WO2006066507A1 - Procede et systeme de mise en oeuvre d'une fonction de securite de site - Google Patents

Procede et systeme de mise en oeuvre d'une fonction de securite de site Download PDF

Info

Publication number
WO2006066507A1
WO2006066507A1 PCT/CN2005/002271 CN2005002271W WO2006066507A1 WO 2006066507 A1 WO2006066507 A1 WO 2006066507A1 CN 2005002271 W CN2005002271 W CN 2005002271W WO 2006066507 A1 WO2006066507 A1 WO 2006066507A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
restricted area
restricted
information
location
Prior art date
Application number
PCT/CN2005/002271
Other languages
English (en)
French (fr)
Inventor
Pengliang Yang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to EP05820621A priority Critical patent/EP1830513B1/en
Priority to AT05820621T priority patent/ATE456213T1/de
Priority to DE602005019096T priority patent/DE602005019096D1/de
Publication of WO2006066507A1 publication Critical patent/WO2006066507A1/zh
Priority to US11/638,230 priority patent/US20070155374A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72463User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions to restrict the functionality of the device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72448User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
    • H04M1/72457User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions according to geographic location
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/04Access restriction performed under specific conditions based on user or terminal location or mobility data, e.g. moving direction, speed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the present invention relates to the field of communication technologies, and in particular, to a method and system for implementing a scenario security function. Background of the invention
  • the invention provides a method for implementing scene secrecy, the method comprising:
  • the step of determining whether the mobile terminal enters the restricted area in the step b includes: bl l, after the mobile terminal is powered on, initiates a registration request to the network side;
  • the network side After receiving the registration request, the network side registers the mobile terminal, starts a location location system, and starts tracking the mobile terminal;
  • the network side determines whether the current location of the mobile terminal belongs to the area corresponding to the restricted area identifier in step a, and if so, the mobile terminal is considered to enter the restricted area; otherwise, the mobile terminal is considered not to enter the restricted area. Limited area.
  • the step of setting the restricted area information in the mobile terminal, the step of determining whether the mobile terminal enters the restricted area in step b includes:
  • B21 The network side broadcasts the restricted area information in a restricted area in real time.
  • the mobile terminal that enters the area receives the broadcast information, it compares whether the received restricted area information is consistent with the saved information, and if they are consistent, I think that I have entered the restricted area, otherwise I think that I have not entered the restricted area.
  • the terminal positioning enable parameter is further set on the network side, and the network side broadcasts the restricted area information and the location location enable parameter in real time in the restricted area.
  • the step of determining whether the mobile terminal enters the restricted area in step b includes:
  • step B32 after the mobile terminal receives the location information of the mobile terminal sent by the network side, the mobile terminal determines whether the location where the mobile terminal is located is in the restricted area in the received broadcast restricted area information, and if yes, Proactively turn off its limited user features.
  • the step of limiting the mobile terminal to perform the user function described in step a in step b is:
  • a user function restricted by the network side residence transmitting a notification of prohibiting communication to the mobile terminal side, including the limited user function of the mobile terminal,
  • the mobile terminal After receiving the notification, the mobile terminal directly closes the corresponding function by its own software mode according to the limited user function.
  • the step of restricting the mobile terminal to perform the user function described in step a in step b is: not establishing a connection for the user, or prohibiting the manner of rejecting the flow of information. User communication.
  • the network side sends a prohibition notification to the mobile terminal, and the mobile terminal turns off the corresponding function.
  • the restricted user functions include one or a combination of any of the prohibition of taking a picture, recording, rejecting a call, and disabling a connection request.
  • the restricted user function is determined by a restricted level.
  • a system for implementing a scene security function provided by the present invention includes:
  • a mobile communication network configured to save restricted area information, where the restricted area information includes at least a restricted area identifier, a restricted user identifier in the restricted area, and a restricted user function; and, when the mobile terminal is powered on,
  • the mobile communication network initiates the positioning system to track the mobile terminal, and when determining the restricted area saved by the mobile terminal in the area where the mobile terminal is located, restricting the mobile terminal from performing the user function.
  • a system for implementing a scene security function provided by the present invention includes:
  • a mobile communication system configured to broadcast restricted area information in real time in a restricted area, where the restricted area information includes a restricted area identifier, a restricted user identifier in the restricted area, and a Restricted user function;
  • the mobile terminal is configured to save the information of the restricted area, and after receiving the broadcast information, the mobile terminal that enters the area compares the received restricted area information with the saved one, and if the information is consistent, Stop the user function.
  • a system for implementing a scene security function provided by the present invention includes:
  • the limited area information includes a restricted area identifier, a restricted user identifier in the restricted area, and a restricted user function;
  • the mobile terminal obtains its own location information from the mobile communication system by using the received location location enable parameter, and determines whether the location where it is located is within the restricted area of the received broadcast restricted area information, and is determined to be in the restricted area. When the area is restricted, the user function is stopped.
  • the invention sets the restricted area information on the network side, and when determining that the mobile terminal enters the restricted area, determines whether the mobile terminal belongs to the restricted user, and if so, restricts the mobile terminal from communicating and the mobile terminal is restricted.
  • Functions such as communication, camera, recording, photographing, etc., so that the secret of a particular scene is not transmitted through the specific functions of the mobile terminal.
  • FIG. 1 is a schematic flow chart of implementing a specific embodiment 1 of the present invention.
  • FIG. 2 is a schematic flow chart of implementing a second embodiment of the present invention.
  • FIG. 3 is a schematic illustration of the system of the present invention. Mode for carrying out the invention
  • the method of the present invention mainly refers to registering a restricted area of the application on the network side, and simultaneously setting a limited user identifier in the area and a function restricted by the mobile terminal; when determining that the mobile terminal enters the restricted area, determining Whether the mobile terminal belongs to a restricted user, and if so, restricts the mobile terminal from communicating and specific functions of the mobile terminal, such as communication, camera, recording, photographing, and the like. Moreover, you can set restricted user functions by setting a restricted level.
  • the method for determining whether the mobile terminal enters the restricted area may be implemented in the following manners: First, after the mobile terminal is powered on, registering with the network side, and after registering the mobile terminal, the network side starts the location positioning system, Starting to track the mobile terminal, and then determining whether the mobile terminal enters the restricted area according to the tracked location information; the second is setting the restricted area information in the mobile terminal, for example, the restricted area identifier, where the network side is The restricted area information of the restricted area identifier is broadcasted in the restricted area in real time. When the mobile terminal entering the area receives the broadcast information, it compares whether the received restricted area identifier is consistent with the restricted area identifier saved by itself. If it is consistent, it considers that it has entered the restricted area.
  • the third type is similar to the second type, but it is necessary to further set the terminal positioning enable parameter on the network side, and then the network side is subject to Real-time broadcast restricted area information and location location enable parameters in the limited area,
