CN112995103A - Data verification method, device and computer readable storage medium - Google Patents

Data verification method, device and computer readable storage medium Download PDF

Info

Publication number
CN112995103A
CN112995103A CN201911297344.2A CN201911297344A CN112995103A CN 112995103 A CN112995103 A CN 112995103A CN 201911297344 A CN201911297344 A CN 201911297344A CN 112995103 A CN112995103 A CN 112995103A
Authority
CN
China
Prior art keywords
authentication server
mapping
ipv6 address
mapping node
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911297344.2A
Other languages
Chinese (zh)
Other versions
CN112995103B (en
Inventor
李聪
解冲锋
雷波
王江龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201911297344.2A priority Critical patent/CN112995103B/en
Publication of CN112995103A publication Critical patent/CN112995103A/en
Application granted granted Critical
Publication of CN112995103B publication Critical patent/CN112995103B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a data verification method, a data verification device and a computer-readable storage medium, and relates to the technical field of Internet of things. The data verification method comprises the following steps: the terminal generates a unique IPv6 address suffix according to the physical information of the terminal; the terminal sends information for data verification and an IPv6 address suffix to a first verification server; the first authentication server determines a second authentication server for storing information according to the IPv6 address suffix, and stores the information to the second authentication server; the terminal sends the data to be verified and the IPv6 address suffix to a third verification server; the third authentication server searches a second authentication server according to the IPv6 address suffix and sends the data to be authenticated to the second authentication server; and the second authentication server performs data authentication on the data to be authenticated by using the information and sends a data authentication result to the terminal according to the IPv6 address suffix. The data verification method and the terminal can enable the terminal to realize data verification in a mobile access scene.

Description

Data verification method, device and computer readable storage medium
Technical Field
The present disclosure relates to the field of internet of things technologies, and in particular, to a data verification method and apparatus, and a computer-readable storage medium.
Background
The IPv6 addresses need to have consistency under multiple systems, so that the positioning and the retrieval of the nodes of the Internet of things can be realized under multiple systems through the IPv6 addresses. In an environment with higher security requirements, the authenticity of the equipment itself needs to be identified, so that the illegal equipment is prevented from accessing the network and the safety of the IPv6 Internet and the Internet of things is damaged by malicious behaviors.
In a mobile access scenario, the location of a terminal may change frequently, and how to efficiently provide a data verification service for a user in the mobile access scenario gradually draws a great deal of attention.
Disclosure of Invention
The technical problem solved by the present disclosure is how to enable a terminal to implement data verification in a mobile access scenario.
According to an aspect of an embodiment of the present disclosure, there is provided a data verification method, including: the terminal generates a unique IPv6 address suffix according to the physical information of the terminal; the terminal sends information for data verification and an IPv6 address suffix to a first verification server; the first authentication server determines a second authentication server for storing information according to the IPv6 address suffix, and stores the information to the second authentication server; the terminal sends the data to be verified and the IPv6 address suffix to a third verification server; the third authentication server searches a second authentication server according to the IPv6 address suffix and sends the data to be authenticated to the second authentication server; and the second authentication server performs data authentication on the data to be authenticated by using the information and sends a data authentication result to the terminal according to the IPv6 address suffix.
In some embodiments, determining a second authentication server for storing information from the IPv6 address suffix comprises: generating a mapping ring, and sequentially labeling each mapping node on the mapping ring according to the clockwise direction; the mapping nodes are distributed on the mapping ring at equal intervals, and the total number of the mapping nodes is the maximum value of an IPv6 address suffix; performing hash operation on the MAC address of each verification server to obtain a mapping node label corresponding to each verification server so as to determine a mapping node corresponding to each verification server; carrying out Hash operation on the IPv6 address suffix to obtain a mapping node label corresponding to the IPv6 address suffix so as to determine a mapping node corresponding to the IPv6 address suffix; determining a mapping node label corresponding to a second authentication server from mapping node labels corresponding to the authentication servers, wherein the mapping node label corresponding to the second authentication server is closest to a mapping node label corresponding to an IPv6 address suffix, and the mapping node label corresponding to the second authentication server is greater than the mapping node label corresponding to an IPv6 address suffix; the second authentication server is determined to be the authentication server for storing the information.
In some embodiments, storing the information to the second authentication server comprises: storing the information to a second authentication server; determining a mapping node label corresponding to a fourth authentication server by using the mapping node label corresponding to the second authentication server; the mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value; the information is also stored to a fourth authentication server.
In some embodiments, looking up the second authentication server according to the IPv6 address suffix comprises: inquiring a pre-stored mapping information table, wherein mapping nodes corresponding to m adjacent verification servers in a clockwise direction in a mapping ring of a mapping node corresponding to the current verification server are recorded in the mapping information table, and m is a positive integer; judging that the mapping node label corresponding to the IPv6 address suffix is located in a target label interval, wherein the starting point of the target label interval is the mapping node label corresponding to the current verification server, and the end point of the target label interval is the mapping node label corresponding to the verification server adjacent to the mapping node corresponding to the current verification server in the mapping ring along the clockwise direction; if the mapping node label corresponding to the IPv6 address suffix is located in the target label interval, finding the mapping node corresponding to the current authentication server in the mapping ring and corresponding to the authentication server adjacent along the clockwise direction, wherein the authentication server represented by the mapping node corresponding to the adjacent authentication server is a second authentication server; if the mapping node label corresponding to the IPv6 address suffix is not located in the target label interval, determining a target verification server in a mapping information table, so that the mapping node label corresponding to the target verification server is closest to the mapping node label corresponding to the IPv6 address suffix, and the mapping node label corresponding to the target verification server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
In some embodiments, m satisfies the following condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer.
In some embodiments, the data validation method further comprises: an access gateway corresponding to the third authentication server allocates an IPv6 address prefix to the terminal; sending the data verification result to the terminal using the IPv6 address suffix includes: and sending the data verification result to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
According to another aspect of the embodiments of the present disclosure, there is provided a data verification system, including a terminal, a first verification server, a second verification server, a third verification server; wherein the terminal is configured to: generating a unique IPv6 address suffix according to self physical information; sending information for data verification and an IPv6 address suffix to a first verification server; sending the data to be verified and the IPv6 address suffix to a third verification server; the first authentication server is configured to: determining a second authentication server for storing information according to the IPv6 address suffix, and storing the information to the second authentication server; the second authentication server is configured to: carrying out data verification on data to be verified by using the information, and sending a data verification result to the terminal according to the IPv6 address suffix; the third authentication server is configured to: and searching a second authentication server according to the IPv6 address suffix, and sending the data to be authenticated to the second authentication server.
In some embodiments, the first authentication server is configured to: generating a mapping ring, and sequentially labeling each mapping node on the mapping ring according to the clockwise direction; the mapping nodes are distributed on the mapping ring at equal intervals, and the total number of the mapping nodes is the maximum value of an IPv6 address suffix; performing hash operation on the MAC address of each verification server to obtain a mapping node label corresponding to each verification server so as to determine a mapping node corresponding to each verification server; carrying out Hash operation on the IPv6 address suffix to obtain a mapping node label corresponding to the IPv6 address suffix so as to determine a mapping node corresponding to the IPv6 address suffix; determining a mapping node label corresponding to a second authentication server from mapping node labels corresponding to the authentication servers, wherein the mapping node label corresponding to the second authentication server is closest to a mapping node label corresponding to an IPv6 address suffix, and the mapping node label corresponding to the second authentication server is greater than the mapping node label corresponding to an IPv6 address suffix; the second authentication server is determined to be the authentication server for storing the information.
In some embodiments, the first authentication server is configured to: storing the information to a second authentication server; determining a mapping node label corresponding to a fourth authentication server by using the mapping node label corresponding to the second authentication server; the mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value; the information is also stored to a fourth authentication server.
In some embodiments, the third authentication server is configured to: inquiring a pre-stored mapping information table, wherein mapping nodes corresponding to m adjacent verification servers in a clockwise direction in a mapping ring of a mapping node corresponding to the current verification server are recorded in the mapping information table, and m is a positive integer; judging that the mapping node label corresponding to the IPv6 address suffix is located in a target label interval, wherein the starting point of the target label interval is the mapping node label corresponding to the current verification server, and the end point of the target label interval is the mapping node label corresponding to the verification server adjacent to the mapping node corresponding to the current verification server in the mapping ring along the clockwise direction; if the mapping node label corresponding to the IPv6 address suffix is located in the target label interval, finding the mapping node corresponding to the current authentication server in the mapping ring and corresponding to the authentication server adjacent along the clockwise direction, wherein the authentication server represented by the mapping node corresponding to the adjacent authentication server is a second authentication server; if the mapping node label corresponding to the IPv6 address suffix is not located in the target label interval, determining a target verification server in a mapping information table, so that the mapping node label corresponding to the target verification server is closest to the mapping node label corresponding to the IPv6 address suffix, and the mapping node label corresponding to the target verification server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
In some embodiments, m satisfies the following condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer.
In some embodiments, the data verification system further comprises an access gateway corresponding to the third verification server, configured to: allocating IPv6 address prefixes to the terminals; the third authentication server is configured to: and sending the data verification result to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
According to still another aspect of an embodiment of the present disclosure, there is provided a data verification apparatus including: a memory; and a processor coupled to the memory, the processor configured to perform the aforementioned data validation method based on instructions stored in the memory.
According to still another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, and the instructions, when executed by a processor, implement the aforementioned data verification method.
The data verification method and the terminal can enable the terminal to realize data verification in a mobile access scene.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 shows an architecture diagram of a data verification system in a mobile access-oriented scenario.
Fig. 2 illustrates a flow diagram of a data validation method of some embodiments of the present disclosure.
Figure 3 illustrates a flow diagram for some embodiments of determining a second authentication server for storing information.
Fig. 4 shows a schematic diagram of the structure of the mapping ring.
Figure 5 illustrates a flow diagram for some embodiments of determining a second authentication server for storing information.
FIG. 6 illustrates a block diagram of a data validation system according to some embodiments of the present disclosure.
Fig. 7 shows a schematic structural diagram of a data verification device according to some embodiments of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Fig. 1 shows an architecture diagram of a data verification system in a mobile access-oriented scenario. The data verification system consists of a terminal, an access gateway and verification servers, wherein each verification server forms a distributed verification network. The terminal can access from any access gateway, and each access gateway corresponds to one authentication server. The time when the terminal accesses for the first time is assumed to be time1, and the IPv6 address of the terminal is IPv61 at the moment; the time when the terminal accesses for the first time is time2, and the IPv6 address of the terminal is IPv62 at the moment; the time when the terminal accesses for the first time is time3, and the IPv6 address of the terminal is IPv63 at this time.
Some embodiments of the disclosed data validation method are described below in conjunction with fig. 2.
Fig. 2 illustrates a flow diagram of a data validation method of some embodiments of the present disclosure. As shown in fig. 2, the present embodiment includes steps S201 to S206.
In step S201, the terminal generates a unique IPv6 address suffix from its own physical information.
For example, a unique and stable invariant 64-bit IPv6 address suffix may be generated based on a PUF (Physical Unclonable Function) value of the terminal.
In step S202, the terminal transmits information for data authentication and an IPv6 address suffix to the first authentication server.
The first authentication server is an authentication server corresponding to the access gateway closest to the current distance. The terminal can upload information for data verification to the current access gateway in an asymmetric encryption mode, and upload the information to a verification server corresponding to the current access gateway through the current access gateway.
In step S203, the first authentication server determines a second authentication server for storing information from the IPv6 address suffix, and stores the information for data authentication to the second authentication server.
The first authentication server may determine the second authentication server through a preset mapping algorithm so that the second authentication server stores information for data authentication.
In step S204, the terminal sends the data to be authenticated and the IPv6 address suffix to the third authentication server.
And the terminal sends verification request information through the access gateway closest to the current distance, wherein the verification request information comprises data to be verified and an IPv6 address suffix. The access gateway sends the authentication request to a corresponding authentication server. It should be understood by those skilled in the art that since the terminal has mobility, the access gateway currently closest to the terminal in step S204 is generally different from the access gateway currently closest to the terminal in step S202, and thus the authentication server in step S204 is a third authentication server, which is generally different from the first authentication server in step S202.
In step S205, the third authentication server searches for the second authentication server according to the IPv6 address suffix, and sends the data to be authenticated to the second authentication server.
The third authentication server resolves the IPv6 address suffix in the authentication request message, the authentication server node searches for a storage location of the authentication message according to a route lookup algorithm,
and the third authentication server is the authentication server corresponding to the access gateway closest to the terminal when the terminal accesses.
In step S206, the second authentication server performs data authentication on the data to be authenticated using the information for data authentication, and transmits a data authentication result to the terminal according to the IPv6 address suffix.
The second authentication server stores information for data authentication, so that data to be authenticated (such as a terminal identifier) is authenticated on the second authentication server, and finally, an authentication result is returned to the terminal to complete the authentication of the terminal.
In the embodiment, for a mobile access scene, the terminal generates the IPv6 address suffix based on the physical information, so that the uniqueness and stability of the IPv6 address suffix are ensured; the authentication server for storing the information for data authentication is determined based on the IPv6 address suffix, the centralization of the storage position of the information for data authentication of a single terminal is ensured, and the complexity of data maintenance is reduced. Because part thing networking terminal has higher mobility, this embodiment can make the terminal realize data verification under the mobile access scene, has guaranteed the trueness credibility of terminal, recognizes that fake terminal sneaks in the thing networking, has promoted the holistic security of thing networking.
In some embodiments, the data verification method further comprises step S200.
In step S200, the access gateway corresponding to the third authentication server allocates an IPv6 address prefix to the terminal.
For example, a chip is usually installed in the drone, and the position of the drone in the use process changes in a large range, which causes the access gateway of the drone to change, so that the prefix of IPv6 changes.
In step S206, the data verification result is transmitted to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
How to determine the second authentication server for storing information is described below in conjunction with fig. 3 to introduce the work involved in the data preparation phase.
Figure 3 illustrates a flow diagram for some embodiments of determining a second authentication server for storing information. As shown in fig. 3, the present embodiment includes steps S3031 to S3035.
In step S3031, a mapping ring is generated, and the mapping nodes on the mapping ring are numbered sequentially in the clockwise direction.
Fig. 4 shows a schematic diagram of the structure of the mapping ring. As shown in fig. 4, the mapping nodes are distributed equidistantly on the mapping ring, and the total number of the mapping nodes is the maximum value of the suffix of the IPv6 address. For example, the IPv6 address is suffix with 64 bits, and the total number of mapping nodes is 264-1, the mapping nodes are numbered 0-264-1。
In step S3032, hash operation is performed on the MAC address of each authentication server to obtain a mapping node label corresponding to each authentication server, so as to determine a mapping node corresponding to each authentication server.
And carrying out hash operation on the MAC address of each verification server by using a hash function, so that each server can determine the position of each server in the mapping ring. As shown in fig. 4, the MAC addresses of the three authentication servers are hashed to determine the location of the mapping ring.
In step S3033, the IPv6 address suffix is subjected to a hash operation to obtain a mapping node label corresponding to the IPv6 address suffix, so as to determine a mapping node corresponding to the IPv6 address suffix.
As shown in fig. 4, A, B, C, D represents four mapping nodes on the mapping ring, and the mapping node corresponding to the IPv6 address suffix is assumed to be a.
In step S3034, a mapping node number corresponding to the second authentication server is determined from the mapping node numbers corresponding to the respective authentication servers, such that the mapping node number corresponding to the second authentication server is closest to the mapping node number corresponding to the IPv6 address suffix, and the mapping node number corresponding to the second authentication server is greater than the mapping node number corresponding to the IPv6 address suffix.
The authentication server with the larger mapping node label may also be referred to as a successor authentication server to the authentication server with the smaller mapping node label. Therefore, information for data authentication is stored to a subsequent authentication server closest to the data authentication server. As shown in fig. 4, the authentication server 2 is the 2 nd successor of the authentication server 1.
In step S3035, the second authentication server is determined as the authentication server for storing information.
The embodiment can store the information for data verification of a certain terminal in the fixed verification server, and the storage position has better stability and does not change along with the position change of the terminal.
The inventor further finds that the development of the mobile internet and internet of things industries causes the number of devices to increase explosively, and the problem with the explosive growth is the difficulty of centralized management and maintenance. The existing data verification system has a single-point fault risk, and if a certain central mechanism breaks down, such as the temporary breakdown of the internet of things platform with the largest load, information interaction in the whole internet of things is interrupted, and service cannot be provided for the internet of things equipment.
In view of this, in some embodiments, in step S203, after the information is stored in the second authentication server, the mapping node number corresponding to the fourth authentication server is determined by using the mapping node number corresponding to the second authentication server, and the information is also stored in the fourth authentication server.
The mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value.
For example, the information for data verification is stored in the kth subsequent node after the mapping node corresponding to the second verification server for backup.
In the embodiment, the distributed verification network is formed by the network side verification servers to provide the data verification service for the terminal, and a stability guarantee mechanism is designed, so that the information for data verification of a certain terminal can be stored in a plurality of fixed verification servers, the verification service of the terminal is not influenced when a single verification server fails or is changed, and the reliability and robustness of the data verification system are enhanced.
How to search for the second authentication server based on the IPv6 address suffix is described below in conjunction with fig. 5 to introduce the access authentication flow of the terminal.
Figure 5 illustrates a flow diagram for some embodiments of determining a second authentication server for storing information. As shown in fig. 5, the present embodiment includes steps S5051 to S5055.
In step S5051, a pre-stored mapping information table is queried, where the mapping information table records mapping nodes corresponding to m adjacent verification servers in the clockwise direction in the mapping ring, where m is a positive integer, of the mapping node corresponding to the current verification server.
Each authentication server node needs to maintain a mapping information table with m entries, and the mapping information table records information of m subsequent authentication servers of the authentication server.
In some embodiments, m satisfies the following condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer. And under the condition that the condition is met, searching m times to determine a second verification server for storing the information.
In step S5052, it is determined that the mapping node label corresponding to the IPv6 address suffix is located in a destination label interval, a start point of the destination label interval is a mapping node label corresponding to the current authentication server, and an end point of the destination label interval is a mapping node label corresponding to a clockwise neighboring authentication server in the mapping ring of the mapping node corresponding to the current authentication server.
That is, it is determined whether the mapping node corresponding to the IPv6 address suffix falls between the current authentication server and its first subsequent authentication server.
If the mapping node label corresponding to the IPv6 address suffix is located in the destination label interval, step S5053 is performed. If the mapping node label corresponding to the IPv6 address suffix is not located in the destination label interval, step S5054 is performed.
In step S5053, the mapping node corresponding to the current authentication server is found, where the mapping node corresponds to the authentication server adjacent to the mapping node in the mapping ring in the clockwise direction, and the authentication server represented by the mapping node corresponding to the adjacent authentication server is the second authentication server.
At this time, the search process may be ended, and the mapping node corresponding to the current authentication server and the first subsequent authentication server of the first subsequent authentication server are the second authentication server.
In step S5054, a target authentication server is determined in the mapping information table such that the mapping node label corresponding to the target authentication server is closest to the mapping node label corresponding to the IPv6 address suffix and the mapping node label corresponding to the target authentication server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
In this case, it is necessary to return to step S5052 to re-execute steps S5052 to S5054.
In this embodiment, the access gateway stores information for data authentication to a corresponding authentication server according to a preset mapping algorithm. After the terminal sends an access request, the storage position of information used for data verification can be quickly positioned in the distributed verification network according to a preset routing algorithm so as to verify the authenticity of the access equipment. In the embodiment, the time complexity of the route searching algorithm of the second authentication server for storing information is determined to be o (log n), so that the searching efficiency can be remarkably improved, and a high-efficiency data authentication service is provided for the terminal.
Some embodiments of the disclosed data validation system are described below in conjunction with FIG. 6.
FIG. 6 illustrates a block diagram of a data validation system according to some embodiments of the present disclosure. As shown in fig. 6, the data verification system 60 in the present embodiment includes: a terminal 601, a first authentication server 602, a second authentication server 603, and a third authentication server 604. Wherein the terminal 601 is configured to: generating a unique IPv6 address suffix according to self physical information; sending information for data verification and an IPv6 address suffix to a first verification server; sending the data to be verified and the IPv6 address suffix to a third verification server; the first authentication server 602 is configured to: determining a second authentication server for storing information according to the IPv6 address suffix, and storing the information to the second authentication server; the second authentication server 603 is configured to: carrying out data verification on data to be verified by using the information, and sending a data verification result to the terminal according to the IPv6 address suffix; the third authentication server 604 is configured to: and searching a second authentication server according to the IPv6 address suffix, and sending the data to be authenticated to the second authentication server.
In some embodiments, the first authentication server 602 is configured to: generating a mapping ring, and sequentially labeling each mapping node on the mapping ring according to the clockwise direction; the mapping nodes are distributed on the mapping ring at equal intervals, and the total number of the mapping nodes is the maximum value of an IPv6 address suffix; performing hash operation on the MAC address of each verification server to obtain a mapping node label corresponding to each verification server so as to determine a mapping node corresponding to each verification server; carrying out Hash operation on the IPv6 address suffix to obtain a mapping node label corresponding to the IPv6 address suffix so as to determine a mapping node corresponding to the IPv6 address suffix; determining a mapping node label corresponding to a second authentication server from mapping node labels corresponding to the authentication servers, wherein the mapping node label corresponding to the second authentication server is closest to a mapping node label corresponding to an IPv6 address suffix, and the mapping node label corresponding to the second authentication server is greater than the mapping node label corresponding to an IPv6 address suffix; the second authentication server is determined to be the authentication server for storing the information.
In some embodiments, the first authentication server 602 is configured to: storing the information to a second authentication server; determining a mapping node label corresponding to a fourth authentication server by using the mapping node label corresponding to the second authentication server; the mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value; the information is also stored to a fourth authentication server.
In some embodiments, the third authentication server 604 is configured to: inquiring a pre-stored mapping information table, wherein mapping nodes corresponding to m adjacent verification servers in a clockwise direction in a mapping ring of a mapping node corresponding to the current verification server are recorded in the mapping information table, and m is a positive integer; judging that the mapping node label corresponding to the IPv6 address suffix is located in a target label interval, wherein the starting point of the target label interval is the mapping node label corresponding to the current verification server, and the end point of the target label interval is the mapping node label corresponding to the verification server adjacent to the mapping node corresponding to the current verification server in the mapping ring along the clockwise direction; if the mapping node label corresponding to the IPv6 address suffix is located in the target label interval, finding the mapping node corresponding to the current authentication server in the mapping ring and corresponding to the authentication server adjacent along the clockwise direction, wherein the authentication server represented by the mapping node corresponding to the adjacent authentication server is a second authentication server; if the mapping node label corresponding to the IPv6 address suffix is not located in the target label interval, determining a target verification server in a mapping information table, so that the mapping node label corresponding to the target verification server is closest to the mapping node label corresponding to the IPv6 address suffix, and the mapping node label corresponding to the target verification server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
In some embodiments, m satisfies the following condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer.
In some embodiments, the data validation system 60 further comprises a third validation server corresponding access gateway 605 configured to: allocating IPv6 address prefixes to the terminals; the third authentication server is configured to: and sending the data verification result to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
Some embodiments of the disclosed data validation apparatus are described below in conjunction with fig. 7.
Fig. 7 shows a schematic structural diagram of a data verification device according to some embodiments of the present disclosure. As shown in fig. 7, the data verification apparatus 70 of this embodiment includes: a memory 710 and a processor 720 coupled to the memory 710, the processor 720 being configured to perform the data verification method of any of the foregoing embodiments based on instructions stored in the memory 710.
Memory 710 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), and other programs.
The data verification device 70 may also include an input output interface 730, a network interface 740, a storage interface 750, and the like. These interfaces 730, 740, 750, as well as the memory 710 and the processor 720, may be connected, for example, by a bus 760. The input/output interface 730 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 740 provides a connection interface for various networking devices. The storage interface 750 provides a connection interface for external storage devices such as an SD card and a usb disk.
The present disclosure also includes a computer readable storage medium having stored thereon computer instructions that, when executed by a processor, implement the data validation method in any of the foregoing embodiments.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only exemplary of the present disclosure and is not intended to limit the present disclosure, so that any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.

Claims (14)

1. A method of data validation, comprising:
the terminal generates a unique IPv6 address suffix according to the physical information of the terminal;
the terminal sends information for data verification and an IPv6 address suffix to a first verification server;
the first authentication server determines a second authentication server for storing the information according to the IPv6 address suffix, and stores the information to the second authentication server;
the terminal sends the data to be verified and the IPv6 address suffix to a third verification server;
the third authentication server searches a second authentication server according to the IPv6 address suffix and sends the data to be authenticated to the second authentication server;
and the second authentication server performs data authentication on the data to be authenticated by using the information and sends a data authentication result to the terminal according to the IPv6 address suffix.
2. A data verification method as claimed in claim 1, wherein said determining a second verification server for storing said information from an IPv6 address suffix comprises:
generating a mapping ring, and sequentially labeling each mapping node on the mapping ring according to the clockwise direction; the mapping nodes are distributed on the mapping ring at equal intervals, and the total number of the mapping nodes is the maximum value of an IPv6 address suffix;
performing hash operation on the MAC address of each verification server to obtain a mapping node label corresponding to each verification server so as to determine a mapping node corresponding to each verification server;
carrying out Hash operation on the IPv6 address suffix to obtain a mapping node label corresponding to the IPv6 address suffix so as to determine a mapping node corresponding to the IPv6 address suffix;
determining a mapping node label corresponding to a second authentication server from mapping node labels corresponding to the authentication servers, wherein the mapping node label corresponding to the second authentication server is closest to a mapping node label corresponding to an IPv6 address suffix, and the mapping node label corresponding to the second authentication server is greater than the mapping node label corresponding to an IPv6 address suffix;
determining the second authentication server as the authentication server for storing the information.
3. The data validation method of claim 2, wherein the storing the information to a second validation server comprises:
storing the information to a second authentication server;
determining a mapping node label corresponding to a fourth authentication server by using the mapping node label corresponding to the second authentication server; the mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value;
the information is also stored to a fourth authentication server.
4. A data verification method as claimed in claim 2 or 3, wherein said looking up a second verification server from an IPv6 address suffix comprises:
inquiring a pre-stored mapping information table, wherein mapping nodes corresponding to m adjacent verification servers in a clockwise direction in a mapping ring of a mapping node corresponding to the current verification server are recorded in the mapping information table, and m is a positive integer;
judging that the mapping node label corresponding to the IPv6 address suffix is located in a target label interval, wherein the starting point of the target label interval is the mapping node label corresponding to the current authentication server, and the end point of the target label interval is the mapping node label corresponding to the authentication server adjacent to the mapping node corresponding to the current authentication server in the mapping ring along the clockwise direction;
if the mapping node label corresponding to the IPv6 address suffix is located in the target label interval, finding the mapping node corresponding to the current authentication server in the mapping ring and corresponding to the authentication server adjacent along the clockwise direction, wherein the authentication server represented by the mapping node corresponding to the adjacent authentication server is a second authentication server;
if the mapping node label corresponding to the IPv6 address suffix is not located in the target label interval, determining a target verification server in a mapping information table, so that the mapping node label corresponding to the target verification server is closest to the mapping node label corresponding to the IPv6 address suffix, and the mapping node label corresponding to the target verification server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
5. The data verification method of claim 4, wherein m satisfies the following condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer.
6. The data verification method of claim 1, further comprising: an access gateway corresponding to the third authentication server allocates an IPv6 address prefix to the terminal;
the sending of the data verification result to the terminal by using the IPv6 address suffix comprises the following steps: and sending the data verification result to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
7. A data verification system comprises a terminal, a first verification server, a second verification server and a third verification server; wherein,
the terminal is configured to: generating a unique IPv6 address suffix according to self physical information; sending information for data verification and an IPv6 address suffix to a first verification server; sending the data to be verified and the IPv6 address suffix to a third verification server;
the first authentication server is configured to: determining a second authentication server for storing the information according to the IPv6 address suffix, and storing the information to the second authentication server;
the second authentication server is configured to: carrying out data verification on data to be verified by using the information, and sending a data verification result to the terminal according to the IPv6 address suffix;
the third authentication server is configured to: and searching a second authentication server according to the IPv6 address suffix, and sending the data to be authenticated to the second authentication server.
8. The data validation system of claim 7, wherein the first validation server is configured to:
generating a mapping ring, and sequentially labeling each mapping node on the mapping ring according to the clockwise direction; the mapping nodes are distributed on the mapping ring at equal intervals, and the total number of the mapping nodes is the maximum value of an IPv6 address suffix;
performing hash operation on the MAC address of each verification server to obtain a mapping node label corresponding to each verification server so as to determine a mapping node corresponding to each verification server;
carrying out Hash operation on the IPv6 address suffix to obtain a mapping node label corresponding to the IPv6 address suffix so as to determine a mapping node corresponding to the IPv6 address suffix;
determining a mapping node label corresponding to a second authentication server from mapping node labels corresponding to the authentication servers, wherein the mapping node label corresponding to the second authentication server is closest to a mapping node label corresponding to an IPv6 address suffix, and the mapping node label corresponding to the second authentication server is greater than the mapping node label corresponding to an IPv6 address suffix;
determining the second authentication server as the authentication server for storing the information.
9. The data validation system of claim 8, wherein the first validation server is configured to:
storing the information to a second authentication server;
determining a mapping node label corresponding to a fourth authentication server by using the mapping node label corresponding to the second authentication server; the mapping node label corresponding to the fourth authentication server is greater than the mapping node label corresponding to the second authentication server, and the difference between the mapping node label corresponding to the fourth authentication server and the mapping node label corresponding to the second authentication server is smaller than a preset value;
the information is also stored to a fourth authentication server.
10. The data validation system of claim 8 or 9, wherein the third validation server is configured to:
inquiring a pre-stored mapping information table, wherein mapping nodes corresponding to m adjacent verification servers in a clockwise direction in a mapping ring of a mapping node corresponding to the current verification server are recorded in the mapping information table, and m is a positive integer;
judging that the mapping node label corresponding to the IPv6 address suffix is located in a target label interval, wherein the starting point of the target label interval is the mapping node label corresponding to the current authentication server, and the end point of the target label interval is the mapping node label corresponding to the authentication server adjacent to the mapping node corresponding to the current authentication server in the mapping ring along the clockwise direction;
if the mapping node label corresponding to the IPv6 address suffix is located in the target label interval, finding the mapping node corresponding to the current authentication server in the mapping ring and corresponding to the authentication server adjacent along the clockwise direction, wherein the authentication server represented by the mapping node corresponding to the adjacent authentication server is a second authentication server;
if the mapping node label corresponding to the IPv6 address suffix is not located in the target label interval, determining a target verification server in a mapping information table, so that the mapping node label corresponding to the target verification server is closest to the mapping node label corresponding to the IPv6 address suffix, and the mapping node label corresponding to the target verification server is smaller than the mapping node label corresponding to the IPv6 address suffix; and taking the target authentication server as the current authentication server, and repeatedly executing the steps until the second authentication server is found.
11. The data validation system of claim 10, wherein m satisfies the condition:
2m≥N
where N represents the total number of individual authentication servers, and N is a positive integer.
