CN109729080A - Access attack guarding method and system based on block chain domain name system - Google Patents
Access attack guarding method and system based on block chain domain name system Download PDFInfo
- Publication number
- CN109729080A CN109729080A CN201811577793.8A CN201811577793A CN109729080A CN 109729080 A CN109729080 A CN 109729080A CN 201811577793 A CN201811577793 A CN 201811577793A CN 109729080 A CN109729080 A CN 109729080A
- Authority
- CN
- China
- Prior art keywords
- access
- communication node
- communication
- node
- block chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of access attack guarding method and system based on block chain domain name system, wherein, method includes: after accessed square communication node receives the IP access connection request that access side's communication node is sent, the pre-set communication security grade of the accessed square communication node of inquiry, it needs to carry out authority checking to access side's communication node if knowing, then parse the address access IPv6 that IP access connection request obtains access side's communication node, and the user information of access side's communication node corresponding with the access address IPv6 is obtained according to the block chain account book that access IPv6 address lookup is locally stored, accessed side's communication node carries out authentication to accessed node according to user information, it is allowed to access corresponding access node if if authenticating.It realizes that the access to communication node is verified based on block chain network as a result, is only just accessed to it by the node of verifying, avoid communication node and maliciously bothered.
Description
Technical field
The present invention relates to computer communication technology field more particularly to a kind of access attacks based on block chain domain name system
Means of defence and system.
Background technique
With the development of computer technology, the network environment of computer is also increasingly taken seriously safely, wherein in IPv6
Address is gradually popularized instantly, and computer equipment generallys use the address IPv6 as the device address of itself.
However, popularizing with network, the publicity of the address IPv6 is also relatively strong, arbitrarily knows the address IPv6 of article
Equipment, access to corresponding product can be achieved, this has resulted in many products and has been increased by the probability of malicious access, how to keep away
Exempt from by malicious access, effective specification access environment becomes demand.
Summary of the invention
The present invention provides a kind of access attack guarding method and system based on block chain domain name system, is based on block link network
Network realizes that the access to communication node is reserved, and is only just accessed to it by the node of verifying, avoids communication node quilt
Malice is bothered.
First embodiment of the invention provides a kind of access attack guarding method based on block chain domain name system, comprising: each
Communication node generates the client public key and private key for user of itself, and completes in block chain domain name system to the access domain name of itself
After IPv6 address registration, using the private key for user to user identifier, the access domain name in the client public key, block chain
And after the corresponding address IPv6 carries out private key signature, registers and broadcast the message to block chain network sending node;Accounting nodes receive
To after Node registry broadcast message, the private key signature that the Node registry broadcasts the message is carried out using the client public key
The Node registry is broadcast the message if being proved to be successful and is written in new block and charges to block chain account book by verifying;Accessed side
After communication node receives the IP access connection request that access side's communication node is sent, it is preparatory to inquire accessed side's communication node
The communication security grade of setting, if knowing, needs carry out authority checking to access side's communication node, parse the IP and visit
Ask that connection request obtains the address access IPv6 of access side's communication node, and local according to the access IPv6 address lookup
The block chain account book of storage obtains the user information of access side's communication node corresponding with the access address IPv6, wherein institute
Stating user information includes: the user identifier in block chain, and/or, access domain name;Accessed side's communication node is according to
User information inquires preset authorization user information library, if inquiry knows that the user information belongs to the authorization user information
Library, it is determined that allow access side's communication node and itself carry out information exchange, and inquired and preset according to the user information
Communication mode, if obtaining corresponding with access side's communication node communication mode is coded communication, to the access side
Communication node feeds back coded communication response;Accessed side's communication node receives the carrying that access side's communication node is sent
The communication information of encryption identification, wherein the communication information is access side's node using obtaining from the block chain account book
The client public key corresponding with accessed side's communication node taken treats what interactive Content of Communication encryption generated, and then basis
The encryption identification decrypts the communication information using the private key for user of itself.
Second embodiment of the invention provides a kind of access attack guard system based on block chain domain name system, comprising: logical
Believe node and accounting nodes, wherein each communication node in the communication node, for generating itself client public key and user
Private key, and after block chain domain name system is completed to the IPv6 address registration of the access domain name of itself, using the private key for user
After carrying out private key signature to user identifier, the access domain name and the corresponding address IPv6 in the client public key, block chain,
It registers and broadcasts the message to block chain network sending node;Accounting nodes in the accounting nodes, for receiving the node
After registration broadcast message, verified using the private key signature that the client public key broadcasts the message to the Node registry, if testing
It demonstrate,proves successfully, then the Node registry broadcasts the message and be written in new block and charge to block chain account book;In the communication node
Accessed side's communication node after the IP for receiving the transmission of access side's communication node accesses connection request, is inquired described accessed
The square pre-set communication security grade of communication node, if knowing, needs carry out authority checking to access side's communication node,
The address access IPv6 that the IP access connection request obtains access side's communication node is then parsed, and according to the access
The block chain account book that IPv6 address lookup is locally stored obtains access side's communication node corresponding with the access address IPv6
User information, wherein the user information includes: the user identifier in block chain, and/or, access domain name;The accessed side
Communication node is also used to inquire preset authorization user information library according to the user information, if user's letter is known in inquiry
Breath belongs to the authorization user information library, it is determined that allows access side's communication node and itself carries out information exchange, and root
Preset communication mode is inquired according to the user information, if obtaining communication mode corresponding with access side's communication node is to add
Close communication, then to access side's communication node feedback coded communication response;Accessed side's communication node, is also used to receive
The communication information for the carrying encryption identification that access side's communication node is sent, wherein the communication information is the access side
Node applies the client public key corresponding with accessed side's communication node obtained from the block chain account book to treat interaction
Content of Communication encryption generate, and then the communication information decrypted using the private key for user of itself according to the encryption identification.