  • the broadcast information is received, and then the location information request is sent to the network side according to the received location location enable parameter. Thereafter, after the mobile terminal receives the location information sent by the network side, , then compare whether the location where it is located is in the restricted area, and if it is, actively turn off its limited function.
  • the mobile terminal can be restricted from taking pictures, taking pictures, or only calling,
  • the method for determining that the mobile terminal leaves the restricted area may include but is limited to the following two types.
  • the first type can be determined by the positioning system, which is determined by the network side according to the current location of the mobile terminal, whether it is in the restricted area; secondly, the timer can be set by itself, when it is determined to enter the restricted area Start the timer. If the broadcast message has not been received before the timer expires, it is considered to have exited the restricted area.
  • the network side can determine according to the The restricted type sends a notification of prohibiting communication to the mobile terminal side, including the restricted type of the mobile terminal.
  • the mobile terminal receives the notification, the mobile terminal directly closes the corresponding function according to the restricted type thereof by its own software mode.
  • These functions include disabling camera recording, recording, and rejecting calls, or prohibiting the sending of connection requests.
  • Another common situation is: When the network side receives a call request containing the calling number and the called number, it is determined that one of the parties is subject to When the user is restricted, the initiator can directly notify the description of "this call is restricted communication, communication is prohibited". Therefore, communication can be prohibited by not establishing a connection for the user or refusing to send the information flow. This can only limit the communication of the mobile terminal, but cannot directly limit the mobile terminal except communication. Other features, so for some particular function of the mobile terminal, the network side may send a notification prohibiting, by the mobile terminal to disable the corresponding function.
  • the core idea of the embodiment is: setting the restricted area information and the authorized user identifier on the network side, and tracking the user who performs the location registration through the location location system. After the mobile terminal enters the restricted area, if the network side determines the user When it belongs to a restricted user, the restricted type of the user is determined, and then the function of the mobile terminal is restricted according to the restricted type.
  • Step 100 Set restricted area information on the network side, which specifically includes a restricted area, a limited user identifier, a restricted level, and the like.
  • the restricted level here can be set according to the needs of the confidential applicant.
  • the restricted level can be divided into three levels: one is to turn off all functions in all mobile terminals; the second is to turn off only the VP phone function, the voice call function; the third level is to turn off the sending of short messages, emails and the like.
  • the limited user ID only the unrestricted user ID can be set to indicate that all of the users except the users are restricted users.
  • the division of the restricted level and the use of which level of restriction does not respond to the scope of the invention.
  • Step 101 ⁇ After the mobile terminal is powered on, a location registration request is made.
  • Step 102 After receiving the location registration request, the network side tracks the mobile terminal by using a mobile phone location and location system.
  • Step 103 When the network side detects that the mobile terminal enters the restricted area, determining, according to the restricted area information saved by the network side, whether the mobile terminal belongs to the restricted user and the restricted function type. Specifically, the network side determines whether the identity of the mobile terminal is included in the restricted area information. If included, the mobile terminal is considered to be a restricted user. If not, the mobile terminal is considered to be an unrestricted user.
  • the restricted function type is to prohibit the call, prohibit the VP phone, prohibit sending short messages, prohibit sending E-MAIL, prohibit sending pictures, and so on.
  • Step 104 After receiving the call request by the mobile terminal and including the calling number and the called number, the network side determines, according to the calling number and the called number, whether the calling or called party is a restricted user and a restricted type, if If one of the parties is a restricted user, the two parties are prohibited from communicating using the restricted type. If both the calling party and the called party are not restricted users, communication is allowed.
  • the method further includes: in step 101, the mobile terminal includes the user's own capability information in the sent location registration request.
  • the user's capability information and restricted area information can be utilized to determine the function that the user really needs to disable.
  • the above embodiment mainly controls whether to prohibit communication through the network side.
  • the function of prohibiting communication can also be completed by appropriately modifying the mobile phone.
  • the main design idea of this embodiment is: Before the mobile terminal enters the restricted area, the restricted area information is set in the terminal, and the wireless service broadcast center broadcasts the restricted area information in the restricted area, for example: limited broadcast
  • the area information includes a restricted area identifier and a restricted function of the restricted area, and the like;
  • the mobile terminal receives the broadcast restricted area information, and compares it with the stored limited area identifier, if the broadcast includes the mobile terminal itself
  • the stored restricted area identifier is considered to enter the restricted area, and then the mobile terminal cancels the function restricted by the restricted area.
  • Step 201 Set restricted area information for the application privacy zone.
  • the restricted area information includes: a restricted area identifier, a restricted area manager identifier, a restricted area location, and the like.
  • Step 202 The network side broadcasts the restricted area information in each restricted area. That is to say, all the mobile terminals entering each restricted area receive the broadcast, and can recognize the restricted area information in the broadcast, but cannot receive the broadcast in the unrestricted area.
  • the restricted area information broadcasted in a certain restricted area includes at least the limited area information of the current restricted area itself, and may further include: limited information of the other one or more restricted areas, which may include all at most Restricted area information of the restricted area; and, the restricted area information of each area broadcasted includes, in step 201, the corresponding restricted area Information such as restricted area identification or restricted area manager identification or restricted area location, or any combination of the above.
  • the implementation of the broadcast service is generally: a cell broadcast center can be set up in the mobile communication network for authorizing and initiating a cell broadcast service in the mobile network, and transmitting the broadcast content according to a predetermined time schedule; A plurality of cell broadcast entities are set in the communication network, and each cell broadcast entity corresponds to one or more cells, and each cell broadcast entity first submits respective broadcast message content and broadcast parameters to the cell broadcast center, and the cell broadcast center pairs from different cells. The broadcast entity's message is comprehensively scheduled, and then the operation command is sent to the base station controller to further initiate the cell broadcast service.
  • the base station controller After receiving the command, the base station controller interprets, stores, and sends the received command to the base station, and the base station performs flow control on the broadcast message, and then sends the message to the mobile terminal.
  • the implementation of the broadcast restricted area information is not limited to one, and other broadcast service implementation manners may be used. Since the implementation of the broadcast service is not a problem of the design of the present invention, it will not be described in detail herein.
  • Step 203 Before a certain mobile terminal enters a certain restricted area, the mobile terminal is provided with restricted area information, and the setting may be redundant by the administrator of the restricted area currently entered by the mobile terminal.
  • the restricted area information set for the mobile terminal may be any combination of several items in the restricted information of the area broadcasted in step 202.
  • the terminal positioning enable parameter may be further set for the mobile terminal.
  • the terminal positioning enable parameter may also be set only for the mobile terminal. If the terminal positioning enable parameter is set in the mobile terminal, the existing location process is initiated, and the current location information is obtained. Therefore, the mobile terminal can obtain the current location by using the terminal location enable parameter set for the mobile terminal. Store the location of this area as restricted area information.
  • the restricted area information stored in the mobile terminal is: a restricted area identifier, or a restricted area manager identifier, or a restricted area location, or a terminal.
  • Information such as the location of the location in which it is located, or any combination of the above.
  • the restricted area information and the terminal location enabling parameter may be adopted by the operator through the air interface.
  • the (OTA) download mode automatically sends a short message (SMS) or multimedia message (MMS) to the mobile terminal to the mobile terminal, or can be manually set in the mobile terminal by the restricted area manager through the human machine interface.
  • the terminal location enable parameter can also be sent to the mobile terminal by means of broadcast.
  • the restricted area manager can select one of the two schemes for setting the restricted area information to manage according to the entry mode and the entry characteristics of the restricted area. For example, if there is only one entrance to the restricted area and there are not many managers required, the manager can manually set the restricted area information by means of the human-machine interface; if there are multiple entrances to the restricted area, the entered personnel More, the use of human-machine interface is more difficult to implement, and it is not easy to manage. Therefore, the OTA download method can be used to automatically input restricted area information.
  • the mobile terminal is composed of a mobile device (ME) and a universal integrated circuit card (UICC)
  • the limited area information described herein may be stored in the ME of the terminal or may be stored in the UICC.
  • the UICC is a Universal User Module (UIM) card
  • the UICC is a Subscriber Identity Module (SIM) card
  • SIM Subscriber Identity Module
  • WCDMA WCDMA
  • USB Universal Subscriber Identity Module
  • the UICC can also be other smart cards according to actual needs, but does not affect the effectiveness of the present invention.
  • Step 204 The mobile terminal receives the broadcast information described in step 202 and determines whether it enters the restricted area. If yes, go to step 205; otherwise, return to step 204.
  • Step 205 The mobile terminal cancels the corresponding restricted function, and the terminal displays a notification of entering the restricted area, prompting that the restricted function of the terminal has been canceled, and the user can bring the terminal into the restricted area.
  • limited functions can be photo, video, recording, and more.
  • the camera terminal has a camera function, a communication module, and The input/output device is configured, and the camera module turns off its camera function without affecting the function of the communication module. Therefore, the terminal cannot use the camera function to take pictures, but also has a communication function, thereby ensuring confidential information in the restricted area. It cannot be stolen by taking pictures, and does not affect the communication function of the terminal user to use the terminal normally.
  • you cancel the camera or recording function you can turn off the function of the corresponding module.
  • the user terminal is configured to set the restricted area information, and the terminal may also set the information such as the modified password.
  • the terminal When the user enters the restricted area, the user tries to identify the restricted area, the restricted area manager identifier, and the restricted area.
  • the terminal When the location and other information are modified, the terminal will ask the user to input the modification password, thereby protecting the restricted area information set by the restricted area manager, preventing the user from modifying the restricted area information after bringing the terminal into the restricted area. Turn on the camera function.
  • Step 206 The mobile terminal continues to receive the broadcast information described in step 202 and decides whether it leaves the restricted area, and if yes, returns to step 206; otherwise, proceeds to step 207.
  • Step 207 The mobile terminal automatically resumes its restricted function, and the terminal displays a notification of leaving the restricted area, prompting the terminal user that the restricted function has been restored, and the user can continue to use the limited function of the mobile terminal outside the restricted area. , end processing.
  • the mobile terminal has obtained the restricted area information including the restricted area identifier, the restricted area manager identifier, the restricted area position, or the location of the area in step 203. Therefore, in step 204 and step 206, the mobile terminal can know whether it enters or leaves the restricted area by determining whether the restricted area information obtained by itself is consistent with the corresponding item in the restricted area information in the broadcast.
  • the mobile terminal If the information of the restricted area identifier, the restricted area manager identifier, the restricted area location, or the location of the location stored by the mobile terminal is included, there is a restricted area identifier and a restricted area in the broadcast information received by the terminal. Pairs of information such as manager identification or location of restricted areas If the items are the same, the mobile terminal is determined to enter the restricted area; otherwise, the mobile terminal is determined not to enter the restricted area;
  • the restricted area identifier and the restricted area manager identifier in the broadcast information received by the terminal If the corresponding item in the information such as the location of the restricted area is different, the mobile terminal is determined to leave the restricted area; otherwise, the mobile terminal is determined not to leave the restricted area.
  • the specific judgment of which one or more pieces of information in the judgment is related to the management manner of the actual restricted area manager is not specifically limited.
  • at least one of the restricted area information stored by the mobile terminal corresponds to one of the restricted information broadcasted in step 202. Therefore, this embodiment can ensure that an accurate judgment is made as to whether the mobile terminal enters or leaves the restricted area.
  • the embodiment may also adopt another manner to implement the function of the mobile terminal in a specific area, including:
  • the broadcast restricted area location information may be location information of one or several restricted areas, or location information of all restricted areas; and a restricted area location broadcasted in a restricted area
  • the information includes at least the restricted area location information of the restricted area itself.
  • the mobile terminal continuously receives the broadcast message carrying the terminal location enable parameter and the location information of the restricted area. After receiving the terminal location enable parameter, the mobile terminal initiates the terminal location process to obtain the current location of the location, and obtains the current location. After the location of the location, the mobile terminal compares the location of the located location with the location information of the restricted area carried in the broadcast message, and determines whether the mobile terminal is in the restricted area according to the comparison result, such as If so, the restricted function of the mobile terminal is disabled; otherwise, the restricted function is restored.
  • the system of the present invention comprises: a mobile communication network and a mobile terminal.
  • the interaction between the mobile communication network and the mobile terminal can be implemented by the following three schemes:
  • the mobile communication system is a mobile communication network with a positioning system, and is configured to save the restricted area information, where the restricted area information includes at least the restricted area identifier, the restricted user identifier in the restricted area, and the And limiting the user function; and, when the mobile terminal is powered on, the mobile communication network starts the positioning system to track the mobile terminal, and when determining the restricted area saved by the mobile terminal in the area, limits the mobile terminal to perform User function described.
  • the second solution is: a mobile communication system, configured to broadcast restricted area information in real time in a restricted area, where the restricted area information includes a restricted area identifier, a restricted user identifier in the restricted area, and a restricted user Function; the mobile terminal is configured to save the information of the restricted area, and after receiving the broadcast information, the mobile terminal entering the area compares the received restricted area information with the self-preserved one, and in a consistent situation Next, stop the user function.
  • the second solution is: a mobile communication system, configured to broadcast the restricted area information and the preset location enabling parameter in real time in the restricted area, and provide the mobile terminal with the location information according to the location enabling parameter sent by the mobile terminal.
  • the restricted area information includes a restricted area identifier, a restricted user identifier in the restricted area, and a restricted user function; and the mobile terminal obtains its own location from the mobile communication system by using the received location location enabling parameter.
  • the information, and determining whether the location where it is located is within the restricted area of the received broadcast restricted area information, and stopping the user function when it is determined to be in the restricted area.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Geophysics And Detection Of Objects (AREA)
  • Air Bags (AREA)

Description

一种实现场景保密功能的方法及其系统 技术领域
本发明涉及通信技术领域, 特别是指一种实现场景保密功能的方法 及其系统。 发明背景
目前, 随着移动通信技术的发展, 各式移动终端已经涌现出来, 比 如, 手机不仅具有基本的通信功能, 而且具有照像功能、 录音功能的手 机也相继问世, 使用者可以将某场景下所照的图片或已录入的语音等发 送给其它终端, 极大的满足了用户的需求和满意度, 但是, 也给某些特 定区域的管理者带来麻烦。
在某些特殊场合, 如, 涉及国家安全、 保密的区域等, 需要禁止其 区域内的人员通过一切方式将当前场景内容传播出去, 通常情况下, 需 要进入该区域的人员将自身携带的手机等通信产品放置在集中保管处 来管理, 这需要额外提供保管手机的业务, 而且, 如果得不到良好的配 合, 又不可能完全限制区域内的这些人员与外接进行通信, 以至于可能 将需要保密的信息通过通话、 录音、 照像等方式带出去。 发明内容
有鉴于此,本发明的目的在于提供一种实现场景保密的方法和系统, 使在特定的保密场景中的移动终端禁止所限制的功能。
本发明提供的一种实现场景保密的方法, 该方法包含:
a. 在网络侧设置受限区域信息, 至少包括受限区域标识、 该受限区 域内所限制的用户标识以及所限制的用户功能;
b. 当确定移动终端进入所述受限区域时,根据该移动终端的用户号 码判断该移动终端是否属于受限用户, 如果属于, 则限制该移动终端进 行步骤 a中所述的用户功能, 否则, 不进行限制。
步骤 b中所述确定移动终端是否进入受限区域的步骤包括: bl l、 移动终端开机后, 向网络侧发起注册请求;
bl2、 网络侧收到该注册请求后, 在对该移动终端进行注册, 并启动 位置定位系统, 开始对该移动终端进行跟踪;
bl 3、网络侧判断该移动终端的当前位置是否属于步骤 a中所述受限 区域标识所对应的区域, 如果是, 则认为该移动终端进入受限区域, 否 则, 认为该移动终端没有进入受限区域。
在移动终端中设置其受限区域信息, 则步骤 b中所述确定移动终端 是否进入受限区域的步骤包括:
b21、 网络侧在受限区域内实时广播受限区域信息, 当进入该区域内 的移动终端收到该广播信息后, 比较收到的受限区域信息与自身保存的 是否一致, 如果一致, 则认为自身已进入受限区域, 否则, 则认为没有 进入受限区域。
在网络侧要进一步设置终端定位使能参数, 网络侧在受限区域内实 时广播受限区域信息和位置定位使能参数; 则步骤 b中所述确定移动终 端是否进入受限区域的步骤包括:
b31、 当移动终端接收到所述广播信息, 然后利用收到的位置定位使 能参数向网络侧发送位置信息请求;
b32、 当该移动终端收到网络侧发送的该移动终端的位置信息后,该 移动终端判断自身所处的位置是否处于收到的广播受限区域信息中的 受限区域内, 如果处于, 则主动关闭自身受限的用户功能。 步骤 b中所述限制该移动终端进行步骤 a中所述的用户功能的步骤 为:
网络侧 居所限制的用户功能,向移动终端侧发送禁止通信的通知, 其中包括该移动终端的受限的所述用户功能,
当移动终端收到该通知后, 按照其中的受限的所述用户功能通过自 身的软件方式直接关闭对应的功能。
当所限制的用户功能为通信功能时, 步骤 b中所述限制该移动终端 进行步骤 a中所述的用户功能的步骤为: 不为所述用户建立连接, 或以 拒绝发送信息流的方式禁止所述用户通信。
当所限制的用户功能为禁止摄像和 /或录音功能时, 网络侧向该移动 终端发送禁止通知, 由移动终端来关闭对应的功能。
所述限制的用户功能包括禁止摄像、 录音、 拒绝接听电话和禁止发 送连接请求中的一种或任意几种的组合。
所述限制的用户功能通过受限级别来确定。
本发明提供的一种实现场景保密功能的系统包括:
具有定位系统的移动通信网络和移动终端, 其中,
移动通信网络, 用于保存受限区域信息, 所述受限区域信息至少包 括受限区域标识、 该受限区域内所限制的用户标识以及所限制的用户功 能; 并且, 当移动终端开机时, 移动通信网络启动定位系统对该移动终 端进行跟踪, 并在确定该移动终端所在区域所述自身保存的受限区域 时, 限制该移动终端进行所述的用户功能。
本发明提供的一种实现场景保密功能的系统包括:
移动通信系统和移动终端, 其中,
移动通信系统, 用于在受限区域内实时广播受限区域信息, 所述受 限区域信息包括受限区域标识、 该受限区域内所限制的用户标识以及所 限制的用户功能;
移动终端, 用于保存自身受限区域信息, 并在进入该区域内的移动 终端收到该广播信息后, 比较收到的受限区域信息与自身保存的是否一 致, 并在一致的情况下, 停止所述用户功能。
本发明提供的一种实现场景保密功能的系统包括:
移动通信系统和移动终端, 其中,
移动通信系统, 用于在受限区域内实时广播受限区域信息和预先设 置的位置使能参数, 并根据移动终端发送过来的位置使能参数给该移动 终端提供其位置信息;'所述受限区域信息包括受限区域标识、 该受限区 域内所限制的用户标识以及所限制的用户功能;
移动终端, 利用收到的位置定位使能参数从移动通信系统得到自身 的位置信息, 并判断自身所处的位置是否处于收到的广播受限区域信息 中的受限区域内, 并在确定处于受限区域时, 停止所述用户功能。
本发明通过在网络侧为设置受限区域信息, 当确定移动终端进入受 限区域时, 判断该移动终端是否属于受限用户, 如果属于, 则限制该移 动终端进行通信以及该移动终端被限制的功能, 比如通信、摄像、 录音、 拍照等, 从而使特定场景的机密不通过移动终端具有的特定功能传送出 去。 附图简要说明
图 1为实现本发明具体实施例一的流程示意图;
图 2为实现本发明具体实施例二的流程示意图;
图 3为本发明系统的示意图。 实施本发明的方式
本发明的方法主要是指在网络侧为申请的受限区域进行登记, 并同 时设置该区域内受限用户标识以及该移动终端所被限制的功能; 当确定 移动终端进入受限区域时, 判断该移动终端是否属于受限用户, 如果属 于,则限制该移动终端进行通信以及该移动终端特定的功能,比如通信、 摄像、 录音、 拍照等。 而且, 可以通过设置受限级别, 进而设置所限制 的用户功能。
对于确定移动终端是否进入受限区域的方法可以通过以下几种方式 实现: 第一种, 移动终端开机后, 向网络侧进行注册, 网络侧在对该移 动终端进行注册后, 启动位置定位系统, 开始对该移动终端进行跟踪, 然后根据跟踪得到的位置信息判断该移动终端是否进入受限区域; 第二 种是在移动终端中设置其受限区域信息, 比如, 受限区域标识, 网络侧 在受限区域内实时广播含有受限区域标识的受限区域信息, 当进入该区 域内的移动终端收到该广播信息后, 比较收到的受限区域标识与自身保 存的受限区域标识是否一致, 如果一致, 则认为自身已进入受限区域, 否则, 则认为没有进入受限区域; 第三种与第二种相似, 不过需要在网 络侧进一步设置终端定位使能参数, 然后网络侧在受限区域内实时广播 受限区域信息和位置定位使能参数, 当移动终端进入该受限区域时, 接 收到这些广播信息, 然后根据收到的位置定位使能参数向网络侧发送位 置信息请求, 此后, 当该移动终端收到网络侧发送的其位置信息后, 再 比较自身所处的位置是否处于受限区域内, 如果处于, 则主动关闭自身 的受限功能。
而且, 对于每个受限区域的管理者来说, 可以选择其需要受限的类 型, 比如, 可以限制移动终端进行摄像、 拍照, 也可能只禁止打电话、
VP电话、 发送短消息以及发送电子邮件中的一种或几种通信功能。 当然, 如果确定移动终端离开受限区域, 则取消对该移动终端通信 以及特定功能的限制。 判断移动终端离开受限区域的方法可以包括但并 限以下两种。 第一种, 可以通过定位系统确定, 这种方式是由网络侧根 据移动终端的当前位置确定其是否在受限区域内; 第二种, 可以通过自 身设置定时器, 当确定进入受限区域后, 启动定时器, 如果在定时器超 时之前, 一直未再收到广播信息, 则认为已走出受限区域。
禁止受限用户进行通信以及其特定功能的方式也有多种情况, 对于 是由网络侧确定了移动终端进入受限区域时, 可以有以下几种情况, 一 种情况是: 网络侧可以根据所确定的受限类型, 向移动终端侧发送禁止 通信的通知, 其中包括该移动终端的受限类型, 当移动终端收到该通知 后, 按照其中的受限类型通过自身的软件方式直接关闭对应的功能, 这 些功能包括禁止摄像、录音以及拒绝接听电话,或禁止发送连接请求等; 另一种精况是: 当网络侧收到含有主叫号码和被叫号码的呼叫请求后, 确定其中一方为受限用户时, 可以直接通知发起方 "本次通话为受限通 信, 禁止通信"的说明, 所以此时可以通过不为该用户建立连接的方式, 或拒绝发送信息流的方式禁止通信, 当然,这只能限制该移动终端通信, 却无法直接限制移动终端除通信之外的其它功能, 所以对于某些移动终 端的特定功能来说, 网络侧可以发送禁止通知, 由移动终端来关闭对应 的功能即可。
以下举具体实施例详细说明本发明的技术方案。
本实施例的核心思想是: 在网络侧设置受限区域信息以及授权用户 标识, 并且对进行位置登记的用户通过位置定位系统进行跟踪, 当移动 终端进入受限区域后, 如果网络侧确定该用户属于受限用户, 则确定该 用户的受限类型, 然后根据该受限类型来限制该移动终端的功能。
参见图 1所示, 本实施例在特定区域内限制用户通信的过程如下: 步骤 100: 在网络侧设置受限区域信息, 其具体包括受限区域、 受 限用户标识、 受限级别等。 这里受限级别可以根据保密申请方的需要自 行设置。
比如, 受限级别可分为三个级别: 一级为关闭所有的移动终端中所 有功能; 二级为只关闭 VP电话功能、 语音电话功能; 三级为关闭发送 短消息、 电子邮件等功能。 当然, 对于受限用户标识来说, 也可以只设 置非受限用户标识, 用于表示除这些用户之外全部为受限用户。 并且受 限级别的划分以及采用哪种受限级别并不响应本发明的保护范围。
步骤 101 ·. 移动终端开机后, 进行位置登记请求。
步骤 102: 网络侧收到该位置登记请求后, 通过手机位置定位系统 跟踪该移动终端。
步骤 103: 当网络侧监测到该移动终端进入该受限区域时, 根据网 络侧保存的受限区域信息, 确定该移动终端是否属于受限用户以及受限 功能类型。 具体的说, 网络侧判断受限区域信息中是否包括该移动终端 的标识, 如果包括, 则认为该移动终端属于受限用户, 如果不包括, 则 认为该移动终端属于不受限用户。 这里, 受限功能类型为禁止通话、 禁 止 VP电话, 禁止发送短信息、 禁止发送 E-MAIL、 禁止发送图片等。
步骤 104: 当网络侧收到移动终端发送的含有主叫号码和被叫号码 的呼叫请求后, 根据主叫号码和被叫号码判断主叫或被叫是否为受限用 户以及受限类型, 如果其中一方为受限用户, 则禁止双方利用该受限类 型的方式进行通信, 如果主叫和被叫都不是受限用户, 则允许通信。
在上述过程中, 由于没有针对每个移动终端自身的能力来确定需要 禁止该移动终端的功能, 因此可能会出现这样的情况, 比如, 该移动终 端只是具有普通语音通信功能的终端, 但是按照网络侧保存的受限区域 信息, 该移动终端的可视电话功能也被禁止, 这对于该移动终端来说, 是不必要的。 所以, 可以在步骤 101中进一步包括: 移动终端在发送的 位置登记请求中包括用户自身能力信息。 这样, 当执行步骤 103时, 可 以利用该用户的能力信息以及受限区域信息来确定用户真正需要禁止 的功能。
上述实施例主要是通过网络侧来控制是否禁止通信, 其实在实际应 用中, 也可以通过适当的改造手机, 来完成禁止通信的功能。
本实施例的主要设计思想为: 当移动终端进入受限区域之前, 在该 终端中设置受限区域信息, 同时无线业务广播中心在受限区域内广播受 限区域信息, 比如: 广播的受限区域信息中包括受限区域标识以及该受 限区域的受限功能等; 移动终端接收广播的受限区域信息, 并将其与自 身存储的受限区域标识进行比较, 如果广播中包括移动终端自身存储的 受限区域标识, 则认为进入受限区域, 然后移动终端再取消该受限区域 所限制的功能。
如图 2所示, 其具体处理步骤如下:
步骤 201 : 为申请保密区域设置受限区域信息。
当将申请保密区域向移动通信网络运营商提出受限申请时, 运营商 将按该区域管理者要求为该区域设置受限区域信息。 其中, 受限区域信 息包括: 受限区域标识、 受限区域管理者标识、 受限区域位置等。
步骤 202: 网络侧在各受限区域内广播受限区域信息。 也就是说, 所有进入各受限区域的移动终端都会接收到该广播, 并且可以识别广播 中的受限区域信息, 但在非受限区域内无法接收该广播。
其中, 在某一受限区域内广播的受限区域信息至少包含当前受限区 域自身的受限区域信息, 还可以进一步包含: 其它一个或多个受限区域 的受限信息, 最多可以包含所有受限区域的受限区域信息; 并且, 所广 播的每一区域的受限区域信息包括, 步骤 201中为对应受限区域设置的 受限区域标识或受限区域管理者标识或受限区域位置等信息, 或上述几 项的任意组合。
在移动通信网络中, 广播业务的实现通常为: 可以在移动通信网络 中设置小区广播中心, 用于授权和在移动网络中发起小区广播业务, 并 按照预定时间计划传送广播内容; 也可以在移动通信网络中设置多个小 区广播实体, 每个小区广播实体对应一个或多个小区, 每个小区广播实 体先将各自的广播消息内容及广播参数提交到小区广播中心, 小区广播 中心对来自不同小区广播实体的消息进行综合调度, 然后将操作命令送 到基站控制器, 进一步发起小区广播业务。 基站控制器收到命令后, 对 收到的命令进行解释、 存储并发送到基站, 基站对广播消息进行流量控 制, 然后发送给移动终端。 这里, 广播受限区域信息的实现方式并不局 限一种, 也可以采用其它的广播业务实现方式, 由于广播业务的实现不 属本发明设计的问题, 在此不作详述。
步骤 203: 在某一移动终端进入某一受限区域之前, 为此移动终端 设置受限区域信息, 该设置可以由移动终端当前进入的受限区域的管理 者冗成。
其中, 所述为移动终端设置的受限区域信息可以为, 步骤 202中所 广播的该区域的受限信息中几项的任意组合。 另外, 还可以进一步为移 动终端设置终端定位使能参数。 并且, 当步骤 202中广播的受限区域信 息至少包括受限区域位置时, 也可以仅为该移动终端设置终端定位使能 参数。 由于, 移动终端中一旦设置了终端定位使能参数就会发起现有的 定位过程, 获取当前所在区域位置信息, 因此, 移动终端通过为其设置 的终端定位使能参数可以得到当前所在区域位置, 并将此所在区域位置 作为受限区域信息存储下来。 可见, 在移动终端中存储的受限区域信息 为: 受限区域标识, 或受限区域管理者标识, 或受限区域位置, 或终端 自身定位得到的所在区域位置等信息, 或上述几项的任意组合。
这里, 受限区域信息和终端定位使能参数可以由运营商通过空口
( OTA )下载方式给移动终端发送短消息( SMS )或多媒体消息( MMS ) 自动下载到移动终端内, 也可以由受限区域管理者通过人机界面的方式 手动设置在移动终端内。 另外, 终端定位使能参数还可以通过广播的方 式发送到移动终端。
受限区域管理者可以根据受限区域的进入方式和入口特点, 从上述 两种设置受限区域信息的方案中选择其一来进行管理。 比如说, 如果受 限区域的入口只有一个, 需要的管理人员不多, 则可以由管理人员以人 机界面的方式手动设置受限区域信息; 如果受限区域的入口有多个, 进 入的人员较多, 采用人机界面的方式实现起来比较困难, 不便于管理, 因此可以采用 OTA下载方式自动输入受限区域信息。
由于, 移动终端由移动设备(ME ) 和通用集成电路卡(UICC )构 成, 因此, 这里所述受限区域信息可以存储在该终端的 ME中, 也可以 存储在 UICC中。 本方法如果应用于 CDMA网络, 则所述 UICC为通用 用户模块(UIM )卡, 如果应用于 GSM/GPRS网络, 则所述 UICC为签 约用户标识模块(SIM )卡, 如果应用于 WCDMA网络, 则所述 UICC 为通用签约用户标识模块(USIM )卡。 当然, 根据实际需要该 UICC也 可以为其它智能卡, 但并不影响本发明的有效性。
步骤 204: 移动终端接收步骤 202所述的广播信息, 并判决其是否 进入受限区域, 如果是, 转入步骤 205; 否则返回步骤 204。
步骤 205: 移动终端取消对应的受限功能, 同时该终端显示进入受 限区域的通知, 提示该终端所述受限功能已被取消, 用户可以将该终端 带入受限区域内。 比如, 受限功能可以是照像、 摄像、 录音等。 以取消 照像功能为例, 由于具备照相功能的移动终端由照相模块、 通信模块和 输入输出设备构成, 照相模块关闭其照相功能并不影响通信模块的功 能, 所以此时, 该终端将无法使用其照相功能进行拍照, 但还具备通信 功能, 从而保证了受限区域内的机密信息无法被人以照相的方式窃取, 并且不影响终端用户正常使用该终端的通信功能。 当然, 如果是取消摄 像或录音功能, 则关闭对应模块的功能即可。
另外, 步骤 203中为用户终端设置受限区域信息的同时还可以给终 端设置修改密码等信息, 当用户进入受限区域后对试图对受限区域标 识、 受限区域管理者标识、 受限区域位置等信息进行修改时, 终端会要 求用户输入修改密码, 从而保护了受限区域管理者所设置的受限区域信 息, 防止用户将该终端带入受限区域后自行修改其受限区域信息并开启 照相功能。
步骤 206: 移动终端继续接收步骤 202所述的广播信息, 并判决其 是否离开受限区域, 如果是, 返回步骤 206; 否则转入步骤 207。
步骤 207: 移动终端自动恢复其受限功能, 同时该终端显示离开受 限区域的通知, 提示该终端用户受限功能已被恢复, 用户可以在受限区 域外继续使用该移动终端的受限功能, 结束处理。
上述方案中, 移动终端已在步骤 203得到了包括受限区域标识、 受 限区域管理者标识、 受限区域位置或所在区域位置等受限区域信息。 因 此, 在步骤 204和步骤 206中, 移动终端通过判决其自身得到的受限区 域信息与广播中的受限区域信息中的对应项是否一致就可以得知自己 是否进入或离开受限区域。
比如, 具体的判决原则可以为:
如果移动终端所存储的受限区域标识、 受限区域管理者标识、 受限 区域位置或所在区域位置等信息中, 有一项与该终端接收到的广播信息 中的受限区域标识、 受限区域管理者标识或受限区域位置等信息中的对 应项相同, 则判决该移动终端进入受限区域; 否则判决该移动终端未进 入受限区域;
如果移动终端所存储的受限区域标识、 受限区域管理者标识、 受限 区域位置以及所在区域位置等信息, 与该终端接收到的广播信息中的受 限区域标识、 受限区域管理者标识或受限区域位置等信息中的对应项不 同, 则判决该移动终端离开受限区域; 否则判决该移动终端未离开受限 区域。
这里, 所述的判决中具体判决哪一项或哪几项信息, 与实际的受限 区域管理者的管理方式相关, 并无具体限定。 由于, 如前面所述, 移动 终端存储下来的受限区域信息中至少有一项与步骤 202所广播的受限信 息中的一项相对应。 因此, 本实施例可以保证对移动终端是否进入或离 开受限区域做出准确的判断。
此外, 本实施例还可以采用另一种方式来实现特定区域内的移动终 端的功能受限, 具体包括:
1 )在网络侧为受限区域设置受限区域位置信息, 并为移动终端设置 终端定位使能参数; 然后在所有区域内持续广播受限区域位置信息和终 端定位使能参数。 这里, 所广播的受限区域位置信息可以是某个或某几 个受限区域的位置信息, 也可以是所有受限区域的位置信息; 并且在某 一受限区域内广播的受限区域位置信息中至少包括该受限区域自身的 受限区域位置信息。
2 )移动终端持续接收携带有终端定位使能参数和受限区域位置信息 的广播消息, 每次接收到终端定位使能参数后, 移动终端均会发起终端 定位过程得到当前所在区域位置, 得到当前所在区域位置后, 该移动终 端会将定位得到的所在区域位置与广播消息中携带的受限区域位置信 息——进行比较, 根据比较结果判决该移动终端是否处于受限区域, 如 果是, 则禁止该移动终端的受限功能; 否则, 恢复所限制的功能。
参见图 3所示, 本发明的系统包括: 移动通信网络和移动终端。 并且, 基于上述方法, 为实现本发明目的, 移动通信网络和移动终 端之间的交互可以通过以下三种方案实现:
第一种方案: 移动通信系统为具有定位系统的移动通信网络, 用于 保存受限区域信息, 所述受限区域信息至少包括受限区域标识、 该受限 区域内所限制的用户标识以及所限制的用户功能; 并且, 当移动终端开 机时, 移动通信网络启动定位系统对该移动终端进行跟踪, 并在确定该 移动终端所在区域所述自身保存的受限区域时, 限制该移动终端进行所 述的用户功能。
第二种方案: 移动通信系统, 用于在受限区域内实时广播受限区域 信息, 所述受限区域信息包括受限区域标识、 该受限区域内所限制的用 户标识以及所限制的用户功能;移动终端, 用于保存自身受限区域信息, 并在进入该区域内的移动终端收到该广播信息后, 比较收到的受限区域 信息与自身保存的是否一致, 并在一致的情况下, 停止所述用户功能。
第二种方案: 移动通信系统, 用于在受限区域内实时广播受限区域 信息和预先设置的位置使能参数, 并根据移动终端发送过来的位置使能 参数给该移动终端提供其位置信息; 所述受限区域信息包括受限区域标 识、该受限区域内所限制的用户标识以及所限制的用户功能; 移动终端, 利用收到的位置定位使能参数从移动通信系统得到自身的位置信息, 并 判断自身所处的位置是否处于收到的广播受限区域信息中的受限区域 内, 并在确定处于受限区域时, 停止所述用户功能。 总之, 以上所述仅 为本发明的较佳实施例而已, 并非用于限定本发明的保护范围。

Claims

权利要求书
1、 一种实现场景保密功能的方法, 其特征在于, 该方法包括以下步 骤:
a. 在网络侧设置受限区域信息, 至少包括受限区域标识、 该受限区 域内所限制的用户标识以及所限制的用户功能;
b. 当确定移动终端进入所述受限区域时,根据该移动终端的用户号 码判断该移动终端是否属于受限用户, 如果属于, 则限制该移动终端进 行步骤 a中所述的用户功能, 否则, 不进行限制。
2、 根据权利要求 1所述的方法, 其特征在于, 步骤 b中所述确定移 动终端是否进入受限区域的步骤包括:
b】l、 移动终端开机后, 向网络侧发起注册请求;
bl2、 网络侧收到该注册请求后, 在对该移动终端进行注册, 并启动 位置定位系统, 开始对该移动终端进行跟踪;
bl 3、网络侧判断该移动终端的当前位置是否属于步骤 a中所述受限 区域标识所对应的区域, 如果是, 则认为该移动终端进入受限区域, 否 则, 认为该移动终端没有进入受限区域。
3、根据权利要求 1所述的方法, 其特征在于, 在移动终端中设置其 受限区域信息, 则步骤 b中所述确定移动终端是否进入受限区域的步骤 包括:
b21、 网络侧在受限区域内实时广播受限区域信息, 当进入该区域内 的移动终端收到该广播信息后, 比较收到的受限区域信息与自身保存的 是否一致, 如果一致, 则认为自身已进入受限区域, 否则, 则认为没有 进入受限区域。
4、根据权利要求 1所述的方法, 其特征在于, 在网络侧进一步设置 终端定位使能参数, 网络侧在受限区域内实时广播受限区域信息和位置 定位使能参数; 则步骤 b中所述确定移动终端是否进入受限区域的步骤 包括:
b3 1、 当移动终端接收到所述广播信息, 然后利用收到的位置定位使 能参数向网络侧发送位置信息请求;
b32、 当该移动终端收到网络侧发送的该移动终端的位置信息后,该 移动终端判断自身所处的位置是否处于收到的广播受限区域信息中的 受限区域内, 如果处于, 则主动关闭自身受限的用户功能。
5、根据权利要求 2所述的方法, 其特征在于, 步骤 b中所述限制该 移动终端进行步骤 a中所述的用户功能的步骤为:
网络侧根据所限制的用户功能,向移动终端侧发送禁止通信的通知, 其中包括该移动终端的受限的所述用户功能,
当移动终端收到该通知后, 按照其中的受限的所述用户功能通过自 身的软件方式直接关闭对应的功能。
6、根据权利要求 2所述的方法, 其特征在于, 当所限制的用户功能 为通信功能时, 步骤 b中所述限制该移动终端进行步骤 a中所述的用户 功能的步骤为: 不为所述用户建立连接, 或以拒绝发送信息流的方式禁 止所述用户通信。
7、根据权利要求 1所述的方法, 其特征在于, 当所限制的用户功能 为禁止摄像和 /或录音功能时, 网络侧向该移动终端发送禁止通知, 由移 动终端来关闭对应的功能。
8、 根据权利要求 1所述的方法, 其特征在于, 所述限制的用户功能 包括禁止摄像、 录音、 拒绝接听电话和禁止发送连接请求中的一种或任 意几种的组合。
9、根据权利要求 1所述的方法, 其特征在于, 所述限制的用户功能 通过受限级别来确定。
10、 一种实现场景保密功能的系统, 其特征在于, 该系统包括: 具有定位系统的移动通信网络和移动终端, 其中,
移动通信网络, 用于保存受限区域信息, 所述受限区域信息至少包 括受限区域标识、 该受限区域内所限制的用户标识以及所限制的用户功 能; 并且, 当移动终端开机时, 移动通信网络启动定位系统对该移动终 端进行跟踪, 并在确定该移动终端所在区域所述自身保存的受限区域 时, 限制该移动终端进行所述的用户功能。
1 1、 一种实现场景保密功能的系统, 其特征在于, 该系统包括: 移动通信系统和移动终端, 其中,
移动通信系统, 用于在受限区域内实时广播受限区域信息, 所述受 限区域信息包括受限区域标识、 该受限区域内所限制的用户标识以及所 限制的用户功能;
移动终端, 用于保存自身受限区域信息, 并在进入该区域内的移动 终端收到该广播信息后, 比较收到的受限区域信息与自身保存的是否一 致, 并在一致的情况下, 停止所述用户功能。
12、 一种实现场景保密功能的系统, 其特征在于, 该系统包括: 移动通信系统和移动终端, 其中,
移动通信系统, 用于在受限区域内实时广播受限区域信息和预先设 置的位置使能参数, 并根据移动终端发送过来的位置使能参数给该移动 终端提供其位置信息; 所述受限区域信息包括受限区域标识、 该受限区 域内所限制的用户标识以及所限制的用户功能;
移动终端, 利用收到的位置定位使能参数从移动通信系统得到自身 的位置信息, 并判断自身所处的位置是否处于收到的广播受限区域信息 中的受限区域内, 并在确定处于受限区域时, 停止所述用户功能。
PCT/CN2005/002271 2004-12-23 2005-12-21 Procede et systeme de mise en oeuvre d'une fonction de securite de site WO2006066507A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP05820621A EP1830513B1 (en) 2004-12-23 2005-12-21 A method for implementing the function of the scene security and a system thereof
AT05820621T ATE456213T1 (de) 2004-12-23 2005-12-21 Verfahren zur implementierung der ortssicherheitsfunktion und system dafür
DE602005019096T DE602005019096D1 (de) 2004-12-23 2005-12-21 Verfahren zur implementierung der ortssicherheitsfunktion und system dafür
US11/638,230 US20070155374A1 (en) 2004-12-23 2006-12-13 Method and system for keeping a scene secret

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200410102484.7 2004-12-23
CN2004101024847A CN100407863C (zh) 2004-12-23 2004-12-23 一种实现场景保密功能的方法

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/638,230 Continuation US20070155374A1 (en) 2004-12-23 2006-12-13 Method and system for keeping a scene secret

Publications (1)

Publication Number Publication Date
WO2006066507A1 true WO2006066507A1 (fr) 2006-06-29

Family

ID=36601388

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/002271 WO2006066507A1 (fr) 2004-12-23 2005-12-21 Procede et systeme de mise en oeuvre d'une fonction de securite de site

Country Status (6)

Country Link
US (1) US20070155374A1 (zh)
EP (1) EP1830513B1 (zh)
CN (1) CN100407863C (zh)
AT (1) ATE456213T1 (zh)
DE (1) DE602005019096D1 (zh)
WO (1) WO2006066507A1 (zh)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60036731T2 (de) * 2000-06-14 2008-07-17 Nokia Corp. Verfahren und vorrichtung zur durchführung der positionsregistrierung
CN101247581B (zh) * 2007-02-15 2011-12-07 联想(北京)有限公司 一种控制移动终端状态的方法及其系统
US8675553B2 (en) * 2009-03-26 2014-03-18 Qualcomm Incorporated Regulating the scope of service geographically in wireless networks based on priority
CN102223595A (zh) * 2010-04-19 2011-10-19 大唐移动通信设备有限公司 用于特殊区域安全需求的通信方法及装置
CN102238688A (zh) * 2010-04-26 2011-11-09 大唐移动通信设备有限公司 基于用户身份信息访问控制的方法及装置
CN102244917A (zh) * 2010-05-14 2011-11-16 北京信威通信技术股份有限公司 一种用于无线信号受限环境的通信方法
CN101860988A (zh) * 2010-05-17 2010-10-13 中兴通讯股份有限公司 一种基于位置区域的无线通信终端业务控制方法和装置
KR20120114964A (ko) * 2011-04-08 2012-10-17 엘지전자 주식회사 다중 안테나 무선 통신 시스템에서 단말의 신호 송수신 방법 및 이를 위한 장치
CN102448084B (zh) * 2011-09-29 2015-01-14 厦门盛华电子科技有限公司 基于无线射频技术的移动终端控制方法
CN103312676B (zh) * 2012-03-15 2017-06-20 宇龙计算机通信科技(深圳)有限公司 终端、服务器和终端安全管理方法
EP2832131A4 (en) * 2012-03-30 2015-11-25 Hewlett Packard Development Co DEFINING A PERIOD OF SURVEILLANCE OF A WIRELESS DEVICE TO DETECT A VIOLATION OF THE PERIMETER
CN102801780A (zh) * 2012-06-27 2012-11-28 宇龙计算机通信科技(深圳)有限公司 拍照装置的拍照提醒方法及拍照装置
CN104010304B (zh) * 2013-02-22 2017-11-21 株式会社理光 在受限区域内进行认证的移动设备和系统及其方法
CN103607730A (zh) * 2013-11-19 2014-02-26 成都西科微波通讯有限公司 一种移动设备通信的区域管控方法及系统
CN103813310B (zh) * 2014-02-28 2015-09-02 宇龙计算机通信科技(深圳)有限公司 锁小区装置和方法以及控制装置和方法
CN103885827B (zh) * 2014-03-28 2019-10-15 努比亚技术有限公司 自动切换运行模式的方法和智能终端
CN105205875B (zh) * 2014-06-11 2018-11-02 中国移动通信集团公司 一种终端设备管理方法、装置、系统和相关设备
CN105355012A (zh) * 2014-08-19 2016-02-24 中兴通讯股份有限公司 一种对终端进行管理的系统和方法
CN104185160A (zh) * 2014-09-05 2014-12-03 广州杰赛科技股份有限公司 一种移动业务应用迁移系统及其代理终端
US9756173B2 (en) * 2015-03-28 2017-09-05 International Business Machines Corporation Leveraging mobile devices to enforce restricted area security
CN106162822B (zh) * 2015-04-28 2020-01-10 南京酷派软件技术有限公司 一种区域范围内限制终端联网的方法、装置及终端
CN107579947A (zh) * 2016-07-05 2018-01-12 中兴通讯股份有限公司 一种访客终端的控制方法、装置、服务器及移动终端
CN106506450B (zh) * 2016-09-27 2020-01-21 北京安云世纪科技有限公司 保密通话的方法和系统
GB2554946A (en) * 2016-10-17 2018-04-18 Habyts Ltd Controlling electronic computer devices
CN106658497B (zh) * 2016-12-02 2022-07-22 北京握奇智能科技有限公司 一种终端设备的权限控制方法及系统
CN108512804A (zh) * 2017-02-24 2018-09-07 美的智慧家居科技有限公司 安全摄录方法和装置
CN107481358B (zh) * 2017-07-13 2020-07-03 安徽声讯信息技术有限公司 基于app的动态二维码管理系统及其方法
CN107682433A (zh) * 2017-09-30 2018-02-09 北京金山安全软件有限公司 信息推送方法、装置、设备和介质
CN114501320A (zh) * 2021-12-29 2022-05-13 浙江百应科技有限公司 一种设备管控方法、装置以及系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040002310A (ko) * 2002-06-29 2004-01-07 엘지.필립스 엘시디 주식회사 터치패널 및 그의 구동장치
CN1543115A (zh) * 2003-04-30 2004-11-03 ��Ϊ�������޹�˾ 一种防止网络用户对网络地址转换(nat)设备攻击的方法

