CN110198541A - A kind of adaptive approach and system for network security - Google Patents
A kind of adaptive approach and system for network security Download PDFInfo
- Publication number
- CN110198541A CN110198541A CN201910476514.7A CN201910476514A CN110198541A CN 110198541 A CN110198541 A CN 110198541A CN 201910476514 A CN201910476514 A CN 201910476514A CN 110198541 A CN110198541 A CN 110198541A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- network security
- modulation
- reception end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B17/00—Monitoring; Testing
- H04B17/30—Monitoring; Testing of propagation channels
- H04B17/309—Measuring or estimating channel quality parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of adaptive approach and system for network security, transmitting terminal carries network security data and user ID data in certification request, and determines adaptive modulation system according to the first CSI value of the importance of transmission services and transmission channel;Relay reception end determines adaptive demodulation mode according to the business importance that the 2nd CSI value of estimation transmission channel and the business data packet of last Successful transmissions are estimated, and extraction network security data and user ID data are authenticated from solution adjusting data, certification passes through rear directly issuing service data, certification request and service request are combined into one, guarantee that verification process is rapidly completed, reduces the occupancy to mobile transmission channel as far as possible.
Description
Technical field
This application involves field of communication technology more particularly to a kind of adaptive approach and system for network security.
Background technique
Prior art needs certification request, then carries out service request, after server needs two secondary responses, under could starting
Sending service data are directed to a large amount of signaling overheads.And in the state that terminal is in mobile, it is easy to signaling is lost,
Causing to authenticate imperfect or business datum normally to download.It needs to provide a kind of improved authentication mode, simplifies terminal authentication
Link.
Summary of the invention
The purpose of the present invention is to provide a kind of adaptive approach and system for network security, considers that terminal is in and move
In the state of dynamic, certification request and service request are combined into one, and adaptive according to the characteristic of transmission channel, business characteristic
Transmission mode is selected, guarantees that verification process is rapidly completed, reduces the occupancy to mobile transmission channel as far as possible.
In a first aspect, the application provides a kind of adaptive approach for network security, which comprises
Transmitting terminal obtains network security data and user ID data, according to the importance of transmission services, determines corresponding excellent
First grade sends certification request to receiving end, the certification is asked according to the sequential selection modulation system of priority level from high to low
Network security data and user ID data are carried in asking;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described
The adaptively selected a kind of order of modulation of first CSI value, according to the modulation system and order of modulation of selection, the certification request number
It is modulated to information symbol according to stream, relay reception end is sent to by transmission network;
Relay reception end receives the information symbol that transmitting terminal is sent by transmission network, estimates the 2nd CSI of transmission channel
Value, is obtained according to the adaptively selected a kind of order of modulation of the 2nd CSI value according to the business data packet of last Successful transmissions
The business importance that must be transmitted determines corresponding priority level, from high to low according to priority level according to the importance of transmission services
Sequential selection demodulation mode the information symbol received is demodulated into data according to the demodulation mode and order of modulation of selection
Stream;
Relay reception end extracts the network security data and user ID data from the data flow after demodulation, will use
Family identity data is matched with the access relation model of local special object, judges the corresponding role of user, and selection is corresponding
Certification policy;
According to the certification policy, network security data is parsed, network access behavior therein is judged and access object is
No role match corresponding to the user, relay reception end issues industry to transmitting terminal by the certification request of user if matching
Business data, the certification request of relay reception end refusal user if mismatching, reply refusal to transmitting terminal and notify.
With reference to first aspect, in a first possible implementation of that first aspect, the transmission where the estimation carrier wave
First CSI value of channel includes:
The transmitting terminal CSI value inaccurate by feedback link fetching portion.
With reference to first aspect, in a second possible implementation of that first aspect, the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
With reference to first aspect, in first aspect in the third possible implementation, server obtains going through for special object
History accesses data and identity data, and the access relation model of the special object is summarized in study;
Relay reception end issues the access relation model to server request, and the access relation module issued is saved
In local.
