WO2014205703A1 - Method and device for detecting shared access, and terminal device - Google Patents

Method and device for detecting shared access, and terminal device Download PDF

Info

Publication number
WO2014205703A1
WO2014205703A1 PCT/CN2013/078078 CN2013078078W WO2014205703A1 WO 2014205703 A1 WO2014205703 A1 WO 2014205703A1 CN 2013078078 W CN2013078078 W CN 2013078078W WO 2014205703 A1 WO2014205703 A1 WO 2014205703A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
source
shared access
terminal device
device identifier
Prior art date
Application number
PCT/CN2013/078078
Other languages
French (fr)
Chinese (zh)
Inventor
张仲虎
高晓峰
张翀
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2013/078078 priority Critical patent/WO2014205703A1/en
Priority to CN201380000870.2A priority patent/CN103650457B/en
Publication of WO2014205703A1 publication Critical patent/WO2014205703A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method, a device, and a terminal device for sharing access.
  • peer-to-peer network applications consume a large amount of network resources, in order to enable the terminal devices accessing the local area network to use the network resources fairly and reasonably, the operator needs to know the shared access terminal devices to manage the shared access terminal devices. The amount of information and so on.
  • the so-called shared access means that multiple terminal devices are connected to the network through one line.
  • the interconnection protocol between the networks of the multiple terminal devices is usually required through the routing device (Internet Protocol) , IP )
  • IP Internet Protocol
  • the address is translated to the IP address assigned by the server to the routing device.
  • the gateway device can determine the number of shared access devices by detecting the Transmission Control Protocol (TCP)/IP header feature information of the packet sent by the terminal device, for example, the time to live (Time) To Live, TTL) Detection, IP packet identification detection, serial number detection, Maximum Transmission Unit (MTU) detection, etc.
  • the gateway device may also determine the number of shared access devices, such as timestamp detection and clock crystal detection, by detecting the system time of the message sent by the terminal device.
  • the gateway device detects the number of shared access devices by using the TCP/IP header specific information of the packet sent by the terminal device and the system time, the terminal device or the routing device can easily transmit the packet to the gateway device.
  • the /IP header feature and system time are modified, so that the gateway device cannot accurately determine whether there is shared access under the same IP address, and thus cannot accurately determine the number of shared access terminal devices. Summary of the invention
  • the embodiments of the present invention provide a method, a device, and a terminal device for detecting a shared access, so that the shared access detecting device can accurately determine the number of shared access devices under the same IP address.
  • a method for detecting a shared access includes: receiving a data packet sent by a first terminal device, where the datagram is The device includes the device identifier encryption information and an internet protocol IP address between the source networks allocated by the server for the first terminal device, where the device identifier encryption information is the device identifier encryption information of the first terminal device or The device identification encryption information of the second terminal device of the first terminal device accessing the network;
  • Decrypting the device identification encryption information obtaining a first device identifier of the first terminal device or a second device identifier of the second terminal device;
  • the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address, obtaining the IP address record table corresponding to the source IP address The number of all device identifiers, which in turn determines the number of shared access devices under the source IP address.
  • the method in combination with the first aspect or the first possible implementation manner of the first aspect, after the determining the number of access devices in the source IP address, the method also includes:
  • the device identifier of the shared access device corresponding to the source IP address is further determined to be the device identifier corresponding to the source IP address in the preset bearer context. the same;
  • the method further includes:
  • the device identifier other than the device identifier of the master device is determined as the slave device sharing the access.
  • the third possible implementation manner of the first aspect After the data packet sent by the device, it also includes:
  • a second aspect provides a method for detecting a shared access, where the method includes: acquiring a device identifier;
  • a third aspect provides a detecting device for sharing access, where the detecting device includes: a receiving unit, a decrypting unit, and a determining unit;
  • the receiving unit is configured to receive a data packet sent by the first terminal device, where the data packet includes the device identifier encryption information and an internet protocol IP address between the source networks allocated by the server for the first terminal device,
  • the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network;
  • the decrypting unit is configured to decrypt the device identification encryption information, and obtain the first a first device identifier of the terminal device or a second device identifier of the second terminal device; the determining unit, configured to: if it is determined that the preset IP address record table includes the identifier corresponding to the source IP address And obtaining, by the first device identifier or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the number of shared access devices in the source IP address. .
  • the determining unit is further configured to: if it is determined that the preset IP address record table does not include the identifier corresponding to the source IP address, And storing, by the first device identifier or the second device identifier, a correspondence between the source IP address and the first device identifier or the second device identifier, and acquiring the source IP address in the IP address record table The number of all device identifiers corresponding to the address, and further determines the number of shared access devices under the source IP address.
  • the determining unit is further used to determine whether the third aspect or the first possible implementation manner of the third aspect.
  • the number of the shared access devices in the source IP address is equal to 1, determining whether the device identifier of the shared access device corresponding to the source IP address is the device identifier corresponding to the source IP address in the preset bearer context. the same;
  • the determining unit is further used to determine whether the third aspect or the first possible implementation manner.
  • a device identifier other than the device identifier of the master device in the device identifier corresponding to the source IP address in the IP record table is determined as a slave device that is shared.
  • the detecting device further includes: Delete unit; The deleting unit is configured to delete the device identifier encryption information in the data packet.
  • a fourth aspect provides a terminal device, where the terminal device includes: an acquiring unit, an encryption unit, a generating unit, and a sending unit;
  • the obtaining unit is configured to acquire a device identifier.
  • the encryption unit is configured to encrypt the device identifier, and obtain device identifier encryption information
  • the generating unit is configured to generate a data message including the device identifier encryption information
  • the sending unit is configured to send the data packet.
  • the method, device, and terminal device for detecting a shared access receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server is the first terminal.
  • the source IP address of the device, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessing the network by the first terminal device;
  • the device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address corresponding to the source IP address Obtaining, by the first device identifier or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the shared access device under the source IP address quantity.
  • the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • FIG. 1 is a schematic flowchart of a method for detecting shared access according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of another method for detecting shared access according to an embodiment of the present disclosure
  • FIG. 3 is a schematic diagram of interaction of a method for detecting shared access according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of an interaction of another method for detecting shared access according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a shared access detecting apparatus according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of another detection device for shared access according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention
  • FIG. 8 is a schematic structural diagram of another detecting device for shared access according to an embodiment of the present disclosure
  • FIG. 9 is a schematic structural diagram of another terminal device according to an embodiment of the present invention. detailed description
  • An embodiment of the present invention provides a method for detecting shared access, as shown in FIG. Methods include:
  • the shared access detecting device receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server to the first terminal device, where the device identifier is The encrypted information is the device identity encryption information of the first terminal device or the device identity encryption information of the second terminal device accessed by the first terminal device.
  • the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.).
  • the source IP address assigned by the server to the first terminal device is obtained, and user activation is completed.
  • the second terminal device When the second terminal device requests access to the network or requests data from the network, the second terminal device first acquires the second terminal device identifier of the second terminal device, encrypts the device identifier of the second terminal device, and obtains the device identifier and the encrypted information. Generating a data packet including the device identifier encryption information of the second terminal device, and transmitting the data packet to the first terminal device, and performing source IP on the data packet sent by the second terminal device by the first terminal device After the address conversion operation is performed, the first terminal device sends the processed data packet to the shared access detecting device after obtaining the processed data packet.
  • the device identifier of the first terminal device is encrypted, the device identifier is encrypted, and the data packet including the device identifier of the first terminal device is generated and shared.
  • the incoming detection device sends the generated data message.
  • the detection device of the shared access device decrypts the device identification encryption information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device.
  • the shared access detecting device After the shared access detecting device receives the data packet sent by the first terminal device, the data packet is decrypted.
  • the decryption function and the decryption key may be the second terminal device or the first terminal device and the shared access The testing equipment is agreed upon.
  • the shared access detecting device acquires the IP address. Recording the number of all device identifiers corresponding to the source IP address in the table, and determining the number of shared access devices under the source IP address.
  • Corresponding relationship between the active IP address and the first device identifier or the second device identifier is stored in the preset IP address record table in the shared access detecting device.
  • An embodiment of the present invention provides a method for detecting a shared access, which receives a data packet sent by a first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device.
  • the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network; decrypting the device identifier encryption information, obtaining The first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the first device identifier corresponding to the source IP address Or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, and the number of shared access devices in the source IP address is determined.
  • the data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the embodiment of the present invention provides a method for detecting a shared access.
  • the method is performed by the terminal device, and the terminal device may be a second terminal device or a first terminal device. As shown in FIG. 2, the method includes:
  • the terminal device acquires a device identifier.
  • the terminal device may obtain an International Mobile Subscriber Identification Number (IMSI) or a Mobile Subscriber Integrated Service Digital Network (Mobile Subscriber) of the terminal device. International Integrated Service Digital Network, MSISDN). 202.
  • the terminal device encrypts the device identifier, and obtains device identifier encryption information.
  • the terminal device may encrypt the device identifier of the terminal device by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
  • the symmetric encryption algorithm refers to an algorithm in which the same key is used for encryption and decryption, and the encryption function and the decryption function are a pair of inverse functions.
  • An asymmetric encryption algorithm refers to an algorithm that encrypts and decrypts different keys.
  • the asymmetric encryption algorithm usually has two keys: a public key and a private key. The public key is sent to the corresponding decryption device or encryption device by the encryption device or the decryption device, and the private key is saved by the encryption device or the decryption device itself without being publicized. of.
  • the terminal device generates a data packet that includes the device identifier encryption information.
  • the terminal device may generate a data packet according to a format of a data packet defined by the protocol.
  • the terminal device may add the device identifier encryption information to a location agreed with the shared access detecting device when generating the data packet including the device identifier encryption information.
  • the terminal device sends the data packet.
  • the terminal device when the terminal device is the second terminal device, any information sent to the detecting device of the shared access needs to pass through the first terminal device. That is, the terminal device sends the data packet to the first terminal device, and the first terminal device processes the data packet and sends the data packet to the shared access detecting device.
  • the first terminal device When the terminal device is the first terminal device, the first terminal device sends the data packet to the shared access detection device directly after generating the data packet.
  • An embodiment of the present invention provides a method for detecting a shared access, which acquires a device identifier, encrypts a device identifier, and obtains device identifier encryption information. Identifying a data message of the encrypted information; sending the data message.
  • the data packet sent by the terminal device to the detection device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • An embodiment of the present invention provides a method for detecting a shared access. As shown in FIG. 3, when the terminal device is a second terminal device, the method includes:
  • the second terminal device acquires a device identifier.
  • the device identifier may be an IMS I or MS I SDN of the second terminal device.
  • the second terminal device can read the device identifier of the second terminal device.
  • the second terminal device encrypts the device identifier, and obtains device identifier encryption information.
  • the device identifier of the second terminal device is encrypted, and the device identifier encrypted information is obtained.
  • the second terminal device may encrypt the device identifier by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
  • the symmetric encryption algorithm refers to an algorithm in which the same key is used for encryption and decryption, and the encryption function and the decryption function are a pair of inverse functions.
  • An asymmetric encryption algorithm refers to an algorithm that encrypts and decrypts different keys.
  • the asymmetric encryption algorithm usually has two keys: a public key and a private key. The public key is sent to the corresponding decryption device or encryption device by the encryption device or the decryption device, and the private key is saved by the encryption device or the decryption device itself without being publicized. of.
  • the second terminal device When the second terminal device encrypts the device identifier by using a symmetric encryption algorithm, the second terminal device needs to perform the device identifier according to a key and an encryption algorithm agreed with the shared access detecting device. Encrypt, obtain device ID encryption information.
  • the second terminal device When the second terminal device encrypts the device identifier by using an asymmetric encryption algorithm, the second terminal device may first determine a public key, and then use the public key.
  • Generating a private key encrypting the device identifier by using the generated private key, acquiring device identification encryption information, and transmitting the public key and the device identification encryption information to the shared access detection device, so that the The detecting device of the shared access generates the private key by using the public key, and decrypts the received device identification encrypted information by using the generated private key.
  • the second terminal device generates a data packet that includes the device identifier encryption information.
  • the second terminal device may generate a data packet according to a format of a data packet defined by the protocol.
  • the data message generated by the second terminal device or the first terminal device has a certain format
  • the second terminal device when the second terminal device generates the data packet including the device identifier encryption information,
  • the device identifier encryption information may be added to a location agreed by the second terminal device or the first terminal device and the shared access detection device, for example, after the appointment location is a TCP/IP header of the data packet.
  • the second terminal device sends a data packet including the device identifier encryption information to the first terminal device.
  • the first terminal device may specifically be a routing device.
  • the first terminal device processes the data packet to obtain a processed data packet.
  • the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.).
  • the source IP address assigned by the server to the first terminal device is obtained, and user activation is completed.
  • the first terminal device After the first terminal device performs a source IP address conversion operation on the data packet sent by the second terminal device, the first terminal device obtains the processed data packet.
  • the first terminal device sends the processed data packet to the shared access detection device, where the data packet includes device identifier encryption information and a source allocated by the server to the first terminal device. IP address, the device identifier encryption information Encrypting information for the device identification of the second terminal device that accesses the network through the first terminal device.
  • the shared access detection device decrypts the device identifier encryption information, and obtains a first device identifier of the first terminal device or a second device identifier of the second terminal device.
  • the shared access detecting device After the shared access detecting device receives the data packet sent by the first terminal device, the data packet is decrypted.
  • the device identifier may be extracted according to the added location of the device identifier encryption information, and then The device identifies the encrypted information for decryption.
  • the adding location of the device identification information may be that the second terminal device or the first terminal device is agreed with the detecting device of the shared access, or may be a default location.
  • the shared access detecting device may extract the information after the TCP or UDP header of the data packet to obtain the Device identification encryption information.
  • the decryption function and the decryption key may be agreed by the second terminal device or the first terminal device with the shared access detection device.
  • the detecting device of the shared access pairs the device according to a decryption key and a decryption function agreed with the second terminal device or the first terminal device Identify the encrypted information for decryption. If the device identification encryption information is obtained by using an asymmetric encryption algorithm, the shared access detecting device generates a private key according to the received public key, and decrypts the device identification encrypted information by using the generated private key.
  • the shared access detecting device acquires the IP address. Recording the number of all device identifiers corresponding to the source IP address in the table, and determining the number of shared access devices under the source IP address.
  • the corresponding IP address record table in the shared access detection device stores a correspondence between the active IP address and the first device identifier or the second device identifier.
  • the shared access detecting device stores the source. Obtaining the number of all the device identifiers corresponding to the source IP address in the IP address record table, and determining the source IP address, by the corresponding relationship between the IP address and the first device identifier or the second device identifier. The number of shared access devices.
  • the preset IP address record table does not include a correspondence between the active IP address of 123.138.26.112 and the device identifier of 46000391221.101, and the shared access detection device first uses the source IP address and the device.
  • the identifier is stored in a corresponding location in the preset IP address record table, and then the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, thereby determining the source IP address.
  • the number of shared access devices For example, when the source IP address is 123.138.26.112 and the corresponding device identifier is 460030912121001, 460030912121002, and 460030912121003, the number of shared access devices is
  • the detecting device of the shared access may query the number of device identifiers corresponding to the source IP address in the preset IP address record table to obtain the source IP address in the IP address record table.
  • the number of all the corresponding device identifiers which is the number of shared access devices under the source IP address.
  • the detecting device of the shared access may obtain the number of device identifiers corresponding to the source IP address in the IP address record table by using other methods, which is not specifically limited in this embodiment of the present invention.
  • An embodiment of the present invention provides a method for detecting a shared access. As shown in FIG. 4, when the terminal device is a first terminal device, the method includes:
  • the first terminal device acquires a device identifier.
  • the device identifier may be an IMSI or an MSISDN of the first terminal device.
  • the first terminal device can read the device of the first terminal device Logo.
  • the first terminal device encrypts the device identifier, and obtains device identifier encryption information.
  • the device identifier of the first terminal device is encrypted, and the device identifier is encrypted.
  • the first terminal device may encrypt the device identifier by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
  • the first terminal device generates a data packet that includes the device identifier encryption information.
  • the first terminal device may generate a data packet according to a format of a data packet defined by the protocol.
  • the data message generated by the second terminal device or the first terminal device has a certain format, and when the first terminal device generates the data packet including the device identifier encryption information, The device identification encryption information may be added to any location of the original data message format.
  • the device identifier encryption information may be added after the TCP or UDP header of the data packet.
  • the first terminal device sends the data packet to the shared access detection device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device.
  • the device identifier encryption information is device identifier encryption information of the first terminal device.
  • the first terminal device before the first terminal device requests data from the network, the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.), and obtain the server to allocate the first terminal device.
  • the network side including a gateway, a server, etc.
  • Source IP address complete user activation.
  • the shared access detection device decrypts the device identifier encryption information, and obtains a first device identifier of the first terminal device or a second device identifier of the second terminal device.
  • the shared access detecting device acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines The number of shared access devices under the source IP address.
  • the shared access detecting device stores the source. Obtaining the number of all the device identifiers corresponding to the source IP address in the IP address record table, and determining the source IP address, by the corresponding relationship between the IP address and the first device identifier or the second device identifier. The number of shared access devices.
  • the shared access device determines the number of shared access devices in the source IP address
  • whether the shared access exists under the IP address may be determined according to the number of the shared access devices. Specifically, the shared access device may determine whether the number of shared access devices in the source IP address is greater than 1; if the number of shared access devices in the source IP address is greater than 1, determining the source IP address. If the number of shared access devices in the source IP address is equal to 1, it is further determined whether the device identifier of the shared access device corresponding to the source IP address is the source in the preset bearer context. The device IDs of the IP addresses are the same. If they are the same, it is determined that there is no shared access under the source IP address. If they are not the same, it is determined that there is shared access under the source IP address.
  • the detecting device of the shared access determines the number of shared access devices under the source IP address
  • the number of the master device and the slave device that are shared access may be further determined.
  • the detecting device of the shared access determines the device identifier corresponding to the source IP address in the preset bearer context record table as the master device for shared access; and the IP record table and the In the device identifier corresponding to the source IP address, the device identifier other than the device identifier of the master device is determined as the slave device that is shared.
  • the preset bearer context record table in the shared access detection device stores the device of the first terminal device. Correspondence between the identifier and the source IP address.
  • the data may be deleted. The device in the message identifies the encrypted information.
  • the detecting device for the shared access may be a gateway device, such as a Gateway General Packet Radio Service (GPRS) Support Node (GGSN).
  • GPRS General Packet Radio Service
  • GGSN Gateway General Packet Radio Service Support Node
  • An embodiment of the present invention provides a method for detecting a shared access, which receives a data packet sent by a first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device.
  • the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network; decrypting the device identifier encryption information, obtaining The first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the first device identifier corresponding to the source IP address Or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, and the number of shared access devices in the source IP address is determined.
  • the data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the embodiment of the present invention provides a detecting device for shared access.
  • the detecting device 50 for shared access includes: a receiving unit 51, a decrypting unit 52, and a determining unit 53.
  • the receiving unit 51 is configured to receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device, where the device identifier is encrypted.
  • the information is the device identification encryption information of the first terminal device or the second access to the network by the first terminal device The device identification encryption information of the terminal device.
  • the decrypting unit 52 is configured to decrypt the device identification encryption information, and obtain the first device identifier of the first terminal device or the second device identifier of the second terminal device.
  • the determining unit 53 is configured to obtain the IP address record table if it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address. The number of all device identifiers corresponding to the source IP address, and further determines the number of shared access devices under the source IP address.
  • the determining unit 53 is further configured to: if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, The corresponding relationship between the source IP address and the first device identifier or the second device identifier, obtaining the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the Number of shared access devices under the source IP address.
  • the determining unit 53 is further configured to:
  • the number of the shared access devices in the source IP address is equal to 1, determining whether the device identifier of the shared access device corresponding to the source IP address is the device identifier corresponding to the source IP address in the preset bearer context. the same;
  • the determining unit 53 is further configured to:
  • a device identifier other than the device identifier of the master device in the device identifier corresponding to the source IP address in the IP record table is determined as a slave device that is shared.
  • the detecting device 50 further includes: deleting the unit
  • the deleting unit 54 is configured to delete the device identifier encryption information in the data packet.
  • the embodiment of the present invention provides a shared access detecting device, where the receiving unit receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server allocates the first terminal device.
  • the source IP address, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessing the network by the first terminal device;
  • the decryption unit decrypts The device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address Corresponding to the first device identifier or the second device identifier, the determining unit acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines the source IP address.
  • the data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the embodiment of the present invention provides a terminal device.
  • the terminal device 70 includes: an obtaining unit 71, an encryption unit 72, a generating unit 73, and a sending unit 74.
  • the obtaining unit 71 is configured to acquire a device identifier.
  • the encryption unit 72 is configured to encrypt the device identifier, and obtain device identifier encryption information.
  • the generating unit 7 3 is configured to generate a data packet including the device identifier encryption information.
  • the sending unit 74 is configured to send the data packet.
  • An embodiment of the present invention provides a terminal device, where the acquiring unit acquires a device identifier, the encryption unit encrypts the device identifier, and obtains device identifier encryption information.
  • the generating unit generates a data packet including the device identifier encryption information. Said hair
  • the sending unit sends the data message.
  • the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the embodiment of the present invention provides a detection device for shared access.
  • the detection device 80 includes: a receiver 81 and a processor 82.
  • the receiver 81 is configured to receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device, where the device identifier is encrypted.
  • the information is the device identity encryption information of the first terminal device or the device identity encryption information of the second terminal device that accesses the network by using the first terminal device.
  • the processor 82 is configured to decrypt the device identifier and obtain the first device identifier of the first terminal device or the second device identifier of the second terminal device.
  • the processor 82 is further configured to acquire the IP address record if it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address. The number of all device identifiers corresponding to the source IP address in the table, and further determining the number of shared access devices in the source IP address.
  • the processor 82 is further configured to: if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, Obtaining the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the number of the source IP address and the first device identifier or the second device identifier. Number of shared access devices under the source IP address.
  • processor 82 is further configured to:
  • the device identifier of the shared access device corresponding to the source IP address is the same as the device identifier corresponding to the source IP address in the preset bearer context;
  • processor 82 is further configured to:
  • the device identifier other than the device identifier of the master device is determined as the slave device sharing the access.
  • the processor 82 is further configured to delete the device identifier encryption information in the data packet.
  • the embodiment of the present invention provides a shared access detecting device, where the receiver receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server allocates the first terminal device.
  • the source IP address, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessed by the first terminal device to the network;
  • the processor decrypts The device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address Corresponding to the first device identifier or the second device identifier, the processor acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines the source IP address.
  • the data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the embodiment of the present invention provides a terminal device.
  • the terminal device 90 includes: a processor 91 and a transmitter 92.
  • the processor 9 1 is configured to acquire a device identifier.
  • the processor 9 1 is further configured to encrypt the device identifier, and obtain device identifier encryption information.
  • the processor 9 1 is further configured to generate a data packet including the device identifier encryption information.
  • the transmitter 92 is configured to send the data packet.
  • An embodiment of the present invention provides a terminal device, where the processor acquires a device identifier, the processor encrypts the device identifier, and obtains device identifier encryption information, where the processor generates a data packet including the device identifier encryption information.
  • the transmitter sends the data message.
  • the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed.
  • the device can accurately determine the number of shared access devices under the same IP address.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be another division manner for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, or not executed.
  • the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie It can be located in one place, or it can be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention may be embodied in the form of a software product in the form of a software product, or a part of the technical solution, which is stored in a storage medium.
  • the instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform all or part of the steps of the methods of the various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

Disclosed are a method and device for detecting shared access, and a terminal device, which relate to the field of mobile communications, and can accurately determine the number of shared access devices under the same IP address. The method comprises: receiving a data message sent by a first terminal device, the data message comprising device identifier encryption information and a source IP address allocated for the first terminal device by a server; decrypting the device identifier encryption information to obtain a first device identifier of the first terminal device or a second device identifier of a second terminal device; and if it is determined that a pre-set IP address record table comprises the first device identifier or the second device identifier corresponding to the source IP address, then acquiring the number of all the device identifiers corresponding to the source IP address in the IP address record table, and thus determining the number of devices sharing access under the source IP address.

Description

一种共享接入的检测方法、 设备和终端设备 技术领域  Method, device and terminal device for detecting shared access
本发明涉及移动通信领域, 尤其涉及一种共享接入的检测方 法、 设备和终端设备。  The present invention relates to the field of mobile communications, and in particular, to a method, a device, and a terminal device for sharing access.
背景技术 Background technique
在移动宽带时代,智能终端设备的普及使得对等网络应用越来 越普遍。 由于对等网络应用对网络资源的消耗比较大, 为了使得接 入局域网的终端设备能够公平合理使用网络资源,运营商要对共享 接入的终端设备进行管理,就需要获知共享接入的终端设备的数量 等信息。  In the era of mobile broadband, the popularity of smart terminal devices has made peer-to-peer network applications more and more common. Because peer-to-peer network applications consume a large amount of network resources, in order to enable the terminal devices accessing the local area network to use the network resources fairly and reasonably, the operator needs to know the shared access terminal devices to manage the shared access terminal devices. The amount of information and so on.
所谓的共享接入就是指多个终端设备共同通过一条线路连接 到网络。 在多个终端设备通过同一条线路连接到网络的场景下, 终 端设备要连接到网络或向网络请求数据时,通常需要通过路由设备 将该多个终端设备的网络之间的互联协议 ( Internet Protocol, IP ) 地址转换为服务器为该路由设备分配的 IP地址。  The so-called shared access means that multiple terminal devices are connected to the network through one line. In a scenario where multiple terminal devices are connected to the network through the same line, when the terminal device is to connect to the network or request data from the network, the interconnection protocol between the networks of the multiple terminal devices is usually required through the routing device (Internet Protocol) , IP ) The address is translated to the IP address assigned by the server to the routing device.
现有技术中, 网关设备可以通过检测终端设备发送的报文的传 输控制协议 ( Transmission Control Protocol , TCP ) /IP头部特 征信息的方式来确定共享接入设备的数量, 例如, 生存时间 ( Time to Live, TTL ) 检测、 IP 包标识检测、 序列号检测、 最大传输单 元 ( Maximum Transmission Unit, MTU ) 检测等。 网关设备还可以 通过检测终端设备发送的报文的系统时间的方式来确定共享接入 设备的数量, 例如时间戳检测和时钟晶振检测。 但是, 网关设备通 过终端设备发送的报文的 TCP/IP 头部特定信息和系统时间对共享 接入设备的数量进行检测时,终端设备或路由设备很容易对传送给 网关设备的报文的 TCP/IP 头部特征和系统时间进行修改, 使得网 关设备不能准确判断同一 IP地址下是否存在共享接入, 进而不能 准确判断共享接入的终端设备的数量。 发明内容 In the prior art, the gateway device can determine the number of shared access devices by detecting the Transmission Control Protocol (TCP)/IP header feature information of the packet sent by the terminal device, for example, the time to live (Time) To Live, TTL) Detection, IP packet identification detection, serial number detection, Maximum Transmission Unit (MTU) detection, etc. The gateway device may also determine the number of shared access devices, such as timestamp detection and clock crystal detection, by detecting the system time of the message sent by the terminal device. However, when the gateway device detects the number of shared access devices by using the TCP/IP header specific information of the packet sent by the terminal device and the system time, the terminal device or the routing device can easily transmit the packet to the gateway device. The /IP header feature and system time are modified, so that the gateway device cannot accurately determine whether there is shared access under the same IP address, and thus cannot accurately determine the number of shared access terminal devices. Summary of the invention
本发明实施例提供一种共享接入的检测方法、 设备和终端设 备, 使得共享接入的检测设备能够准确确定同一 I P地址下共享接 入设备的数量。  The embodiments of the present invention provide a method, a device, and a terminal device for detecting a shared access, so that the shared access detecting device can accurately determine the number of shared access devices under the same IP address.
为达到上述目 的, 本发明的实施例釆用如下技术方案: 第一方面, 提供一种共享接入的检测方法, 所述方法包括: 接收第一终端设备发送的数据报文,所述数据报文中包括设备 标识加密信息及服务器为所述第一终端设备分配的源网络之间的 互联协议 I P地址, 所述设备标识加密信息为所述第一终端设备的 设备标识加密信息或通过所述第一终端设备接入网络的第二终端 设备的设备标识加密信息;  To achieve the above objective, the embodiment of the present invention uses the following technical solution: In a first aspect, a method for detecting a shared access is provided, where the method includes: receiving a data packet sent by a first terminal device, where the datagram is The device includes the device identifier encryption information and an internet protocol IP address between the source networks allocated by the server for the first terminal device, where the device identifier encryption information is the device identifier encryption information of the first terminal device or The device identification encryption information of the second terminal device of the first terminal device accessing the network;
解密所述设备标识加密信息,获得所述第一终端设备的第一设 备标识或所述第二终端设备的第二设备标识;  Decrypting the device identification encryption information, obtaining a first device identifier of the first terminal device or a second device identifier of the second terminal device;
若确定预设的 I P地址记录表中包括有与所述源 I P地址对应的 所述第一设备标识或所述第二设备标识, 则获取所述 I P地址记录 表中与所述源 I P地址对应的全部的设备标识的数量, 进而确定所 述源 I P地址下共享接入设备的数量。  If it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address, obtaining the IP address record table corresponding to the source IP address The number of all device identifiers, which in turn determines the number of shared access devices under the source IP address.
在第一方面的第一种可能的实现方式中, 根据第一方面, 在所 述解密所述设备标识加密信息,获得所述第一终端设备的第一设备 标识或所述第二终端设备的第二设备标识之后, 所述方法还包括: 若确定预设的 I P地址记录表中不包括有与所述源 I P地址对应 的所述第一设备标识或所述第二设备标识, 则存储所述源 I P地址 与所述第一设备标识或所述第二设备标识的对应关系, 获取所述 In a first possible implementation manner of the first aspect, according to the first aspect, the decrypting the device identification encryption information, obtaining the first device identifier of the first terminal device or the second terminal device After the second device is identified, the method further includes: if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, Corresponding relationship between the source IP address and the first device identifier or the second device identifier,
I P地址记录表中与所述源 I P地址对应的全部的设备标识的数量, 进而确定所述源 I P地址下共享接入设备的数量。 The number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines the number of shared access devices in the source IP address.
在第一方面的第二种可能的实现方式中,结合第一方面或第一 方面的第一种可能的实现方式, 在所述确定所述源 I P地址下共享 接入设备的数量之后, 所述方法还包括:  In a second possible implementation manner of the first aspect, in combination with the first aspect or the first possible implementation manner of the first aspect, after the determining the number of access devices in the source IP address, The method also includes:
若所述源 I P 地址下共享接入设备的数量大于 1 , 则确定所述 源 I P地址下存在共享接入; If the number of shared access devices under the source IP address is greater than 1, determining the There is shared access under the source IP address;
若所述源 I P 地址下共享接入设备的数量等于 1 , 则进一步确 定所述源 I P地址对应的共享接入设备的设备标识是否与预设的承 载上下文中所述源 I P地址对应的设备标识相同;  If the number of the shared access devices in the source IP address is equal to 1, the device identifier of the shared access device corresponding to the source IP address is further determined to be the device identifier corresponding to the source IP address in the preset bearer context. the same;
若相同, 则确定所述源 I P地址下不存在共享接入;  If they are the same, it is determined that there is no shared access under the source IP address;
若不相同, 则确定所述源 I P地址下存在共享接入。  If not, it is determined that there is a shared access under the source IP address.
在第一方面的第三种可能的实现方式中,结合第一方面或第一 种可能的实现方式, 所述方法还包括:  In a third possible implementation of the first aspect, in combination with the first aspect or the first possible implementation, the method further includes:
将预设的承载上下文记录表中与所述源 I P地址对应的设备标 识, 确定为共享接入的主设备;  Determining, by the preset bearer context record table, a device identifier corresponding to the source IP address as a shared access master device;
将所述 I P记录表中与所述源 I P地址对应的设备标识中,除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。  In the device identifier corresponding to the source IP address in the IP record table, the device identifier other than the device identifier of the master device is determined as the slave device sharing the access.
在第一方面的第四种可能的实现方式中,结合第一方面或第一 方面的第一种可能的实现方式至第一方面的第三种可能的实现方 式, 在所述接收第一终端设备发送的数据报文之后, 还包括:  In a fourth possible implementation manner of the first aspect, in combination with the first aspect or the first possible implementation manner of the first aspect, the third possible implementation manner of the first aspect, After the data packet sent by the device, it also includes:
删除所述数据报文中的所述设备标识加密信息。  And deleting the device identifier encryption information in the data packet.
第二方面, 提供一种共享接入的检测方法, 所述方法包括: 获取设备标识;  A second aspect provides a method for detecting a shared access, where the method includes: acquiring a device identifier;
对所述设备标识进行加密, 获取设备标识加密信息;  Encrypting the device identifier to obtain device identifier encryption information;
生成包括所述设备标识加密信息的数据报文;  Generating a data packet including the device identifier encryption information;
发送所述数据报文。  Send the data message.
第三方面,提供一种共享接入的检测设备,所述检测设备包括: 接收单元、 解密单元和确定单元;  A third aspect provides a detecting device for sharing access, where the detecting device includes: a receiving unit, a decrypting unit, and a determining unit;
所述接收单元, 用于接收第一终端设备发送的数据报文, 所述 数据报文中包括设备标识加密信息及服务器为所述第一终端设备 分配的源网络之间的互联协议 I P地址, 所述设备标识加密信息为 所述第一终端设备的设备标识加密信息或通过所述第一终端设备 接入网络的第二终端设备的设备标识加密信息;  The receiving unit is configured to receive a data packet sent by the first terminal device, where the data packet includes the device identifier encryption information and an internet protocol IP address between the source networks allocated by the server for the first terminal device, The device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network;
所述解密单元, 用于解密所述设备标识加密信息, 获得所述第 一终端设备的第一设备标识或所述第二终端设备的第二设备标识; 所述确定单元, 用于若确定预设的 IP地址记录表中包括有与 所述源 IP地址对应的所述第一设备标识或所述第二设备标识, 则 获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备标识 的数量, 进而确定所述源 IP地址下共享接入设备的数量。 The decrypting unit is configured to decrypt the device identification encryption information, and obtain the first a first device identifier of the terminal device or a second device identifier of the second terminal device; the determining unit, configured to: if it is determined that the preset IP address record table includes the identifier corresponding to the source IP address And obtaining, by the first device identifier or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the number of shared access devices in the source IP address. .
在第三方面的第一种可能的实现方式中, 根据第三方面, 所述 确定单元, 还用于若确定预设的 IP地址记录表中不包括有与所述 源 IP地址对应的所述第一设备标识或所述第二设备标识, 则存储 所述源 IP地址与所述第一设备标识或所述第二设备标识的对应关 系,获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备 标识的数量, 进而确定所述源 IP地址下共享接入设备的数量。  In a first possible implementation manner of the third aspect, the determining unit is further configured to: if it is determined that the preset IP address record table does not include the identifier corresponding to the source IP address, And storing, by the first device identifier or the second device identifier, a correspondence between the source IP address and the first device identifier or the second device identifier, and acquiring the source IP address in the IP address record table The number of all device identifiers corresponding to the address, and further determines the number of shared access devices under the source IP address.
在第三方面的第二种可能的实现方式中,结合第三方面或第三 方面的第一种可能的实现方式, 所述确定单元, 还用于  In a second possible implementation manner of the third aspect, in combination with the third aspect or the first possible implementation manner of the third aspect, the determining unit is further used to
若所述源 IP 地址下共享接入设备的数量大于 1, 则确定所述 源 IP地址下存在共享接入;  If the number of shared access devices in the source IP address is greater than 1, it is determined that there is a shared access under the source IP address;
若所述源 IP 地址下共享接入设备的数量等于 1, 则进一步确 定所述源 IP地址对应的共享接入设备的设备标识是否与预设的承 载上下文中所述源 IP地址对应的设备标识相同;  If the number of the shared access devices in the source IP address is equal to 1, determining whether the device identifier of the shared access device corresponding to the source IP address is the device identifier corresponding to the source IP address in the preset bearer context. the same;
若相同, 则确定所述源 IP地址下不存在共享接入;  If they are the same, it is determined that there is no shared access under the source IP address;
若不相同, 则确定所述源 IP地址下存在共享接入。  If not, it is determined that there is a shared access under the source IP address.
在第三方面的第三种可能的实现方式中,结合第三方面或第一 种可能的实现方式, 所述确定单元, 还用于  In a third possible implementation manner of the third aspect, in combination with the third aspect or the first possible implementation manner, the determining unit is further used to
将预设的承载上下文记录表中与所述源 IP地址对应的设备标 识, 确定为共享接入的主设备;  Determining, by the preset bearer context record table, a device identifier corresponding to the source IP address as a shared access master device;
将所述 IP记录表中与所述源 IP地址对应的设备标识中,除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。  A device identifier other than the device identifier of the master device in the device identifier corresponding to the source IP address in the IP record table is determined as a slave device that is shared.
在第三方面的第四种可能的实现方式中,结合第三方面或第三 方面的第一种可能的实现方式至第三方面的第三种可能的实现方 式, 所述检测设备还包括: 删除单元; 所述删除单元,用于删除所述数据报文中的所述设备标识加密 信息。 In a fourth possible implementation manner of the third aspect, in combination with the third aspect or the first possible implementation manner of the third aspect, the third possible implementation manner of the third aspect, the detecting device further includes: Delete unit; The deleting unit is configured to delete the device identifier encryption information in the data packet.
第四方面,提供一种终端设备, 所述终端设备包括: 获取单元、 加密单元、 生成单元和发送单元;  A fourth aspect provides a terminal device, where the terminal device includes: an acquiring unit, an encryption unit, a generating unit, and a sending unit;
所述获取单元, 用于获取设备标识;  The obtaining unit is configured to acquire a device identifier.
所述加密单元, 用于对所述设备标识进行加密, 获取设备标识 加密信息;  The encryption unit is configured to encrypt the device identifier, and obtain device identifier encryption information;
所述生成单元,用于生成包括所述设备标识加密信息的数据报 文;  The generating unit is configured to generate a data message including the device identifier encryption information;
所述发送单元, 用于发送所述数据报文。  The sending unit is configured to send the data packet.
本发明实施例提供的一种共享接入的检测方法、设备和终端设 备, 接收第一终端设备发送的数据报文, 所述数据报文中包括设备 标识加密信息及服务器为所述第一终端设备分配的源 I P地址, 所 述设备标识加密信息为所述第一终端设备的设备标识加密信息或 通过所述第一终端设备接入网络的第二终端设备的设备标识加密 信息; 解密所述设备标识加密信息, 获得所述第一终端设备的第一 设备标识或所述第二终端设备的第二设备标识; 若确定预设的 I P 地址记录表中包括有与所述源 I P地址对应的所述第一设备标识或 所述第二设备标识,则获取所述 I P地址记录表中与所述源 I P地址 对应的全部的设备标识的数量, 进而确定所述源 I P地址下共享接 入设备的数量。 通过该方案, 终端设备发送给共享接入的检测设备 的数据报文中包括所述终端设备的设备标识加密信息, 终端设备不 能对共享接入设备的设备标识进行修改,使得共享接入的检测设备 能够准确确定同一 I P地址下共享接入设备的数量。  The method, device, and terminal device for detecting a shared access provided by the embodiment of the present invention receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server is the first terminal. The source IP address of the device, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessing the network by the first terminal device; The device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address corresponding to the source IP address Obtaining, by the first device identifier or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the shared access device under the source IP address quantity. With the solution, the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
附图说明 DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下 面将对实施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于 本领域普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以 根据这些附图获得其他的附图。 In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is some embodiments of the present invention, and it can be used by those skilled in the art without creative efforts. Other figures are obtained from these figures.
图 1 为本发明实施例提供的一种共享接入的检测方法的流程 示意图;  FIG. 1 is a schematic flowchart of a method for detecting shared access according to an embodiment of the present disclosure;
图 2 为本发明实施例提供的另一种共享接入的检测方法的流 程示意图;  FIG. 2 is a schematic flowchart of another method for detecting shared access according to an embodiment of the present disclosure;
图 3 为本发明实施例提供的一种共享接入的检测方法的交互 示意图;  FIG. 3 is a schematic diagram of interaction of a method for detecting shared access according to an embodiment of the present invention;
图 4 为本发明实施例提供的另一种共享接入的检测方法的交 互示意图;  FIG. 4 is a schematic diagram of an interaction of another method for detecting shared access according to an embodiment of the present invention;
图 5 为发明实施例提供的一种共享接入的检测设备的结构示 意图;  FIG. 5 is a schematic structural diagram of a shared access detecting apparatus according to an embodiment of the present invention;
图 6 为本发明实施例提供的另一种共享接入的检测设备的结 构示意图;  FIG. 6 is a schematic structural diagram of another detection device for shared access according to an embodiment of the present disclosure;
图 7为本发明实施例提供的一种终端设备的结构示意图; 图 8 为本发明实施例提供的又一种共享接入的检测设备的结 构示意图;  FIG. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention; FIG. 8 is a schematic structural diagram of another detecting device for shared access according to an embodiment of the present disclosure;
图 9为本发明实施例提供的另一种终端设备的结构示意图。 具体实施方式  FIG. 9 is a schematic structural diagram of another terminal device according to an embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术 方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明 一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本 领域普通技术人员在没有做出创造性劳动前提下所获得的所有其 他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本文中术语 "和 /或", 仅仅是一种描述关联对象的关联关系, 表示可以存在三种关系, 例如, A和 /或 B , 可以表示: 单独存在 A , 同时存在 A和 B , 单独存在 B这三种情况。 另外, 本文中字符 " / " , 一般表示前后关联对象是一种 "或" 的关系。  The term "and/or" in this context is merely an association describing the associated object, indicating that there can be three relationships, for example, A and / or B, which can mean: A exists separately, and both A and B exist separately. B these three situations. In addition, the character " / " in this article generally indicates that the contextual object is an "or" relationship.
实施例一、  Embodiment 1
本发明实施例提供一种共享接入的检测方法, 如图 1 所示, 该 方法包括: An embodiment of the present invention provides a method for detecting shared access, as shown in FIG. Methods include:
1 01、共享接入的检测设备接收第一终端设备发送的数据报文, 所述数据报文中包括设备标识加密信息及服务器为所述第一终端 设备分配的源 I P地址, 所述设备标识加密信息为所述第一终端设 备的设备标识加密信息或通过所述第一终端设备接入网络的第二 终端设备的设备标识加密信息。  1 01. The shared access detecting device receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server to the first terminal device, where the device identifier is The encrypted information is the device identity encryption information of the first terminal device or the device identity encryption information of the second terminal device accessed by the first terminal device.
需要说明的是,在第二终端设备请求接入网络或向网络请求数 据、 或第一终端设备向网络请求数据之前, 第一终端设备首先需要 与网络侧 ( 包括网关、 服务器等) 进行信息交互, 获得服务器为该 第一终端设备分配的源 I P地址, 完成用户激活。  It should be noted that, before the second terminal device requests to access the network or request data from the network, or the first terminal device requests data from the network, the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.). The source IP address assigned by the server to the first terminal device is obtained, and user activation is completed.
当第二终端设备请求接入网络或向网络请求数据时,第二终端 设备首先要获取第二终端设备的第二终端设备标识,对第二终端设 备的设备标识进行加密, 获取设备标识加密信息, 生成包括该第二 终端设备的设备标识加密信息的数据报文,并向第一终端设备发送 该数据报文,在第一终端设备对所述第二终端设备发送的数据报文 进行源 I P地址转换等操作, 获得处理后的数据报文之后, 所述第 一终端设备向共享接入的检测设备发送所述处理后的数据报文。 当 第一终端设备向网络请求数据时,会对第一终端设备的设备标识进 行加密, 获取设备标识加密信息, 生成包括该第一终端设备的设备 标识加密信息的数据报文,并向共享接入的检测设备发送该生成的 数据报文。  When the second terminal device requests access to the network or requests data from the network, the second terminal device first acquires the second terminal device identifier of the second terminal device, encrypts the device identifier of the second terminal device, and obtains the device identifier and the encrypted information. Generating a data packet including the device identifier encryption information of the second terminal device, and transmitting the data packet to the first terminal device, and performing source IP on the data packet sent by the second terminal device by the first terminal device After the address conversion operation is performed, the first terminal device sends the processed data packet to the shared access detecting device after obtaining the processed data packet. When the first terminal device requests the data from the network, the device identifier of the first terminal device is encrypted, the device identifier is encrypted, and the data packet including the device identifier of the first terminal device is generated and shared. The incoming detection device sends the generated data message.
1 02、 所述共享接入的检测设备解密所述设备标识加密信息, 获得所述第一终端设备的第一设备标识或所述第二终端设备的第 二设备标识。  The detection device of the shared access device decrypts the device identification encryption information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device.
当共享接入的检测设备接收到第一终端设备发送的数据报文 之后, 会对所述数据报文进行解密。  After the shared access detecting device receives the data packet sent by the first terminal device, the data packet is decrypted.
本发明技术领域人员可以理解的是,要对所述设备标识加密信 息进行解密, 首先需要确定解密函数和解密密钥。 该解密函数和解 密密钥可以是所述第二终端设备或第一终端设备与所述共享接入 的检测设备约定的。 It will be understood by those skilled in the art that to decrypt the device identification encrypted information, it is first necessary to determine the decryption function and the decryption key. The decryption function and the decryption key may be the second terminal device or the first terminal device and the shared access The testing equipment is agreed upon.
103、 若确定预设的 IP地址记录表中包括有与所述源 IP地址 对应的所述第一设备标识或所述第二设备标识,则所述共享接入的 检测设备获取所述 I P地址记录表中与所述源 I P地址对应的全部的 设备标识的数量,进而确定所述源 IP地址下共享接入设备的数量。  103. If it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address, the shared access detecting device acquires the IP address. Recording the number of all device identifiers corresponding to the source IP address in the table, and determining the number of shared access devices under the source IP address.
所述共享接入的检测设备中预设的 IP地址记录表中存储有源 IP地址与第一设备标识或第二设备标识的对应关系。  Corresponding relationship between the active IP address and the first device identifier or the second device identifier is stored in the preset IP address record table in the shared access detecting device.
本发明实施例提供一种共享接入的检测方法,接收第一终端设 备发送的数据报文,所述数据报文中包括设备标识加密信息及服务 器为所述第一终端设备分配的源 IP地址, 所述设备标识加密信息 为所述第一终端设备的设备标识加密信息或通过所述第一终端设 备接入网络的第二终端设备的设备标识加密信息; 解密所述设备标 识加密信息,获得所述第一终端设备的第一设备标识或所述第二终 端设备的第二设备标识; 若确定预设的 IP地址记录表中包括有与 所述源 IP地址对应的所述第一设备标识或所述第二设备标识, 则 获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备标识 的数量, 进而确定所述源 IP地址下共享接入设备的数量。 通过该 方案,终端设备发送给共享接入的检测设备的数据报文中包括所述 终端设备的设备标识加密信息,终端设备不能对共享接入设备的设 备标识进行修改, 使得共享接入的检测设备能够准确确定同一 IP 地址下共享接入设备的数量。  An embodiment of the present invention provides a method for detecting a shared access, which receives a data packet sent by a first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device. The device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network; decrypting the device identifier encryption information, obtaining The first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the first device identifier corresponding to the source IP address Or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, and the number of shared access devices in the source IP address is determined. The data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例二、  Embodiment 2
本发明实施例提供一种共享接入的检测方法,该方法的执行主 体是终端设备, 该终端设备可以是第二终端设备或第一终端设备, 如图 2所示, 所述方法包括:  The embodiment of the present invention provides a method for detecting a shared access. The method is performed by the terminal device, and the terminal device may be a second terminal device or a first terminal device. As shown in FIG. 2, the method includes:
201、 所述终端设备获取设备标识。  201. The terminal device acquires a device identifier.
具体的,所述终端设备可以获取该终端设备的国际移动用户识 另 1]码( International Mobile Subscriber Identification Number, IMSI ) 或 移 动 用 户 综合 业 务数字 网 ( Mobile Subscriber International Integrated Service Digital Network, MSISDN)。 202、 所述终端设备对所述设备标识进行加密, 获取设备标识 加密信息。 Specifically, the terminal device may obtain an International Mobile Subscriber Identification Number (IMSI) or a Mobile Subscriber Integrated Service Digital Network (Mobile Subscriber) of the terminal device. International Integrated Service Digital Network, MSISDN). 202. The terminal device encrypts the device identifier, and obtains device identifier encryption information.
具体的,所述终端设备可以利用对称性加密算法或非对称性加 密算法对所述终端设备的设备标识进行加密,获取设备标识加密信 息。  Specifically, the terminal device may encrypt the device identifier of the terminal device by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
需要说明的是,对称性加密算法是指加密和解密使用同一个密 钥, 加密函数和解密函数是一对逆向的函数的算法。 非对称性加密 算法是指加密和解密使用不同的密钥的算法。非对称性加密算法通 常有公钥和私钥两个密钥,公钥是加密设备或解密设备发送给对应 的解密设备或加密设备的,私钥是加密设备或解密设备自身保存而 不对外公布的。  It should be noted that the symmetric encryption algorithm refers to an algorithm in which the same key is used for encryption and decryption, and the encryption function and the decryption function are a pair of inverse functions. An asymmetric encryption algorithm refers to an algorithm that encrypts and decrypts different keys. The asymmetric encryption algorithm usually has two keys: a public key and a private key. The public key is sent to the corresponding decryption device or encryption device by the encryption device or the decryption device, and the private key is saved by the encryption device or the decryption device itself without being publicized. of.
203、 所述终端设备生成包括所述设备标识加密信息的数据报 文。  203. The terminal device generates a data packet that includes the device identifier encryption information.
所述终端设备可以按照协议定义的数据报文的格式,生成数据 报文。  The terminal device may generate a data packet according to a format of a data packet defined by the protocol.
具体的,所述终端设备在生成包括所述设备标识加密信息的数 据报文时,可以将所述设备标识加密信息添加在与所述共享接入的 检测设备约定的位置。  Specifically, the terminal device may add the device identifier encryption information to a location agreed with the shared access detecting device when generating the data packet including the device identifier encryption information.
204、 所述终端设备发送所述数据报文。  204. The terminal device sends the data packet.
需要说明的是, 当所述终端设备为第二终端设备时, 发送给所 述共享接入的检测设备的任何信息都需要经过所述第一终端设备。 即所述终端设备将所述数据报文发送给第一终端设备, 由所述第一 终端设备将所述数据报文进行处理后, 发送给共享接入检测设备。  It should be noted that when the terminal device is the second terminal device, any information sent to the detecting device of the shared access needs to pass through the first terminal device. That is, the terminal device sends the data packet to the first terminal device, and the first terminal device processes the data packet and sends the data packet to the shared access detecting device.
当所述终端设备为第一终端设备时,所述第一终端设备生成所 述数据报文后, 直接将所述数据报文发送给所述共享接入检测设 备。  When the terminal device is the first terminal device, the first terminal device sends the data packet to the shared access detection device directly after generating the data packet.
本发明实施例提供一种共享接入的检测方法, 获取设备标识; 对设备标识进行加密, 获取设备标识加密信息; 生成包括所述设备 标识加密信息的数据报文; 发送所述数据报文。 通过该方案, 终端 设备发送给共享接入的检测设备的数据报文中包括所述终端设备 的设备标识加密信息,终端设备不能对共享接入设备的设备标识进 行修改, 使得共享接入的检测设备能够准确确定同一 I P地址下共 享接入设备的数量。 An embodiment of the present invention provides a method for detecting a shared access, which acquires a device identifier, encrypts a device identifier, and obtains device identifier encryption information. Identifying a data message of the encrypted information; sending the data message. The data packet sent by the terminal device to the detection device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例三、  Embodiment 3
本发明实施例提供一种共享接入的检测方法, 如图 3所示, 当 所述终端设备为第二终端设备时, 所述方法包括:  An embodiment of the present invention provides a method for detecting a shared access. As shown in FIG. 3, when the terminal device is a second terminal device, the method includes:
301、 所述第二终端设备获取设备标识。  301. The second terminal device acquires a device identifier.
所述设备标识可以是第二终端设备的 IMS I或 MS I SDN。  The device identifier may be an IMS I or MS I SDN of the second terminal device.
具体的,所述第二终端设备可以读取所述第二终端设备的设备 标识。  Specifically, the second terminal device can read the device identifier of the second terminal device.
302、 所述第二终端设备对所述设备标识进行加密, 获取设备 标识加密信息。  302. The second terminal device encrypts the device identifier, and obtains device identifier encryption information.
当第二终端设备请求接入网络或向网络请求数据时,会对第二 终端设备的设备标识进行加密, 获取设备标识加密信息。  When the second terminal device requests to access the network or request data from the network, the device identifier of the second terminal device is encrypted, and the device identifier encrypted information is obtained.
具体的,所述第二终端设备可以利用对称性加密算法或非对称 性加密算法对所述设备标识进行加密, 获取设备标识加密信息。  Specifically, the second terminal device may encrypt the device identifier by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
需要说明的是,对称性加密算法是指加密和解密使用同一个密 钥, 加密函数和解密函数是一对逆向的函数的算法。 非对称性加密 算法是指加密和解密使用不同的密钥的算法。非对称性加密算法通 常有公钥和私钥两个密钥,公钥是加密设备或解密设备发送给对应 的解密设备或加密设备的,私钥是加密设备或解密设备自身保存而 不对外公布的。  It should be noted that the symmetric encryption algorithm refers to an algorithm in which the same key is used for encryption and decryption, and the encryption function and the decryption function are a pair of inverse functions. An asymmetric encryption algorithm refers to an algorithm that encrypts and decrypts different keys. The asymmetric encryption algorithm usually has two keys: a public key and a private key. The public key is sent to the corresponding decryption device or encryption device by the encryption device or the decryption device, and the private key is saved by the encryption device or the decryption device itself without being publicized. of.
当所述第二终端设备利用对称性加密算法对所述设备标识进 行加密时,所述第二终端设备需要按照与共享接入的检测设备约定 的密钥和加密算法, 对所述设备标识进行加密, 获取设备标识加密 信息。 当所述第二终端设备利用非对称性加密算法对所述设备标识 进行加密时, 所述第二终端设备可以首先确定公钥, 然后利用公钥 生成私钥, 利用生成的私钥对所述设备标识进行加密, 获取设备标 识加密信息,并向所述共享接入的检测设备发送所述公钥和所述设 备标识加密信息,以使得所述共享接入的检测设备利用所述公钥生 成私钥,利用生成的私钥对接收到的所述设备标识加密信息进行解 密。 When the second terminal device encrypts the device identifier by using a symmetric encryption algorithm, the second terminal device needs to perform the device identifier according to a key and an encryption algorithm agreed with the shared access detecting device. Encrypt, obtain device ID encryption information. When the second terminal device encrypts the device identifier by using an asymmetric encryption algorithm, the second terminal device may first determine a public key, and then use the public key. Generating a private key, encrypting the device identifier by using the generated private key, acquiring device identification encryption information, and transmitting the public key and the device identification encryption information to the shared access detection device, so that the The detecting device of the shared access generates the private key by using the public key, and decrypts the received device identification encrypted information by using the generated private key.
303、 所述第二终端设备生成包括所述设备标识加密信息的数 据报文。  303. The second terminal device generates a data packet that includes the device identifier encryption information.
所述第二终端设备可以按照协议定义的数据报文的格式,生成 数据报文。  The second terminal device may generate a data packet according to a format of a data packet defined by the protocol.
本发明技术领域人员可以理解的是,第二终端设备或第一终端 设备生成的数据报文有一定的格式,所述第二终端设备在生成包括 所述设备标识加密信息的数据报文时,可以将所述设备标识加密信 息添加在所述第二终端设备或第一终端设备与所述共享接入的检 测设备约定的位置, 例如, 约定位置为数据报文的 TCP / I P 头部之 后。  It can be understood by those skilled in the art that the data message generated by the second terminal device or the first terminal device has a certain format, and when the second terminal device generates the data packet including the device identifier encryption information, The device identifier encryption information may be added to a location agreed by the second terminal device or the first terminal device and the shared access detection device, for example, after the appointment location is a TCP/IP header of the data packet.
304、 所述第二终端设备向所述第一终端设备发送包括所述设 备标识加密信息的数据报文。  304. The second terminal device sends a data packet including the device identifier encryption information to the first terminal device.
所述第一终端设备具体可以为路由设备。  The first terminal device may specifically be a routing device.
305、 所述第一终端设备对所述数据报文进行处理, 获得处理 后的数据报文。  305. The first terminal device processes the data packet to obtain a processed data packet.
需要说明的是,在第二终端设备请求接入网络或向网络请求数 据、 或第一终端设备向网络请求数据之前, 第一终端设备首先需要 与网络侧 ( 包括网关、 服务器等) 进行信息交互, 获得服务器为该 第一终端设备分配的源 I P地址, 完成用户激活。  It should be noted that, before the second terminal device requests to access the network or request data from the network, or the first terminal device requests data from the network, the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.). The source IP address assigned by the server to the first terminal device is obtained, and user activation is completed.
所述第一终端设备对所述第二终端设备发送的数据报文进行 源 I P地址转换等操作之后, 获得处理后的数据报文。  After the first terminal device performs a source IP address conversion operation on the data packet sent by the second terminal device, the first terminal device obtains the processed data packet.
306、 所述第一终端设备向所述共享接入的检测设备发送所述 处理后的数据报文,所述数据报文中包括设备标识加密信息及服务 器为所述第一终端设备分配的源 I P地址, 所述设备标识加密信息 为通过所述第一终端设备接入网络的第二终端设备的设备标识加 密信息。 306. The first terminal device sends the processed data packet to the shared access detection device, where the data packet includes device identifier encryption information and a source allocated by the server to the first terminal device. IP address, the device identifier encryption information Encrypting information for the device identification of the second terminal device that accesses the network through the first terminal device.
307、 所述共享接入的检测设备解密所述设备标识加密信息, 获得所述第一终端设备的第一设备标识或所述第二终端设备的第 二设备标识。  307. The shared access detection device decrypts the device identifier encryption information, and obtains a first device identifier of the first terminal device or a second device identifier of the second terminal device.
当共享接入的检测设备接收到第一终端设备发送的数据报文 之后, 会对所述数据报文进行解密。  After the shared access detecting device receives the data packet sent by the first terminal device, the data packet is decrypted.
需要说明的是,所述共享接入的检测设备对接收到的数据报文 进行处理时,可以根据接收所述设备标识加密信息的添加位置对所 述设备标识加密信息进行提取,进而对所述设备标识加密信息进行 解密。所述设备标识信息的添加位置可以是所述第二终端设备或第 一终端设备与所述共享接入的检测设备约定的,也可以是默认的位 置。 例如, 约定的位置或默认的位置为数据报文的 TCP或 UDP头部 之后时, 所述共享接入的检测设备可以对数据报文的 TCP 或 UDP 头部之后的信息进行提取, 获得所述设备标识加密信息。  It should be noted that, when the detecting device of the shared access processes the received data packet, the device identifier may be extracted according to the added location of the device identifier encryption information, and then The device identifies the encrypted information for decryption. The adding location of the device identification information may be that the second terminal device or the first terminal device is agreed with the detecting device of the shared access, or may be a default location. For example, when the agreed location or the default location is after the TCP or UDP header of the data packet, the shared access detecting device may extract the information after the TCP or UDP header of the data packet to obtain the Device identification encryption information.
本发明技术领域人员可以理解的是,要对所述设备标识加密信 息进行解密, 首先需要确定解密函数和解密密钥。 该解密函数和解 密密钥可以是所述第二终端设备或第一终端设备与所述共享接入 的检测设备约定的。  It will be understood by those skilled in the art that to decrypt the device identification encryption information, it is first necessary to determine the decryption function and the decryption key. The decryption function and the decryption key may be agreed by the second terminal device or the first terminal device with the shared access detection device.
若所述设备标识加密信息是利用对称性加密算法获得的,则所 述共享接入的检测设备根据与所述第二终端设备或第一终端设备 约定的解密密钥和解密函数对所述设备标识加密信息进行解密。若 所述设备标识加密信息是利用非对称加密算法获得的,则所述共享 接入的检测设备根据接收的公钥生成私钥,利用生成的私钥对所述 设备标识加密信息进行解密。  If the device identification encryption information is obtained by using a symmetric encryption algorithm, the detecting device of the shared access pairs the device according to a decryption key and a decryption function agreed with the second terminal device or the first terminal device Identify the encrypted information for decryption. If the device identification encryption information is obtained by using an asymmetric encryption algorithm, the shared access detecting device generates a private key according to the received public key, and decrypts the device identification encrypted information by using the generated private key.
308、 若确定预设的 I P地址记录表中包括有与所述源 I P地址 对应的所述第一设备标识或所述第二设备标识,则所述共享接入的 检测设备获取所述 I P地址记录表中与所述源 I P地址对应的全部的 设备标识的数量,进而确定所述源 I P地址下共享接入设备的数量。 所述共享接入的检测设备中预设的 IP地址记录表中存储有源 IP地址与第一设备标识或第二设备标识的对应关系。 308. If it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address, the shared access detecting device acquires the IP address. Recording the number of all device identifiers corresponding to the source IP address in the table, and determining the number of shared access devices under the source IP address. The corresponding IP address record table in the shared access detection device stores a correspondence between the active IP address and the first device identifier or the second device identifier.
309、 若确定预设的 IP地址记录表中不包括有与所述源 IP地 址对应的所述第一设备标识或所述第二设备标识, 则所述共享接入 的检测设备存储所述源 IP地址与所述第一设备标识或所述第二设 备标识的对应关系,获取所述 IP地址记录表中与所述源 IP地址对 应的全部的设备标识的数量, 进而确定所述源 IP地址下共享接入 设备的数量。  309. If it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, the shared access detecting device stores the source. Obtaining the number of all the device identifiers corresponding to the source IP address in the IP address record table, and determining the source IP address, by the corresponding relationship between the IP address and the first device identifier or the second device identifier. The number of shared access devices.
举例来说,所述预设的 IP地址记录表中不包括有源 IP地址为 123.138.26.112, 设备标识为 460030912121001 的对应关系, 则所 述共享接入的检测设备首先将该源 IP地址和设备标识存储在所述 预设的 IP地址记录表中的对应位置中, 然后, 获取所述 IP地址记 录表中与所述源 IP地址对应的全部的设备标识的数量, 进而确定 所述源 IP 地址下共享接入设备的数量。 例如, 源 IP 地址为 123.138.26.112 时, 对应 的设备标识有 460030912121001、 460030912121002和 460030912121003 时, 共享接入设备的数量为 For example, the preset IP address record table does not include a correspondence between the active IP address of 123.138.26.112 and the device identifier of 46000391221.101, and the shared access detection device first uses the source IP address and the device. The identifier is stored in a corresponding location in the preset IP address record table, and then the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, thereby determining the source IP address. The number of shared access devices. For example, when the source IP address is 123.138.26.112 and the corresponding device identifier is 460030912121001, 460030912121002, and 460030912121003, the number of shared access devices is
3。 3.
具体的, 所述共享接入的检测设备可以查询预设的 IP地址记 录表中与所述源 IP 地址对应的设备标识的个数, 来获取所述 IP 地址记录表中与所述源 IP地址对应的全部的设备标识的数量, 该 数量即为所述源 IP地址下共享接入设备的数量。 当然, 所述共享 接入的检测设备也可以通过其它方式来获取所述 IP地址记录表中 与所述源 IP地址对应的设备标识的个数, 本发明实施例对此不作 具体限定。  Specifically, the detecting device of the shared access may query the number of device identifiers corresponding to the source IP address in the preset IP address record table to obtain the source IP address in the IP address record table. The number of all the corresponding device identifiers, which is the number of shared access devices under the source IP address. Of course, the detecting device of the shared access may obtain the number of device identifiers corresponding to the source IP address in the IP address record table by using other methods, which is not specifically limited in this embodiment of the present invention.
本发明实施例提供一种共享接入的检测方法, 如图 4所示, 当 所述终端设备为第一终端设备时, 所述方法包括:  An embodiment of the present invention provides a method for detecting a shared access. As shown in FIG. 4, when the terminal device is a first terminal device, the method includes:
401、 所述第一终端设备获取设备标识。  401. The first terminal device acquires a device identifier.
所述设备标识可以是第一终端设备的 IMSI或 MSISDN。  The device identifier may be an IMSI or an MSISDN of the first terminal device.
具体的,所述第一终端设备可以读取所述第一终端设备的设备 标识。 Specifically, the first terminal device can read the device of the first terminal device Logo.
4 02、 所述第一终端设备对所述设备标识进行加密, 获取设备 标识加密信息。  4 02. The first terminal device encrypts the device identifier, and obtains device identifier encryption information.
当第一终端设备向网络请求数据时,会对第一终端设备的设备 标识进行加密, 获取设备标识加密信息。  When the first terminal device requests data from the network, the device identifier of the first terminal device is encrypted, and the device identifier is encrypted.
具体的,所述第一终端设备可以利用对称性加密算法或非对称 性加密算法对所述设备标识进行加密, 获取设备标识加密信息。  Specifically, the first terminal device may encrypt the device identifier by using a symmetric encryption algorithm or an asymmetric encryption algorithm to obtain device identifier encryption information.
4 03、 所述第一终端设备生成包括所述设备标识加密信息的数 据报文。  4 03. The first terminal device generates a data packet that includes the device identifier encryption information.
所述第一终端设备可以按照协议定义的数据报文的格式,生成 数据报文。  The first terminal device may generate a data packet according to a format of a data packet defined by the protocol.
本发明技术领域人员可以理解的是,第二终端设备或第一终端 设备生成的数据报文有一定的格式,所述第一终端设备在生成包括 所述设备标识加密信息的数据报文时,可以将所述设备标识加密信 息添加在原有数据报文格式的任一位置。  It can be understood by those skilled in the art that the data message generated by the second terminal device or the first terminal device has a certain format, and when the first terminal device generates the data packet including the device identifier encryption information, The device identification encryption information may be added to any location of the original data message format.
当然, 为了减少对现有生成数据报文相关协议的修改, 所述设 备标识加密信息可以添加到数据报文的 TCP或 UDP头部之后。  Of course, in order to reduce the modification of the existing data packet-related protocol, the device identifier encryption information may be added after the TCP or UDP header of the data packet.
4 04、 所述第一终端设备向所述共享接入的检测设备发送所述 数据报文,所述数据报文中包括设备标识加密信息及服务器为所述 第一终端设备分配的源 I P地址, 所述设备标识加密信息为所述第 一终端设备的设备标识加密信息。  4, the first terminal device sends the data packet to the shared access detection device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device. The device identifier encryption information is device identifier encryption information of the first terminal device.
需要说明的是, 在所述第一终端设备向网络请求数据之前, 所 述第一终端设备首先需要与网络侧 ( 包括网关、 服务器等) 进行信 息交互, 获得服务器为该第一终端设备分配的源 I P地址, 完成用 户激活。  It should be noted that, before the first terminal device requests data from the network, the first terminal device first needs to perform information interaction with the network side (including a gateway, a server, etc.), and obtain the server to allocate the first terminal device. Source IP address, complete user activation.
307、 所述共享接入的检测设备解密所述设备标识加密信息, 获得所述第一终端设备的第一设备标识或所述第二终端设备的第 二设备标识。  307. The shared access detection device decrypts the device identifier encryption information, and obtains a first device identifier of the first terminal device or a second device identifier of the second terminal device.
308、 若确定预设的 I P地址记录表中包括有与所述源 I P地址 对应的所述第一设备标识或所述第二设备标识,则所述共享接入的 检测设备获取所述 I P地址记录表中与所述源 I P地址对应的全部的 设备标识的数量,进而确定所述源 IP地址下共享接入设备的数量。 308. If it is determined that the preset IP address record table includes the source IP address. Corresponding to the first device identifier or the second device identifier, the shared access detecting device acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines The number of shared access devices under the source IP address.
309、 若确定预设的 IP地址记录表中不包括有与所述源 IP地 址对应的所述第一设备标识或所述第二设备标识, 则所述共享接入 的检测设备存储所述源 IP地址与所述第一设备标识或所述第二设 备标识的对应关系,获取所述 IP地址记录表中与所述源 IP地址对 应的全部的设备标识的数量, 进而确定所述源 IP地址下共享接入 设备的数量。  309. If it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, the shared access detecting device stores the source. Obtaining the number of all the device identifiers corresponding to the source IP address in the IP address record table, and determining the source IP address, by the corresponding relationship between the IP address and the first device identifier or the second device identifier. The number of shared access devices.
进一步的, 在所述共享接入设备确定所述源 IP地址下共享接 入设备的数量之后, 可以根据所述共享接入设备的数量确定该 IP 地址下是否存在共享接入。 具体的, 所述共享接入设备可以确定所 述源 IP地址下共享接入设备的数量是否大于 1; 若所述源 IP地址 下共享接入设备的数量大于 1, 则确定所述源 IP 地址下存在共享 接入; 若所述源 IP 地址下共享接入设备的数量等于 1, 则进一步 确定所述源 IP地址对应的共享接入设备的设备标识是否与预设的 承载上下文中所述源 IP地址对应的设备标识相同; 若相同, 则确 定所述源 IP地址下不存在共享接入; 若不相同, 则确定所述源 IP 地址下存在共享接入。  Further, after the shared access device determines the number of shared access devices in the source IP address, whether the shared access exists under the IP address may be determined according to the number of the shared access devices. Specifically, the shared access device may determine whether the number of shared access devices in the source IP address is greater than 1; if the number of shared access devices in the source IP address is greater than 1, determining the source IP address. If the number of shared access devices in the source IP address is equal to 1, it is further determined whether the device identifier of the shared access device corresponding to the source IP address is the source in the preset bearer context. The device IDs of the IP addresses are the same. If they are the same, it is determined that there is no shared access under the source IP address. If they are not the same, it is determined that there is shared access under the source IP address.
进一步的, 在所述共享接入的检测设备确定所述源 IP地址下 共享接入设备的数量之后,还可以进一步确定共享接入的主设备和 从设备的数量。  Further, after the detecting device of the shared access determines the number of shared access devices under the source IP address, the number of the master device and the slave device that are shared access may be further determined.
具体的,所述共享接入的检测设备将预设的承载上下文记录表 中与所述源 IP地址对应的设备标识, 确定为共享接入的主设备; 将所述 IP记录表中与所述源 IP地址对应的设备标识中, 除所述主 设备的设备标识之外的设备标识, 确定为共享接入的从设备。  Specifically, the detecting device of the shared access determines the device identifier corresponding to the source IP address in the preset bearer context record table as the master device for shared access; and the IP record table and the In the device identifier corresponding to the source IP address, the device identifier other than the device identifier of the master device is determined as the slave device that is shared.
需要说明的是, 在所述第一终端设备与网络侧交互信息, 完成 用户激活后,所述共享接入的检测设备中的预设的承载上下文记录 表中存储有该第一终端设备的设备标识和源 IP地址的对应关系。 为了在不修改现有协议的基础上,保证设备和网络之间的正常 通信,在所述共享接入的检测设备接收到所述第一终端设备发送的 数据报文之后, 可以删除所述数据报文中的所述设备标识加密信 息。 It should be noted that, after the first terminal device interacts with the network side, after the user is activated, the preset bearer context record table in the shared access detection device stores the device of the first terminal device. Correspondence between the identifier and the source IP address. In order to ensure normal communication between the device and the network without modifying the existing protocol, after the detecting device of the shared access receives the data packet sent by the first terminal device, the data may be deleted. The device in the message identifies the encrypted information.
具体的, 所述共享接入的检测设备可以是网关设备, 例如网关 通用分组无线月良务技术 ( General Packet Radio Service, GPRS ) 支持节点 ( Gateway GPRS Support Node, GGSN ) 等。  Specifically, the detecting device for the shared access may be a gateway device, such as a Gateway General Packet Radio Service (GPRS) Support Node (GGSN).
本发明实施例提供一种共享接入的检测方法,接收第一终端设 备发送的数据报文,所述数据报文中包括设备标识加密信息及服务 器为所述第一终端设备分配的源 IP地址, 所述设备标识加密信息 为所述第一终端设备的设备标识加密信息或通过所述第一终端设 备接入网络的第二终端设备的设备标识加密信息; 解密所述设备标 识加密信息,获得所述第一终端设备的第一设备标识或所述第二终 端设备的第二设备标识; 若确定预设的 IP地址记录表中包括有与 所述源 IP地址对应的所述第一设备标识或所述第二设备标识, 则 获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备标识 的数量, 进而确定所述源 IP地址下共享接入设备的数量。 通过该 方案,终端设备发送给共享接入的检测设备的数据报文中包括所述 终端设备的设备标识加密信息,终端设备不能对共享接入设备的设 备标识进行修改, 使得共享接入的检测设备能够准确确定同一 IP 地址下共享接入设备的数量。  An embodiment of the present invention provides a method for detecting a shared access, which receives a data packet sent by a first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device. The device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device that is accessed by the first terminal device to the network; decrypting the device identifier encryption information, obtaining The first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the first device identifier corresponding to the source IP address Or the second device identifier, the number of all device identifiers corresponding to the source IP address in the IP address record table is obtained, and the number of shared access devices in the source IP address is determined. The data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例四、  Embodiment 4
本发明实施例提供一种共享接入的检测设备, 如图 5所示, 所 述共享接入的检测设备 50 包括: 接收单元 51、 解密单元 52 和确 定单元 53。  The embodiment of the present invention provides a detecting device for shared access. As shown in FIG. 5, the detecting device 50 for shared access includes: a receiving unit 51, a decrypting unit 52, and a determining unit 53.
所述接收单元 51, 用于接收第一终端设备发送的数据报文, 所述数据报文中包括设备标识加密信息及服务器为所述第一终端 设备分配的源 IP地址, 所述设备标识加密信息为所述第一终端设 备的设备标识加密信息或通过所述第一终端设备接入网络的第二 终端设备的设备标识加密信息。 The receiving unit 51 is configured to receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device, where the device identifier is encrypted. The information is the device identification encryption information of the first terminal device or the second access to the network by the first terminal device The device identification encryption information of the terminal device.
所述解密单元 52, 用于解密所述设备标识加密信息, 获得所 述第一终端设备的第一设备标识或所述第二终端设备的第二设备 标识。  The decrypting unit 52 is configured to decrypt the device identification encryption information, and obtain the first device identifier of the first terminal device or the second device identifier of the second terminal device.
所述确定单元 53, 用于若确定预设的 IP地址记录表中包括有 与所述源 IP地址对应的所述第一设备标识或所述第二设备标识, 则获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备标 识的数量, 进而确定所述源 IP地址下共享接入设备的数量。  The determining unit 53 is configured to obtain the IP address record table if it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address. The number of all device identifiers corresponding to the source IP address, and further determines the number of shared access devices under the source IP address.
可选的, 所述确定单元 53, 还用于若确定预设的 IP地址记录 表中不包括有与所述源 IP地址对应的所述第一设备标识或所述第 二设备标识, 则存储所述源 IP地址与所述第一设备标识或所述第 二设备标识的对应关系, 获取所述 IP 地址记录表中与所述源 IP 地址对应的全部的设备标识的数量, 进而确定所述源 IP地址下共 享接入设备的数量。  Optionally, the determining unit 53 is further configured to: if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, The corresponding relationship between the source IP address and the first device identifier or the second device identifier, obtaining the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the Number of shared access devices under the source IP address.
可选的, 所述确定单元 53, 还用于  Optionally, the determining unit 53 is further configured to:
若所述源 IP 地址下共享接入设备的数量大于 1, 则确定所述 源 IP地址下存在共享接入;  If the number of shared access devices in the source IP address is greater than 1, it is determined that there is a shared access under the source IP address;
若所述源 IP 地址下共享接入设备的数量等于 1, 则进一步确 定所述源 IP地址对应的共享接入设备的设备标识是否与预设的承 载上下文中所述源 IP地址对应的设备标识相同;  If the number of the shared access devices in the source IP address is equal to 1, determining whether the device identifier of the shared access device corresponding to the source IP address is the device identifier corresponding to the source IP address in the preset bearer context. the same;
若相同, 则确定所述源 IP地址下不存在共享接入;  If they are the same, it is determined that there is no shared access under the source IP address;
若不相同, 则确定所述源 IP地址下存在共享接入。  If not, it is determined that there is a shared access under the source IP address.
可选的, 所述确定单元 53, 还用于  Optionally, the determining unit 53 is further configured to:
将预设的承载上下文记录表中与所述源 IP地址对应的设备标 识, 确定为共享接入的主设备;  Determining, by the preset bearer context record table, a device identifier corresponding to the source IP address as a shared access master device;
将所述 IP记录表中与所述源 IP地址对应的设备标识中,除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。  A device identifier other than the device identifier of the master device in the device identifier corresponding to the source IP address in the IP record table is determined as a slave device that is shared.
进一步的, 如图 6所示, 所述检测设备 50还包括: 删除单元 Further, as shown in FIG. 6, the detecting device 50 further includes: deleting the unit
54。 所述删除单元 54 , 用于删除所述数据报文中的所述设备标识 加密信息。 54. The deleting unit 54 is configured to delete the device identifier encryption information in the data packet.
本发明实施例提供一种共享接入的检测设备,所述接收单元接 收第一终端设备发送的数据报文,所述数据报文中包括设备标识加 密信息及服务器为所述第一终端设备分配的源 I P地址, 所述设备 标识加密信息为所述第一终端设备的设备标识加密信息或通过所 述第一终端设备接入网络的第二终端设备的设备标识加密信息; 所 述解密单元解密所述设备标识加密信息,获得所述第一终端设备的 第一设备标识或所述第二终端设备的第二设备标识; 若确定预设的 I P地址记录表中包括有与所述源 I P地址对应的所述第一设备标识 或所述第二设备标识, 则所述确定单元获取所述 I P地址记录表中 与所述源 I P地址对应的全部的设备标识的数量, 进而确定所述源 I P 地址下共享接入设备的数量。 通过该方案, 终端设备发送给共 享接入的检测设备的数据报文中包括所述终端设备的设备标识加 密信息, 终端设备不能对共享接入设备的设备标识进行修改, 使得 共享接入的检测设备能够准确确定同一 I P地址下共享接入设备的 数量。  The embodiment of the present invention provides a shared access detecting device, where the receiving unit receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server allocates the first terminal device. The source IP address, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessing the network by the first terminal device; the decryption unit decrypts The device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address Corresponding to the first device identifier or the second device identifier, the determining unit acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines the source IP address. Number of shared access devices under the address. The data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例五、  Embodiment 5
本发明实施例提供一种终端设备, 如图 7所示, 所述终端设备 70 包括: 获取单元 71、 加密单元 72、 生成单元 7 3和发送单元 74。  The embodiment of the present invention provides a terminal device. As shown in FIG. 7, the terminal device 70 includes: an obtaining unit 71, an encryption unit 72, a generating unit 73, and a sending unit 74.
所述获取单元 71 , 用于获取设备标识。  The obtaining unit 71 is configured to acquire a device identifier.
所述加密单元 72 , 用于对所述设备标识进行加密, 获取设备 标识加密信息。  The encryption unit 72 is configured to encrypt the device identifier, and obtain device identifier encryption information.
所述生成单元 7 3 , 用于生成包括所述设备标识加密信息的数 据报文。  The generating unit 7 3 is configured to generate a data packet including the device identifier encryption information.
所述发送单元 74 , 用于发送所述数据报文。  The sending unit 74 is configured to send the data packet.
本发明实施例提供一种终端设备, 所述获取单元获取设备标 识; 所述加密单元对设备标识进行加密, 获取设备标识加密信息; 所述生成单元生成包括所述设备标识加密信息的数据报文; 所述发 送单元发送所述数据报文。 通过该方案, 终端设备发送给共享接入 的检测设备的数据报文中包括所述终端设备的设备标识加密信息, 终端设备不能对共享接入设备的设备标识进行修改,使得共享接入 的检测设备能够准确确定同一 IP地址下共享接入设备的数量。 An embodiment of the present invention provides a terminal device, where the acquiring unit acquires a device identifier, the encryption unit encrypts the device identifier, and obtains device identifier encryption information. The generating unit generates a data packet including the device identifier encryption information. Said hair The sending unit sends the data message. With the solution, the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例六、  Embodiment 6
本发明实施例提供一种共享接入的检测设备, 如图 8所示, 所 述检测设备 80 包括: 接收器 81和处理器 82。  The embodiment of the present invention provides a detection device for shared access. As shown in FIG. 8, the detection device 80 includes: a receiver 81 and a processor 82.
所述接收器 81, 用于接收第一终端设备发送的数据报文, 所 述数据报文中包括设备标识加密信息及服务器为所述第一终端设 备分配的源 IP地址, 所述设备标识加密信息为所述第一终端设备 的设备标识加密信息或通过所述第一终端设备接入网络的第二终 端设备的设备标识加密信息。  The receiver 81 is configured to receive a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and a source IP address allocated by the server for the first terminal device, where the device identifier is encrypted. The information is the device identity encryption information of the first terminal device or the device identity encryption information of the second terminal device that accesses the network by using the first terminal device.
所述处理器 82, 用于解密所述设备标识加密信息, 获得所述 第一终端设备的第一设备标识或所述第二终端设备的第二设备标 识。  The processor 82 is configured to decrypt the device identifier and obtain the first device identifier of the first terminal device or the second device identifier of the second terminal device.
所述处理器 82, 还用于若确定预设的 IP地址记录表中包括有 与所述源 IP地址对应的所述第一设备标识或所述第二设备标识, 则获取所述 IP地址记录表中与所述源 IP地址对应的全部的设备标 识的数量, 进而确定所述源 IP地址下共享接入设备的数量。  The processor 82 is further configured to acquire the IP address record if it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address. The number of all device identifiers corresponding to the source IP address in the table, and further determining the number of shared access devices in the source IP address.
可选的, 所述处理器 82, 还用于若确定预设的 IP地址记录表 中不包括有与所述源 IP地址对应的所述第一设备标识或所述第二 设备标识, 则存储所述源 IP地址与所述第一设备标识或所述第二 设备标识的对应关系,获取所述 IP地址记录表中与所述源 IP地址 对应的全部的设备标识的数量, 进而确定所述源 IP地址下共享接 入设备的数量。  Optionally, the processor 82 is further configured to: if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, Obtaining the number of all device identifiers corresponding to the source IP address in the IP address record table, and determining the number of the source IP address and the first device identifier or the second device identifier. Number of shared access devices under the source IP address.
可选的, 所述处理器 82 , 还用于  Optionally, the processor 82 is further configured to:
若所述源 IP 地址下共享接入设备的数量大于 1, 则确定所述 源 IP地址下存在共享接入;  If the number of shared access devices in the source IP address is greater than 1, it is determined that there is a shared access under the source IP address;
若所述源 IP 地址下共享接入设备的数量等于 1, 则进一步确 定所述源 I P地址对应的共享接入设备的设备标识是否与预设的承 载上下文中所述源 I P地址对应的设备标识相同; If the number of shared access devices under the source IP address is equal to 1, then further Whether the device identifier of the shared access device corresponding to the source IP address is the same as the device identifier corresponding to the source IP address in the preset bearer context;
若相同, 则确定所述源 I P地址下不存在共享接入;  If they are the same, it is determined that there is no shared access under the source IP address;
若不相同, 则确定所述源 I P地址下存在共享接入。  If not, it is determined that there is a shared access under the source IP address.
可选的, 所述处理器 82 , 还用于  Optionally, the processor 82 is further configured to:
将预设的承载上下文记录表中与所述源 I P地址对应的设备标 识, 确定为共享接入的主设备;  Determining, by the preset bearer context record table, a device identifier corresponding to the source IP address as a shared access master device;
将所述 I P记录表中与所述源 I P地址对应的设备标识中,除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。  In the device identifier corresponding to the source IP address in the IP record table, the device identifier other than the device identifier of the master device is determined as the slave device sharing the access.
进一步的, 处理器 82 , 还用于删除所述数据报文中的所述设 备标识加密信息。  Further, the processor 82 is further configured to delete the device identifier encryption information in the data packet.
本发明实施例提供一种共享接入的检测设备,所述接收器接收 第一终端设备发送的数据报文,所述数据报文中包括设备标识加密 信息及服务器为所述第一终端设备分配的源 I P地址, 所述设备标 识加密信息为所述第一终端设备的设备标识加密信息或通过所述 第一终端设备接入网络的第二终端设备的设备标识加密信息; 所述 处理器解密所述设备标识加密信息,获得所述第一终端设备的第一 设备标识或所述第二终端设备的第二设备标识; 若确定预设的 I P 地址记录表中包括有与所述源 I P地址对应的所述第一设备标识或 所述第二设备标识, 则所述处理器获取所述 I P地址记录表中与所 述源 I P 地址对应的全部的设备标识的数量, 进而确定所述源 I P 地址下共享接入设备的数量。 通过该方案, 终端设备发送给共享接 入的检测设备的数据报文中包括所述终端设备的设备标识加密信 息, 终端设备不能对共享接入设备的设备标识进行修改, 使得共享 接入的检测设备能够准确确定同一 I P 地址下共享接入设备的数 量。  The embodiment of the present invention provides a shared access detecting device, where the receiver receives a data packet sent by the first terminal device, where the data packet includes device identifier encryption information and the server allocates the first terminal device. The source IP address, the device identifier encryption information is the device identifier encryption information of the first terminal device or the device identifier encryption information of the second terminal device accessed by the first terminal device to the network; the processor decrypts The device identifies the encrypted information, and obtains the first device identifier of the first terminal device or the second device identifier of the second terminal device; if it is determined that the preset IP address record table includes the source IP address Corresponding to the first device identifier or the second device identifier, the processor acquires the number of all device identifiers corresponding to the source IP address in the IP address record table, and further determines the source IP address. Number of shared access devices under the address. The data packet sent by the terminal device to the detecting device of the shared access device includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
实施例七、  Example VII.
本发明实施例提供一种终端设备, 如图 9所示, 所述终端设备 90 包括: 处理器 9 1和发送器 92。 所述处理器 9 1 , 用于获取设备标识。 The embodiment of the present invention provides a terminal device. As shown in FIG. 9, the terminal device 90 includes: a processor 91 and a transmitter 92. The processor 9 1 is configured to acquire a device identifier.
所述处理器 9 1 , 还用于对所述设备标识进行加密, 获取设备 标识加密信息。  The processor 9 1 is further configured to encrypt the device identifier, and obtain device identifier encryption information.
所述处理器 9 1 , 还用于生成包括所述设备标识加密信息的数 据报文。  The processor 9 1 is further configured to generate a data packet including the device identifier encryption information.
所述发送器 92 , 用于发送所述数据报文。  The transmitter 92 is configured to send the data packet.
本发明实施例提供一种终端设备, 所述处理器获取设备标识; 所述处理器对设备标识进行加密, 获取设备标识加密信息; 所述处 理器生成包括所述设备标识加密信息的数据报文; 所述发送器发送 所述数据报文。 通过该方案, 终端设备发送给共享接入的检测设备 的数据报文中包括所述终端设备的设备标识加密信息, 终端设备不 能对共享接入设备的设备标识进行修改,使得共享接入的检测设备 能够准确确定同一 I P地址下共享接入设备的数量。  An embodiment of the present invention provides a terminal device, where the processor acquires a device identifier, the processor encrypts the device identifier, and obtains device identifier encryption information, where the processor generates a data packet including the device identifier encryption information. The transmitter sends the data message. With the solution, the data packet sent by the terminal device to the detecting device of the shared access includes the device identifier encryption information of the terminal device, and the terminal device cannot modify the device identifier of the shared access device, so that the shared access detection is performed. The device can accurately determine the number of shared access devices under the same IP address.
所属领域的技术人员可以清楚地了解到, 为描述的方便和简 洁, 仅以上述各功能模块的划分进行举例说明, 实际应用中, 可以 根据需要而将上述功能分配由不同的功能模块完成,即将装置的内 部结构划分成不同的功能模块,以完成以上描述的全部或者部分功 能。 上述描述的系统, 装置和单元的具体工作过程, 可以参考前述 方法实施例中的对应过程, 在此不再赘述。  It will be clearly understood by those skilled in the art that for the convenience and brevity of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed. The internal structure of the device is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the system, the device and the unit described above, reference may be made to the corresponding process in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统, 装置和方法, 可以通过其它的方式实现。 例如, 以上所描述的装置 实施例仅仅是示意性的, 例如, 所述模块或单元的划分, 仅仅为一 种逻辑功能划分, 实际实现时可以有另外的划分方式, 例如多个单 元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽 略, 或不执行。 另一点, 所显示或讨论的相互之间的耦合或直接耦 合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信 连接, 可以是电性, 机械或其它的形式。  In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be used. Combined or can be integrated into another system, or some features can be ignored, or not executed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上 分开的, 作为单元显示的部件可以是或者也可以不是物理单元, 即 可以位于一个地方, 或者也可以分布到多个网络单元上。 可以根据 实际的需要选择其中的部分或者全部单元来实现本实施例方案的 目的。 The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, ie It can be located in one place, or it can be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处 理单元中, 也可以是各个单元单独物理存在, 也可以两个或两个以 上单元集成在一个单元中。上述集成的单元既可以釆用硬件的形式 实现, 也可以釆用软件功能单元的形式实现。  In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立 的产品销售或使用时, 可以存储在一个计算机可读取存储介质中。 基于这样的理解,本发明的技术方案本质上或者说对现有技术做出 贡献的部分或者该技术方案的全部或部分可以以软件产品的形式 体现出来, 该计算机软件产品存储在一个存储介质中, 包括若干指 令用以使得一台计算机设备(可以是个人计算机, 服务器, 或者网 络设备等) 或处理器 ( processor ) 执行本发明各个实施例所述方 法的全部或部分步骤。 而前述的存储介质包括: U盘、 移动硬盘、 只读存储器 ( ROM, Read-Only Memory ), 随机存取存储器 ( RAM, Random Access Memory ), 磁碟或者光盘等各种可以存储程序代码 的介质。  The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product in the form of a software product, or a part of the technical solution, which is stored in a storage medium. The instructions include a plurality of instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform all or part of the steps of the methods of the various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .
以上所述, 仅为本发明的具体实施方式, 但本发明的保护范围 并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技 术范围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范围 之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。  The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the appended claims.

Claims

权 利 要 求 书 claims
1、 一种共享接入的检测方法, 其特征在于, 所述方法包括: 接收第一终端设备发送的数据报文, 所述数据报文中包括设备 标识加密信息及服务器为所述第一终端设备分配的源网络之间的互 联协议 IP地址,所述设备标识加密信息为所述第一终端设备的设备 标识加密信息或通过所述第一终端设备接入网络的第二终端设备的 设备标识加密信息; 1. A shared access detection method, characterized in that the method includes: receiving a data message sent by a first terminal device, the data message including device identification encryption information and the server being the first terminal The interconnection protocol IP address between the source networks assigned by the device, and the device identification encrypted information is the device identification encrypted information of the first terminal device or the device identification of the second terminal device that accesses the network through the first terminal device. encrypted information;
解密所述设备标识加密信息, 获得所述第一终端设备的第一设 备标识或所述第二终端设备的第二设备标识; Decrypt the device identification encrypted information to obtain the first device identification of the first terminal device or the second device identification of the second terminal device;
若确定预设的 IP地址记录表中包括有与所述源 IP地址对应的 所述第一设备标识或所述第二设备标识,则获取所述 IP地址记录表 中与所述源 IP地址对应的全部的设备标识的数量,进而确定所述源 IP地址下共享接入设备的数量。 If it is determined that the preset IP address record table includes the first device identifier or the second device identifier corresponding to the source IP address, then obtain the IP address record table corresponding to the source IP address. The number of all device identifiers is determined, and the number of shared access devices under the source IP address is determined.
2、 根据权利要求 1所述的方法, 其特征在于, 在所述解密所述 设备标识加密信息, 获得所述第一终端设备的第一设备标识或所述 第二终端设备的第二设备标识之后, 所述方法还包括: 2. The method according to claim 1, characterized in that, during the decryption of the device identification encrypted information, the first device identification of the first terminal device or the second device identification of the second terminal device is obtained. Afterwards, the method further includes:
若确定预设的 IP地址记录表中不包括有与所述源 IP地址对应 的所述第一设备标识或所述第二设备标识,则存储所述源 IP地址与 所述第一设备标识或所述第二设备标识的对应关系,获取所述 IP地 址记录表中与所述源 IP地址对应的全部的设备标识的数量,进而确 定所述源 IP地址下共享接入设备的数量。 If it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address, then store the source IP address and the first device identifier or The corresponding relationship between the second device identifiers is to obtain the number of all device identifiers corresponding to the source IP address in the IP address record table, and then determine the number of shared access devices under the source IP address.
3、 根据权利要求 1或 2所述的方法, 其特征在于, 在所述确定 所述源 IP地址下共享接入设备的数量之后, 所述方法还包括: 若所述源 IP地址下共享接入设备的数量大于 1, 则确定所述源 IP地址下存在共享接入; 3. The method according to claim 1 or 2, characterized in that, after determining the number of shared access devices under the source IP address, the method further includes: if the number of shared access devices under the source IP address is If the number of incoming devices is greater than 1, it is determined that there is shared access under the source IP address;
若所述源 IP地址下共享接入设备的数量等于 1, 则进一步确定 所述源 IP 地址对应的共享接入设备的设备标识是否与预设的承载 上下文中所述源 IP地址对应的设备标识相同; If the number of shared access devices under the source IP address is equal to 1, then further determine whether the device identification of the shared access device corresponding to the source IP address is the same as the device identification corresponding to the source IP address in the preset bearer context. same;
若相同, 则确定所述源 IP地址下不存在共享接入; 若不相同, 则确定所述源 I P地址下存在共享接入。 If they are the same, it is determined that there is no shared access under the source IP address; If they are not the same, it is determined that there is shared access under the source IP address.
4、 根据权利要求 1或 2所述的方法, 其特征在于, 所述方法还 包括: 4. The method according to claim 1 or 2, characterized in that the method further includes:
将预设的承载上下文记录表中与所述源 I P 地址对应的设备标 识, 确定为共享接入的主设备; Determine the device identification corresponding to the source IP address in the preset bearer context record table as the primary device for shared access;
将所述 I P记录表中与所述源 I P地址对应的设备标识中, 除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。 Among the device identifiers corresponding to the source IP address in the IP record table, the device identifiers other than the device identifier of the master device are determined as slave devices for shared access.
5、 根据权利要求 1 - 4任一项所述的方法, 其特征在于, 在所述 接收第一终端设备发送的数据报文之后, 还包括: 5. The method according to any one of claims 1 to 4, characterized in that, after receiving the data message sent by the first terminal device, it further includes:
删除所述数据报文中的所述设备标识加密信息。 Delete the device identification encrypted information in the data message.
6、 一种共享接入的检测方法, 其特征在于, 所述方法包括: 获取设备标识; 6. A shared access detection method, characterized in that the method includes: obtaining a device identification;
对所述设备标识进行加密, 获取设备标识加密信息; Encrypt the device identification and obtain device identification encrypted information;
生成包括所述设备标识加密信息的数据报文; Generate a data message including the device identification encrypted information;
发送所述数据报文。 Send the data message.
7、一种共享接入的检测设备,其特征在于,所述检测设备包括: 接收单元、 解密单元和确定单元; 7. A detection device for shared access, characterized in that the detection device includes: a receiving unit, a decryption unit and a determination unit;
所述接收单元, 用于接收第一终端设备发送的数据报文, 所述 数据报文中包括设备标识加密信息及服务器为所述第一终端设备分 配的源网络之间的互联协议 I P地址,所述设备标识加密信息为所述 第一终端设备的设备标识加密信息或通过所述第一终端设备接入网 络的第二终端设备的设备标识加密信息; The receiving unit is configured to receive a data message sent by a first terminal device, where the data message includes device identification encryption information and an interconnection protocol IP address between source networks assigned by the server to the first terminal device, The device identification encrypted information is the device identification encrypted information of the first terminal device or the device identification encrypted information of a second terminal device that accesses the network through the first terminal device;
所述解密单元, 用于解密所述设备标识加密信息, 获得所述第 一终端设备的第一设备标识或所述第二终端设备的第二设备标识; 所述确定单元,用于若确定预设的 I P地址记录表中包括有与所 述源 I P地址对应的所述第一设备标识或所述第二设备标识, 则获取 所述 I P地址记录表中与所述源 I P地址对应的全部的设备标识的数 量, 进而确定所述源 I P地址下共享接入设备的数量。 The decryption unit is used to decrypt the device identification encrypted information to obtain the first device identification of the first terminal device or the second device identification of the second terminal device; the determination unit is used to determine if the predetermined Assume that the IP address record table includes the first device identification or the second device identification corresponding to the source IP address, then obtain all the IP address records corresponding to the source IP address. The number of device identifiers is used to determine the number of shared access devices under the source IP address.
8、 根据权利要求 7所述的检测设备, 其特征在于, 所述确定单 元, 还用于若确定预设的 IP地址记录表中不包括有与所述源 IP地 址对应的所述第一设备标识或所述第二设备标识, 则存储所述源 IP 地址与所述第一设备标识或所述第二设备标识的对应关系, 获取所 述 I P地址记录表中与所述源 I P地址对应的全部的设备标识的数量, 进而确定所述源 IP地址下共享接入设备的数量。 8. The detection equipment according to claim 7, characterized in that, the determination unit element, and is further configured to store the source IP address and the second device identifier if it is determined that the preset IP address record table does not include the first device identifier or the second device identifier corresponding to the source IP address. Correspondence relationship between the first device identifier or the second device identifier, obtain the number of all device identifiers corresponding to the source IP address in the IP address record table, and then determine the shared access device under the source IP address quantity.
9、 根据权利要求 7或 8所述的检测设备, 其特征在于, 所述确 定单元, 还用于 9. The detection equipment according to claim 7 or 8, characterized in that the determining unit is also used to
若所述源 IP地址下共享接入设备的数量大于 1, 则确定所述源 IP地址下存在共享接入; If the number of shared access devices under the source IP address is greater than 1, it is determined that there is shared access under the source IP address;
若所述源 IP地址下共享接入设备的数量等于 1, 则进一步确定 所述源 IP 地址对应的共享接入设备的设备标识是否与预设的承载 上下文中所述源 IP地址对应的设备标识相同; If the number of shared access devices under the source IP address is equal to 1, then further determine whether the device identification of the shared access device corresponding to the source IP address is the same as the device identification corresponding to the source IP address in the preset bearer context. same;
若相同, 则确定所述源 IP地址下不存在共享接入; If they are the same, it is determined that there is no shared access under the source IP address;
若不相同, 则确定所述源 IP地址下存在共享接入。 If they are not the same, it is determined that there is shared access under the source IP address.
10、 根据权利要求 7或 8所述的检测设备, 其特征在于, 所述 确定单元, 还用于 10. The detection equipment according to claim 7 or 8, characterized in that the determining unit is also used to
将预设的承载上下文记录表中与所述源 IP 地址对应的设备标 识, 确定为共享接入的主设备; Determine the device identification corresponding to the source IP address in the preset bearer context record table as the primary device for shared access;
将所述 IP记录表中与所述源 IP地址对应的设备标识中, 除所 述主设备的设备标识之外的设备标识, 确定为共享接入的从设备。 Among the device identifiers corresponding to the source IP address in the IP record table, the device identifiers other than the device identifier of the master device are determined as slave devices for shared access.
11、 根据权利要求 7-10任一项所述的检测设备, 其特征在于, 所述检测设备还包括: 删除单元; 11. The detection device according to any one of claims 7-10, characterized in that, the detection device further includes: a deletion unit;
所述删除单元, 用于删除所述数据报文中的所述设备标识加密 信息。 The deletion unit is used to delete the device identification encrypted information in the data message.
12、 一种终端设备, 其特征在于, 所述终端设备包括: 获取单 元、 力。密单元、 生成单元和发送单元; 12. A terminal device, characterized in that the terminal device includes: an acquisition unit and a power. Encryption unit, generation unit and sending unit;
所述获取单元, 用于获取设备标识; The acquisition unit is used to acquire device identification;
所述加密单元, 用于对所述设备标识进行加密, 获取设备标识 加密信息; 所述生成单元, 用于生成包括所述设备标识加密信息的数据报 文; The encryption unit is used to encrypt the device identification and obtain device identification encryption information; The generating unit is configured to generate a data message including the device identification encryption information;
所述发送单元, 用于发送所述数据报文。 The sending unit is used to send the data message.
PCT/CN2013/078078 2013-06-26 2013-06-26 Method and device for detecting shared access, and terminal device WO2014205703A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2013/078078 WO2014205703A1 (en) 2013-06-26 2013-06-26 Method and device for detecting shared access, and terminal device
CN201380000870.2A CN103650457B (en) 2013-06-26 2013-06-26 The detection method of a kind of shared access, equipment and terminal unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/078078 WO2014205703A1 (en) 2013-06-26 2013-06-26 Method and device for detecting shared access, and terminal device

Publications (1)

Publication Number Publication Date
WO2014205703A1 true WO2014205703A1 (en) 2014-12-31

Family

ID=50253430

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/078078 WO2014205703A1 (en) 2013-06-26 2013-06-26 Method and device for detecting shared access, and terminal device

Country Status (2)

Country Link
CN (1) CN103650457B (en)
WO (1) WO2014205703A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991630B (en) * 2015-03-26 2019-09-06 杭州迪普科技股份有限公司 A kind of shared access detection method and device
CN106330582B (en) * 2015-06-18 2020-11-20 中兴通讯股份有限公司 Method and device for detecting number of shared internet access mobile terminals
CN108024291B (en) * 2016-11-01 2023-02-24 中兴通讯股份有限公司 Method and device for detecting shared internet access in mobile network
CN109639628A (en) * 2018-10-26 2019-04-16 锐捷网络股份有限公司 Private connects behavioral value method, the network equipment, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060454A (en) * 2007-05-16 2007-10-24 杭州华三通信技术有限公司 Proxy access method, control network equipment and proxy access system
CN101436965A (en) * 2008-11-29 2009-05-20 成都市华为赛门铁克科技有限公司 Detection method, apparatus and system sharing access client terminal quantity
US20090190511A1 (en) * 2008-01-30 2009-07-30 Lucent Technologies Inc. Method and apparatus for detecting wireless data subscribers using natted devices
CN101808018A (en) * 2010-03-26 2010-08-18 杭州华三通信技术有限公司 Method and device for detecting quantity of access terminals

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100588352B1 (en) * 2004-12-28 2006-06-09 주식회사 케이티 System for monitoring ip sharer and method thereof
CN101631052B (en) * 2009-08-25 2012-09-05 杭州华三通信技术有限公司 Method and device for detecting number of access terminals

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060454A (en) * 2007-05-16 2007-10-24 杭州华三通信技术有限公司 Proxy access method, control network equipment and proxy access system
US20090190511A1 (en) * 2008-01-30 2009-07-30 Lucent Technologies Inc. Method and apparatus for detecting wireless data subscribers using natted devices
CN101436965A (en) * 2008-11-29 2009-05-20 成都市华为赛门铁克科技有限公司 Detection method, apparatus and system sharing access client terminal quantity
CN101808018A (en) * 2010-03-26 2010-08-18 杭州华三通信技术有限公司 Method and device for detecting quantity of access terminals

Also Published As

Publication number Publication date
CN103650457B (en) 2016-09-28
CN103650457A (en) 2014-03-19

Similar Documents

Publication Publication Date Title
CN106664561B (en) System and method for securing pre-association service discovery
CN107005400B (en) Service processing method and device
WO2017185692A1 (en) Key distribution and authentication method, apparatus and system
US11303431B2 (en) Method and system for performing SSL handshake
KR20210116508A (en) Improved handling of unique identifiers for stations
WO2015164999A1 (en) Virtual card downloading method, terminal and intermediate device
WO2019129201A1 (en) Session management for communications between a device and a dtls server
CN109495594B (en) Data transmission method, PNF SDN controller, VNF SDN controller and system
US20150381716A1 (en) Method and system for sharing files over p2p
WO2019076000A1 (en) Method and device for identifying encrypted data stream, storage medium, and system
TW201517668A (en) Network sharing device, system and method
WO2014205703A1 (en) Method and device for detecting shared access, and terminal device
JP2005303449A (en) Radio communication system, access point, terminal and radio communication method
WO2014146609A1 (en) Information processing method, trust server and cloud server
CN107135190B (en) Data flow attribution identification method and device based on transport layer secure connection
CN101697522A (en) Virtual private network networking method, communication system and related equipment
JPH06318939A (en) Cipher communication system
CN112769835B (en) Method for initiating access request and terminal equipment
WO2014194818A1 (en) Method for discovering user of equipment, and user equipment
WO2014201783A1 (en) Encryption and authentication method, system and terminal for ad hoc network
WO2020147854A1 (en) Authentication method, apparatus and system, and storage medium
Jian et al. Internet of things (IOT) cybersecurity based on the hybrid cryptosystem
JP5326815B2 (en) Packet transmitting / receiving apparatus and packet transmitting / receiving method
CN115118458B (en) Data processing method, device, computer equipment and storage medium
CN112448808A (en) Communication method, device, access point, server, system and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13888047

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13888047

Country of ref document: EP

Kind code of ref document: A1