On the Internet, an Internet Protocol (IP) address is not only used as an identifier of location of a host at the network layer but also used as an identifier of the host at the transport layer. Therefore, the principle of minimizing the coupling between different layers in the layered structure of the Internet is actually violated, and the close coupling between the network layer and the transport layer hinders independent development of the layers. For example, when the host moves on the Internet, the IP address used as the identifier of the host should not be changed, while the IP address used as the identifier of location of the host on the Internet should be changed. Hence, the logical concept is confusable.
To separate the identifier of the host from the identifier of location of the host, the Internet Engineering Task Force (IETF) launches an comprehensive solution, where the solution introduces a new namespace—host identity (Host Identity, HI) and a new sub-layer—host identity protocol (Host Identity Protocol, HIP) layer between the network layer and the transport layer. Above the HIP layer, the HI is used to identify the host, which was the task of the IP address, and the IP address is dedicated to identify the location of the host on the network. In this way, when the host moves on the network, the HI used as the identifier of the host is not changed, and only the IP address used as an identifier of location on the network is changed. In essence, the HI is a public key in a public/private key pair. The length of the HI varies depending on algorithms in different public key systems. However, a host identity tag (HIT) with a fixed length (128 bits) is generally used in the actual protocol to identify the host. The HIT is a 128-bit binary number and is generated from the HI by using a hash algorithm.
A host, the identifier of which is the HI is called a HIP host. Without the HI, the traditional host cannot be interconnected with the HIP host, therefore a HIP proxy plays an important role in the HIP solution. The HIP proxy allocates an HI and a private key corresponding to the HI to each traditional host managed by the HIP Proxy, and communicates with the HIP host in place of the traditional host. To ensure the security of communication, the HIP proxy must establish a security channel for each pair of traditional host and HIP host that communicate with each other. If one HIP host communicates with multiple traditional hosts, the HIP proxy must shake, hands with the same HIP host multiple times, and establish multiple HIP security channels respectively. Therefore, the quantity of HIP security channels is large, and maintenance loads are increased.