Second aspect, the application provide a kind of Adaptable System for network security, the system comprises:
Transmitting terminal, according to the importance of transmission services, determines phase for obtaining network security data and user ID data
Priority level is answered, according to the sequential selection modulation system of priority level from high to low, sends certification request to receiving end, it is described to recognize
Network security data and user ID data are carried in card request;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described
The adaptively selected a kind of order of modulation of first CSI value, according to the modulation system and order of modulation of selection, the certification request number
It is modulated to information symbol according to stream, relay reception end is sent to by transmission network;
The of transmission channel is estimated for receiving the information symbol that transmitting terminal is sent by transmission network in relay reception end
Two CSI values, according to the adaptively selected a kind of order of modulation of the 2nd CSI value, according to the business datum of last Successful transmissions
Packet, obtain the business importance of transmission, according to the importance of transmission services, determine corresponding priority level, according to priority level by
High to Low sequential selection demodulation mode demodulates the information symbol received according to the demodulation mode and order of modulation of selection
For data flow;And the network security data and user ID data are extracted from the data flow after demodulation, by user's body
Part data are matched with the access relation model of local special object, judge the corresponding role of user, select corresponding certification
Strategy;According to the certification policy, parse network security data, judge network access behavior therein and access object whether with
The corresponding role match of user, relay reception end is by the certification request of user if matching, to transmitting terminal issuing service number
According to the certification request of relay reception end refusal user if mismatching replys refusal notice to transmitting terminal;
Server, the history for obtaining special object access data and identity data, and it is described specific right that study is summarized
The access relation model of elephant;The access relation model is issued according to the request at relay reception end.
In conjunction with second aspect, in second aspect in the first possible implementation, the second of the estimation transmission channel
After CSI value, further includes:
The channel estimator of mobile relay receiving end side sends the channel estimated to transmitting terminal by feedback link and increases
Benefit, the selection for the modulation system to signal.
In conjunction with second aspect, in second of second aspect possible implementation, the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
In conjunction with second aspect, in second aspect in the third possible implementation, server obtains going through for special object
History accesses data and identity data, and the access relation model of the special object is summarized in study;
Relay reception end issues the access relation model to server request, and the access relation module issued is saved
In local.
The invention discloses a kind of adaptive approach and system for network security, transmitting terminal carries in certification request
There are network security data and user ID data, and is determined according to the importance of transmission services and the first CSI value of transmission channel
Adaptive modulation system;Relay reception end is according to the 2nd CSI value of estimation transmission channel and the business of last Successful transmissions
The business importance that data packet is estimated determines adaptive demodulation mode, and extracts network security data and use from solution adjusting data
Family identity data is authenticated, and certification request and service request are combined into one, are protected by rear directly issuing service data by certification
Card verification process is rapidly completed, and reduces the occupancy to mobile transmission channel as far as possible.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment
Attached drawing is briefly described, it should be apparent that, for those of ordinary skills, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of adaptive approach of the present invention;
Fig. 2 is the frame diagram of Adaptable System of the present invention.
Specific embodiment
The preferred embodiment of the present invention is described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy
It is easier to be readily appreciated by one skilled in the art, so as to make a clearer definition of the protection scope of the present invention.
Fig. 1 is the flow chart of adaptive approach provided by the present application, which comprises
Transmitting terminal obtains network security data and user ID data, according to the importance of transmission services, determines corresponding excellent
First grade sends certification request to receiving end, the certification is asked according to the sequential selection modulation system of priority level from high to low
Network security data and user ID data are carried in asking;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described
The adaptively selected a kind of order of modulation of first CSI value, according to the modulation system and order of modulation of selection, the certification request number
It is modulated to information symbol according to stream, relay reception end is sent to by transmission network;
Relay reception end receives the information symbol that transmitting terminal is sent by transmission network, estimates the 2nd CSI of transmission channel
Value, is obtained according to the adaptively selected a kind of order of modulation of the 2nd CSI value according to the business data packet of last Successful transmissions
The business importance that must be transmitted determines corresponding priority level, from high to low according to priority level according to the importance of transmission services
Sequential selection demodulation mode the information symbol received is demodulated into data according to the demodulation mode and order of modulation of selection
Stream;
Relay reception end extracts the network security data and user ID data from the data flow after demodulation, will use
Family identity data is matched with the access relation model of local special object, judges the corresponding role of user, and selection is corresponding
Certification policy;
According to the certification policy, network security data is parsed, network access behavior therein is judged and access object is
No role match corresponding to the user, relay reception end issues industry to transmitting terminal by the certification request of user if matching
Business data, the certification request of relay reception end refusal user if mismatching, reply refusal to transmitting terminal and notify.
