METHOD FOR SECURING NAME REGISTRIES, NETWORK ACCESS AND DATA COMMUNICATION IN ID/LOCATOR SPLIT-BASE NETWORKS

摘要

The invention provides a new system for internet security. The internet network system comprises a first Edge Network 11 that comprises a Source Host (SH) 12, a first gateway (GW) 13 and a Local Name Server (LNS) 14, a Logical Control network 21 which comprises a Domain Name Registry (DNR) 22 and a Host Name Registry (HNR) 23, a Target Host (TH) 31 in the first Edge Network 11 or in a second Edge Network 32 and a Global Transit Network 41 which includes Routers 42 to connect the first Edge Network 11, the Logical Control network 21; and the second Edge Network 32.

主权项

1. A method for a hostname resolution in an internet network system (1)
wherein the system comprises: a first Edge Network (11) that comprises a Source Host (SH) (12), a first gateway (GW) (13) and a Local Name Server (LNS) (14); a Logical Control network (21) which comprises a Domain Name Registry (DNR) (22) and a Host Name Registry (HNR) (23); a Target Host (TH) (31) in the first Edge Network (11) or in a second Edge Network (32); and a Global Transit Network (41) which includes Routers (42) to connect the first Edge Network (11), the Logical Control network (21); and the second Edge Network (32), wherein the method comprises: the SH (12), which knows a hostname of the TH (31), sends a hostname resolution query, which includes the hostname of the TH (31), to the LNS (14) so as to obtain any one or more of the TH's ID, the TH's locator and the TH's Public Key (PK), the LNS (14) receives the hostname resolution query and checks whether the TH (31) is in the first Edge Network (11) or not, when the LNS (14) cannot decide that the TH (31) is located in the first Edge Network (11), the LNS (14) sends a first query, which includes the hostname of the TH (31), to the DNR (22), the DNR (22) receives the first query and then the DNR (22) sends a first reply to the LNS (14), wherein the first reply contains the HNR's information including the HNR's ID, the HNR's locator, and the HNR's Public Key, the LNS (14) receives the first reply and then the LNS (14) sends a second query to the HNR (23) using the HNR's information, wherein the second query requests the HNR (23) to provide LNS (14) with the TH's ID, the TH's locator and the TH's PK, the HNR (23) receives the second query and then the HNR (23) sends a second reply to the LNS (14), wherein the second reply contains the TH's ID, the TH's locator and the TH's PK, the LNS (14) receives the second reply and executes a function to verify the authenticity of the second reply by using the HNR's PK, when the result of the verification is OK, the LNS (14) sends a hostname resolution response, which includes the TH's ID, the TH's locator and the TH's Public Key (PK), to the SH (12), the SH (12) receives the TH's ID, the TH's locator and the TI-Ps PK in the hostname resolution response.