Third embodiment of the invention provides a kind of computer equipment, including memory, processor and storage are on a memory
And the computer program that can be run on a processor, when the processor executes the computer program, realize such as above-mentioned implementation
Guard system is attacked in the access based on block chain domain name system of example description.
Fourth embodiment of the invention provides a kind of computer readable storage medium, is stored thereon with computer program, described
It is realized when computer program is executed by processor and attacks protection as above-described embodiment describes the access based on block chain domain name system
System.
Technical solution provided in an embodiment of the present invention can include the following benefits:
Each communication node generates the client public key and private key for user of itself, and block chain domain name system complete to itself
Access domain name IPv6 address registration after, using private key for user in client public key, block chain user identifier, access domain name and
It after the corresponding address IPv6 carries out private key signature, registers and broadcasts the message to block chain network sending node, accounting nodes receive
Node registry broadcast message after, verified using the private key signature that client public key broadcast the message to Node registry, if verify at
Node registry is then broadcast the message and is written in new block and charges to block chain account book by function, is accessed side's communication node and is received access
After the IP access connection request that square communication node is sent, the pre-set communication security grade of accessed square communication node is inquired,
It needs to carry out authority checking to access side's communication node if knowing, parses IP access connection request and obtain access side's communication node
The address access IPv6, and obtained and the access address pair IPv6 according to the block chain account book that is locally stored of access IPv6 address lookup
The user information for the access side's communication node answered, wherein user information includes: the user identifier in block chain, and/or, access
Domain name is accessed side's communication node according to user information and inquires preset authorization user information library in turn, if user is known in inquiry
Information belongs to authorization user information library, it is determined that allows access side's communication node and itself carries out information exchange, and according to user
Information inquires preset communication mode, if obtaining communication mode corresponding with access side's communication node is coded communication, to visit
The side's of asking communication node feedback coded communication response, finally, accessed side's communication node receives taking for access side's communication node transmission
Communication information with encryption identification, wherein communication information be access side's node apply obtained from block chain account book with it is interviewed
Communication node corresponding client public key in the side's of asking treats what interactive Content of Communication encryption generated, and then is applied certainly according to encryption identification
The private key for user of body decrypts communication information.It realizes that the access to communication node is verified based on block chain network as a result, only passes through
The node of verifying just accesses to it, avoids communication node and is maliciously bothered.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, wherein
Fig. 1 is the structure of the access attack guard system according to an embodiment of the invention based on block chain domain name system
Schematic diagram;
Fig. 2 is the process of the access attack guarding method according to an embodiment of the invention based on block chain domain name system
Diagram is intended to;
Fig. 3 is the process of the access attack guarding method according to an embodiment of the invention based on block chain domain name system
Figure;And
Fig. 4 is the stream of the access attack guarding method in accordance with another embodiment of the present invention based on block chain domain name system
Cheng Tu.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
After being learned for the address IPv6 for solving to mention in above-mentioned background technique, other equipment is easy to cause to be based on IPv6
The technical issues of address accesses to corresponding product, and article is caused to be bothered by malicious access, the present invention provides one kind
Verifying screening is carried out to access based on block chain network, to screen out the access that may bother Related product.
Wherein, clear for description, the access based on block chain domain name system of the embodiment of the present invention is attacked first
Guard system is described, and Fig. 1 is the access attack protection according to an embodiment of the invention based on block chain domain name system
The structural schematic diagram of system, as shown in Figure 1, the system includes multiple communication nodes 100 and accounting nodes 200, wherein Duo Getong
Letter node 100 can correspond to the corresponding access communication node of equipment for implementing to access the corresponding product in the address IPv6, also right
It should be in the corresponding product in the address IPv6, for example, Sina, today's tops etc..
Referring to Fig. 2, in practical implementation, each communication node generates the client public key and private key for user of itself, and
After block chain domain name system is completed to the IPv6 address registration of the access domain name of itself, using private key for user to client public key, area
After user identifier, access domain name and the corresponding address IPv6 in block chain carry out private key signature, to block chain network sending node
Registration broadcast message (step 1), that is to say, that all communication nodes its clear corresponding access first in block chain network
Domain name and the corresponding address IPv6.