In some preferred embodiments, the first CSI value of the transmission channel where the estimation carrier wave includes:
The transmitting terminal CSI value inaccurate by feedback link fetching portion.
In some preferred embodiments, the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
In some preferred embodiments, server obtains the history access data of special object and identity data, study are returned
Receive out the access relation model of the special object;
Relay reception end issues the access relation model to server request, and the access relation module issued is saved
In local.
Fig. 2 is the frame diagram of Adaptable System provided by the present application, the system comprises:
Transmitting terminal, according to the importance of transmission services, determines phase for obtaining network security data and user ID data
Priority level is answered, according to the sequential selection modulation system of priority level from high to low, sends certification request to receiving end, it is described to recognize
Network security data and user ID data are carried in card request;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described
The adaptively selected a kind of order of modulation of first CSI value, according to the modulation system and order of modulation of selection, the certification request number
It is modulated to information symbol according to stream, relay reception end is sent to by transmission network;
The of transmission channel is estimated for receiving the information symbol that transmitting terminal is sent by transmission network in relay reception end
Two CSI values, according to the adaptively selected a kind of order of modulation of the 2nd CSI value, according to the business datum of last Successful transmissions
Packet, obtain the business importance of transmission, according to the importance of transmission services, determine corresponding priority level, according to priority level by
High to Low sequential selection demodulation mode demodulates the information symbol received according to the demodulation mode and order of modulation of selection
For data flow;And the network security data and user ID data are extracted from the data flow after demodulation, by user's body
Part data are matched with the access relation model of local special object, judge the corresponding role of user, select corresponding certification
Strategy;According to the certification policy, parse network security data, judge network access behavior therein and access object whether with
The corresponding role match of user, relay reception end is by the certification request of user if matching, to transmitting terminal issuing service number
According to the certification request of relay reception end refusal user if mismatching replys refusal notice to transmitting terminal;
Server, the history for obtaining special object access data and identity data, and it is described specific right that study is summarized
The access relation model of elephant;The access relation model is issued according to the request at relay reception end.
In some preferred embodiments, after the 2nd CSI value of the estimation transmission channel, further includes:
The channel estimator of relay reception end side sends the channel gain estimated to transmitting terminal by feedback link, uses
In the selection of the modulation system to signal.
In some preferred embodiments, the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
In some preferred embodiments, server obtains the history access data of special object and identity data, study are returned
Receive out the access relation model of the special object;
Relay reception end issues the access relation model to server request, and the access relation module issued is saved
In local.
In the specific implementation, the present invention also provides a kind of computer storage mediums, wherein the computer storage medium can deposit
Program is contained, which may include step some or all of in each embodiment of the present invention when executing.The storage medium
It can be magnetic disk, CD, read-only memory (referred to as: ROM) or random access memory (referred to as: RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software
The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present invention substantially or
The part that contributes to existing technology can be embodied in the form of software products, which can store
In storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions use is so that a computer equipment (can be
Personal computer, server or network equipment etc.) it executes described in certain parts of each embodiment of the present invention or embodiment
Method.
The same or similar parts between the embodiments can be referred to each other for this specification.For embodiment,
Since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to the explanation in embodiment of the method
?.
Invention described above embodiment is not intended to limit the scope of the present invention..
