CN111866716A - System for dangerous bluetooth equipment is filtered to position based on bluetooth equipment - Google Patents
System for dangerous bluetooth equipment is filtered to position based on bluetooth equipment Download PDFInfo
- Publication number
- CN111866716A CN111866716A CN201910338327.2A CN201910338327A CN111866716A CN 111866716 A CN111866716 A CN 111866716A CN 201910338327 A CN201910338327 A CN 201910338327A CN 111866716 A CN111866716 A CN 111866716A
- Authority
- CN
- China
- Prior art keywords
- bluetooth
- bluetooth device
- dangerous
- screening
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000001514 detection method Methods 0.000 claims abstract description 102
- 238000012216 screening Methods 0.000 claims abstract description 77
- 238000001914 filtration Methods 0.000 claims description 2
- 238000000034 method Methods 0.000 description 15
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 238000007689 inspection Methods 0.000 description 5
- 231100001261 hazardous Toxicity 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 239000000470 constituent Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
A system for screening for dangerous bluetooth devices based on their location is provided. According to one embodiment, a system of dangerous bluetooth devices is disclosed, comprising: a screening device which executes a detection operation of searching for the Bluetooth device and a connection operation of the screening device to the searched Bluetooth device; a server predicting dangerous Bluetooth devices from among the Bluetooth devices searched for in the detection operation based on at least one of a result of the detection operation and a result of the connection operation.
Description
Technical Field
The invention relates to a system for screening dangerous Bluetooth devices based on the positions of the Bluetooth devices.
Background
Bluetooth (Bluetooth) is a specification for wirelessly connecting a mobile device such as a portable PC or a portable phone in a small range. Bluetooth (Bluetooth) supports various digital equipment to transceive voice and data using radio frequencies in the Industrial Scientific Medical (ISM) band, such as 245MHZ, without physical cables. For example, a module for Bluetooth (Bluetooth) communication is built in a mobile communication terminal and a laptop computer to support wireless communication. Because of this convenience, Bluetooth (Bluetooth) is used not only for Personal Digital Assistants (PDAs), desktop computers, facsimiles, keyboards, or joysticks, but also for almost all digital devices.
Disclosure of Invention
According to an embodiment of the present invention, a system, a method, and a screening apparatus for the method for screening dangerous bluetooth devices based on their locations can be provided.
According to an embodiment of the present invention, there is provided a system for screening dangerous bluetooth devices, including a server and a screening apparatus, the screening apparatus performing a detection operation of searching for a bluetooth device and a connection operation of the screening apparatus to connect with the detected bluetooth device, the server performing a prediction operation of predicting a dangerous bluetooth device from among the bluetooth devices searched for in the detection operation based on at least one result of the detection operation and the connection operation, wherein the detection operation includes a first scanning operation of scanning an advertisement packet broadcasted from a bluetooth device, the connection operation is a device information acquisition operation of connecting with the bluetooth device searched for in the detection operation and acquiring service information from the bluetooth device connected to the screening apparatus, the prediction operation is a device information acquisition operation of acquiring service information from the bluetooth device connected to the screening apparatus when an intensity of a signal of the advertisement packet broadcasted from the bluetooth device is greater than a reference value, and in the case where the position of the bluetooth device transmitting the advertisement packet having the intensity of the signal greater than the reference value is out of the reference range, the bluetooth device transmitting the advertisement packet having the intensity of the signal greater than the reference value is predicted as the operation of the dangerous bluetooth device.
Bluetooth devices having undesirable objectives such as hacking may be screened according to an embodiment of the present invention.
Drawings
Fig. 1 is a diagram for explaining a system for screening dangerous bluetooth devices based on their locations according to an embodiment of the present invention.
Fig. 2 to 4 are diagrams for explaining a system for screening dangerous bluetooth devices based on their locations according to an embodiment of the present invention.
FIG. 5 is a diagram for explaining a method of screening dangerous Bluetooth devices based on their locations according to an embodiment of the present invention
Fig. 6 is a diagram for explaining a detection step according to an embodiment of the present invention.
Fig. 7 is a diagram for explaining a detection step according to another embodiment of the present invention.
Description of the symbols
100: screening apparatus S, M1, M2, M3, M4: bluetooth device
101: the detection unit 103: connecting part
105: the management unit 107: operating system
109: the communication unit 111: computer processor
113: the storage device 115: memory device
Detailed Description
The objects, other objects and advantages of the present invention will be readily understood by the following preferred embodiments in connection with the accompanying drawings. However, the present invention is not limited to the embodiments described herein, and may be embodied in other forms. The embodiments described below are exemplary embodiments provided to fully convey the concept of the present invention to those skilled in the art.
