CN112019562A - Method and system for joint confirmation of mobile service user state - Google Patents
Method and system for joint confirmation of mobile service user state Download PDFInfo
- Publication number
- CN112019562A CN112019562A CN202010945125.7A CN202010945125A CN112019562A CN 112019562 A CN112019562 A CN 112019562A CN 202010945125 A CN202010945125 A CN 202010945125A CN 112019562 A CN112019562 A CN 112019562A
- Authority
- CN
- China
- Prior art keywords
- mobile
- user
- mobile terminal
- mobile service
- state information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012790 confirmation Methods 0.000 title claims description 9
- 238000012544 monitoring process Methods 0.000 claims abstract description 19
- 238000012795 verification Methods 0.000 claims abstract description 19
- 238000012545 processing Methods 0.000 claims description 7
- 230000011664 signaling Effects 0.000 claims description 6
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 206010048669 Terminal state Diseases 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The method for jointly confirming the state of the mobile service user comprises the steps of obtaining user state information at least from two dimensions of a mobile terminal, a mobile network system and a mobile service system; and performing joint comparison and verification based on the user state information to realize the whole-process global monitoring of the mobile service access process. According to the method and the system, the user state information is acquired from at least two dimensions in the mobile terminal, the mobile network system and the mobile service system, comprehensive comparison and combined verification are carried out according to the acquired information, single-point state information errors, forgery or falsification can be prevented, the whole process and universe monitoring of the mobile service access process are realized, and the process is controllable and credible.
Description
Technical Field
The application belongs to the technical field of information security, and particularly relates to a method and a system for jointly confirming the state of a mobile service user.
Background
At present, in the related art, in the process of developing a mobile service, since a user holds a mobile terminal and accesses a service system through a mobile network, the current position and working state of the user are in a mobile uncontrolled state, and from the perspective of system security management, only the process and state of accessing a service application by the user can be obtained, the state of the mobile terminal, the network connection state and the like outside the service are lack of monitoring, the whole-course and global coverage cannot be formed, and a support cannot be provided for implementing a security policy.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
In order to overcome the problems in the related art at least to a certain extent, the application provides a method and a system for jointly confirming the user state of the mobile service, which are used for carrying out the 'three-in-one' joint confirmation based on a mobile core network, a mobile terminal and a service system and are beneficial to realizing the system safety management of whole-course and whole-domain coverage.
In order to achieve the purpose, the following technical scheme is adopted in the application:
in a first aspect,
the application provides a method for jointly confirming the state of a mobile service user, which comprises the following steps:
acquiring user state information at least from two dimensions of a mobile terminal, a mobile network system and a mobile service system;
and performing joint comparison and verification based on the user state information to realize the whole-process global monitoring of the mobile service access process.
Alternatively, by deploying a dedicated agent at the mobile terminal, the user status information is obtained from the mobile terminal based on the dedicated agent.
Optionally, the user status information obtained from the mobile terminal includes: user mobile terminal identification information, user on-off state information and position information.
Optionally, by deploying a dedicated device in the core network of the mobile network system, the dedicated device is configured to perform querying based on a core network signaling protocol to obtain the user status information from the mobile network system.
Optionally, the user status information obtained from the mobile network system includes: the mobile network information attached by the user, the network roaming position information, the established network connection information, the target address information of the access service system and the network flow state information.
Optionally, by deploying a special mobile security management module, time synchronization processing is performed on the mobile terminal, the mobile network system and the mobile service system,
and the user state information with the time stamp submitted by the special agent program, the special equipment and the mobile service system is subjected to real-time combined comparison and verification so as to realize the whole-process global monitoring of the mobile service access process.
Optionally, the time synchronization processing specifically includes performing time synchronization on the mobile terminal, the mobile network system, and the mobile service system periodically by using the clock of the dedicated mobile security management module as a unique time reference.
Optionally, the timestamp is generated according to the synchronized local time, so as to ensure consistency of the timestamp.
In a second aspect of the present invention,
the application provides a combined confirmation system of mobile service user state, the system includes a special agent program deployed in a mobile terminal, a special device deployed in a core network of a mobile network system, and a special mobile security management module;
the special agent program is used for acquiring user state information from the mobile terminal;
the special equipment is used for inquiring based on a core network signaling protocol so as to acquire user state information from a mobile network system;
the special mobile security management module is used for performing combined comparison and verification according to user state information acquired from at least two dimensions of the mobile terminal, the mobile network system and the mobile service system so as to realize whole-process global monitoring of a mobile service access process.
Optionally, the dedicated mobile security management module, being specifically configured,
the time synchronization processing is carried out on the mobile terminal, the mobile network system and the mobile service system,
and the user state information with the time stamp submitted by the special agent program, the special equipment and the mobile service system is subjected to real-time combined comparison and verification so as to realize the whole-process global monitoring of the mobile service access process.
This application adopts above technical scheme, possesses following beneficial effect at least:
user state information is acquired from at least two dimensions of a mobile terminal, a mobile network system and a mobile service system, comprehensive comparison and combined verification are carried out according to the acquired information, single-point state information errors, forgery or falsification can be prevented, whole-process and global monitoring of a mobile service access process is realized, and the process is controllable and credible.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the technology or prior art of the present application and are incorporated in and constitute a part of this specification. The drawings expressing the embodiments of the present application are used for explaining the technical solutions of the present application, and should not be construed as limiting the technical solutions of the present application.
Fig. 1 is a schematic flowchart of a method for jointly confirming a mobile service user status according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a system for jointly confirming a mobile service user status according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail below. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the examples given herein without making any creative effort, shall fall within the protection scope of the present application.
As described in the background art, currently, in the related art, in the process of developing a mobile service, since a user holds a mobile terminal and accesses a service system through a mobile network, the current position and working state of the user are in a mobile uncontrolled state, and from the perspective of system security management, only the process and state of accessing a service application by the user can be obtained, and the state of the mobile terminal and the network connection state outside the service are lack of monitoring, so that a whole-course and global coverage cannot be formed, and a support cannot be provided for implementing a security policy.
In order to solve the above problem, a "three-in-one" mobile service user state joint confirmation mechanism based on a mobile core network, a mobile terminal and a service system is established in the process that a user accesses a unit service system by using the mobile terminal, so that the whole-course and global security monitoring is performed on the mobile service user state, and a sufficient technical support is provided for implementing a mobile terminal security control policy for a unit. The application provides a method for jointly confirming the state of a mobile service user.
As shown in fig. 1, in an embodiment, a method for jointly confirming a mobile service user status provided by the present application includes the following steps:
step S110, obtaining user state information from at least two dimensions of a mobile terminal, a mobile network system and a mobile service system;
specifically, in this embodiment, by deploying a dedicated agent program on the mobile terminal, the user status information is acquired from the mobile terminal based on the dedicated agent program;
for example, the user status information obtained from the mobile terminal includes: user mobile terminal identification information, user on-off state information, position information and the like.
In the embodiment, by deploying a dedicated device in a core network of a mobile network system, the dedicated device is configured to perform query based on a core network signaling protocol to acquire user state information from the mobile network system;
for example, the user status information obtained from the mobile network system includes: the mobile network information attached by the user, the network roaming position information, the established network connection information, the target address information of the visiting service system, the network flow state information and the like.
The related art for obtaining the user status information from the mobile service system can be found in the prior art, and will not be described in detail here.
In addition, to implement subsequent joint comparison verification, in this embodiment of the present application, attention is focused on user state information in several aspects:
A. the terminal state: including the terminal equipment identification, the terminal power on and off, the location, etc. The state information is mainly acquired from dimensions of the mobile terminal, the mobile network access network and the like.
B. The access network state: including access terminal device identification, attachment to a mobile network, roaming location within the network, establishment of network connectivity, network bearer status (time period, traffic), network address to access a target service system, etc. The state information is mainly obtained from the mobile terminal and the core network, and is partially obtained from the service system.
C. Accessing a service system: including the mobile terminal network address, user identity, access time, service system content, etc. The part of state information is mainly obtained from the mobile terminal and the mobile service system.
Returning to fig. 1, step S120 is continued, and joint comparison and verification are performed based on the obtained user status information, so as to implement full-range monitoring on the mobile service access process, thereby providing decision assistance for adjusting and implementing security policies.
Specifically, in this embodiment, a dedicated mobile security management module is deployed to perform time synchronization processing on the mobile terminal, the mobile network system, and the mobile service system, and perform real-time joint comparison and verification on user status information with timestamps submitted by the dedicated agent program, the dedicated device, and the mobile service system, so as to implement global monitoring of the whole process of accessing the mobile service.
The method comprises the steps that a clock of a special mobile security management module is used as a unique time reference, and time synchronization is carried out on a mobile terminal, a mobile network system and a mobile service system regularly to realize time synchronization processing; the time stamp is generated according to the synchronized local time to ensure the consistency of the time stamp.
That is, in this step, all the information gathered to the management module after acquisition has a fixed timestamp, the consistency of the timestamps is completed by the module performing clock synchronization periodically (for example, 1 time in 10 minutes), the clock of the mobile security management module is the only time reference, and other acquisition units (for example, a dedicated agent program and a dedicated device) passively acquire the periodically sent time thereof as the basis of the timestamp.
To facilitate understanding of the joint federated contrast verification mentioned in this application, and how to provide decision assistance for adjusting, enforcing security policies. This is exemplified below:
for example, a position sensor interface of an agent program deployed on a mobile terminal is called to obtain first position information, second position information is obtained through a mobile core network, a current possible position range of a user is obtained through a mobile service system, and position joint comparison verification is carried out by the three; for example, the mobile terminal knows that the user is downloading a certain file, but does not know that the user is downloading a certain file according to the information acquired from the mobile service system, and the comparison between the two files is inconsistent, which reflects that the system has a security risk.
For another example, the mobile terminal learns that the camera of the user terminal is in an open state, but the mobile service system learns that the camera of the user terminal is in a closed state, and the security risk of the mobile terminal is reflected;
according to the corresponding security policy, if it is found that the other mobile terminals also have security risks, the mobile terminal having the security risks is treated according to a preset treatment mode, for example, the mobile terminal is locked; when the number of mobile terminals with security risk reaches a certain number (for example, 10), the mobile security management module handles the security risk according to a preset handling manner, for example, the service of the mobile service system is entirely closed, so as to avoid further expansion of the risk.
According to the technical scheme, the user state information is acquired from at least two dimensions of the mobile terminal, the mobile network system and the mobile service system, comprehensive comparison and combined verification are carried out according to the acquired information, single-point state information can be prevented from being wrong, forged or falsified, whole-course and whole-domain monitoring of the mobile service access process is achieved, and the process is controllable and credible.
Fig. 2 is a schematic structural diagram of a system for jointly confirming a mobile service user status according to an embodiment of the present application.
As shown in fig. 2, the system includes a dedicated agent deployed in the mobile terminal, a dedicated device deployed in the core network of the mobile network system, and a dedicated mobile security management module;
a dedicated agent program for acquiring user status information from the mobile terminal;
the special equipment is used for inquiring based on a core network signaling protocol so as to acquire user state information from the mobile network system;
and the special mobile security management module is used for performing joint comparison and verification according to user state information acquired from at least two dimensions of the mobile terminal, the mobile network system and the mobile service system so as to realize whole-process global monitoring on the mobile service access process.
The dedicated mobile security management module, specifically configured,
the time synchronization processing is carried out on the mobile terminal, the mobile network system and the mobile service system,
and the user state information (information summary in the figure) with time stamps submitted by the special agent program, the special equipment and the mobile service system is subjected to real-time combined comparison and verification so as to realize the whole-process global monitoring of the mobile service access process.
The details of the system have been described in the embodiments related to the method and will not be elaborated upon here.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for jointly confirming the status of a mobile service user is characterized by comprising the following steps:
acquiring user state information at least from two dimensions of a mobile terminal, a mobile network system and a mobile service system;
and performing joint comparison and verification based on the user state information to realize the whole-process global monitoring of the mobile service access process.
2. The joint confirmation method according to claim 1, wherein the user status information is acquired from the mobile terminal based on a dedicated agent program deployed at the mobile terminal.
3. The joint acknowledgement method according to claim 2, wherein the user status information obtained from the mobile terminal includes: user mobile terminal identification information, user on-off state information and position information.
4. The joint acknowledgement method of claim 2, wherein the dedicated device is configured to query based on a core network signaling protocol to obtain the user status information from the mobile network system by deploying the dedicated device in a core network of the mobile network system.
5. The joint acknowledgement method according to claim 4, wherein the user status information obtained from the mobile network system comprises: the mobile network information attached by the user, the network roaming position information, the established network connection information, the target address information of the access service system and the network flow state information.
6. The joint confirmation method according to claim 4, wherein the mobile terminal, the mobile network system and the mobile service system are time-synchronized by deploying a dedicated mobile security management module,
and the user state information with the time stamp submitted by the special agent program, the special equipment and the mobile service system is subjected to real-time combined comparison and verification so as to realize the whole-process global monitoring of the mobile service access process.
7. The joint confirmation method according to claim 6, wherein the time synchronization process is specifically to periodically perform time synchronization on the mobile terminal, the mobile network system, and the mobile service system with the clock of the dedicated mobile security management module as a unique time reference.
8. The joint validation method of claim 6, wherein the timestamps are generated according to synchronized local time to ensure consistency of the timestamps.
9. A joint confirmation system of mobile service user state is characterized in that the system comprises a special agent program deployed on a mobile terminal, special equipment deployed in a core network of a mobile network system and a special mobile security management module;
the special agent program is used for acquiring user state information from the mobile terminal;
the special equipment is used for inquiring based on a core network signaling protocol so as to acquire user state information from a mobile network system;
the special mobile security management module is used for performing combined comparison and verification according to user state information acquired from at least two dimensions of the mobile terminal, the mobile network system and the mobile service system so as to realize whole-process global monitoring of a mobile service access process.
10. The joint validation system of claim 9, wherein the dedicated mobile security management module is specifically configured to,
the time synchronization processing is carried out on the mobile terminal, the mobile network system and the mobile service system,
and the user state information with the time stamp submitted by the special agent program, the special equipment and the mobile service system is subjected to real-time combined comparison and verification so as to realize the whole-process global monitoring of the mobile service access process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010945125.7A CN112019562A (en) | 2020-09-10 | 2020-09-10 | Method and system for joint confirmation of mobile service user state |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010945125.7A CN112019562A (en) | 2020-09-10 | 2020-09-10 | Method and system for joint confirmation of mobile service user state |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112019562A true CN112019562A (en) | 2020-12-01 |
Family
ID=73521706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010945125.7A Pending CN112019562A (en) | 2020-09-10 | 2020-09-10 | Method and system for joint confirmation of mobile service user state |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019562A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080043686A1 (en) * | 2004-12-30 | 2008-02-21 | Telecom Italia S.P.A. | Method and System for Detecting Attacks in Wireless Data Communications Networks |
| CN101572854A (en) * | 2008-04-28 | 2009-11-04 | 华为技术有限公司 | Method, system and equipment for strategy authorization |
| KR20140136603A (en) * | 2013-05-20 | 2014-12-01 | 주식회사 아이디어웨어 | Recording Medium, Method and System for Operation of Policy |
| CN105472737A (en) * | 2015-12-31 | 2016-04-06 | 上海华为技术有限公司 | Terminal positioning method and server |
| CN106888443A (en) * | 2017-03-27 | 2017-06-23 | 广东电网有限责任公司佛山供电局 | Communication resource status monitoring method and system |
-
2020
- 2020-09-10 CN CN202010945125.7A patent/CN112019562A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080043686A1 (en) * | 2004-12-30 | 2008-02-21 | Telecom Italia S.P.A. | Method and System for Detecting Attacks in Wireless Data Communications Networks |
| CN101572854A (en) * | 2008-04-28 | 2009-11-04 | 华为技术有限公司 | Method, system and equipment for strategy authorization |
| WO2009132536A1 (en) * | 2008-04-28 | 2009-11-05 | 华为技术有限公司 | Method, system and equipment of policy authorization |
| KR20140136603A (en) * | 2013-05-20 | 2014-12-01 | 주식회사 아이디어웨어 | Recording Medium, Method and System for Operation of Policy |
| CN105472737A (en) * | 2015-12-31 | 2016-04-06 | 上海华为技术有限公司 | Terminal positioning method and server |
| CN106888443A (en) * | 2017-03-27 | 2017-06-23 | 广东电网有限责任公司佛山供电局 | Communication resource status monitoring method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2553873B1 (en) | Methods and apparatus to transfer management control of a client between servers | |
| EP2530963B1 (en) | Authentication method for machine type communication device, machine type communication gateway and related devices | |
| US20090028101A1 (en) | Authentication method in a radio communication system, a radio terminal device and radio base station using the method, a radio communication system using them, and a program thereof | |
| CN102711106B (en) | Establish the method and system of ipsec tunnel | |
| KR101703097B1 (en) | Radio access system and portable terminal device | |
| CN100593936C (en) | Roaming authentication method based on WAPI | |
| RU2014123536A (en) | METHOD FOR DETERMINING DATA CONNECTIVITY BETWEEN A WIRELESS COMMUNICATION DEVICE AND A BASIC NETWORK BY AN IP ACCESS NETWORK, A WIRELESS COMMUNICATION DEVICE AND A COMMUNICATION SYSTEM | |
| CN113965925B (en) | Dynamic authentication method, device, equipment and readable storage medium | |
| EP2744250A1 (en) | Method and apparatus for binding universal integrated circuit card and machine type communication device | |
| CN110636495A (en) | Method for terminal user safety roaming authentication in fog computing system | |
| CN1885770B (en) | Authentication method | |
| RU2546314C2 (en) | Time check method and base station | |
| CN104518874A (en) | Network access control method and system | |
| CN112019562A (en) | Method and system for joint confirmation of mobile service user state | |
| US20170070867A1 (en) | Method and system for triggering terminal group | |
| CN105376836B (en) | The connection control method and system of UE terminal device | |
| WO2010124571A1 (en) | Node information acquirement method, client, and server | |
| CN109672987A (en) | A kind of community management method and system | |
| CN115499894A (en) | Network slice adjusting method, device and equipment | |
| WO2013065297A1 (en) | Apparatus and methods for policy update of multiple communications devices | |
| CN109560942B (en) | Network validation parameter query method, equipment and computer readable storage medium | |
| KR101434750B1 (en) | Geography-based pre-authentication for wlan data offloading in umts-wlan networks | |
| CN110784454A (en) | Information transmission method and device based on new generation distribution automation main station | |
| AU2018403260A1 (en) | Method and device for terminal to report information, and computer storage medium | |
| CN115883259B (en) | Mobile equipment management and control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201201 |