Claims (8)
1. a kind of adaptive approach for network security characterized by comprising
Transmitting terminal obtains network security data and user ID data and determines corresponding priority scheduling according to the importance of transmission services
Grade sends certification request to receiving end, in the certification request according to the sequential selection modulation system of priority level from high to low
Carry network security data and user ID data;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described first
The adaptively selected a kind of order of modulation of CSI value, according to the modulation system and order of modulation of selection, the certification request data flow
It is modulated to information symbol, relay reception end is sent to by transmission network;
Relay reception end receives the information symbol that transmitting terminal is sent by transmission network, estimates the 2nd CSI value of transmission channel, root
It is transmitted according to the adaptively selected a kind of order of modulation of the 2nd CSI value according to the business data packet of last Successful transmissions
Business importance corresponding priority level is determined according to the importance of transmission services, according to the sequence of priority level from high to low
Select demodulation mode that the information symbol received is demodulated into data flow according to the demodulation mode and order of modulation of selection;
Relay reception end extracts the network security data and user ID data from the data flow after demodulation, by user's body
Part data are matched with the access relation model of local special object, judge the corresponding role of user, select corresponding certification
Strategy;
According to the certification policy, parse network security data, judge network access behavior therein and access object whether with
The corresponding role match of user, relay reception end is by the certification request of user if matching, to transmitting terminal issuing service number
According to the certification request of relay reception end refusal user if mismatching replys refusal notice to transmitting terminal.
2. the method according to claim 1, wherein the first CSI of the transmission channel where the estimation carrier wave
Value includes:
The transmitting terminal CSI value inaccurate by feedback link fetching portion.
3. method according to claim 1 to 2, which is characterized in that the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
4. method according to claim 1 to 3, which is characterized in that the history access number of server acquisition special object
According to and identity data, study summarize the access relation model of the special object;
Relay reception end issues the access relation model to server request, and the access relation module issued is stored in this
Ground.
5. a kind of Adaptable System for network security, which is characterized in that the system comprises:
Transmitting terminal, according to the importance of transmission services, determines corresponding excellent for obtaining network security data and user ID data
First grade sends certification request to receiving end, the certification is asked according to the sequential selection modulation system of priority level from high to low
Network security data and user ID data are carried in asking;The network security data includes service request data;
Wherein, the selecting modulation mode includes: the first CSI value for estimating the transmission channel where carrier wave, according to described first
The adaptively selected a kind of order of modulation of CSI value, according to the modulation system and order of modulation of selection, the certification request data flow
It is modulated to information symbol, relay reception end is sent to by transmission network;
The 2nd CSI of transmission channel is estimated for receiving the information symbol that transmitting terminal is sent by transmission network in relay reception end
Value, is obtained according to the adaptively selected a kind of order of modulation of the 2nd CSI value according to the business data packet of last Successful transmissions
The business importance that must be transmitted determines corresponding priority level, from high to low according to priority level according to the importance of transmission services
Sequential selection demodulation mode the information symbol received is demodulated into data according to the demodulation mode and order of modulation of selection
Stream;And the network security data and user ID data are extracted from the data flow after demodulation, by user ID data
It is matched with the access relation model of local special object, judges the corresponding role of user, select corresponding certification policy;Root
According to the certification policy, parse network security data, judge network access behavior therein and access object whether with user couple
The role match answered, relay reception end is by the certification request of user if matching, to transmitting terminal issuing service data, if
The certification request for mismatching then relay reception end refusal user replys refusal notice to transmitting terminal;
Server, the history for obtaining special object access data and identity data, and the special object is summarized in study
Access relation model;The access relation model is issued according to the request at relay reception end.
6. system according to claim 5, which is characterized in that after the 2nd CSI value of the estimation transmission channel, also wrap
It includes:
The channel estimator of relay reception end side sends the channel gain estimated to transmitting terminal by feedback link, for pair
The selection of the modulation system of signal.
7. according to any system of claim 5-6, which is characterized in that the transmission services include:
One of multi-medium data, audio data, video data, text data or several combination.
8. according to any system of claim 5-7, which is characterized in that the history access number of server acquisition special object
According to and identity data, study summarize the access relation model of the special object;
Relay reception end issues the access relation model to server request, and the access relation module issued is stored in this
Ground.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910476514.7A CN110198541B (en) | 2019-06-03 | 2019-06-03 | Self-adaptive method and system for network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910476514.7A CN110198541B (en) | 2019-06-03 | 2019-06-03 | Self-adaptive method and system for network security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110198541A true CN110198541A (en) | 2019-09-03 |
| CN110198541B CN110198541B (en) | 2022-04-12 |
Family
ID=67753744
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910476514.7A Active CN110198541B (en) | 2019-06-03 | 2019-06-03 | Self-adaptive method and system for network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110198541B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478416A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Service processing method, synthetic service platform and service processing system |
| US20110072507A1 (en) * | 2009-09-21 | 2011-03-24 | Dis-Ent, Llc | Multi-identity access control tunnel relay object |
| CN102231693A (en) * | 2010-04-22 | 2011-11-02 | 北京握奇数据系统有限公司 | Method and apparatus for managing access authority |
| CN103874065A (en) * | 2012-12-17 | 2014-06-18 | 中国移动通信集团上海有限公司 | Method and device for judging user position abnormity |
| CN108924169A (en) * | 2018-09-17 | 2018-11-30 | 武汉思普崚技术有限公司 | A kind of visual network security system |
-
2019
- 2019-06-03 CN CN201910476514.7A patent/CN110198541B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478416A (en) * | 2009-02-02 | 2009-07-08 | 中国网络通信集团公司 | Service processing method, synthetic service platform and service processing system |
| US20110072507A1 (en) * | 2009-09-21 | 2011-03-24 | Dis-Ent, Llc | Multi-identity access control tunnel relay object |
| CN102231693A (en) * | 2010-04-22 | 2011-11-02 | 北京握奇数据系统有限公司 | Method and apparatus for managing access authority |
| CN103874065A (en) * | 2012-12-17 | 2014-06-18 | 中国移动通信集团上海有限公司 | Method and device for judging user position abnormity |
| CN108924169A (en) * | 2018-09-17 | 2018-11-30 | 武汉思普崚技术有限公司 | A kind of visual network security system |
Non-Patent Citations (1)
| Title |
|---|
| 高乾: "高速移动场景自适应传输优化研究", 《中国博士学位论文全文数据库工程科技Ⅱ辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110198541B (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105188055B (en) | wireless network access method, wireless access point and server | |
| TWI269558B (en) | Methods for transmitting closely-spaced packets in WLAN devices and systems | |
| CN105933888B (en) | A kind of eSIM card method for burn-recording and device based on NFC | |
| CN101662771A (en) | Method for realizing automatic certification of wireless access short message and system thereof | |
| EP2849376B1 (en) | Method, device and system for transmitting physical layer signal | |
| CN105939515B (en) | Car-mounted terminal virtual SIM card information update system and method | |
| CN105376249A (en) | Account login method for vehicular information entertainment system and vehicular equipment | |
| CN103118325A (en) | Authentication system, authentication method and authentication server | |
| CN112492602B (en) | 5G terminal safety access device, system and equipment | |
| CN107911398A (en) | Authentication method, device and the system of identity information | |
| CN106301969A (en) | The management method of HTTP length link and system | |
| CN108617023A (en) | Self-organized network communication method and terminal device | |
| CN113727431B (en) | Satellite data link establishing method, device and storage medium based on core network | |
| CN106909826A (en) | Password is for action and system | |
| CN110198541A (en) | A kind of adaptive approach and system for network security | |
| CN103313245B (en) | Based on the Network access method of mobile phone terminal, equipment and system | |
| CN106385516B (en) | A kind of method, apparatus and terminal of the transfer of setting business | |
| CN110138803A (en) | A kind of method and Visualization Platform of network behavior data | |
| CN108123918A (en) | A kind of account authentication login method and device | |
| CN107113278A (en) | The method, apparatus and system that neighbours set up | |
| CN110166482A (en) | A kind of method and system for security firewall | |
| CN107249194A (en) | Manage method, device and the equipment of wireless network connection | |
| CN110784447B (en) | Method for realizing non-perception authentication across protocols | |
| CN108595941B (en) | Data processing method and system and electronic equipment | |
| CN107786937A (en) | Implementation method, mobile terminal and the roam server of mobile terminal localized roaming |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |