公开(公告)号：US20070169169A1

公开(公告)日：2007-07-19

申请号：US11675914

申请日：2007-02-16

Applicant: Zhibin Zheng ,  Tingyong Liu ,  Weihua Tu ,  Zhipeng Hou

Inventor： Zhibin Zheng ,  Tingyong Liu ,  Weihua Tu ,  Zhipeng Hou

IPC: H04L9/00

CPC classification number: H04L63/105 ,  H04L63/145 ,  H04W12/08 ,  H04W12/12

Abstract: A method for implementing data service security in a mobile communication system includes: obtaining security condition of a user terminal based on security-relevant configuration information reported by the user terminal; determining a security policy for the user terminal based on the security-relevant configuration information of the user terminal and security policy information stored, and sending the security policy determined to a packet service support node and/or the user terminal; implementing, by the packet service support node and/or the user terminal, a control process based on the security policy. The method, system and apparatus provided by the embodiments of the present invention introduce a security mechanism cooperated by the mobile communication network and a user terminal to effectively prevent the mobile communication network against viruses.

Abstract translation: 一种用于在移动通信系统中实现数据业务安全性的方法，包括：基于用户终端报告的与安全性相关的配置信息，获取用户终端的安全状况; 基于所述用户终端的安全相关配置信息和所存储的安全策略信息确定所述用户终端的安全策略，并且将确定的所述安全策略发送给分组业务支持节点和/或所述用户终端; 由分组服务支持节点和/或用户终端实现基于安全策略的控制过程。 由本发明实施例提供的方法，系统和装置引入了由移动通信网络和用户终端协作的安全机制，以有效地防止移动通信网络遭受病毒攻击。

公开(公告)号：US08416695B2

公开(公告)日：2013-04-09

申请号：US12478307

申请日：2009-06-04

Applicant: Tingyong Liu ,  Guoqing Liu ,  Wenda Zhang

Inventor： Tingyong Liu ,  Guoqing Liu ,  Wenda Zhang

IPC: H04K1/00 ,  G06F7/04 ,  H04L29/06

CPC classification number: H04L63/0227 ,  H04L63/30 ,  H04L67/28

Abstract: A method, a device, and a system for network interception are provided. The method for network interception includes the following steps. A matching rule obtained by parsing an interception policy. Received data are selected by adopting a deep packet inspection (DPI) according to the matching rule so as to obtain an interception result, in which the received data are obtained by adopting data preprocessing to filter packet data according to a service customizing rule obtained by parsing the interception policy. The system for network interception includes a service probe server (SPS) and a service analyze server (SAS). Thus, various packet data services transmitted over an Internet protocol (IP) network can be intercepted.

Abstract translation: 提供了一种用于网络拦截的方法，设备和系统。 网络拦截的方法包括以下步骤： 通过解析截取策略获得的匹配规则。 通过根据匹配规则采用深度分组检测（DPI）来选择接收的数据，以获得截取结果，其中通过采用数据预处理来获得接收的数据，以根据通过解析获得的服务定制规则来过滤分组数据 拦截政策。 网络拦截系统包括服务探测服务器（SPS）和服务分析服务器（SAS）。 因此，可以拦截通过因特网协议（IP）网络传输的各种分组数据业务。

公开(公告)号：US20090323536A1

公开(公告)日：2009-12-31

申请号：US12478307

申请日：2009-06-04

Applicant: Tingyong Liu ,  Guoqing Liu ,  Wenda Zhang

Inventor： Tingyong Liu ,  Guoqing Liu ,  Wenda Zhang

IPC: H04L12/26

CPC classification number: H04L63/0227 ,  H04L63/30 ,  H04L67/28

Abstract: A method, a device, and a system for network interception are provided. The method for network interception includes the following steps. A matching rule obtained by parsing an interception policy. Received data are selected by adopting a deep packet inspection (DPI) according to the matching rule so as to obtain an interception result, in which the received data are obtained by adopting data preprocessing to filter packet data according to a service customizing rule obtained by parsing the interception policy. The system for network interception includes a service probe server (SPS) and a service analyze server (SAS). Thus, various packet data services transmitted over an Internet protocol (IP) network can be intercepted.

Abstract translation: 提供了一种用于网络拦截的方法，设备和系统。 网络拦截的方法包括以下步骤： 通过解析截取策略获得的匹配规则。 通过根据匹配规则采用深度分组检测（DPI）来选择接收的数据，以获得截取结果，其中通过采用数据预处理来获得接收的数据，以根据通过解析获得的服务定制规则来过滤分组数据 拦截政策。 网络拦截系统包括服务探测服务器（SPS）和服务分析服务器（SAS）。 因此，可以拦截通过因特网协议（IP）网络传输的各种分组数据业务。