After accounting nodes receive Node registry broadcast message, the private key that broadcasts the message using client public key to Node registry
Signature is verified, if being proved to be successful, Node registry is broadcast the message and is written in new block and charges to block chain account book (step
2) it after, being accessed the IP access connection request that square communication node receives the transmission of access side's communication node, inquires accessed side and communicates
The pre-set communication security grade of node needs to carry out authority checking to access side's communication node if knowing, parses IP visit
Ask that connection request obtains the address access IPv6 of access side's communication node, and the area being locally stored according to access IPv6 address lookup
Block chain account book obtains the user information of access side's communication node corresponding with the access address IPv6, wherein user information includes: area
User identifier in block chain, and/or, access domain name needs that is, when the security level of access side's communication node is not high to acquisition
Its user information, in order to be verified (step 3) to its safety based on the user information.
Accessed side's communication node inquires preset authorization user information library according to user information, if inquiry knows that user believes
Breath belongs to authorization user information library, it is determined that allows access side's communication node and itself carries out information exchange, and is believed according to user
Breath inquires preset communication mode, if obtaining communication mode corresponding with access side's communication node is coded communication, to access
Square communication node feedback coded communication responds (step 4).Finally, accessed side's communication node receives access side's communication node and sends
Carrying encryption identification communication information, wherein communication information be access side's node apply obtained from block chain account book with
It is accessed the corresponding client public key of side's communication node and treats what interactive Content of Communication encryption generated, and then answered according to encryption identification
Communication information (step 5) is decrypted with the private key for user of itself.
Guard system is attacked in the access based on block chain domain name system of the embodiment of the present invention as a result, is based on block link network
Network, which carries out authorization identifying to access side's node of the access address IPv6, only after the authentication has been successful just allows its access corresponding
Accessed side's communication node, and the common recognition mechanism based on block chain network, authorization identifying fairness is relatively strong, reliability is higher, keeps away
Problem is bothered in the access for having exempted from communication node.
Fig. 3 is the process of the access attack guarding method according to an embodiment of the invention based on block chain domain name system
Figure, as shown in figure 3, this method comprises:
Step 101, each communication node generates the client public key and private key for user of itself, and completes in block chain domain name system
After the IPv6 address registration of the access domain name of itself, using private key for user to the user identifier in client public key, block chain, visit
After asking that domain name and the corresponding address IPv6 carry out private key signature, registers and broadcast the message to block chain network sending node.
It is appreciated that in an embodiment of the present invention, authentication is carried out based on public key certificate mechanism, this is because being based on
Public key certificate technology, client public key and private key for user clear crytpographic key each other only have domain name note by the data that private key for user encrypts
What volume user node itself possessed can correspond to for private key, thus, it tests identity is carried out to communication node by client public key
Card then shows that the information with client public key encryption is that communication node itself is sent if the verification passes.
Specifically, each communication node generates the client public key and private key for user of itself, in order to based on the client public key and
Private key for user authenticates its identity, and completes to infuse the address IPv6 of itself access domain name in block chain domain name system
Volume completes the generation of its corresponding access domain name and the address IPv6, the common recognition mechanism based on block chain in block chain network
The access domain name and the address IPv6 reliability of generation are stronger, using private key for user in client public key, block chain user identifier,
After accessing domain name and the corresponding address IPv6 progress private key signature, registers and broadcast the message to block chain network sending node.
Step 102, after accounting nodes receive Node registry broadcast message, disappear using client public key to Node registry broadcast
The private key signature of breath is verified, if being proved to be successful, Node registry is broadcast the message and is written in new block and charges to block chain
Account book.
Specifically, accounting nodes are after receiving Node registry broadcast message, in order to examine the Node registry to broadcast the message
Whether it is that corresponding communication node is sent, is verified using the private key signature that client public key broadcasts the message to Node registry,
If being proved to be successful, shows that Node registry broadcast message is that corresponding communication node is sent, then Node registry broadcast disappears
In breath write-in new block and charge to block chain account book.
Step 103, after being accessed the IP access connection request that square communication node receives the transmission of access side's communication node, inquiry
The pre-set communication security grade of accessed side's communication node is tested if knowing and needing to carry out access side's communication node authorization
Card then parses the address access IPv6 that IP access connection request obtains access side's communication node, and is looked into according to the access address IPv6
Ask the user information that the block chain account book being locally stored obtains access side's communication node corresponding with the access address IPv6, wherein
User information includes: the user identifier in block chain, and/or, access domain name.
Specifically, after being accessed the IP access connection request that square communication node receives the transmission of access side's communication node, not
Directly allow the access behavior, but inquire the pre-set communication security grade of accessed square communication node, wherein communication peace
The presetting of congruent grade can be the authoritative setting based on access side's communication node etc., in turn, knowing how needing pair
Access side's communication node carries out authority checking, i.e., it is the grade for needing to verify that its security level, which belongs to, then parses IP access connection
The address access IPv6 of request access side's communication node, and the block chain account being locally stored according to access IPv6 address lookup
The user information of this acquisition and the corresponding access side's communication node in the access address IPv6, based on being previously written block chain account book
The address IPv6 obtains user information, ensure that user information is user information of access side's communication node itself, wherein Yong Huxin
Breath includes the user identifier in block chain, and/or, access domain name.
In one embodiment of the invention, the accessed square pre-set communication security grade of communication node of inquiry it
Afterwards, if denied access side is logical if accessed side's communication node knows pre-set communication security grade all to forbid
Believe the access request of node, certainly, if accessed side's communication node knows that pre-set communication security grade allows to be whole,
Then receive the access request of access side's communication node.
Step 104, it is accessed square communication node and preset authorization user information library is inquired according to user information, if inquiry obtains
Know that user information belongs to authorization user information library, it is determined that allow access side's communication node and itself carry out information exchange, and root
Preset communication mode is inquired according to user information, if obtaining communication mode corresponding with access side's communication node is coded communication,
Then to the feedback coded communication response of access side's communication node.
Specifically, communication node runs range previously according to it and product needs, and presets what it allowed to access
Authorization user information library is accessed side's communication node according to user information and inquires preset authorization user information library, if looking into turn
Inquiry knows that user information belongs to authorization user information library, it is determined that allows access side's communication node and itself carries out information exchange,
And preset communication mode is inquired according to user information, if obtaining communication mode corresponding with access side's communication node is encryption
Communication, then to the feedback coded communication response of access side's communication node.
In one embodiment of the invention, determine allow access side's communication node and itself carry out information exchange it
Afterwards, also preset communication mode can be inquired according to user information, is if obtaining communication mode corresponding with access side's communication node
General communication then exempts from close communication response to access side's communication node feedback, in order to access communication node in a manner of not encrypting
Carry out information exchange.
It should be noted that accessed side's communication node determines whether access side's communication node belongs to authorization user information library
Mode it is different according to the difference of application scenarios, as a kind of possible implementation, communication node presets its permission
The white list information library of access is stored in the user information for the communication node that it allows to access in the white list information library, is interviewed
The side's of asking communication node inquires preset white list user information database according to user information, if inquiry knows that user information belongs to white name
Single user information bank, it is determined that allow access side's communication node and itself carry out information exchange.
As alternatively possible implementation, as shown in figure 4, step 104 includes:
Step 201, it is accessed square communication node inquiry block chain account book and obtains the right with itself of other communication nodes transmission
The access reservation message answered, and parse access reservation message and obtain the address IPv6 of other communication nodes, access domain name, Yi Jiqu
User identifier in block chain.
It is appreciated that in this example, being accessed side's communication node and being based on other communication nodes transmission access reservation message
The preliminary interview screening to other communication nodes is carried out, it will be logical as acceptable access by other communication nodes after screening
Believe node.
Specifically, it is accessed square communication node inquiry block chain account book and obtains the corresponding with itself of other communication nodes transmission
Access reservation message, for example, can according to the mark of the accessed side's communication node of reservation purpose in access reservation message, with
The node identification of itself is compared, and whether unanimously determines access reservation message corresponding with its own according to comparison result,
In turn, parsing access reservation message obtains user's mark in the address IPv6, access domain name and the block chain of other communication nodes
Know.
Step 202, it is accessed square communication node and inquires block chain account book, judge whether that record has and other communication nodes
The corresponding malice historical communication message of user identifier in the address IPv6, access domain name and block chain, it is determined whether receive it
His communication node is reservation access communication node, and establishes subscriber information bank corresponding with reservation access communication node,
In, subscriber information bank includes: the user information of reservation access communication node, wherein user information includes: in block chain
User identifier, and/or, access domain name.
Specifically, it is accessed square communication node and inquires the block chain account book, judge whether that record has and lead to described other
Believe the corresponding malice historical communication message of user identifier in the address IPv6, access domain name and the block chain of node, i.e. a side
Node registry before whether the passing through of other communication nodes is determined, and avoids illegal node that other nodes is pretended to be to send
On the other hand access request is verified the communication history situation of other communication nodes, to other for having malicious communication behavior
Communication node is also screened.
In turn, it is considered based on above-mentioned both sides, it is determined whether receive other communication nodes as reservation and accesses communication node,
If other communication nodes are considered by above-mentioned both sides, then establishes subscriber corresponding with reservation access communication node and believe
Cease library, wherein subscriber information bank includes: the user information of reservation access communication node, wherein user information includes: area
User identifier in block chain, and/or, access domain name.
Step 203, square communication node is accessed according to user information query-reservation user information database, if user is known in inquiry
Information belongs to subscriber information bank, it is determined that allows access side's communication node and itself carries out information exchange.
Specifically, square communication node is accessed according to user information query-reservation user information database, if user is known in inquiry
Information belongs to subscriber information bank, then shows the communication node being allowed access to before the node is in the reservation stage, from
And determining allows access side's communication node and itself carries out information exchange.
