation rules is sent to the network side.

4. The method as described in claim 1, characterized in that, Obtaining the final target IPv6 address includes: Determine whether the value of the address type flag in the target IPv6 address is zero; If so, then the target IPv6 address shall be used as the final target IPv6 address; If not, the value in the address type flag is set to zero to generate the final target IPv6 address.

5. An address generation device, characterized in that, include: The data filtering module is used to select M first candidate addresses from the network address sequence of the routing announcement message when it is determined that a routing announcement message has been received from the network side, and to select N second candidate addresses from the MAC address. The address set consisting of the N second candidate addresses does not contain all vendor ID identifiers. The network address sequence represents the prefix information of the network to which the terminal device is to connect. M and N are both positive integers greater than or equal to zero. The address generation module is used to fill each bit of the first candidate address in the M-bit first candidate address in a set filling order, and fill the N-bit second candidate address into the N positions of the lower bits of the target IPv6 address. The remaining positions of the target IPv6 address are filled with random numbers or fixed values ​​to obtain the final target IPv6 address.

6. The apparatus as claimed in claim 5, characterized in that, The data filtering module is specifically used for: Identify the identifier bytes in the route advertisement message; Determine whether the value of the newly added flag bit in the identifier byte is 1; If so, the M-bit first candidate address is selected from the network address sequence, and the N-bit second candidate address is selected from the MAC address; If not, then determine the EUI-64 protocol as the address generation rule for the target IPv6 address.

7. The apparatus as claimed in claim 5, characterized in that, The data filtering module is specifically used for: Determine the total number of address bits for the candidate addresses selected from the network address sequence; Determine whether the total number of address bits is within the set address bit range; If so, then select the first candidate address with the same number of bits as the total address from the network address sequence; If not, a feedback message indicating that the total number of address bits does not conform to the target IPv6 address generation rules is sent to the network side.

8. The apparatus as claimed in claim 5, characterized in that, The address generation module is specifically used for: Determine whether the value of the address type flag in the filled IP address is zero; If so, the filled IP address shall be used as the target IPv6 address; If not, the value in the address type flag is set to zero, and the target IPv6 address is generated.

9. An electronic device, characterized in that, include: Memory, used to store computer programs; A processor, when executing a computer program stored in the memory, implements the method steps of any one of claims 1-4.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the steps of the method described in any one of claims 1-4.