CN106162510A - Security procedure managing device and security procedure management method - Google Patents
Security procedure managing device and security procedure management method Download PDFInfo
- Publication number
- CN106162510A CN106162510A CN201510163456.4A CN201510163456A CN106162510A CN 106162510 A CN106162510 A CN 106162510A CN 201510163456 A CN201510163456 A CN 201510163456A CN 106162510 A CN106162510 A CN 106162510A
- Authority
- CN
- China
- Prior art keywords
- security procedure
- mentioned
- grade
- security
- procedure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention provides security procedure managing device and the security procedure management method of a kind of security procedure that can optimize M2M equipment.Security procedure managing device includes: security procedure monitor unit, monitors the security procedure set up, and obtains the progress information of the above-mentioned security procedure set up;And security procedure control unit, the security procedure grade of the control model representing corresponding from different progress informations it is preset with for security procedure, above-mentioned security procedure control unit, according to the security procedure grade of the above-mentioned security procedure set up, is controlled according to the control model corresponding with the above-mentioned progress information that above-mentioned security procedure monitor unit obtains.
Description
Technical field
The present invention relates to a kind of security procedure managing device that security procedure is managed and security procedure
Management method.
Background technology
Leading under current M2M (Machine-to-Machine: communicate between machine and machine) agreement
Letter can apply to various field.Thus the application of the networking with device end intelligent interaction as core
The biggest popularization is obtained with service.
In this M2M communicates, it is sometimes desirable to the particular range (equipment in such as certain mansion
Between communication etc.) the stronger security performance of communicating requirement.In prior art, it is possible to utilize
Security protocol is transmitted between both sides in data, is set up safety between such as M2M equipment and remote node
Process, ensures the safety of intercommunication.
Such as disclose in patent documentation 1 (US 20120198520 A1) and carry in M2M equipment
System and method for safety operation.In this patent documentation 1, M2M equipment is according to security strategy
It is determined as certain operation needing to perform under the security context in M2M equipment.Particularly, in peace
In the case of full policy mandates operation performs in the environment of safety, the management module in M2M equipment can
To set up security procedure according to this strategy, in order to meet the requirement specified by this strategy.
By setting up security procedure according to security strategy, it is possible to control safety operation, and help control
The expense of safety operation processed.
But, in the such prior art of patent documentation 1, determine security procedure according to strategy
Set up and disconnect, during security procedure is set up, remaining the security procedure under security protocol, from
And the overhead issues after security procedure is set up cannot be optimized.
Figure 10 shows security procedure state based on security protocol.When (a) of Figure 10,
Even if not data transmission between M2M equipment and remote node, security procedure becomes not busy after setting up
Configuration state, it is also desirable to retain this security procedure.When (b) of Figure 10, even if remotely saving
In the case of point cannot carry out data transmit-receive with M2M equipment due to problems such as faults, M2M equipment is also
Do not know that communication counterpart is in and connect the disarmed state lost, it is also desirable to retain this security procedure.
Under above both states, security procedure is all substantially at idle condition, keeps this sky
Not busy security procedure can bring unnecessary expense.Further, if keeping too much such idle safety
Process, can make M2M equipment can not process new security procedure, and this problem is at resource-constrained
In M2M equipment more prominent.
Summary of the invention
The present invention completes in view of problem above, its object is to provide one to optimize
The security procedure of M2M equipment keeps security procedure managing device and the security procedure management method of expense.
A technical scheme involved in the present invention is a kind of security procedure managing device, it is characterised in that
Including: security procedure monitor unit, the security procedure set up is monitored, obtains above-mentioned built
The progress information of vertical security procedure;And security procedure control unit, set in advance for security procedure
Surely there are the security procedure grade representing the control model corresponding from different progress informations, above-mentioned safety
Process flowchart unit according to the security procedure grade of the above-mentioned security procedure set up, according to above-mentioned peace
The control model that the above-mentioned progress information of full process monitor unit acquirement is corresponding is controlled.
It addition, another technical scheme involved in the present invention is a kind of security procedure management method, its
It is characterised by, including: security procedure monitors step, monitors the security procedure set up, takes
Obtain the progress information of the above-mentioned security procedure set up;And security procedure rate-determining steps, for safety
Process is preset with the security procedure etc. of the control model representing corresponding from different progress informations
Level, according to the security procedure grade of the above-mentioned security procedure set up, supervises according at above-mentioned security procedure
The control model corresponding depending on the above-mentioned progress information of step acquirement is controlled.
Invention effect:
In accordance with the invention it is possible to the most intelligent neatly according to safe condition real-time management security procedure,
M2M equipment especially for resource-constrained, it is possible to carry out the optimization of the security procedure of low overhead.
Further, in accordance with the invention it is possible to reduce in M2M equipment for safeguarding the expense of security procedure.
The M2M equipment making M2M equipment particularly resource-constrained can more quickly operate.
Accompanying drawing explanation
Fig. 1 is to represent the security procedure managing device in the M2M equipment that the first embodiment relates to
Structured flowchart.
Fig. 2 is to represent the flow chart that the security procedure that the first embodiment relates to manages.
Fig. 3 is to represent that the safety that manages accordingly with security procedure grade that the first embodiment relates to is entered
The flow chart of the example of journey.
Fig. 4 is the structured flowchart of the security procedure managing device representing that the second embodiment relates to.
Fig. 5 is the schematic diagram of the composition representing process status parameter list.
Fig. 6 is to represent that the safety that manages accordingly with security procedure grade that the second embodiment relates to is entered
The flow chart of the example of journey.
Fig. 7 is the structured flowchart of the security procedure managing device representing that the 3rd embodiment relates to.
Fig. 8 is to represent that the safety that manages accordingly with security procedure grade that the 3rd embodiment relates to is entered
The flow chart of the example of journey.
Fig. 9 is to represent that the safety that manages accordingly with security procedure grade that the 4th embodiment relates to is entered
The flow chart of the example of journey.
Figure 10 be represent existing security procedure connect in the presence of the schematic diagram of problem.
Detailed description of the invention
Hereinafter, with reference to the accompanying drawings of embodiments of the present invention.
Additionally, in each accompanying drawing of different embodiments, for same or similar part, give
Identical reference, and suitably omit the part of repeat specification.Further, each accompanying drawing be for
Promote to understand the schematic diagram of embodiment, the existence such as its shape, size, ratio different from actual device it
Place, they can be considered the following description in light of actual conditions and suitably be designed change.
(the first embodiment)
In the present invention, utilize security procedure managing device 100 to M2M equipment 1 and remote node
Between the security procedure set up be managed.Security procedure management dress involved by first embodiment
Put 100 to be arranged in M2M equipment 1.
Fig. 1 is to represent the security procedure managing device in the M2M equipment that the first embodiment relates to
Structured flowchart.
As it is shown in figure 1, security procedure managing device 100 is arranged on the inside of M2M equipment 1, energy
Enough M2M equipment 1 is controlled, and, realized and extraneous data by communication interface 200
Transmitting-receiving.
Wherein, security procedure managing device 100 includes security procedure monitoring unit 10 and security procedure control
Portion 20 processed.
The security procedure set up between M2M equipment 1 and remote node is entered by security procedure monitoring unit 10
Row monitors, it is possible to obtain the progress information relevant with security procedure.Such as, as it is shown in figure 1, safety
Message-based IPC portion 10 has timer 11, thus utilizes timer 11 that security procedure is carried out timing.
Security procedure control portion 20, according to the security procedure grade of each security procedure set up, utilizes
The control model corresponding with progress information, is controlled security procedure.So-called security procedure grade,
Represent for the control model corresponding from different progress informations set by security procedure.According to
Different standards, sets different security procedure grades.
Here, in the setting of security procedure grade, can arrange different according to the feature of security procedure
Rank.In the first embodiment, utilize the time span that tolerable no data transmits to evaluate safety
The grade of process.
Such as, according to disposal ability or the importance degree etc. of security procedure of M2M equipment 1, will peace
Full process is according to the priority classification kept as far as possible.If " 0 " level represents need not set up safety
The rank of process, then " 1 " level, " 2 " level ... are with the time span of tolerable no data transmission
The different priorities of order sequence from low to high so that different ranks and different tolerables without
Time span t1, t2 ... that data are transmitted are corresponding.
Tolerable no data transmission time span t refer to security procedure set up after M2M equipment with
Between remote node, no data transmission state allows lasting maximum duration.Here, the most important peace
Full process, can set time span t of the highest tolerable no data transmission.
Fig. 2 is to represent the flow chart that the security procedure that the first embodiment relates to manages.
In the case of being preset with security procedure grade for each security procedure, at security procedure
During holding, when security procedure monitoring unit 10 is normal or periodically the security procedure set up is monitored,
Obtain the progress information of the above-mentioned security procedure set up, such as clocking information (step S21).
Further, in step S22, security procedure control portion 20 is according to the above-mentioned security procedure set up
Security procedure grade, according to corresponding with the above-mentioned progress information that above-mentioned security procedure monitor unit obtains
Control model be controlled, such as reach security procedure grade limit condition time disconnect safety enter
Journey.
Concrete control during setting up certain security procedure following with Fig. 3 illustrates.
Fig. 3 is to represent that the safety that manages accordingly with security procedure grade that the first embodiment relates to is entered
The flow chart of the example of journey.
After process starts, first, it is located between M2M equipment 1 and remote node and establishes safety
Progress levels is the security procedure (step S31) of " 1 ".
Then, there is no the M2M equipment 1 data i.e. M2M data transmission with remote node transmitting-receiving
In the case of, starting timer 11, the timer 11 time to not having M2M data to transmit carries out timing
(step S32).
When security procedure monitoring unit 10 utilizes timer 11 to judge corresponding with security procedure grade " 1 "
Between whether there are data transmission (step S33) within t1.In the time range of t1, there are data pass
In the case of defeated (step S33 is "Yes"), enter step S35, M2M equipment 1 and remotely joint
Point transceiving data, and reset timer 11 (step S36), when starting during next no data transmits
Repeat step S32.
In the case of there are not data transmission (step S33 is "No") in the time range of t1,
Enter step S34, disconnect the security procedure between M2M equipment 1 and remote node, terminate process,
So as the resource of release security procedure.
This in first embodiment makes a distinction according to the length during being equivalent to no data transmission
Security procedure grade is equivalent to " first kind security procedure grade ".
By security procedure is managed according to grade, within the time corresponding with security procedure grade
Hold and disconnect security procedure in the case of all there is no data transmission, it is possible to the follow-up shape to security procedure in time
State is controlled, and more efficiently utilizes Internet resources.
(the second embodiment)
Second embodiment and the first embodiment are compared, by giving peace to the security procedure set up
Full process grade, and possess process status parameter list, it is possible to simultaneously to multiple security procedures according to grade
It is controlled.
Fig. 4 is the structured flowchart of the security procedure managing device representing that the second embodiment relates to.
As shown in Figure 4, security procedure managing device 100 is arranged on the inside of M2M equipment 1, energy
Enough M2M equipment 1 is controlled, and, realized and extraneous data by communication interface 200
Transmitting-receiving.
Wherein, security procedure managing device 100 includes security procedure monitoring unit 10 and security procedure control
Portion 20 processed.
Security procedure monitoring unit 10 has timer 11 and state confirmation portion 12.Timer 11 is used for
Security procedure is carried out timing.The state of remote node can be confirmed by state confirmation portion 12.Tool
For body, state confirmation portion 12 is able to confirm that whether remote node is in effective data receiving state,
Be judged as " effective status " when remote node is in and is able to receive that data, remote node by
Actually even if transmission data also cannot realize receiving in fault etc., it is judged that for " disarmed state ".
State confirmation portion 12 can utilize existing various method to confirm the state of remote node.Such as,
State confirmation portion 12 can to remote node send short message and etc. to be answered, when at the appointed time from
Remote node is judged as " effective status " when receiving response, when within the above-mentioned stipulated time not from
Remote node is judged as " disarmed state " when receiving response.
Security procedure control portion 20 according to the security procedure grade of each security procedure set up to peace
Full process is controlled, including security procedure grade assigning unit 12 and process status parameter list 30.
Security procedure grade assigning unit 12 is for the safety according to the security procedure set up or quality etc.
Related request, gives security procedure grade automatically to each security procedure set up.Implement second
In the setting of the security procedure grade in mode, utilize time span that tolerable no data transmits and
The state of remote node sets the grade of different security procedures.
Specifically, following two grades are such as set:
Grade " 1 ": closed safe enters when the time span of no data transmission is more than predetermined threshold value t
Journey;
Grade " 2 ": the time span in no data transmission is more than at predetermined threshold value t and remote node
Closed safe process when disarmed state.
That is, it would be desirable to keep the process of security procedure state to be set as grade " 2 " as far as possible,
Can more stably keep security procedure.
Herein, the length of t can be set according to parameters such as transport properties, such as, be set as 60s.
When newly setting up security procedure, security procedure grade assigning unit 12 wanting according to this security procedure
Ask, security procedure is set security procedure grade, and is registered in process status parameter list 30, such as,
Higher security procedure is required, it is desirable to for longer periods keep security procedure for security performance, thus
Security procedure grade assigning unit 12 is set as grade " 2 " to such security procedure, though thus countless
It is more than threshold value t according to the time span of transmission, under the also effective state of remote node, does not also turn off safety
Process.
Additionally, the grade established standards of security procedure grade assigning unit 12 is not limited to above standard, and
And, it is also possible under the describing framework of each grade, the grade of security procedure is changed by midway.
Process status parameter list 30 is the security procedure that each has been set up by security procedure managing device 100
The table being managed, utilizes the process status parameter list 30 can be to the grade of multiple security procedures and state
It is managed.
Fig. 5 is the schematic diagram of the composition representing process status parameter list.As it is shown in figure 5, second implements
Process status parameter list 30 in mode includes: process ID 2101, is identified security procedure
Identifier;Device address 2102, represents the address of M2M equipment;Remote node address 2103, table
Show the ground being established the remote node being connected with this M2M equipment by the security procedure of process ID 2101
Location;Security procedure grade 2104, represents the security procedure grade that this security procedure is endowed;Process is empty
The duration of not busy 2105;Represent the maximum duration that the no data transmission state of this security procedure is lasting;With
And device class 2106, represent the classification of M2M equipment, such as, represent that M2M equipment is that resource has
Limit type equipment or common equipment.
Detailed programs in process status parameter list 30 are not limited to the project enumerated in Fig. 5, it is possible to
With other information involved by hierarchically secure process, as long as registering grade that security procedure given i.e.
Can.
Additionally, in this second embodiment, process status parameter list 30 is controlled portion 20 by security procedure
Possessing, but be also not necessarily limited to this, process status parameter list 30 can also be saved in independent of security procedure
In other memorizeies in control portion 20.
Consisting of above, security procedure control portion 20 is registered according in process status parameter list 30
Security procedure grade, receive the state of clocking information and the remote node of security procedure monitor unit 10
Information carries out the control corresponding with grade to security procedure.
Concrete control during setting up certain security procedure following with Fig. 6 illustrates.
Fig. 6 is to represent that the safety that manages accordingly with security procedure grade that the second embodiment relates to is entered
The flow chart of the example of journey.
After process starts, first, between M2M equipment 1 and remote node, security procedure is set up
(step S61).Thus the security procedure that security procedure grade assigning unit 12 is to being set up gives safety
Progress levels, and it is registered in process status parameter list 30 corresponding with the security procedure ID set up
In entry (step S62).
Then, there is no the M2M equipment 1 data i.e. M2M data transmission with remote node transmitting-receiving
In the case of, starting timer 11, the timer 11 time to not having M2M data to transmit carries out timing
(step S63).
In step S64, security procedure monitoring unit 10 judges whether there are data in the time t of regulation
Transmission.In the case of there are data transmission (step S64 is "Yes") in the time range of t, enter
Enter step S69, M2M equipment 1 and remote node transceiving data, and reset timer 11 (step
S70), step S63 is repeated when starting during next no data transmits.
In the case of there are not data transmission (step S64 is "No") in the time range of t, enter
Enter step S65, security procedure control portion 20 judge the grade of security procedure be whether grade " 2 " i.e.,
Close when the time span of no data transmission is in disarmed state more than predetermined threshold value t and remote node
Close security procedure.
Be judged as be not grade " 2 " in the case of (step S65 is "No"), it is possible to be grade
" 1 " or " 0 ", therefore, enters step S68, disconnects security procedure.
In the case of being judged as YES grade " 2 " (step S65 is "Yes"), enter step S66,
State confirmation portion 12 confirms whether the state of remote node is " effectively " (step S67).
(step S67 in the case of the state of remote node is " effectively " is confirmed in state confirmation portion 12
For "Yes"), reset timer 11 (step S70), repeat when starting during next no data transmits
Carry out step S63.
(step S67 in the case of the state of remote node is engineering noise is confirmed in state confirmation portion 12
For "No"), enter step S68, disconnect security procedure.
Each step at Fig. 6 can also suitably change.Such as, in figure 6, judge in step S67
It is the situation of effective status for remote node, enters step S70, carry out the replacement of timer, continue
Carry out timing, repeat step S63.But can also confirm as remote node effectively after, after
Remain the security procedure that grade is " 2 ".
In second embodiment this according to no data transmit during length and remote node state enter
The security procedure grade that row is distinguished is equivalent to " the 3rd class security procedure grade ".
According to the present invention, for the security procedure that security procedure is higher ranked, by remote node
State confirms, it is possible to when remote node is practically at invalid, disconnects security procedure,
It is thus possible to it is the most intelligent neatly according to safe condition real-time management security procedure, especially for money
The M2M equipment that source is limited, it is possible to process effectively utilizes equipment and the resource communicated.
Further, in accordance with the invention it is possible to reduce in M2M equipment for safeguarding the expense of security procedure.
The M2M equipment making M2M equipment particularly resource-constrained can significantly more efficient operate.
(the 3rd embodiment)
3rd embodiment and the second embodiment are compared, and distinctive points is, security procedure control portion has
Accept unit portion to replace security procedure grade assigning unit, illustrate centered by distinctive points below,
And suitably omit repeat specification.
Fig. 7 is the structured flowchart of the security procedure managing device representing that the 3rd embodiment relates to.
As it is shown in fig. 7, the security procedure control portion 20 of security procedure managing device 100 includes acceptance form
Portion of unit 22 and process status parameter list 30.Accept unit portion 22 and be able to receive that the grade to security procedure
Specify.
The progress levels of security procedure not only can be by security procedure grade assigning unit according to security procedure
Parameter automatically set, it is also possible to by accept unit portion 22 accept at outside or user right
The appointment of security procedure grade.Such as, user utilizes the grade of the input security procedures such as display interface,
Thus accept unit portion 22 and accept the appointment of this grade, and utilize specified grade to safety afterwards
It is managed.
Further, in the third embodiment, utilize remote node state that security procedure grade is carried out district
Point.
That is, by security procedure according to whether needs confirm remote node state and divide into " needs " and
" need not " two grades.In this case as well, it is possible to utilization accepts unit portion 22 and accepts wait
The appointment of time t0.
Concrete control during setting up certain security procedure following with Fig. 8 illustrates.
Fig. 8 is to represent that the safety that manages accordingly with security procedure grade that the 3rd embodiment relates to is entered
The flow chart of the example of journey.
After process starts, first, between M2M equipment 1 and remote node, security procedure is set up
(step S81).Thus accept unit portion 22 and accept the security procedure etc. to the security procedure set up
The appointment (setting given level to confirm as needs remote node) of the time t0 of level and regulation, and register
With (step S82) in corresponding for the security procedure ID entry set up in process status parameter list 30.
Then, there is no the M2M equipment 1 data i.e. M2M data transmission with remote node transmitting-receiving
In the case of, starting timer 11, the timer 11 time to not having M2M data to transmit carries out timing
(step S83).
In step S84, security procedure monitoring unit 10 judges whether there are data in the time t0 of regulation
Transmission.In the case of there are data transmission (step S84 is "Yes") in the time range of t0,
Enter step S88, M2M equipment 1 and remote node transceiving data, and reset timer 11 (step
S89), step S83 is repeated when starting during next no data transmits.
In the case of there are not data transmission (step S84 is "No") in the time range of t0,
Entering step S85, state confirmation portion 12 confirms whether the state of remote node is " effectively " (step
S86)。
(step S86 in the case of the state of remote node is " effectively " is confirmed in state confirmation portion 12
For "Yes"), reset timer 11 (step S89), repeat when starting during next no data transmits
Carry out step S83.
(step S86 in the case of the state of remote node is engineering noise is confirmed in state confirmation portion 12
For "No"), enter step S87, disconnect security procedure.
In 3rd embodiment this according to no data transmit during length and remote node state enter
The security procedure grade that row is distinguished is equivalent to " Equations of The Second Kind security procedure grade ".
According to the 3rd embodiment, the technique effect that above each embodiment is identical can be obtained too.
(the 4th embodiment)
The composition of the security procedure managing device 100 of the 4th embodiment is identical with the second embodiment,
Difference is, in the second embodiment, for different security procedure grades, uses identical nothing
Between data transfer period, t judges.In contrast, in the 4th embodiment, for different peaces
Full process grade, uses different no data transmission period t to judge.
Fig. 9 is to represent that the safety that manages accordingly with security procedure grade that the 4th embodiment relates to is entered
The flow chart of the example of journey.
Here set when grade " 3 " represents no data transmission within time t3 and disconnect security procedure;If
Grade " 4 " represents that no data transmission and remote node disconnect security procedure time invalid within time t4.
After process starts, first, between M2M equipment 1 and remote node, security procedure is set up
(step S91).Thus the security procedure that security procedure grade assigning unit 12 is to being set up gives safety
Progress levels, and it is registered in process status parameter list 30 corresponding with the security procedure ID set up
In entry (step S92).
Then, there is no the M2M equipment 1 data i.e. M2M data transmission with remote node transmitting-receiving
In the case of, starting timer 11, the timer 11 time to not having M2M data to transmit carries out timing
(step S93).
In step S94, it is judged that grade " 3 " or grade " 4 " during security procedure.It is being judged as YES
In the case of level " 3 ", entering step S98, security procedure monitoring unit 10 judges the time in regulation
Data transmission whether is there is in t3.There are data transmission (step S98 is "Yes") in the time range of t3
In the case of, enter step S99, M2M equipment 1 and remote node transceiving data, and reset timing
Device 11 (step S100), repeats step S93 when starting during next no data transmits.
In the case of there are not data transmission (step S98 is "No") in the time range of t3,
Enter step S101, disconnect security procedure.
On the other hand, in the case of being judged as that in step S94 security procedure is grade " 4 ", enter
Step S95, security procedure monitoring unit 10 judges whether there is data transmission in the time t4 of regulation.
In the case of there are data transmission (step S95 is "Yes") in the time range of t4, enter step
Rapid S99, M2M equipment 1 and remote node transceiving data, and reset timer 11 (step S100),
Step S93 is repeated when starting during next no data transmits.
In the case of there are not data transmission (step S95 is "No") in the time range of t4,
Entering step S96, state confirmation portion 12 confirms whether the state of remote node is " effectively " (step
S97)。
(step S97 in the case of the state of remote node is " effectively " is confirmed in state confirmation portion 12
For "Yes"), reset timer 11 (step S100), weight when starting during next no data transmits
Carry out step S93 again.
(step S97 in the case of the state of remote node is engineering noise is confirmed in state confirmation portion 12
For "No"), enter step S101, disconnect security procedure.
According to the 4th embodiment, the technique effect that above each embodiment is identical can be obtained too.
(variation)
In the first above embodiment~the 4th embodiment, security procedure grade is illustrated
Bright, but the present invention is not limited to this, can be different according to requiring security procedure different to carry out
The setting of security procedure grade, makes the corresponding specific control model of specific security procedure grade.
And the quantity of security procedure grade is also not limiting as.By utilizing security procedure grade to security procedure
It is managed, it is possible to judge whether more targetedly to need to disconnect security procedure, thus cleverer
Save the expense of security procedure alively.
Additionally, in each embodiment above, security procedure managing device is arranged on M2M equipment
Inside.But, security procedure managing device can also be right as the external equipment of M2M equipment
The security procedure of M2M equipment is managed, as long as be capable of security procedure managing device each
Function, the position that arranges of its reality does not limit.
Several embodiments of the invention is illustrated, but these embodiments be as an example and
Prompting, it is not intended that limit the scope of invention.These new embodiments can be with other various sides
Formula is implemented, and can carry out various omission, replaces, changes in the range of the purport without departing from invention.
These embodiments, its deformation are contained in the scope of invention, purport, and are contained in claim
In the range of described invention and equivalent thereof.
Claims (17)
1. a security procedure managing device, it is characterised in that including:
Security procedure monitor unit, monitors the security procedure set up, and obtains and above-mentioned sets up
The progress information of security procedure;And
Security procedure control unit, is preset with expression and different progress informations for security procedure
The security procedure grade of corresponding control model,
Above-mentioned security procedure control unit according to the security procedure grade of the above-mentioned security procedure set up,
Carry out according to the control model corresponding with the above-mentioned progress information that above-mentioned security procedure monitor unit obtains
Control.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure control unit has security procedure grade and gives unit, above-mentioned security procedure etc.
Level gives the unit requirement according to the security procedure set up, and gives safety to the security procedure set up
Progress levels.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure control unit has and accepts unit, and the above-mentioned unit that accepts accepts for setting up
The appointment of security procedure grade of security procedure.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure monitor unit has and carries out the time of no data transmission state in security procedure
The timer of timing, obtains the progress information including clocking value,
Above-mentioned security procedure grade includes the first kind security procedure grade corresponding with clocking value threshold value,
The situation that security procedure grade is first kind security procedure grade at the security procedure set up
Under, it is right that above-mentioned security procedure control unit reaches this first kind security procedure grade institute at above-mentioned clocking value
In the case of the above-mentioned clocking value threshold value answered, disconnect security procedure.
Security procedure managing device the most according to claim 4, it is characterised in that
Above-mentioned security procedure grade includes that the multiple first kind corresponding with multiple clocking value threshold values are entered safely
Journey grade,
It is right that above-mentioned security procedure control unit reaches the above-mentioned security procedure set up institute at above-mentioned clocking value
During the clocking value threshold value of certain first kind security procedure grade answered, disconnect security procedure.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure monitor unit has the communications status to the remote node in security procedure to be carried out
The state confirmation unit confirmed, obtains the progress information of the information that includes validating that,
Above-mentioned security procedure grade includes the Equations of The Second Kind security procedure etc. corresponding with above-mentioned confirmation
Level,
The situation that security procedure grade is Equations of The Second Kind security procedure grade at the security procedure set up
Under, above-mentioned security procedure control unit, when above-mentioned confirmation represents invalid communications status, disconnects peace
Full process.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure monitor unit has:
The time of no data transmission state in security procedure is carried out the timer of timing;And
The state confirmation unit that the communications status of the remote node in security procedure is confirmed,
Above-mentioned security procedure grade includes the threeth class safety corresponding with clocking value threshold value and confirmation
Progress levels,
Security procedure grade at the security procedure set up is the situation of the 3rd class security procedure grade
Under, in the case of the clocking value of above-mentioned timer reaches above-mentioned clocking value threshold value, above-mentioned security procedure
Control unit is made above-mentioned security procedure monitor unit be obtained by state confirmation unit and includes validating that information
Progress information, when above-mentioned confirmation represents invalid communications status, above-mentioned security procedure control unit
Disconnect security procedure.
Security procedure managing device the most according to claim 7, it is characterised in that
When above-mentioned confirmation represents efficient communication state, above-mentioned security procedure monitor unit makes above-mentioned
Counter resets, carries out timing to the time of no data transmission state in security procedure again.
Security procedure managing device the most according to claim 1, it is characterised in that
Above-mentioned security procedure managing device is arranged in M2M equipment.
10. a security procedure management method, it is characterised in that including:
Security procedure monitors step, monitors the security procedure set up, and obtains and above-mentioned sets up
The progress information of security procedure;And
Security procedure rate-determining steps, is preset with expression and different progress informations for security procedure
The security procedure grade of corresponding control model, enters according to the safety of the above-mentioned security procedure set up
Journey grade, according to the control that the above-mentioned progress information monitoring step acquirement at above-mentioned security procedure is corresponding
Pattern is controlled.
11. security procedure management methods according to claim 10, it is characterised in that
Step is given, according to the requirement of the security procedure set up, to built including security procedure grade
Vertical security procedure gives security procedure grade.
12. security procedure management methods according to claim 10, it is characterised in that
Including accepting step, accept the appointment of the security procedure grade for the security procedure set up.
13. security procedure management methods according to claim 10, it is characterised in that
Above-mentioned security procedure monitors in step, by timer to no data transmission state in security procedure
Time carry out timing, obtain the progress information including clocking value,
Above-mentioned security procedure grade includes the first kind security procedure grade corresponding with clocking value threshold value,
The situation that security procedure grade is first kind security procedure grade at the security procedure set up
Under, in above-mentioned security procedure rate-determining steps, reach this first kind security procedure grade at above-mentioned clocking value
In the case of corresponding above-mentioned clocking value threshold value, disconnect security procedure.
14. security procedure management methods according to claim 13, it is characterised in that
Above-mentioned security procedure grade includes that the multiple first kind corresponding with multiple clocking value threshold values are entered safely
Journey grade,
In above-mentioned security procedure rate-determining steps, reach the above-mentioned security procedure set up at above-mentioned clocking value
During the clocking value threshold value of certain corresponding first kind security procedure grade, disconnect security procedure.
15. security procedure management methods according to claim 10, it is characterised in that
Above-mentioned security procedure monitors in step, by the communications status to the remote node in security procedure
Confirm, obtain the progress information of the information that includes validating that,
Above-mentioned security procedure grade includes the Equations of The Second Kind security procedure etc. corresponding with above-mentioned confirmation
Level,
The situation that security procedure grade is Equations of The Second Kind security procedure grade at the security procedure set up
Under, in above-mentioned security procedure rate-determining steps, when above-mentioned confirmation represents invalid communications status, disconnected
Open security procedure.
16. security procedure management methods according to claim 10, it is characterised in that
Above-mentioned security procedure monitors that step includes:
By timer, the time of no data transmission state in security procedure is carried out the timing step of timing
Suddenly;And
The state confirmation step that the communications status of the remote node in security procedure is confirmed,
Above-mentioned security procedure grade includes the threeth class safety corresponding with clocking value threshold value and confirmation
Progress levels,
Security procedure grade at the security procedure set up is the situation of the 3rd class security procedure grade
Under, in the case of the clocking value in timed process reaches above-mentioned clocking value threshold value, pass through state confirmation
Step obtains the progress information of the information that includes validating that, when above-mentioned confirmation represents invalid communications status,
In above-mentioned security procedure rate-determining steps, disconnect security procedure.
17. security procedure management methods according to claim 16, it is characterised in that
When above-mentioned confirmation represents efficient communication state, above-mentioned security procedure monitors in step, makes
Above-mentioned counter resets, carries out timing to the time of no data transmission state in security procedure again.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510163456.4A CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510163456.4A CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106162510A true CN106162510A (en) | 2016-11-23 |
CN106162510B CN106162510B (en) | 2020-09-25 |
Family
ID=57337133
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510163456.4A Active CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106162510B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109144677A (en) * | 2017-06-16 | 2019-01-04 | 百度在线网络技术(北京)有限公司 | The method and apparatus of keep-alive process for Android system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5917409A (en) * | 1998-09-02 | 1999-06-29 | Wang; Randall | Process and system for reducing motion-type false alarm of security alarm system |
US6166633A (en) * | 1999-05-21 | 2000-12-26 | Wang; Randall | Process for reducing motion-type false alarm of security alarm system with self-analyzing and self-adjusting control |
TW201215181A (en) * | 2010-08-03 | 2012-04-01 | Interdigital Patent Holdings | Machine-to-machine (M2M) call flow security |
CN103178938A (en) * | 2013-03-25 | 2013-06-26 | 中国联合网络通信集团有限公司 | Signaling optimizing process method, equipment and system |
CN104394196A (en) * | 2014-11-10 | 2015-03-04 | 深圳市汇川技术股份有限公司 | A control method for anti-disassembly of a wireless module and an Internet of Things device side |
-
2015
- 2015-04-08 CN CN201510163456.4A patent/CN106162510B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5917409A (en) * | 1998-09-02 | 1999-06-29 | Wang; Randall | Process and system for reducing motion-type false alarm of security alarm system |
US6166633A (en) * | 1999-05-21 | 2000-12-26 | Wang; Randall | Process for reducing motion-type false alarm of security alarm system with self-analyzing and self-adjusting control |
TW201215181A (en) * | 2010-08-03 | 2012-04-01 | Interdigital Patent Holdings | Machine-to-machine (M2M) call flow security |
CN103178938A (en) * | 2013-03-25 | 2013-06-26 | 中国联合网络通信集团有限公司 | Signaling optimizing process method, equipment and system |
CN104394196A (en) * | 2014-11-10 | 2015-03-04 | 深圳市汇川技术股份有限公司 | A control method for anti-disassembly of a wireless module and an Internet of Things device side |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109144677A (en) * | 2017-06-16 | 2019-01-04 | 百度在线网络技术(北京)有限公司 | The method and apparatus of keep-alive process for Android system |
CN109144677B (en) * | 2017-06-16 | 2022-08-26 | 百度在线网络技术(北京)有限公司 | Keep-alive process method and device for android system |
Also Published As
Publication number | Publication date |
---|---|
CN106162510B (en) | 2020-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105308993B (en) | Method for configuring a node and node configured thereby | |
CN106506595B (en) | Upgrade method based on point-to-point Internet of Things intelligent Community equipment | |
JP2010518728A (en) | Beacon slot allocation method using a beacon table in a wireless personal communication network (WPAN) and a WPAN device | |
CN101114965A (en) | Method and system for binding wireless terminal equipment and gateway in LAN | |
CN103797864A (en) | Wireless data communication between master device and slave device | |
CN103503556A (en) | Method for connecting peer-to-peer applications over wireless LAN, and method for maintaining connection between peer-to-peer applications over wireless LAN, and wireless LAN-based peer terminal | |
CN105451153A (en) | Method and device for controlling ProSe service in communication system | |
WO2016180091A1 (en) | Network access method and device | |
CN105389278A (en) | CAN bus based serial communication method for master and slave machines | |
CN106440386A (en) | WiFi water heater using multiple protocols | |
CN106027584B (en) | Setting method, communication equipment and its network system | |
CN102047616B (en) | Data communication system and data communication device | |
JP6428570B2 (en) | Sleep control method | |
CN105357664A (en) | Wireless control system and data communication method thereof | |
CN103139865B (en) | Networking and the method communicated in a kind of electric power Internet of Things | |
JP6502908B2 (en) | Slave device | |
CN106162510A (en) | Security procedure managing device and security procedure management method | |
WO2016143244A1 (en) | Communication system, network joining method, slave device, master device, upper-layer device, and program | |
CN109743730A (en) | A kind of smart machine networking method and system | |
US20140211608A1 (en) | Method for Healing ZigBee Network | |
CN108491337A (en) | A method of realizing group control | |
CN105629949B (en) | A kind of test control method of distributed test system | |
CN105025477A (en) | Wireless security automatic pairing method, network connection establishing method and wireless access point device | |
CN106170133A (en) | Multi-mode communication method in a kind of sensing network and device | |
CN110418362A (en) | The method and its system of a kind of key self-configuring and networking |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |