CN107708115B - Redirection control method and device and mobile terminal - Google Patents

Redirection control method and device and mobile terminal Download PDF

Info

Publication number
CN107708115B
CN107708115B CN201710963107.XA CN201710963107A CN107708115B CN 107708115 B CN107708115 B CN 107708115B CN 201710963107 A CN201710963107 A CN 201710963107A CN 107708115 B CN107708115 B CN 107708115B
Authority
CN
China
Prior art keywords
network mode
redirection
mobile terminal
session record
low
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710963107.XA
Other languages
Chinese (zh)
Other versions
CN107708115A (en
Inventor
王燕飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qiku Internet Technology Shenzhen Co Ltd
Original Assignee
Qiku Internet Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qiku Internet Technology Shenzhen Co Ltd filed Critical Qiku Internet Technology Shenzhen Co Ltd
Priority to CN201710963107.XA priority Critical patent/CN107708115B/en
Publication of CN107708115A publication Critical patent/CN107708115A/en
Application granted granted Critical
Publication of CN107708115B publication Critical patent/CN107708115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0016Hand-off preparation specially adapted for end-to-end data sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a redirection control method, a redirection control device and a mobile terminal, and belongs to the technical field of mobile communication. The redirection control method comprises the following steps: when the mobile terminal receives a redirection signaling of the network equipment in the low-standard network mode, calling a session record in the high-standard network mode before switching to the low-standard network mode; judging whether the session record conforms to a preset disguised characteristic; if so, refusing to execute the redirection operation corresponding to the redirection signaling. According to the redirection control method, the redirection control device and the mobile terminal provided by the embodiment of the invention, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode, the session record in the high-system network mode before the switching to the low-system network mode is called first, and if the session record conforms to the preset disguise characteristic, the mobile terminal refuses to execute the redirection operation corresponding to the redirection signaling, so that the mobile terminal is prevented from accessing an illegal network, and the use safety of the mobile terminal is improved.

Description

Redirection control method and device and mobile terminal
Technical Field
The invention relates to the technical field of mobile communication, in particular to a redirection control method, a redirection control device and a mobile terminal.
Background
With the increasing functions of mobile terminals, the mobile terminals are no longer only simple communication tools, and have been applied more frequently in various aspects of people's lives, especially in payment. And the safety problem in the application process cannot be ignored.
In the process of implementing the present invention, the inventor finds that, when the mobile terminal is in a low-standard network mode such as 2G, since only the user side is authenticated in the network mode, and the network side device (e.g., a base station) is not authenticated, an attacker can attract a target mobile terminal to attach through a privately-installed pseudo base station, and further perform an illegal operation, which results in a reduction in the use security of the mobile terminal.
Disclosure of Invention
In view of this, embodiments of the present invention provide a redirection management and control method, an apparatus, and a mobile terminal, so as to improve the usage security of the mobile terminal.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a redirection management and control method, where the method is applied to a mobile terminal, and includes:
when the mobile terminal receives a redirection signaling of network equipment in a low-standard network mode, calling a session record in a high-standard network mode before switching to the low-standard network mode;
judging whether the session record conforms to a preset disguised characteristic;
if yes, refusing to execute the redirection operation corresponding to the redirection signaling.
In a preferred embodiment of the present invention, the preset camouflage characteristic includes: an unauthenticated feature;
the step of judging whether the session record conforms to a preset disguised characteristic includes:
judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record;
and if not, determining that the session record conforms to the preset disguised characteristic.
In a preferred embodiment of the present invention, the step of determining whether there is an authentication record in the process of switching from the high-standard network mode to the low-standard network mode according to the session record includes:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
In a preferred embodiment of the present invention, the method further includes:
and when the session record is judged to accord with the preset disguised characteristic, network searching operation of the high-system network mode or the low-system network mode is carried out again.
In a preferred embodiment of the present invention, the low-standard network mode includes 2G or 3G, and the high-standard network mode includes: 4G, 4G + or 5G.
In a second aspect, an embodiment of the present invention provides a redirection management and control device, where the redirection management and control device is applied to a mobile terminal, and the redirection management and control device includes:
the session record calling module is used for calling the session record in the high-system network mode before the low-system network mode when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode;
the disguised characteristic judging module is used for judging whether the session record meets the preset disguised characteristic or not;
and the redirection refusing module is used for refusing to execute the redirection operation corresponding to the redirection signaling when the session record conforms to the preset disguised characteristic.
In a preferred embodiment of the present invention, the preset camouflage characteristic includes: an unauthenticated feature;
the disguised characteristic judging module is further used for judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record; and if not, determining that the session record conforms to the preset disguised characteristic.
In a preferred embodiment of the present invention, the disguised feature determining module is further configured to:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
In a third aspect, an embodiment of the present invention provides a mobile terminal. In one possible design, the mobile terminal may be configured to include a processor and a memory, the memory being configured to store a program that enables the processor to perform the above-described method, the processor being configured to execute the program stored in the memory. The mobile terminal may also include a communication interface for the mobile terminal to communicate with other devices or a communication network.
In a fourth aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for the redirection management apparatus, which includes a program designed for executing the redirection management apparatus in the above aspect.
Compared with the prior art, according to the redirection control method, the redirection control device and the mobile terminal provided by the embodiment of the invention, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode, the session record in the high-system network mode before the switching to the low-system network mode is called first, and if the session record conforms to the preset disguised characteristic, the mobile terminal refuses to execute the redirection operation corresponding to the redirection signaling, so that the mobile terminal is prevented from accessing an illegal network, and the use safety of the mobile terminal is improved.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a redirection management and control method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a redirection management and control method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a redirection management and control method according to a third embodiment of the present invention;
fig. 4 is a block diagram of a redirection management and control apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of another redirection management and control apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of a mobile terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Redirection is one of interoperation processes between a high-system network and a low-system network, and taking redirection between an LTE (Long term evolution) network and a 2G/3G network as an example, redirection before RRC (Radio resource control) connection and redirection after RRC connection are generally included. The redirection before RRC connection refers to that in the RRC establishment process, when the serving cell load is high, the System may reject the RRC connection, and at this time, the network device may send an RRCReject reject message to the Mobile terminal, and indicate, in the reject message, that the Mobile terminal attempts information of a different System, such as a frequency point of a new cell. The redirection after the RRC connection is established is that the network device initiates an RRC release and redirection message to the mobile terminal, carries the inter-system neighbor frequency point, and instructs the mobile terminal to re-access the inter-system neighbor of the frequency point, and this scheme is generally used for redirection between a high-standard network and a low-standard network, for example: LTE to 2G/3G redirection and 2G/3G to LTE redirection.
The pseudo base station can redirect attacks in the process of redirecting the mobile terminal, the pseudo base station becomes an important implementation means for spam messages such as advertisements, fraud and the like at present, the harm is great, generally, when the pseudo base station attacks a high-standard network such as an LTE network, an attacker can force a mobile phone to fall into a preset pseudo base station through signaling interaction between a malicious base station and a target mobile phone, and once a mobile phone signal falls into a 2G/3G pseudo base station, the attacker can monitor mobile phone calls and short message messages in a man-in-the-middle attack manner.
Generally, the 2G pseudo base station is a GSM (global system for mobile communications) pseudo base station, and an attacker uses another mobile terminal, such as a mobile phone, as an attack mobile phone to register the identity of a target mobile phone in an existing network of an operator, so that the existing network has all the identities of the target mobile phone, and can make and receive calls and send short messages with the identity of the target mobile phone, which is a GSM man-in-the-middle attack. The attack method can intercept all short messages sent to the target mobile phone, so that any network service using the short message verification code as an identity authentication mechanism, including a mobile banking system and a mobile payment system, can be attacked, and the use of the mobile terminal is threatened safely.
Based on this, the embodiment of the invention provides a redirection control method, a redirection control device, network equipment and a mobile terminal, so as to improve the use safety of the mobile terminal.
In order to facilitate understanding of the embodiment of the present invention, a detailed description is first given to a redirection management and control method disclosed in the embodiment of the present invention.
Example one
The embodiment provides a redirection management and control method, which can be applied to a mobile terminal. Fig. 1 shows a flowchart of the redirection management and control method, as shown in fig. 1, the method includes the following steps:
step S102, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode, calling the session record in the high-system network mode before switching to the low-system network mode.
The low-profile network mode includes 2G (Second Generation mobile communication technology), 3G (Third Generation mobile communication technology), and the like. Typical 2G networks include a Global System for Mobile communications/General Packet Radio Service (GSM) network or a General Packet Radio Service (GPRS) network. Typical 3G networks include Universal Mobile Telecommunications System (UMTS) networks.
The high-system network mode includes 4G (Fourth Generation mobile communication technology), 4G + or 5G (Fifth Generation mobile communication technology), and the like. Typical 4G networks include Long Term Evolution (LTE) networks. The UMTS Network may also be referred to as Universal Terrestrial Radio Access Network (UTRAN), and the LTE Network may also be referred to as Evolved Universal Terrestrial Radio Access Network (E-UTRAN).
When the mobile terminal accesses the network for the first time or the network type of the mobile terminal changes, the mobile terminal sends a registration request message to the network side. When the mobile terminal enters another location area from one location area, the mobile terminal sends an area update request message to the network side. The Area Update request information is LAU (Location Area Update) request information or TAU (Tracking Area Update) request information.
Under the high standard network mode, the mobile terminal and the network adopt bidirectional authentication. The bidirectional authentication comprises user authentication and network authentication. The user authentication is that the network authenticates the user, so that the illegal user is prevented from occupying network resources. The network authentication is that a user authenticates a network, usually the network sends an authentication request message, the composition parameters of the request message usually comprise a random number (RAND), an authentication instruction and a secret key identifier, after receiving the authentication request message, the mobile terminal obtains an expected message authentication code through calculation, compares the expected message authentication code with a message authentication code contained in the received authentication request message, if the result is the same, the authentication is successful, and if the result is different, the currently connected network is identified as a wrong network, the connection is rejected, and the user is prevented from accessing an illegal network. The high-standard network mode improves the security of the network through bidirectional authentication. After the authentication is completed, the mobile terminal records the process of the authentication operation into the session record. Because the low-standard network mode, especially the 2G network, has a slow transmission rate, and a large number of security measures such as authentication may cause network bottlenecks, in order to relieve pressure, in the 2G network mode, one-way authentication, that is, user authentication, is adopted without network authentication.
The high-standard network mode adopts bidirectional authentication, so that the network security is higher, and the low-standard network mode adopts unidirectional authentication, so that the network security is lower. In order to enable the terminal user to successfully reside in the pseudo base station, the lawless person redirects the terminal user from the high-standard network mode to the low-standard network mode. For example, the mobile terminal may always measure signals of neighboring cells of a current serving cell in which the mobile terminal is located in an idle state, and reselect to the neighboring cell when the signal strength of the neighboring cell is greater than the signal strength of the current serving cell in which the mobile terminal is located. The pseudo base station can disguise itself as the base station of the operator and increase the transmission power of itself, so that the transmission signal intensity of the pseudo base station is greater than that of the real base station, and the attachment of the mobile terminal is attracted. After the mobile terminal sends an attachment request to the pseudo base station and before the authentication operation is started, the pseudo base station directly sends an attachment rejection message, then sends an RRC connection release message, the message carries link information of a low-standard network mode, instructs the mobile terminal to close the current connection, and then switches to a low-standard network base station or a frequency point indicated by an attacker. The attacker can utilize the pre-established malicious network to attack the mobile terminal in the next step.
The mobile terminal can be a mobile phone, a tablet computer, a vehicle-mounted computer, an intelligent wearable device and the like. The network device may be a base station, a network switch, a radio access point, etc., and is capable of transmitting radio signals in a certain coverage area and performing information transfer with mobile terminals in the coverage area. The redirection signaling sent by the network device may be a signaling for triggering the mobile terminal to perform frequency point search, for example, a network search signaling containing one or more frequency point information for the mobile terminal to connect to. And when the mobile terminal receives a redirection signaling of the network equipment in the low-standard network mode, calling the session record in the high-standard network mode before switching to the low-standard network mode. If the mobile terminal authenticates with the network device in the high-standard network mode, the session record should be kept with the authentication record. If the session record has no corresponding authentication record, which indicates that the mobile terminal has not authenticated the network device in the high-standard network mode, the network device in the high-standard network mode may be untrustworthy. At this time, the network device in the high-system network-oriented low-system network mode is also considered to be untrustworthy.
Step S104, judging whether the session record conforms to the preset disguise characteristic; if yes, go to step S106; if not, step S108 is performed.
And step S106, refusing to execute the redirection operation corresponding to the redirection signaling.
And step S108, executing redirection operation corresponding to the redirection signaling.
And if the session record does not have the authentication record between the mobile terminal and the network equipment in the high-standard network mode, considering that the network equipment in the low-standard network mode is untrustworthy, refusing to execute redirection operation corresponding to the redirection signaling, and refusing to connect any frequency point provided by the redirection signaling. And if the session record contains the authentication record between the mobile terminal and the network equipment in the high-standard network mode, the network equipment in the low-standard network mode is considered to be trustable, and redirection operation corresponding to redirection signaling is executed.
In the redirection control method provided by this embodiment, when the mobile terminal receives the redirection signaling of the network device in the low-system network mode, the session record in the high-system network mode before the switching to the low-system network mode is first retrieved, and if the session record meets the preset disguised feature, the mobile terminal refuses to execute the redirection operation corresponding to the redirection signaling, so as to prevent the mobile terminal from accessing an illegal network, and improve the use security of the mobile terminal.
Example two
On the basis of the first embodiment, the present embodiment provides another redirection management and control method, and fig. 2 shows a flowchart of the redirection management and control method, and as shown in fig. 2, the method includes the following steps:
step S202, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode, the session record in the high-system network mode before the mobile terminal is switched to the low-system network mode is called.
Step S204, judging whether an authentication record exists in the process of switching from the high-system network mode to the low-system network mode according to the session record; if yes, go to step S206; if not, step S208 is performed.
In actual use, the mobility management procedure of the mobile terminal may be divided into an attach procedure, a tracking area update procedure, and a detach procedure. The tracking area is also called ta (tracking area), which is a concept newly set up by the LTE system for location management of the mobile terminal, and Tracking Area Update (TAU) is an important process in a protocol stack of the LTE mobile terminal, so that the mobile terminal notifies the network device of the current location of the mobile terminal. Redirection is typically triggered when the mobile terminal performs a tracking area update or attach procedure.
Thus, the redirection scenario may include one of the following scenarios:
(1) initiating a redirection signaling without authentication operation in the tracking area updating process; the signaling flow roughly comprises the following steps: tracking area update request signaling → tracking area update rejection signaling → redirection signaling initiated without authentication in the tracking area update process;
(2) initiating a redirection signaling without authentication operation in the attachment process; the signaling flow roughly comprises the following steps: attach request signaling → attach request reject signaling → redirect signaling initiated without authentication in attach request process;
(3) rejecting tracking area update in the tracking area update process, initiating an attach process on the basis of unauthorized operation, and initiating a redirection signaling in the attach process without authenticated operation. The signaling flow roughly comprises the following steps: tracking area update request signaling → tracking area update reject signaling → tracking area update procedure not authenticated but initiated attach request signaling → attach request reject signaling → attach request procedure not authenticated but initiated redirect signaling.
(4) Other redirect requests and have not previously successfully completed authentication in this network.
Therefore, when judging whether the authentication record exists in the process of switching from the high-system network mode to the low-system network mode, determining a switching scene from the high-system network mode to the low-system network mode according to the session record; when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment.
Wherein the specific scene comprises at least one of:
redirecting to the network device without authentication operation in the tracking area updating process;
redirecting to the network device without authentication operation in the attaching process;
rejecting tracking area update in the tracking area update process, initiating an attach process on the basis of an unauthorized operation, and redirecting to a network device without an authenticated operation in the attach process.
Step S206, a redirection operation corresponding to the redirection signaling is executed.
And step S208, determining that the session record conforms to the preset disguised characteristic.
Step S210, refusing to execute the redirection operation corresponding to the redirection signaling.
In the redirection control method provided by this embodiment, when the mobile terminal receives the redirection signaling of the network device in the low-system network mode, the session record in the high-system network mode before being switched to the low-system network mode is first retrieved, and if the session record does not have the authentication record in the process of being switched from the high-system network mode to the low-system network mode, the mobile terminal refuses to execute the redirection operation corresponding to the redirection signaling, so as to prevent the mobile terminal from accessing an illegal network, and improve the use security of the mobile terminal.
EXAMPLE III
On the basis of the foregoing embodiment, the present embodiment provides another redirection management and control method, and fig. 3 shows a flowchart of the redirection management and control method, as shown in fig. 3, the method includes the following steps:
step S302, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode, the session record in the high-system network mode before the switching to the low-system network mode is called.
Step S304, judging whether the session record conforms to the preset disguise characteristics; if yes, go to step S308; if not, step S306 is performed.
Step S306, a redirection operation corresponding to the redirection signaling is executed.
Step S308, refusing to execute the redirection operation corresponding to the redirection signaling.
Step S310, network searching operation of the high-system network mode or the low-system network mode is carried out again.
When the current interactive network equipment is considered to be untrustworthy network equipment, the mobile terminal can refuse to execute redirection operation corresponding to the redirection signaling of the network equipment, or disconnect the connection with the current network equipment, or refuse to respond to the redirection signaling of the network equipment while disconnecting the connection, and re-search for an available network, so that the signaling interaction with a pseudo base station or a frequency point is avoided, and the use safety of the mobile terminal is ensured.
In the method for identifying the pseudo base station, when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode in the redirection scene process, whether the session record accords with the preset disguise characteristic is judged by calling the session record in the high-system network mode before switching to the low-system network mode, if so, the mobile terminal refuses to execute redirection operation corresponding to the redirection signaling, so that the mobile terminal is prevented from accessing an illegal network, and the use safety of the mobile terminal is improved.
It should be noted that the above embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
Example four
Correspondingly, the present embodiment provides a redirection management and control device, which may be applied to a mobile terminal. As shown in fig. 4 and 5, the apparatus includes:
a session record retrieving module 41, configured to retrieve a session record in the high-system network mode before switching to the low-system network mode when the mobile terminal receives a redirection signaling of the network device in the low-system network mode;
a disguise feature determination module 42, configured to determine whether the session record meets a preset disguise feature;
and a refusing redirection module 43, configured to refuse to execute a redirection operation corresponding to the redirection signaling when the session record conforms to the preset disguise feature.
The low-standard network mode comprises 2G or 3G, and the high-standard network mode comprises: 4G, 4G + or 5G.
The preset camouflage characteristic may include: unauthenticated features.
The disguised feature determination module 42 may be further configured to determine whether an authentication record exists in a process of switching from the high-system network mode to the low-system network mode according to the session record; and if not, determining that the session record conforms to the preset disguised characteristic.
Further, the disguised feature determination module 42 may be further configured to determine a switching scenario for switching from the high-system network mode to the low-system network mode according to the session record; when the switching scene is a specific scene, determining that the session record has no authentication record of the network equipment.
Wherein the specific scenario includes at least one of: redirecting to the network device without an authentication operation in a tracking area update process; redirecting to the network device without an authentication operation during an attach procedure; rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
Optionally, the apparatus further includes a network searching module 44, configured to perform network searching again in the high-system network mode or the low-system network mode when it is determined that the session record conforms to the preset disguised feature.
EXAMPLE five
Corresponding to the above embodiments, the present embodiment provides a mobile terminal. The mobile terminal can be a mobile phone, a tablet computer, a Point of sale (POS), a vehicle-mounted computer, an intelligent wearable device and other terminal devices.
Fig. 6 shows a block diagram of a mobile terminal according to an embodiment of the present invention. As shown in fig. 6, for convenience of illustration, only the portion related to the embodiment of the present invention is shown, and details of the technique are not disclosed, please refer to the method portion of the embodiment of the present invention. The mobile terminal 100 includes: a Radio Frequency (RF) circuit 110, a memory 120, an input unit 130, a display unit 140, a sensor 150, an audio circuit 160, a wireless fidelity (WiFi) module 170, a processor 180, and a power supply 190. Those skilled in the art will appreciate that the mobile terminal 100 configuration shown in fig. 6 does not constitute a limitation of the mobile terminal 100 and may include more or less components than those shown, or some components in combination, or a different arrangement of components.
The following describes each component of the mobile terminal 100 in detail with reference to fig. 6:
the RF circuit 110 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, receives downlink information of a base station and then processes the received downlink information to the processor 180; in addition, the data for designing uplink is transmitted to the base station. In general, the RF circuit 110 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 110 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to global system for Mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Messaging Service (SMS), and the like.
The memory 120 may be used to store software programs and modules, such as program instructions/modules corresponding to the redirection management method and apparatus in the embodiments of the present invention, and the processor 180 executes various functional applications and data processing of the mobile terminal 100 by running the software programs and modules stored in the memory 120, such as the redirection management method provided in the embodiments of the present invention. The memory 120 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the mobile terminal 100, and the like. Further, the memory 120 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 130 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the mobile terminal 100. Specifically, the input unit 130 may include a touch panel 131 and other input devices 132. The touch panel 131, also referred to as a touch screen, may collect touch operations of a user on or near the touch panel 131 (e.g., operations of the user on or near the touch panel 131 using any suitable object or accessory such as a finger or a stylus pen), and drive the corresponding connection device according to a preset program. Alternatively, the touch panel 131 may include two parts, i.e., a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 180, and can receive and execute commands sent by the processor 180. In addition, the touch panel 131 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 130 may include other input devices 132 in addition to the touch panel 131. In particular, other input devices 132 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 140 may be used to display information input by the user or information provided to the user and various menus of the mobile terminal 100. The Display unit 140 may include a Display panel 141, and optionally, the Display panel 141 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 131 can cover the display panel 141, and when the touch panel 131 detects a touch operation on or near the touch panel 131, the touch operation is transmitted to the processor 180 to determine the type of the touch event, and then the processor 180 performs processing according to the type of the touch event. Although in fig. 6, the touch panel 131 and the display panel 141 are two separate components to implement the input and output functions of the mobile terminal 100, in some embodiments, the touch panel 131 and the display panel 141 may be integrated to implement the input and output functions of the mobile terminal 100.
The mobile terminal 100 may also include at least one sensor 150, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 141 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 141 and/or a backlight when the mobile terminal 100 is moved to the ear. As one of the motion sensors, the accelerometer sensor may detect the magnitude of acceleration in each direction (generally, three axes), detect the magnitude and direction of gravity when stationary, and may be used for applications (such as horizontal and vertical screen switching, related games, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping) and the like) for recognizing the attitude of the mobile terminal 100, and the mobile terminal 100 may further be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, an infrared sensor and the like, which are not described herein again.
Audio circuitry 160, speaker 161, and microphone 162 may provide an audio interface between a user and mobile terminal 100. The audio circuit 160 may transmit the electrical signal converted from the received audio data to the speaker 161, and convert the electrical signal into a sound signal for output by the speaker 161; on the other hand, the microphone 162 converts the collected sound signal into an electric signal, converts the electric signal into audio data after being received by the audio circuit 160, and then outputs the audio data to the processor 180 for processing, and then transmits the audio data to, for example, another mobile terminal 100 via the RF circuit 110, or outputs the audio data to the memory 120 for further processing.
WiFi belongs to a short-distance wireless transmission technology, and the mobile terminal 100 can help a user send and receive e-mails, browse web pages, access streaming media, and the like through the WiFi module 170, and it provides a wireless broadband internet access for the user. Although fig. 6 shows the WiFi module 170, it is understood that it does not belong to the essential constitution of the mobile terminal 100, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 180 is a control center of the mobile terminal 100, connects various parts of the entire mobile terminal 100 using various interfaces and lines, and performs various functions of the mobile terminal 100 and processes data by running or executing software programs and/or modules stored in the memory 120 and calling data stored in the memory 120, thereby monitoring the mobile terminal 100 as a whole. Alternatively, processor 180 may include one or more processing units; optionally, the processor 180 may integrate an application processor and a modem processor, wherein the application processor mainly handles operating systems, user interfaces, application programs, and the like, and the modem processor mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 180.
The mobile terminal 100 further includes a power supply 190 (e.g., a battery) for supplying power to various components, and optionally, the power supply may be logically connected to the processor 180 via a power management system, so as to manage charging, discharging, and power consumption via the power management system.
It is to be understood that the configuration shown in fig. 6 is merely exemplary, and that the mobile terminal 100 may include more or fewer components than shown in fig. 6, or have a different configuration than shown in fig. 6. The components shown in fig. 6 may be implemented in hardware, software, or a combination thereof.
In the embodiment of the present invention, the mobile terminal 100 is installed with a client, which may be a third-party application software, such as a network connection software, to provide a networking service for a user.
Further, the present invention also provides a machine-readable storage medium, which stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement the redirection management and control method.
The implementation principle and the generated technical effect of the redirection management and control device and the mobile terminal provided by the embodiment of the invention are the same as those of the method embodiment, and for brief description, no part of the embodiment of the device is mentioned, and reference may be made to the corresponding content in the method embodiment.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module or unit in each embodiment of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions or without necessarily implying any relative importance. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
The embodiment of the invention also discloses:
A1. a redirection management and control method is applied to a mobile terminal and comprises the following steps:
when the mobile terminal receives a redirection signaling of network equipment in a low-standard network mode, calling a session record in a high-standard network mode before switching to the low-standard network mode;
judging whether the session record conforms to a preset disguised characteristic;
if yes, refusing to execute the redirection operation corresponding to the redirection signaling.
A2. The method according to a1, wherein the preset camouflage characteristics comprise: an unauthenticated feature;
the step of judging whether the session record conforms to a preset disguised characteristic includes:
judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record;
and if not, determining that the session record conforms to the preset disguised characteristic.
A3. According to the method described in a2, the step of determining whether there is an authentication record in the process of switching from the high-standard network mode to the low-standard network mode according to the session record includes:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
A4. The method of a1, the method further comprising:
and when the session record is judged to accord with the preset disguised characteristic, network searching operation of the high-system network mode or the low-system network mode is carried out again.
A5. The method of any one of a 1-a 4, the low-standard network mode comprising 2G or 3G, the high-standard network mode comprising: 4G, 4G + or 5G.
B6. A redirection management and control device is applied to a mobile terminal and comprises:
the session record calling module is used for calling the session record in the high-system network mode before the low-system network mode when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode;
the disguised characteristic judging module is used for judging whether the session record meets the preset disguised characteristic or not;
and the redirection refusing module is used for refusing to execute the redirection operation corresponding to the redirection signaling when the session record conforms to the preset disguised characteristic.
B7. The apparatus of B6, the preset camouflage feature comprising: an unauthenticated feature;
the disguised characteristic judging module is further used for judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record; and if not, determining that the session record conforms to the preset disguised characteristic.
B8. The apparatus of B7, the disguised feature determination module further configured to:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
B9. The apparatus of B6, the apparatus further comprising:
and the network searching module is used for carrying out network searching operation again in the high-standard network mode or the low-standard network mode when the session record is judged to accord with the preset disguised characteristic.
B10. The apparatus according to any one of B6-B9, the low-standard network mode comprising 2G or 3G, the high-standard network mode comprising: 4G, 4G + or 5G.
C11. A mobile terminal comprising a memory for storing a program enabling a processor to perform the method of any of a1 to a5 and a processor configured to execute the program stored in the memory.
D12. A computer storage medium storing computer software instructions for use with an apparatus according to any one of B6 to B10.

Claims (12)

1. A redirection management and control method is applied to a mobile terminal and comprises the following steps:
when the mobile terminal receives a redirection signaling of network equipment in a low-standard network mode, calling a session record in a high-standard network mode before switching to the low-standard network mode;
judging whether the session record conforms to a preset disguised characteristic; the preset camouflage characteristics include: an unauthenticated feature;
if yes, refusing to execute the redirection operation corresponding to the redirection signaling.
2. The method of claim 1,
the step of judging whether the session record conforms to a preset disguised characteristic includes:
judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record;
and if not, determining that the session record conforms to the preset disguised characteristic.
3. The method according to claim 2, wherein said step of determining whether there is an authentication record in the process of switching from the high-standard network mode to the low-standard network mode according to the session record comprises:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
4. The method of claim 1, further comprising:
and when the session record is judged to accord with the preset disguised characteristic, network searching operation of the high-system network mode or the low-system network mode is carried out again.
5. The method according to any one of claims 1 to 4, wherein the low-standard network mode comprises 2G or 3G, and the high-standard network mode comprises: 4G, 4G + or 5G.
6. The utility model provides a management and control device redirects which characterized in that, the device is applied to mobile terminal, includes:
the session record calling module is used for calling the session record in the high-system network mode before the low-system network mode when the mobile terminal receives the redirection signaling of the network equipment in the low-system network mode;
the disguised characteristic judging module is used for judging whether the session record meets the preset disguised characteristic or not; the preset camouflage characteristics include: an unauthenticated feature;
and the redirection refusing module is used for refusing to execute the redirection operation corresponding to the redirection signaling when the session record conforms to the preset disguised characteristic.
7. The apparatus of claim 6,
the disguised characteristic judging module is further used for judging whether an authentication record exists in the process of switching from the high-standard network mode to the low-standard network mode or not according to the session record; and if not, determining that the session record conforms to the preset disguised characteristic.
8. The apparatus of claim 7, wherein the disguised feature determination module is further configured to:
determining a switching scene for switching from the high-standard network mode to the low-standard network mode according to the session record;
when the switching scene is a specific scene, determining that the session record does not have the authentication record of the network equipment; wherein the specific scenario includes at least one of:
redirecting to the network device without an authentication operation in a tracking area update process;
redirecting to the network device without an authentication operation during an attach procedure;
rejecting tracking area updates and initiating an attach procedure based on an unauthorized operation in a tracking area update procedure and redirecting to the network device without an authenticated operation in an attach procedure.
9. The apparatus of claim 6, further comprising:
and the network searching module is used for carrying out network searching operation again in the high-standard network mode or the low-standard network mode when the session record is judged to accord with the preset disguised characteristic.
10. The apparatus according to any one of claims 6 to 9, wherein the low-standard network mode comprises 2G or 3G, and the high-standard network mode comprises: 4G, 4G + or 5G.
11. A mobile terminal, characterized in that the mobile terminal comprises a memory for storing a program enabling a processor to perform the method of any of claims 1 to 5 and a processor configured for executing the program stored in the memory.
12. A computer storage medium storing computer software instructions for use by the apparatus of any one of claims 6 to 10.
CN201710963107.XA 2017-10-16 2017-10-16 Redirection control method and device and mobile terminal Active CN107708115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710963107.XA CN107708115B (en) 2017-10-16 2017-10-16 Redirection control method and device and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710963107.XA CN107708115B (en) 2017-10-16 2017-10-16 Redirection control method and device and mobile terminal

Publications (2)

Publication Number Publication Date
CN107708115A CN107708115A (en) 2018-02-16
CN107708115B true CN107708115B (en) 2020-11-06

Family

ID=61183658

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710963107.XA Active CN107708115B (en) 2017-10-16 2017-10-16 Redirection control method and device and mobile terminal

Country Status (1)

Country Link
CN (1) CN107708115B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110393022A (en) * 2018-02-22 2019-10-29 联发科技(新加坡)私人有限公司 The trace regions of intersystem handover update process and improve in mobile communication
CN109673022B (en) * 2018-12-14 2020-08-04 浙江三维通信科技有限公司 Method and system for controlling L TE terminal by using signaling of multiple detection base stations
CN113055934B (en) * 2021-03-26 2022-06-10 RealMe重庆移动通信有限公司 Method and device for processing redirection information, terminal equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2503810A1 (en) * 2011-03-23 2012-09-26 MIMOON GmbH Method and apparatus for protecting wireless access points against relocation
CN105722077A (en) * 2016-01-29 2016-06-29 宇龙计算机通信科技(深圳)有限公司 Network residing method, network residing system and terminal
CN105792215A (en) * 2016-04-29 2016-07-20 努比亚技术有限公司 Detection method of pseudo base station and terminal thereof
CN106211157A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 Base station reorientation method and base station redirection device
CN106231572A (en) * 2016-07-29 2016-12-14 宇龙计算机通信科技(深圳)有限公司 Pseudo-base station refuse messages discrimination method and system
CN106686601A (en) * 2017-03-16 2017-05-17 珠海市魅族科技有限公司 Pseudo base station protection method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2503810A1 (en) * 2011-03-23 2012-09-26 MIMOON GmbH Method and apparatus for protecting wireless access points against relocation
CN105722077A (en) * 2016-01-29 2016-06-29 宇龙计算机通信科技(深圳)有限公司 Network residing method, network residing system and terminal
CN105792215A (en) * 2016-04-29 2016-07-20 努比亚技术有限公司 Detection method of pseudo base station and terminal thereof
CN106211157A (en) * 2016-06-30 2016-12-07 北京奇虎科技有限公司 Base station reorientation method and base station redirection device
CN106231572A (en) * 2016-07-29 2016-12-14 宇龙计算机通信科技(深圳)有限公司 Pseudo-base station refuse messages discrimination method and system
CN106686601A (en) * 2017-03-16 2017-05-17 珠海市魅族科技有限公司 Pseudo base station protection method and device

Also Published As

Publication number Publication date
CN107708115A (en) 2018-02-16

Similar Documents

Publication Publication Date Title
CN107466041B (en) Method and device for identifying pseudo base station and mobile terminal
CN106714250B (en) Cell registration method and device and computer readable storage medium
CN107707538B (en) Data transmission method and device, mobile terminal and computer readable storage medium
CN107071775B (en) Mobile terminal and method and device for redirecting access to base station
CN108769976B (en) Network attachment control method and device and mobile terminal
CN107040543B (en) Single sign-on method, terminal and storage medium
CN109600740B (en) File downloading method and device and computer readable storage medium
CN109819489B (en) Terminal calling method and terminal
CN107506646B (en) Malicious application detection method and device and computer readable storage medium
CN106550361B (en) Data transmission method, equipment and computer readable storage medium
CN107682860B (en) Redirection control method, device, network equipment and mobile terminal
CN108075899B (en) Identity authentication method, mobile terminal and computer readable storage medium
CN104683301B (en) Password storage method and device
CN107959952B (en) Method and terminal for detecting inter-system cell
CN110022553B (en) User identity identification card management method and mobile terminal
CN107708115B (en) Redirection control method and device and mobile terminal
EP3565308A1 (en) Method and device for registering to cell
CN107295591B (en) Call method, device, computer storage medium and mobile terminal
CN108235312A (en) Communication control method, device and the mobile terminal of mobile terminal
US20160142431A1 (en) Session processing method and device, server and storage medium
CN110677851A (en) Terminal network access method and network access equipment access method
CN108513010B (en) Terminal unlocking method, terminal and computer readable storage medium
CN111357245B (en) Information searching method, terminal, network equipment and system
CN113825163A (en) Reconstruction method in communication abnormality, terminal device, and storage medium
CN112153032B (en) Information processing method, device, computer readable storage medium and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant