Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be understood that the technical solutions of the embodiments of the present application may be applied to various communication systems, for example: a Global System for Mobile communications (GSM) System, a Code Division Multiple Access (CDMA) System, a Wideband Code Division Multiple Access (WCDMA) General Packet Radio Service (GPRS) System, a Long Term Evolution (Long Term Evolution) System, a LTE Frequency Division Duplex (FDD) System, a LTE Time Division Duplex (TDD) System, a Universal Mobile Telecommunications System (UMTS) System, a Worldwide Interoperability for Microwave Access (WiMAX) Communication System, a future 5G Communication System, and the like.
Fig. 1 is a schematic diagram illustrating an architecture of a parental control system to which an embodiment of the present invention is applicable.
As shown in fig. 1, the parental control system architecture 100 includes a control terminal 101, a controlled terminal 102, a controlled terminal 103, a controlled terminal 104, a base station 105, a core network 106, and the internet 107; the connection relationship between the terminals in the parental control system architecture 100 is as follows: on one hand, the base station 105 is connected with the control terminal 101, the controlled terminal 102, the controlled terminal 103 and the controlled terminal 104; on the other hand, the base station 105 is connected to the core network 106; the core network 106 is connected to the internet 107.
In the embodiment of the invention, the control terminal is a terminal with parental authority, and the controlled terminal is a terminal to be controlled by the control terminal; the control terminal configures control information for the controlled terminal in the base station. For example, as shown in fig. 1, the control terminal 101 performs differentiated control on the controlled terminal 102, the controlled terminal 103 and the controlled terminal 104 through the base station 105, for example, limiting CS domain service of a certain controlled terminal, and for example, limiting PS domain service of a certain controlled terminal; the CS domain service is also called a voice service, and includes services such as voice telephone, video telephone, and short message; the PS domain service is also called data service, and includes streaming media, background class, interactive class, etc., such as uploading and downloading of web browsing, Email, http and ftp, etc.
In the embodiment of the present invention, the Base station 105 may be a Base Transceiver Station (BTS) in a GSM system or a CDMA system, a Base station (NodeB, NB for short) in a WCDMA system, an evolved Node B (evolved Node B, eNB or eNodeB for short) in an LTE system, or a Home Base station (Home eNodeB). Alternatively, the base station 105 may provide a mobile 2G/3G/4G network and WIFI (wireless fidelity) signals, and provide access services for the control terminal 101, the controlled terminal 102, the controlled terminal 103, the controlled terminal 104, and the like.
The controlled terminal related to the embodiment of the invention can comprise: the Mobile terminal includes a handheld terminal with a wireless communication function, a vehicle-mounted terminal, a wearable terminal, a computing terminal or other processing terminals connected to a wireless modem, and various forms of User Equipment (UE), a Mobile Station (MS), a terminal (terminal), an intelligent wearable product, a home appliance, and the like.
Fig. 2 schematically illustrates a flowchart of a parental control method according to an embodiment of the present invention.
Based on the system architecture shown in fig. 1, as shown in fig. 2, a parental control method provided in an embodiment of the present invention includes the following steps:
step S201: a base station receives a service request of an access terminal; the service request comprises an identifier of the access terminal;
step S202: if the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, then: and the base station processes the service request according to a preset control strategy corresponding to the identification of the access terminal.
In the embodiment of the invention, a base station receives a service request of an access terminal; the service request comprises an identifier of the access terminal; if the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, then: the base station processes the service request according to a preset control strategy corresponding to the identification of the access terminal; the service request of the access terminal must pass through the base station, so the service of the user plane and the signaling plane of the access terminal can be controlled by the base station; therefore, compared with the prior art in which a control strategy for the CS domain is set at the controlled terminal, the scheme of the embodiment of the invention can effectively control various services of the controlled terminal.
In the embodiment of the present invention, the identifier representation modes for different types of terminals are different, generally, for a mobile terminal, an IMSI or an IMEI is selected as its unique identifier first, and for a terminal without an IMSI or IMEI number, MAC address information may be used as its unique identifier. For example, the identity of the mobile terminal including a Subscriber Identity Module (SIM) card may be any one of a MAC address, an IMSI and an IMEI. For another example, the identification of the mobile terminal not having the SIM card may employ any one of the MAC address and the IMEI. For another example, the identifier of the smart home appliance may use a MAC address. Particularly, for the Wifi access mode, the base station cannot acquire the identifier of the access terminal through the signaling plane, and can determine the identifier through the MAC address of the access terminal.
Optionally, in step S202, the preset identifier of at least one controlled terminal includes any one of the following: an international mobile subscriber identity IMSI, an international mobile equipment identity IMEI and a media access control MAC address. In the embodiment of the invention, the base station sets the preset identifier of at least one controlled terminal, and the identifier of each controlled terminal in the identifier of at least one controlled terminal corresponds to at least one control strategy. Therefore, after the base station receives the service request of the access terminal, if the base station determines that the access terminal is not at least one controlled terminal, the base station does not perform parental control on the access terminal and directly processes the service request.
Further, the service request in step S201 further includes an identifier of a service type to be processed; in this embodiment, on one hand, if the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, the processing the service request according to the preset control policy corresponding to the identifier of the access terminal includes: the base station determines the identifier of the access terminal as one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal; and, the base station determines the identifier of the service type to be processed as any one or more of the identifiers of the preset controlled service types corresponding to the identifier of the access terminal according to the identifier of the preset controlled service type corresponding to the identifier of the access terminal, then: and processing the service request according to a preset control strategy corresponding to the identifier of the access terminal and the identifier of the service type to be processed. Therefore, the control strategy corresponding to the controlled terminal and the controlled type can be determined under the condition that the access terminal is one of the controlled terminals and the service type to be processed is one of the controlled service types, so that the service corresponding to the controlled type of the controlled terminal can be effectively controlled.
On the other hand, the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, and determines that the identifier of the service type to be processed is not any one of the preset identifiers of the controlled service types corresponding to the identifier of the access terminal according to the preset identifier of the controlled service type corresponding to the identifier of the access terminal, so that the parent control is not performed on the access terminal, and the service request is directly processed.
In the above embodiment, the preset controlled service type includes any one or more of the following: CS domain service type, PS domain service type, application program type, access IP address type and access IP port type; that is to say, the controlled service type preset by the controlled terminal includes the following situations:
in the first case, the preset controlled service type includes any one of the above, for example, a CS domain service type; also for example, an application type;
in the second case, the preset controlled service type includes any two of the above, for example, an application type and an access IP address type; and for example, CS domain service types and PS domain service types;
in a third case, the preset controlled service type includes any three items in the above, for example, a PS domain service type, an application type, and an access IP address type; examples include CS domain traffic type, access IP address type, and access IP port type;
in a fourth case, the preset controlled service type includes the above four contents.
It should be noted that the preset controlled service types in the embodiment of the present invention include, but are not limited to, the aforementioned CS domain service types, PS domain service types, application types, access IP address types, access IP port types, and the like; in the embodiment of the invention, each controlled service type is preset in a base station, and various parental controls are carried out on a controlled terminal; compared with the prior art in which the controlled type and the control strategy are set in the controlled terminal, the parental control method in the embodiment of the invention can effectively control each controlled type of the controlled terminal.
In the embodiment of the present invention, the preset control policy includes any one or more of the following:
the first item is that if the preset controlled service type is a CS domain service type, the preset control strategy is any one of rejecting a CS domain service request and limiting the CS domain service duration; that is, the control policy corresponding to the CS domain service type may be to reject the CS domain service request, or may also be to limit the CS domain service duration; optionally, the CS domain service mainly includes services such as voice call, video call, and short message. Specifically, there are multiple implementation manners for rejecting a CS domain service request, and an implementation manner provided in an embodiment of the present invention is to reject a new access condition through an RRC; there are also various ways to limit the CS domain service duration, one of which can be realized by the base station initiating a release request to release the CS domain service for the CS domain service running.
A second item, if the preset controlled service type is a PS domain service type, the preset control policy is any one or more of rejecting a PS domain service request, limiting a PS domain service duration, and limiting a usage flow of the PS domain service; the PS service includes streaming media, background class, interactive class, and the like, such as data services like web browsing, uploading and downloading of mail, http, or ftp. Specifically, the control policy corresponding to the PS domain service type may be to reject a PS domain service request, and the manner of rejecting the PS domain service request may include rejecting a PS domain service access request or rejecting an establishment process of a TCP handshake through an RRC; secondly, the control strategy corresponding to the PS domain service type may also be to limit the PS domain service duration, and one way to achieve the limitation of the PS domain service duration is to deactivate the terminal by deactivating the context bearer mode when the PS domain service operation duration reaches the preset duration, so as to terminate the PS domain service; thirdly, the control strategy corresponding to the PS domain service type can also limit the use flow of the PS domain service; one way to limit the usage traffic of PS domain services is to: when the operation time of the PS domain service reaches a flow threshold value, the terminal is deactivated by deactivating the context bearing mode, so that the PS domain service is terminated; fourthly, the control strategy corresponding to the PS domain service type can also limit service duration and service use flow.
A third item, if the preset controlled service type is the application program type, the preset control strategy is any one of service request rejection and service duration limitation;
a fourth item, if the preset controlled service type is an access IP address type, the preset control policy is any one or more of service request rejection, service duration restriction, and PS domain service usage flow restriction;
a fifth item, if the preset controlled service type is an access IP port type, the preset control policy is any one or more of service request rejection, service duration restriction, and PS domain service usage flow restriction;
for the third item, the fourth item and the fifth item, the realizable manners of rejecting the service request at least include the following two manners: deny the establishment of a TCP handshake, and restrict access to a specific application or a specific IP address or a specific IP port by means of iptables rules. Optionally, the controlled service types in the third item, the fourth item and the fifth item corresponding to the controlled terminal may also be controlled by setting a black and white list. Therefore, the base station can limit the access of various controlled service types, the more the service types are, the more the parental control modes are different, and the flexibility is high; in addition, the base station supports multiple synchronization modes, such as an air interface synchronization mode and a cloud synchronization mode; the dependence on GPS equipment can be reduced.
It should be noted that the preset control strategy includes any one or more of the above six items, that is, one control type may correspond to at least one control strategy.
In this embodiment of the present invention, a preset controlled terminal may correspond to an identifier of at least one controlled service type, which is specifically exemplified as follows:
firstly, aiming at a controlled terminal, the method can correspond to a controlled service type, such as a CS domain service type, namely, the method limits the voice service of the controlled terminal and does not limit other services, such as data service; for example, the controlled service type is a PS domain service type, that is, the data service of the controlled terminal is restricted, and other services such as a voice service are not restricted; for example, the controlled service type is an application type, that is, for the controlled terminal, access restriction is performed on the application; for example, the controlled service type is an access IP address type, that is, for the controlled terminal, access restriction is performed on the IP address; for example, the controlled service type is an access IP port type, that is, for the controlled terminal, access restriction is performed on the IP port.
Secondly, for a controlled terminal, it can correspond to multiple controlled service types, for example, the controlled service types include CS domain service type and PS domain service type, that is, it limits the voice service and data service of the controlled terminal; for example, the controlled service type includes a CS domain service type and an IP address type, that is, a restriction is made for a voice service of the controlled terminal and an access to the IP address; for example, the controlled service type includes CS domain service type traffic, usage traffic for limiting PS domain service, and IP address type, i.e. the usage traffic for controlled terminal voice service, PS domain service, and access to the IP address is limited.
Optionally, the processing, by the base station, the service request according to the preset control policy corresponding to the identifier of the access terminal includes: if the preset control strategy corresponding to the identification of the access terminal is a service rejection request, the base station rejects the service request of the access terminal; if the preset control strategy corresponding to the identification of the access terminal is to limit the service duration, the base station processes the service request of the access terminal and limits the service to be processed when the duration of the service to be processed reaches the preset duration; and if the preset control strategy corresponding to the identification of the access terminal is the flow threshold value which can be used for limiting the service, the base station processes the service request of the access terminal and limits the service to be processed when the total flow quantity used by the service to be processed reaches the flow threshold value. Therefore, the service request is processed according to the specific control strategy, and various services of the controlled terminal can be effectively limited.
In the embodiment of the invention, before the base station receives the service request of the access terminal, the control terminal sets the configuration information to the base station, wherein the configuration information comprises the identification of each controlled terminal in at least one controlled terminal, the corresponding relation between the identification of each controlled terminal in at least one controlled terminal and at least one control type, and the corresponding relation between the control type and the control strategy. After receiving the configuration information, the base station determines a control strategy corresponding to the identifier of the access terminal and the identifier of the controlled service type according to the configuration information, and further processes the service request.
In the embodiment of the invention, the control terminal has various modes for setting the configuration information of the base station, one mode is a local mode, namely, the control terminal sets the configuration information of the base station by accessing a local web of the base station or through a serial port; the other is a remote mode, namely, the configuration information setting is carried out on the base station through a cloud platform or a web with an external network capability. Specifically, the configuration information may be set in a manner of adding a list in the base station, for example, adding a controlled terminal list, where the added controlled terminal list includes an identifier of each controlled terminal in at least one controlled terminal; such as adding a list of controlled types, which may include each controlled type; such as a forbidden access list including forbidden IP addresses, or IP ports, or applications, etc.; a timer may also be set, for example, a control policy for limiting the service duration may be set, the timer may be started when the controlled service starts, and the controlled service may be stopped when the timer reaches a preset duration. Thus, convenience in setting configuration information is met.
Optionally, in the embodiment of the present invention, the base station may further manage the access terminal, such as adding and deleting a control terminal, a controlled terminal, and the like, and for example, configure the rights of the control terminal and the controlled terminal. The base station supports mobile networks (such as GSM, LTE signals and the like) and WIFI wireless signals so as to meet the connection requirements of access terminals supporting different networks, and therefore the system has a wider accommodating range for the access terminals. The access terminal includes, but is not limited to, a mobile electronic product, an intelligent wearable product, a home appliance product, and the like, and generally, the access terminal is a type of terminal that can be connected to a public network through a mobile network or WIFI, so that the internet access capability of the access terminal, or the voice service capability of the mobile network, and the like can be realized.
Further, the access terminal establishes a signaling link required by a CS domain and a PS domain between core networks through the base station; when the access terminal carries out data service, the data packet is forwarded to a core network through a base station; therefore, both user plane data and signaling plane data need to reach a core network through a base station, and by setting configuration information on the base station, the parental control of the control terminal on the controlled terminal is realized, and the controlled terminal can be more effectively controlled to perform various types of services.
In order to more clearly describe the above method flow, the following examples are provided in the embodiments of the present invention.
Fig. 3 exemplarily shows a schematic flow chart of another parental control method provided by an embodiment of the present invention, and based on the system architecture shown in fig. 1, as shown in fig. 3, another parental control method provided by an embodiment of the present invention includes the following steps:
step S301: setting a preset identifier of at least one controlled terminal, a corresponding relation between the identifier of each controlled terminal in the identifiers of the at least one controlled terminal and a preset identifier of a controlled service type, and a corresponding relation between the identifier of each preset controlled service type and a control strategy in a base station;
step S302: a base station receives a service request of an access terminal; the service request comprises an identifier of the access terminal and an identifier of a service type to be processed;
step S303: determining whether the identifier of the access terminal is one of the identifiers of at least one controlled terminal; if yes, go to step S304; if not, executing step S306;
step S304: whether the identifier of the service type to be processed is any one or more than one of the identifiers of the preset controlled service types corresponding to the identifier of the access terminal; if yes, go to step S305; if not, executing step S306;
step S305: processing the service request according to a preset control strategy corresponding to the identifier of the access terminal and the identifier of the service type to be processed;
step S306: and processing the service request of the access terminal without parental control.
From the above, it can be seen that: a base station receives a service request of an access terminal; the service request comprises an identifier of the access terminal; if the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, then: the base station processes the service request according to a preset control strategy corresponding to the identification of the access terminal; the service request of the access terminal must pass through the base station, so the service of the user plane and the signaling plane of the access terminal can be controlled by the base station; therefore, compared with the prior art in which a control strategy for the CS domain is set at the controlled terminal, the scheme of the embodiment of the invention can effectively control various services of the controlled terminal.
Fig. 4 is a schematic structural diagram illustrating a base station for parental control according to an embodiment of the present invention.
Based on the same conception, the base station for parental control according to the embodiment of the present invention is configured to execute the above method flow, as shown in fig. 4, the base station 400 for parental control includes a receiving unit 401, a determining unit 402, and a processing unit 403; wherein:
a receiving unit 401, configured to receive a service request of an access terminal; the service request comprises an identifier of the access terminal;
a determining unit 402, configured to determine, according to a preset identifier of at least one controlled terminal, whether the identifier of the access terminal is one of the identifiers of the at least one controlled terminal;
a processing unit 403, configured to, if, according to a preset identifier of at least one controlled terminal, the identifier of the access terminal is determined to be one of the identifiers of the at least one controlled terminal by the determining unit 402, then: and processing the service request according to a preset control strategy corresponding to the identification of the access terminal.
Optionally, the service request further includes an identifier of a service type to be processed; a determining unit 402, configured to: determining whether the identifier of the access terminal is one of the identifiers of at least one controlled terminal according to a preset identifier of at least one controlled terminal; if the identifier of the access terminal is determined to be one of the identifiers of the at least one controlled terminal, determining whether the identifier of the service type to be processed is any one or more of the identifiers of the preset controlled service types corresponding to the identifier of the access terminal according to the identifier of the preset controlled service type corresponding to the identifier of the access terminal; the processing unit 403 is configured to: determining the identifier of the access terminal as one of the identifiers of at least one controlled terminal according to the preset identifier of at least one controlled terminal; and, according to the identifier of the preset controlled service type corresponding to the identifier of the access terminal, determining that the identifier of the service type to be processed is any one or more of the identifiers of the preset controlled service types corresponding to the identifier of the access terminal, then: and processing the service request according to a preset control strategy corresponding to the identifier of the access terminal and the identifier of the service type to be processed.
Optionally, the preset controlled traffic type includes any one or more of the following: CS domain service type, PS domain service type, application program type, access IP address type and access IP port type.
Optionally, the preset control strategy comprises any one or more of the following: if the preset controlled service type is the CS domain service type, the preset control strategy is any one of service request rejection and service duration limitation; if the preset controlled service type is a PS domain service type, the preset control strategy is any one or more of service request rejection, service duration limitation and a flow threshold value which can be used by the service limitation; if the preset controlled service type is the application program type, the preset control strategy is any one of service request rejection and service duration limitation; if the preset controlled service type is an access IP address type, the preset control strategy is any one or more of service request rejection, service duration limitation and a flow threshold value which can be used by service limitation; if the preset controlled service type is an access IP port type, the preset control strategy is any one or more of service request rejection, service duration limitation and a flow threshold value which can be used by service limitation.
Optionally, the processing unit 403 is configured to: if the preset control strategy corresponding to the identification of the access terminal is a service rejection request, the base station rejects the service request of the access terminal; if the preset control strategy corresponding to the identification of the access terminal is to limit the service duration, the base station processes the service request of the access terminal and limits the service to be processed when the duration of the service to be processed reaches the preset duration; and if the preset control strategy corresponding to the identification of the access terminal is a flow threshold value which can be used for limiting the service, the base station processes the service request of the access terminal and limits the service to be processed when the total flow of the service to be processed reaches the flow threshold value.
From the above, it can be seen that: a base station receives a service request of an access terminal; the service request comprises an identifier of the access terminal; if the base station determines that the identifier of the access terminal is one of the identifiers of the at least one controlled terminal according to the preset identifier of the at least one controlled terminal, then: the base station processes the service request according to a preset control strategy corresponding to the identification of the access terminal; the service request of the access terminal must pass through the base station, so the service of the user plane and the signaling plane of the access terminal can be controlled by the base station; therefore, compared with the prior art in which a control strategy for the CS domain is set at the controlled terminal, the scheme of the embodiment of the invention can effectively control various services of the controlled terminal.
It should be understood that the above division of the units is only a division of logical functions, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.