WO2020057360A1 - Method and apparatus for improving security of terminal, and computer-readable storage medium - Google Patents

Method and apparatus for improving security of terminal, and computer-readable storage medium Download PDF

Info

Publication number
WO2020057360A1
WO2020057360A1 PCT/CN2019/103956 CN2019103956W WO2020057360A1 WO 2020057360 A1 WO2020057360 A1 WO 2020057360A1 CN 2019103956 W CN2019103956 W CN 2019103956W WO 2020057360 A1 WO2020057360 A1 WO 2020057360A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
application
message
protocol message
initiation protocol
Prior art date
Application number
PCT/CN2019/103956
Other languages
French (fr)
Chinese (zh)
Inventor
杨海城
郭海林
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2020057360A1 publication Critical patent/WO2020057360A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the present disclosure relates to, but is not limited to, a method and device for improving terminal security, and a computer-readable storage medium.
  • SIP Session Initiation Protocol
  • IP Internet Protocol
  • At least one embodiment of the present disclosure provides a method and device for improving terminal security, a computer-readable storage medium, and improving terminal security.
  • At least one embodiment of the present disclosure provides a method for improving terminal security, including:
  • the session initiation protocol message sent by the terminal is monitored, and when the session initiation protocol message is a message for establishing communication and the termination communication condition is currently met, the establishment of communication is stopped.
  • At least one embodiment of the present disclosure provides a device for improving terminal security, which includes a memory and a processor.
  • the memory stores a program.
  • the program When the program is read and executed by the processor, the program implements any one of the embodiments. Ways to improve terminal security.
  • At least one embodiment of the present disclosure provides a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any A method for improving terminal security according to an embodiment.
  • a session initiation protocol message sent by a terminal is monitored, and when the session initiation protocol message is a message for establishing a communication and a termination communication condition is currently met, the establishment of communication is stopped.
  • the solution provided by this embodiment can timely detect illegal communication operations, cut off communication, prevent users from being monitored, and passively dial toll calls, etc., thereby improving the user experience.
  • FIG. 1 is a schematic diagram of a SIP architecture in related technologies
  • FIG. 2 is a flowchart of a method for improving terminal security according to an embodiment of the present disclosure
  • FIG. 3 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure.
  • FIG. 4 is a flowchart of a method for improving terminal security provided by another embodiment of the present disclosure.
  • FIG. 5 is a flowchart of a method for improving terminal security provided by another embodiment of the present disclosure.
  • FIG. 6 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure.
  • FIG. 7 is a block diagram of a device for improving terminal security provided by an embodiment of the present disclosure.
  • FIG. 8 is a block diagram of a computer-readable storage medium according to an embodiment of the present disclosure.
  • FIG. 9 is a block diagram of a device for improving terminal security according to another embodiment of the present disclosure.
  • FIG. 1 it is a schematic diagram of a SIP architecture in the related art, including a terminal 101, a proxy call session control function (P-CSCF) 102, and a SIP server 103.
  • the terminal 101 sends a call request to the P-CSCF 102, and establishes a call with the peer through the SIP server 103.
  • the terminal 101 may be a smart terminal, a PAD (tablet), a computer, or the like.
  • an embodiment of the present disclosure provides a method for improving terminal security, including:
  • Step 201 Monitor a SIP message sent by the terminal
  • the SIP message sent may be a SIP message to be sent, or may be a SIP message already sent.
  • Step 202 When the SIP packet is a message for establishing communication and the termination condition for communication is currently met, stop establishing communication.
  • the communication establishment message is, for example, a message for establishing a call, or another type of communication message (for example, establishing a short message communication, etc.).
  • illegal communication can be monitored in a timely manner, and communication can be terminated in a timely manner, which solves the problem that malicious applications attack users through the VoLTE security vulnerability of the Android operating system, causing huge losses to users, and greatly improving the user experience.
  • the termination communication conditions may be set according to requirements.
  • the currently satisfying termination communication conditions include at least one of the following:
  • the application sending the SIP message is an unauthorized application
  • the application sending the SIP message is currently a background application. Since the application that initiates the communication is generally a foreground application, to interact with the user, in this embodiment, the communication initiated by the application running only in the background (without interacting with the user) is determined to be illegal communication and needs to be terminated.
  • the unauthorized applications include at least one of the following: applications that do not have communication permissions (such as Android.Permission.CALL_PHONE permission) are not recorded in the first list that is set to record applications that allow communication Applications that are recorded in a second list that is set to record applications that are prohibited from communicating.
  • the applications in the first list and the second list may be pre-configured or configured by a user. For example, you can directly obtain the permissions of the application and check whether the application has the Android.Permission.CALL_PHONE permission. If it does not, the application is an unauthorized application. For example, check whether the application is recorded in the first list.
  • Authorized applications for example, check whether the applications are recorded in the second list, and if they are, they are unauthorized applications.
  • the first list and the second list can be viewed according to the application identification (application index number) or the application name. Only the first list and the second list may exist, or they may both exist.
  • the SIP message sent by the monitoring terminal includes: a SIP message sent by the monitoring terminal to the P-CSCF. Because the SIP message is usually sent to the SIP server, and the message sent to the SIP server needs to pass through the P-CSCF, the message sent to the P-CSCF can be monitored. It should be noted that it is also possible to directly monitor the message sent by the terminal and determine whether it is a SIP message according to the message format. For example, if two terminals establish communication directly (not through a SIP server), at this time, directly monitor SIP packets sent by the terminals.
  • the message that the SIP message is to establish communication includes that the SIP message is an INVITE message. Since VoLTE uses INVITE messages to establish a call between two or more parties, it is possible to determine whether a SIP message is a message to establish communication by determining whether the message is an INVITE message. It should be noted that if the message for establishing a call changes, correspondingly, it is determined whether the SIP message is a message for establishing a call by judging whether the SIP message is a changed message.
  • the application that sends the SIP packet is determined according to the following manner:
  • the system stores the correspondence between the socket connection and the application, and the application corresponding to the socket connection can be obtained by querying this information.
  • the destination address information includes a destination address and a port number
  • the source address information includes a source address and a port number.
  • the destination address information is, for example, the P-CSCF address information
  • the source address information is the terminal's own address information.
  • the application that sends the SIP packet is determined according to the following manner:
  • This application is the application that sends SIP packets.
  • the method before obtaining the destination address information and the source address information of the SIP message, the method further includes: decrypting the SIP message.
  • IPSec IP Security
  • the IPSec algorithm encrypts SIP packets through ESP (Encapsulating Security Payload, Encapsulating Security Payload). Therefore, the SIP packets need to be decrypted to obtain the information carried in them. After the SIP packet is decrypted, the destination address information and source address information of the SIP packet can be obtained.
  • the step of stopping establishing communication in step 102 is, for example, sending a BYE message to the SIP server to end the current VoLTE session. If the SIP message has not been sent, the step of stopping establishing communication in step 102 is, for example, not sending the SIP message.
  • the SIP packet when the SIP packet is a message for establishing communication and currently meets the conditions for terminating communication, it further includes at least one of the following:
  • the prompt information is, for example, that your terminal is being attacked by a malicious application and has undergone xxx (for example, uninstallation) processing. This is only an example, and the prompt information can be set as required.
  • FIG. 3 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 3, the method includes:
  • Step 301 Monitor the SIP message sent by the terminal.
  • Step 302 When the SIP message is a message for establishing communication and the termination of communication conditions is currently met, prompt the user whether to stop establishing communication; for example, a prompt interface pops up and provides the function options of continuing to establish communication and stopping establishing communication, so as to facilitate User's selection for subsequent operations.
  • Step 303 After receiving the user's instruction to stop establishing communication, stop establishing communication.
  • the establishment of communication is stopped. In another embodiment, if the user selects the option to continue establishing communication, the communication continues to be established.
  • FIG. 4 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 4, the method includes:
  • Step 401 Monitor a SIP message sent by a terminal
  • Step 402 when the SIP message is a message for establishing communication, obtain an application for sending the SIP message;
  • An application for obtaining and sending the SIP message is: obtaining destination address information and source address information of the SIP message, and obtaining a corresponding socket according to the destination address information and source address information of the SIP message.
  • Word (socket) connection the application that creates the socket connection is the application that sends the SIP message.
  • Step 403 When the application sending the SIP message is an unauthorized application or a background application, stop establishing communication.
  • FIG. 5 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 4, the method includes:
  • Step 501 Listen for a SIP message sent by a terminal
  • Step 502 When the SIP message is a message for establishing communication and the termination condition for communication is currently met, stop establishing communication.
  • Step 503 Perform at least one of the following:
  • a message is displayed.
  • step 503 is only an example, and other processing may be performed as needed.
  • an embodiment of the present disclosure provides a method for improving VoLTE security, including:
  • Step 601 It is monitored that the terminal sends a SIP message to the SIP server;
  • Any SIP message sent from the VoLTE terminal to the SIP server must pass through the P-CSCF network element. Therefore, what is actually monitored is that the terminal sends a SIP message to the P-CSCF network element.
  • the terminal obtains the IP address of the P-CSCF network element from the network side.
  • Step 602 Decrypt the SIP message.
  • IPSec encryption algorithms For security reasons, many mobile network operators use IPSec encryption algorithms to protect SIP packets.
  • the IPSec algorithm encrypts SIP packets through the ESP protocol. Therefore, the SIP message needs to be decrypted to obtain the information in the SIP message.
  • the key (Ck, Ik) and cryptographic algorithm are obtained from the ESP, and the SIP message is decrypted.
  • the SIP packet displayed in plain text, and the source port and destination port of the SIP packet are obtained.
  • Step 603 Identify the decrypted SIP message, determine whether the SIP message is an INVITE message, and if yes, proceed to step 604; otherwise, end.
  • the decrypted SIP message has been clearly displayed.
  • One method to determine whether the SIP message is an INVITE message is to check whether the header of the SIP message is "INVITE" and contains the calling and called numbers. If so, the SIP The message is an INVITE message.
  • Step 604 Obtain an application that sends the SIP message.
  • the corresponding socket connection is obtained through the destination address and port number (SIP server), source address, and port number of the SIP packet, and then the application information for creating the socket connection is found.
  • the PID (Program ID) and Program Name (Application Name) of the application can be obtained. Call the send SIP interface
  • Step 605 Determine whether the application is an unauthorized application, and if yes, proceed to step 606; if not, end.
  • the judgment is made according to the application name. If it is not the dialing application com.android.dialer of the Android system or the application in the first list (also known as the white list), it is determined as an unauthorized application.
  • Step 606 Stop establishing a call.
  • step 606 at least one of the following may be performed:
  • a malicious application when using SIP technology to implement a call, a malicious application can start communication without obtaining the corresponding communication permission. At this time, the communication will not be displayed on the screen.
  • This security vulnerability is extremely harmful and may cause users Huge losses: 1) Malicious applications allow the terminal to constantly make calls to the specified number, resulting in users not receiving incoming calls normally. 2) Malicious applications allow terminals to make expensive video calls or pay calls, causing users to suffer financial losses. 3) The user is illegally monitored.
  • the solution provided by this embodiment can detect an illegal call in time and terminate the illegal call, avoiding the terminal in a state of continuously making calls, avoiding economic losses caused by dialing toll calls, and preventing users from being monitored.
  • an embodiment of the present disclosure provides a device 70 for improving terminal security, which includes a memory 710 and a processor 720.
  • the memory 710 stores a program, and the program is read by the processor 720.
  • the method for improving terminal security is implemented. Specifically, in an embodiment, when the program is read and executed by the processor 720, the following steps are implemented:
  • the session initiation protocol message sent by the terminal is monitored, and when the session initiation protocol message is a message for establishing communication and the termination communication condition is currently met, the establishment of communication is stopped.
  • the currently satisfied termination communication conditions include at least one of the following:
  • the application sending the session initiation protocol message is an unauthorized application
  • the application that sends the session initiation protocol message is currently a background application.
  • the unauthorized application includes at least one of the following: an application that does not have communication permission, an application that is not recorded in the first list for recording applications permitted to communicate, and an application that is recorded for recording prohibited communication Apps in the second list of apps.
  • the session initiation protocol message sent by the monitoring terminal includes: a session initiation protocol message sent by the monitoring terminal to the proxy call session control function.
  • the stopping establishing communication includes:
  • the program when the program is read and executed by the processor 720, it further implements the following steps: determining an application for sending the session initiation protocol message according to the following method: obtaining the session initiation protocol message Destination address information and source address information. The corresponding socket connection is obtained according to the destination address information and source address information of the session initiation protocol message. The application that creates the socket connection is the one that sends the session initiation protocol message. application.
  • the method before obtaining the destination address information and the source address information of the session initiation protocol message, the method further includes: decrypting the session initiation protocol message.
  • the session initiation protocol message is a communication establishment message and currently does not meet the communication establishment conditions, at least one of the following is performed:
  • a message is displayed.
  • An embodiment of the present disclosure further provides a terminal including the device 70 for improving terminal security.
  • an embodiment of the present disclosure provides a computer-readable storage medium 80.
  • the computer-readable storage medium 80 stores one or more programs 81.
  • the one or more programs 81 may be stored in one or more programs 81.
  • a plurality of processors execute to implement the method for improving terminal security according to any embodiment.
  • an embodiment of the present disclosure provides a device for improving terminal security, including a monitoring module 901, an analysis module 902, a decision module 903, and an execution module 904, where:
  • the monitoring module 901 is configured to notify the parsing module 902 when monitoring the SIP packet sent by the terminal;
  • the parsing module 902 is configured to, after receiving the notification from the monitoring module 901, determine whether the SIP message is a message for establishing communication, and notify the judgment module when the SIP message is a message for establishing communication. 903;
  • the judging module 903 is configured to notify the execution module 904 when receiving the notification of the parsing module 902 and determining that the communication termination condition is currently met;
  • the execution module 904 is configured to stop establishing communication after receiving the notification from the decision module 903.
  • the currently satisfied termination communication conditions include at least one of the following:
  • the application sending the SIP message is an unauthorized application
  • the application sending the SIP message is currently a background application.
  • the unauthorized applications include at least one of the following: applications that do not have communication rights, applications that are not recorded in the first list for recording applications that are allowed to communicate, and applications that are not recorded in the first list for applications that are not allowed to communicate. Applications in the second list.
  • the interception module 901 monitors the terminal to send a SIP message as follows: the interception module 901 is configured to monitor the terminal to send a SIP message to the P-CSCF.
  • the execution module 904 stopping establishing communication includes: the executing module 904 prompts the user whether to stop establishing communication, and stops receiving communication after receiving an instruction to stop establishing communication.
  • the execution module 904 is further configured to execute at least one of the following:
  • a message is displayed.
  • the parsing module 902 includes a decoding unit 9021 and a parsing unit 9022, where:
  • the decoding unit 9021 is configured to, after receiving the notification from the monitoring module 301, decrypt the SIP message to obtain a decrypted SIP message;
  • the parsing unit 9022 is configured to determine, according to the decrypted SIP message, whether the SIP message is a message for establishing communication, and when the SIP message is a message for establishing communication, notify the judgment module 903.
  • the determination module 903 includes an application information acquisition unit 9031 and a determination unit 9032, where:
  • the application information obtaining unit 9031 is configured to, after receiving the notification from the parsing module 902, obtain an application that sends the SIP packet;
  • the judging unit 9032 is configured to determine whether the communication termination conditions are currently met, and notify the execution module 904 when it is determined that the communication termination conditions are currently met.
  • the application information obtaining unit 9031 obtains an application that sends the SIP packet includes:
  • VoLTE Voice Over WiFi, Voice over Wi-Fi
  • RCS Radio Communications Suite
  • Vo5G Voice Overover New Radio, 5G voice solutions
  • other VoIMS Voice over IMS, voice solutions based on IP multimedia subsystem
  • computer storage medium includes volatile and non-volatile implemented in any method or technology used to store information such as computer-readable instructions, data structures, program modules or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
  • a communication medium typically contains computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .
  • a session initiation protocol message sent by a terminal is monitored, and when the session initiation protocol message is a message for establishing a communication and a condition for terminating communication is currently met, the establishment of communication is stopped.
  • the solution provided by this embodiment can timely detect illegal communication operations, cut off communication, prevent users from being monitored, and passively dial toll calls, which improves the user experience.

Abstract

Provided are a method and apparatus for improving the security of a terminal, and a computer-readable storage medium. The method for improving the security of a terminal comprises: monitoring a session initiation protocol message sent by a terminal, and when the session initiation protocol message is a message for establishing communication and currently meets a communication termination condition, stopping establishing communication.

Description

一种提高终端安全性的方法及装置、计算机可读存储介质Method and device for improving terminal security, and computer-readable storage medium 技术领域Technical field
本公开涉及但不限于一种提高终端安全性的方法及装置,计算机可读存储介质。The present disclosure relates to, but is not limited to, a method and device for improving terminal security, and a computer-readable storage medium.
背景技术Background technique
由于对数据服务的需求不断增长,移动网络运营商快速地转向了高速网络。凭借更高的带宽和更低的延迟,LTE(Long Term Evolution,长期演进)成为了近年来的主流蜂窝网络技术。基于IP(Internet Protocol,网络协议)协议的SIP(Session Initiation Protocol,会话初始协议)技术可以实现在只有数据交换的网络上提供稳定的通信(比如语音通话等)。使用SIP技术实现通信时,由于Android操作系统的漏洞,恶意应用可以在没有取得相应通信权限的情况下启动通信。此时,通信不会在屏幕上显示,用户不会意识到自己的手机正在通信状态。As the demand for data services continues to grow, mobile network operators are rapidly turning to high-speed networks. With higher bandwidth and lower latency, LTE (Long Term Evolution) has become the mainstream cellular network technology in recent years. SIP (Session Initiation Protocol) technology based on the IP (Internet Protocol) protocol can provide stable communication (such as voice calls) on a network with only data exchange. When SIP technology is used for communication, due to the vulnerability of the Android operating system, malicious applications can start communication without obtaining corresponding communication permissions. At this time, the communication will not be displayed on the screen, and the user will not realize that his mobile phone is communicating.
发明内容Summary of the Invention
本公开至少一实施例提供了一种提高终端安全性的方法及装置、计算机可读存储介质,提高终端的安全性。At least one embodiment of the present disclosure provides a method and device for improving terminal security, a computer-readable storage medium, and improving terminal security.
本公开至少一实施例提供一种提高终端安全性的方法,包括:At least one embodiment of the present disclosure provides a method for improving terminal security, including:
监听终端发送的会话初始协议报文,当所述会话初始协议报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。The session initiation protocol message sent by the terminal is monitored, and when the session initiation protocol message is a message for establishing communication and the termination communication condition is currently met, the establishment of communication is stopped.
本公开至少一实施例提供一种提高终端安全性的装置,包括存储器和处理器,所述存储器存储有程序,所述程序在被所述处理器读取执行时,实现任一实施例所述的提高终端安全性的方法。At least one embodiment of the present disclosure provides a device for improving terminal security, which includes a memory and a processor. The memory stores a program. When the program is read and executed by the processor, the program implements any one of the embodiments. Ways to improve terminal security.
本公开至少一实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现任一实施例所述的提高终端安全性的方法。At least one embodiment of the present disclosure provides a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any A method for improving terminal security according to an embodiment.
与相关技术相比,本公开至少一实施例中,监听终端发送的会话初始协议报文,当所述会话初始协议报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。本实施例提供的方案,能及时监测到非法通信操作,切断通信,避免用户被监听、被动拨打收费电话等,提升了用户体验。Compared with the related art, in at least one embodiment of the present disclosure, a session initiation protocol message sent by a terminal is monitored, and when the session initiation protocol message is a message for establishing a communication and a termination communication condition is currently met, the establishment of communication is stopped. The solution provided by this embodiment can timely detect illegal communication operations, cut off communication, prevent users from being monitored, and passively dial toll calls, etc., thereby improving the user experience.
本公开的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本公开而了解。本公开的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present disclosure will be explained in the following description, and partly become apparent from the description, or be understood by implementing the present disclosure. The objects and other advantages of the present disclosure can be achieved and obtained by the structures particularly pointed out in the description, the claims, and the drawings.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
附图用来提供对本公开技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本公开的技术方案,并不构成对本公开技术方案的限制。The drawings are used to provide a further understanding of the technical solutions of the present disclosure, and constitute a part of the specification. They are used to explain the technical solutions of the present disclosure together with the embodiments of the present application, and do not constitute a limitation to the technical solutions of the present disclosure.
图1为相关技术中SIP架构示意图;FIG. 1 is a schematic diagram of a SIP architecture in related technologies;
图2为本公开一实施例提供的提高终端安全性的方法流程图;2 is a flowchart of a method for improving terminal security according to an embodiment of the present disclosure;
图3为本公开另一实施例提供的提高终端安全性的方法流程图;3 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure;
图4为本公开又一实施例提供的提高终端安全性的方法流程图;4 is a flowchart of a method for improving terminal security provided by another embodiment of the present disclosure;
图5为本公开又一实施例提供的提高终端安全性的方法流程图;5 is a flowchart of a method for improving terminal security provided by another embodiment of the present disclosure;
图6为本公开另一实施例提供的提高终端安全性的方法流程图;6 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure;
图7为本公开一实施例提供的提高终端安全性的装置框图;7 is a block diagram of a device for improving terminal security provided by an embodiment of the present disclosure;
图8为本公开一实施例提供的计算机可读存储介质框图;8 is a block diagram of a computer-readable storage medium according to an embodiment of the present disclosure;
图9为本公开另一实施例提供的提高终端安全性的装置框图。FIG. 9 is a block diagram of a device for improving terminal security according to another embodiment of the present disclosure.
具体实施方式detailed description
为使本公开的目的、技术方案和优点更加清楚明白,下文中将结合附图对本公开的实施例进行详细说明。需要说明的是,在不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the objectives, technical solutions, and advantages of the present disclosure more clear, the embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be arbitrarily combined with each other.
在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行。并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The steps shown in the flowchart of the figures may be performed in a computer system such as a set of computer-executable instructions. And, although the logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.
研究发现,Android的权限控制存在安全漏洞:具有Android.Permission.INTERNET(互联网)权限的应用,即可向SIP服务器发送SIP消息,从而发起通信,可能导致用户被非法监听。本申请中,对SIP报文进行监听,从而能及时发现非法通信的创建。Research has found that Android's permission control has security vulnerabilities: applications with Android.Permission.INTERNET (Internet) permissions can send SIP messages to the SIP server to initiate communication, which may cause users to be monitored illegally. In this application, SIP packets are monitored, so that the creation of illegal communications can be found in time.
如图1所示,为相关技术中SIP架构示意图,包括终端101、代理呼叫会话控制功能(Proxy-Call Session Control Function,P-CSCF)102和SIP服务器103。终端101发送通话请求至P-CSCF102,经SIP服务器103与对端建立通话。终端101可以是智能终端、PAD(平板)、电脑等等。As shown in FIG. 1, it is a schematic diagram of a SIP architecture in the related art, including a terminal 101, a proxy call session control function (P-CSCF) 102, and a SIP server 103. The terminal 101 sends a call request to the P-CSCF 102, and establishes a call with the peer through the SIP server 103. The terminal 101 may be a smart terminal, a PAD (tablet), a computer, or the like.
如图2所示,本公开一实施例提供一种提高终端安全性的方法,包括:As shown in FIG. 2, an embodiment of the present disclosure provides a method for improving terminal security, including:
步骤201,监听终端发送的SIP报文;Step 201: Monitor a SIP message sent by the terminal;
其中,发送的SIP报文可以是待发送的SIP报文,也可以是已发送的SIP报文。The SIP message sent may be a SIP message to be sent, or may be a SIP message already sent.
步骤202,当所述SIP报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。Step 202: When the SIP packet is a message for establishing communication and the termination condition for communication is currently met, stop establishing communication.
其中,所述建立通信的消息比如为建立通话的消息,或者为其他类型的通信消息(比如建立短消息通信等等)。The communication establishment message is, for example, a message for establishing a call, or another type of communication message (for example, establishing a short message communication, etc.).
上述实施例中,能够及时监听到非法通信,并及时终止通信,解决了恶意应用通过Android操作系统的VoLTE安全漏洞对用户进行攻击,给用户造成巨大损失的问题,极大地提升了用户体验。In the above embodiment, illegal communication can be monitored in a timely manner, and communication can be terminated in a timely manner, which solves the problem that malicious applications attack users through the VoLTE security vulnerability of the Android operating system, causing huge losses to users, and greatly improving the user experience.
其中,终止通信条件可以根据需要设定,在一实施例中,所述当前满足终止通信条件包括以下至少之一:The termination communication conditions may be set according to requirements. In an embodiment, the currently satisfying termination communication conditions include at least one of the following:
发送所述SIP报文的应用为非授权应用;The application sending the SIP message is an unauthorized application;
在所述终端发送所述SIP报文前未检测到用户通过发送所述SIP报文的应用输入的建立通信指令;即应用在用户未发起通信的时候私自发起通信,一般为非法通信,损害终端安全,需要终止;Before the terminal sends the SIP message, no communication establishment instruction entered by the user through the application sending the SIP message is detected; that is, the application initiates communication without permission when the user does not initiate communication, which is generally illegal communication and damages the terminal. Safe and need to be terminated;
发送所述SIP报文的应用当前为后台应用。由于要和用户交互,发起通信的应用一般当前为前台应用,因此,本实施例中,将仅在后台运行的应用(不和用户交互)发起的通信判定为非法通信,需要终止。The application sending the SIP message is currently a background application. Since the application that initiates the communication is generally a foreground application, to interact with the user, in this embodiment, the communication initiated by the application running only in the background (without interacting with the user) is determined to be illegal communication and needs to be terminated.
在一实施例中,所述非授权应用包括以下至少之一:不具备通信权限的应用(比如不具备Android.Permission.CALL_PHONE权限),未记录在设置为记录允许通信的应用的第一列表中的应用、记录在设置为记录禁止进行通信的应用的第二列表中的应用。其中,第一列表和第二列表中的应用可以预先配置,也可以由用户进行配置。比如,可以直接获取应用的权限,查看应用是否具备Android.Permission.CALL_PHONE权限,如果不具备,则该应用为非授权应用,又比如,查看应用是否记录在第一列表,如果不在,则为非授权应用,又比如,查看应用是否记录在第二列表,如果在,则为非授权应用。可以根据应用标识(应用索引号)或应用名称查看第一列表和第二列表。第一列表和第二列表可以仅存其一,也可以都存在。In an embodiment, the unauthorized applications include at least one of the following: applications that do not have communication permissions (such as Android.Permission.CALL_PHONE permission) are not recorded in the first list that is set to record applications that allow communication Applications that are recorded in a second list that is set to record applications that are prohibited from communicating. The applications in the first list and the second list may be pre-configured or configured by a user. For example, you can directly obtain the permissions of the application and check whether the application has the Android.Permission.CALL_PHONE permission. If it does not, the application is an unauthorized application. For example, check whether the application is recorded in the first list. Authorized applications, for example, check whether the applications are recorded in the second list, and if they are, they are unauthorized applications. The first list and the second list can be viewed according to the application identification (application index number) or the application name. Only the first list and the second list may exist, or they may both exist.
在一实施例中,所述监听终端发送的SIP报文包括:监听终端发送给P-CSCF的SIP报文。由于SIP报文通常是发给SIP服务器,而发给SIP服务器的报文需要经过P-CSCF,因此,可以监听发送给P-CSCF的报文。需要说明的是,也可以直接监听终端发送的报文,根据报文格式判断是否为SIP报文。比如,如果两个终端直接建立通信(不通过SIP服务器),此时,直接监听终端发送的SIP报文。In an embodiment, the SIP message sent by the monitoring terminal includes: a SIP message sent by the monitoring terminal to the P-CSCF. Because the SIP message is usually sent to the SIP server, and the message sent to the SIP server needs to pass through the P-CSCF, the message sent to the P-CSCF can be monitored. It should be noted that it is also possible to directly monitor the message sent by the terminal and determine whether it is a SIP message according to the message format. For example, if two terminals establish communication directly (not through a SIP server), at this time, directly monitor SIP packets sent by the terminals.
在一实施例中,所述SIP报文为建立通信的消息包括:所述SIP报文为INVITE(邀请)消息。由于VoLTE使用INVITE消息建立双方或多方的通话,因此,可以通过判断报文是否为INVITE消息判断SIP报文是否为建立通信的消息。需要说明的是,如果建立通话的消息改变,相应的,通过判断SIP报文是否为改变后的消息判断SIP报文是否为建立通话的消 息。In an embodiment, the message that the SIP message is to establish communication includes that the SIP message is an INVITE message. Since VoLTE uses INVITE messages to establish a call between two or more parties, it is possible to determine whether a SIP message is a message to establish communication by determining whether the message is an INVITE message. It should be noted that if the message for establishing a call changes, correspondingly, it is determined whether the SIP message is a message for establishing a call by judging whether the SIP message is a changed message.
在一实施例中,所述发送该SIP报文的应用根据如下方式确定:In an embodiment, the application that sends the SIP packet is determined according to the following manner:
获取所述SIP报文的目的地址信息和源地址信息,根据所述SIP报文的目的地址信息和源地址信息获得对应的套接字(socket)连接,创建该socket连接的应用即为发送该SIP报文的应用。其中,终端创建socket连接时,系统存储了socket连接与应用的对应关系,可以通过查询该信息获得socket连接对应的应用。在一实施例中,目的地址信息包括目的地址及端口号,源地址信息包括源地址和端口号。其中,目的地址信息比如为P-CSCF的地址信息,源地址信息为终端自身的地址信息。Obtain the destination address information and source address information of the SIP packet, and obtain a corresponding socket connection according to the destination address information and source address information of the SIP packet, and the application creating the socket connection is to send the Application of SIP packets. When the terminal creates a socket connection, the system stores the correspondence between the socket connection and the application, and the application corresponding to the socket connection can be obtained by querying this information. In an embodiment, the destination address information includes a destination address and a port number, and the source address information includes a source address and a port number. The destination address information is, for example, the P-CSCF address information, and the source address information is the terminal's own address information.
在另一实施例中,所述发送该SIP报文的应用根据如下方式确定:In another embodiment, the application that sends the SIP packet is determined according to the following manner:
确定调用发送SIP报文接口的应用,该应用即为发送SIP报文的应用。Determine the application that calls the interface that sends SIP packets. This application is the application that sends SIP packets.
在一实施例中,获取所述SIP报文的目的地址信息和源地址信息前,还包括:对所述SIP报文进行解密。基于安全考虑,很多移动网络运营商采用了IPSec(IP Security,IP安全协议)加密算法来保护SIP报文。IPSec算法通过ESP(Encapsulating Security Payload,封装安全载荷协议)对SIP报文进行加密,因此,需要对SIP报文进行解密才能获得其中携带的信息。在对SIP报文解密后,即可获得SIP报文的目的地址信息、源地址信息。In an embodiment, before obtaining the destination address information and the source address information of the SIP message, the method further includes: decrypting the SIP message. Based on security considerations, many mobile network operators use IPSec (IP Security) encryption algorithms to protect SIP messages. The IPSec algorithm encrypts SIP packets through ESP (Encapsulating Security Payload, Encapsulating Security Payload). Therefore, the SIP packets need to be decrypted to obtain the information carried in them. After the SIP packet is decrypted, the destination address information and source address information of the SIP packet can be obtained.
在一实施例中,步骤102中停止建立通信比如为:给SIP服务器发送BYE消息,结束本次VoLTE会话。如果SIP报文尚未发送,则步骤102中停止建立通信比如为:不发送该SIP报文。In an embodiment, the step of stopping establishing communication in step 102 is, for example, sending a BYE message to the SIP server to end the current VoLTE session. If the SIP message has not been sent, the step of stopping establishing communication in step 102 is, for example, not sending the SIP message.
在一实施例中,当所述SIP报文为建立通信的消息且当前满足终止通信条件时,还包括以下至少之一:In an embodiment, when the SIP packet is a message for establishing communication and currently meets the conditions for terminating communication, it further includes at least one of the following:
将发送该SIP报文的应用加入用于记录禁止进行通信的应用的第二列表;Adding the application that sends the SIP message to a second list for recording applications that are prohibited from communicating;
关闭发送该SIP报文的应用的Android.Permission.INTERNET(互联网)权限;Close the Android.Permission.INTERNET (Internet) permission of the application sending the SIP message;
卸载或删除发送该SIP报文的应用;Uninstall or delete the application that sent the SIP message;
显示提示信息。其中,所述提示信息比如为:您的终端正遭受恶意应用攻击,已进行xxx(比如,卸载)处理,此处仅为示例,可以根据需要设置提示信息。A message is displayed. The prompt information is, for example, that your terminal is being attacked by a malicious application and has undergone xxx (for example, uninstallation) processing. This is only an example, and the prompt information can be set as required.
需要说明的是,上述处理仅为示例,可以根据需要进行其他处理。It should be noted that the above processing is only an example, and other processing may be performed as needed.
图3为本公开另一实施例提供的提高终端安全性方法的流程图,如图3所示,包括:FIG. 3 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 3, the method includes:
步骤301,监听终端发送的SIP报文;Step 301: Monitor the SIP message sent by the terminal.
步骤302,当所述SIP报文为建立通信的消息且当前满足终止通信条件时,提示用户是否停止建立通信;比如,弹出提示界面,提供继续建立通信和停止建立通信的功能选项,以便于根据用户的选择,进行后续操作。Step 302: When the SIP message is a message for establishing communication and the termination of communication conditions is currently met, prompt the user whether to stop establishing communication; for example, a prompt interface pops up and provides the function options of continuing to establish communication and stopping establishing communication, so as to facilitate User's selection for subsequent operations.
步骤303,在接收到用户停止建立通信指令后,停止建立通信。Step 303: After receiving the user's instruction to stop establishing communication, stop establishing communication.
在本实施例中,用户选择停止建立通信的选项,则停止建立通信。在另一实施例中,如果用户选择继续建立通信的选项,则继续建立通信。In this embodiment, when the user selects the option to stop establishing communication, the establishment of communication is stopped. In another embodiment, if the user selects the option to continue establishing communication, the communication continues to be established.
图4为本公开另一实施例提供的提高终端安全性方法的流程图,如图4所示,包括:FIG. 4 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 4, the method includes:
步骤401,监听终端发送的SIP报文;Step 401: Monitor a SIP message sent by a terminal;
步骤402,当所述SIP报文为建立通信的消息时,获取发送所述SIP报文的应用;Step 402: when the SIP message is a message for establishing communication, obtain an application for sending the SIP message;
其中,获取发送所述SIP报文的应用一种方式为:获取所述SIP报文的目的地址信息和源地址信息,根据所述SIP报文的目的地址信息和源地址信息获得对应的套接字(socket)连接,创建该socket连接的应用即为发送该SIP报文的应用。An application for obtaining and sending the SIP message is: obtaining destination address information and source address information of the SIP message, and obtaining a corresponding socket according to the destination address information and source address information of the SIP message. Word (socket) connection, the application that creates the socket connection is the application that sends the SIP message.
步骤403,当发送所述SIP报文的应用为非授权应用或后台应用时,停止建立通信。Step 403: When the application sending the SIP message is an unauthorized application or a background application, stop establishing communication.
图5为本公开另一实施例提供的提高终端安全性方法的流程图,如图 4所示,包括:FIG. 5 is a flowchart of a method for improving terminal security according to another embodiment of the present disclosure. As shown in FIG. 4, the method includes:
步骤501,监听终端发送的SIP报文;Step 501: Listen for a SIP message sent by a terminal;
步骤502,当所述SIP报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。Step 502: When the SIP message is a message for establishing communication and the termination condition for communication is currently met, stop establishing communication.
步骤503,执行下述至少之一:Step 503: Perform at least one of the following:
将发送该SIP报文的应用加入用于记录禁止进行通信的应用的第二列表;Adding the application that sends the SIP message to a second list for recording applications that are prohibited from communicating;
关闭发送该SIP报文的应用的互联网权限;Disable the Internet permission of the application sending the SIP packet;
卸载或删除发送该SIP报文的应用;Uninstall or delete the application that sent the SIP message;
显示提示信息。A message is displayed.
需要说明的是,步骤503中的上述处理仅为示例,可以根据需要进行其他处理。It should be noted that the above processing in step 503 is only an example, and other processing may be performed as needed.
下面以VoLTE为例,进一步说明本申请。The following uses VoLTE as an example to further explain this application.
如图6所示,本公开一实施例提供了一种提高VoLTE安全性的方法,包括:As shown in FIG. 6, an embodiment of the present disclosure provides a method for improving VoLTE security, including:
步骤601:监听到终端向SIP服务器发送了SIP报文;Step 601: It is monitored that the terminal sends a SIP message to the SIP server;
VoLTE终端给SIP服务器的任何SIP消息,都必须经过P-CSCF网元。因此,实际监听到的是,终端向P-CSCF网元发送了SIP报文。Any SIP message sent from the VoLTE terminal to the SIP server must pass through the P-CSCF network element. Therefore, what is actually monitored is that the terminal sends a SIP message to the P-CSCF network element.
终端在VoLTE注册阶段,从网络侧获得P-CSCF网元的IP地址。During the VoLTE registration phase, the terminal obtains the IP address of the P-CSCF network element from the network side.
步骤602:对所述SIP报文进行解密。Step 602: Decrypt the SIP message.
基于安全考虑,很多移动网络运营商采用了IPSec加密算法来保护SIP报文。IPSec算法通过ESP协议对SIP报文进行加密。因此,需要对SIP报文进行解密来获取SIP报文中的信息。For security reasons, many mobile network operators use IPSec encryption algorithms to protect SIP packets. The IPSec algorithm encrypts SIP packets through the ESP protocol. Therefore, the SIP message needs to be decrypted to obtain the information in the SIP message.
其中,从ESP SA中获得密钥(Ck、Ik)和密码算法,对SIP报文进 行解密。Among them, the key (Ck, Ik) and cryptographic algorithm are obtained from the ESP, and the SIP message is decrypted.
解密后,得到明文显示的SIP报文,及该SIP报文的源端口及目的端口。After decryption, the SIP packet displayed in plain text, and the source port and destination port of the SIP packet are obtained.
需要说明的是,如果SIP报文未进行加密,则无需进行解密,此步骤可省略。It should be noted that if the SIP packet is not encrypted, no decryption is required, and this step can be omitted.
步骤603:对解密后的SIP报文进行识别,判断该SIP报文是否为INVITE消息,若是,则继续执行步骤604;否则,结束。Step 603: Identify the decrypted SIP message, determine whether the SIP message is an INVITE message, and if yes, proceed to step 604; otherwise, end.
解密后的SIP报文已明文显示,一种判断SIP报文是否为INVITE消息的方法为:检查该SIP报文头部是否为“INVITE”且包含主、被叫号码,如果是,则该SIP报文为INVITE消息。The decrypted SIP message has been clearly displayed. One method to determine whether the SIP message is an INVITE message is to check whether the header of the SIP message is "INVITE" and contains the calling and called numbers. If so, the SIP The message is an INVITE message.
步骤604:获取发送该SIP报文的应用。Step 604: Obtain an application that sends the SIP message.
具体地,先通过该SIP报文的目的地址及端口号(SIP服务器)、源地址及端口号,获得对应的Socket连接,进而查到创建该Socket连接的应用信息。可以获得该应用的PID(Program ID,应用标识)及Program Name(应用名称)。调用发送SIP接口的Specifically, the corresponding socket connection is obtained through the destination address and port number (SIP server), source address, and port number of the SIP packet, and then the application information for creating the socket connection is found. The PID (Program ID) and Program Name (Application Name) of the application can be obtained. Call the send SIP interface
步骤605:判断该应用是否为非授权应用,若是,则继续执行步骤606;若否,结束。Step 605: Determine whether the application is an unauthorized application, and if yes, proceed to step 606; if not, end.
具体地,检查该应用是否具有Android.Permission.CALL_PHONE权限。若否,则判断该应用为非授权应用。Specifically, check whether the application has Android.Permission.CALL_PHONE permission. If not, it is determined that the application is an unauthorized application.
在一实施例中,根据应用名称进行判断,如果不是Android系统的拨号应用com.android.dialer或第一列表(又称白名单)中的应用,则判断为非授权应用。In one embodiment, the judgment is made according to the application name. If it is not the dialing application com.android.dialer of the Android system or the application in the first list (also known as the white list), it is determined as an unauthorized application.
步骤606:停止建立通话。Step 606: Stop establishing a call.
比如,给SIP服务器发送BYE消息,结束本次VoLTE会话。For example, send a BYE message to the SIP server to end this VoLTE session.
其中,步骤606中,还可执行以下至少之一:In step 606, at least one of the following may be performed:
将该应用列入黑名单(即第二列表)。Blacklist the application (ie, the second list).
关闭该应用的Android.Permission.INTERNET权限。Turn off the Android.Permission.INTERNET permission for the app.
删除或卸载该应用。Remove or uninstall the app.
提醒用户遭到恶意应用攻击。比如给用户显示如下提示信息:您的终端正遭受恶意应用攻击,已进行卸载处理。Alert users to malicious application attacks. For example, the following message is displayed to the user: Your terminal is under attack by a malicious application and has been uninstalled.
相比相关技术中,使用SIP技术实现通话时,恶意应用可以在没有取得相应通信权限的情况下启动通信,此时,通信不会在屏幕上显示,该安全漏洞危害极大,可能给用户造成巨大损失:1)恶意应用让终端不断向指定号码拨打电话,导致用户无法正常接收到来电。2)恶意应用让终端拨打昂贵的视频电话或收费电话,导致用户遭受经济损失。3)导致用户被非法监听。本实施例提供的方案能及时检测到非法通话,终止非法通话,避免了终端处于持续拨打电话的状态,避免拨打收费电话导致经济损失,避免用户被监听。Compared with related technologies, when using SIP technology to implement a call, a malicious application can start communication without obtaining the corresponding communication permission. At this time, the communication will not be displayed on the screen. This security vulnerability is extremely harmful and may cause users Huge losses: 1) Malicious applications allow the terminal to constantly make calls to the specified number, resulting in users not receiving incoming calls normally. 2) Malicious applications allow terminals to make expensive video calls or pay calls, causing users to suffer financial losses. 3) The user is illegally monitored. The solution provided by this embodiment can detect an illegal call in time and terminate the illegal call, avoiding the terminal in a state of continuously making calls, avoiding economic losses caused by dialing toll calls, and preventing users from being monitored.
如图7所示,本公开一实施例提供一种提高终端安全性的装置70,包括存储器710和处理器720,所述存储器710存储有程序,所述程序在被所述处理器720读取执行时,实现任一实施例所述的提高终端安全性的方法。具体的,在一实施例中,所述程序在被所述处理器720读取执行时,实现如下步骤:As shown in FIG. 7, an embodiment of the present disclosure provides a device 70 for improving terminal security, which includes a memory 710 and a processor 720. The memory 710 stores a program, and the program is read by the processor 720. When executed, the method for improving terminal security according to any of the embodiments is implemented. Specifically, in an embodiment, when the program is read and executed by the processor 720, the following steps are implemented:
监听终端发送的会话初始协议报文,当所述会话初始协议报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。The session initiation protocol message sent by the terminal is monitored, and when the session initiation protocol message is a message for establishing communication and the termination communication condition is currently met, the establishment of communication is stopped.
在一实施例中,所述当前满足终止通信条件包括以下至少之一:In an embodiment, the currently satisfied termination communication conditions include at least one of the following:
发送所述会话初始协议报文的应用为非授权应用;The application sending the session initiation protocol message is an unauthorized application;
在所述终端发送所述会话初始协议报文前未检测到用户通过发送所述会话初始协议报文的应用输入的建立通信指令;Before the terminal sends the session initiation protocol message, no communication establishment instruction input by a user through an application that sends the session initiation protocol message is detected;
发送所述会话初始协议报文的应用当前为后台应用。The application that sends the session initiation protocol message is currently a background application.
在一实施例中,所述非授权应用包括以下至少之一:不具备通信权限的应用,未记录在用于记录允许通信的应用的第一列表中的应用、记录在 用于记录禁止进行通信的应用的第二列表中的应用。In an embodiment, the unauthorized application includes at least one of the following: an application that does not have communication permission, an application that is not recorded in the first list for recording applications permitted to communicate, and an application that is recorded for recording prohibited communication Apps in the second list of apps.
在一实施例中,所述监听终端发送的会话初始协议报文包括:监听终端发送给代理呼叫会话控制功能的会话初始协议报文。In an embodiment, the session initiation protocol message sent by the monitoring terminal includes: a session initiation protocol message sent by the monitoring terminal to the proxy call session control function.
在一实施例中,所述停止建立通信包括:In an embodiment, the stopping establishing communication includes:
提示用户是否停止建立通信,在接收到停止建立通信的指令后,停止建立通信。Prompt the user to stop establishing communication, and stop receiving communication after receiving the instruction to stop establishing communication.
在一实施例中,所述程序在被所述处理器720读取执行时,还实现如下步骤:根据如下方式确定发送所述会话初始协议报文的应用:获取所述会话初始协议报文的目的地址信息和源地址信息,根据所述会话初始协议报文的目的地址信息和源地址信息获得对应的套接字连接,创建该套接字连接的应用即为发送该会话初始协议报文的应用。In an embodiment, when the program is read and executed by the processor 720, it further implements the following steps: determining an application for sending the session initiation protocol message according to the following method: obtaining the session initiation protocol message Destination address information and source address information. The corresponding socket connection is obtained according to the destination address information and source address information of the session initiation protocol message. The application that creates the socket connection is the one that sends the session initiation protocol message. application.
在一实施例中,获取所述会话初始协议报文的目的地址信息和源地址信息前,还包括:对所述会话初始协议报文进行解密。In an embodiment, before obtaining the destination address information and the source address information of the session initiation protocol message, the method further includes: decrypting the session initiation protocol message.
在一实施例中,在一实施例中,所述程序在被所述处理器720读取执行时,还实现如下步骤:In an embodiment, in an embodiment, when the program is read and executed by the processor 720, the following steps are further implemented:
当所述会话初始协议报文为建立通信的消息且当前不满足建立通信条件时,执行以下至少之一:When the session initiation protocol message is a communication establishment message and currently does not meet the communication establishment conditions, at least one of the following is performed:
将发送该会话初始协议报文的应用加入用于记录禁止进行通信的应用的第二列表;Adding an application that sends the session initiation protocol message to a second list for recording applications that are prohibited from communicating;
关闭发送该会话初始协议报文的应用的互联网权限;Turn off the Internet permission of the application sending the session initial protocol message;
卸载或删除发送该会话初始协议报文的应用;Uninstall or delete the application sending the initial protocol message of the session;
显示提示信息。A message is displayed.
本公开一实施例还提供一种包括上述提高终端安全性的装置70的终端。An embodiment of the present disclosure further provides a terminal including the device 70 for improving terminal security.
如图8所示,本公开一实施例提供一种计算机可读存储介质80,所述计算机可读存储介质80存储有一个或者多个程序81,所述一个或者多个 程序81可被一个或者多个处理器执行,以实现任一实施例所述的提高终端安全性的方法。As shown in FIG. 8, an embodiment of the present disclosure provides a computer-readable storage medium 80. The computer-readable storage medium 80 stores one or more programs 81. The one or more programs 81 may be stored in one or more programs 81. A plurality of processors execute to implement the method for improving terminal security according to any embodiment.
如图9所示,本公开一实施例提供一种提高终端安全性的装置,包括监听模块901、解析模块902、判决模块903和执行模块904,其中:As shown in FIG. 9, an embodiment of the present disclosure provides a device for improving terminal security, including a monitoring module 901, an analysis module 902, a decision module 903, and an execution module 904, where:
所述监听模块901设置为,监听到所述终端发送SIP报文时,通知所述解析模块902;The monitoring module 901 is configured to notify the parsing module 902 when monitoring the SIP packet sent by the terminal;
所述解析模块902设置为,接收到所述监听模块901的通知后,判断所述SIP报文是否为建立通信的消息,当所述SIP报文为建立通信的消息时,通知所述判决模块903;The parsing module 902 is configured to, after receiving the notification from the monitoring module 901, determine whether the SIP message is a message for establishing communication, and notify the judgment module when the SIP message is a message for establishing communication. 903;
所述判决模块903设置为,接收到所述解析模块902通知后,判断当前满足终止通信条件时,通知所述执行模块904;The judging module 903 is configured to notify the execution module 904 when receiving the notification of the parsing module 902 and determining that the communication termination condition is currently met;
所述执行模块904设置为,接收到所述判决模块903的通知后,停止建立通信。The execution module 904 is configured to stop establishing communication after receiving the notification from the decision module 903.
在一实施例中,所述当前满足终止通信条件包括以下至少之一:In an embodiment, the currently satisfied termination communication conditions include at least one of the following:
发送所述SIP报文的应用为非授权应用;The application sending the SIP message is an unauthorized application;
在所述终端发送所述SIP报文前未检测到用户通过发送所述SIP报文的应用输入的建立通信指令;Before the terminal sends the SIP message, no communication establishment instruction input by a user through an application sending the SIP message is detected;
发送所述SIP报文的应用当前为后台应用。The application sending the SIP message is currently a background application.
其中,所述非授权应用包括以下至少之一:不具备通信权限的应用,未记录在用于记录允许通信的应用的第一列表中的应用、记录在用于记录禁止进行通信的应用的第二列表中的应用。The unauthorized applications include at least one of the following: applications that do not have communication rights, applications that are not recorded in the first list for recording applications that are allowed to communicate, and applications that are not recorded in the first list for applications that are not allowed to communicate. Applications in the second list.
在一实施例中,所述监听模块901监听到所述终端发送SIP报文为:所述监听模块901设置为,监听到所述终端发送SIP报文给P-CSCF。In one embodiment, the interception module 901 monitors the terminal to send a SIP message as follows: the interception module 901 is configured to monitor the terminal to send a SIP message to the P-CSCF.
在一实施例中,所述执行模块904停止建立通信包括:所述执行模块904提示用户是否停止建立通信,在接收到停止建立通信的指令后,停止建立通信。In an embodiment, the execution module 904 stopping establishing communication includes: the executing module 904 prompts the user whether to stop establishing communication, and stops receiving communication after receiving an instruction to stop establishing communication.
在一实施例中,所述执行模块904还设置为执行以下至少之一:In an embodiment, the execution module 904 is further configured to execute at least one of the following:
将发送该SIP报文的应用加入用于记录禁止进行通信的应用的第二列表;Adding the application that sends the SIP message to a second list for recording applications that are prohibited from communicating;
关闭发送该SIP报文的应用的Android.Permission.INTERNET权限;Close the Android.Permission.INTERNET permission of the application sending the SIP message;
卸载或删除发送该SIP报文的应用;Uninstall or delete the application that sent the SIP message;
显示提示信息。A message is displayed.
在一实施例中,所述解析模块902包括解码单元9021和解析单元9022,其中:In an embodiment, the parsing module 902 includes a decoding unit 9021 and a parsing unit 9022, where:
所述解码单元9021设置为,接收到所述监听模块301的通知后,对所述SIP报文进行解密获得解密后的SIP报文;The decoding unit 9021 is configured to, after receiving the notification from the monitoring module 301, decrypt the SIP message to obtain a decrypted SIP message;
所述解析单元9022设置为,根据所述解密后的SIP报文判断所述SIP报文是否为建立通信的消息,当所述SIP报文为建立通信的消息时,通知所述判决模块903。The parsing unit 9022 is configured to determine, according to the decrypted SIP message, whether the SIP message is a message for establishing communication, and when the SIP message is a message for establishing communication, notify the judgment module 903.
其他实现细节请参考方法实施例,此处不再赘述。For other implementation details, please refer to the method embodiments, which will not be repeated here.
在一实施例中,所述判决模块903包括应用信息获取单元9031和判断单元9032,其中:In an embodiment, the determination module 903 includes an application information acquisition unit 9031 and a determination unit 9032, where:
所述应用信息获取单元9031设置为,接收到所述解析模块902通知后,获取发送所述SIP报文的应用;The application information obtaining unit 9031 is configured to, after receiving the notification from the parsing module 902, obtain an application that sends the SIP packet;
所述判决单元9032设置为,判断当前是否满足终止通信条件,判断当前满足终止通信条件时,通知所述执行模块904;The judging unit 9032 is configured to determine whether the communication termination conditions are currently met, and notify the execution module 904 when it is determined that the communication termination conditions are currently met.
在一实施例中,所述应用信息获取单元9031获取发送所述SIP报文的应用包括:In an embodiment, the application information obtaining unit 9031 obtains an application that sends the SIP packet includes:
获取所述SIP报文的目的地址信息和源地址信息,根据所述SIP报文的目的地址信息和源地址信息获得对应的套接字连接,创建该套接字连接的应用即为发送该SIP报文的应用。Obtain the destination address information and source address information of the SIP message, and obtain a corresponding socket connection according to the destination address information and source address information of the SIP message, and the application that creates the socket connection is to send the SIP Application of messages.
本文以VoLTE为例,但本申请可应用于包括但不限于VoLTE、VoWiFi (Voice over WiFi,基于WiFi的语音)、RCS(Rich Communication Suite,融合通信)、Vo5G(VoNR,Voice over New Radio,基于5G的语音解决方案)等VoIMS(Voice over IMS,基于IP多媒体子系统的语音解决方案)场景中。This article uses VoLTE as an example, but this application can be applied to include, but is not limited to, VoLTE, VoWiFi (Voice Over WiFi, Voice over Wi-Fi), RCS (Rich Communication Communications Suite), Vo5G (VoNR, Voice Overover New Radio, 5G voice solutions) and other VoIMS (Voice over IMS, voice solutions based on IP multimedia subsystem) scenarios.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some of the steps, systems, and functional modules / units in the devices disclosed in the methods above can be implemented as software, firmware, hardware, and appropriate combinations thereof. In a hardware implementation, the division between functional modules / units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components execute cooperatively. Some or all components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is known to those of ordinary skill in the art, the term computer storage medium includes volatile and non-volatile implemented in any method or technology used to store information such as computer-readable instructions, data structures, program modules or other data. Removable, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer. In addition, it is well known to those of ordinary skill in the art that a communication medium typically contains computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transmission mechanism, and may include any information delivery medium .
工业实用性Industrial applicability
本公开至少一实施例中,监听终端发送的会话初始协议报文,当所述会话初始协议报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。本实施例提供的方案,能及时监测到非法通信操作,切断通信, 避免用户被监听、被动拨打收费电话等,提升了用户体验。In at least one embodiment of the present disclosure, a session initiation protocol message sent by a terminal is monitored, and when the session initiation protocol message is a message for establishing a communication and a condition for terminating communication is currently met, the establishment of communication is stopped. The solution provided by this embodiment can timely detect illegal communication operations, cut off communication, prevent users from being monitored, and passively dial toll calls, which improves the user experience.

Claims (11)

  1. 一种提高终端安全性的方法,包括:A method for improving terminal security includes:
    监听终端发送的会话初始协议报文,当所述会话初始协议报文为建立通信的消息且当前满足终止通信条件时,停止建立通信。The session initiation protocol message sent by the terminal is monitored, and when the session initiation protocol message is a message for establishing communication and the termination communication condition is currently met, the establishment of communication is stopped.
  2. 根据权利要求1所述的提高终端安全性的方法,其中,所述当前满足终止通信条件包括以下至少之一:The method for improving terminal security according to claim 1, wherein the currently satisfying termination communication conditions include at least one of the following:
    发送所述会话初始协议报文的应用为非授权应用;The application sending the session initiation protocol message is an unauthorized application;
    在所述终端发送所述会话初始协议报文前未检测到用户通过发送所述会话初始协议报文的应用输入的建立通信指令;Before the terminal sends the session initiation protocol message, no communication establishment instruction input by a user through an application that sends the session initiation protocol message is detected;
    发送所述会话初始协议报文的应用当前为后台应用。The application that sends the session initiation protocol message is currently a background application.
  3. 根据权利要求2所述的提高终端安全性的方法,其中,The method for improving terminal security according to claim 2, wherein:
    所述非授权应用包括以下至少之一:不具备通信权限的应用,未记录在设置为记录允许通信的应用的第一列表中的应用、记录在设置为记录禁止进行通信的应用的第二列表中的应用。The unauthorized applications include at least one of the following: applications that do not have communication permissions, applications that are not recorded in the first list set to record applications that allow communication, and applications that are not recorded in the second list set to record applications that are prohibited from communication Application.
  4. 根据权利要求1所述的提高终端安全性的方法,其中,所述监听终端发送的会话初始协议报文包括:监听终端发送给代理呼叫会话控制功能的会话初始协议报文。The method for improving terminal security according to claim 1, wherein the session initiation protocol message sent by the monitoring terminal comprises: a session initiation protocol message sent by the monitoring terminal to a proxy call session control function.
  5. 根据权利要求1所述的提高终端安全性的方法,其中,所述停止建立通信包括:The method for improving terminal security according to claim 1, wherein the stopping establishing communication comprises:
    提示用户是否停止建立通信,在接收到停止建立通信的指令后,停止建立通信。Prompt the user to stop establishing communication, and stop receiving communication after receiving the instruction to stop establishing communication.
  6. 根据权利要求2所述的提高终端安全性的方法,其中,所述发送该会话初始协议报文的应用根据如下方式确定:The method for improving terminal security according to claim 2, wherein the application for sending the session initiation protocol message is determined according to the following manner:
    获取所述会话初始协议报文的目的地址信息和源地址信息,根据所述会话初始协议报文的目的地址信息和源地址信息获得对应的套接字连接,创建该套接字连接的应用即为发送该会话初始协议报文的应用。Obtain the destination address information and source address information of the session initiation protocol message, obtain a corresponding socket connection according to the destination address information and source address information of the session initiation protocol message, and an application that creates the socket connection An application that sends an initial protocol message for the session.
  7. 根据权利要求6所述的提高终端安全性的方法,其中,获取所述会 话初始协议报文的目的地址信息和源地址信息前,还包括:对所述会话初始协议报文进行解密。The method for improving terminal security according to claim 6, wherein before acquiring the destination address information and the source address information of the session initial protocol message, further comprising: decrypting the session initial protocol message.
  8. 根据权利要求1至7任一所述的提高终端安全性的方法,其中,当所述会话初始协议报文为建立通信的消息且当前不满足建立通信条件时,还执行以下至少之一:The method for improving terminal security according to any one of claims 1 to 7, wherein when the session initiation protocol message is a message for establishing communication and currently does not satisfy the conditions for establishing communication, at least one of the following is performed:
    将发送该会话初始协议报文的应用加入设置为记录禁止进行通信的应用的第二列表;Adding an application that sends the session initial protocol message to a second list that is set to record applications that are prohibited from communicating;
    关闭发送该会话初始协议报文的应用的互联网权限;Turn off the Internet permission of the application sending the session initial protocol message;
    卸载或删除发送该会话初始协议报文的应用;Uninstall or delete the application sending the initial protocol message of the session;
    显示提示信息。A message is displayed.
  9. 根据权利要求1至7任一所述的提高终端安全性的方法,其中,所述建立通信的消息为建立通信的消息。The method for improving terminal security according to any one of claims 1 to 7, wherein the communication establishment message is a communication establishment message.
  10. 一种提高终端安全性的装置,包括存储器和处理器,所述存储器存储有程序,所述程序在被所述处理器读取执行时,实现如权利要求1至8任一所述的提高终端安全性的方法。An apparatus for improving terminal security includes a memory and a processor. The memory stores a program. When the program is read and executed by the processor, the terminal improves the terminal according to any one of claims 1 to 8. Security approach.
  11. 一种计算机可读存储介质,所述计算机可读存储介质存储有一个或者多个程序,所述一个或者多个程序可被一个或者多个处理器执行,以实现如权利要求1至8任一所述的提高终端安全性的方法。A computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement any one of claims 1 to 8. The method for improving terminal security.
PCT/CN2019/103956 2018-09-19 2019-09-02 Method and apparatus for improving security of terminal, and computer-readable storage medium WO2020057360A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811092924.3A CN110933013A (en) 2018-09-19 2018-09-19 Method and device for improving terminal security and computer readable storage medium
CN201811092924.3 2018-09-19

Publications (1)

Publication Number Publication Date
WO2020057360A1 true WO2020057360A1 (en) 2020-03-26

Family

ID=69855168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103956 WO2020057360A1 (en) 2018-09-19 2019-09-02 Method and apparatus for improving security of terminal, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN110933013A (en)
WO (1) WO2020057360A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992632A (en) * 2020-07-09 2022-01-28 华为技术有限公司 Method and device for managing application

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080109853A1 (en) * 2006-11-07 2008-05-08 Telefonaktiebolaget Lm Ericsson (Publ) Media channel management
CN101902371A (en) * 2010-07-26 2010-12-01 华为技术有限公司 Security control method, signature key sending method, terminal, server and system
CN102244858A (en) * 2011-08-01 2011-11-16 王冬梅 Method for mobile terminal to possess communication function of locking and unlocking, and mobile terminal thereof
CN104767709A (en) * 2014-01-02 2015-07-08 中国移动通信集团北京有限公司 Method and device for blocking IMS (IP Multimedia Subsystem) business exception call

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100413376C (en) * 2005-08-15 2008-08-20 华为技术有限公司 Method and terminal for increasing communication safety of net generation network terminal
CN101784054A (en) * 2009-01-20 2010-07-21 华为终端有限公司 Method for preventing rogue software of mobile phone, terminal, server and system thereof
CN102355519A (en) * 2011-06-30 2012-02-15 北京邮电大学 Malicious call dialing prevention method for mobile intelligent terminal and system thereof
CN102857613B (en) * 2012-07-18 2017-01-25 宇龙计算机通信科技(深圳)有限公司 Malicious dialing prevention method and communication terminal thereof
GB2515326A (en) * 2013-06-20 2014-12-24 F Secure Corp Detecting malware via outgoing radio messages
CN104268470B (en) * 2014-09-26 2018-02-13 酷派软件技术(深圳)有限公司 Method of controlling security and safety control
CN106453799B (en) * 2016-10-25 2019-06-04 郭铮铮 Manipulative communications deception recognition methods and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080109853A1 (en) * 2006-11-07 2008-05-08 Telefonaktiebolaget Lm Ericsson (Publ) Media channel management
CN101902371A (en) * 2010-07-26 2010-12-01 华为技术有限公司 Security control method, signature key sending method, terminal, server and system
CN102244858A (en) * 2011-08-01 2011-11-16 王冬梅 Method for mobile terminal to possess communication function of locking and unlocking, and mobile terminal thereof
CN104767709A (en) * 2014-01-02 2015-07-08 中国移动通信集团北京有限公司 Method and device for blocking IMS (IP Multimedia Subsystem) business exception call

Also Published As

Publication number Publication date
CN110933013A (en) 2020-03-27

Similar Documents

Publication Publication Date Title
US10516540B2 (en) Management of profiles in an embedded universal integrated circuit card (eUICC)
US11533160B2 (en) Embedded universal integrated circuit card (eUICC) profile content management
US10902110B2 (en) Use of AKA methods and procedures for authentication of subscribers without access to SIM credentials
US8798610B2 (en) Method and apparatus for bearer and server independent parental control on smartphone, managed by the smartphone
US9674219B2 (en) Authenticating public land mobile networks to mobile stations
US10057760B2 (en) Apparatus and methods for Electronic Subscriber Identity Module (ESIM) installation notification
US11063990B2 (en) Originating caller verification via insertion of an attestation parameter
KR20210116508A (en) Improved handling of unique identifiers for stations
CA2673258A1 (en) Techniques for managing security in next generation communication networks
US9154946B2 (en) Secure coupling of hardware components
CN112492580A (en) Information processing method and device, communication equipment and storage medium
US20230354013A1 (en) Secure communication method and device
US10893414B1 (en) Selective attestation of wireless communications
US10721621B2 (en) Updating policy for a video flow during transitions
US10785195B2 (en) Mobile communications over secure enterprise networks
US11288357B2 (en) Apparatus and method for authenticating caller in communication system
Beekman et al. Breaking Cell Phone Authentication: Vulnerabilities in {AKA},{IMS}, and Android
WO2020057360A1 (en) Method and apparatus for improving security of terminal, and computer-readable storage medium
WO2017197968A1 (en) Data transmission method and device
US10028141B2 (en) Method and system for determining that a SIM and a SIP client are co-located in the same mobile equipment
EP3552367B1 (en) Method and intermediate network node for managing tcp segment
EP3806517A1 (en) Loading security information with restricted access
CN105577631B (en) data transmission method and terminal
WO2015023756A1 (en) Method and apparatus for verifying a device during provisioning through caller id
US20220166751A1 (en) Phone call endpoint security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19861945

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 06/08/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 19861945

Country of ref document: EP

Kind code of ref document: A1