CN102045163A - Source-tracing method and system for anonymous communication - Google Patents
Source-tracing method and system for anonymous communication Download PDFInfo
- Publication number
- CN102045163A CN102045163A CN2009101808217A CN200910180821A CN102045163A CN 102045163 A CN102045163 A CN 102045163A CN 2009101808217 A CN2009101808217 A CN 2009101808217A CN 200910180821 A CN200910180821 A CN 200910180821A CN 102045163 A CN102045163 A CN 102045163A
- Authority
- CN
- China
- Prior art keywords
- node
- identify label
- true identity
- source
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a source-tracing method for anonymous communication, which comprises the following steps of: sending a source-tracing inquiring request to an accessed access node by a node, and carrying an anonymous identity identifier in the source-tracing inquiring request; after the source-tracing inquiring request is received by the access node, inquiring a corresponding true identity identifier according to the anonymous identity identifier; and sending the inquired true identity identifier to the node. The invention considers that an IP (Internet Protocol) address can be dynamically allocated and can be juggled, and the source tracing of the IP address can not represent the positioning to a user; an AID (Application Identifier) is the true identity of the user, and wherever the user is located, the AID is unique, and the positioning to the AID is the positioning to the user; and an RID (Relative Identifier) is the position identifier of the user, an edge router accessed to the user is also identified, and the position of the user is inquired when the RID is positioned.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of source tracing method and system of anonymous communication.
Background technology
At present, the IP address has dual-use function in the widely used TCP/IP in internet (transmission control protocol/internet interconnection protocol) agreement, both as the station location marker of communication terminal host network interface in network topology of network layer, again as the identify label of transport layer host network interface.Do not consider the situation that main frame moves at the beginning of the ICP/IP protocol design.But when main frame moved more and more generally, the semanteme overload defective of this IP address was obvious day by day.When the IP address of main frame changed, not only route will change, and the identify label of communication terminal main frame also changes, and can cause routing overhead more and more heavier like this, and the variation of host identification can cause using and the interruption that is connected.
Purpose that identify label separates with station location marker proposed be to solve the semanteme overload of IP address and routing overhead seriously and problem such as fail safe, the dual-use function of IP address is separated, realize the support that the problems such as exchanging visit between the heterogeneous networks zone in routing overhead and the Next Generation Internet are dynamically heavily distributed, alleviated in mobility, many locals property, IP address.
The solution of separating with the position about identify label in the prior art mainly contains two kinds, a kind of realization that is based on main frame, another kind is based on the realization of router, there are relevant multiple technologies to support again in every kind of realization. Host Based existing main agreement is host identity protocol (Host IdentityProtocol, be called for short HIP), existing main agreement based on route is an address identity separated protocol (Locator/ID Separation Protocol is called for short LISP) etc.
HIP is a kind of main frame mobility associated protocol, and HIP is separated into end sign and station location marker with the IP address.The basic thought of HIP is to have introduced 3.5 layers host identity layer (Host Identity Layer between three-layer network layer and the 4th layer of transport layer, be called for short HIL), promptly between name space and IP address space, introduced host identification (Host Identity is called for short HI) space.Host identity layer is separated original closely-coupled transport layer and network layer, and the role who identifies main frame is no longer played the part of in the IP address, the routing forwarding of its responsible packet, and promptly only as finger URL, Hostname is represented by hostid.HIL is logically between network layer and transport layer, and transport layer is used the transport layer identifier, finishes hostid and IP address transition in the packet by the hostid layer.Network layer shields for transport layer, and any variation of network layer (for example, the variation of host IP address in communication process) can not influence the transport layer link, unless service quality changes.
Connection based on the transport layer of HIP agreement is based upon on the host identification, and the IP address only is used for the network layer route, and is not used further to identify host identities.The key idea of HIP is exactly the close-coupled that disconnects network layer and transport layer, makes the influence that is not subjected to the IP address change that is connected of application layer and transport layer.When the IP address changed in a connection, HI remained unchanged, and had guaranteed not interrupting of connection thus.In the main frame of supporting HIP, the IP address just is used for route and addressing function, and HI then is used for identifying one and connects pairing end host, replaces connecting employed IP address in the socket.
LISP has reused route technology, and existing route topological structure has been had certain change, in conjunction with existing transmission net, and the existing route tranmission techniques that utilized minimum transformation and optimization.
Main frame uses the IP address, is called in LISP system that EID (Endpoint Identifiers, end sign) follows the tracks of socket (socket), bag connects, transmits and receive data.
Router is based on IP destination address RLOCs (Routing Locators, routing address) Data transmission bag.
In LISP system, introduced the tunnel route, when initiating the main frame bag, encapsulated LISP and before finally being delivered to the destination, packet is carried out decapsulation.The IP address of " outer header " is RLOCs in the LISP packet.Carry out between the main frame of two networks in the packet switch process end to end, ITR (Ingress Tunnel Router, inlet tunnel router) seals for each and adorns a new LISP head, peels off new head in the exit passageway route.ITR carries out EID-to-RLOC and searches to be determined to the routed path of ETR (EgressTunnel Router, exit tunnel router), and ETR is with the address of RLOC as it.
LISP is based on network agreement, only influences network portion, and more definite is existing Internet backbone (backbone network) part of only influence, does not influence the Access Layer and the subscriber's main station of existing network, is fully transparent to main frame.
In above-mentioned existing identify label and solution that station location marker separates, all must search corresponding station location marker with user's identify label.This identify label must be the true identity of communication node, and identify label must be transmitted between communication node, otherwise can't determine the station location marker of communication node, can't set up the contact between communication node.
Consideration for fail safe and business characteristic, a large amount of applied business is carried out with anonymous way in the existing Internet network, in identify label and solution that station location marker separates, user applies after the anonymous communication business, network generally replaces with an anonymous identification with user's user name or identify label, and Correspondent Node can't be according to this anonymous identification awareness information sender's identity.
But invalid information on the network and junk information also often adopt anonymous communication, can destroy network security, for national information supervision department or individual, need sometimes anonymous communication is traced to the source, with the source of location invalid information and junk information.
Online in traditional Internet, existing source tracing method all is to trace to the source according to the source IP address in the packet, find the three-tier switch and the Layer 2 switch of the network segment under this IP address according to source IP address, inquire about the physical address table of two layers and three-tier switch, navigate to the port numbers of two layers and three-tier switch.
There is wretched insufficiency in the source tracing method of existing Internet network: because the IP address often is a dynamic assignment, the port numbers of two and the three-tier switch that find of tracing to the source is just effectively interim, and the online IP address of Internet can be maliciously tampered, and traces to the source complete failure according to the IP address in this case.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of source tracing method and system of anonymous communication, solves the IP address invalid problem of tracing to the source, and realizes tracing to the source to anonymous communication in identify label and the station location marker separated network.
For solving the problems of the technologies described above, the source tracing method of a kind of anonymous communication of the present invention comprises:
Node sends the query requests of tracing to the source to the access node that is inserted, and carries anonymous identify label in this traces to the source query requests;
After access node receives the query requests of tracing to the source, the true identity sign corresponding according to this anonymity identify label inquiry; And the true identity that inquires sign sent to node.
Further, access node carries anonymous identify label by send the corresponding true identity sign of identity lookup request inquiry to mapping node in this identity lookup request;
After mapping node received identity lookup request, the corresponding true identity of inquiry identified from the true identity sign-anonymous identify label mapping table of being preserved, and the true identity sign that inquires is returned to access node.
Further, after mapping node inquired the true identity sign, also this true identity of inquiry identified corresponding station location marker from identify label-station location marker mapping table of being preserved, and this station location marker is returned to access node;
Access node sends to node with the station location marker that this receives.
Further, identify label is adopted and is inserted sign (AID), and station location marker adopts Route Distinguisher (RID).
Further, after access node receives the query requests of tracing to the source, before the corresponding true identity of inquiry identifies, also whether possesses the service authority of tracing to the source to authentication center's query node;
Authentication center returns acknowledge message to access node after confirming that node has authority, after access node receives the confirmation message, carries out the operation according to the corresponding true identity sign of this anonymity identify label inquiry.
Further, a kind of traceability system of anonymous communication comprises: the access node that node and this node insert, wherein:
Node is used for sending the query requests of tracing to the source to access node, carries anonymous identify label in this traces to the source query requests;
Access node is used for after receiving the query requests of tracing to the source, the true identity sign corresponding according to this anonymity identify label inquiry; And the true identity that inquires sign sent to node.
Further, this system also comprises: mapping node;
Access node carries anonymous identify label by send the corresponding true identity sign of identity lookup request inquiry to mapping node in this identity lookup request;
Mapping node is used for after receiving identity lookup request, and the corresponding true identity of inquiry identifies from the true identity sign-anonymous identify label mapping table of being preserved, and the true identity sign that inquires is returned to access node.
Further, mapping node also is used for after inquiring the true identity sign, and this true identity of inquiry identifies corresponding station location marker from identify label-station location marker mapping table of being preserved, and this station location marker is returned to access node;
Access node also is used for this station location marker that receives is sent to node.
Further, identify label is adopted and is inserted sign (AID), and station location marker adopts Route Distinguisher (RID).
Further, this system also comprises: authentication center;
Access node also is used for after receiving the query requests of tracing to the source, and before the corresponding true identity of inquiry identifies, whether possesses the service authority of tracing to the source to authentication center's query node; And after receiving the affirmation message of authentication center, carry out operation according to the corresponding true identity sign of this anonymity identify label inquiry.
Authentication center is used for returning acknowledge message to access node after confirming that node has authority.
Further, a kind of source tracing method of anonymous communication, be applied in identify label and the network architecture that station location marker separates, this network architecture comprises: second access node that first node, Section Point and Section Point insert, wherein, first node has been opened the anonymous communication business and has been assigned anonymous identify label, and this method comprises:
First node sends datagram to Section Point, comprises the anonymous identify label of first node in this data message;
After Section Point receives data message, send the query requests of tracing to the source, the anonymous identify label of in this traces to the source query requests, carrying first node to second access node;
After second access node receives the query requests of tracing to the source, according to the true identity sign of this anonymity identify label inquiry first node; And the true identity that inquires sign sent to Section Point.
Further, the network architecture also comprises: mapping node, preserve true identity sign-anonymous identify label mapping table in this mapping node;
Second access node carries anonymous identify label by send the true identity sign of identity lookup request inquiry first node to mapping node in this identity lookup request;
After mapping node received identity lookup request, the corresponding true identity of inquiry identified from true identity sign-anonymous identify label mapping table, and the true identity sign that inquires is returned to second access node.
Further, a kind of traceability system of anonymous communication, this system comprises: second access node that first node, Section Point and Section Point insert, wherein, first node has been opened the anonymous communication business and has been assigned anonymous identify label;
First node is used for sending datagram to Section Point, comprises the anonymous identify label of first node in this data message;
Section Point is used for after receiving data message, sends the query requests of tracing to the source, the anonymous identify label of carrying first node in this traces to the source query requests to second access node;
Second access node is used for after receiving the query requests of tracing to the source, according to the true identity sign of this anonymity identify label inquiry first node; And the true identity that inquires sign sent to Section Point.
Further, this system also comprises: mapping node, preserve true identity sign-anonymous identify label mapping table in this mapping node;
Second access node carries anonymous identify label by send the true identity sign of identity lookup request inquiry first node to mapping node in this identity lookup request;
Mapping node is used for after receiving identity lookup request, and the corresponding true identity of inquiry identifies from true identity sign-anonymous identify label mapping table, and the true identity sign that inquires is returned to second access node.
In sum, the present invention considers that the IP address can dynamic assignment can be distorted, being traceable to the IP address can not represent and navigate to the user, and AID is user's a true identity, no matter where the user is, AID is unique, navigate to AID and promptly navigate to the user, and RID is user's a station location marker, also sign inserts user's edge router, navigate to RID and promptly find the residing position of user, and core layer and Access Layer are isolated mutually in identify label and network that station location marker separates, and the user can not visit core layer, also just can't be in data transmission procedure the AID and the RID of altered data bag, guaranteed the user AID of being traceable to and the real effectiveness of RID.
Description of drawings
Fig. 1 is based on the network topology schematic diagram of identity position separation architecture;
Fig. 2 is the flow chart of the source tracing method of anonymous communication of the present invention.
Embodiment
The network architecture of separating with the position based on identify label has multiple, and Fig. 1 is the identify label of the embodiment of the invention and the network topology schematic diagram of position separation architecture, wherein shows the key network element/functional entity of system architecture related to the present invention.
As shown in Figure 1, present embodiment is described to be divided into Access Network and backbone network based in the identity position separation architecture (to call this framework in the following text) with network, and Access Network is positioned at the edge of backbone network, is responsible for the access of all terminals.Backbone network is responsible for the route of difference by the terminal of Access Network access.Access service node (Access Service Node is called for short ASN) is positioned at the separation of backbone network and Access Network, with the Access Network interface, with backbone interface.ASN is used to terminal to provide access service, maintenance customer to connect and transmits user data etc.Access Network and backbone network do not have overlapping on topological relation.
Two kinds of sign types are arranged in this architecture network, insert sign (Access Identifier is called for short AID) and Route Distinguisher (Routing-Location Identifier is called for short RID).Wherein AID is the unique identify label that distributes for each user terminal in the network, uses at Access Layer, and remains constant in the moving process of user terminal; Use AID sign opposite end between the user terminal of this architecture network inside, only need between user terminal to use the AID of opposite end to communicate.
In a preferred embodiment, backbone network is divided into two planes when networking: mapping Forwarding plane, broad sense Forwarding plane.
The major function of broad sense Forwarding plane is to carry out routing and transmit data message according to the Route Distinguisher RID in the data message.Data routing forwarding behavior in the broad sense Forwarding plane is consistent with traditional IP.
The major function of mapping Forwarding plane be preserve the map information (being the map information between the RID-AID) of mobile node identity position, handle mobile node the registration flow process, handle the position enquiring flow process of Correspondent Node, and route and to transmit to insert sign AID be the data message of destination address.
In the based on network identify label and position separation architecture of present embodiment, the main network element and the functional entity that relate to are as follows:
User terminal: in this framework, the user terminal of access can be one or more in mobile node, stationary nodes and the nomadic node.
Access Network: be used to user terminal that two layers of (physical layer and link layer) access service are provided.Access Network can be a base station system, as BSS (Base Station Subsystem, base station sub-system), RAN (Radio Access Network, wireless access network), eNodeB (evolved Node B, the Node B of evolution) etc., also can be xDSL (Digital Subscriber Line, Digital Subscriber Line), AP (Access Point, wireless access points) etc.
ASN: the annexation of maintenance terminal and backbone network, be terminal distribution RID, handle switching flow, handle and register flow process, charging/authentication, the AID-RID mapping relations of maintenance/inquiry communication opposite end, encapsulation, route and transmit are sent to the data message that terminal or terminal are sent.
When ASN receives the data message that terminal sends, AID according to the CN in the message searches its corresponding RID in this locality: if find corresponding AID-RID map entry, then replace the mode of AID or in the mode that encapsulates RID data message forwarding is arrived backbone network with RID in data message; If do not find corresponding AID-RID map entry, then send querying flow to ILR, to obtain AID-RID mapping table clauses and subclauses, in the related data message, data message forwarding is gone out then in the mode of RID replacement AID or in the mode of encapsulation RID; Or when ILR sends inquiry, data message forwarding is being carried out routing forwarding to backbone network, after the AID-RID mapping relations of receiving the CN that ILR returns, preserve the AID-RID mapping of CN at local cache;
ASN after the RID of the peeling outer layer encapsulation, issues terminal when receiving the data message of network destined terminal.
CR (Common Router, generic router): route and forwarding are the data message of source address/destination address with the RID form.
Authentication center: the user property of being responsible for the minute book architecture network; comprise information such as class of subscriber, authentication information, user's grade of service; generation is used for the user security information of authentication, integrity protection and encryption, carries out the legitimacy authentication and authorization when the user inserts.Authentication center supports the bi-directional authentification between this architecture network and user.
ILR/PTF (Identity Location Register/Packet Transfer Function, identity location register/packet forward function): ILR and PTF can be two functional modules on the same entity, are arranged in the mapping Forwarding plane of backbone network.
ILR is responsible for safeguarding/preserving the AID-RID mapping relations of user in based on network identify label and the position separation architecture, realizes registering function, handles the position enquiring flow process of Correspondent Node.Particularly, when terminal (Mobile Node is called for short MN) start or occurrence positions variation, will initiate registration process to ILR, just preserve the mapping relations of the real-time AID-RID of MN like this among the ILR by the ASN at place.
PTF is also transmitted according to purpose AID route by PTF after receiving the data message that ASN sends to.After the PTF node is found the mapping relations of purpose AID-RID to ILR in the mapping Forwarding plane, encapsulate the RID information of finding and be forwarded to the ASN that is routed to the Correspondent Node place in the broad sense Forwarding plane at the data message head.
The terminal use's of effective legal duration access sign AID remains constant based in identify label and the framework that station location marker separates above-mentioned, and Route Distinguisher RID identifies the position of the ASN at current place.In the end-to-end communication process, the access identification AID of source end need be carried to Correspondent Node as source address in data message, Correspondent Node can be known source end identity according to the source address that data message carries.
Network guarantees the true and reliable of user identity by the authentication to user identity with network credit, has made up a trust domain in network.Network adopts diverse ways to the method for authenticating of user identity according to different network systems, can be the user is inserted the direct authentication of sign AID; Also can carry out authentication to other user ID (for example, IMSI International Mobile Subscriber Identity IMSI and network user identifier NAI etc.) of identification user in the network, the network equipment will be preserved the corresponding informance between this user ID and the AID.
Existing Access Network (RAN) part can guarantee two layers of connection safety, and data message is not distorted when guaranteeing terminal use's access network.For example: cdma wireless inserts the code division multiple access mode that adopts; ADSL adopts special line or VLAN isolation method; GSM adopts FDMA.All terminal uses are the effective validated users by authentication.The terminal use is when access network, with the point-to-point annexation of setting up between the ASN of terminal use and network.ASN is bundled in terminal with terminal use's AID and is connected with end-to-end user between ASN, send the source address of message and this user's AID does not match if connect from this user, ASN will abandon data message, like this, the framework that separates based on the identity position can guarantee that terminal use's AID is not by counterfeit and change.
ASN and from source ASN to the communication equipment the purpose ASN, comprising: ILR/PTF, CR and authentication center etc., provide by network operation and manager, guarantee the data message safety of transmission by network credit, guarantee that data message is true and reliable.Therefore, the framework that separates based on the identity position can make up a trust domain with network credit in network, guarantee to carry out two ends identity true and reliable of data communication.
Consideration for fail safe and business characteristic, the a large amount of applied business of existing Internet net is carried out with anonymous way, the solution that identify label separates with the position still need provide the anonymous communication business on the basis that has made up a system of real name trust domain, to satisfy the needs that business is carried out.
In identify label and network that station location marker separates, the identify label of supposing terminal use (MN) is AIDm, the general flow of anonymous communication is: the user is after application and starting the anonymous communication business, by authentication center is to start anonymous professional user terminal to distribute to be used for an anonymous identify label (anonymous identify label AIDx), and set up the mapping table of AIDm-AIDx, and this mapping table is registered to ASN and ILR.When transmitting data message, after ASN receives the data message that MN sends, the AIDm of data message is replaced with AIDx, on backbone network, transmit, the Correspondent Node of MN (CN) is received the data message with anonymous identify label AIDx.
In the present embodiment, consideration for network security, when network supervision department or personal user want to know the true identity of anonymous terminal, need trace to the source to anonymous communication, with the source of location invalid information and junk information, for this reason, can be according to anonymous identify label AIDx, inquire anonym's real AID, further inquire the station location marker of anonymous terminal again according to real AID.
Figure 2 shows that the method that embodiment of the present invention is traced to the source to anonymous communication, suppose that MN has opened the anonymous communication business and distributed anonymous identify label AIDx, the access of this MN is designated AIDm, the ASNm that is inserted has distributed RIDm for it, and, preserved AIDm-RIDm map information and the AIDm-AIDx mapping table of this MN among the ILR, this method comprises:
201:MN sends datagram to Correspondent Node CN, comprises the anonymous identify label AIDx of MN in this data message;
MN sends to ASNm with data message, and ASNm replaces with AIDx with the AIDm of this data message, sends to the ASN (ASNc) that CN inserts by backbone network, and ASNc gives CN with data message forwarding.
202: after Correspondent Node CN receives the data message of MN, initiate to trace to the source query requests, in this request, carry parameter A IDx to the ASNc that inserts;
Whether 203:ASNc possesses the service authority of tracing to the source to the inquiry CN of authentication center;
204: authentication center authenticates by the back and sends acknowledge message to ASNc;
Step 203 and 204 is an optional step according to the operation needs.
205:ASNc initiates identity lookup request to ILR, carries parameter A IDx in this request;
After 206:ILR receives this query requests,, find MN true identity sign AIDm according to AIDx inquiry AIDm-AIDx mapping table;
207:ILR finds the station location marker RIDm of MN according to AIDm inquiry AIDm-RIDm mapping table;
208:ILR returns to ASNc with AIDm and the RIDm that finds;
209:ASNc returns to terminal use CN with AIDm and the RIDm of the MN that receives.
The present invention also provides a kind of traceability system of anonymous communication, comprising: access node, mapping node and authentication center that node, this node insert, wherein:
Node is used for sending the query requests of tracing to the source to access node, carries anonymous identify label in this traces to the source query requests;
Access node is used for whether possessing the service authority of tracing to the source to authentication center's query node after receiving the query requests of tracing to the source; And after receiving the affirmation message of authentication center, send the corresponding true identity sign of identity lookup request inquiry to mapping node, in this identity lookup request, carry anonymous identify label; And the true identity that inquires sign sent to node; Also the station location marker that this is received sends to node.
Mapping node is used for after receiving identity lookup request, and the corresponding true identity of inquiry identifies from true identity sign-anonymous identify label mapping table, and the true identity sign that inquires is returned to access node; And after inquiring the true identity sign, this true identity of inquiry identifies corresponding station location marker from identify label-station location marker mapping table, and this station location marker is returned to access node;
Authentication center is used for returning acknowledge message to access node after confirming that node has authority.
AID is adopted in above-mentioned identify label, and station location marker adopts RID.
The present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (14)
1. the source tracing method of an anonymous communication is applied to it is characterized in that in identify label and the network that station location marker separates, comprising:
Node sends the query requests of tracing to the source to the access node that is inserted, and carries anonymous identify label in this traces to the source query requests;
After described access node receives the described query requests of tracing to the source, the true identity sign corresponding according to this anonymity identify label inquiry; And the true identity that inquires sign sent to described node.
2. the method for claim 1 is characterized in that,
Described access node carries described anonymous identify label by send the corresponding true identity sign of identity lookup request inquiry to mapping node in this identity lookup request;
After described mapping node received described identity lookup request, the corresponding true identity of inquiry identified from the true identity sign-anonymous identify label mapping table of being preserved, and the true identity sign that inquires is returned to described access node.
3. method as claimed in claim 2 is characterized in that,
After described mapping node inquired described true identity sign, also this true identity of inquiry identified corresponding station location marker from identify label-station location marker mapping table of being preserved, and this station location marker is returned to described access node;
Described access node sends to described node with this station location marker that receives.
4. method as claimed in claim 3 is characterized in that, described identify label is adopted and inserted sign (AID), and described station location marker adopts Route Distinguisher (RID).
5. the method for claim 1 is characterized in that,
After described access node receives the described query requests of tracing to the source, before the corresponding true identity of inquiry identifies, also inquire about described node and whether possess the service authority of tracing to the source to authentication center;
Described authentication center returns acknowledge message to access node after confirming that described node has authority, after described access node receives the confirmation message, carries out described operation according to the corresponding true identity sign of this anonymity identify label inquiry.
6. the traceability system of an anonymous communication is applied to comprise in identify label and the network that station location marker separates: the access node that node and this node insert, wherein:
Described node is used for sending the query requests of tracing to the source to described access node, carries anonymous identify label in this traces to the source query requests;
Described access node is used for after receiving the described query requests of tracing to the source, the true identity sign corresponding according to this anonymity identify label inquiry; And the true identity that inquires sign sent to described node.
7. system as claimed in claim 6 is characterized in that this system also comprises: mapping node;
Described access node carries described anonymous identify label by send the corresponding true identity sign of identity lookup request inquiry to described mapping node in this identity lookup request;
Described mapping node is used for after receiving described identity lookup request, and the corresponding true identity of inquiry identifies from the true identity sign-anonymous identify label mapping table of being preserved, and the true identity sign that inquires is returned to described access node.
8. system as claimed in claim 7 is characterized in that,
Described mapping node also is used for after inquiring described true identity sign, and this true identity of inquiry identifies corresponding station location marker from identify label-station location marker mapping table of being preserved, and this station location marker is returned to described access node;
Described access node also is used for this station location marker that receives is sent to described node.
9. system as claimed in claim 8 is characterized in that, described identify label is adopted and inserted sign (AID), and described station location marker adopts Route Distinguisher (RID).
10. system as claimed in claim 6 is characterized in that this system also comprises: authentication center;
Described access node also is used for after receiving the described query requests of tracing to the source, and before the corresponding true identity of inquiry identifies, inquires about described node to authentication center and whether possesses the service authority of tracing to the source; And after receiving the affirmation message of described authentication center, carry out described operation according to the corresponding true identity sign of this anonymity identify label inquiry.
Described authentication center is used for returning acknowledge message to access node after confirming that described node has authority.
11. the source tracing method of an anonymous communication, be applied in identify label and the network architecture that station location marker separates, this network architecture comprises: second access node that first node, Section Point and Section Point insert, wherein, described first node has been opened the anonymous communication business and has been assigned anonymous identify label, and this method comprises:
First node sends datagram to Section Point, comprises the anonymous identify label of first node in this data message;
After described Section Point receives described data message, send the query requests of tracing to the source, the anonymous identify label of in this traces to the source query requests, carrying described first node to described second access node;
After described second access node receives the described query requests of tracing to the source, inquire about the true identity sign of described first node according to this anonymity identify label; And the true identity that inquires sign sent to described Section Point.
12. method as claimed in claim 11 is characterized in that, the described network architecture also comprises: mapping node, preserve true identity sign-anonymous identify label mapping table in this mapping node;
Described second access node is inquired about the true identity sign of described first node by send identity lookup request to described mapping node, carries described anonymous identify label in this identity lookup request;
After described mapping node received described identity lookup request, the corresponding true identity of inquiry identified from described true identity sign-anonymous identify label mapping table, and the true identity sign that inquires is returned to described second access node.
13. the traceability system of an anonymous communication, be applied in identify label and the network that station location marker separates, this system comprises: second access node that first node, Section Point and Section Point insert, wherein, described first node has been opened the anonymous communication business and has been assigned anonymous identify label;
Described first node is used for sending datagram to Section Point, comprises the anonymous identify label of first node in this data message;
Described Section Point is used for after receiving described data message, sends the query requests of tracing to the source, the anonymous identify label of carrying described first node in this traces to the source query requests to described second access node;
Described second access node is used for after receiving the query requests of tracing to the source, and inquires about the true identity sign of described first node according to this anonymity identify label; And the true identity that inquires sign sent to described Section Point.
14. system as claimed in claim 13 is characterized in that, this system also comprises: mapping node, preserve true identity sign-anonymous identify label mapping table in this mapping node;
Described second access node is inquired about the true identity sign of described first node by send identity lookup request to described mapping node, carries described anonymous identify label in this identity lookup request;
Described mapping node is used for after receiving described identity lookup request, and the corresponding true identity of inquiry identifies from described true identity sign-anonymous identify label mapping table, and the true identity sign that inquires is returned to described second access node.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101808217A CN102045163A (en) | 2009-10-15 | 2009-10-15 | Source-tracing method and system for anonymous communication |
| PCT/CN2010/076950 WO2011044808A1 (en) | 2009-10-15 | 2010-09-15 | Method and system for tracing anonymous communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101808217A CN102045163A (en) | 2009-10-15 | 2009-10-15 | Source-tracing method and system for anonymous communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102045163A true CN102045163A (en) | 2011-05-04 |
Family
ID=43875826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101808217A Pending CN102045163A (en) | 2009-10-15 | 2009-10-15 | Source-tracing method and system for anonymous communication |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102045163A (en) |
| WO (1) | WO2011044808A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014085986A1 (en) * | 2012-12-04 | 2014-06-12 | 华为技术有限公司 | Method for obtaining user identity identifier, advertisement delivery method, apparatus and system |
| CN104753888A (en) * | 2013-12-31 | 2015-07-01 | 中兴通讯股份有限公司 | Message handling method and device |
| CN107276978A (en) * | 2017-04-25 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method |
| CN107730256A (en) * | 2011-09-09 | 2018-02-23 | 熊楚渝 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
| CN109076082A (en) * | 2016-04-29 | 2018-12-21 | 华为技术有限公司 | Anonymous Identity in network and agreement towards identity |
| CN111709055A (en) * | 2020-06-16 | 2020-09-25 | 四川虹微技术有限公司 | User information acquisition method and device, electronic equipment and storage medium |
| CN112529593A (en) * | 2020-11-19 | 2021-03-19 | 杭州甘道智能科技有限公司 | Washing machine circulation tracing method and system based on block chain |
| CN112752300A (en) * | 2020-12-29 | 2021-05-04 | 锐捷网络股份有限公司 | Method and device for realizing local distribution |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102892073B (en) * | 2012-09-11 | 2015-07-01 | 北京航空航天大学 | Continuous query oriented location anonymizing method applicable to location service system |
| CN103561127A (en) * | 2013-11-01 | 2014-02-05 | 中国联合网络通信集团有限公司 | Method and system for tracing source of user |
| CN105915505A (en) * | 2016-03-31 | 2016-08-31 | 中国科学院信息工程研究所 | Anonymous network user traceablility method based on TCP/IP side channel |
| CN111523888B (en) * | 2020-04-16 | 2023-09-05 | 武汉有牛科技有限公司 | On-chain data and information tracing system based on block chain technology |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483675A (en) * | 2008-01-11 | 2009-07-15 | 华为技术有限公司 | Network appliance searching method and network appliance |
| CN101521569A (en) * | 2008-02-28 | 2009-09-02 | 华为技术有限公司 | Method, equipment and system for realizing service access |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6738808B1 (en) * | 2000-06-30 | 2004-05-18 | Bell South Intellectual Property Corporation | Anonymous location service for wireless networks |
| CN100428719C (en) * | 2006-01-23 | 2008-10-22 | 北京交通大学 | Internet access method based on identity and location separation |
-
2009
- 2009-10-15 CN CN2009101808217A patent/CN102045163A/en active Pending
-
2010
- 2010-09-15 WO PCT/CN2010/076950 patent/WO2011044808A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483675A (en) * | 2008-01-11 | 2009-07-15 | 华为技术有限公司 | Network appliance searching method and network appliance |
| CN101521569A (en) * | 2008-02-28 | 2009-09-02 | 华为技术有限公司 | Method, equipment and system for realizing service access |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107730256B (en) * | 2011-09-09 | 2022-01-04 | 成都天钥科技有限公司 | Multi-factor multi-channel ID authentication and transaction control and multi-option payment system and method |
| CN107730256A (en) * | 2011-09-09 | 2018-02-23 | 熊楚渝 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
| WO2014085986A1 (en) * | 2012-12-04 | 2014-06-12 | 华为技术有限公司 | Method for obtaining user identity identifier, advertisement delivery method, apparatus and system |
| CN104040968A (en) * | 2012-12-04 | 2014-09-10 | 华为技术有限公司 | Method For Obtaining User Identity Identifier, Advertisement Delivery Method, Apparatus And System |
| CN104040968B (en) * | 2012-12-04 | 2017-06-20 | 华为技术有限公司 | Obtain method, advertisement placement method and device and the system of User Identity |
| CN104753888A (en) * | 2013-12-31 | 2015-07-01 | 中兴通讯股份有限公司 | Message handling method and device |
| CN109076082A (en) * | 2016-04-29 | 2018-12-21 | 华为技术有限公司 | Anonymous Identity in network and agreement towards identity |
| CN107276978B (en) * | 2017-04-25 | 2019-12-03 | 中国科学院信息工程研究所 | A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint |
| CN107276978A (en) * | 2017-04-25 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method |
| CN111709055A (en) * | 2020-06-16 | 2020-09-25 | 四川虹微技术有限公司 | User information acquisition method and device, electronic equipment and storage medium |
| CN112529593A (en) * | 2020-11-19 | 2021-03-19 | 杭州甘道智能科技有限公司 | Washing machine circulation tracing method and system based on block chain |
| CN112529593B (en) * | 2020-11-19 | 2024-02-27 | 杭州甘道智能科技有限公司 | Washing machine circulation tracing method and system based on block chain |
| CN112752300A (en) * | 2020-12-29 | 2021-05-04 | 锐捷网络股份有限公司 | Method and device for realizing local distribution |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011044808A1 (en) | 2011-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102045163A (en) | Source-tracing method and system for anonymous communication | |
| CN102045314B (en) | The method of anonymous communication, register method, information transceiving method and system | |
| CN102025702B (en) | Network based on identity and position separation frame, and backbone network and network element thereof | |
| EP1250791B1 (en) | System and method for using an ip address as a wireless unit identifier | |
| CN102025658B (en) | Method and system for realizing intercommunication between identity network and internet | |
| CN102025606B (en) | Data transmission method and system | |
| CN102025589A (en) | Method and system for realizing virtual private network | |
| CN102025600B (en) | Method, system and router for transmitting and receiving data | |
| CN102036215B (en) | Method and system for implementing internetwork roaming and query and network attachment method and system | |
| CN102045705A (en) | Method for anonymous communication as well as registering method and access node adopted in same | |
| CN102025587B (en) | Method and system for realizing intercommunication between LISP network and Internet | |
| CN102571999B (en) | A kind of data transmission method, system and IAD | |
| CN102026166A (en) | Method of identity identification, cross-network communication and service transplantation as well as information intercommunication network architecture | |
| CN102045316B (en) | Anonymous communication registration method, anonymous communication method and data message transceiving system | |
| CN102065469A (en) | Method and mobile network system for reducing IP address requirement | |
| EP2466815A1 (en) | Method and system for initiating forwarding of communicaiton, information and data message and for routing configuration | |
| CN102238148B (en) | identity management method and system | |
| CN102487344B (en) | Method and system for monitoring identity and position separating network | |
| CN103997459B (en) | Initiate communication, the forwarding of information/data message and method for configuring route/system | |
| CN102457582B (en) | A kind of realize communicating between main process equipment method and network equipment | |
| CN102547908B (en) | Listing maintenance, system and IAD router | |
| CN102487386B (en) | The blocking-up method of identity position separation network and system | |
| CN102045655B (en) | Realization method and system for active propelling movement of data messages | |
| CN102447700B (en) | DoS (Denial of Service) attack defense method based on identity and location separation-and-mapping mechanism | |
| CN102546356B (en) | Method and system capable of ensuring service quality of mobile nodes in logo network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110504 |