CN106162510B - Security process management device and security process management method - Google Patents
Security process management device and security process management method Download PDFInfo
- Publication number
- CN106162510B CN106162510B CN201510163456.4A CN201510163456A CN106162510B CN 106162510 B CN106162510 B CN 106162510B CN 201510163456 A CN201510163456 A CN 201510163456A CN 106162510 B CN106162510 B CN 106162510B
- Authority
- CN
- China
- Prior art keywords
- security process
- security
- level
- established
- timer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a security process management device and a security process management method capable of optimizing a security process of an M2M device. The security process management apparatus includes: a security process monitoring unit for monitoring an established security process and acquiring process information of the established security process; and a security process control unit that sets in advance a security process level indicating a control mode corresponding to different process information for a security process, the security process control unit performing control in accordance with the control mode corresponding to the process information acquired by the security process monitoring unit, based on the established security process level of the security process.
Description
Technical Field
The present invention relates to a security process management apparatus and a security process management method for managing a security process.
Background
Communication under the current M2M (Machine-to-Machine: Machine-to-Machine communication) protocol can be applied to various fields. Therefore, networked applications and services taking intelligent interaction of the equipment terminals as a core are greatly popularized.
In such M2M communication, strong security performance may be required for communication within a specific range (for example, communication between devices in a building). In the prior art, a security protocol is used to establish a security process between two data transmission parties, for example, between an M2M device and a remote node, so as to ensure the security of the two-party communication.
A system and method for providing secure operation in an M2M device is disclosed, for example, in patent document 1(US 20120198520 a 1). In this patent document 1, the M2M device decides that a certain operation needs to be executed under a secure environment in the M2M device according to a security policy. In particular, where a security policy requires operations to be performed in a secure environment, a management module in the M2M device may establish a security process based on the policy in order to comply with the requirements specified by the policy.
By establishing security procedures according to a security policy, security operations can be controlled and the overhead of security operations can be helped to be controlled.
However, in the conventional technique such as patent document 1, establishment and disconnection of a security process are determined according to a policy, and the security process under the security protocol is always maintained during establishment of the security process, so that it is impossible to optimize the overhead problem after establishment of the security process.
Fig. 10 shows the security process state based on the security protocol. In the state of fig. 10 (a), even if there is no data transmission between the M2M device and the remote node, the security process needs to be maintained after the security process is established to be in an idle state. In the state of fig. 10 (b), even if the remote node fails to perform data transmission and reception with the M2M device due to a failure or the like, the M2M device does not know that the communication partner is in an invalid state in which the connection is lost, and needs to maintain the security procedure.
In both of these states, the security process is essentially idle, and keeping such idle security process incurs unnecessary overhead. Also, if too many such idle security processes are maintained, the M2M device may be unable to handle the new security processes, which is even more problematic in resource-limited M2M devices.
Disclosure of Invention
The present invention has been made in view of the above problems, and an object of the present invention is to provide a security process management apparatus and a security process management method capable of optimizing a security process holding overhead of an M2M device.
One technical solution to which the present invention relates is a security process management apparatus, including: a security process monitoring unit for monitoring an established security process and acquiring process information of the established security process; and a security process control unit that sets in advance a security process level indicating a control mode corresponding to different process information for a security process, the security process control unit performing control in accordance with the control mode corresponding to the process information acquired by the security process monitoring unit, based on the established security process level of the security process.
In addition, another technical solution according to the present invention is a security process management method, including: a security process monitoring step of monitoring an established security process to acquire process information of the established security process; and a security process control step of setting a security process level indicating a control mode corresponding to different process information in advance for a security process, and controlling the security process according to the control mode corresponding to the process information acquired in the security process monitoring step, based on the established security process level of the security process.
The invention has the following effects:
according to the invention, the security process can be managed in real time according to the security state more intelligently and flexibly, and particularly, the optimization of the security process with low overhead can be carried out aiming at M2M equipment with limited resources.
Furthermore, according to the present invention, the overhead for maintaining security processes in the M2M device can be reduced. So that M2M equipment, especially M2M equipment with limited resources can run more quickly.
Drawings
Fig. 1 is a block diagram showing a configuration of a security process management device in the M2M device according to the first embodiment.
Fig. 2 is a flowchart showing security process management according to the first embodiment.
Fig. 3 is a flowchart showing an example of managing security processes in accordance with security process levels according to the first embodiment.
Fig. 4 is a block diagram showing a configuration of a security process management apparatus according to a second embodiment.
Fig. 5 is a schematic diagram showing a configuration of the process state parameter table.
Fig. 6 is a flowchart showing an example of managing security processes in accordance with security process levels according to the second embodiment.
Fig. 7 is a block diagram showing a configuration of a security process management apparatus according to a third embodiment.
Fig. 8 is a flowchart showing an example of managing security processes in accordance with security process levels according to the third embodiment.
Fig. 9 is a flowchart showing an example of managing security processes in accordance with security process levels according to the fourth embodiment.
Fig. 10 is a diagram showing a problem in the conventional secure process connection.
Detailed Description
Embodiments of the present invention will be described below with reference to the drawings.
In addition, in the respective drawings of the different embodiments, the same or similar portions are given the same reference numerals, and portions that duplicate the description are appropriately omitted. The drawings are schematic views for facilitating understanding of the embodiments, and the shapes, dimensions, ratios, and the like of the drawings are different from those of the actual apparatuses, and they can be appropriately designed and changed in consideration of the following description.
(first embodiment)
In the present invention, the security process management apparatus 100 is used to manage the security process established between the M2M device 1 and the remote node. The security process management apparatus 100 according to the first embodiment is provided in the M2M device 1.
Fig. 1 is a block diagram showing a configuration of a security process management device in the M2M device according to the first embodiment.
As shown in fig. 1, the security process management apparatus 100 is provided inside the M2M device 1, and is capable of controlling the M2M device 1 and transmitting and receiving data to and from the outside through the communication interface 200.
The security process management device 100 includes a security process monitoring unit 10 and a security process control unit 20.
The security process monitoring unit 10 monitors a security process established between the M2M device 1 and a remote node, and can acquire process information on the security process. For example, as shown in fig. 1, the security process monitoring unit 10 includes a timer 11, and counts a security process by the timer 11.
The security process control unit 20 controls the security process in accordance with the security process level of each established security process by using a control mode corresponding to the process information. The security process level indicates a control mode corresponding to different process information set for a security process. And setting different security progress levels according to different standards.
Here, in the setting of the security process level, different levels may be set depending on the characteristics of the security process. In a first embodiment, the level of security processes is evaluated using a length of time that can tolerate no data transmission.
For example, security processes are ranked in order of priority as may be maintained, based on the processing power of the M2M device 1, the importance of the security processes, or the like. If level "0" indicates a level at which no security process needs to be established, level "1", level "2", … … are different priorities ordered from lower to higher in the length of time tolerable for no data transmission, so that the different levels correspond to different lengths of time t1, t2, … … tolerable for no data transmission.
The length of time t that no data transfer can be tolerated refers to the maximum time that no data transfer state is allowed to last between the M2M device and the remote node after the security process is established. Here, the more important the security procedure, the higher the time length t that can tolerate no data transmission can be set.
Fig. 2 is a flowchart showing security process management according to the first embodiment.
When a security process level is set in advance for each security process, the security process monitoring unit 10 constantly or periodically monitors an established security process during the security process holding period, and acquires process information of the established security process, for example, timing information (step S21).
In step S22, the security process control unit 20 performs control according to the control mode corresponding to the process information acquired by the security process monitoring means, based on the security process level of the established security process, and for example, disconnects the security process when a condition that limits the security process level is met.
The following describes specific control during establishment of a certain security procedure with reference to fig. 3.
Fig. 3 is a flowchart showing an example of managing security processes in accordance with security process levels according to the first embodiment.
After the process starts, first, it is assumed that a security process with a security process level "1" is established between the M2M device 1 and the remote node (step S31).
Next, when there is no M2M data transmission, which is data transmitted and received between the M2M device 1 and the remote node, the timer 11 is started, and the timer 11 counts the time when there is no M2M data transmission (step S32).
The security process monitoring unit 10 determines whether or not there is data transmission within the time t1 corresponding to the security process level "1" by using the timer 11 (step S33). If there is data transmission within the time range of t1 (yes in step S33), the process proceeds to step S35, and the M2M device 1 transmits and receives data to and from the remote node, resets the timer 11 (step S36), and repeats step S32 when the next period of no data transmission starts.
If there is no data transmission within the time range of t1 (no in step S33), the process proceeds to step S34, and disconnects the security process between the M2M device 1 and the remote node, and ends the process to release the resources of the security process.
Such a security process level distinguished by a length equivalent to the no-data transmission period in the first embodiment corresponds to a "first-class security process level".
By managing the security process according to the level and disconnecting the security process under the condition that no data is transmitted in the time content corresponding to the level of the security process, the subsequent state of the security process can be controlled in time, and network resources are utilized more effectively.
(second embodiment)
In the second embodiment, a security process level is assigned to the established security process, and a process state parameter table is held, whereby a plurality of security processes can be controlled in accordance with the level at the same time, as compared with the first embodiment.
Fig. 4 is a block diagram showing a configuration of a security process management apparatus according to a second embodiment.
As shown in fig. 4, the security process management apparatus 100 is provided inside the M2M device 1, and is capable of controlling the M2M device 1 and transmitting and receiving data to and from the outside through the communication interface 200.
The security process management device 100 includes a security process monitoring unit 10 and a security process control unit 20.
The security process monitoring unit 10 includes a timer 11 and a status confirmation unit 12. The timer 11 is used to time the security process. The status confirmation unit 12 can confirm the status of the remote node. Specifically, the status confirmation unit 12 can confirm whether or not the remote node is in a valid data reception state, and determines that the remote node is in a "valid state" when the remote node is in a state in which the remote node can receive data, and determines that the remote node is in an "invalid state" when the remote node cannot actually receive data even though the remote node transmits data due to a failure or the like.
The status confirmation unit 12 can confirm the status of the remote node by various methods. For example, the status confirmation unit 12 may transmit a short message to the remote node and wait for a response, and determine that the status confirmation unit is "valid" when receiving a response from the remote node within a predetermined time, and determine that the status confirmation unit is "invalid" when not receiving a response from the remote node within the predetermined time.
The security process control unit 20 controls the security process according to the security process level of each established security process, and includes a security process level assignment unit 12 and a process state parameter table 30.
The security process level assignment unit 12 is configured to automatically assign a security process level to each established security process in accordance with a request for security, quality, or the like of the established security process. In the setting of the security process level in the second embodiment, the different security process levels are set using the length of time that can tolerate no data transmission and the state of the remote node.
Specifically, for example, the following two levels are set:
grade "1": closing the security process when the time length of no data transmission is greater than a preset threshold value t;
grade "2": and closing the security process when the time length of no data transmission is greater than a preset threshold value t and the remote node is in an invalid state.
That is, a process that wants to maintain the state of the secure process as much as possible is set to level "2", and the secure process can be maintained more stably.
Here, the length of t may be set according to a parameter such as a transmission property, for example, 60 s.
When a security process is newly established, the security process level assignment unit 12 sets a security process level for the security process in accordance with the request of the security process and registers the security process level in the process state parameter table 30, and for example, it is desired to maintain the security process for a longer time for a security process having a higher security performance request, and therefore, the security process level assignment unit 12 sets a level "2" for such a security process so that the security process is not disconnected even if the time length of no data transmission is longer than the threshold t and the remote node is still active.
The level setting criteria of the security process level assignment unit 12 are not limited to the above criteria, and the level of the security process may be changed in the middle of the description frame of each level.
The process state parameter table 30 is a table in which the security process management apparatus 100 manages each established security process, and the level and state of a plurality of security processes can be managed by using the process state parameter table 30.
Fig. 5 is a schematic diagram showing a configuration of the process state parameter table. As shown in fig. 5, the process state parameter table 30 in the second embodiment includes: a process ID 2101, an identifier that identifies a security process; a device address 2102 indicating the address of the M2M device; a remote node address 2103 indicating an address of a remote node to which the M2M device has established a connection through the security process of the process ID 2101; a security process level 2104 indicating a security process level to which the security process is assigned; process idle duration 2105; a maximum time representing a duration of a no data transfer state of the security process; and a device class 2106 indicating a class of M2M devices, for example, indicating that the M2M device is a resource-limited device or a normal device.
The specific items in the process state parameter table 30 are not limited to those illustrated in fig. 5, and other information related to the security process may be used as long as the level assigned to the security process is registered.
In the second embodiment, the process state parameter table 30 is stored in the secure process control unit 20, but the present invention is not limited thereto, and the process state parameter table 30 may be stored in a memory separate from the secure process control unit 20.
With the above configuration, the security process control unit 20 receives the timing information of the security process monitoring unit 10 and the state information of the remote node based on the security process level registered in the process state parameter table 30, and controls the security process according to the level.
The following describes specific control during establishment of a certain security procedure with reference to fig. 6.
Fig. 6 is a flowchart showing an example of managing security processes in accordance with security process levels according to the second embodiment.
After the process starts, first, a security process is established between the M2M device 1 and the remote node (step S61). The security process rank assignment unit 12 assigns a security process rank to the established security process and registers the security process rank in the entry corresponding to the established security process ID in the process state parameter table 30 (step S62).
Next, when there is no M2M data transmission, which is data transmitted and received between the M2M device 1 and the remote node, the timer 11 is started, and the timer 11 counts the time when there is no M2M data transmission (step S63).
In step S64, the security process monitoring unit 10 determines whether or not there is data transfer within a predetermined time t. If there is data transmission within the time range of t (yes in step S64), the process proceeds to step S69, and the M2M device 1 transmits and receives data to and from the remote node, resets the timer 11 (step S70), and repeats step S63 at the start of the next period of no data transmission.
If there is no data transmission within the time range of t (no at step S64), the process proceeds to step S65, and the security process control unit 20 determines whether or not the level of the security process is level "2", that is, closes the security process when the time length of no data transmission is greater than a predetermined threshold t and the remote node is in an inactive state.
If it is determined that the level is not "2" (no at step S65), the level may be "1" or "0", and therefore, the process proceeds to step S68, and the security process is disconnected.
If it is determined that the node is at level "2" (yes in step S65), the process proceeds to step S66, and the status confirmation unit 12 confirms whether the status of the remote node is "valid" (step S67).
When the status confirmation unit 12 confirms that the status of the remote node is "valid" (yes at step S67), the timer 11 is reset (step S70), and step S63 is repeated when the next period of no data transfer starts.
When the status confirmation unit 12 confirms that the status of the remote node is "invalid" (no at step S67), the process proceeds to step S68, and the security process is disconnected.
The steps in fig. 6 may be modified as appropriate. For example, in fig. 6, if it is determined in step S67 that the remote node is in the active state, the process proceeds to step S70, the timer is reset, the time counting is continued, and step S63 is repeated. But may also maintain a level "2" security process at all times thereafter after the remote node is validated.
Such a security process level distinguished by the length of the no-data transmission period and the state of the remote node in the second embodiment corresponds to a "third-type security process level".
According to the invention, the security process can be disconnected in the condition that the remote node is actually invalid by confirming the state of the remote node aiming at the security process with higher security process level, so that the security process can be managed in real time according to the security state more intelligently and flexibly, and particularly aiming at M2M equipment with limited resources, the equipment and communication resources can be effectively utilized in the process.
Furthermore, according to the present invention, the overhead for maintaining security processes in the M2M device can be reduced. So that M2M equipment, especially M2M equipment with limited resources, can operate more effectively.
(third embodiment)
The third embodiment is different from the second embodiment in that the security process control unit includes a reception unit instead of the security process level assignment unit, and the difference is mainly described below, and redundant description is appropriately omitted.
Fig. 7 is a block diagram showing a configuration of a security process management apparatus according to a third embodiment.
As shown in fig. 7, the security process control unit 20 of the security process management apparatus 100 includes a reception unit 22 and a process state parameter table 30. The reception unit 22 can receive a level designation for a security process.
The process level of the security process may be automatically set by the security process level assigning unit based on the parameter of the security process, or may be designated from the outside or from the user by the receiving unit 22. For example, when the user inputs the level of the security process using a display interface or the like, the reception unit 22 receives the designation of the level, and manages the security using the designated level in the following.
Also, in the third embodiment, the security process level is differentiated by the remote node status.
That is, the security process is differentiated into two levels, "required" and "not required" according to whether the remote node status needs to be confirmed. In this case, the specification of the waiting time t0 may be received by the receiving unit 22.
The following describes specific control during establishment of a certain security procedure with reference to fig. 8.
Fig. 8 is a flowchart showing an example of managing security processes in accordance with security process levels according to the third embodiment.
After the process starts, first, a security process is established between the M2M device 1 and the remote node (step S81). The reception unit 22 receives the designation of the security process level of the established security process and the predetermined time t0 (the designation level is set to require remote node confirmation), and registers the received security process level in the entry corresponding to the established security process ID in the process state parameter table 30 (step S82).
Next, when there is no M2M data transmission, which is data transmitted and received between the M2M device 1 and the remote node, the timer 11 is started, and the timer 11 counts the time when there is no M2M data transmission (step S83).
In step S84, the security process monitoring unit 10 determines whether or not there is data transmission within a predetermined time t 0. If there is data transmission within the time range of t0 (yes in step S84), the process proceeds to step S88, and the M2M device 1 transmits and receives data to and from the remote node, resets the timer 11 (step S89), and repeats step S83 when the next period of no data transmission starts.
If there is no data transmission within the time range of t0 (no at step S84), the flow proceeds to step S85, and the state confirmation section 12 confirms whether the state of the remote node is "valid" (step S86).
When the status confirmation unit 12 confirms that the status of the remote node is "valid" (yes at step S86), the timer 11 is reset (step S89), and step S83 is repeated when the next period of no data transfer starts.
When the status confirmation unit 12 confirms that the status of the remote node is "invalid" (no at step S86), the process proceeds to step S87, and the security process is disconnected.
Such a security process level distinguished by the length of the no-data transmission period and the state of the remote node in the third embodiment corresponds to a "security process level of the second type".
According to the third embodiment, the same technical effects as those of the above embodiments can be obtained.
(fourth embodiment)
The security process management apparatus 100 according to the fourth embodiment is similar in configuration to the second embodiment, and is different in that the second embodiment uses the same period t for non-data transfer for different security process levels. In contrast, in the fourth embodiment, the determination is performed using different periods t of no data transmission for different security levels.
Fig. 9 is a flowchart showing an example of managing security processes in accordance with security process levels according to the fourth embodiment.
Here, the level "3" is set to indicate that the security process is disconnected when there is no data transmission within the time t 3; setting level "4" indicates that the security process is broken when no data is being transmitted and the remote node is inactive within time t 4.
After the process starts, first, a security process is established between the M2M device 1 and the remote node (step S91). The security process rank assignment unit 12 assigns a security process rank to the established security process and registers the security process rank in the entry corresponding to the established security process ID in the process state parameter table 30 (step S92).
Next, when there is no M2M data transmission, which is data transmitted and received between the M2M device 1 and the remote node, the timer 11 is started, and the timer 11 counts the time when there is no M2M data transmission (step S93).
In step S94, it is determined whether the security process time level is "3" or "4". If the determination is that the level is "3", the process proceeds to step S98, and the security process monitoring unit 10 determines whether or not there is data transmission within a predetermined time t 3. If there is data transmission within the time range of t3 (yes in step S98), the process proceeds to step S99, and the M2M device 1 transmits and receives data to and from the remote node, resets the timer 11 (step S100), and repeats step S93 when the next period of no data transmission starts.
If there is no data transmission within the time range of t3 (no in step S98), the process proceeds to step S101, and the security process is disconnected.
On the other hand, if it is determined in step S94 that the security process is level "4", the process proceeds to step S95, and the security process monitoring unit 10 determines whether or not there is data transmission within the predetermined time t 4. If there is data transmission within the time range of t4 (yes in step S95), the process proceeds to step S99, and the M2M device 1 transmits and receives data to and from the remote node, resets the timer 11 (step S100), and repeats step S93 when the next period of no data transmission starts.
If there is no data transmission within the time range of t4 (no at step S95), the flow proceeds to step S96, and the state confirmation section 12 confirms whether the state of the remote node is "valid" (step S97).
When the status confirmation unit 12 confirms that the status of the remote node is "valid" (yes at step S97), the timer 11 is reset (step S100), and step S93 is repeated when the next period of no data transfer starts.
When the status confirmation unit 12 confirms that the status of the remote node is "invalid" (no at step S97), the process proceeds to step S101, and the security process is disconnected.
According to the fourth embodiment, the same technical effects as those of the above embodiments can be obtained.
(modification example)
In the first to fourth embodiments, the security process level is described as an example, but the present invention is not limited to this, and different security process levels may be set according to different requirements for security processes, and a specific security process level may be associated with a specific control mode. And the number of security process levels is not limited. By managing the security process by using the security process level, whether the security process needs to be disconnected can be judged more pertinently, so that the expenditure of the security process is saved more flexibly.
In the above embodiments, the security process management device is provided inside the M2M device. However, the security process management apparatus may manage the security process of the M2M device as an external device of the M2M device, and the actual installation location is not limited as long as each function of the security process management apparatus can be realized.
Several embodiments of the present invention have been described, but these embodiments are presented as examples and are not intended to limit the scope of the invention. These new embodiments can be implemented in other various forms, and various omissions, substitutions, and changes can be made without departing from the spirit of the invention. These embodiments and modifications are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalent scope thereof.
Claims (15)
1. A secure process management apparatus, comprising:
a security process monitoring unit for monitoring an established security process and acquiring process information of the established security process; and
a security process control unit which presets a security process level indicating a control mode corresponding to different process information for a security process,
the security process control means performs control in accordance with a control mode corresponding to the process information acquired by the security process monitoring means, based on the security process level of the established security process,
the security process monitoring unit includes a state confirmation unit for confirming a communication state of a remote node in the security process, acquires process information including confirmation information,
the security process levels include a second type of security process level corresponding to the confirmation information,
when the security process level of the established security process is the second type of security process level, the security process control unit disconnects the security process when the confirmation information indicates an invalid communication state.
2. The secure process management apparatus of claim 1,
the security process control unit has a security process level assigning unit that assigns a security process level to the established security process according to a requirement of the established security process.
3. The secure process management apparatus of claim 1,
the security process control means includes reception means for receiving a designation of a security process level for an established security process.
4. The secure process management apparatus of claim 1,
the security process monitoring unit includes a timer for counting a time during which no data is transmitted in the security process, acquires process information including a count value,
the security process classes include a first class of security process classes corresponding to a timer value threshold,
and if the security process level of the established security process is the first type of security process level, the security process control unit disconnects the security process if the timing value reaches the threshold value of the timing value corresponding to the first type of security process level.
5. The secure process management apparatus of claim 4,
the security process classes comprise a plurality of first class security process classes corresponding to a plurality of timer value thresholds,
the safety process control unit disconnects the safety process when the timing value reaches a timing value threshold of a certain first type safety process grade corresponding to the established safety process.
6. The secure process management apparatus of claim 1,
the security process monitoring unit further includes:
a timer for timing the time of no data transmission state in the security process,
the security process classes comprise a third class of security process classes corresponding to a timer value threshold and acknowledgement information,
when the security process level of the established security process is a third-type security process level, the security process control means causes the security process monitoring means to acquire process information including confirmation information via the state confirmation means when the count value of the timer reaches the count value threshold, and the security process control means disconnects the security process when the confirmation information indicates an invalid communication state.
7. The secure process management apparatus of claim 6,
when the confirmation information indicates a valid communication state, the security process monitoring unit resets the timer and counts again a time when no data transmission state is present in the security process.
8. The secure process management apparatus of claim 1,
the above-described security process management apparatus is provided in the M2M device.
9. A method for secure process management, comprising:
a security process monitoring step of monitoring an established security process to acquire process information of the established security process; and
a security process control step of setting a security process level indicating a control mode corresponding to different process information in advance for a security process, and controlling the security process according to the control mode corresponding to the process information acquired in the security process monitoring step, based on the established security process level of the security process,
in the security process monitoring step, process information including confirmation information is acquired by confirming a communication state of a remote node in the security process,
the security process levels include a second type of security process level corresponding to the confirmation information,
in the security process control step, when the security process level of the established security process is a second-type security process level, the security process is disconnected when the confirmation information indicates an invalid communication state.
10. The security process management method according to claim 9,
the method comprises a security process grade endowing step, wherein the established security process grade is endowed according to the requirements of the established security process.
11. The security process management method according to claim 9,
the method includes an acceptance step of accepting designation of a security process level for an established security process.
12. The security process management method according to claim 9,
in the security process monitoring step, the time without data transmission state in the security process is measured by a timer to obtain the process information including the time measuring value,
the security process classes include a first class of security process classes corresponding to a timer value threshold,
in the security process control step, when the security process level of the established security process is the first type of security process level, the security process is disconnected when the timer value reaches the timer value threshold corresponding to the first type of security process level.
13. The security process management method according to claim 12,
the security process classes comprise a plurality of first class security process classes corresponding to a plurality of timer value thresholds,
in the step of controlling the security process, the security process is disconnected when the timing value reaches a threshold value of the timing value of a certain first class of security process level corresponding to the established security process.
14. The security process management method according to claim 9,
the security process monitoring step includes:
timing the time without data transmission state in the security process by a timer; and
a state confirmation step of confirming a communication state of the remote node in the security procedure,
the security process classes comprise a third class of security process classes corresponding to a timer value threshold and acknowledgement information,
when the security process level of the established security process is the third type security process level, if the timer value in the timer step reaches the timer value threshold value, the process information including the confirmation information is acquired in the state confirmation step, and when the confirmation information indicates an invalid communication state, the security process is disconnected in the security process control step.
15. The security process management method according to claim 14,
when the confirmation information indicates a valid communication state, the security process monitoring step resets the timer and counts again a time when no data transmission state is present in the security process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510163456.4A CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510163456.4A CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106162510A CN106162510A (en) | 2016-11-23 |
| CN106162510B true CN106162510B (en) | 2020-09-25 |
Family
ID=57337133
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510163456.4A Active CN106162510B (en) | 2015-04-08 | 2015-04-08 | Security process management device and security process management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106162510B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109144677B (en) * | 2017-06-16 | 2022-08-26 | 百度在线网络技术(北京)有限公司 | Keep-alive process method and device for android system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5917409A (en) * | 1998-09-02 | 1999-06-29 | Wang; Randall | Process and system for reducing motion-type false alarm of security alarm system |
| US6166633A (en) * | 1999-05-21 | 2000-12-26 | Wang; Randall | Process for reducing motion-type false alarm of security alarm system with self-analyzing and self-adjusting control |
| TW201215181A (en) * | 2010-08-03 | 2012-04-01 | Interdigital Patent Holdings | Machine-to-machine (M2M) call flow security |
| CN103178938A (en) * | 2013-03-25 | 2013-06-26 | 中国联合网络通信集团有限公司 | Signaling optimizing process method, equipment and system |
| CN104394196A (en) * | 2014-11-10 | 2015-03-04 | 深圳市汇川技术股份有限公司 | A control method for anti-disassembly of a wireless module and an Internet of Things device side |
-
2015
- 2015-04-08 CN CN201510163456.4A patent/CN106162510B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5917409A (en) * | 1998-09-02 | 1999-06-29 | Wang; Randall | Process and system for reducing motion-type false alarm of security alarm system |
| US6166633A (en) * | 1999-05-21 | 2000-12-26 | Wang; Randall | Process for reducing motion-type false alarm of security alarm system with self-analyzing and self-adjusting control |
| TW201215181A (en) * | 2010-08-03 | 2012-04-01 | Interdigital Patent Holdings | Machine-to-machine (M2M) call flow security |
| CN103178938A (en) * | 2013-03-25 | 2013-06-26 | 中国联合网络通信集团有限公司 | Signaling optimizing process method, equipment and system |
| CN104394196A (en) * | 2014-11-10 | 2015-03-04 | 深圳市汇川技术股份有限公司 | A control method for anti-disassembly of a wireless module and an Internet of Things device side |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106162510A (en) | 2016-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100435516C (en) | Bandwidth oriented reconfiguration of wireless ad hoc networks | |
| US10560929B2 (en) | Resource request method and system, device, and network side node | |
| US10028293B2 (en) | Method and apparatus for controlling data transmission on radio communication network | |
| CN110808948B (en) | Remote procedure calling method, device and system | |
| WO2017075921A1 (en) | Access control method and device for remote terminal, terminal, and base station | |
| CN110830968A (en) | Networking method and device, Bluetooth equipment and computer readable medium | |
| EP3128706B1 (en) | Resource reuse method and apparatus | |
| JP2022087113A (en) | Method and device for identifying information domain value in dci | |
| WO2012153457A1 (en) | Remote operation system, relay device, mobile communication terminal device, and relay method | |
| US20190132763A1 (en) | Method and device for transmitting data | |
| KR20070015572A (en) | Quality of service control for a data transmission in a wireless communication network using configuration messages | |
| RU2693270C2 (en) | Communication device, communication device control method and program | |
| KR20110008311A (en) | Methods and devices for managing a network | |
| CN106961699B (en) | User equipment allocation method, network side equipment and user equipment | |
| CN110771201B (en) | Terminal equipment and uplink data transmission method | |
| JPWO2006112176A1 (en) | Data recording system, data acquisition device, data recording device, data acquisition device control program, and data recording device control program | |
| KR100640401B1 (en) | System and methdo for synchronization between mobile e-mail server and client terminal and the terminal thereof | |
| CN106162510B (en) | Security process management device and security process management method | |
| WO2016062005A1 (en) | Method and apparatus for processing resending of machine-type communication request | |
| JP6337891B2 (en) | Communication system, communication timing control device, connection control device, communication timing control method, and program | |
| WO2019230446A1 (en) | Communication method, communication system, authentication device and user terminal | |
| JP6296598B2 (en) | Integrated communication system | |
| CN110557331A (en) | User offline control method, controller, forwarding equipment and user access system | |
| JP2020022053A (en) | Communication control device | |
| JP2018088569A (en) | Radio communication device, method for setting identification information, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |