Method, System and Apparatus for Implementing Data Service Security in Mobile Communication System

US 20070169169A1
Filed: 02/16/2007
Published: 07/19/2007
Est. Priority Date: 12/28/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for implementing data service security in a mobile communication system, comprising:

obtaining security-relevant configuration information of a user terminal;

determining a security policy for the user terminal based on the security-relevant configuration information of the user terminal and security policy information stored, and sending the security policy determined to a packet service support node and/or the user terminal;

upon the receipt of the security policy, implementing, by the packet service support node and/or the user terminal, a control process based on the security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for implementing data service security in a mobile communication system includes: obtaining security condition of a user terminal based on security-relevant configuration information reported by the user terminal; determining a security policy for the user terminal based on the security-relevant configuration information of the user terminal and security policy information stored, and sending the security policy determined to a packet service support node and/or the user terminal; implementing, by the packet service support node and/or the user terminal, a control process based on the security policy. The method, system and apparatus provided by the embodiments of the present invention introduce a security mechanism cooperated by the mobile communication network and a user terminal to effectively prevent the mobile communication network against viruses.

Citations

19 Claims

1. A method for implementing data service security in a mobile communication system, comprising:
- obtaining security-relevant configuration information of a user terminal;
  
  determining a security policy for the user terminal based on the security-relevant configuration information of the user terminal and security policy information stored, and sending the security policy determined to a packet service support node and/or the user terminal;
  
  upon the receipt of the security policy, implementing, by the packet service support node and/or the user terminal, a control process based on the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the process of obtaining security-relevant configuration information of a user terminal comprises any one of:
    - reporting initiatively, by the user terminal, the security-relevant configuration information currently collected of the user terminal at a fixed time, regularly and upon any change in the security-relevant configuration information of the user terminal.
  - 3. The method of claim 1, wherein the process of obtaining security-relevant configuration information of a user terminal comprises:
    - sending a request to the user terminal, requiring the user terminal to report the security-relevant configuration information;
      
      upon the receipt of the request, collecting, by the user terminal, the security-relevant configuration information of the user terminal based on the request, and reporting the security-relevant configuration information collected.
  - 4. The method of claim 3, further comprising:
    - before sending a request to the user terminal requiring the user terminal to report the security-relevant configuration information, sending, by the packet service support node, a policy request; and
      
      upon the receipt of the policy request, sending the request to the user terminal, requiring the user terminal to report the security-relevant configuration information to the user terminal.
  - 5. The method of claim 1, wherein the security-relevant configuration information of the user terminal comprises at least one of:
    - version information of the operation system of the user terminal, information of anti-virus software of the user terminal and installation condition of a patch.
  - 6. The method of claim 1, wherein the packet service support node is any one of:
    - a Serving GPRS Support Node (SGSN), a Gateway GPRS Support Node (GGSN), and a Packet Data Support Node (PDSN).
  - 7. The method of claim 1, wherein the packet service support node is a GGSN, the process of the packet service support node and/or the user terminal implementing a control process based on the security policy further comprising:
    - upon the receipt of the security policy, notifying, by the GGSN, a SGSN or a Radio Network Controller (RNC) to implement the control process based on the security policy.
  - 8. The method of claim 1, wherein the packet service support node is a GGSN, the method further comprising:
    - redirecting, by the GGSN, received data packets to a security gateway for security processing; and
      
      returning, by the security gateway, the data packets to the GGSN after the security processing.
  - 9. The method of claim 8, wherein the security gateway is an anti-virus gateway, and the security processing comprises:
    - scanning the received data packets for virus and removing the virus.

10. A system for implementing data service security in a mobile communication system, comprising:
- a packet service support node;
  
  a user terminal, communicating with the packet service support node through the mobile communication network;
  
  a policy service entity, connected to the packet service support node, and configured to obtain security-relevant configuration information of the user terminal, determine a security policy for the user terminal and distribute the security policy to the packet service support node and/or the user terminal.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the user terminal and the packet service support node are respectively equipped with a security policy processing module communicating with the policy service entity, the security policy processing module is configured to receive an instruction from the policy service entity, implement at least one of a corresponding process and sending of security-relevant configuration information to the policy service entity based on the instruction.
  - 12. The system of claim 10, further comprising:
    - a security gateway, configured to implement a security process on data packets which are redirected to the security gateway by the packet service support node.
  - 13. The system of claim 12, wherein the security gateway is an anti-virus gateway.
  - 14. The system of claim 10, wherein the policy service entity is any one of:
    - an independent policy server, a function module in a network device, and a card equipped with a policy management function.
  - 15. The system of claim 10, wherein the packet service support node is any one of:
    - a Serving GPRS Support Node (SGSN), a Gateway GPRS Support Node (GGSN), and a Packet Data Support Node (PDSN).
  - 16. The system of claim 10, wherein the user terminal is any one of:
    - a mobile intelligent terminal and a portable terminal with card slot.

17. An apparatus for implementing data service security in a mobile communication system, comprising:
- a security information obtaining module, configured to communicate with a user terminal, obtain security-relevant configuration information of the user terminal and send the security-relevant configuration information obtained to a security policy determination module;
  
  the security policy determination module, configured to determine a security policy according to the security-relevant configuration information and security policy information stored in a security policy storage module, and send the security policy determined to a security policy distribution module;
  
  the security policy storage module, configured to store the security policy information;
  
  the security policy distribution module, configured to send the security policy received to a designated network entity.
- View Dependent Claims (18, 19)
- - 18. The apparatus of claim 17, wherein the security information obtaining module is further connected to the security policy storage module.
  - 19. The apparatus of claim 17, wherein the security policy storage module is further configured to receive and store security policy information configured by an external device and/or a configuration command.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zheng, Zhibin, Liu, Tingyong, Hou, Zhipeng, Tu, Weihua

Application Number

US11/675,914
Publication Number

US 20070169169A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/105   Multiple levels of security

H04L 63/145   the attack involving the pr...

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

Method, System and Apparatus for Implementing Data Service Security in Mobile Communication System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method, System and Apparatus for Implementing Data Service Security in Mobile Communication System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links