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6011973A (en) * 1996-12-05 2000-01-04 Ericsson Inc. Method and apparatus for restricting operation of cellular telephones to well delineated geographical areas
WO1998034421A2 (de) * 1997-01-31 1998-08-06 Maz Mikroelektronik Anwendungszentrum Hamburg Gmbh Verfahren zum detektieren von mobilfunkstationen
US6721542B1 (en) * 1999-05-28 2004-04-13 Nokia Corporation System for location specific, automatic mobile station behavior control
CN1135048C (zh) * 1999-06-28 2004-01-14 西门子公司 运行移动终端机和相应的移动无线系统的方法
US6591102B1 (en) * 2000-02-03 2003-07-08 Avaya Technology Corp. Method and system for transmitting feature and authentication information for wireless communication services
WO2002045449A1 (en) * 2000-11-28 2002-06-06 Nokia Corporation System and method for authentication of a roaming subscriber
US20030008662A1 (en) * 2001-07-09 2003-01-09 Stern Edith H. Systems and methods wherein a mobile user device operates in accordance with a location policy and user device information
US6937868B2 (en) * 2002-01-16 2005-08-30 International Business Machines Corporation Apparatus and method for managing a mobile phone answering mode and outgoing message based on a location of the mobile phone
US20040203667A1 (en) * 2002-03-14 2004-10-14 Thaddeus Schroeder System for locally restricting use of cellphones and other electronic devices
US6750813B2 (en) * 2002-07-24 2004-06-15 Mcnc Research & Development Institute Position optimized wireless communication
US7574731B2 (en) * 2002-10-08 2009-08-11 Koolspan, Inc. Self-managed network access using localized access management
KR100520618B1 (ko) * 2003-01-14 2005-10-10 삼성전자주식회사 다기능 이동 통신 단말의 사용 제한 방법
WO2004089021A2 (en) * 2003-04-01 2004-10-14 Iceberg Intellectual Property Limited Portable digital devices
US20040228460A1 (en) * 2003-05-15 2004-11-18 Cherif Keramane Portable communications devices providing selective inhibition of functionalities and related control devices and methods
US20050064856A1 (en) * 2003-09-18 2005-03-24 International Business Machines Corporation Method and apparatus for managing functions in a camera phone
CN100393165C (zh) * 2004-10-11 2008-06-04 中兴通讯股份有限公司 一种基于phs智能网的呼叫权限的实现方法及其系统

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040002310A (ko) * 2002-06-29 2004-01-07 엘지.필립스 엘시디 주식회사 터치패널 및 그의 구동장치
CN1543115A (zh) * 2003-04-30 2004-11-03 ��Ϊ�������޹�˾ 一种防止网络用户对网络地址转换(nat)设备攻击的方法

Also Published As

Publication number Publication date
EP1830513A1 (en) 2007-09-05
US20070155374A1 (en) 2007-07-05
EP1830513A4 (en) 2008-03-19
EP1830513B1 (en) 2010-01-20
ATE456213T1 (de) 2010-02-15
CN100407863C (zh) 2008-07-30
DE602005019096D1 (de) 2010-03-11
CN1798433A (zh) 2006-07-05

Similar Documents

Publication Publication Date Title
WO2006066507A1 (fr) Procede et systeme de mise en oeuvre d'une fonction de securite de site
US9345052B2 (en) Method and system for allowing incoming emergency communications on a disabled device
CN100433845C (zh) 在分组数据网络中为具有无效用户标识的无线设备建立紧急会话
US7689231B2 (en) Territorial enforcement of device functionality
US8682281B2 (en) Monitoring application and method for establishing emergency communication sessions with disabled devices based on transmitted messages
US7275695B2 (en) Portable terminal and function limiting method
KR100671377B1 (ko) 반이중 무선 통신 방법 및 시스템, 컴퓨터 판독가능 기록 매체
CN104660809B (zh) 私密联系人来电的接听管理方法及装置
WO2005104571A1 (fr) Procede permettant de mettre en oeuvre une fonction de protection de secret dans une zone donnee
JP2000270376A (ja) 携帯電話保守サービスシステム及び保守サービス方法
US6470082B1 (en) Communications system using portable recording medium
JP5347864B2 (ja) 移動体通信サービス処理方法、携帯電話端末及び移動体通信網側装置
KR100548394B1 (ko) 휴대 단말기에 적용되는 디지털 카메라의 사용 제한시스템 및 방법
KR100732482B1 (ko) 인증을 통한 단말기 분실관리 서비스 방법 및 시스템
KR101048190B1 (ko) 화상제한구역 내에서 화상 전송을 자동으로 차단하는 방법및 장치
EP2571301B1 (en) System and method for urgent information deleting and transferring last location information in secure communication
KR100851580B1 (ko) 지역 기반의 화상 전송 제어 방법 및 장치
JP3120834B2 (ja) 携帯電話端末の不正使用防御方式
JPH06105366A (ja) デジタル方式移動通信システム
JP2001298530A (ja) 通信システム、その通信方法及び受信装置
JP2002027561A (ja) 無線通信システム
KR20090097023A (ko) 스마트 카드를 이용한 단말기 서비스 제어 방법 및 그 장치
JPH05130031A (ja) 移動体端末のセキユリテイ制御方法
JP2001326963A (ja) 無線通信システム及び携帯端末
KR20040100154A (ko) 단문 메세지 서비스를 이용한 특정번호 차단 시스템 및 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005820621

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 4549/CHENP/2006

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 11638230

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 11638230

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2005820621

Country of ref document: EP