Step 105, the communication that square communication node receives the carrying encryption identification that access side's communication node is sent is accessed to disappear
Breath, wherein communication information is that access side's node is corresponding with accessed side's communication node using obtaining from block chain account book
Client public key treats what interactive Content of Communication encryption generated, and then is decrypted and led to using the private key for user of itself according to encryption identification
Believe message.
Wherein, encryption identification is used to indicate the encryption of present communications message, which can be in advance about
Fixed character etc..
Specifically, the communication that square communication node receives the carrying encryption identification that access side's communication node is sent is accessed to disappear
Breath, wherein communication information is that access side's node is corresponding with accessed side's communication node using obtaining from block chain account book
Client public key treats what interactive Content of Communication encryption generated, other illegal nodes are due to not accessed square communication section as a result,
The corresponding private key for user of point, thus, even if intercepting and capturing the communication information, corresponding Content of Communication can not be also known, in turn, according to adding
Secret mark, which is known, decrypts communication information using the private key for user of itself.
To sum up, the access attack guarding method based on block chain domain name system of the embodiment of the present invention, each communication node are raw
It completes to infuse the address IPv6 of the access domain name of itself at itself client public key and private key for user, and in block chain domain name system
After volume, user identifier, access domain name and the corresponding address IPv6 in client public key, block chain are carried out using private key for user private
It after key signature, registers and broadcasts the message to block chain network sending node, after accounting nodes receive Node registry broadcast message, answer
It is verified with the private key signature that client public key broadcasts the message to Node registry, if being proved to be successful, Node registry broadcast is disappeared
In breath write-in new block and block chain account book is charged to, side's communication node is accessed and receives the IP access that access side's communication node is sent
After connection request, the pre-set communication security grade of accessed square communication node is inquired, needs to communicate access side if knowing
Node carry out authority checking, then parse IP access connection request obtain access side's communication node the address access IPv6, and according to
The block chain account book that access IPv6 address lookup is locally stored obtains access side's communication node corresponding with the access address IPv6
User information, wherein user information includes: the user identifier in block chain, and/or, domain name is accessed, in turn, it is logical to be accessed side
Believe that node inquires preset authorization user information library according to user information, if inquiry knows that user information belongs to authorization user information
Library, it is determined that allow access side's communication node and itself carry out information exchange, and preset communication party is inquired according to user information
Formula is fed back to access side's communication node and is encrypted if obtaining communication mode corresponding with access side's communication node is coded communication
Communication response, finally, accessed side's communication node receives the communication information for the carrying encryption identification that access side's communication node is sent,
Wherein, communication information is that access side's node applies the user corresponding with accessed side's communication node obtained from block chain account book
Public key treats what interactive Content of Communication encryption generated, and then is disappeared according to encryption identification using the private key for user decryption communication of itself
Breath.It realizes that the access to communication node is verified based on block chain network as a result, only just it is visited by the node of verifying
It asks, avoids communication node and maliciously bothered.
In order to realize above-described embodiment, the invention also provides a kind of computer equipment, including memory, processor and deposit
The computer program that can be run on a memory and on a processor is stored up, it is real when the processor executes the computer program
The now access attack guarding method based on block chain domain name system as described in previous embodiment.
In order to realize above-described embodiment, the present invention also proposes a kind of non-transitorycomputer readable storage medium, deposits thereon
Computer program is contained, can be realized when the computer program is executed by processor as described in previous embodiment based on area
The access attack guarding method of block chain domain name system.
In the present invention, term " first ", " second " are used for description purposes only, and are not understood to indicate or imply opposite
Importance or the quantity for implicitly indicating indicated technical characteristic.Define " first " as a result, the feature of " second " can be bright
Show or implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two
It is a, three etc., unless otherwise specifically defined.
In the present invention unless specifically defined or limited otherwise, fisrt feature in the second feature " on " or " down " can be with
It is that the first and second features directly contact or the first and second features pass through intermediary mediate contact.Moreover, fisrt feature exists
Second feature " on ", " top " and " above " but fisrt feature be directly above or diagonally above the second feature, or be merely representative of
First feature horizontal height is higher than second feature.Fisrt feature can be under the second feature " below ", " below " and " below "
One feature is directly under or diagonally below the second feature, or is merely representative of first feature horizontal height less than second feature.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
Although the embodiments of the present invention has been shown and described above, it is to be understood that above-described embodiment is example
Property, it is not considered as limiting the invention, those skilled in the art within the scope of the invention can be to above-mentioned
Embodiment is changed, modifies, replacement and variant.
Claims (10)
1. a kind of access attack guarding method based on block chain domain name system characterized by comprising
Each communication node generates the client public key and private key for user of itself, and completes the access to itself in block chain domain name system
After the IPv6 address registration of domain name, using the private key for user to the user identifier in the client public key, block chain, the visit
After asking that domain name and the corresponding address IPv6 carry out private key signature, registers and broadcast the message to block chain network sending node;
After accounting nodes receive the Node registry broadcast message, disappear using the client public key to Node registry broadcast
The private key signature of breath is verified, if being proved to be successful, the Node registry is broadcast the message and is written in new block and charges to area
Block chain account book;
After accessed side's communication node receives the IP access connection request that access side's communication node is sent, the accessed side is inquired
The pre-set communication security grade of communication node, if knowing, needs carry out authority checking to access side's communication node,
The address access IPv6 that the IP access connection request obtains access side's communication node is parsed, and according to the access IPv6
The block chain account book that address lookup is locally stored obtains the user of access side's communication node corresponding with the access address IPv6
Information, wherein the user information includes: the user identifier in block chain, and/or, access domain name;
Accessed side's communication node inquires preset authorization user information library according to the user information, if institute is known in inquiry
It states user information and belongs to the authorization user information library, it is determined that allow access side's communication node and itself carry out information friendship
Mutually, and according to the user information preset communication mode is inquired, if obtaining communication corresponding with access side's communication node
Mode is coded communication, then to access side's communication node feedback coded communication response;
Accessed side's communication node receives the communication information for the carrying encryption identification that access side's communication node is sent,
In, the communication information is that access side's node applies what is obtained from the block chain account book to communicate with the accessed side
The corresponding client public key of node treats what interactive Content of Communication encryption generated, and then applies itself according to the encryption identification
Private key for user decrypts the communication information.
2. the method as described in claim 1, which is characterized in that accessed side's communication node is looked into according to the user information
Preset authorization user information library is ask, if inquiry knows that the user information belongs to the authorization user information library, it is determined that permit
Perhaps described access side's communication node and itself progress information exchange, comprising:
Accessed side's communication node inquires preset white list user information database according to the user information, if inquiry is known
The user information belongs to the white list user information database, it is determined that access side's communication node is allowed to carry out letter with itself
Breath interaction.
3. the method as described in claim 1, which is characterized in that accessed side's communication node is looked into according to the user information
Preset authorization user information library is ask, if inquiry knows that the user information belongs to the authorization user information library, it is determined that permit
Perhaps described access side's communication node and itself progress information exchange, comprising:
Accessed side's communication node inquires the block chain account book and obtains the corresponding with itself of other communication nodes transmission
Access reservation message, and parse the access reservation message obtain the address IPv6 of other communication nodes, access domain name, with
And the user identifier in block chain;
Accessed side's communication node inquires the block chain account book, judges whether that record has and other communication nodes
The corresponding malice historical communication message of user identifier in the address IPv6, access domain name and block chain, it is determined whether receive institute
Other communication nodes are stated as reservation access communication node, and establishes subscriber corresponding with reservation access communication node and believes
Cease library, wherein the subscriber information bank includes: the user information of reservation access communication node, wherein the user information
It include: the user identifier in block chain, and/or, access domain name;
Accessed side's communication node inquires the subscriber information bank according to the user information, if inquiry know it is described
User information belongs to the subscriber information bank, it is determined that allows access side's communication node and itself carries out information friendship
Mutually.
4. the method as described in claim 1, which is characterized in that receive access side's communication section in accessed side's communication node
After the IP access connection request that point is sent, inquire after the accessed pre-set communication security grade of side's communication node,
Further include:
If accessed side's communication node knows that pre-set communication security grade all to forbid, refuses the access
The access request of square communication node;
If accessed side's communication node knows that pre-set communication security grade all to allow, receives the access
The access request of square communication node.
5. the method as described in claim 1, which is characterized in that allow access side's communication node and itself in the determination
After progress information exchange, further includes:
Preset communication mode is inquired according to the user information, if obtaining communication party corresponding with access side's communication node
Formula is general communication, then exempts from close communication response to access side's communication node feedback.
6. guard system is attacked in a kind of access based on block chain domain name system characterized by comprising communication node and book keeping operation
Node, wherein
Each communication node in the communication node, for generating itself client public key and private key for user, and in block chain domain
After name system is completed to the IPv6 address registration of the access domain name of itself, using the private key for user to the client public key, area
After user identifier, the access domain name and the corresponding address IPv6 in block chain carry out private key signature, sent to block chain network
Node registry broadcast message;
Accounting nodes in the accounting nodes, it is public using the user after receiving the Node registry broadcast message
The private key signature that key broadcasts the message to the Node registry is verified, if being proved to be successful, Node registry broadcast is disappeared
In breath write-in new block and charge to block chain account book;
Accessed side's communication node in the communication node, the IP access connection for receiving the transmission of access side's communication node are asked
After asking, the accessed pre-set communication security grade of side's communication node is inquired, needs are logical to the access side if knowing
Believe that node carries out authority checking, then parses the access IPv6 that IP access connection request obtains access side's communication node
Location, and it is corresponding with the address access IPv6 according to the block chain account book acquisition that the access IPv6 address lookup is locally stored
The user information of access side's communication node, wherein the user information includes: the user identifier in block chain, and/or, access
Domain name;
Accessed side's communication node is also used to inquire preset authorization user information library according to the user information, if looking into
Inquiry knows that the user information belongs to the authorization user information library, it is determined that allow access side's communication node and itself into
Row information interaction, and preset communication mode is inquired according to the user information, if obtaining and access side's communication node pair
The communication mode answered is coded communication, then to access side's communication node feedback coded communication response;
Accessed side's communication node is also used to receive the communication for the carrying encryption identification that access side's communication node is sent
Message, wherein the communication information is that access side's node applies what is obtained from the block chain account book to be interviewed with described
Communication node corresponding client public key in the side's of asking treats what interactive Content of Communication encryption generated, and then is answered according to the encryption identification
The communication information is decrypted with the private key for user of itself.
7. system as claimed in claim 6, which is characterized in that
Accessed side's communication node is specifically used for inquiring preset white list user information database according to the user information,
If inquiry know that the user information belongs to the white list user information database, it is determined that allow access side's communication node with
Itself carries out information exchange.
8. system as claimed in claim 6, which is characterized in that accessed side's communication node is specifically used for described in inquiry
Block chain account book obtains the access reservation message corresponding with itself of other communication nodes transmission, and parses the access reservation and disappear
Breath obtains the user identifier in the address IPv6, access domain name and the block chain of other communication nodes;
Inquire the block chain account book, judge whether record have with the address IPv6 of other communication nodes, access domain name, with
And the corresponding malice historical communication message of user identifier in block chain, it is determined whether receiving other described communication nodes is reservation
Communication node is accessed, and establishes subscriber information bank corresponding with reservation access communication node, wherein the reservation is used
Family information bank includes: the user information of reservation access communication node, wherein the user information includes: the user in block chain
Mark, and/or, access domain name;
The subscriber information bank is inquired according to the user information, if inquiry knows that the user information belongs to the reservation
User information database, it is determined that allow access side's communication node and itself carry out information exchange.
9. a kind of computer equipment, which is characterized in that on a memory and can be in processor including memory, processor and storage
The computer program of upper operation when the processor executes the computer program, is realized as described in any in claim 1-5
The access attack guarding method based on block chain domain name system.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
Realize that protection side is attacked in the access as claimed in any one of claims 1 to 5 based on block chain domain name system when being executed by processor
Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811577793.8A CN109729080B (en) | 2018-12-20 | 2018-12-20 | Access attack protection method and system based on block chain domain name system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811577793.8A CN109729080B (en) | 2018-12-20 | 2018-12-20 | Access attack protection method and system based on block chain domain name system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109729080A true CN109729080A (en) | 2019-05-07 |
| CN109729080B CN109729080B (en) | 2021-05-11 |
Family
ID=66296346
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811577793.8A Active CN109729080B (en) | 2018-12-20 | 2018-12-20 | Access attack protection method and system based on block chain domain name system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109729080B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110334153A (en) * | 2019-06-28 | 2019-10-15 | 阿里巴巴集团控股有限公司 | Authorization method, system, device and equipment in block chain type account book |
| CN110808841A (en) * | 2019-11-08 | 2020-02-18 | 杭州增信信息技术有限公司 | Communication system based on block chain network and communication method thereof |
| CN111082941A (en) * | 2019-11-22 | 2020-04-28 | 天翼物联科技有限公司 | Internet of things data sharing method and system based on block chain technology |
| CN111741137A (en) * | 2020-08-28 | 2020-10-02 | 北京连山科技股份有限公司 | Point-to-point communication method based on 5G technology |
| CN111885032A (en) * | 2020-07-14 | 2020-11-03 | 重庆广播电视大学重庆工商职业学院 | Block chain system and block chain super node anti-attack device |
| US10936734B2 (en) | 2019-06-28 | 2021-03-02 | Advanced New Technologies Co., Ltd. | Blockchain authorization |
| CN112671779A (en) * | 2020-12-25 | 2021-04-16 | 赛尔网络有限公司 | DoH server-based domain name query method, device, equipment and medium |
| CN113055359A (en) * | 2021-02-25 | 2021-06-29 | 国网信息通信产业集团有限公司 | IPv6 domain name data privacy protection method based on block chain and related equipment |
| CN114448735A (en) * | 2022-04-11 | 2022-05-06 | 江苏通付盾科技有限公司 | Block chain identity registration and verification method and device based on point-to-point communication |
| CN115396209A (en) * | 2022-08-26 | 2022-11-25 | 中国联合网络通信集团有限公司 | Access authorization method and device, electronic equipment and readable storage medium |
| WO2023273269A1 (en) * | 2021-06-29 | 2023-01-05 | 达闼机器人股份有限公司 | Robot authentication system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160191243A1 (en) * | 2014-12-31 | 2016-06-30 | William Manning | Out-of-band validation of domain name system records |
| CN107171794A (en) * | 2017-06-27 | 2017-09-15 | 葛峰 | A kind of electronic document based on block chain and intelligent contract signs method |
| WO2018162789A1 (en) * | 2017-03-06 | 2018-09-13 | Nokia Technologies Oy | Secure de-centralized domain name system |
| CN108737430A (en) * | 2018-05-25 | 2018-11-02 | 全链通有限公司 | The encryption communication method and system of block chain node |
-
2018
- 2018-12-20 CN CN201811577793.8A patent/CN109729080B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160191243A1 (en) * | 2014-12-31 | 2016-06-30 | William Manning | Out-of-band validation of domain name system records |
| WO2018162789A1 (en) * | 2017-03-06 | 2018-09-13 | Nokia Technologies Oy | Secure de-centralized domain name system |
| CN107171794A (en) * | 2017-06-27 | 2017-09-15 | 葛峰 | A kind of electronic document based on block chain and intelligent contract signs method |
| CN108737430A (en) * | 2018-05-25 | 2018-11-02 | 全链通有限公司 | The encryption communication method and system of block chain node |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110334153B (en) * | 2019-06-28 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Authorization method, system, device and equipment in block chain type account book |
| US10936734B2 (en) | 2019-06-28 | 2021-03-02 | Advanced New Technologies Co., Ltd. | Blockchain authorization |
| CN110334153A (en) * | 2019-06-28 | 2019-10-15 | 阿里巴巴集团控股有限公司 | Authorization method, system, device and equipment in block chain type account book |
| CN110808841A (en) * | 2019-11-08 | 2020-02-18 | 杭州增信信息技术有限公司 | Communication system based on block chain network and communication method thereof |
| CN111082941B (en) * | 2019-11-22 | 2022-12-20 | 天翼物联科技有限公司 | Internet of things data sharing method and system based on block chain technology |
| CN111082941A (en) * | 2019-11-22 | 2020-04-28 | 天翼物联科技有限公司 | Internet of things data sharing method and system based on block chain technology |
| CN111885032A (en) * | 2020-07-14 | 2020-11-03 | 重庆广播电视大学重庆工商职业学院 | Block chain system and block chain super node anti-attack device |
| CN111741137A (en) * | 2020-08-28 | 2020-10-02 | 北京连山科技股份有限公司 | Point-to-point communication method based on 5G technology |
| CN111741137B (en) * | 2020-08-28 | 2020-12-29 | 北京连山科技股份有限公司 | Point-to-point communication method based on 5G technology |
| CN112671779A (en) * | 2020-12-25 | 2021-04-16 | 赛尔网络有限公司 | DoH server-based domain name query method, device, equipment and medium |
| CN113055359A (en) * | 2021-02-25 | 2021-06-29 | 国网信息通信产业集团有限公司 | IPv6 domain name data privacy protection method based on block chain and related equipment |
| WO2023273269A1 (en) * | 2021-06-29 | 2023-01-05 | 达闼机器人股份有限公司 | Robot authentication system and method |
| CN114448735A (en) * | 2022-04-11 | 2022-05-06 | 江苏通付盾科技有限公司 | Block chain identity registration and verification method and device based on point-to-point communication |
| CN114448735B (en) * | 2022-04-11 | 2022-06-17 | 江苏通付盾科技有限公司 | Block chain identity registration and verification method and device based on point-to-point communication |
| CN115396209A (en) * | 2022-08-26 | 2022-11-25 | 中国联合网络通信集团有限公司 | Access authorization method and device, electronic equipment and readable storage medium |
| CN115396209B (en) * | 2022-08-26 | 2024-03-08 | 中国联合网络通信集团有限公司 | Access authorization method, device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109729080B (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109729080A (en) | Access attack guarding method and system based on block chain domain name system | |
| CN111429254B (en) | Business data processing method and device and readable storage medium | |
| CN108876374B (en) | Block chain network identity document authentication method and system | |
| CN108684041B (en) | System and method for login authentication | |
| US6148404A (en) | Authentication system using authentication information valid one-time | |
| CN102394887B (en) | OAuth protocol-based safety certificate method of open platform and system thereof | |
| CN109561066A (en) | Data processing method and device, terminal and access point computer | |
| CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| KR100656355B1 (en) | Method for user authentication and service authentication using splitted user authentication key and apparatus thereof | |
| CN105554018B (en) | Genuine cyber identification verification method | |
| CN109688133A (en) | It is a kind of based on exempt from account login communication means | |
| CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
| CN110378105A (en) | Security upgrading method, system, server and car-mounted terminal | |
| CN108616504A (en) | A kind of sensor node identity authorization system and method based on Internet of Things | |
| CN106506161A (en) | Method for secret protection and privacy protection device in vehicle communication | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN113886771A (en) | Software authorization authentication method | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| CN110572392A (en) | Identity authentication method based on HyperLegger network | |
| CN106850592B (en) | A kind of information processing method, server and terminal | |
| KR20090054774A (en) | Method of integrated security management in distribution network | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN112446701B (en) | Identity authentication method, equipment and storage device based on blockchain | |
| CN111614458A (en) | Method, system and storage medium for generating gateway JWT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100191 1107c, 11 / F, Xueyuan international building, 1 Zhichun Road, Haidian District, Beijing Applicant after: IALLCHAIN Co.,Ltd. Address before: 100043 5158, 5 floor, 11 Shixing street, Shijingshan District, Beijing. Applicant before: IALLCHAIN Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |