patents.google.com

WO2017185742A1 - 一种伪基站的识别方法、装置以及终端 - Google Patents

  • ️Thu Nov 02 2017

WO2017185742A1 - 一种伪基站的识别方法、装置以及终端 - Google Patents

一种伪基站的识别方法、装置以及终端 Download PDF

Info

Publication number
WO2017185742A1
WO2017185742A1 PCT/CN2016/107888 CN2016107888W WO2017185742A1 WO 2017185742 A1 WO2017185742 A1 WO 2017185742A1 CN 2016107888 W CN2016107888 W CN 2016107888W WO 2017185742 A1 WO2017185742 A1 WO 2017185742A1 Authority
WO
WIPO (PCT)
Prior art keywords
cell
base station
pseudo base
candidate
control information
Prior art date
2016-04-29
Application number
PCT/CN2016/107888
Other languages
English (en)
French (fr)
Inventor
徐杏绍
郭德英
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
2016-04-29
Filing date
2016-11-30
Publication date
2017-11-02
2016-11-30 Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
2017-11-02 Publication of WO2017185742A1 publication Critical patent/WO2017185742A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0055Transmission or use of information for re-establishing the radio link
    • H04W36/0061Transmission or use of information for re-establishing the radio link of neighbour cell information

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a terminal for identifying a pseudo base station.
  • pseudo base stations appear in actual communication networks. Some criminals falsify part of the network parameters and increase their own transmit power to forge the public mobile operator base station to attract surrounding communication terminals; when the communication terminal successfully resides in the pseudo base station cell These criminals can obtain some private information in the communication terminal, such as user identity information, and then obtain illegal benefits therefrom.
  • the emergence of pseudo base stations has brought harm to the end users, operators, and even the country. How to identify and solve the problem of pseudo base stations will become the focus of the terminal security strategy.
  • the existing GSM mobile communication system can only perform one-way authentication, that is, the network authenticates the communication terminal, but the communication terminal cannot actively identify the legality of the network identity, so that the communication is in the communication.
  • the terminal After the terminal establishes a communication connection with the pseudo base station, it may also cause leakage of user privacy information, or even loss of personal property. Therefore, how to identify and process the pseudo base station has become an urgent problem to be solved.
  • the technical problem to be solved by the embodiments of the present invention is to provide a method, a device, and a terminal for identifying a pseudo base station, where the communication terminal can perform identity authentication on the candidate cell automatically and intelligently, and when it is determined that the cell corresponds to the pseudo base station , access is prohibited, thus ensuring the security of the terminal information to a certain extent.
  • the embodiment of the present invention provides a method for identifying a pseudo base station, where the method includes:
  • the measurement control information includes a neighboring cell list of the camping cell, and the neighboring cell list includes a cell identifier of at least one neighboring cell;
  • the cell identifier corresponding to the candidate cell does not exist in each cell identifier in the measurement control information, determine that the base station corresponding to the candidate cell is a pseudo base station.
  • the method further includes:
  • the determining, according to the wireless parameter of the candidate cell, whether the preset pseudo base station determination condition is met includes:
  • the acquiring the measurement control information associated with the resident cell includes:
  • the measurement control information includes a neighboring cell list of the camping cell, and the neighboring cell list includes a cell identifier of at least one neighboring cell.
  • the method further includes:
  • the radio parameter of the candidate cell does not satisfy the preset pseudo base station determination condition, and/or the cell identifier corresponding to the candidate cell exists in each cell identifier in the measurement control information, according to the preset Selecting a target cell by reselecting a cell handover condition;
  • the embodiment of the present invention provides an apparatus for identifying a pseudo base station, where the apparatus includes:
  • the determining module is configured to determine, according to the wireless parameter of the candidate cell, whether the preset pseudo base station determination condition is met, when the received signal strength of the candidate cell exceeds the received signal strength of the camping cell;
  • Obtaining a module if the determining module determines that the wireless parameter of the candidate cell satisfies And determining, by the pseudo base station determining condition, acquiring measurement control information associated with the camping cell, where the measurement control information includes a neighboring cell list of the camping cell, where the neighboring cell list includes a cell identifier of at least one neighboring cell ;
  • a determining module configured to: if the cell identifier corresponding to the candidate cell does not exist in each cell identifier in the measurement control information, determine that the base station corresponding to the candidate cell is a pseudo base station.
  • the device further includes:
  • a marking module configured to mark the cell identifier corresponding to the candidate cell as a cell identifier of a pseudo base station
  • a sending module configured to send the cell identifier of the pseudo base station to the network side, so as to prohibit establishing a communication connection with the pseudo base station.
  • the determining module is specifically configured to determine whether the rate of change of the received signal strength of the candidate cell exceeds a preset signal strength change rate threshold, and determine whether the identifier value of the cell identifier corresponding to the candidate cell is a pre- The endpoint value of the normal cell identifier threshold is set; if yes, it is determined that the preset pseudo base station determination condition is met, and the acquiring module is notified.
  • the acquiring module is configured to automatically establish a communication connection with the resident cell, and acquire measurement control information that is sent by the network side and is associated with the resident cell, where the measurement control information includes the resident A list of neighboring cells of the reserved cell, the neighboring cell list including cell identifiers of at least one neighboring cell.
  • the device further includes:
  • the selecting module is configured to: if the radio parameter of the candidate cell does not meet the preset pseudo base station determining condition, and/or the cell identifier corresponding to the candidate cell exists in each cell identifier in the measurement control information , selecting a target cell according to a preset reselection cell handover condition;
  • a handover module configured to switch the camped cell to the target cell, and establish a communication connection with the target cell.
  • an embodiment of the present invention further provides a terminal, where the terminal includes the identification device of the pseudo base station.
  • the base station corresponding to the candidate cell when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camping cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, Further, if there is no cell identifier corresponding to the candidate cell in each cell identifier in the measurement control information, it is determined that the base station corresponding to the candidate cell is a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of operation of a pseudo base station according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for identifying a pseudo base station according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of another method for identifying a pseudo base station according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart diagram of another method for identifying a pseudo base station according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of an apparatus for identifying a pseudo base station according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of another apparatus for identifying a pseudo base station according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • the embodiment of the invention provides a method, a device and a terminal for identifying a pseudo base station, which can implement authentication of the access network by the communication terminal, that is, the communication terminal authenticates the base station, which is beneficial to guarantee terminal information (such as user personal information, personal property information, etc.) security.
  • terminal information Such as user personal information, personal property information, etc.
  • FIG. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present disclosure. As shown in FIG. 1 , the network architecture diagram may include a network side, a base station side, and a user side.
  • the network side represents an access network/core network
  • the base station side includes at least one base station, which provides wireless coverage for various communication terminals on the user side, and implements wireless signal transmission between the communication network and the communication terminal, generally
  • One base station corresponds to/corresponds to one cell
  • the user side includes at least one communication terminal; for one communication terminal, the serving cell to which the communication terminal is currently connected is referred to as a camping cell, and the communication terminal can also
  • the signals of other serving cells are detected, and the other serving cells are referred to as candidate cells, if there is an intersection between the other serving cells (that is, the candidate cells) and the camping cells (if the coverage ranges intersect)
  • the coverage is close to tangency, etc., which is referred to as the neighboring cell of the camping cell.
  • the communication terminal may include, but is not limited to, an in-vehicle device, a mobile phone, a mobile computer, a tablet computer, a personal digital assistant (PDA), a media player, a smart TV, a smart watch, a smart glasses, a smart bracelet. And other user equipment.
  • PDA personal digital assistant
  • FIG. 2 is a schematic structural diagram of the operation of the pseudo base station.
  • the schematic diagram includes a fake base station system (Fake base station system) and a communication terminal (Terminal), and the pseudo base station system includes a base station unit (also referred to as a base station unit) and an analog core network entity.
  • Function MSC Mobile Switching Center functional simulator
  • operating platform also known as manual control platform, Manipulation platform.
  • the base station unit is equivalent to a pseudo base station transmission unit and a controller, and fully complies with a network communication protocol (such as GSM) specification, and provides air interface access to the communication terminal;
  • the analog core network entity function MSC implements channel allocation, location update, The function of sending out spam messages, etc., completes the acquisition of terminal information (such as user personal information), and the whole operation process also conforms to the network communication protocol specification;
  • the operation platform is equivalent to the background control system of the pseudo base station, and can complete power adjustment and cell parameter modification. Write short messages, fake network address delivery, etc. It is a platform for criminals to attack communication terminals, and is generally composed of a notebook computer with control software installed.
  • the current pseudo base station is generally composed of a set of RF transceivers, MSC circuit devices, notebook computers, etc., which is small in size and can be transported in a suitcase or a backpack to the vicinity of the user's residence to realize an attack on the communication terminal.
  • the pseudo base station system generally works in a GSM frequency band of the GSM900 frequency band (because multiple frequency points need to increase the radio frequency transceiver, increase the cost, volume, weight, etc.), and can detect the carrier frequency information of the current target area base station, and will itself The frequency of the frequency is changed to the current network frequency, and the transmission power of the antenna can be adjusted at the same time.
  • the communication terminal always detects the neighboring neighboring cell signal in the idle state, and reselects to the neighboring cell when the received signal strength of the neighboring cell is greater than the current serving cell.
  • the communication terminal in the idle idle state can be quickly reselected into the pseudo base station cell; then the pseudo base station and the communication terminal Establish a connection for signaling interaction, and obtain information such as an IMSI (International Mobile Subscriber Identity) and a TMSI (Temporary Mobile Subscriber Identity) for each terminal, and send the spam message and the fake network address. Defrauding the user bank account password and other information; finally, the pseudo base station releases the communication terminal, and the communication terminal initiates the location update to re-live in the actual network.
  • IMSI International Mobile Subscriber Identity
  • TMSI Temporal Mobile Subscriber Identity
  • the communication terminal receives the pseudo base station signal and the true base station has the following significant differences:
  • the pseudo base station cell appears relatively suddenly and the signal increases sharply.
  • the base station identifier of the pseudo base station (such as the location area code (LAC) and the cell ID) is completely different from the real base station; for example, the base station identifier of the normal base station is 0 to 65535, and the base station identifier of the pseudo base station is generally The boundary value is 0, 65534, 65535, or the base station identifier of the real base station is relatively different.
  • LAC location area code
  • the base station identifier of the pseudo base station needs to be different from the base station identifier of the real base station, so that the communication terminal can be reselected to the pseudo base station cell; the location area code LAC can trigger the communication terminal to initiate the update of the location area, so that the communication terminal reports the terminal information (such as user information, IMSI), in order to achieve the purpose of fraudulent terminal information.
  • the terminal information Such as user information, IMSI
  • FIG. 3 is a schematic flowchart of a method for identifying a pseudo base station according to an embodiment of the present invention.
  • the method in the embodiment of the present invention can be applied to, for example, a smart phone, a tablet, and an intelligent device.
  • the terminals with communication network functions, such as wearable devices they can be specifically implemented by the processors of these communication terminals.
  • the method of the embodiment of the invention further includes the following steps.
  • the base station can broadcast some control commands, voice call information, and data services, such as the core network side, to the surrounding communication terminals through the broadcast control channel BCCH (Broadcast Control Channel, BCCH) in real time or periodically (for example, 10s). Information and some of its own wireless signal parameters, etc.; the communication terminal can receive/detect the wireless signal broadcast by the peripheral base station, which we will refer to here as the received signal of the communication terminal.
  • BCCH Broadcast Control Channel, BCCH
  • BCCH Broadcast Control Channel
  • the communication terminal may determine whether the wireless parameter of the candidate cell is The pseudo base station determination condition that the user or the system customizes the setting in the communication terminal in advance is satisfied.
  • the user or the system may pre-set a determination condition for identifying the pseudo base station in the communication terminal, where the pseudo base station determination condition may include a preset received signal strength threshold (eg, -40dbm) and a received signal strength change rate.
  • the threshold value that is, the power change rate of the received signal
  • the cell identifier threshold of the normal serving cell that is, the base station identifier corresponding to the candidate cell, such as the LAC (Location area code) value of the normal base station is 0 to 65535, Or other cell identifiers (such as ID numbers) and the like are used to identify some decision parameters of the pseudo base station.
  • the determining, according to the wireless parameter of the candidate cell, whether the preset pseudo base station determination condition is met includes:
  • the communication terminal may determine whether the received signal strength of the candidate cell exceeds a preset received signal strength threshold (eg, -40 dbm), and if yes, continue to determine whether the rate of change of the signal strength of the candidate cell exceeds Presetting a received signal strength change rate threshold (eg, 20); or, the communication terminal directly determining whether the rate of change of the signal strength of the candidate cell exceeds a preset received signal strength change rate threshold (eg, 20), if exceeded, The communication terminal further determines whether the cell identifier corresponding to the candidate cell is an endpoint value of a preset normal cell identifier threshold (such as the endpoint value of the normal base station value 0, 65534, 65535, etc.); The terminal determines that the change rate of the received signal strength of the candidate cell exceeds a preset signal strength change rate threshold, and determines that the identifier value of the cell identifier corresponding to the candidate cell is a preset normal cell identifier threshold.
  • a preset received signal strength threshold eg, -40
  • Endpoint value then Determining that the radio parameter to the candidate cell meets the preset pseudo base station determination condition, and continuing to perform step S102; if the communication terminal determines that the rate of change of the received signal strength of the candidate cell does not exceed a preset signal strength change rate a threshold, and/or, determining that the identifier value of the cell identifier corresponding to the candidate cell is not an endpoint value of a preset normal cell identifier threshold, the communication terminal determines that the radio parameter of the candidate cell is not The preset pseudo base station determination condition is satisfied, step S105 is performed, or the flow is ended.
  • the communication terminal may include an Internet device such as a smart phone (such as an Android mobile phone, an IOS mobile phone, etc.), a personal computer, a tablet computer, a palmtop computer, a mobile Internet device (MID), or a wearable smart device, and the embodiment of the present invention Not limited.
  • a smart phone such as an Android mobile phone, an IOS mobile phone, etc.
  • a personal computer such as an Android mobile phone, an IOS mobile phone, etc.
  • a tablet computer such as a tablet computer, a palmtop computer, a mobile Internet device (MID), or a wearable smart device
  • MID mobile Internet device
  • the communication terminal may acquire the measurement control information that is associated with the camping cell, where the measurement control information includes a neighboring cell list of the camping cell, that is, the measurement control information includes the Information about all neighboring cells of the camping cell, where the neighboring cell list includes at least a cell identifier (such as a LAC, an ID number, a cell name, and the like) corresponding to the neighboring cell.
  • the measurement control information includes a neighboring cell list of the camping cell, that is, the measurement control information includes the Information about all neighboring cells of the camping cell, where the neighboring cell list includes at least a cell identifier (such as a LAC, an ID number, a cell name, and the like) corresponding to the neighboring cell.
  • a cell identifier such as a LAC, an ID number, a cell name, and the like
  • the acquiring the measurement control information associated with the resident cell includes:
  • the measurement control information includes a neighboring cell list of the camping cell, and the neighboring cell list includes a cell identifier of at least one neighboring cell.
  • the communication terminal may receive measurement control information sent by the network side, where the measurement control information includes A neighboring cell list formed by all or a part of neighboring cell information of the reserved cell, where the neighboring cell list includes at least a cell identifier corresponding to the neighboring cell.
  • the communication terminal may determine whether there is a cell identifier corresponding to the candidate cell in each cell identifier in the measurement control information that is obtained by the S102; if not, proceed to step S104; otherwise, end The process or step S105 is performed.
  • the method further includes:
  • the communication terminal may determine that the base station corresponding to the candidate cell is a pseudo a base station, the communication terminal may further mark a cell identifier corresponding to the candidate cell as a cell identifier of a pseudo base station (that is, a base station identifier marked as a pseudo base station), where the communication terminal may use a cell of the pseudo base station
  • the identifier is sent to the network side to prohibit all communication terminals from establishing a communication connection with the pseudo base station to prevent leakage of terminal information (such as leaking user personal information, personal property information).
  • S105 Select a target cell according to the preset reselection cell handover condition, switch the camped cell to the target cell, and establish a communication connection with the target cell.
  • the communication terminal may select a target cell according to a reselection cell handover condition (such as a preset received signal strength threshold value) that is preset by the user or the system in the communication terminal, and the communication terminal may The current camping cell switches to the target cell and establishes a communication connection with the target cell.
  • a reselection cell handover condition such as a preset received signal strength threshold value
  • the mobile phone A will determine whether the GSM signal satisfies two different judgment conditions of the pseudo base station signal and the real base station (that is, the sixth page of the specification of the present application). One or two judgment conditions), if the above two determination conditions are satisfied, the pseudo base station identification suppression measure is activated; if any of the above two determination conditions is not satisfied, the mobile phone A may determine that the comparison is strong
  • the base station of the GSM signal is a true base station, and the mobile phone A selects the target cell according to the preset reselection cell handover condition; or ends the process.
  • the mobile phone A After the mobile phone A starts the pseudo base station identification suppression measure, the mobile phone A is triggered to enter the connection mode (the customer can access the customer service phone or the browser through the background dialing disk, and the operation of the mobile phone interface does not affect the user experience), the mobile phone and the current serving cell (also That is, the camping cell establishes a connection between the signaling and the service, because in the connected state, the mobile phone A can receive the measurement control message sent by the network, and the message includes all the GSM neighbor list of the current serving cell.
  • the connection mode the customer can access the customer service phone or the browser through the background dialing disk, and the operation of the mobile phone interface does not affect the user experience
  • the mobile phone and the current serving cell also That is, the camping cell establishes a connection between the signaling and the service, because in the connected state, the mobile phone A can receive the measurement control message sent by the network, and the message includes all the GSM neighbor list of the current serving cell.
  • the mobile phone A can search whether the detected LAC and the cell ID of the relatively strong GSM signal are inside; if the GSM If the neighboring cell list does not include the LAC or the cell ID of the relatively strong GSM signal, the mobile phone A may determine that the base station that generates the relatively strong GSM signal is a pseudo base station, and the cell corresponding to the pseudo base station is listed as prohibited. Access the cell to avoid loss of user information being stolen.
  • the present invention when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camped cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, and further, if the measurement control The cell identifier corresponding to the candidate cell does not exist in each cell identifier in the information, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 4 is a schematic flowchart of another method for identifying a pseudo base station according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may include the following steps.
  • step S202 when the communication terminal determines that the rate of change of the received signal strength of the candidate cell exceeds a preset signal strength change rate threshold, step S202 is continued; otherwise, step S206 is performed, or the process ends.
  • step S203 when the communication terminal determines that the identifier value of the cell identifier corresponding to the candidate cell is the endpoint value of the preset normal cell identifier threshold, step S203 is continued; otherwise, step S206 is performed. Or end the process.
  • step S201 and step S202 are specific implementation manners of determining whether the preset pseudo base station determination condition is met according to the radio parameter of the candidate cell in step S101, and the execution order of step S201 and step S202 is variable. That is, the communication terminal may perform step S201 after performing step S202, which is not limited in the embodiment of the present invention.
  • S203 automatically establishes a communication connection with the camping cell, and acquires measurement control information that is sent by the network side and is associated with the camping cell, where the measurement control information includes a neighboring cell list of the camping cell.
  • the neighbor list includes a cell identifier of at least one neighbor.
  • step S205 when the communication terminal determines that the cell identifier corresponding to the candidate cell does not exist in each cell identifier in the measurement control information, step S205 is continued; otherwise, step S206 is performed, or the process ends. .
  • the present invention when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camped cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, and further, if the measurement control The cell identifier corresponding to the candidate cell does not exist in each cell identifier in the information, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 5 is a schematic flowchart of another method for identifying a pseudo base station according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may include steps S201 to S206 as described above, and may also be as follows.
  • the communication terminal when the communication terminal determines in S205 that the base station corresponding to the candidate cell is a pseudo base station, the communication terminal may mark the cell identifier corresponding to the candidate cell as the cell identifier of the pseudo base station; or The communication terminal determines each of the measurement control information in S204.
  • the communication terminal may directly mark the cell identifier corresponding to the candidate cell as the cell identifier of the pseudo base station.
  • the communication terminal may also send the cell identifier of the pseudo base station to the network side, so that other communication terminals avoid/disallow connection with the pseudo base station when selecting to establish a communication connection with the candidate cell, so as to avoid revealing user information or causing unnecessary Property damage, etc.
  • the present invention when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camped cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, and further, if the measurement control The cell identifier corresponding to the candidate cell does not exist in each cell identifier in the information, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 6 is a schematic structural diagram of an apparatus for identifying a pseudo base station according to an embodiment of the present invention.
  • the apparatus according to the embodiment of the present invention may be configured to have a communication network function, such as a smart phone, a tablet computer, and a smart wearable device.
  • the device 6 includes:
  • the determining module 60 is configured to determine, according to the wireless parameter of the candidate cell, whether the preset pseudo base station determination condition is met, when the received signal strength of the candidate cell exceeds the received signal strength of the camping cell;
  • the obtaining module 61 is configured to: if the determining module 60 determines that the wireless parameter of the candidate cell meets a preset pseudo base station determination condition, acquire measurement control information associated with the resident cell, where the measurement control information includes a neighboring cell list of the camping cell, where the neighboring cell list includes a cell identifier of at least one neighboring cell;
  • the determining module 62 is configured to determine that the base station corresponding to the candidate cell is a pseudo base station if the cell identifier corresponding to the candidate cell does not exist in each cell identifier in the measurement control information.
  • the embodiment of the present invention can detect that the received signal strength of the candidate cell exceeds the camping cell.
  • the signal strength is received, determining whether the preset pseudo base station determination condition is met according to the radio parameter of the candidate cell, and if yes, acquiring measurement control information associated with the resident cell, where the measurement control information includes the a neighboring cell list of the camping cell, the neighboring cell list includes a cell identifier of the at least one neighboring cell, and further, if a cell identifier corresponding to the candidate cell does not exist in each cell identifier in the measurement control information, Determining that the base station corresponding to the candidate cell is a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 7 is a schematic structural diagram of another apparatus for identifying a pseudo base station according to an embodiment of the present invention.
  • the apparatus 7 of the embodiment of the present invention may include: the determining module 60, the obtaining module 61, and the determining
  • the module 62 may further include:
  • the marking module 63 is configured to mark the cell identifier corresponding to the candidate cell as a cell identifier of the pseudo base station;
  • the sending module 64 is configured to send the cell identifier of the pseudo base station to the network side, so as to prohibit establishing a communication connection with the pseudo base station.
  • the determining module 60 is specifically configured to determine whether the rate of change of the received signal strength of the candidate cell exceeds a preset signal strength change rate threshold, and determine whether the identifier value of the cell identifier corresponding to the candidate cell is The endpoint value of the preset normal cell identifier threshold; if yes, it is determined that the preset pseudo base station determination condition is met, and the acquiring module 61 is notified.
  • the acquiring module 61 is configured to automatically establish a communication connection with the camping cell, and acquire measurement control information that is sent by the network side and is associated with the camping cell, where the measurement control information includes the A list of neighbor cells of the camped cell, the list of neighbor cells including cell identifiers of at least one neighboring cell.
  • the device further includes:
  • the selecting module 65 is configured to: if the wireless parameter of the candidate cell does not meet the preset pseudo base station determining condition, and/or the cell corresponding to the candidate cell exists in each cell identifier in the measurement control information The identifier is selected according to a preset reselection cell handover condition;
  • the switching module 66 is configured to switch the camped cell to the target cell, and establish The communication connection of the standard cell.
  • the present invention when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camped cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, and further, if the measurement control The cell identifier corresponding to the candidate cell does not exist in each cell identifier in the information, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • the terminal may be a device with a communication network function, such as a smart phone, a tablet computer, or a smart wearable device.
  • the terminal in the embodiment of the present invention may include a display screen, a button, a speaker, a pickup, and the like. And further comprising: at least one bus 501, at least one processor 502 connected to the bus 501, and at least one memory 503 connected to the bus 501, a communication device 505 implementing a communication function, and a power supply device 504 for powering each power consumption module of the communication terminal. .
  • the processor 502 can call the code stored in the memory 503 via the bus 501 to perform related functions.
  • the processor 502 is configured to determine, according to the wireless parameter of the candidate cell, whether the preset pseudo base station determination condition is met, if the received signal strength of the candidate cell exceeds the received signal strength of the camping cell; if yes, Obtaining measurement control information associated with the camping cell, where the measurement control information includes a neighboring cell list of the camping cell, the neighboring cell list includes a cell identifier of at least one neighboring cell; and if the measurement control information is The cell identifier corresponding to the candidate cell does not exist in each cell identifier, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the processor 502 is further configured to mark the cell identifier corresponding to the candidate cell as a cell identifier of the pseudo base station, and send the cell identifier of the pseudo base station to the network side, so as to prohibit the The pseudo base station establishes a communication connection.
  • the processor 502 is further configured to determine whether a rate of change of the received signal strength of the candidate cell exceeds a preset signal strength change rate threshold, and determine the cell identifier corresponding to the candidate cell. And determining whether the value is an endpoint value of the preset normal cell identifier threshold; if yes, determining that the preset pseudo base station determination condition is met, and performing acquiring the measurement control information associated with the camped cell.
  • the processor 502 is further configured to automatically establish a communication connection with the camping cell, and acquire measurement control information that is sent by the network side and is associated with the camping cell; wherein the measurement control The information includes a neighbor list of the camped cell, and the neighbor list includes a cell identifier of at least one neighbor.
  • the processor 502 is further configured to: if the wireless parameter of the candidate cell does not meet a preset pseudo base station determination condition, and/or, the presence and the presence of the cell identifier in the measurement control information And selecting, by the cell identifier corresponding to the candidate cell, the target cell according to the preset reselection cell handover condition; and switching the camped cell to the target cell to establish a communication connection with the target cell.
  • the present invention when detecting that the received signal strength of the candidate cell exceeds the received signal strength of the camping cell, determining whether the preset pseudo base station determining condition is met according to the wireless parameter of the candidate cell, and if yes, acquiring Measurement control information associated with the camped cell, the measurement control information including a neighboring cell list of the camping cell, the neighboring cell list including a cell identity of at least one neighboring cell, and further, if the measurement control The cell identifier corresponding to the candidate cell does not exist in each cell identifier in the information, and the base station corresponding to the candidate cell is determined to be a pseudo base station.
  • the communication terminal can automatically and intelligently determine whether the base station corresponding to the candidate cell is a pseudo base station according to the wireless parameter of the candidate cell and the cell identifier in the neighboring cell list, and when it is determined that it is a pseudo base station,
  • the terminal access is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to a certain extent.
  • the security of the communication service on the terminal is forbidden, thus avoiding problems such as leakage of the terminal user information and loss of personal property caused by the attack of the pseudo base station, so that the terminal user can use various services on the terminal more safely, and the security is guaranteed to
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium can store a program, and the program includes some or all of the steps of the operation method of any of the audio playback applications described in the foregoing method embodiments.
  • the disclosed apparatus may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明实施例提供了一种伪基站的识别方法、装置以及终端,其中,所述方法包括:当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。采用本发明,可方便快捷地识别出伪基站,禁止终端与所述伪基站建立通信连接,以防泄露用户个人信息。

Description

一种伪基站的识别方法、装置以及终端

本申请要求于2016年4月29日提交中国专利局,申请号为201610289861.5、发明名称为“一种伪基站的识别方法、装置以及终端”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。

技术领域

本发明涉及通信技术领域,尤其涉及一种伪基站的识别方法、装置以及终端。

背景技术

目前,在实际的通信网络中出现了伪基站,一些不法分子通过伪造部分网络参数和加大自身发射功率来伪造公共移动运营商基站吸引周围的通信终端;当通信终端成功驻留伪基站小区后,这些不法分子可以获取到所述通信终端中的一些隐私信息,如用户身份信息等,然后从中获取非法利益。伪基站的出现给广大终端用户、运营商、甚至是国家带来了不可低估的危害,如何识别并解决伪基站问题将成为终端安全策略中的重点。

在实践中发现,现有的GSM移动通信系统中仅能够进行单向鉴权,也即是网络对通信终端的鉴权,然而通信终端并不能主动识别网络身份的合法性,这样在所述通信终端与伪基站建立通信连接后,也可能会造成用户隐私信息的泄露、甚至导致个人财产的损失等,因此如何识别处理伪基站已成为当前急需解决的问题。

发明内容

本发明实施例所要解决的技术问题在于,提供一种伪基站的识别方法、装置以及终端,通信终端可自动化、智能化地对候选小区进行身份鉴权,在判断到是伪基站对应的小区时,禁止接入,从而在一定程度上保障了终端信息的安全性。

一方面,本发明实施例公开提供了一种伪基站的识别方法,所述方法包括:

当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据 所述候选小区的无线参数判断是否满足预设的伪基站判定条件;

若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;

若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

其中可选地,所述方法还包括:

将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

其中可选地,所述根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,包括:

判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;

若都为是,则确定满足预设的伪基站判定条件,执行所述获取与所述驻留小区关联的测量控制信息。

其中可选地,所述获取与所述驻留小区关联的测量控制信息,包括:

自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;

其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

其中可选地,所述方法还包括:

若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;

将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

一方面,本发明实施例公开提供了一种伪基站的识别装置,所述装置包括:

判断模块,设置为当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;

获取模块,设置为若所述判断模块判断到所述候选小区的无线参数满足预 设的伪基站判定条件,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;

确定模块,设置为若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

其中可选地,所述装置还包括:

标记模块,设置为将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

发送模块,设置为将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

其中可选地,

所述判断模块,具体设置为判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;若都为是,则确定满足预设的伪基站判定条件,通知所述获取模块。

其中可选地,

所述获取模块,具体设置为自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

其中可选地,所述装置还包括:

选取模块,设置为若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;

切换模块,设置为将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

再一方面,本发明实施例还公开提供了一种终端,所述终端包括所述的伪基站的识别装置。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识, 进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

附图说明

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。

图1是本发明实施例的一种网络架构的结构示意图;

图2是本发明实施例的一种伪基站工作的结构示意图;

图3是本发明实施例的一种伪基站的识别方法的流程示意图;

图4是本发明实施例的另一种伪基站的识别方法的流程示意图;

图5是本发明实施例的另一种伪基站的识别方法的流程示意图;

图6是本发明实施例的一种伪基站的识别装置的结构示意图;

图7是本发明实施例的另一种伪基站的识别装置的结构示意图;

图8是本发明实施例的一种终端的结构示意图。

具体实施方式

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。

本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”和“第三”等是用于区别不同对象,而非用于描述特定顺序。此外,术语“包括”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元 的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。

本发明实施例公开了提供一种伪基站的识别方法、装置以及终端,可实现通信终端对接入网进行鉴权,也即是所述通信终端对基站的鉴权,有利于保障终端信息(如用户个人信息、个人财产信息等)的安全性。以下分别进行详细说明。

为了更好理解本发明实施例提供的一种伪基站的识别方法、装置及终端,下面先对本发明实施例适用的网络构架进行描述。请参阅图1,图1是本发明实施例公开提供的一种网络构架的结构示意图。如图1所示,该网络构架示意图可以包括网络侧、基站侧以及用户侧。其中,所述网络侧表示接入网/核心网;所述基站侧包括至少一个基站,为用户侧的各种通信终端提供无线覆盖,实现通信网络与通信终端之间的无线信号传输,一般来说一个基站对应/相当于一个小区;所述用户侧包括至少一个通信终端;针对一个通信终端而言,所述通信终端当前连接到的服务小区称之为驻留小区,所述通信终端还可以检测到其他服务小区的信号,将所述其他服务小区称之为候选小区,若所述其他服务小区(也即是所述候选小区)与所述驻留小区之间有交集(如覆盖范围相交、覆盖范围紧靠相切等)将其称之为所述驻留小区的相邻小区。其中,所述通信终端可以包括但不限于车载设备、移动电话、移动电脑、平板电脑、个人数字助理(Personal Digital Assistant,PDA)、媒体播放器、智能电视、智能手表、智能眼镜、智能手环等用户设备。

下面介绍关于伪基站的工作原理及特点,请参见图2,是一种伪基站工作的结构示意图。如图2所示,该结构示意图中包括伪基站系统(Fake base station system)和通信终端(Terminal),所述伪基站系统包括基站单元(也即是基站,Base station unit)、模拟核心网实体功能MSC(Mobile Switching Center functional simulator)、操作平台(也即是人工控制平台,Manipulation platform)。其中,所述基站单元相当于伪基站传输单元和控制器,完全符合网络通信协议(如GSM)规范,向通信终端提供空口接入;所述模拟核心网实体功能MSC实现信道分配、位置更新、垃圾短信下发等功能,完成终端信息(如用户个人信息)的获取,整个操作过程也符合网络通信协议规范;所述操作平台相当于伪基站的后台控制系统,可以完成功率调整、小区参数修改、编写短信、虚假网络地址下发等, 是不法分子对通信终端发起攻击的平台,一般由安装了控制软件的笔记本电脑组成。目前的伪基站一般为由一套射频收发器、MSC电路器件、笔记本电脑等构成,体积不大,可以放在行李箱或背包中运送到用户住所附近,实现对通信终端的攻击。

可以理解的,伪基站系统一般工作在GSM900频段一个GSM频点(因为多个频点需要增加射频收发器、增加成本及体积、重量等),能侦察当前目标区域基站的载频信息,将自身的频点更改为现网频点,同时可调整自身的发射功率。通信终端在空闲状态下一直检测周边邻区信号,当邻区接收信号强度大于目前服务小区时就重选到该邻区。伪基站工作时,通过加大发射功率,调整有利于往邻区(伪基站小区)重选的参数,可迅速使周边空闲状态的通信终端重选到伪基站小区内;然后伪基站与通信终端建立连接进行信令交互,获得各终端的IMSI(International Mobile Subscriber Identity,国际移动用户识别码)、TMSI(Temporary Mobile Subscriber Identity,临时移动用户标识)等信息,进行垃圾短信、虚假网络地址下发,骗取用户银行帐号密码等信息;最后伪基站释放通信终端,所述通信终端发起位置更新重新驻留在实际网络中。

根据行业内的大量测试数据,通信终端接收到伪基站信号与真基站会有以下显著的不同:

一、伪基站小区出现比较突然、信号急剧增大。

二、伪基站的基站标识(如位置区码LAC(Location area code,LAC)、小区ID)与真基站完全不同;如正常基站的基站标识数值为0~65535,而伪基站的基站标识一般为边界值0、65534、65535,或者与真基站的基站标识相差比较大。

伪基站的基站标识需要与真基站的基站标识不同,才能使得通信终端重选到伪基站小区去;位置区码LAC不同可以触发通信终端发起位置区域的更新,以便所述通信终端上报终端信息(如用户信息、IMSI),从而达到骗取终端信息的目的。

基于图1所示的网络架构,请参见图3,是本发明实施例的一种伪基站的识别方法的流程示意图,本发明实施例的所述方法可以应用在诸如智能手机、平板电脑、智能可穿戴设备等带通信网络功能的终端中,具体可由这些通信终端的处理器来实现。本发明实施例的所述方法还包括如下步骤。

S101、当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时, 根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件。

本发明实施例中,基站可以实时或者周期性地(如10s)通过广播控制信道BCCH(Broadcast Control Channel,BCCH)向周围的通信终端广播一些诸如核心网络侧的控制命令、语音呼叫信息、数据业务信息以及一些自身的无线信号参数等;所述通信终端可以接收/检测到周边基站广播出来的无线信号,这里我们将其称之为所述通信终端的接收信号。当所述通信终端检测到候选小区的接收信号强度(也即是候选小区的接收信号的信号强度)超过驻留小区的接收信号强度时,所述通信终端可以判断所述候选小区的无线参数是否满足用户或者系统预先在本通信终端中自定义设置的伪基站判定条件。

用户或者系统可以预先在所述通信终端中自定义设置用于识别伪基站的判定条件,所述伪基站判定条件中可以包括预设的接收信号强度阈值(如-40dbm)、接收信号强度变化率阈值(也即是接收信号的功率变化率)、正常服务小区的小区标识阈值(也即是候选小区对应的基站标识,如正常基站LAC(Location area code,位置区码)数值为0~65535、或者其他的小区标识(如ID号))等等用于识别伪基站的一些判定参数。

其中可选地,所述根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,包括:

判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;

若都为是,则确定满足预设的伪基站判定条件,执行所述获取与所述驻留小区关联的测量控制信息。

所述通信终端可以判断上述检测到的所述候选小区的接收信号强度是否超过预设接收信号强度阈值(如-40dbm),若超过,则继续判断所述候选小区的信号强度的变化率是否超过预设接收信号强度变化率阈值(如20);或者,所述通信终端直接判断所述候选小区的信号强度的变化率是否超过预设接收信号强度变化率阈值(如20),若超过,则所述通信终端还将继续判断与所述候选小区对应的小区标识是否为预设的正常小区标识阈值的端点数值(如上述正常基站数值的端点数值0、65534、65535等);若所述通信终端判断到所述候选小区的接收信号强度的变化率超过预设的信号强度变化率阈值,且判断到所述与所述候选小区对应的小区标识的标识数值为预设的正常小区标识阈值的端点数值,则 确定到所述候选小区的无线参数满足预设的伪基站判定条件,继续执行步骤S102;若所述通信终端判断到所述候选小区的接收信号强度的变化率不超过预设的信号强度变化率阈值,和/或,判断到所述与所述候选小区对应的小区标识的标识数值不为预设的正常小区标识阈值的端点数值,则所述通信终端确定到所述候选小区的无线参数不满足预设的伪基站判定条件,执行步骤S105,或者结束流程。

所述通信终端可以包括智能手机(如Android手机、IOS手机等)、个人电脑、平板电脑、掌上电脑、移动互联网设备(MID,Mobile Internet Devices)或穿戴式智能设备等互联网设备,本发明实施例不作限定。

S102、获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

本发明实施例中,通信终端可以获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,也即是所述测量控制信息中包括所述驻留小区的所有相邻小区的信息,所述邻区列表中至少包括与所述相邻小区对应的小区标识(如LAC、ID号、小区名称等)。

其中可选地,所述获取与所述驻留小区关联的测量控制信息,包括:

自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;

其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

在所述通信终端判断到所述候选小区的无线参数满足预设的伪基站判定条件时,触发所述通信终端自动与所述驻留小区建立通信连接(如通过后台拨号盘拨打客服电话或浏览器上网),所述通信终端与所述驻留小区建立信令和业务上的连接后,所述通信终端可以接收网络侧下发的测量控制信息,所述测量控制信息包括有由所述驻留小区的所有或者部分相邻小区信息构成的邻区列表,所述邻区列表中至少包括有与所述相邻小区对应的小区标识。

S103、判断所述测量控制信息中的各个小区标识中是否存在与所述候选小区对应的小区标识。

本发明实施例中,通信终端可以判断S102获取到的所述测量控制信息中的各个小区标识中是否存在与所述候选小区对应的小区标识;若不存在,则继续执行步骤S104;否则,结束流程或者执行步骤S105。

S104、确定与所述候选小区对应的基站为伪基站。

其中可选地,所述方法还包括:

将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

所述通信终端在S103中判断到所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识时,所述通信终端可以确定与所述候选小区对应的基站即为伪基站,所述通信终端还可以将与所述候选小区对应的小区标识标记为伪基站的小区标识(也即是标记为伪基站的基站标识),所述通信终端可以将所述伪基站的小区标识发送给网络侧,以便禁止所有的通信终端与所述伪基站建立通信连接,以防泄露终端信息(如泄露用户个人信息、个人财产信息)。

S105、根据预置的重选小区切换条件选取目标小区,将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

本发明实施例中,通信终端可以根据用户或者系统预先在本通信终端中自定义设置的重选小区切换条件(如预设的接收信号强度阈值等)选取出目标小区,所述通信终端可以将当前的驻留小区切换到所述目标小区上,并建立与所述目标小区的通信连接。

为了进一步帮助对上述实施例进行理解,下面通过一个例子来进行详细阐述。假设现有一手机A突然检测接收到比较强的GSM信号,那么手机A将判断所述GSM信号是否满足上述伪基站信号与真基站不同的两个判断条件(也即是本申请说明书第六页中的一、二两个判断条件),如果上述两个判断条件都满足,则启动伪基站识别抑制措施;如果上述两个判断条件中有任何一个不满足,则手机A可以确定产生所述比较强的GSM信号的基站为真基站,手机A根据预置的重选小区切换条件选取目标小区;或者结束流程。在手机A启动伪基站识别抑制措施后,触发手机A进入连接模式(可通过后台拨号盘拨打客服电话或浏览器上网,在手机界面操作上不会影响用户体验),手机与当前服务小区(也即是驻留小区)建立信令和业务上的连接,因为在连接状态下,手机A可以接收到网络下发的测量控制消息,而该消息中包含有当前服务小区的所有GSM邻区列表,也即是所有GSM邻区的信息(如邻区的LAC和ID);手机A可以搜索检测到的所述比较强的GSM信号的LAC和小区ID是否在里面;若所述GSM 邻区列表中没有包含所述比较强的GSM信号的LAC或小区ID,则手机A可判断产生所述比较强的GSM信号的基站为伪基站,将与所述伪基站对应的小区列为禁止接入小区,避免用户信息被盗窃而遭受损失。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

请参阅图4,是本发明实施例的另一种伪基站的识别方法的流程示意图,本发明实施例的所述方法可以包括如下步骤。

S201、当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值。

本发明实施例中,当通信终端在判断到所述候选小区的接收信号强度的变化率超过预设的信号强度变化率阈值时,继续执行步骤S202;否则,执行步骤S206,或者结束流程。

S202、判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值。

本发明实施例中,当通信终端在判断到所述与所述候选小区对应的小区标识的标识数值为预设的正常小区标识阈值的端点数值时,继续执行步骤S203;否则,执行步骤S206,或者结束流程。

需要说明的是,步骤S201和步骤S202都是上述步骤S101根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件的具体实施方式,且步骤S201和步骤S202的执行顺序是可变的,也即是所述通信终端可以先执行步骤S202后执行步骤S201,本发明实施例不作限定。

S203自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

S204、判断所述测量控制信息中的各个小区标识中是否存在与所述候选小区对应的小区标识。

本发明实施例中,当通信终端在判断到所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识时,继续执行步骤S205;否则,执行步骤S206,或者结束流程。

S205、确定与所述候选小区对应的基站为伪基站。

S206、根据预置的重选小区切换条件选取目标小区,并将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

请一并参阅图5,是本发明实施例的另一种伪基站的识别方法的流程示意图,本发明实施例的所述方法可以包括如上所述的步骤S201至步骤S206,还可以如下步骤。

S301、将所述与所述候选小区对应的小区标识标记为伪基站的小区标识。

S302、将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

本发明实施例中,通信终端在S205中确定到与所述候选小区对应的基站为伪基站时,所述通信终端可以将与所述候选小区对应的小区标识标记为伪基站的小区标识;或者,所述通信终端在S204中判断到所述测量控制信息中的各个 小区标识中不存在与所述候选小区对应的小区标识时,所述通信终端可将与所述候选小区对应的小区标识直接标记为伪基站的小区标识。所述通信终端还可以将所述伪基站的小区标识发送给网络侧,以便其他通信终端在选择与候选小区建立通信连接时,避免/禁止与伪基站连接,以免泄露用户信息或者造成不必要的财产损失等。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

请参见图6,是本发明实施例的一种伪基站的识别装置的结构示意图,本发明实施例的所述装置可以可设置在诸如智能手机、平板电脑、智能可穿戴设备等带通信网络功能的终端中,所述装置6包括:

判断模块60,设置为当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;

获取模块61,设置为若所述判断模块60判断到所述候选小区的无线参数满足预设的伪基站判定条件,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;

确定模块62,设置为若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

本发明实施例中涉及的各个模块的具体实现可参考图1至图5对应实施例中相关功能模块或者实施步骤的描述,在此不赘述。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接 收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

请一并参阅图7,是本发明实施例的另一种伪基站的识别装置的结构示意图,本发明实施例的所述装置7可以包括:如上所述的判断模块60、获取模块61、确定模块62,还可以包括:

标记模块63,设置为将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

发送模块64,设置为将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

其中可选地,

所述判断模块60,具体设置为判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;若都为是,则确定满足预设的伪基站判定条件,通知所述获取模块61。

其中可选地,

所述获取模块61,具体设置为自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

其中可选地,所述装置还包括:

选取模块65,设置为若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;

切换模块66,设置为将所述驻留小区切换到所述目标小区,建立与所述目 标小区的通信连接。

本发明实施例中涉及的各个模块的具体实现可参考图1至图5对应实施例中相关功能模块或者实施步骤的描述,在此不赘述。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

再请参见图8,是本发明实施例的一种终端的结构示意图。所述终端可以为智能手机、平板电脑、智能可穿戴设备等带通信网络功能的设备,如图8所示,本发明实施例的所述终端可以包括显示屏、按键、扬声器、拾音器等模块,并且还包括:至少一个总线501、与总线501相连的至少一个处理器502以及与总线501相连的至少一个存储器503,实现通信功能的通信装置505,为通信终端各耗电模块供电的电源装置504。

所述处理器502可通过总线501,调用存储器503中存储的代码以执行相关的功能。

所述处理器502,用于当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

进一步可选地,所述处理器502还用于将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

进一步可选地,所述处理器502还用于判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;若都为是,则确定满足预设的伪基站判定条件,执行所述获取与所述驻留小区关联的测量控制信息。

进一步可选地,所述处理器502还用于自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

进一步可选地,所述处理器502还用于若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

本发明实施例可通过在检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识,进一步地,若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。可见,通信终端可以自动化地、智能化地根据候选小区的无线参数以及所述邻区列表中的各个小区标识判断到所述候选小区对应的基站是否为伪基站,当判断到是伪基站时,禁止终端接入,这样就避免了终端因受到伪基站的攻击导致终端用户信息的泄露、个人财产的损失等问题,使得终端用户可更安全使用终端上的各种业务,在一定程度上保障了终端上的通信业务的安全性。

本发明实施例还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述方法实施例中记载的任何音频播放应用的操作方法的部分或全部步骤。

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施 例,所涉及的动作和模块并不一定是本发明所必须的。

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。

在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。

另外,在本发明的各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。

以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱 离本发明各实施例技术方案的范围。

Claims (11)

  1. 一种伪基站的识别方法,其特征在于,所述方法包括:

    当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;

    若为是,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;

    若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

  2. 如权利要求1所述的方法,其特征在于,还包括:

    将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

    将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

  3. 如权利要求1所述的方法,其特征在于,所述根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件,包括:

    判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;

    若都为是,则确定满足预设的伪基站判定条件,执行所述获取与所述驻留小区关联的测量控制信息。

  4. 如权利要求1所述的方法,其特征在于,所述获取与所述驻留小区关联的测量控制信息,包括:

    自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;

    其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

  5. 如权利要求1-4中任意一项所述的方法,其特征在于,还包括:

    若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;

    将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

  6. 一种伪基站的识别装置,其特征在于,所述装置包括:

    判断模块,设置为当检测到候选小区的接收信号强度超过驻留小区的接收信号强度时,根据所述候选小区的无线参数判断是否满足预设的伪基站判定条件;

    获取模块,设置为若所述判断模块判断到所述候选小区的无线参数满足预设的伪基站判定条件,则获取与所述驻留小区关联的测量控制信息,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识;

    确定模块,设置为若所述测量控制信息中的各个小区标识中不存在与所述候选小区对应的小区标识,则确定与所述候选小区对应的基站为伪基站。

  7. 如权利要求6所述的装置,其特征在于,所述装置还包括:

    标记模块,设置为将所述与所述候选小区对应的小区标识标记为伪基站的小区标识;

    发送模块,设置为将所述伪基站的小区标识发送给网络侧,以便禁止与所述伪基站建立通信连接。

  8. 如权利要求6所述的装置,其特征在于,

    所述判断模块,具体设置为判断所述候选小区的接收信号强度的变化率是否超过预设的信号强度变化率阈值,且判断所述与所述候选小区对应的小区标识的标识数值是否为预设的正常小区标识阈值的端点数值;若都为是,则确定满足预设的伪基站判定条件,通知所述获取模块。

  9. 如权利要求6所述的装置,其特征在于,

    所述获取模块,具体设置为自动与所述驻留小区建立通信连接,获取所述网络侧下发的与所述驻留小区关联的测量控制信息;其中,所述测量控制信息包括所述驻留小区的邻区列表,所述邻区列表包括至少一个邻区的小区标识。

  10. 如权利要求6-9任意一项所述的装置,其特征在于,所述装置还包括:

    选取模块,设置为若所述候选小区的无线参数不满足预设的伪基站判定条件,和/或,所述测量控制信息中的各个小区标识中存在所述与所述候选小区对应的小区标识,则根据预置的重选小区切换条件选取目标小区;

    切换模块,设置为将所述驻留小区切换到所述目标小区,建立与所述目标小区的通信连接。

  11. 一种终端,其特征在于,所述终端包括如权利要求6至10中任意一项所述的伪基站的识别装置。

PCT/CN2016/107888 2016-04-29 2016-11-30 一种伪基站的识别方法、装置以及终端 WO2017185742A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610289861.5 2016-04-29
CN201610289861.5A CN105744528A (zh) 2016-04-29 2016-04-29 一种伪基站的识别方法、装置以及终端

Publications (1)

Publication Number Publication Date
WO2017185742A1 true WO2017185742A1 (zh) 2017-11-02

Family

ID=56288781

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/107888 WO2017185742A1 (zh) 2016-04-29 2016-11-30 一种伪基站的识别方法、装置以及终端

Country Status (2)

Country Link
CN (1) CN105744528A (zh)
WO (1) WO2017185742A1 (zh)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636433A (zh) * 2018-10-16 2019-04-16 深圳壹账通智能科技有限公司 基于大数据分析的养卡识别方法、装置、设备和存储介质
CN111050325A (zh) * 2019-11-28 2020-04-21 中国联合网络通信集团有限公司 一种基站验证方法及装置
CN112889315A (zh) * 2018-10-31 2021-06-01 深圳市欢太科技有限公司 小区信息处理方法、装置、电子设备及可读取存储介质
CN113170372A (zh) * 2018-12-29 2021-07-23 深圳市欢太科技有限公司 小区连接处理方法、装置、移动终端及存储介质
CN114222338A (zh) * 2021-12-30 2022-03-22 西安航空学院 防止终端在伪基站下驻留的方法、计算机设备及存储介质
US20240092127A1 (en) * 2022-05-27 2024-03-21 Hamaton Automotive Technology Co., Ltd Programming method and device based on tire pressure sensing

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105744528A (zh) * 2016-04-29 2016-07-06 宇龙计算机通信科技(深圳)有限公司 一种伪基站的识别方法、装置以及终端
CN107426729A (zh) * 2016-05-23 2017-12-01 中兴通讯股份有限公司 一种基站接入方法和终端
CN107659939A (zh) * 2016-07-26 2018-02-02 中兴通讯股份有限公司 识别伪基站的方法及装置、系统
CN106255114A (zh) * 2016-07-27 2016-12-21 努比亚技术有限公司 一种终端及其识别伪基站的方法
CN106304079A (zh) * 2016-09-05 2017-01-04 努比亚技术有限公司 终端及信息处理方法
CN107182056A (zh) * 2017-06-29 2017-09-19 努比亚技术有限公司 一种识别伪基站的方法及终端
CN109219048A (zh) * 2017-07-05 2019-01-15 普天信息技术有限公司 一种伪基站检测方法和装置
CN107396367B (zh) * 2017-07-26 2019-08-20 Oppo广东移动通信有限公司 伪基站的提示方法、装置、终端及计算机可读存储介质
CN107567030B (zh) * 2017-10-19 2020-10-23 中国电信股份有限公司南京分公司 一种排查与规避伪基站干扰的方法及系统
CN109257762B (zh) * 2018-09-12 2021-06-18 南方电网科学研究院有限责任公司 基于无线信号强度密度聚类分析的配用电终端非法无线通信链路检测方法
CN110944333B (zh) * 2019-11-11 2023-08-29 南方电网科学研究院有限责任公司 基于无线信号强度累积变化率的配用电终端非法无线通信链路检测方法
CN112272378A (zh) * 2020-10-23 2021-01-26 上海共进信息技术有限公司 一种针对无mme连接的lte伪基站识别方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140128003A1 (en) * 2012-11-07 2014-05-08 Anritsu Corporation Mobile communication terminal test system and mobile communication terminal test method
CN104168568A (zh) * 2014-08-28 2014-11-26 中国联合网络通信集团有限公司 一种移动终端及其进行小区身份认证的方法
CN104602241A (zh) * 2014-12-25 2015-05-06 中国科学院信息工程研究所 伪基站的判定方法及移动终端
CN105357672A (zh) * 2015-11-20 2016-02-24 华为技术有限公司 一种伪基站识别方法及用户设备
CN105744528A (zh) * 2016-04-29 2016-07-06 宇龙计算机通信科技(深圳)有限公司 一种伪基站的识别方法、装置以及终端

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2712700T3 (es) * 2007-06-13 2019-05-14 Exfo Oy Un detector de hombre-en-el-medio y un método que lo usa
CN103648096B (zh) * 2013-12-11 2017-03-29 北京联合大学 一种非法基站入侵的快速检测与定位方法
CN103888965B (zh) * 2014-02-21 2017-06-23 工业和信息化部电信传输研究所 一种伪基站定位方法
CN104125571A (zh) * 2014-07-03 2014-10-29 北京大学 一种伪基站的检测与抑制方法
CN105451232B (zh) * 2014-08-13 2019-07-02 中国移动通信集团江苏有限公司 伪基站检测方法、系统及终端、服务器
CN104244251A (zh) * 2014-09-09 2014-12-24 北京金山安全软件有限公司 一种识别伪基站的方法及装置
CN105516986B (zh) * 2016-01-08 2019-04-19 中国联合网络通信集团有限公司 一种检测伪基站的方法、终端、数据处理器以及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140128003A1 (en) * 2012-11-07 2014-05-08 Anritsu Corporation Mobile communication terminal test system and mobile communication terminal test method
CN104168568A (zh) * 2014-08-28 2014-11-26 中国联合网络通信集团有限公司 一种移动终端及其进行小区身份认证的方法
CN104602241A (zh) * 2014-12-25 2015-05-06 中国科学院信息工程研究所 伪基站的判定方法及移动终端
CN105357672A (zh) * 2015-11-20 2016-02-24 华为技术有限公司 一种伪基站识别方法及用户设备
CN105744528A (zh) * 2016-04-29 2016-07-06 宇龙计算机通信科技(深圳)有限公司 一种伪基站的识别方法、装置以及终端

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109636433A (zh) * 2018-10-16 2019-04-16 深圳壹账通智能科技有限公司 基于大数据分析的养卡识别方法、装置、设备和存储介质
CN112889315A (zh) * 2018-10-31 2021-06-01 深圳市欢太科技有限公司 小区信息处理方法、装置、电子设备及可读取存储介质
CN113170372A (zh) * 2018-12-29 2021-07-23 深圳市欢太科技有限公司 小区连接处理方法、装置、移动终端及存储介质
CN111050325A (zh) * 2019-11-28 2020-04-21 中国联合网络通信集团有限公司 一种基站验证方法及装置
CN114222338A (zh) * 2021-12-30 2022-03-22 西安航空学院 防止终端在伪基站下驻留的方法、计算机设备及存储介质
CN114222338B (zh) * 2021-12-30 2023-07-25 西安航空学院 防止终端在伪基站下驻留的方法、计算机设备及存储介质
US20240092127A1 (en) * 2022-05-27 2024-03-21 Hamaton Automotive Technology Co., Ltd Programming method and device based on tire pressure sensing

Also Published As

Publication number Publication date
CN105744528A (zh) 2016-07-06

Similar Documents

Publication Publication Date Title
WO2017185742A1 (zh) 2017-11-02 一种伪基站的识别方法、装置以及终端
US9215585B2 (en) 2015-12-15 Acquiring identity parameters by emulating base stations
EP2206387B1 (en) 2020-07-08 Handling location information for femto cells
CN105873178A (zh) 2016-08-17 识别伪基站的方法和装置
CN104980954B (zh) 2020-06-09 一种终端的实时管控方法及基站控制模块
CN109314864A (zh) 2019-02-05 操作无线通信设备的方法
CN108696872B (zh) 2021-06-15 一种重定向方法及装置
CN104581730A (zh) 2015-04-29 一种伪基站实时判别方法及系统
CN108012271B (zh) 2020-09-25 一种伪基站发现方法及装置
CN106488456B (zh) 2021-01-19 一种基站注册方法和装置、及移动终端
CN109429231A (zh) 2019-03-05 蜂窝安全性框架
CN112738745A (zh) 2021-04-30 控制网络连接的方法及相关产品
US9191816B2 (en) 2015-11-17 Method of managing authorization of private node B in a wireless communication system and related device
WO2020113519A1 (zh) 2020-06-11 伪基站的识别方法、装置、移动终端及存储介质
US20210329519A1 (en) 2021-10-21 Cell Connection Processing Method and Mobile Terminal
US20090023424A1 (en) 2009-01-22 Acquiring identity parameter
CN101938746B (zh) 2014-03-12 一种用户标识模块反克隆的方法及装置
CN112806043B (zh) 2023-05-30 伪基站的识别方法、装置、移动终端及存储介质
CN109257135B (zh) 2020-08-28 一种移动终端屏蔽方法和干扰基站
CN107682901B (zh) 2021-01-26 基站选择控制方法及装置、基站和计算机可读存储介质
CN107241719B (zh) 2020-07-31 移动终端网络切换控制方法及装置
CN112770365B (zh) 2022-04-12 小区切换的处理方法、装置、网络侧设备及终端
CN112771907B (zh) 2023-09-08 伪基站识别方法、装置、移动终端以及存储介质
KR20130032460A (ko) 2013-04-02 안전한 모바일 통신을 위한 네트워크 스위칭 기능을 가지는 휴대용 통신 단말기 및 그 스위칭 방법
TWI565340B (zh) 2017-01-01 用於管理警示通知的方法及裝置

Legal Events

Date Code Title Description
2018-10-30 NENP Non-entry into the national phase

Ref country code: DE

2018-12-05 121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16900247

Country of ref document: EP

Kind code of ref document: A1

2019-05-22 122 Ep: pct application non-entry in european phase

Ref document number: 16900247

Country of ref document: EP

Kind code of ref document: A1