12. The data validation system of claim 7, further comprising an access gateway corresponding to the third validation server configured to: allocating IPv6 address prefixes to the terminals;
the third authentication server is configured to: and sending the data verification result to the terminal according to the IPv6 address prefix and the IPv6 address suffix.
13. A data verification apparatus, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the data validation method of any of claims 1-6 based on instructions stored in the memory.
14. A computer readable storage medium, wherein the computer readable storage medium stores computer instructions which, when executed by a processor, implement the data validation method of any of claims 1 to 6.
CN201911297344.2A 2019-12-17 2019-12-17 Data verification method, device and computer readable storage medium Active CN112995103B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911297344.2A CN112995103B (en) 2019-12-17 2019-12-17 Data verification method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911297344.2A CN112995103B (en) 2019-12-17 2019-12-17 Data verification method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN112995103A true CN112995103A (en) 2021-06-18
CN112995103B CN112995103B (en) 2022-08-02

Family

ID=76341763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911297344.2A Active CN112995103B (en) 2019-12-17 2019-12-17 Data verification method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112995103B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080089301A1 (en) * 2006-10-13 2008-04-17 Samsung Electronics Co., Ltd. Mobility supporting method of mobile terminal based on prefix binding and mobility supporting system using the method
JP2009239952A (en) * 2009-06-26 2009-10-15 Hitachi Communication Technologies Ltd Ipv6 address allocation method
CN101771668A (en) * 2008-12-29 2010-07-07 华为技术有限公司 Method, gateway, server and system for obtaining IPv6 address information
CN103188351A (en) * 2011-12-27 2013-07-03 中国电信股份有限公司 IPSec VPN communication service processing method and system under IPv6 environment
CN108123857A (en) * 2017-12-26 2018-06-05 新华三技术有限公司 A kind of connection control method and device
CN110392128A (en) * 2019-08-20 2019-10-29 清华大学 The quasi- zero-address IPv6 method and system for disclosing web services are provided

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080089301A1 (en) * 2006-10-13 2008-04-17 Samsung Electronics Co., Ltd. Mobility supporting method of mobile terminal based on prefix binding and mobility supporting system using the method
CN101771668A (en) * 2008-12-29 2010-07-07 华为技术有限公司 Method, gateway, server and system for obtaining IPv6 address information
JP2009239952A (en) * 2009-06-26 2009-10-15 Hitachi Communication Technologies Ltd Ipv6 address allocation method
CN103188351A (en) * 2011-12-27 2013-07-03 中国电信股份有限公司 IPSec VPN communication service processing method and system under IPv6 environment
CN108123857A (en) * 2017-12-26 2018-06-05 新华三技术有限公司 A kind of connection control method and device
CN110392128A (en) * 2019-08-20 2019-10-29 清华大学 The quasi- zero-address IPv6 method and system for disclosing web services are provided

Also Published As

Publication number Publication date
CN112995103B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
TWI632482B (en) Method and device for generating identify information
US10715485B2 (en) Managing dynamic IP address assignments
US10616243B2 (en) Route updating method, communication system, and relevant devices
TWI659300B (en) Method and device for providing equipment identification
US10581849B2 (en) Data packet transmission method, data packet authentication method, and server thereof
WO2019160128A1 (en) Method for validating transaction in blockchain network and node for configuring same network
CN104572727A (en) Data querying method and device
CN110278192B (en) Method and device for accessing intranet by extranet, computer equipment and readable storage medium
CN105592011A (en) Account login method and account login device
CN101771537A (en) Processing method and certificating method for distribution type certificating system and certificates of certification thereof
US20170195352A1 (en) System and method for monitoring security of a computer network
CN109951393B (en) Network segment searching method and device
JP6467540B1 (en) Method for verifying transactions in a blockchain network and nodes for configuring the network
CN111597567A (en) Data processing method, data processing device, node equipment and storage medium
CN110619022B (en) Node detection method, device, equipment and storage medium based on block chain network
CN105491094B (en) Method and device for processing HTTP (hyper text transport protocol) request
CN111314379B (en) Attacked domain name identification method and device, computer equipment and storage medium
CN112995103B (en) Data verification method, device and computer readable storage medium
CN108228272B (en) WEB container generation processing method, equipment and server
CN111464312B (en) Method and device for processing account addresses in blockchain and electronic equipment
JP2014524210A (en) Generate variable length nonce
EP3506145B1 (en) Data integrity protection method and device
CN116489123A (en) Industrial Internet identification-based processing method and device
JP2018110345A (en) Setting program, setting method, and setting device
CN104079676A (en) Method and equipment of searching address of cloud computing cluster host

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant