Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the application may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods and systems, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Accordingly, a first component discussed below could be termed a second component without departing from the teachings of the present inventive concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments and that the modules or flows in the drawings are not necessarily required to practice the application and therefore should not be taken to limit the scope of the application.
The inventor of the application researches and discovers that in order to realize the large-scale use of the industrial Internet identification and the safe access of the industrial Internet application, the access capability of the industrial Internet identification analysis system can be packaged into a card application of the UICC. The embedded UICC can meet more working scenes, has the characteristics of higher physical reliability, low power consumption, small size and the like, and is more suitable for being used in industrial environments. In addition, the remote card writing application capability of the embedded UICC is simultaneously applicable to the industrial Internet and the consumption Internet, and provides a foundation for fusion of industrial business processes and carrier card processes.
The identification resolution system is an important component of an industrial Internet network system, is an extension of a domain name system to the industrial field, and is connected with the Internet at one end and production and manufacture at the other end. The difference of identification analysis understanding under the network of an operator and the scene of the industrial Internet can possibly lead to differentiation in aspects of technical selection, standard route and the like, and influence the interconnection and intercommunication of data. The integration development of multiple systems is advanced, and the expandability of the network architecture is improved.
In the prior art, CN200910250002.5 is a method for generating and authenticating an IPv6 address based on the physical characteristics of a chip, and the technology proposed by the patent generates the IPv6 address of a terminal based on the physical characteristics of the chip, prevents counterfeit devices from accessing the network from the chip level, and enhances the security capability of the network. The decentralization infrastructure is adopted to improve the efficiency of equipment access authentication and solve the difficulty of decentralization management and maintenance. However, the IPv6 address allocation method in this patent is only used to solve the security problem of terminal access in each network, and does not involve specific information analysis and management of terminal devices.
In the prior art, 201910077755.4 is a sensing node IPv6 address allocation method based on trusted identity, and this patent proposes a sensing node IPv6 address allocation method based on trusted identity, which uses the combination and operation of sensing node identity information based on OID technology and signed temporary identity address to generate the interface ID of IPv6 address. The communication party of the sensing node obtains the identity information of the sensing node from the interface ID in the IPv6 address of the sensing node, verifies the signature and verifies the authenticity of the identity information. The identifier generating method in the patent generates the IPv6 address according to the physical characteristics of the terminal or the temporary identity identifier, and can verify the identity of the access terminal, but the IPv6 identifier can only be verified in an operator domain, and can not realize the intercommunication with the industrial identifier in the industrial Internet scene.
The IPv6 active identifier processing method and device provided by the application are an IPv6 active identifier generation analysis method and device based on a SIM card patch module, and can realize that connection can be actively initiated to an identifier analysis platform based on the SIM card patch module without the help of an identifier read-write device, so that the problem that the conventional passive identifier carrier lacks the remote network connection capability is solved. The integration of the industrial related data and the operator network data is realized by utilizing the active identification carrier, the credible verification of the multi-data intercommunication can be realized, the safety capability of the identification is enhanced, the problem of the industrial identifier and the operator data splitting is effectively solved, and the traceability of the IPv6 address is improved.
The present application will be described in detail with the aid of specific examples.
Fig. 1 is a system block diagram of an IPv6 active identifier processing system, according to an example embodiment.
As shown in fig. 1, the system architecture 10 may include internet of things terminals 101, 102, 103, an internet of things base network 104 and operator resolution platform 105, an industrial identification resolution platform 106, an industrial platform 107. The internet of things base network 104 is used to provide a medium for communication links between the internet of things terminals 101, 102, 103 and the operator resolution platform 105, the industrial identification resolution platform 106. The internet of things base network 104 may include a radio access network and a core network, and various connection types corresponding thereto, such as a wired, wireless communication link, or fiber optic cable, etc.
The internet of things terminals 101, 102, 103 interact with an operator analysis platform 105 and an industrial identification analysis platform 106 through an internet of things base network 104 to receive or send message data and the like. Various monitoring applications, such as smart home applications, intelligent monitoring applications, search applications, instant messaging tools, mailbox clients, social platform software, and the like, can be installed on the internet of things terminals 101, 102, 103.
The internet of things terminals 101, 102, 103 may be a variety of electronic devices with data transfer functionality including, but not limited to, smart devices, smart home products, smart meters, smart phones, tablets, laptop and desktop computers, and the like.
The internet of things base network 102 may, for example, allocate IPv6 address prefixes to the internet of things terminals 101, 102, 103 in advance according to the IPv6 address planning principle;
the internet of things terminals 101, 102, 103 may generate an IPv6 active identifier, for example, according to a built-in communication module; the internet of things terminals 101, 102, 103 may also generate an IPv6 message, for example, according to an IPv6 address prefix and the IPv6 active identifier;
the internet of things base network 104 may, for example, forward the IPv6 message to the operator resolution platform 105 and the industrial identification resolution platform 106;
the operator parsing platform 105 may obtain, for example, IPv6 messages from the internet of things terminals 101, 102, 103 through the internet of things base network 104; the operator parsing platform 105 may, for example, interpret the IPv6 message to obtain the basic communication information of the internet of things terminals 101, 102, 103.
The industrial identification analysis platform 106 may obtain, for example, an IPv6 message from the internet of things terminals 101, 102, 103 through the internet of things base network 104; the industrial identification resolution platform 106 may, for example, interpret the IPv6 message to obtain the device basic information of the internet of things terminals 101, 102, 103.
The industrial platform 107 may, for example, obtain, by the operator resolution platform 105, the communication basic information of the internet of things terminals 101, 102, 103; the industrial platform 107 may, for example, obtain, by the industrial identifier resolution platform 106, device basic information of the internet of things terminals 101, 102, 103; the industrial platform 107 may manage the internet of things terminals 101, 102, 103, for example, according to the communication basic information and the device basic information.
The operator analysis platform 105, the industrial identification analysis platform 106, and the industrial platform 107 may be servers of one entity, or may be a plurality of servers, for example, it should be noted that, the IPv6 active identifier processing method provided by the embodiment of the present application may be executed by the internet of things terminals 101, 102, 103, the internet of things base network 104, and the operator analysis platform 105, the industrial identification analysis platform 106, and the industrial platform 107 together.
Fig. 2 is a flow chart illustrating a method of IPv6 active identifier processing according to an example embodiment. The IPv6 active identifier processing method 20 at least includes steps S202 to S212.
As shown in fig. 2, in S202, the internet of things base network allocates an IPv6 address prefix to the internet of things terminal in advance according to an IPv6 address planning principle.
In S204, the internet of things terminal generates an IPv6 active identifier according to the built-in communication module. The method for generating the built-in IPv6 interface identifier in the communication module comprises the steps of recording the binding relation between the SIM card and the module in the background; the internet of things terminal installs the module, acquires a fixed IPv6 prefix from the core network after power-on, and generates an IPv6 address identifier according to a preset rule.
More specifically, the first identifier may be generated based on the mobile user identification code; generating a second identifier based on the PUF information; splicing the first identifier and the second identifier to generate a third identifier; the third identifier is converted into the form of an IPv6 address to generate an IPv6 active identifier.
In S206, the internet of things terminal generates an IPv6 message according to the IPv6 address prefix and the IPv6 active identifier.
The format of the IPv6 message is shown in the following table:
| IPv6 address prefix | IPv6 active identifier |
In S208, the operation Shang Jiexi platform parses the IPv6 message to obtain the communication basic information of the terminal of the internet of things; more specifically, an operator analysis platform acquires an IPv6 message from the terminal of the Internet of things through the base network of the Internet of things; and analyzing the IPv6 message by an operation Shang Jiexi platform to acquire the communication basic information of the terminal of the Internet of things. The platform can inquire information such as terminal account opening, online and the like according to the IPv6 message;
in S210, the industrial identifier parsing platform parses the IPv6 message to obtain device basic information of the terminal of the internet of things; more specifically, the industrial identification analysis platform acquires an IPv6 message from the terminal of the Internet of things through the basic network of the Internet of things; and the industrial identification analysis platform analyzes the IPv6 message to acquire the basic information of the equipment of the terminal of the Internet of things. The fusion of the industrial data and the operator data can be established according to the IPv6 address;
in S212, the industrial platform manages the terminal of the internet of things according to the communication basic information and the device basic information. More specifically, the industrial platform acquires the communication basic information of the terminal of the Internet of things through an operator analysis platform; the industrial platform acquires the basic information of the equipment of the terminal of the Internet of things by an industrial identification analysis platform; and the industrial platform manages the terminal of the Internet of things according to the communication basic information and the equipment basic information.
The IPv6 message format may be associated with operator information, and by parsing in the operator parsing platform, may include, but is not limited to, related data such as an SIM card number of the internet of things, account opening information, address planning information, data traffic, etc. Meanwhile, the IPv6 address is associated with the equipment industry ID, and corresponding equipment data such as information of suppliers, equipment types and the like can be analyzed through the industry identification analysis node. By combining the IPv6 identification with the industrial identification, fusion of related enterprise queriable operator related data and enterprise equipment data can be realized, and specific data can be shown in fig. 3.
According to the IPv6 active identifier processing method, an IPv6 address prefix is allocated to the terminal of the Internet of things in advance through a core network according to an IPv6 address planning principle; the internet of things terminal generates an IPv6 active identifier according to the built-in communication module; the internet of things terminal generates an IPv6 message according to the IPv6 address prefix and the IPv6 active identifier for other platforms to analyze, so that an industrial enterprise can acquire multi-dimensional information of the equipment, management tracing of the terminal equipment is facilitated, and the connection and control of the side of the industrial platform to the equipment side are easy to realize by adopting a unique and real IP address.
The IPv6 active identifier processing method is an IPv6 active identifier generation and analysis method based on the SIM card patch module, and utilizes the SIM card patch module to realize the binding relationship between the IMSI and the address through hardware. The authenticity of the network layer address is ensured, the perception authentication of the terminal IP address to the equipment identity in the network layer is realized, and the accurate positioning, investigation striking and quick handling capacity of the IPv6 address are enhanced.
According to the IPv6 active identifier processing method, the combined analysis of the operator domain and the industrial identifier can be realized, various data information can be interconnected and communicated by defining the Internet of things identifier, and the information management and interaction which are free of obstacles, cross-platform, cross-industry and cross-domain are realized, and are safe and efficient.
It should be clearly understood that the present application describes how to make and use specific examples, but the principles of the present application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 4 is a flowchart illustrating a method of IPv6 active identifier processing according to another exemplary embodiment. The flow 40 shown in fig. 4 is a detailed description of the processing procedure of the terminal of the internet of things. The IPv6 active identifier generating process relates to the steps of terminal IMSI value and PUF value extraction, encryption transformation and the like, and finally an interface identifier can be formed for network communication, and the method comprises the following specific steps: as shown in fig. 4.
In S402, a first identifier is generated based on a mobile subscriber identity. Extracting the first three bits and the second two bits of the mobile user identification code; converting the extracted mobile user identification code into 16-system form data; the last six bits of the 16-ary form data are truncated as the first identifier.
In S404, a second identifier is generated based on the PUF information. Performing MD5 information summary algorithm calculation on the 32bit PUF information to obtain a 16 byte (32 character) hash value; extracting 16 bytes of data according to the calculation result; the second identifier is generated by intercepting the last 10 bits of data from the 15 th bit of the 16 bytes of data.
In S406, the first identifier and the second identifier are spliced to generate a third identifier.
In S408, the third identifier is converted into the form of an IPv6 address to generate an IPv6 active identifier. Converting the third identifier into a lower case identifier, reserving a leading 0 bit to generate the IPv6 active identifier.
In S410, an IPv6 address prefix is acquired by the internet of things infrastructure network.
In S412, an IPv6 packet is generated according to the IPv6 address prefix and the IPv6 active identifier, so as to be analyzed by other platforms.
The IPv6 active identifier processing method is based on IPv6 active identifier generation of the SIM card patch module, generates an IPv6 address by utilizing the SIM card information in the patch module and combining with the PUF information of the terminal, stores an industrial identifier ID in the module, and realizes generation and binding of the IPv6 address. The network side is communicated with the operator identification analysis platform and the industrial identification analysis platform through the Internet of things basic network, and terminal equipment information is analyzed according to the operator network information and the industrial identification respectively. The enterprise identification analysis application realizes the safe, efficient and multidimensional data interaction of cross-platform and cross-domain through the interaction information of the industrial platform and the analysis platform.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above-described method provided by the present application. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiment of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
According to the IPv6 active identifier processing method, in the industrial Internet scene, the IPv6 address and the Internet of things card number are used as the industrial Internet identification carrier, and an operator can manage and control the terminal information of the Internet of things and can realize fusion of industrial enterprise data and operator data. Meanwhile, an operator can also sell the address management and identification analysis as value added services of the clients of the Internet of things, so that the differentiated competitive advantage of enterprises can be enhanced, and the number income of the clients of the Internet of things can be increased.
According to the IPv6 active identifier processing method, the network address planning and management of a specific enterprise can be realized in an industrial Internet scene, and the equipment of a certain enterprise can be realized in the same address field. The method and the device can enable an industrial enterprise to acquire the multi-dimensional information of the equipment, facilitate management and tracing of the terminal equipment, adopt unique and real IP addresses, and easily realize connection and control of the lateral equipment side of the industrial platform.
Fig. 5 is a block diagram of an IPv6 active identifier processing system, according to an example embodiment. As shown in fig. 5, the IPv6 active identifier processing system 50 includes: the system comprises an Internet of things terminal 502, an Internet of things base network 504, an operator analysis platform 506, an industrial identification analysis platform 508 and an industrial platform 510.
The internet of things terminal 502 is configured to generate an IPv6 active identifier according to the built-in communication module; generating an IPv6 message according to the IPv6 address prefix and the IPv6 active identifier; the internet of things terminal 502 may include a main control module, a power module, a peripheral interface module, a sensing module and a communication module, where the puf includes a patch type SIM card and stores an industrial identification ID, so that IPv6 address generation and binding may be implemented.
The internet of things basic network 504 is configured to allocate an IPv6 address prefix to an internet of things terminal in advance according to an IPv6 address planning principle; the system is also used for forwarding the IPv6 message to an operator analysis platform and an industrial identification analysis platform; the internet of things base network 504 may include a radio access network and a core network, providing a service transmission channel for the entire internet of things.
The operator analysis platform 506 is configured to analyze the IPv6 packet to obtain basic communication information of the terminal of the internet of things; the operator analysis platform 506 can also verify the IPv6 address according to the data message reported by the internet of things terminal, and can obtain the related internet of things terminal information corresponding to the SIM card.
The industrial identification analysis platform 508 is configured to analyze the IPv6 packet to obtain device basic information of the terminal of the internet of things; the industrial identification analysis platform 508 can also provide identification analysis service for industry enterprises, and can analyze corresponding equipment information according to the industrial identification.
The industrial platform 510 is configured to manage the terminal of the internet of things according to the communication basic information and the device basic information. Industrial platform 510 may comprise various types of enterprise identity resolution applications and may interact with the operator resolution platform and the industrial identity resolution node to obtain corresponding data.
According to the IPv6 active identifier processing device, an IPv6 address prefix is allocated to the terminal of the Internet of things in advance according to an IPv6 address planning principle through a core network; the internet of things terminal generates an IPv6 active identifier according to the built-in communication module; the internet of things terminal generates an IPv6 message according to the IPv6 address prefix and the IPv6 active identifier for other platforms to analyze, so that an industrial enterprise can acquire multi-dimensional information of the equipment, management tracing of the terminal equipment is facilitated, and the connection and control of the side of the industrial platform to the equipment side are easy to realize by adopting a unique and real IP address.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 600 according to this embodiment of the application is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different system components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs steps according to various exemplary embodiments of the present application described in the present specification. For example, the processing unit 610 may perform the steps as shown in fig. 2, 4.
The memory unit 620 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 6201 and/or cache memory unit 6202, and may further include Read Only Memory (ROM) 6203.
The storage unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 600' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 600, and/or any devices (e.g., routers, modems, etc.) that the electronic device 600 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 7, the technical solution according to the embodiment of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiment of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: the core network distributes IPv6 address prefixes for the terminals of the Internet of things in advance according to the IPv6 address planning principle; the internet of things terminal generates an IPv6 active identifier according to the built-in communication module; and the internet of things terminal generates an IPv6 message according to the IPv6 address prefix and the IPv6 active identifier so as to be analyzed by other platforms. The computer readable medium may also implement the following functions: generating a first identifier based on the mobile user identification code; generating a second identifier based on the PUF information; splicing the first identifier and the second identifier to generate a third identifier; the third identifier is converted into the form of an IPv6 address to generate an IPv6 active identifier.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
The exemplary embodiments of the present application have been particularly shown and described above. It is to be understood that this application is not limited to the precise arrangements, instrumentalities and instrumentalities described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.