公开(公告)号：US08243716B2

公开(公告)日：2012-08-14

申请号：US11858022

申请日：2007-09-19

Applicant: Lifeng Liu ,  Zhibin Zheng ,  Kai Zhao ,  Guanzhou Lin

Inventor： Lifeng Liu ,  Zhibin Zheng ,  Kai Zhao ,  Guanzhou Lin

IPC: H04L12/66 ,  H04M3/22 ,  H04M3/42

CPC classification number: H04L29/06027 ,  H04L51/12 ,  H04L51/14 ,  H04L51/28 ,  H04L65/1079 ,  H04M3/436

Abstract: A method for preventing Spam over Internet Telephony (SPIT), includes: a terminal receives a call request of a calling user; the terminal sets an identifier of the calling user into a SPIT reporting request upon receipt of the call request; and sends the SPIT reporting request to a server in response to an instruction of a called user that the call request is the SPIT.

Abstract translation: 一种用于防止因特网电话（SPIT）的垃圾邮件的方法，包括：终端接收主叫用户的呼叫请求; 终端在接收到呼叫请求时将呼叫用户的标识符设置为SPIT报告请求; 并响应于被叫用户的呼叫请求是SPIT而将SPIT报告请求发送到服务器。

公开(公告)号：US20100095351A1

公开(公告)日：2010-04-15

申请号：US12607854

申请日：2009-10-28

Applicant: Lifeng Liu ,  Zhibin Zheng

Inventor： Lifeng Liu ,  Zhibin Zheng

IPC: H04L29/06 ,  G06F11/00

CPC classification number: H04L63/1416 ,  H04L63/1458 ,  H04L63/1491

Abstract: A method, device for identifying service flows and a method, system for protecting against a denial of service attack are provided. The method for identifying service flows includes: detecting a user access to a target system; dynamically generating a set of user identifier information according to the detected user access to the target system and a preset user access statistical model; when the service flow needs to be identified, extracting the user identifier information from the service flow; comparing the extracted user identifier information with the user identifier information in the set of user identifier information to determine whether they are matched; determining whether the service flow is legal service flow according to the comparison result.

Abstract translation: 提供了一种用于识别服务流的方法，一种方法，用于防止拒绝服务攻击的系统。 用于识别服务流的方法包括：检测用户对目标系统的访问; 根据检测到的对目标系统的用户访问和预设的用户访问统计模型动态地生成一组用户标识符信息; 当需要识别服务流时，从业务流提取用户标识信息; 将所提取的用户标识信息与用户标识信息集合中的用户标识信息进行比较，以确定它们是否匹配; 根据比较结果确定服务流是否合法服务流。

公开(公告)号：US07362866B2

公开(公告)日：2008-04-22

申请号：US10499284

申请日：2002-03-29

Applicant: Zhibin Zheng

Inventor： Zhibin Zheng

IPC: H04K1/00 ,  H04L9/28

CPC classification number: H04W8/245 ,  H04W12/02

Abstract: The present invention discloses a method for determining encryption algorithm used in security communication based on Mobile Country Code (MCC) number. In this method, a Mobile Country Code (MCC) number list is preset in a Core Network (CN), and all the MCC numbers of those countries or service providers adopting the same self-developed encryption algorithms as those adopted by the homeland are stored in this MCC number list. When a User Equipment (UE) is calling or being called, the UE sends an International Mobile Subscriber Identifier (IMSI) information of the current subscriber to the CN, and the CN parses the information and extracts the MCC number after receiving the IMSI information. The CN compares the extracted MCC number of the current subscriber with elements of the MCC number list one by one, if the MCC number of the current subscriber is identical with a certain MCC number in the MCC number list, the CN selects the domestic self-developed encryption algorithm; if the MCC number of the current subscriber is not identical with any MCC number in the MCC number list, the CN selects an available standard encryption algorithm for the security communication. The CN sends the UEA of the selected encryption algorithm to an access network; then the access network sends the UEA of the selected encryption algorithm to the UE. The present method not only allows the coexistence of standard encryption algorithms and self-developed encryption algorithm, but also simplifies the process of encryption algorithm selection. Accordingly, the subscriber interest and service quality is guaranteed.

Abstract translation: 本发明公开了一种基于移动国家（MCC）号码的安全通信中使用的加密算法的确定方法。 在这种方法中，移动国家代码（MCC）号码列表被预置在核心网络（CN）中，并且这些国家或服务提供商的所有MCC号码采用与本国采用的相同的自行开发的加密算法 在此MCC号码列表中。 当用户设备（UE）正在呼叫或被呼叫时，UE向CN发送当前用户的国际移动用户标识符（IMSI）信息，并且CN解析该信息并在接收到IMSI信息之后提取MCC号。 CN将当前用户的提取的MCC号码与MCC号码列表的元素逐一比较，如果当前用户的MCC号码与MCC号码列表中的某个MCC号码相同， 开发加密算法; 如果当前用户的MCC号码与MCC号码列表中的任何MCC号码不相同，则CN为安全通信选择可用的标准加密算法。 CN将所选择的加密算法的UEA发送到接入网络; 那么接入网络将所选加密算法的UEA发送给UE。 本方法不仅允许标准加密算法和自行开发的加密算法共存，而且简化了加密算法选择的过程。 因此，保证了用户的兴趣和服务质量。

公开(公告)号：US20070169169A1

公开(公告)日：2007-07-19

申请号：US11675914

申请日：2007-02-16

Applicant: Zhibin Zheng ,  Tingyong Liu ,  Weihua Tu ,  Zhipeng Hou

Inventor： Zhibin Zheng ,  Tingyong Liu ,  Weihua Tu ,  Zhipeng Hou

IPC: H04L9/00

CPC classification number: H04L63/105 ,  H04L63/145 ,  H04W12/08 ,  H04W12/12

Abstract: A method for implementing data service security in a mobile communication system includes: obtaining security condition of a user terminal based on security-relevant configuration information reported by the user terminal; determining a security policy for the user terminal based on the security-relevant configuration information of the user terminal and security policy information stored, and sending the security policy determined to a packet service support node and/or the user terminal; implementing, by the packet service support node and/or the user terminal, a control process based on the security policy. The method, system and apparatus provided by the embodiments of the present invention introduce a security mechanism cooperated by the mobile communication network and a user terminal to effectively prevent the mobile communication network against viruses.

Abstract translation: 一种用于在移动通信系统中实现数据业务安全性的方法，包括：基于用户终端报告的与安全性相关的配置信息，获取用户终端的安全状况; 基于所述用户终端的安全相关配置信息和所存储的安全策略信息确定所述用户终端的安全策略，并且将确定的所述安全策略发送给分组业务支持节点和/或所述用户终端; 由分组服务支持节点和/或用户终端实现基于安全策略的控制过程。 由本发明实施例提供的方法，系统和装置引入了由移动通信网络和用户终端协作的安全机制，以有效地防止移动通信网络遭受病毒攻击。

公开(公告)号：US20070089165A1

公开(公告)日：2007-04-19

申请号：US11549186

申请日：2006-10-13

Applicant: Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

Inventor： Jiwei Wei ,  Zhibin Zheng ,  Shuling Liu

IPC: H04L9/32

CPC classification number: H04L51/12 ,  H04L63/0227 ,  H04L63/104 ,  H04L63/1433

Abstract: This invention provides a method and system for network security control. A server at the network side analyzes local security correlation information collected and reported by terminal devices, and determines a security strategy according to the result of the analysis. Since correlative reacting between the network side and the terminal side is implemented and the security strategy is established according to the information from the terminal devices, threats against security from a terminal device can be resisted from the beginning. A relative large number of information sources can be taken into account when determining the security strategy such that the determined security strategy is more reasonable and accurate. Furthermore, a differential security service can be provided for terminal devices with different subscriber levels. This invention also provides a method and system for preventing junk mails based on the concept of correlative reacting between a terminal and a server.

Abstract translation: 本发明提供了一种用于网络安全控制的方法和系统。 网络侧的服务器分析终端设备收集和报告的本地安全关联信息，并根据分析结果确定安全策略。 由于实现了网络侧和终端侧的相关反应，根据终端设备的信息建立安全策略，从一开始就可以抵制来自终端设备的安全威胁。 在确定安全策略时，可以考虑相对较大数量的信息源，使得确定的安全策略更为合理和准确。 此外，可以为具有不同订户级别的终端设备提供差分安全服务。 本发明还提供了一种基于终端和服务器之间的相关反应概念来防止垃圾邮件的方法和系统。

公开(公告)号：US07139576B2

公开(公告)日：2006-11-21

申请号：US10734982

申请日：2003-12-12

Applicant: Yuehua Chen ,  Zhibin Zheng ,  Shuling Liu

Inventor： Yuehua Chen ,  Zhibin Zheng ,  Shuling Liu

IPC: H04Q7/20

CPC classification number: H04B7/022 ,  H04W52/143 ,  H04W52/40 ,  H04W88/08

Abstract: A method for identifying the primary cell under Site Selective Diversity Transmit comprises the steps of: (1) An ID is assigned by the system to each cell; (2) The ID indicating the primary cell is transmitted periodically by UE to the connected cells via the up link FBI fields; (3) The ID indicating the primary cell transmitted by the mobile station is received by the base station, if the signals received by the base station satisfy with one of the following conditions, then the said base station will consider itself as a primary cell; the identification conditions are: A. The ID code word indicating the primary cell received by the base station is matched with the ID code word of itself; B. The quality of the up link signals received does not satisfy with a quality threshold Qth, at the same time, there is a certain matching degree between the received ID code word indicating the primary cell and the ID code word of the cell itself; and C. The bits of dropping of the ID code word caused by using the up link compression mode excess a limitation. The signals transmitted form some of the non-primary cells having extremely bad quality to UE can be prevented, thereby the system interference is reduced, and the system stability and the system capacity are increased.

Abstract translation: 一种用于在站点选择分集发送下识别主要小区的方法包括以下步骤：（1）系统向每个小区分配一个ID; （2）指示主小区的ID由UE周期性地通过上行链路FBI字段发送到连接的小区; （3）由基站接收表示移动台发送的主小区的ID，如果基站接收的信号满足以下条件之一，则所述基站将自身视为主小区; 识别条件为：A.表示基站接收到的主小区的ID码字与其自身的ID码字匹配; 接收到的上行链路信号的质量不符合质量阈值Qth，同时在指示主小区的接收到的ID码字与小区本身的ID码字之间存在一定的匹配度; 和C.使用上行链路压缩模式引起的ID码字的丢弃比特超出限制。 可以防止从UE的质量极差的一些非小区发送的信号，从而降低系统干扰，提高系统稳定性和系统容量。

公开(公告)号：US07068614B2

公开(公告)日：2006-06-27

申请号：US10395000

申请日：2003-03-24

Applicant: Zhibin Zheng

Inventor： Zhibin Zheng

IPC: H04Q7/20

CPC classification number: H04W52/221 ,  H04J13/10 ,  H04W52/56 ,  H04W52/58

Abstract: The invention discloses a power control method for the multiple time-slot power control pattern in a CDMA system. The method pre-stores two encoded symbols which correspond to the all “1” and all “0” TPC commands respectively. Based on whether the current TPC command is identical with the last TPC command, the receiving end determines whether sending the original TPC command or the encoded TPC command. In the transmitting end, based on consistent degree of the received N TPC command data group and the encoded symbol, a corresponding power control mode is determined. The invention replaces the all “0” or all “1” TPC command with an encoded symbol, so the reliability of a TPC command is raised and the performance of power control is improved.

Abstract translation: 本发明公开了一种CDMA系统中多时隙功率控制模式的功率控制方法。 该方法分别存储对应于全部“1”和全部“0”TPC命令的两个编码符号。 根据当前TPC命令是否与上一个TPC命令相同，接收端确定是发送原始TPC命令还是编码TPC命令。 在发送端，基于所接收的N TPC指令数据组和编码符号的一致程度，确定对应的功率控制模式。 本发明用编码的符号代替全部“0”或全“1”TPC命令，从而提高了TPC命令的可靠性，提高了功率控制的性能。

公开(公告)号：US08144872B2

公开(公告)日：2012-03-27

申请号：US12163744

申请日：2008-06-27

Applicant: Hanping Hu ,  Zuxi Wang ,  Xiaogang Wu ,  Lin Zhou ,  Ziqi Zhu ,  Jiwei Wei ,  Jie Yang ,  Pengyu Lu ,  Zhibin Zheng

Inventor： Hanping Hu ,  Zuxi Wang ,  Xiaogang Wu ,  Lin Zhou ,  Ziqi Zhu ,  Jiwei Wei ,  Jie Yang ,  Pengyu Lu ,  Zhibin Zheng

IPC: H04L9/00 ,  G06F21/00

CPC classification number: H04L9/001 ,  H04L9/12

Abstract: A system and method for generating analog-digital mixed chaotic signal and an encryption communication method thereof are provided. In the system and method, the complementarity between continuous chaotic systems (12, 22) and digital chaotic systems (11, 21) are reasonably utilized. In specific, the digital chaotic systems, which are separated from each other, control the local continuous chaotic systems respectively, so as to enable the continuous chaotic systems, which are also separated from each other, to stably and synchronously work for a long time. Thus, there is no need to transmit the synchronizing signal, and as a result the anti-attack capability is increased effectively. Further, the continuous chaotic systems disturb the local digital chaotic systems to prevent the digital chaotic systems from degradation. This compensates the drawbacks of digital chaotic systems.

Abstract translation: 提供了一种用于产生模数混合混沌信号的系统和方法及其加密通信方法。 在系统和方法中，合理利用连续混沌系统（12,22）和数字混沌系统（11,21）之间的互补性。 具体来说，相互分离的数字混沌系统分别控制局部连续混沌系统，使连续混沌系统彼此分离，能够长时间稳定同步工作。 因此，不需要发送同步信号，结果有效地提高了防攻击能力。 此外，连续混沌系统扰乱了本地数字混沌系统，以防止数字混沌系统的退化。 这弥补了数字混沌系统的缺点。

公开(公告)号：US20090043898A1

公开(公告)日：2009-02-12

申请号：US12163178

申请日：2008-06-27

Applicant: Yang Xin ,  Lifeng LIU ,  Zhibin ZHENG ,  Hongliang ZHU ,  Kai ZHAO ,  Yixian YANG

Inventor： Yang Xin ,  Lifeng LIU ,  Zhibin ZHENG ,  Hongliang ZHU ,  Kai ZHAO ,  Yixian YANG

IPC: G06F15/16

CPC classification number: H04L65/1073 ,  H04L45/00 ,  H04L65/1006 ,  H04L65/105

Abstract: A message forwarding method includes: receiving a SIP registration request message carrying a contact address; obtaining the contact address carried in the SIP registration request message; and determining that the contact address is one of SIP proxy server addresses in a network stored in advance; and executing an abnormal process on the SIP registration request message. The present invention also discloses a network device. The message forwarding method and network device in the present invention can prevent a SIP loop attack.

Abstract translation: 一种消息转发方法，包括：接收携带联系地址的SIP注册请求消息; 获取在SIP注册请求消息中携带的联系地址; 以及确定所述联系人地址是预先存储的网络中的SIP代理服务器地址之一; 并对SIP注册请求消息执行异常处理。 本发明还公开了一种网络设备。 本发明的消息转发方法和网络装置可以防止SIP循环攻击。

公开(公告)号：US07474751B2

公开(公告)日：2009-01-06

申请号：US10498334

申请日：2002-03-29

Applicant: Zhibin Zheng

Inventor： Zhibin Zheng

IPC: H04K1/00 ,  H04M1/66

CPC classification number: H04L9/0819 ,  H04L9/14 ,  H04L2209/80 ,  H04W12/02

Abstract: A method for implementing security communication. A bit for representing CI is added, and a judge process for the CI and encryption algorithm supported by both the current subscriber and network is added. If the CN supports more than one encryption algorithm, if the CI is 1 and a standard encryption algorithm is supported by both UE and CN, the standard encryption algorithm is determined as the encryption algorithm for security communication: otherwise, the communication is disconnected; if the CI is 0 and a self-developed non-standard encryption algorithm is supported by both UE and CN, the encryption algorithm is determined as the encryption algorithm for security communication; otherwise, the communication is disconnected. If the CN only supports the standard encryption algorithm, if this algorithm is also supported by UE, this standard encryption algorithm is determined as the encryption algorithm for security communication directly; otherwise, the communication is disconnected.

Abstract translation: 一种实现安全通信的方法。 添加了一个用于表示CI的位，并添加了当前用户和网络支持的CI和加密算法的判断过程。 如果CN支持多个加密算法，如果CI为1，并且UE和CN都支持标准加密算法，则将标准加密算法确定为安全通信的加密算法，否则通信断开; 如果CI为0，并且UE和CN都支持自主开发的非标准加密算法，则将加密算法确定为用于安全通信的加密算法; 否则，通信断开。 如果CN只支持标准加密算法，如果UE支持该算法，则该标准加密算法被直接确定为安全通信的加密算法; 否则，通信断开。