Definition of terms
In this specification, the term "software" means a technique of executing hardware in a computer, the term "hardware" means a tangible device or apparatus (CPU, memory, input device, output device, peripheral device, etc.) constituting the computer, the term "step" means a series of processes or operations connected in time series for achieving a preset purpose, the term "program" means a set of instructions suitable for processing by the computer, and the term "program recording medium" means a storage medium used for installing and executing or circulating a program, in which a program is recorded, and which can be read by the computer
In the present specification, when terms such as first and second are used to describe components, these components are not limited by such terms. Such terms are used merely to distinguish one constituent element from another constituent element. The embodiments described and illustrated herein also include complementary embodiments thereof.
In this specification, the singular forms include the plural forms unless specifically mentioned in the context. The use of "including" and/or "comprising" in the specification does not preclude the presence or addition of one or more other components to the referenced components.
In this specification, the term "management" is used in a meaning including "reception", "transmission", "storage", "modification", and "deletion" of data.
In the present specification, "component a and/or component B" means "component a", "component B", or "component a and component B".
In this specification, the "user terminal device" may be a computer, and may be a device such as a desktop computer, a notebook, a smartphone, or a PDA, for example.
In this specification, "computer" includes computer processors and storage, OPERATING SYSTEMs, firmware, applications, communications and other sources where an OPERATING SYSTEM (OS) may be operatively coupled to other hardware, firmware or application (e.g., hypervisor) connections. The communication unit means a module including software or hardware for transmitting and receiving data to and from the outside. Also, the computer program is operatively interconnected to storage, operating system, application programs, firmware, communications, and other resources. In addition, the description or drawings of the above-mentioned components are described or illustrated within the limits used for the purpose of description of the present invention.
In the present specification, the component "a" transmits information, content, and/or data to the component "B" so as to include the meaning that the component "a" is directly transmitted to the component "B" or the component "a" is transmitted to the component "B" through at least one other component.
In this specification, the term "bluetooth device" means a device that communicates using a wireless communication technology called bluetooth.
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Fig. 1 is a diagram for explaining a system (hereinafter, referred to as "screening system") for screening dangerous bluetooth devices based on their locations according to an embodiment of the present invention.
Referring to fig. 1, the screening system 10 includes a plurality of screening apparatuses 100A, 100B, 100C and a server 200. The plurality of screening apparatuses 100A, 100B, 100C may each be included in their own bluetooth network.
Each of the plurality of screening apparatuses 100A, 100B, and 100C (hereinafter, collectively referred to as "100" without actually distinguishing meaning) may perform a detection operation, a connection operation, and an apparatus information acquisition operation, and transmit an execution result to the server 200, and the server 200 predicts a dangerous bluetooth apparatus. Hereinafter, the operation of the present screening system will be described by taking the screening apparatus 100A as an example.
Fig. 2 to 4 are diagrams for explaining a system 10 (hereinafter, referred to as a "screening system") for screening dangerous bluetooth devices based on the locations of the bluetooth devices according to an embodiment of the present invention.
Referring to fig. 2 to 4, a screening system according to an embodiment of the present invention includes an apparatus (hereinafter, referred to as a "screening apparatus") 100 for screening dangerous bluetooth devices and a server 200.
The screening apparatus 100 performs a detection operation (detection operation), a connection operation (connection operation), and an acquisition device information operation (acquisition operation of device information), and the server 200 performs a dangerous device prediction operation (prediction operation).
The screening apparatus 100 transmits the result of the detection operation, the result of the connection operation, the result of the device information acquisition operation, the reference distance, the reference range, and the position of the bluetooth device to the server 200, which performs the dangerous device prediction operation based on these results. Thereafter, the server transmits the result of the dangerous equipment prediction operation to the screening apparatus 100.
In addition, for the purpose of explanation of the present invention, it is assumed that there are four bluetooth devices S, M1, M2, M3, and the remaining bluetooth devices M1, M2, M3 are hosts for the bluetooth device S. That is, the bluetooth device S is a slave, and the bluetooth devices M1, M2, and M3 are masters. In addition, the slave and the master are opposite to each other. For example, in the case where the bluetooth device M1 and the bluetooth device M2 are to be connected to each other, one of them may be a slave and the other may be a master. According to an embodiment, the screening apparatus 100 according to the present invention may be a slave or a master to the bluetooth devices S, M1, M2, M3.
The masters M1, M2, and M3 periodically scan advertisement packets (hereinafter, referred to as "AD packets") broadcast from the slaves S in order to connect (Connecting) with the slaves S. If the slave broadcasts the AD packet, the master M1, M2, M3 requests the slave S to connect. When the master M1 is connected to the slave, the master M1 sets the timing and performs the data exchange operation with the slave S.
The slave S periodically broadcasts the AD packet in order to connect with other bluetooth devices. When the master transmits a Connection Request (Connection Request) to the slave S upon receiving the AD packet, the slave S allows the Connection Request (Connection Request) to be connected. For example, when the master M1 and the slave S are connected (Connecting), the slave S hops (hopping) a channel together according to the timing designated by the master M1 to exchange data with the master M1.
The AD packet may include data representing, for example, a Media Access Control Address (hereinafter, referred to as a "MAC Address"), a Universally Unique Identifier (UUID), a Vendor (Vendor) number, and a kind of a bluetooth device.
The MAC address is a unique identifier assigned to a network interface for communication in the data link layer of the network segment. The MAC address is used as a network address in most IEEE 802 network technologies including Ethernet (Ethernet) and WiFi.
The UUID is an inherent number that distinguishes software services. According to the bluetooth standard, services provided by means of bluetooth devices have unique UUID values for the purpose of distinguishing them from each other, and in the case of services defined by the bluetooth standard, predefined 16-bit UUID values. In addition, the user-defined service directly set by the user has a 128-bit UUID.
The vendor number is such that information about the manufacturer of the bluetooth device can be obtained.
Detection operation
The detection operation is an operation in which the screening apparatus searches for the bluetooth devices S, M1, M2, M3.
The detection operation in the present embodiment is an operation of searching for all the bluetooth devices S, M1, M2, M3 existing in an area to be detected (hereinafter, referred to as "detection area"). The detection objects are bluetooth devices that have been connected to each other (i.e., paired) and bluetooth devices that have not been connected to each other but have attempted to be connected.
In this embodiment, the detection area is generally set to several meters to several tens of meters, and is defined as an area where a bluetooth device as a survey target is located. For example, in the case of a dangerous bluetooth device among bluetooth devices located in a specific Office (Office), the detection area is set to the internal space of the specific Office. Referring to fig. 3, a detection region r is indicated, and bluetooth devices S, M1, M2, M3 are located within the detection region r. As described later, the bluetooth device M4 is not located in the detection area r.
The detection operation may include, for example, an operation of scanning an AD packet broadcast from the bluetooth device and an operation of storing the AD packet received as a result of the scanning. The detection operation may be performed according to the method described with reference to fig. 6 (first embodiment) or according to the method described with reference to fig. 7 (second embodiment).
The inspection operation according to the first embodiment includes an operation (hereinafter, referred to as "first scan") in which the screening apparatus 100 scans the AD packet in the inspection area, an operation (hereinafter, referred to as "finishing packet") of broadcasting an end packet to the inspection area, and an operation (hereinafter, referred to as "second scan") of scanning the AD packet.
The detection operation according to the first embodiment is an operation as follows: the AD packet is scanned for the first time, and then an end packet broadcast is broadcasted to release the connection of the Bluetooth device which has been connected before the detection operation is performed, and then the AD packet is scanned for the second time. The connected bluetooth device is not detected by the operation of scanning the AD packet before the detection operation is performed, and thus the broadcast end packet releases the connection of the existing bluetooth device.
The connected bluetooth devices release the connection with each other when receiving the end packet. The disconnected bluetooth device broadcasts the AD packet for reconnection, and thus the broadcasted AD packet is detected by the second scanning operation.
The inspection operation according to the second embodiment performs an operation in which the screening apparatus 100 broadcasts an end packet (finishing packet) in the inspection area and an operation in which the AD packet is scanned. That is, according to the second embodiment, the detection operation is the following operation: an end packet is broadcasted to the detection area to release the connection of the connected bluetooth devices, and then the AD packet is scanned. As described above, the disconnected bluetooth device broadcasts the AD packet for reconnection, and the AD packet thus broadcast is detected by the scanning operation.
Connecting operation
The connection operation is an operation in which the screening apparatus 100 is sequentially connected with the bluetooth devices searched for by the detection operation.
The connection operation is as follows: the filtering apparatus 100 performs an operation of sequentially connecting all the bluetooth devices detected in the detection operation and acquiring device information from the connected bluetooth devices (hereinafter, referred to as a "device information acquisition operation"). For example, the screening apparatus 100 may be connected to the bluetooth devices S, M1, M2, and M3 in sequence, and acquire device information from the connected bluetooth devices S, M1, M2, and M3.
The above-mentioned device information acquisition operation is an operation of the screening means acquiring the service information of the connected bluetooth device. For example, in the case where the screening apparatus 100 is connected to the bluetooth device M2, the screening apparatus 100 may acquire service information from the bluetooth device M2. According to an embodiment, the service information may include data indicating what service the bluetooth device M2 provides and data indicating the kind of the bluetooth device M2. In this embodiment, the service information may further include information indicating the current location of the bluetooth device M2. Alternatively, data indicating the current location of the bluetooth device may be included in the AD packet.
Hazardous equipment predictive operation
The dangerous device prediction operation is an operation of a bluetooth device that predicts a danger among the bluetooth devices S, M1, M2, M3 based on at least one result of the detection operation and the result of the connection operation. That is, the hazardous device predicting operation is: i) a bluetooth device that predicts a danger based on a result of the detection operation, or ii) a bluetooth device that predicts a danger based on a result of the connection operation, or iii) an operation of a bluetooth device that predicts a danger based on a result of the detection operation and a result of the connection operation.
An embodiment of a bluetooth device that predicts a danger based on the result of a detection operation is explained.
According to the present embodiment, the server 200 extracts the MAC addresses (MAC addresses) of the devices from the AD packets detected in the detection operation, and searches for bluetooth devices having the same MAC address among the extracted MAC addresses, and predicts the bluetooth devices having the same MAC address as dangerous bluetooth devices. For example, the server 200 predicts the bluetooth device M1 and the bluetooth device M2 as dangerous bluetooth devices in the case where the MAC address extracted from the AD packet broadcast from the bluetooth device M1 is the same as the MAC address extracted from the AD packet broadcast from the bluetooth device M2.
Other embodiments of the bluetooth device that predicts a danger based on the result of the detection operation are explained.
According to the present embodiment, the server 200 extracts the MAC address (MAC address) of the device from the AD packet detected in the detection operation, and confirms whether a MAC address having an atypical format exists from the extracted MAC address. The server 200 predicts the bluetooth device having the MAC address of the atypical format as a dangerous bluetooth device.
In this specification, the atypical-format MAC address means a MAC address configured in a format different from a MAC address allocated to a conventional bluetooth device.
Since a typical MAC address has a unique number (hereinafter, referred to as a "vendor unique number") for each device vendor, it is used as information that allows the device manufacturer to be known from the MAC address.
The atypical format of the MAC address may include a vendor unique number of a company that does not commercially manufacture bluetooth devices.
An embodiment of a bluetooth device that predicts a danger based on the result of the detection operation and the result of the connection operation is explained.
According to the present embodiment, the server 200 may predict a bluetooth device as a dangerous bluetooth device in the case where the signal intensity of the AD packet searched for by the detection operation is greater than the "reference value" and the location of the bluetooth device transmitting the AD packet is out of the "reference range". Here, the "reference range" means a range within a reference distance with reference to the screening apparatus 100. (for example, the portion of FIG. 3 representing the pattern is the "reference range").
As an example of the "reference value", the "reference value" may be set with reference to the strength of the signal of the AD packet, assuming that the bluetooth devices S, M1, M2, and M3 are located within the detection region r. For example, the reference value may be the smallest value among the signal strengths of the AD packets.
The "reference distance" h may be set based on the size of the detection region r. For example, when it is assumed that two bluetooth devices are configured at the farthest distance within the detection area r, the reference distance h may be defined as the distance between the two bluetooth devices so configured. Referring to fig. 3, a distance between positions P1, P2 of two bluetooth devices that are farthest from each other within the detection area r may be defined as a reference distance h.
The "reference range" a may be defined as an area within the reference distance h with reference to the screening apparatus 100. Referring to fig. 3, a "reference range" a is an area within the reference distance h with respect to the screening apparatus 100.
Referring to fig. 3, the bluetooth device M4 is located beyond the "reference range". When the signal intensity of the AD packet from the bluetooth device M4 is greater than the reference value, the server 200 may predict the bluetooth device M4 as a dangerous device since the location of the bluetooth device M4 has exceeded the "reference range".
In addition, location data (e.g., GPS coordinates) indicating the location of the bluetooth device may be included in service information provided when connecting with the bluetooth device or an AD packet transmitted from the bluetooth device. The server 200 may know the distance between the bluetooth device and the screening apparatus 100 using location information included in service information or AD packets provided from the bluetooth device.
Another embodiment of the bluetooth device that predicts a danger based on the result of the detection operation and the result of the connection operation is explained.
The server 200 compares the kind of service known from the AD packet with the kind of service known from the service information received by being connected to the bluetooth device, and predicts such bluetooth device as a dangerous device when the two are different. For example, when the type of service known by the server 200 from the UUID included in the AD packet received by the bluetooth device M3 and the type of service known from the service information received from the bluetooth device M3 when the screening apparatus 100 is connected to the bluetooth device M3 are different from each other, the server 200 predicts the bluetooth device M3 as a dangerous device.
Still another embodiment of the bluetooth device that predicts a danger based on the result of the detection operation and the result of the connection operation is explained.
In the case where the kind of the bluetooth device learned from the AD packet and the kind of the bluetooth device learned from the service information acquired through the device information acquiring operation are different from each other, the server 200 may predict the above bluetooth device as a dangerous bluetooth device. For example, in a case where the kind of the bluetooth device M3 known by the server 200 from the data included in the AD packet received by the bluetooth device M3 and the kind of the bluetooth device M3 known from the service information received from the bluetooth device M3 when the screening apparatus 100 is connected to the bluetooth device M3 are different from each other, the server 200 predicts the bluetooth device M3 as a dangerous device.
Referring to fig. 4, the system for screening bluetooth devices includes a screening apparatus 100 and a server 200.
The screening apparatus 100 may include a detection section 101, a connection section 103, a management section 105, an operating system 107, a communication section 109, a computer processor 111, a storage device 113, and a memory 115. Here, the operating system 107 is software that not only manages hardware but also provides a hardware virtual platform and general system services for running application software, and the storage 113 and the memory 115 are devices that provide spaces for storing and running programs, respectively. The computer processor 111 is a Central Processing Unit (CPU), which is a control device of a computer that controls a computer system and executes an operation of a program, or a chip having such a function built therein.
The memory 115 and/or the storage device 113 provides a space for storing or running a program, and may store a reference value, a reference distance, an AD packet, or service information received from the bluetooth device.
The server 200 may include a prediction unit 204, a management unit (not shown), an operating system (not shown), a communication unit (not shown), a computer processor (not shown), a storage device (not shown), and a memory (not shown). The operating system of the server 200 is software that provides a hardware virtual platform and a general system service for running application software, as well as managing hardware, and the storage device and the memory of the server 200 are devices that provide a space for storing and running programs (e.g., a prediction unit, a management unit, an operating system), respectively. The computer processor of the server 200 is a Central Processing Unit (CPU), which is a control device of a computer that controls a computer system and executes an operation of a program, or a chip having such a function built therein. The memory and/or storage device of the server provides a space for storing or running programs (programs, management section, operating system), and may store reference values, reference distances, AD packets, or service information received from the bluetooth device.
The detection section 101 performs the above-described detection operation. For example, the detection section performs an operation of detecting all the bluetooth devices S, M1, M2, M3 existing in the detection area. The detection objects are bluetooth devices that have been connected to each other (i.e., paired) and bluetooth devices that have not been connected to each other but have attempted to be connected.
The connection section 103 performs the connection operation and the device information acquisition operation described above. For example, the connection section 103 performs an operation of sequentially connecting with all the bluetooth devices detected by the detection section 101. Also, when connecting with a bluetooth device, the connection section 103 performs a device information acquisition operation of acquiring service information of the connected bluetooth device. For example, when the connection unit 103 is connected to the bluetooth device M2, the connection unit acquires service information from the bluetooth device M2.
The management unit 105 stores and manages the detection result of the detection unit 101 and the connection result of the connection unit 103 in the storage device 113 and/or the memory, and transmits the results to the server 200. The management unit receives the prediction result from server 200, and stores and manages the prediction result in storage device 113 and/or a memory.
The prediction unit 204 performs the above-described dangerous equipment prediction operation based on the data (e.g., the detection result and the connection result) received from the screening apparatus 100. For example, the prediction section 204 performs an operation of a bluetooth device that predicts a risk among the bluetooth devices S, M1, M2, M3 based on at least one result of the operation result by the detection section 101 and the operation result by the connection section 103. That is, the prediction unit 204: i) a bluetooth device that predicts a danger based on the operation result by the detection section 101, ii) a bluetooth device that predicts a danger based on the operation result by the connection section 103, or ii) a bluetooth device that predicts a danger based on the operation result by the detection section 101 and the operation result by the connection section 103.
All or at least a part of the detection unit 101 may be configured as a program. Configured as part of a program loaded into memory 115 to perform port scan operations under the control of computer processor 111. Other components, such as the connection unit 103 and the prediction unit 204, may be configured as a program to perform its own operation, at least in part, as in the detection unit 101. In addition, the detection operation, the connection operation, and the hazardous device prediction operation have been described in detail, and thus will be omitted herein.
Fig. 5 is a diagram for explaining a method of screening dangerous bluetooth devices based on the location of the bluetooth devices (hereinafter, referred to as "screening method") of the bluetooth devices according to an embodiment of the present invention.
Hereinafter, the screening method according to an embodiment of the present invention will be described in detail assuming a case where the screening system 100 described with reference to fig. 2 to 4 is used for the screening method according to an embodiment of the present invention.
The screening method according to an embodiment of the present invention includes: a first step (hereinafter, referred to as "detection step") S100 of the screening apparatus 100 searching for a bluetooth device; a second step (hereinafter, referred to as "connection step") S200 in which the screening apparatus 100 is sequentially connected to the bluetooth devices searched for in the detection step S100; a third step (hereinafter, referred to as "dangerous device predicting step") S300 in which the screening apparatus 100 transmits the result of the detecting step S100 and the result of the connecting step S200 to the server S400, the server 200 predicting dangerous bluetooth devices from among the bluetooth devices searched by the screening apparatus 100 in the detecting step S100, based on at least one of the result of the detecting step S100 and the result of the connecting step S200; a step S500 in which the server 200 transmits the prediction result of the third step S300 to the screening apparatus 100; a step S600 in which the screening apparatus 100 stores the prediction result of the third step S300; and a step S700 in which server 200 stores the result of prediction result storage in third step S300.
Detection step S100
The detection step S100 according to the present embodiment is an operation of searching for the bluetooth devices S, M1, M2, M3.
The detection step S100 performs an operation of searching for all the bluetooth devices S, M1, M2, M3 existing in the detection area r. The detection objects are bluetooth devices that are currently connected to each other (i.e., paired) and bluetooth devices that are not yet connected to each other but attempt to connect.
The detection step S100 may include, for example, a step S101 of scanning an AD packet broadcast from the bluetooth device and a step S107 of storing the AD packet received as a result of the scanning. The detection step S100 may be implemented according to the method described with reference to fig. 6 (first embodiment) or according to the method described with reference to fig. 7 (second embodiment).
Describing the first embodiment with reference to fig. 6, the detection step S100 includes a step (hereinafter, referred to as "first scan") S101 in which the screening apparatus 100 scans the AD packet in the detection area, a step (S103) in which an end packet (finishing packet) is broadcast to the detection area, and a step (hereinafter, referred to as "second scan") S105 in which the AD packet is scanned
That is, according to the first embodiment, the detection step S100 is an operation of: the AD packet is first scanned for the first time, and then an end packet is broadcast to release the connection of the bluetooth device that has been connected before the detection operation is performed, and then the AD packet is scanned for the second time. The connected bluetooth device cannot be detected by the operation of scanning the AD packet before performing the detection step S100, and thus performs an operation of releasing the connection of the existing bluetooth device by broadcasting the end packet.
When the mutually connected Bluetooth devices receive the end packet, the mutual connection is released. The disconnected bluetooth device broadcasts the AD packet for reconnection, and the AD packet thus broadcasted is detected through the second scanning operation.
Describing the second embodiment with reference to fig. 7, the detection step S100 performs an operation S102 of the screening apparatus 100 broadcasting an end packet (finishing packet) in the detection area and an operation S104 of scanning the AD packet. That is, according to the second embodiment, the detection step S100 is an operation of: an end packet is broadcasted to the detection area to release the connection of the connected bluetooth devices, and then the AD packet is scanned. As described above, the bluetooth device connected before the detection step S100 is performed cannot be detected by the operation of scanning the AD packet, and thus the operation of releasing the connection of the existing bluetooth device by broadcasting the end packet is performed.
As described above, the disconnected bluetooth device broadcasts the AD packet for reconnection, and the AD packet thus broadcasted is detected through the scanning operation.
Connection step S200
In the connection step S200, the connection portion 103 performs the above-described connection operation and device information acquisition operation. For example, in the connection step S200, an operation of sequentially connecting with all the bluetooth devices detected by the detection step S100 is performed. And, in the connection step S200, when the bluetooth device is connected, a device information acquisition operation of acquiring service information of the connected bluetooth device is performed. For example, in the connection step S200, in the case of connecting to the bluetooth device M2, service information is acquired from the bluetooth device M2.
Prediction step S300
In the prediction step S300, the above-described dangerous equipment prediction operation is performed.
For example, the prediction step S300 is an operation of the bluetooth device that predicts a danger among the bluetooth devices S, M1, M2, M3 based on at least one result of the operation result by the detection step S100 and the operation result by the connection step S200. That is, the prediction step S300 is: the operation of the dangerous bluetooth device is predicted based on the operation result by the detection step S100, or the dangerous bluetooth device is predicted based on the operation result by the connection step S200, or the dangerous bluetooth device is predicted based on the operation result by the detection step S100 and the operation result by the connection step S200.
According to an embodiment, in the prediction step S300, a MAC address is extracted from the AD packet searched in the detection step S100, and a bluetooth device having the same MAC address among the MAC addresses extracted in the MAC address extraction step can be predicted as a dangerous bluetooth device.
According to an embodiment, in the prediction step S300, a MAC address may be extracted from the AD packet searched in the detection step S100, and a bluetooth device having a MAC address of an atypical format among the extracted MAC addresses may be predicted as a dangerous bluetooth device.
According to an embodiment, in the case where the strength of the signal of the AD packet broadcasted from the bluetooth device is greater than the reference value and the location of the bluetooth device transmitting the AD packet having the signal strength greater than the reference value is out of the reference range in the prediction step S300, the bluetooth device transmitting the AD packet having the signal strength greater than the reference value may be predicted as a dangerous bluetooth device.
According to an embodiment, in the prediction step S300, in the case where the kind of service known from the AD packet received by the bluetooth device searched in the detection step S100 and the kind of service known from the service information are different from each other, such a bluetooth device may be predicted as a dangerous bluetooth device.
According to an embodiment, in the prediction step S300, in the case where the kind of the bluetooth device known from the AD packet received by the bluetooth device searched in the detection step S100 and the kind of the bluetooth device known from the service information are different from each other, such a bluetooth device may be predicted as a dangerous bluetooth device.
The detection operation, the connection operation, and the hazardous device prediction operation mentioned in the above steps have been described in detail, and thus will be omitted here.
All or a portion of the steps of the above-described method of screening for dangerous bluetooth devices may be performed by a computer program. Such computer programs are loaded into memory and executed by a computer processor, and may be stored on a medium (e.g., a storage device) that can be read by a computer.
Various modifications and alterations can be made by those skilled in the art to which the invention pertains based on the above description. Therefore, the scope of the invention should not be limited to the described embodiments but should be determined with reference to the claims and their equivalents.
Claims (8)
1. A system for screening dangerous Bluetooth devices comprises a server and a screening device,
the screening device performs a detection operation of searching for a Bluetooth device and a connection operation of the screening device to the detected Bluetooth device;
the server performs a prediction operation of a Bluetooth device that predicts a danger from among the Bluetooth devices searched for in the detection operation, based on at least one of a result of the detection operation and a result of the connection operation, wherein,
the detecting operation includes a first scanning operation of scanning an advertisement packet broadcast from the bluetooth device,
The connection operation is an apparatus information acquisition operation of connecting with the bluetooth apparatus searched in the detection operation and acquiring service information from the bluetooth apparatus connected to the filtering apparatus.
2. The system for screening dangerous Bluetooth devices of claim 1, wherein the predictive operation is,
extracting a MAC address from the advertisement packet scanned in the detecting operation, and predicting a Bluetooth device having the same MAC address in the extracted MAC address as a dangerous Bluetooth device.
3. The system for screening dangerous Bluetooth devices of claim 1, wherein the predictive operation is,
extracting a MAC address from the advertisement packet scanned in the detecting operation, and predicting a bluetooth device having a MAC address of an atypical format of the extracted MAC address as a dangerous bluetooth device.
4. The system for screening dangerous Bluetooth devices of claim 1, wherein the predictive operation is,
in the case where the position of the bluetooth device transmitting the advertisement packet having the intensity of the signal greater than the reference value is out of the reference range, the bluetooth device transmitting the advertisement packet having the intensity of the signal greater than the reference value is predicted as a dangerous bluetooth device.
5. The system for screening dangerous Bluetooth devices of claim 1, wherein the predictive operation is,
and predicting the bluetooth device as a dangerous bluetooth device in a case where a kind of service known from the advertisement packet received by the bluetooth device searched for in the detection operation and a kind of service known from the service information acquired in the device information acquisition operation are different from each other.
6. The system for screening dangerous Bluetooth devices of claim 1, wherein the predictive operation is,
and under the condition that the type of the Bluetooth equipment acquired from the advertisement packet received by the Bluetooth equipment searched in the detection operation is different from the type of the Bluetooth equipment acquired from the service information acquired in the equipment information acquisition operation, predicting the Bluetooth equipment as dangerous Bluetooth equipment.
7. The system for screening dangerous Bluetooth devices of claim 1, wherein,
the detecting operation further includes an operation of broadcasting an end packet in order to release connection with a bluetooth device that has been connected before the detecting operation is performed,
the step of broadcasting the end packet is performed before the first scanning operation.
8. The system for screening dangerous Bluetooth devices of claim 1, wherein,
the detection operation further performs an operation of broadcasting an end packet in order to release connection with a bluetooth device that has been connected before the detection operation is performed and a second scanning operation of scanning an advertisement packet broadcasted from the bluetooth device,
wherein the first scanning operation, the broadcasting end packet operation, and the second scanning operation are sequentially performed.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020190046197 | 2019-04-19 | ||
| KR10-2019-0046197 | 2019-04-19 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111866716A true CN111866716A (en) | 2020-10-30 |
Family
ID=72951283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910338327.2A Withdrawn CN111866716A (en) | 2019-04-19 | 2019-04-25 | System for dangerous bluetooth equipment is filtered to position based on bluetooth equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111866716A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060094359A1 (en) * | 2004-10-29 | 2006-05-04 | Samsung Electronics Co., Ltd. | Method for detecting bluetooth device using company ID |
| CN101022637A (en) * | 2007-03-09 | 2007-08-22 | 华为技术有限公司 | Method and device for testing mobile device |
| US20100062711A1 (en) * | 2008-09-08 | 2010-03-11 | Sang Wook Park | Bluetooth device and method of searching for peripheral bluetooth device |
| CN103781058A (en) * | 2012-10-18 | 2014-05-07 | 中国电信股份有限公司 | Method and device for detecting legality of mobile terminal in CDMA network |
| CN106332087A (en) * | 2016-09-05 | 2017-01-11 | 努比亚技术有限公司 | Method of reporting pseudo base station information to server, and mobile terminal |
| CN107249170A (en) * | 2017-06-13 | 2017-10-13 | 天地融科技股份有限公司 | A kind of method and system of bluetooth equipment secure communication |
-
2019
- 2019-04-25 CN CN201910338327.2A patent/CN111866716A/en not_active Withdrawn
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060094359A1 (en) * | 2004-10-29 | 2006-05-04 | Samsung Electronics Co., Ltd. | Method for detecting bluetooth device using company ID |
| CN101022637A (en) * | 2007-03-09 | 2007-08-22 | 华为技术有限公司 | Method and device for testing mobile device |
| US20100062711A1 (en) * | 2008-09-08 | 2010-03-11 | Sang Wook Park | Bluetooth device and method of searching for peripheral bluetooth device |
| CN103781058A (en) * | 2012-10-18 | 2014-05-07 | 中国电信股份有限公司 | Method and device for detecting legality of mobile terminal in CDMA network |
| CN106332087A (en) * | 2016-09-05 | 2017-01-11 | 努比亚技术有限公司 | Method of reporting pseudo base station information to server, and mobile terminal |
| CN107249170A (en) * | 2017-06-13 | 2017-10-13 | 天地融科技股份有限公司 | A kind of method and system of bluetooth equipment secure communication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110447277B (en) | Fingerprint positioning method and related equipment | |
| KR102005771B1 (en) | Method and apparatus for providing ip address in wireless communication network | |
| KR101762993B1 (en) | System and method for providing network access to electronic devices | |
| CN105684520B (en) | Method for establishing wireless local area network communication connection and electronic equipment thereof | |
| US9009847B2 (en) | Information management apparatus, information management system, information management method and program | |
| EP3697120B1 (en) | White space utilization | |
| US20140177615A1 (en) | Method for scanning a wireless fidelity (wi-fi) direct device and terminal device for the same | |
| KR101563213B1 (en) | Terminal and Method for Selecting Access Point With Reliablility | |
| CN112237017B (en) | Terminal device and method for identifying malicious AP by using the same | |
| KR20120017821A (en) | Apparatus and method for sharing data in portable terminal | |
| US20130138796A1 (en) | Distance-based network resource discovery | |
| KR20150025208A (en) | Method for connecting network and an electronic device thereof | |
| JP6366113B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND COMMUNICATION METHOD | |
| US20160249162A1 (en) | Communication device and communication method | |
| EP3062475B1 (en) | Communication device, communication method, and communication system | |
| CN111836239B (en) | Method for screening dangerous Bluetooth equipment based on connection with Bluetooth equipment | |
| KR20110045154A (en) | Apparatus and method for connecting the access point in portable communication system | |
| CN111866716A (en) | System for dangerous bluetooth equipment is filtered to position based on bluetooth equipment | |
| KR102655601B1 (en) | Selection system of dangerous Bluetooth Device based on location of Bluetooth device | |
| CN101390365A (en) | Enhancements for discovering device owners in a UPnP searching service | |
| US20230125376A1 (en) | Selection Method of dangerous Bluetooth Device based on connection with Bluetooth Device | |
| KR20200123043A (en) | Selection system of dangerous Bluetooth Device based on location of Bluetooth device | |
| US9392619B2 (en) | Apparatus and method for improving capability of Wi-Fi during reboot of an access point in wireless communication system | |
| EP4178244A1 (en) | System for detecting mitm attack in bluetooth | |
| JP6487278B2 (en) | Communication terminal, communication method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201030 |