With the development of information technology, information network, with the Internet being the representative, has played more and more important function in the economic and social development. The status of Internet in the people's life also becomes more and more important.
There are two kinds of enterprises providing Internet services for people: one is called as Internet Service Provider (ISP), which owns network resources, and provides Internet access service for the users by various accessing ways, such as Asymmetric Digital User Line (ADSL), 3rd-Generation (3G), Ethernet and Wireless Local Area Network (WLAN), and so on, for example, all basic telecommunication operators, such as China Telecom and China Mobile, belong to this kind of Internet service provider; another kind is called as Internet Content Provider (ICP), which opens various kinds of websites on the Internet, and provides various Internet services, such as news, Email, game, search, chat and so on, for people, and enterprises, such as Sina, Tencent, Baidu and so on, all belong to this kind of Internet service provider.
In the related art, Transmission Control Protocol/Internet Protocol (TCP/IP) is the basic protocol of the Internet, which is divided into five layers and whose protocol stack is as shown in Table 1. Wherein, the most crucial is the IP protocol for the network layer, and access between users is achieved through the IP address; TCP and UDP respectively provide two communication modes, namely, connection-oriented and non-connection-oriented; the protocol in the application layer provides users with various specific services, such as WEB access (HTTP), EMAIL service, Voice over IP (VOIP) service (based on SIP), and so on.
TABLE 1Application layerHTTP (HyperText Transfer Protocol), EMAIL, S IP (Session InitiationProtocol), etc.Transmission layerTCP, UDP (User Datagram Protocol )Network layerIPLink layerEthernet, ATM (Asynchronous Transfer Mode), 3G link, etc.Physical layerFiber, cable, radio wave, etc.
Based on the above network structure, the ISP authentication center needs to authenticate the user when the user accesses the internet. For example, in the ADSL accessing mode, the ISP authentication center provides a user name and a password for the user in advance, and after the user enters the user name and the password on the terminal, the ISP authentication center authenticates the user and then distributes to the user an IP address. The user accesses various services in the Internet afterwards through this IP address, and this IP address is analogous to a temporary identification of the user. Similarly, in a mobile network, an ISP authentication center (e.g. China Mobile) will distribute to each user a User Identification Module (SIM) card, which is to be inserted into the mobile phone, and when the user accesses the internet, the ISP authentication center authenticates the user according to the International Mobile User Identification (IMSI) information on the SIM card. After authentication is passed, an IP address is also distributed to the user.
Since an IP address has dual attributes, namely, identification attribute and location attribute, the IP address cannot be used as a long-term identification identifier of the user. The reasons are: on one hand, the IP address is the identification attribute of the user, and on the other hand, the IP address is the location attribute of the user, wherein, the IP address prefix of the user indicates the sub-network where the user is currently in, so after the location of the user changes, a different address must be distributed, otherwise, the router cannot forward data packets correctly to the user. Therefore, in the current Internet, the IP address distributed to the user by the ISP authentication center is not fixed every time the user accesses the Internet.
Just because the IP address distributed to the user by the ISP is not necessarily the same, the ICP must establish a set of user identification identifying system by itself in order to identify the identification of the user. The ICP website identifies the user in two steps, the first being registration, and the second being login. A user sets by himself a user name (must not overlap with existing user names) and a password during registration, and enters other personal information, such as date of birth, gender, telephone number, E mail address, occupation, hobby, etc. The ICP website stores this information in its own database, and registration of the user is completed. When the users logs in, the ICP website will require the user to enter a user name and a password, and the user may access various services of the ICP website after authentication is passed.
As can be seen, in the existing Internet, there are two authentications for a user to access an ICP website: the ISP authentication center implements an authentication for the user to access the Internet, and the ICP website implements another authentication for the user to visit its website. Since the user usually needs to visit a plurality of websites and an authentication is needed every time the user visits an ICP website, there are actually a plurality of authentications. Plural authentications cause big inconvenience to the user to access the Internet, for example: the user name and password can be easily forgotten; if the user visits the website for the first time, the user needs to register before visiting, even if the user visits this website for only one time. Moreover, for the ICP website, it is very costly to establish a user identifying system by itself.
Currently, the mobility and security problem caused by the defect of dual attributes of the IP address has become a bottleneck for further development of the Internet. In order to solve this problem, study is being made in the industry on a plurality of next-generation network technologies based on an identification location separation network, such as Locator/Identifier Separation Protocol (LISP), Host Identity Protocol (HIP), Six/one, integrated network and so on. The common feature of these technologies is that two coding spaces are incorporated: an identification code indicating the identification of the user, and a location code indicating the location of the user. Therefore, each user has both an identification code and a location code. The upper-layer service connection such as TCP and UDP establishes a communication connection with the opposite end based on the identification code of the user. When the user moves, the location code of the user also changes, but the identification code of the user keeps unchanged. Therefore, movement of the user will not cause interruption of the upper-layer service.
The protocol stack based on an identification location separation network is as shown in Table 2.
TABLE 2Application layerHTTP, EMAIL, S IP, e tc.Transmission layerTCP, UDPNetwork layerIdentification code or IPLink layerEthernet, A TM, 3G link, etc.Physical layerFiber, c able, radio wave, etc.
After the identification code and the location code of the user are separated, a fixed identification code can be distributed to each user. When the user accesses the Internet, the ISP authentication center authenticates the user, and after authentication is passed, the ISP authentication center finds out in the database the identification code distributed to the user in advance and issues it to the user to use, and this identification code is the identification identifier of the user when accessing the Internet. In this scheme, the distributed identification code every time the user accesses the Internet is the same.
However, in the current technology of identification location separation network, the identification code of the user is only used for identification of the user in the network layer, i.e., the ISP authentication center uses this identification code for identification of the user accessing the Internet. While the ICP website still establishes by itself a set of identification identifying system. The user still needs to firstly register before login when visiting an ICP website. The problem of plural authentications when the user accesses Internet is still not solved, which limits the launch of new services.