CN106028340A - Method and system for identifying pseudo base stations - Google Patents
Method and system for identifying pseudo base stations Download PDFInfo
- Publication number
- CN106028340A CN106028340A CN201610619116.2A CN201610619116A CN106028340A CN 106028340 A CN106028340 A CN 106028340A CN 201610619116 A CN201610619116 A CN 201610619116A CN 106028340 A CN106028340 A CN 106028340A
- Authority
- CN
- China
- Prior art keywords
- base station
- station identification
- pseudo
- subscriber equipment
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a method for identifying pseudo base stations, which is applied to user equipment. The method for identifying pseudo base stations comprises: receiving a data frame sent by a base station; performing an analysis operation on the data frame, and when a payload data section in the data frame is analyzed, invoking a pre-stored decryption key to perform a decryption operation on a base station flag bit of reserved bits of the payload data section; and when the base station flag bit cannot be successfully decrypted using the decryption key, discarding the data frame, and sending prompt information to a user of the user equipment; alternatively, when the base station flag bit can be successfully decrypted using the decryption key, reporting the analyzed data to the user of the user equipment. The present invention further provides a system for identifying pseudo base stations. The method and system provided by the present invention can effectively identify pseudo base stations.
Description
Technical field
The present invention relates to communication security technical field, particularly to discrimination method and the system of pseudo-base station.
Background technology
Currently, a lot of unprincipled fellows set up pseudo-base station and illegally collect user profile and arrange trap.Pseudo-base station is led to
Cross the base station of the operator that disguises oneself as, arbitrarily falsely use other people phone number short to user mobile phone transmission swindle, ad promotions etc. by force
Information.It is a kind of new crime that pseudo-base station is implemented to break laws and commit crime, and relates to that region is wide, social danger big, the communication of serious harm country
Safety, upsets society's public order, causes the property loss of the people.
Summary of the invention
In view of the foregoing, it is necessary to proposing a kind of pseudo-base station discrimination method, it can efficiently identify out pseudo-base station.
A kind of pseudo-base station discrimination method, is applied in subscriber equipment, and described pseudo-base station discrimination method includes:
The AES preset is utilized to add by being ready for sending to add to the payload data part in the Frame of base station
Base Station Identification position after close;
By described with the addition of encryption after the Frame of Base Station Identification position send base station to, in order to described base station is according to described
Base Station Identification position judges that the subscriber equipment sending described Frame is the most legal.
In present pre-ferred embodiments, a length of 1 byte of described Base Station Identification position, be positioned in described Frame is effective
In the reserved bit of load data part.
A kind of pseudo-base station discrimination method, is applied in base station server, and described pseudo-base station discrimination method includes:
Receive the Frame that subscriber equipment sends;
Carry out described Frame resolving operation, when the payload data part being resolved in described Frame, adjust
It is decrypted operation with the Base Station Identification position in the decruption key the prestored reserved bit to described payload data part;
When to obtain Base Station Identification position inconsistent with the legal Base Station Identification position prestored in deciphering, it is judged that described user
Equipment is illegal, abandons described Frame, and sends information to described subscriber equipment;Or
When to obtain Base Station Identification position consistent with the legal Base Station Identification position prestored in deciphering, it is judged that described user sets
Standby legal, the described data parsed are sent to core net.
A kind of pseudo-base station discrimination method, is applied in base station server, and described pseudo-base station discrimination method includes:
Utilize being ready for sending in advance to the reserved bit of the payload data part in the Frame of subscriber equipment is added
If AES encryption after Base Station Identification position;
By described with the addition of encryption after the Frame of Base Station Identification position send subscriber equipment to, in order to described subscriber equipment
Judge whether the base station sending described Frame is pseudo-base station according to described Base Station Identification position.
A kind of pseudo-base station discrimination method, is applied in subscriber equipment, and described pseudo-base station discrimination method includes:
Receive the Frame that base station sends;
Carry out described Frame resolving operation, when the payload data part being resolved in described Frame, adjust
It is decrypted operation with the Base Station Identification position in the decruption key the prestored reserved bit to described payload data part;
When utilize described decruption key can not to described Base Station Identification position successful decryption time, it is judged that described base station is pseudo-base
Stand, abandon described Frame, and send the information user to described subscriber equipment;Or
When utilize described decruption key can to described Base Station Identification position successful decryption time, it is judged that described base station is not pseudo-base
Stand, the data parsed are offered the user of described subscriber equipment.
In view of the foregoing, there is a need to propose a kind of pseudo-base station identification system, it can efficiently identify out pseudo-base station.
A kind of pseudo-base station identification system, is applied in subscriber equipment, and described pseudo-base station identification system includes:
Data transmission blocks, for utilizing being ready for sending to add to the payload data part in the Frame of base station
Base Station Identification position after the AES encryption preset, and the described Frame that with the addition of the Base Station Identification position after encryption is passed
Give base station, in order to according to described Base Station Identification position, described base station judges that the subscriber equipment sending described Frame is the most legal.
In present pre-ferred embodiments, a length of 1 byte of described Base Station Identification position, be positioned in described Frame is effective
In the reserved bit of load data part.
A kind of pseudo-base station identification system, is applied in base station server, and described pseudo-base station identification system includes:
Data reception module, for receiving the Frame that subscriber equipment sends;
Deciphering module, operates, when the payload being resolved in described Frame for carrying out described Frame resolving
During data division, call the decruption key prestored to the Base Station Identification position in the reserved bit of described payload data part
It is decrypted operation;
Processing module, for when deciphering, to obtain Base Station Identification position inconsistent with the legal Base Station Identification position prestored
Time, it is judged that described subscriber equipment is illegal, abandons described Frame, and sends information to described subscriber equipment, or works as
Deciphering is time to obtain Base Station Identification position consistent with the legal Base Station Identification position prestored, it is judged that described subscriber equipment is legal, will
The described data parsed are sent to core net.
A kind of pseudo-base station identification system, is applied in base station server, and described pseudo-base station identification system includes:
Data transmission blocks, for being ready for sending to the guarantor of the payload data part in the Frame of subscriber equipment
Stay the Base Station Identification position added in position after utilizing the AES encryption preset, and with the addition of the mark of the base station after encryption by described
The Frame knowing position sends subscriber equipment to, in order to described subscriber equipment judges to send described data according to described Base Station Identification position
Whether the base station of frame is pseudo-base station.
A kind of pseudo-base station identification system, is applied in subscriber equipment, and described pseudo-base station identification system includes:
Data reception module, for receiving the Frame that base station sends;
Deciphering module, operates, when the payload being resolved in described Frame for carrying out described Frame resolving
During data division, call the decruption key prestored to the Base Station Identification position in the reserved bit of described payload data part
It is decrypted operation;
Processing module, for when utilize described decruption key can not to described Base Station Identification position successful decryption time, it is judged that institute
Stating base station is pseudo-base station, abandons described Frame, and sends the information user to described subscriber equipment, or when utilizing
Described decruption key can to described Base Station Identification position successful decryption time, it is judged that described base station is not pseudo-base station, will parse
Data offer the user of described subscriber equipment.
Compared to prior art, pseudo-base station discrimination method provided by the present invention and system can efficiently identify out pseudo-base
Stand, to prevent pseudo-base station from user carrying out note/voice swindle, improve the safety of mobile communication.
Accompanying drawing explanation
It it is the method flow diagram that in pseudo-base station discrimination method of the present invention, subscriber equipment end data sends shown in Fig. 1.
It it is the method flow diagram that in pseudo-base station discrimination method of the present invention, subscriber equipment end data receives shown in Fig. 2.
It it is the method flow diagram that in pseudo-base station discrimination method of the present invention, base station side data send shown in Fig. 3.
It it is the method flow diagram of base station side data receiver in pseudo-base station discrimination method of the present invention shown in Fig. 4.
It it is the network architecture of pseudo-base station identification system of the present invention shown in Fig. 5.
It it is the hardware structure figure of the subscriber equipment realizing pseudo-base station identification system of the present invention shown in Fig. 6.
It it is the hardware structure figure of the base station server realizing pseudo-base station identification system of the present invention shown in Fig. 7.
It it is the functional block diagram of mobile terminal pseudo-base station identification system preferred embodiment of the present invention shown in Fig. 8.
It it is the Frame in pseudo-base station discrimination method of the present invention and system between subscriber equipment end and base station side shown in Fig. 9
Transmission structure figure.
Main element symbol description
Subscriber equipment 1
Storage device 11
Processor 12
Base station side 2
Base station 20
Base station server 21
Storage device 22
Processor 23
Transmission network 3
Core net 4
Pseudo-base station identification system 10
Data transmission blocks 100
Data reception module 101
Deciphering module 102
Judge module 103
Processing module 104
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.
Based on the embodiment in the present invention, those of ordinary skill in the art are institute on the premise of not making creative work
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
In the embodiment of the present invention, described pseudo-base station discrimination method applies the communication process between subscriber equipment and base station side
In.
Described subscriber equipment is the concept in mobile communication, refers to the user terminal in 3G and 4G network, and it comprises hands
Machine, intelligent terminal, multimedia equipment, stream media equipment etc..
Described base station is a kind of form of radio station, refers in certain radio coverage area, by mobile logical
Letter carries out the transceiving letter radio station of information transmission between switching centre, and the subscriber equipment of movement.
With reference to shown in Fig. 1, it it is the method flow diagram that in pseudo-base station discrimination method of the present invention, subscriber equipment end data sends.Root
According to different demands, the execution sequence in flow chart shown in this figure can change, and some can omit.
S10, will be ready for sending to the reservation of IP payload (payload) data division in the Frame of base station side
The Base Station Identification position after utilizing the AES encryption preset is added in Wei.
Refering to shown in Fig. 9, it it is the Frame in pseudo-base station discrimination method of the present invention between subscriber equipment end and base station side
Transmission structure figure.Wherein, IP Payload is the packet of transmission.The present embodiment is in the reserved bit of the IP bag of IP Payload
Use the storage of the 1Byte (byte) Base Station Identification position after encryption.
In the embodiment of the present invention, described AES can be symmetric encipherment algorithm.The key of described AES is permissible
It is pre-stored within described subscriber equipment end and base station side.
In the embodiment of the present invention, described Base Station Identification position can be to reach between the base station side and user equipment side pre-set
Become consistent any character, it is possible to be stored in described subscriber equipment and in the base station server of described base station side.
In present pre-ferred embodiments, described Base Station Identification position can have multiple, as each base station can have one
Base Station Identification position.In other preferred embodiments of the present invention, described Base Station Identification position can also only one of which, be used for represent all of
Base station.
S11, by described with the addition of encryption after the Frame of Base Station Identification position send base station to.
With reference to shown in Fig. 2, it it is the method flow diagram that in pseudo-base station discrimination method of the present invention, subscriber equipment end data receives.Root
According to different demands, the execution sequence in flow chart shown in this figure can change, and some can omit.
S12, receives the Frame that base station sends.
S13, carries out described Frame resolving operation, when the IP payload data division being resolved in described Frame
Time, call the decruption key prestored and the Base Station Identification position in the reserved bit of described IP payload data division is solved
Close operation.
S14, it is judged that utilize the described decruption key whether can be to described Base Station Identification position successful decryption.
Described Base Station Identification position successful decryption then can not be illustrated that described Frame is probably when utilizing described decruption key
Pseudo-base station sends, and in S15, abandons described Frame, and send the information user to described subscriber equipment.
In other embodiments of the present invention, when utilizing the described decruption key can not be to described Base Station Identification position successful decryption
Time, it is also possible to do not abandon described Frame, but be supplied to user after described Frame is indicated and check, carry simultaneously
Awake user notes the safety of these data.
Described Base Station Identification position successful decryption then can be illustrated that described Frame is true base when utilizing described decruption key
Stand and send, and in S16, the data parsed are offered the user of described subscriber equipment.
Refering to shown in Fig. 3, it it is the method flow diagram that in pseudo-base station discrimination method of the present invention, base station side data send.According to not
Same demand, the execution sequence in flow chart shown in this figure can change, and some can omit.
S20, adds being ready for sending in the reserved bit of the IP payload data division in the Frame of subscriber equipment
Utilize the Base Station Identification position after the AES encryption preset.
Refering to shown in Fig. 9, it it is the Frame in pseudo-base station discrimination method of the present invention between subscriber equipment end and base station side
Transmission structure figure.Wherein, IP Payload is the packet of transmission.The present embodiment is in the reserved bit of the IP bag of IP Payload
Use the storage of 1Byte byte Base Station Identification position after encryption.
In the embodiment of the present invention, described AES can be symmetric encipherment algorithm.The key of described AES is permissible
It is pre-stored within described subscriber equipment end and base station side.
In the embodiment of the present invention, described Base Station Identification position can be to reach between the base station side and user equipment side pre-set
Become consistent any character, it is possible to be stored in described subscriber equipment and in the base station server of described base station side.
In present pre-ferred embodiments, described Base Station Identification position can have multiple, as each base station can have one
Base Station Identification position.In other preferred embodiments of the present invention, described Base Station Identification position can also only one of which, be used for represent all of
Base station.
S21, by described with the addition of encryption after the Frame of Base Station Identification position send subscriber equipment to.
Refering to shown in Fig. 4, it it is the method flow diagram of base station side data receiver in pseudo-base station discrimination method of the present invention.According to not
Same demand, the execution sequence in flow chart shown in this figure can change, and some can omit.
S22, receives the Frame that subscriber equipment sends.
S23, carries out described Frame resolving operation, when the IP payload data division being resolved in described Frame
Time, call the decruption key prestored and the Base Station Identification position in the reserved bit of described IP payload data division is solved
Close operation.
S24, it is judged that it is the most consistent with the legal Base Station Identification position prestored that deciphering obtains Base Station Identification position.
When deciphering, to obtain Base Station Identification position inconsistent with the legal Base Station Identification position prestored, then described user is described
Equipment is not legitimate user equipment, then in S25, abandon described Frame, and send information to described subscriber equipment.
When deciphering, to obtain Base Station Identification position consistent with the legal Base Station Identification position prestored, then illustrate that described user sets
Standby is legitimate user equipment, then in S26, the described data parsed are sent to core net.
The above, be only the detailed description of the invention of the present invention, but protection scope of the present invention be not limited thereto, for
For those of ordinary skill in the art, without departing from the concept of the premise of the invention, it is also possible to make improvement, but these
Belong to protection scope of the present invention.
Above-mentioned Fig. 1~4 describes the pseudo-base station discrimination method of the present invention in detail, below in conjunction with the 5th~8 figures, respectively to reality
The hardware system structure showing above-mentioned pseudo-base station discrimination method and the function of the software system realizing described pseudo-base station discrimination method
Module is introduced.
It should be appreciated that described embodiment is only purposes of discussion, patent claim is not limited by this structure.
As it is shown in figure 5, be the network architecture diagram of pseudo-base station identification system of the present invention.
In the embodiment of the present invention, described pseudo-base station identification system run on subscriber equipment (User Equipment, UE) 1 with
In base station side 2.
Described subscriber equipment 1 is the concept in mobile communication, refers to the user terminal in 3G and 4G network, and it comprises hands
Machine, intelligent terminal, multimedia equipment, stream media equipment etc..
Described base station side 2 includes base station 20 and base station server 21.
Described base station 20, it is also possible to be called base transceiver station, is a kind of form of radio station, refers to certain wireless
In electricity overlay area, receive by carrying out the radio of information transmission between mobile switching center, and the subscriber equipment of movement
Transmit radio station.
Described base station server 21 generally controls several base station 20, and its major function is by wireless channel management, implements
Call the foundation with communication link and dismounting, and be controlled for the handover of mobile station in this control zone.
In the embodiment of the present invention, described base station server 21 sends Frame by base station 20 to subscriber equipment 1, and receives
The Frame that subscriber equipment 1 is sent by base station 20, and when verifying that described subscriber equipment 1 is legal, described user is set
Standby 1 Frame sent is sent to core net 4 by transmission network 3.
In the embodiment of the present invention, when sending Frame by base station 20 to subscriber equipment 1, described base station server 2 will
The reserved bit of the IP payload data division in described Frame is added the base station after utilizing the AES encryption preset
Flag, to make a distinction with pseudo-base station.
Refering to shown in shown in Fig. 6 and Fig. 7, be respectively realize pseudo-base station identification system of the present invention subscriber equipment 1 and
The hardware structure figure of base station server 21.
In present pre-ferred embodiments, described subscriber equipment 1 and base station server 21 are mounted on pseudo-base station and differentiate
System 10.Further, described subscriber equipment 1 also includes storage device 11 and processor 12 and described base station server 21
Also include storage device 22 and processor 23.It should be appreciated that described subscriber equipment 1 and base station server 21 can also include
Other hardware or software, and it is not restricted to the above-mentioned parts enumerated.
Described storage device 11 and 22 is used for the program that stores and various data, and realizes in running at a high speed, certainly
Complete the access of program or data dynamicly.Described storage device 11 and 22 can be subscriber equipment 1 and base station server 21
External memory equipment and/or internal storage device.Further, described storage device 11 and 22 can also be in integrated circuit
Not having the circuit with storage function of physical form, such as RAM, (Random-Access Memory, random access memory sets
Standby), FIFO (First In First Out) etc..Or, described storage device 11 can also be to have the storage of physical form
Equipment, such as memory bar, TF card (Trans-flash Card) etc..
Described processor 12 and 23, also known as central processing unit (CPU, Central Processing Unit), is one piece and surpasses
Large-scale integrated circuit, is arithmetic core (Core) and the control core (Control of subscriber equipment 1 and base station server 21
Unit).The function of described processor 12 and 23 is mainly interpreter directive and processes the data in software.
Described pseudo-base station identification system 10 can include multiple functional module (referring to Fig. 3) being made up of program segment.Institute
The program code stating each program segment in pseudo-base station identification system 10 can be stored in described storage device 11 and 22, and by
Performed by described processor 12 and 23, to realize the identification function (refer to Fig. 8 described in) of pseudo-base station.
Refering to shown in Fig. 8, it it is the functional block diagram in this pseudo-base station identification system 10 preferred embodiment.
In the present embodiment, described pseudo-base station identification system 10, according to its performed function, can be divided into multiple merit
Can module.In the present embodiment, described functional module includes data transmission blocks 100, data reception module 101, deciphering module
102, judge module 103 and processing module 104.
When described pseudo-base station identification system 10 runs in described subscriber equipment 1, described data transmission blocks 100, number
Following function can be performed according to receiver module 101, deciphering module 102, judge module 103 and processing module 104.
Described data transmission blocks 100 is for the IP payload data that will be ready for sending in the Frame to base station side 2
Part reserved bit in add utilize preset AES encryption after Base Station Identification position, and by described with the addition of encryption after
The Frame of Base Station Identification position sends base station 20 to.
Refering to shown in Fig. 9, it it is the Frame in pseudo-base station discrimination method of the present invention between subscriber equipment 1 and base station side 2
Transmission structure figure.Wherein, IP Payload is the packet of transmission.The present embodiment is in the reserved bit of the IP bag of IP Payload
Use the storage of 1Byte byte Base Station Identification position after encryption.
In the embodiment of the present invention, described AES can be symmetric encipherment algorithm.The key of described AES is permissible
It is pre-stored within described subscriber equipment end 1 and base station server 21.
In the embodiment of the present invention, described Base Station Identification position can be to reach between the base station side 2 and subscriber equipment 1 pre-set
Become consistent any character, it is possible to be stored in described subscriber equipment 1 and in the base station server 21 of described base station side 2.
In present pre-ferred embodiments, described Base Station Identification position can have multiple, as each base station 20 can have one
Individual Base Station Identification position.In other preferred embodiments of the present invention, described Base Station Identification position can also only one of which, be used for represent all
Base station 20.
Described data reception module 101 is for receiving the Frame that base station side 2 sends.
Described deciphering module 102 operates, as the IP being resolved in described Frame for carrying out described Frame resolving
During payload data division, call in the decruption key the prestored reserved bit to described IP payload data division
Base Station Identification position is decrypted operation.
For judgement, described judge module 103 utilizes whether described decruption key successfully can solve described Base Station Identification position
Close.
Described processing module 104 is for when utilize the described decruption key can not be to described Base Station Identification position successful decryption, then
Illustrate that described Frame is probably what pseudo-base station sent, now abandon described Frame, and send information to subscriber equipment
User, or when utilizing described decruption key described Base Station Identification position successful decryption can then be illustrated described Frame
It is that true base station sends, and the data parsed are offered the user of subscriber equipment 1.
When described pseudo-base station identification system 10 runs in described base station server 21, described data transmission blocks 100,
Data reception module 101, deciphering module 102, judge module 103 and processing module 104 can perform following function.
Described data transmission blocks 100 is for the IP payload number that will be ready for sending in the Frame to subscriber equipment 1
According to part reserved bit in add utilize preset AES encryption after Base Station Identification position, and by described with the addition of encryption after
The Frame of Base Station Identification position send subscriber equipment 1 to.
Refering to shown in Fig. 9, it it is the Frame in pseudo-base station discrimination method of the present invention between subscriber equipment 1 and base station side 2
Transmission structure figure.Wherein, IP Payload is the packet of transmission.The present embodiment is in the reserved bit of the IP bag of IP Payload
Use the storage of 1Byte byte Base Station Identification position after encryption.
In the embodiment of the present invention, described AES can be symmetric encipherment algorithm.The key of described AES is permissible
It is pre-stored within the base station server 21 of described subscriber equipment 1 and base station side 2.
In the embodiment of the present invention, described Base Station Identification position can be to reach between the base station side 2 and subscriber equipment 1 pre-set
Become consistent any character, it is possible to be stored in described subscriber equipment 1 and in the base station server 21 of described base station side 2.
In present pre-ferred embodiments, described Base Station Identification position can have multiple, as each base station 20 can have one
Individual Base Station Identification position.In other preferred embodiments of the present invention, described Base Station Identification position can also only one of which, be used for represent all
Base station 20.
Described data reception module 101 is for receiving the Frame that subscriber equipment 1 sends.
Described deciphering module 102 operates, as the IP being resolved in described Frame for carrying out described Frame resolving
During payload data division, call in the decruption key the prestored reserved bit to described IP payload data division
Base Station Identification position is decrypted operation.
Described judge module 103 is for judging to decipher the legal Base Station Identification position obtaining Base Station Identification position with prestoring
The most consistent.
Described processing module 104 is for obtaining Base Station Identification position with the legal Base Station Identification position prestored not when deciphering
Time consistent, illustrate that described subscriber equipment 1 is not legal subscriber equipment, then abandon described Frame, and send information to
The user of described subscriber equipment 1, or when deciphering obtains Base Station Identification position and the legal Base Station Identification position one prestored
During cause, illustrate that described subscriber equipment 1 is legal subscriber equipment, then the data parsed are sent to core net 4.
Each functional module in each embodiment of the present invention can be integrated in a processing unit, it is also possible to is each
Unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated unit both may be used
To use the form of hardware to realize, it would however also be possible to employ hardware adds the form of software function module and realizes.
The above-mentioned integrated unit realized with the form of software function module, can be stored in an embodied on computer readable and deposit
In storage media.Above-mentioned software function module is stored in a storage medium, including some instructions with so that a computer
Equipment (can be personal computer, communication mobile terminal, or the network equipment etc.) or processor (processor) perform this
The part of method described in each embodiment bright.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of the spirit or essential attributes of the present invention, it is possible to realize the present invention in other specific forms.Therefore, no matter
From the point of view of which point, all should regard embodiment as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all by fall in the implication of equivalency and scope of claim
Change is included in the present invention.Should not be considered as limiting involved claim by any reference in claim.This
Outward, it is clear that " including " word be not excluded for other unit or, odd number is not excluded for plural number.Multiple unit of statement in system claims
Or device can also be realized by software or hardware by a unit or device.The first, the second word such as grade is used for representing name
Claim, and be not offered as any specific order.
Finally it should be noted that above example only in order to technical scheme to be described and unrestricted, although reference
The present invention has been described in detail by preferred embodiment, it will be understood by those within the art that, can be to the present invention's
Technical scheme is modified or equivalent, without deviating from the spirit and scope of technical solution of the present invention.
Claims (10)
1. a pseudo-base station discrimination method, is applied in subscriber equipment, it is characterised in that described pseudo-base station discrimination method includes:
By be ready for sending in the Frame of base station payload data part add utilize preset AES encryption after
Base Station Identification position;
By described with the addition of encryption after the Frame of Base Station Identification position send base station to, in order to described base station is according to described base station
Flag judges that the subscriber equipment sending described Frame is the most legal.
2. pseudo-base station discrimination method as claimed in claim 1, it is characterised in that a length of 1 byte of described Base Station Identification position,
It is positioned in the reserved bit of the payload data part in described Frame.
3. a pseudo-base station discrimination method, is applied in base station server, it is characterised in that described pseudo-base station discrimination method bag
Include:
Receive the Frame that subscriber equipment sends;
Carry out described Frame resolving operation, when the payload data part being resolved in described Frame, call pre-
The decruption key first stored is decrypted operation to the Base Station Identification position in the reserved bit of described payload data part;
When to obtain Base Station Identification position inconsistent with the legal Base Station Identification position prestored in deciphering, it is judged that described subscriber equipment
Illegal, abandon described Frame, and send information to described subscriber equipment;Or
When to obtain Base Station Identification position consistent with the legal Base Station Identification position prestored in deciphering, it is judged that described subscriber equipment closes
The described data parsed are sent to core net by method.
4. a pseudo-base station discrimination method, is applied in base station server, it is characterised in that described pseudo-base station discrimination method bag
Include:
To be ready for sending to the reserved bit of the payload data part in the Frame of subscriber equipment is added what utilization was preset
Base Station Identification position after AES encryption;
By described with the addition of encryption after the Frame of Base Station Identification position send subscriber equipment to, in order to described subscriber equipment according to
Described Base Station Identification position judges whether the base station sending described Frame is pseudo-base station.
5. a pseudo-base station discrimination method, is applied in subscriber equipment, it is characterised in that described pseudo-base station discrimination method includes:
Receive the Frame that base station sends;
Carry out described Frame resolving operation, when the payload data part being resolved in described Frame, call pre-
The decruption key first stored is decrypted operation to the Base Station Identification position in the reserved bit of described payload data part;
When utilize described decruption key can not to described Base Station Identification position successful decryption time, it is judged that described base station is pseudo-base station, loses
Abandon described Frame, and send the information user to described subscriber equipment;Or
When utilize described decruption key can to described Base Station Identification position successful decryption time, it is judged that described base station is not pseudo-base station,
The data parsed are offered the user of described subscriber equipment.
6. a pseudo-base station identification system, is applied in subscriber equipment, it is characterised in that described pseudo-base station identification system includes:
Data transmission blocks, for presetting being ready for sending to add to utilize to the payload data part in the Frame of base station
AES encryption after Base Station Identification position, and by described with the addition of encryption after the Frame of Base Station Identification position send to
Base station, in order to according to described Base Station Identification position, described base station judges that the subscriber equipment sending described Frame is the most legal.
7. pseudo-base station identification system as claimed in claim 6, it is characterised in that a length of 1 byte of described Base Station Identification position,
It is positioned in the reserved bit of the payload data part in described Frame.
8. a pseudo-base station identification system, is applied in base station server, it is characterised in that described pseudo-base station identification system bag
Include:
Data reception module, for receiving the Frame that subscriber equipment sends;
Deciphering module, operates, when the payload data being resolved in described Frame for carrying out described Frame resolving
During part, call the decruption key prestored and the Base Station Identification position in the reserved bit of described payload data part is carried out
Decryption oprerations;
Processing module, for when to obtain Base Station Identification position inconsistent with the legal Base Station Identification position prestored in deciphering, sentencing
Disconnected described subscriber equipment is illegal, abandons described Frame, and sends information to described subscriber equipment, or when decipher
To Base Station Identification position consistent with the legal Base Station Identification position prestored time, it is judged that described subscriber equipment is legal, by described solution
The data separated out are sent to core net.
9. a pseudo-base station identification system, is applied in base station server, it is characterised in that described pseudo-base station identification system bag
Include:
Data transmission blocks, for being ready for sending to the reserved bit of the payload data part in the Frame of subscriber equipment
The middle Base Station Identification position added after utilizing the AES encryption preset, and with the addition of the Base Station Identification position after encryption by described
Frame send subscriber equipment to, in order to described subscriber equipment judges to send described Frame according to described Base Station Identification position
Whether base station is pseudo-base station.
10. a pseudo-base station identification system, is applied in subscriber equipment, it is characterised in that described pseudo-base station identification system includes:
Data reception module, for receiving the Frame that base station sends;
Deciphering module, operates, when the payload data being resolved in described Frame for carrying out described Frame resolving
During part, call the decruption key prestored and the Base Station Identification position in the reserved bit of described payload data part is carried out
Decryption oprerations;
Processing module, for when utilize described decruption key can not to described Base Station Identification position successful decryption time, it is judged that described base
Station is pseudo-base station, abandons described Frame, and sends the information user to described subscriber equipment, or described when utilizing
Decruption key can to described Base Station Identification position successful decryption time, it is judged that described base station is not pseudo-base station, the number that will parse
According to the user offering described subscriber equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610619116.2A CN106028340A (en) | 2016-07-29 | 2016-07-29 | Method and system for identifying pseudo base stations |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610619116.2A CN106028340A (en) | 2016-07-29 | 2016-07-29 | Method and system for identifying pseudo base stations |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106028340A true CN106028340A (en) | 2016-10-12 |
Family
ID=57133554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610619116.2A Pending CN106028340A (en) | 2016-07-29 | 2016-07-29 | Method and system for identifying pseudo base stations |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106028340A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020093860A1 (en) * | 2018-11-09 | 2020-05-14 | 华为技术有限公司 | Fake network device identification method and communication apparatus |
| WO2020147354A1 (en) * | 2019-01-18 | 2020-07-23 | 中兴通讯股份有限公司 | Pseudo base station prevention method and apparatus, and computer readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1215293A (en) * | 1997-10-20 | 1999-04-28 | 富士通株式会社 | Communication controller and radio communication system |
| CN101552668A (en) * | 2008-03-31 | 2009-10-07 | 展讯通信(上海)有限公司 | Certificating method, user equipment and base station for accessing user equipment into network |
| CN104244281A (en) * | 2014-10-11 | 2014-12-24 | 北京网秦天下科技有限公司 | Base station detection method and base station detection device |
| CN104838681A (en) * | 2012-10-11 | 2015-08-12 | 诺基亚通信公司 | Fake base station detection with core network support |
| CN105430649A (en) * | 2015-12-30 | 2016-03-23 | 迈普通信技术股份有限公司 | Wifi access method and apparatus |
-
2016
- 2016-07-29 CN CN201610619116.2A patent/CN106028340A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1215293A (en) * | 1997-10-20 | 1999-04-28 | 富士通株式会社 | Communication controller and radio communication system |
| CN101552668A (en) * | 2008-03-31 | 2009-10-07 | 展讯通信(上海)有限公司 | Certificating method, user equipment and base station for accessing user equipment into network |
| CN104838681A (en) * | 2012-10-11 | 2015-08-12 | 诺基亚通信公司 | Fake base station detection with core network support |
| CN104244281A (en) * | 2014-10-11 | 2014-12-24 | 北京网秦天下科技有限公司 | Base station detection method and base station detection device |
| CN105430649A (en) * | 2015-12-30 | 2016-03-23 | 迈普通信技术股份有限公司 | Wifi access method and apparatus |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020093860A1 (en) * | 2018-11-09 | 2020-05-14 | 华为技术有限公司 | Fake network device identification method and communication apparatus |
| WO2020147354A1 (en) * | 2019-01-18 | 2020-07-23 | 中兴通讯股份有限公司 | Pseudo base station prevention method and apparatus, and computer readable storage medium |
| US12047394B2 (en) | 2019-01-18 | 2024-07-23 | Zte Corporation | Anti-pseudo base station method and apparatus, and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104661216B (en) | The method and WTRU of NAS message are transmitted in WTRU | |
| CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
| Jakobsson et al. | Security weaknesses in Bluetooth | |
| EP1348274B1 (en) | Local authentification in a communication system | |
| CN104219244B (en) | iBeacon position spoofing preventing method, authentication server and base station | |
| CN101578893A (en) | Method and apparatus for base station self configuration | |
| KR20060087271A (en) | Methode for sending imsi(international mobile subscriber identifier) in security | |
| CN105142136A (en) | Method for preventing counterfeit base attack | |
| CN102833066A (en) | Three-party authentication method and device as well as intelligent card supporting two-way authentication | |
| CN103139769B (en) | A kind of wireless communications method and network subsystem | |
| CN106028340A (en) | Method and system for identifying pseudo base stations | |
| CN103841553A (en) | Method for routing security and privacy protection of mixed wireless Mesh network | |
| CN108156604A (en) | The group of group system exhales encrypted transmission method and device, colony terminal and system | |
| US9374705B2 (en) | Methods, devices and system for verifying mobile equipment | |
| CN1980122A (en) | Method for increasing information transmission safety | |
| KR101178272B1 (en) | Protocol expansion of a signaling message | |
| CN1661954B (en) | Method of generating a cryptosynchronism | |
| Bocan et al. | Mitigating denial of service threats in GSM networks | |
| CN108632201A (en) | Encryption device, decryption device and judge message whether the method that encrypt or decrypt | |
| CN106412889A (en) | Pseudo base station recognition device and method | |
| Jaatun et al. | GPRS security for smart meters | |
| Barca | Information security in digital trunking systems | |
| Duan et al. | Security analysis of the terrestrial trunked radio (TETRA) authentication protocol | |
| CN100563153C (en) | A kind of in end-to-end wireless encryption communication system the user register the method for authentication | |
| CN101420693B (en) | Method for enhancing security of PHS communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161012 |
|
| RJ01 | Rejection of invention patent application after publication |