TWI418193B - Mobile station management systems and methods, and computer program products thereof - Google Patents
Mobile station management systems and methods, and computer program products thereof Download PDFInfo
- Publication number
- TWI418193B TWI418193B TW098100135A TW98100135A TWI418193B TW I418193 B TWI418193 B TW I418193B TW 098100135 A TW098100135 A TW 098100135A TW 98100135 A TW98100135 A TW 98100135A TW I418193 B TWI418193 B TW I418193B
- Authority
- TW
- Taiwan
- Prior art keywords
- mobile terminal
- signal strength
- distance
- access point
- time point
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 18
- 238000004590 computer program Methods 0.000 title claims description 4
- 238000007726 management method Methods 0.000 claims description 78
- 230000033001 locomotion Effects 0.000 claims description 38
- 230000008878 coupling Effects 0.000 claims description 4
- 238000010168 coupling process Methods 0.000 claims description 4
- 238000005859 coupling reaction Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 239000011159 matrix material Substances 0.000 description 3
- 230000009471 action Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Description
本發明係有關於一種移動終端(Mobile Station,MS)管理系統及方法,且特別有關於一種可以依據移動終端之移動行為對於移動終端進行管理之系統及方法。The present invention relates to a mobile terminal (MS) management system and method, and more particularly to a system and method for managing a mobile terminal according to the mobile behavior of the mobile terminal.
近年來,無線網路快速的發展也融入了人們的日常生活之中使人們的生活更為方便。人們可以在很多地方使用無線網路,而不需要受到網路線的限制,也可以透過LBS(Location Based Service,以位置為基礎之服務)來得知附近的商家資訊。LBS為透過定位系統來提供移動終端所需要的資訊。由於無線網路的傳輸方式是藉由廣播(Broadcast)來傳送的,這也讓個人的位置隱私受到了很大的威脅,因為惡意的攻擊者可以藉由不會改變的網路位址,如網路卡實體位置數值來得知移動終端的位置。因此,大多數無線網路都會受到位置隱私的威脅所苦。In recent years, the rapid development of wireless networks has also been integrated into people's daily lives to make people's lives more convenient. People can use the wireless network in many places without being restricted by the network route. They can also know the nearby business information through LBS (Location Based Service). The LBS provides the information needed by the mobile terminal through the positioning system. Since the transmission mode of the wireless network is transmitted by broadcasting, this also poses a great threat to the privacy of the individual's location, because a malicious attacker can use a network address that does not change, such as The network card entity location value is used to know the location of the mobile terminal. As a result, most wireless networks suffer from the threat of location privacy.
一般來說,要保護移動終端的位置隱私主要是在如何阻止攻擊者獲得現在或過去的位置資訊。然而,當一個移動終端需要用到LBS時,他必須告訴LBS提供者他現在的位置以取得LBS服務。因此,移動終端的位置訊息被明確的包含在訊框(Frame)內。因為是使用廣播傳輸,所以只要移動終端有在進行傳輸的動作,則想要阻止攻擊者獲得位置資訊是很難的。In general, to protect the location privacy of mobile terminals is mainly how to prevent attackers from obtaining current or past location information. However, when a mobile terminal needs to use the LBS, he must tell the LBS provider his current location to obtain the LBS service. Therefore, the location information of the mobile terminal is explicitly included in the frame. Since broadcast transmission is used, it is difficult to prevent an attacker from obtaining location information as long as the mobile terminal has an action of transmitting.
現有的作法大多是希望將被透漏的訊息減到最少。如果移動終端把位置隱私作為他的第一個優先考量,那他就只能提供LBS模糊的位置資訊。這可能是在位置隱私和正確的LBS之間的交換,以及移動終端可以積極阻止攻擊者知道他的精確的位置。不過,由於連結(Link)/實體層(Physical Layer)中是以廣播做為媒介,所以攻擊者仍然可以藉由監視移動終端的RSS(Received Signal Strength,接收訊號強度)及MAC(Media Access Control,媒體存取控制)位址來追蹤移動終端的位置。除此之外,還可以使用AOA(Angle Of Arrival,抵達角度)及TOA(Time Of Arrival,抵達時間)來追蹤移動終端。若精準定位系統(Accurate Positioning System)被採用的話,準確的範圍可能被提升到1~10公尺,移動終端會被更準確的定位,所以移動終端的位置隱私將受到更大的威脅,因此保護移動終端的位置隱私將會變成一個越來越重要的課題。Most of the existing practices are intended to minimize the amount of information that is leaked. If the mobile terminal takes location privacy as his first priority, he can only provide location information that is obscured by LBS. This may be an exchange between location privacy and the correct LBS, and the mobile terminal can actively prevent the attacker from knowing his precise location. However, since the link/physical layer is broadcasted as a medium, the attacker can still monitor the RSS (Received Signal Strength) and MAC (Media Access Control) of the mobile terminal. The media access control) address is used to track the location of the mobile terminal. In addition, AOA (Angle Of Arrival) and TOA (Time Of Arrival) can be used to track the mobile terminal. If the Accurate Positioning System is adopted, the exact range may be increased to 1~10 meters, and the mobile terminal will be more accurately positioned, so the mobile terminal's location privacy will be more threatened, so protection The location privacy of mobile terminals will become an increasingly important issue.
在一些習知技術中,MS可以透過不斷的改變她們的MAC位址來避免被其他攻擊者追蹤。然而,當MS更換新的MAC位址之後,其必須重新跟存取點(Access Point,AP)進行連線。若更換MAC位址的次數缺乏有效管理,將會大幅增加網路流量。另外,當MAC位址的更新隱藏規律性時,攻擊者亦可能透過分析MAC位址的更新頻率或模式來追蹤MS。In some conventional techniques, MSs can be prevented from being tracked by other attackers by constantly changing their MAC addresses. However, after the MS replaces the new MAC address, it must reconnect with the Access Point (AP). If the number of MAC address changes is not effectively managed, the network traffic will be greatly increased. In addition, when the update of the MAC address hides the regularity, the attacker may also track the MS by analyzing the update frequency or mode of the MAC address.
有鑑於此,本發明提供移動終端管理系統及方法。In view of this, the present invention provides a mobile terminal management system and method.
本發明實施例之一種移動終端管理系統包括一存取點、至少一第一移動終端與一第二移動終端、與一管理伺服器。第一移動終端與第二移動終端分別無線地與存取點進行耦接,且分別在至少一第一時間點與一第二時間點時,偵測一訊號強度資訊。其中,訊號強度資訊包括第一移動終端與第二移動終端間之訊號強度與第一移動終端或第二移動終端與存取點間之訊號強度。管理伺服器與存取點進行耦接,且透過存取點分別由第一移動終端與第二移動終端接收在第一時間點與第二時間點時之訊號強度資訊。管理伺服器依據訊號強度資訊計算第一移動終端與第二移動終端間之一距離及第一移動終端與第二移動終端間之一移動向量夾角,且判斷距離是否小於一既定距離且移動向量夾角是否小於一既定角度。當距離小於既定距離且移動向量夾角小於既定角度時,管理伺服器致使第一移動終端或第二移動終端進行一網路位址更新。A mobile terminal management system according to an embodiment of the present invention includes an access point, at least one first mobile terminal and a second mobile terminal, and a management server. The first mobile terminal and the second mobile terminal are respectively wirelessly coupled to the access point, and detect a signal strength information at at least a first time point and a second time point respectively. The signal strength information includes a signal strength between the first mobile terminal and the second mobile terminal and a signal strength between the first mobile terminal or the second mobile terminal and the access point. The management server is coupled to the access point, and the signal strength information at the first time point and the second time point is received by the first mobile terminal and the second mobile terminal respectively through the access point. The management server calculates a distance between the first mobile terminal and the second mobile terminal and a movement vector angle between the first mobile terminal and the second mobile terminal according to the signal strength information, and determines whether the distance is less than a predetermined distance and the angle of the moving vector Whether it is less than a predetermined angle. When the distance is less than the predetermined distance and the angle of the motion vector is less than the predetermined angle, the management server causes the first mobile terminal or the second mobile terminal to perform a network address update.
本發明實施例之一種移動終端管理系統包括一存取點與至少一第一移動終端與一第二移動終端。第一移動終端與第二移動終端分別無線地與存取點進行耦接,且分別在至少一第一時間點與一第二時間點時,偵測一訊號強度資訊。其中,訊號強度資訊包括第一移動終端與該第二移動終端間之訊號強度與第一移動終端或第二移動終端與存取點間之訊號強度。存取點分別由第一移動終端與第二移動終端接收在第一時間點與第二時間點時之訊號強度資訊,依據訊號強度資訊計算第一移動終端與第二移動終端間之一距離及第一移動終端與第二移動終端間之一移動向量夾角,且判斷距離是否小於一既定距離且移動向量夾角是否小於一既定角度。當距離小於既定距離且移動向量夾角小於既定角度時,存取點致使第一移動終端或第二移動終端進行一網路位址更新。A mobile terminal management system according to an embodiment of the present invention includes an access point and at least a first mobile terminal and a second mobile terminal. The first mobile terminal and the second mobile terminal are respectively wirelessly coupled to the access point, and detect a signal strength information at at least a first time point and a second time point respectively. The signal strength information includes a signal strength between the first mobile terminal and the second mobile terminal and a signal strength between the first mobile terminal or the second mobile terminal and the access point. The access point receives the signal strength information at the first time point and the second time point by the first mobile terminal and the second mobile terminal, and calculates a distance between the first mobile terminal and the second mobile terminal according to the signal strength information. One of the first mobile terminal and the second mobile terminal moves the vector angle, and determines whether the distance is less than a predetermined distance and the angle of the motion vector is less than a predetermined angle. When the distance is less than the predetermined distance and the angle of the motion vector is less than the predetermined angle, the access point causes the first mobile terminal or the second mobile terminal to perform a network address update.
本發明實施例之一種移動終端管理方法。首先,至少一第一移動終端與一第二移動終端分別無線地與一存取點進行耦接,且分別在至少一第一時間點與一第二時間點時,偵測一訊號強度資訊。其中,訊號強度資訊包括第一移動終端與該第二移動終端間之訊號強度與第一移動終端或第二移動終端與存取點間之訊號強度。接著,依據訊號強度資訊計算第一移動終端與第二移動終端間之一距離及第一移動終端與第二移動終端間之一移動向量夾角。之後,判斷距離是否小於一既定距離且移動向量夾角是否小於一既定角度。當距離小於既定距離且移動向量夾角小於既定角度時,致使第一移動終端或第二移動終端進行一網路位址更新。A mobile terminal management method according to an embodiment of the present invention. First, at least one first mobile terminal and a second mobile terminal are respectively wirelessly coupled to an access point, and detect a signal strength information at at least a first time point and a second time point respectively. The signal strength information includes a signal strength between the first mobile terminal and the second mobile terminal and a signal strength between the first mobile terminal or the second mobile terminal and the access point. Then, calculating a distance between the first mobile terminal and the second mobile terminal and a movement vector angle between the first mobile terminal and the second mobile terminal according to the signal strength information. Thereafter, it is determined whether the distance is less than a predetermined distance and the angle of the moving vector is less than a predetermined angle. When the distance is less than the predetermined distance and the angle of the motion vector is less than the predetermined angle, the first mobile terminal or the second mobile terminal is caused to perform a network address update.
本發明上述方法可以透過程式碼方式存在。當程式碼被機器載入且執行時,機器變成用以實行本發明之裝置。The above method of the present invention can exist in a coded manner. When the code is loaded and executed by the machine, the machine becomes the means for practicing the invention.
為使本發明之上述目的、特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖示,詳細說明如下。The above described objects, features, and advantages of the invention will be apparent from the description and appended claims appended claims
第1圖顯示依據本發明實施例之移動終端管理系統。Figure 1 shows a mobile terminal management system in accordance with an embodiment of the present invention.
依據本發明實施例之移動終端管理系統100包括一管理伺服器AS、至少一存取點(AP1、AP2)、與複數移動終端(MS1、MS2、MS3、MS4、MS5與MS6)。存取點可以接受移動終端之耦接,並提供相關之網路服務。其中,移動終端MS1、MS2與MS3係無線地與存取點AP1進行耦接,且移動終端MS4、MS5與MS6係無線地與存取點AP2進行耦接。存取點與個別移動終端分別具有一網路位址,如MAC位址,用以在進行無線連接時辨識其本身。管理伺服器AS係用以執行本案之移動終端管理方法。值得注意的是,每一存取點及與其耦接之移動終端可以劃分為一個群組,且每一群組可以獨立進行其相應之移動終端管理作業。為了簡化說明,本實施例中僅討論單一群組之移動終端管理作業。The mobile terminal management system 100 according to an embodiment of the present invention includes a management server AS, at least one access point (AP1, AP2), and a plurality of mobile terminals (MS1, MS2, MS3, MS4, MS5, and MS6). The access point can accept the coupling of the mobile terminal and provide related network services. The mobile terminals MS1, MS2, and MS3 are wirelessly coupled to the access point AP1, and the mobile terminals MS4, MS5, and MS6 are wirelessly coupled to the access point AP2. The access point and the individual mobile terminal each have a network address, such as a MAC address, for identifying itself when making a wireless connection. The management server AS is used to implement the mobile terminal management method of the present case. It should be noted that each access point and the mobile terminal coupled thereto can be divided into one group, and each group can independently perform its corresponding mobile terminal management operation. In order to simplify the description, only a single group of mobile terminal management jobs are discussed in this embodiment.
提醒的是,傳遞的封包可以事先進行簽章與/或加密。在本實施例中,假設AS的公鑰/私鑰為(PKAS ,SKAS ),ui 的公鑰/私鑰為()以及APλ 的公鑰/私鑰為()。必須注意的是,在一些實施例中,傳遞的封包亦可不進行簽章與/或加密。在本實施例中,相關封包之簽章/加密與簽章判斷/解密可以依照相關簽章與加解密演算法及相應之金鑰進行,相關細節將不特別進行說明。The reminder is that the delivered packet can be signed and/or encrypted in advance. In this embodiment, it is assumed that the public/private key of the AS is (PK AS , SK AS ), and the public/private key of u i is ( And the public/private key of AP λ is ( ). It must be noted that in some embodiments, the delivered packet may also not be signed and/or encrypted. In this embodiment, the signature/encryption and signature judgment/decryption of the relevant packet may be performed according to the relevant signature and the encryption and decryption algorithm and the corresponding key, and the relevant details will not be specifically described.
首先,接下來介紹本案中所使用之函數與名稱:ui :表示移動終端i;APλ :表示編號λ的AP;dij :表示ui 與uj 之間的距離;Ek (m):表示使用金鑰K將訊息m加密;Sk (m):表示使用金鑰K將訊息m加上簽章;MACi :表示移動終端i的MAC位址;Gλ :表示所有與APλ 連結的移動終端所成的集合;:在Gλ 內除了ui 以外其他移動終端的MAC位址;SSi :表示ui 的訊號強度;:表示Gλ 所使用的群組金鑰;TS:表示時戳;:表示ui 的移動向量;θij :表示與的夾角。First, the function and name used in this case will be introduced next: u i : indicates the mobile terminal i; AP λ : indicates the AP of the number λ; d ij : indicates the distance between u i and u j ; E k (m) : indicates that the message m is encrypted using the key K; S k (m): indicates that the message m is signed with the key K; MAC i : indicates the MAC address of the mobile terminal i; G λ : indicates that all the AP λ a collection of connected mobile terminals; : MAC address of the mobile terminal other than u i in G λ ; SS i : indicates the signal strength of u i ; : indicates the group key used by G λ ; TS: indicates the time stamp; : indicates the motion vector of u i ; θ ij : indicates versus The angle of the.
第2圖顯示依據本發明實施例之移動終端管理方法。在此實施例中,移動終端之註冊作業將進行說明。FIG. 2 shows a mobile terminal management method according to an embodiment of the present invention. In this embodiment, the registration operation of the mobile terminal will be explained.
當一個新移動終端uj 進入到APλ 的範圍以後,如步驟S202,uj 與APλ 進行耦接。當uj 與APλ 耦接完成以後,如步驟S204,APλ 將會傳送一個註冊封包給AS。註冊封包的格式如下:After a new mobile terminal u j enters the range of AP λ , u j is coupled with AP λ as in step S202. After the coupling of u j and AP λ is completed, as in step S204, AP λ will transmit a registration packet to the AS. The format of the registration packet is as follows:
其中”║”為分隔符號,註冊封包中包括有uj 的MAC位址、APλ 的MAC位址、與當時的時戳。Where "║" is a delimiter symbol, and the registration packet includes the MAC address of u j , the MAC address of AP λ , and the time stamp of the time.
注意的是,註冊封包可以先被進行簽章與加密。在一些實施例中,AS收到註冊封包之後可以先對註冊封包進行解密,再依照註冊封包內APλ 的簽章以及時戳來分辨此註冊封包是不是可以相信的。之後,如步驟S206,AS將uj 加到Gλ 的群組註冊表(未顯示)中。Note that the registration packet can be signed and encrypted first. In some embodiments, after receiving the registration packet, the AS may first decrypt the registration packet, and then distinguish the registration packet according to the signature of the AP λ and the time stamp in the registration packet. Thereafter, as in step S206, the AS adds u j to the group registry (not shown) of G λ .
注意的是,Gλ 的群組註冊表可以記錄這個群組的名稱、APλ 的MAC位址、所有在Gλ 中移動終端目前使用的MAC位址、及這個群組的群組金鑰。AS更新完Gλ 的群組註冊表之後,如步驟S208,AS透過APλ 傳送一註冊回應封包至新進的移動終端uj 。註冊回應封包的格式如下:Note that the group registry of G λ can record the name of this group, the MAC address of AP λ , all MAC addresses currently used by mobile terminals in G λ And the group key of this group . After the AS updates the group registry of G λ , in step S208, the AS transmits a registration response packet to the new mobile terminal u j through the AP λ . The format of the registration response packet is as follows:
其中,註冊回應封包中包括移動終端uj 的新MAC位址、Gλ 裡除了新進的移動終端uj 以外的其他移動終端的MAC位址、、與當時的時戳。移動終端uj 接收到註冊回應封包之後,如步驟S210,依據註冊回應封包建立其群組登記表(未顯示),並如步驟S212,設定移動終端uj 的新MAC位址來取代原來之MACj 。其中,群組登記表可以包括Gλ 裡除了新進的移動終端uj 以外的其他移動終端的MAC位址、以及。Wherein, the registration response packet includes a new MAC address of the mobile terminal u j MAC address of the mobile terminal other than the new mobile terminal u j in G λ , And the time stamp of the time. After receiving the registration response packet, the mobile terminal u j establishes its group registration table (not shown) according to the registration response packet according to step S210, and sets a new MAC address of the mobile terminal u j as step S212. To replace the original MAC j . The group registration table may include a MAC address of a mobile terminal other than the new mobile terminal u j in G λ , and .
另一方面,如步驟S214,AS透過APλ 傳送一表格更新封包至原本就在Gλ 的群組註冊表中的移動終端。表格更新封包的格式如下:On the other hand, in step S214, the AS transmits a table update packet to the mobile terminal originally in the group registry of G λ through the AP λ . The format of the form update packet is as follows:
其中,表格更新封包中包括一指令要求增加新的移動終端資訊、移動終端uj 的MAC位址、與當時的時戳。當原本就在Gλ 的群組註冊表中的移動終端接收到表格更新封包之後,如步驟S216,將移動終端uj 的MAC位址加入其群組登記表中。The form update packet includes an instruction requesting to add new mobile terminal information, and the MAC address of the mobile terminal u j And the time stamp of the time. After the mobile terminal in the group registry of G λ receives the form update packet, as in step S216, the MAC address of the mobile terminal u j is Join their group registration form.
第3圖顯示依據本發明實施例之移動終端管理方法。在此實施例中,移動終端之網路位址的更新作業將進行說明。FIG. 3 shows a mobile terminal management method according to an embodiment of the present invention. In this embodiment, the update operation of the network address of the mobile terminal will be explained.
如步驟S302,每一移動終端以一既定頻率於多個時間點偵測訊號強度資訊。在一些實施例中,訊號強度資訊的格式如下:In step S302, each mobile terminal detects signal strength information at a plurality of time points at a predetermined frequency. In some embodiments, the format of the signal strength information is as follows:
訊號強度資訊可以包括移動終端間的訊號強度、移動終端與存取點APλ 間之訊號強度、與當時的時戳。注意的是,由於每一移動終端具有各自之群組登記表。因此,可以依據群組登記表所登記其他移動終端得MAC位址來識別其他的移動終端與存取點APλ ,且偵測其他的移動終端與存取點APλ 的訊號強度。當得到訊號強度資訊之後,如步驟S304,每一移動終端將其偵測得到之訊號強度資訊透過存取點APλ 傳送至管理伺服器AS。管理伺服器AS收到訊號強度資訊之後,如步驟S306,依據由不同移動終端接收之訊號強度資訊計算每一移動終端間的距離、每一移動終端與存取點APλ 的距離、以及每一移動終端間的移動向量夾角。依據訊號強度資訊計算相關距離與移動向量夾角之方法將於後進行說明。注意的是,管理伺服器AS可以依據每一移動終端間的距離與移動向量夾角決定需要進行網路位址交換/更新之移動終端。如步驟S308,管理伺服器AS判斷每一移動終端間的距離是否小於一既定距離且每一移動終端間的移動向量夾角是否小於一既定角度。當兩移動終端間的距離並未小於既定距離且兩移動終端間的移動向量夾角並未小於既定角度(步驟S308的否),結束流程。當兩移動終端間的距離小於既定距離且兩移動終端間的移動向量夾角小於既定角度(步驟S308的是),則判定此兩移動終端需要進行網路位址交換/更新,且如步驟S310,致使需要進行網路位址交換/更新之移動終端中之至少一者進行網路位址交換/更新。The signal strength information may include the signal strength between the mobile terminals, the signal strength between the mobile terminal and the access point AP λ , and the time stamp at the time. Note that since each mobile terminal has its own group registration table. Therefore, other mobile terminals and the access point AP λ can be identified according to the MAC addresses of other mobile terminals registered in the group registration table, and the signal strengths of other mobile terminals and the access point AP λ can be detected. After the signal strength information is obtained, in step S304, each mobile terminal transmits the detected signal strength information to the management server AS through the access point AP λ . After the management server AS receives the signal strength information, in step S306, the distance between each mobile terminal, the distance between each mobile terminal and the access point AP λ , and each are calculated according to the signal strength information received by different mobile terminals. The angle of the motion vector between mobile terminals. The method of calculating the angle between the correlation distance and the motion vector based on the signal strength information will be described later. It is noted that the management server AS can determine the mobile terminal that needs to perform network address exchange/update according to the distance between each mobile terminal and the angle of the mobile vector. In step S308, the management server AS determines whether the distance between each mobile terminal is less than a predetermined distance and whether the angle of the motion vector between each mobile terminal is less than a predetermined angle. When the distance between the two mobile terminals is not less than the predetermined distance and the angle of the motion vector between the two mobile terminals is not less than the predetermined angle (NO in step S308), the flow is ended. When the distance between the two mobile terminals is less than the predetermined distance and the angle of the motion vector between the two mobile terminals is less than the predetermined angle (YES in step S308), it is determined that the two mobile terminals need to perform network address exchange/update, and in step S310, At least one of the mobile terminals requiring network address exchange/update is required to perform network address exchange/update.
值得注意的是,在步驟S310中,管理伺服器AS可以產生且透過存取點APλ 傳送一位址更新封包至需要進行網路位址交換/更新之移動終端。以uj 為例,位址更新封包的格式如下:It should be noted that, in step S310, the management server AS can generate and transmit the address update packet to the mobile terminal that needs to perform network address exchange/update through the access point AP λ . Taking u j as an example, the format of the address update packet is as follows:
其中,位址更新封包包括需要更新之新的MAC位址、與當時的時戳。值得注意的是,在一些實施例中,新的MAC位址可以是由管理伺服器AS依照隨機所產生。在一些實施例中,新的MAC位址可以是相對移動終端之MAC位址。舉例來說,當移動終端uj 與ui 間的距離小於既定距離,且移動向量夾角小於既定角度時,移動終端uj 之MAC位址將會更新為移動終端ui 的MAC位址,且移動終端ui 之MAC位址將會更新為移動終端uj 的MAC位址。在一些實施例中,當有多個移動終端需要交換網路位址,管理伺服器AS可以以亂數決定如何交換這些移動終端的MAC位址,並且傳送位址更新封包給這些移動終端。值得注意的是,在一些實施例中,當移動終端交換/更新MAC位址的同時,移動終端將無法傳送任何訊息。必須說明的是,管理伺服器AS可以將進行網路位址更新之移動終端及其新的MAC位址更新至群組註冊表中,且相關資訊亦會更新至相關移動終端之群組登記表中。當移動終端更新其MAC位址之後,便可依據新的MAC位址進行後續之無線連接。移動終端可以持續偵測訊號強度資訊,並將訊號強度資訊透過存取點APλ 傳送至管理伺服器AS。The address update packet includes a new MAC address that needs to be updated, and a time stamp at that time. It is worth noting that in some embodiments, the new MAC address may be generated by the management server AS in accordance with the randomness. In some embodiments, the new MAC address can be a MAC address relative to the mobile terminal. For example, when the distance between the mobile terminals u j and u i is less than a predetermined distance, and the angle of the mobile vector is less than a predetermined angle, the MAC address of the mobile terminal u j is updated to the MAC address of the mobile terminal u i , and The MAC address of the mobile terminal u i will be updated to the MAC address of the mobile terminal u j . In some embodiments, when there are multiple mobile terminals that need to exchange network addresses, the management server AS can decide how to exchange the MAC addresses of these mobile terminals in a random number and transmit the address update packets to these mobile terminals. It is worth noting that in some embodiments, the mobile terminal will not be able to transmit any message while the mobile terminal is switching/updating the MAC address. It should be noted that the management server AS can update the mobile terminal that performs network address update and its new MAC address to the group registry, and the related information is also updated to the group registration table of the relevant mobile terminal. in. After the mobile terminal updates its MAC address, a subsequent wireless connection can be made based on the new MAC address. The mobile terminal can continuously detect the signal strength information and transmit the signal strength information to the management server AS through the access point AP λ .
接下來,依據訊號強度資訊計算相關距離與移動向量夾角之方法將進行說明。Next, a method of calculating the angle between the correlation distance and the motion vector based on the signal strength information will be described.
計算移動終端間的距離與移動終端與存取點APλ 間的距離之方法可以依據訊號強度資訊與一損失訊號強度模型來進行計算。損失訊號強度模型的基礎式子如下:,其中,PL為平均損失,ψ表示平均損失速度增加的指數,d為發送者與接收者之間(兩移動終端間)的距離,d0 為參考距離。The method of calculating the distance between the mobile terminal and the distance between the mobile terminal and the access point AP λ can be calculated according to the signal strength information and a loss signal strength model. The basic formula of the loss signal strength model is as follows: Where PL is the average loss, ψ is the index of the increase in the average loss rate, d is the distance between the sender and the receiver (between the two mobile terminals), and d 0 is the reference distance.
管理伺服器AS在收到了所有移動終端所回傳的訊號強度資訊以後,可以依照損失訊號強度模型將數據轉換成距離,並且會建立一個距離矩陣DM來存轉換以後的距離如下:After receiving the signal strength information returned by all mobile terminals, the management server AS can convert the data into distance according to the loss signal strength model, and establish a distance matrix DM to store the converted distance as follows:
的大小則是由群組的大小所決定。當群組內有n個移動終端的話則DM將會是n×(n+1)。其中,dij 表示ui 與uj 之間的距離,則是ui 與APλ 間的距離。注意的是,若同時有多個移動終端傳回不同的資料時,則取其平均值。若移動終端間的訊號超過傳送範圍,則相應之矩陣位置將會空著。The size is determined by the size of the group. When there are n mobile terminals in the group, the DM will be n × (n + 1). Where d ij represents the distance between u i and u j , Then it is the distance between u i and AP λ . Note that if multiple mobile terminals return different data at the same time, the average value is taken. If the signal between the mobile terminals exceeds the transmission range, the corresponding matrix position will be empty.
DM建立好之後,可以依據DM建立一個相對於APλ 的地圖。第4圖顯示依據本發明實施例之相對地圖建立例子。假設APλ 座標為(0,0),任選一個移動終端,如ui 置於x軸。因此,移動終端ui 的座標係(,0)。之後,決定另一個移動終端,如uj 的座標位置。決定移動終端uj 的座標位置可以先利用下列公式計算α角:After the DM is established, a map relative to the AP λ can be established based on the DM. Figure 4 shows an example of relative map creation in accordance with an embodiment of the present invention. Assume that the AP λ coordinate is (0, 0), optionally a mobile terminal, such as u i placed on the x-axis. Therefore, the coordinate system of the mobile terminal u i ( , 0). After that, decide the coordinates of another mobile terminal, such as u j . Determining the coordinate position of the mobile terminal u j can first calculate the alpha angle using the following formula:
當α角得到之後,便可以得知移動終端uj 的座標為。類似地,利用上述公式可以計算出β角及γ角,且可以計算出移動終端uk 的座標。其中,。由於在Y軸時與ui 夾角為β的點可以為兩個,分別在一與四/二與三象限,因此將會有正負號的差別(如在第一象限時,為正;如在第四象限時,為負)。因此,座標如下:若γ=β+α,則,否則,=。When the angle α is obtained, it can be known that the coordinates of the mobile terminal u j are . Similarly, the β angle and the γ angle can be calculated using the above formula, and the coordinates of the mobile terminal u k can be calculated. among them, . Due to the Y axis The angle between the angle u and u i can be two, one in four and two and three quadrants, so There will be a difference between the sign (such as in the first quadrant, Positive; as in the fourth quadrant, Negative). therefore, The coordinates are as follows: If γ = β + α, then ,otherwise, = .
類似地,其他移動終端的相對位置可以依照前述方法進行計算,從而得到了一個完整的相對地圖。Similarly, the relative positions of other mobile terminals can be calculated in accordance with the aforementioned method, thereby obtaining a complete relative map.
相對地圖得到之後,移動終端可以持續傳送訊號強度資訊給管理伺服器AS,且管理伺服器AS可以持續更新相對地圖。管理伺服器AS可以依據不同時間點之相對地圖得知移動終端的移動行為。依據移動終端於不同時間點的座標可以計算出相應之移動向量。假設移動終端ui 原本的座標為(,)而新座標為(,)則移動終端ui 之移動向量係((-),(-))。之後,管理伺服器AS可以依據每一移動終端之移動向量與下列公式來計算兩移動終端間的移動向量夾角θij 。After the relative map is obtained, the mobile terminal can continuously transmit the signal strength information to the management server AS, and the management server AS can continuously update the relative map. The management server AS can learn the mobile behavior of the mobile terminal according to the relative maps at different time points. The corresponding motion vector can be calculated according to the coordinates of the mobile terminal at different time points. Assume that the original coordinates of the mobile terminal u i are ( , ) and the new coordinates are ( , ) the mobile vector of the mobile terminal u i system(( - ), ( - )). Thereafter, the management server AS can calculate the motion vector angle θ ij between the two mobile terminals according to the motion vector of each mobile terminal and the following formula.
兩移動終端間的移動向量夾角θij 可以儲存至一角度The moving vector angle θ ij between the two mobile terminals can be stored to an angle
矩陣AM,如下:Matrix AM, as follows:
計算出兩移動終端間的距離dij 與移動向量夾角θij 便可用來判斷此兩移動終端是否需要交換/更新MAC位址。It can be calculated that the distance d ij between the two mobile terminals and the moving vector angle θ ij can be used to determine whether the two mobile terminals need to exchange/update the MAC address.
第5圖顯示依據本發明實施例之移動終端管理方法。在此實施例中,移動終端之離開作業將進行說明。FIG. 5 shows a mobile terminal management method according to an embodiment of the present invention. In this embodiment, the leaving operation of the mobile terminal will be explained.
當移動終端uj 離開APλ 的範圍以後,如步驟S502,uj 與APλ 中止耦接。當uj 與APλ 中止耦接以後,如步驟S504,移動終端uj 將網路位址設定回原來之MAC位址MACj ,以進行後續之無線連接。當uj 離開APλ 之後,如步驟S506,APλ 將會傳送一個離開封包給AS。離開封包的格式如下:After the mobile terminal u j leaves the range of the AP λ , as in step S502, u j is aborted with the AP λ . After the coupling of u j and AP λ is suspended, in step S504, the mobile terminal u j sets the network address back to the original MAC address MAC j for subsequent wireless connection. After u j leaves AP λ , as in step S506, AP λ will transmit an leaving packet to the AS. The format of leaving the packet is as follows:
其中,離開封包中包括有uj 的MAC位址、APλ 的MAC位址、與當時的時戳。Wherein, the leaving packet includes a MAC address of u j , MAC address of AP λ And the time stamp of the time.
類似地,離開封包可以先被進行簽章與加密。在一些實施例中,AS收到離開封包之後可以先對離開封包進行解密,再依照離開封包內APλ 的簽章以及時戳來分辨此離開封包是不是可以相信的。之後,如步驟S508,AS將相應移動終端uj 之與MACj 由群組註冊表中刪除,且如步驟S510,透過APλ 傳送一表格更新封包給還在這個群組裡的移動終端,以通知移動終端uj 已經離開群組,以及一個新的。當移動終端收到表格更新封包之後,如步驟S512,移動終端將移動終端uj 之由其群組登記表中刪除。移動終端可以使用用以後續之加密作業。Similarly, leaving a packet can be signed and encrypted first. In some embodiments, after receiving the leaving packet, the AS may first decrypt the leaving packet, and then distinguish whether the leaving packet is convincable according to the signature and time stamp of the AP λ leaving the packet. After that, in step S508, the AS will correspond to the mobile terminal u j And the MAC j is deleted by the group registry, and in step S510, a form update packet is transmitted through the AP λ to the mobile terminal still in the group to notify the mobile terminal that u j has left the group, and a new one . After the mobile terminal receives the form update packet, the mobile terminal will move the mobile terminal u j as in step S512. Deleted by its group registration form. Mobile terminal can be used Used for subsequent encryption jobs.
在一些實施例中,當一個移動終端提出保護位置隱私的要求時,AS會在DM中去檢查有哪些移動終端與此移動終端的距離係落在一個既定範圍內,並且再去AM中檢查這些移動終端與此移動終端移動向量的夾角是否小於既定角度。若夾角小於既定角度,則這些移動終端便會加入此次交換/更新MAC位址的群組。若夾角大於既定角度,則這些移動終端便不會在此次交換/更新MAC位址的群組中。決定了哪些移動終端需要交換/更新MAC位址之後,AS便會決定新的MAC位址或以亂數決定如何交換群組中的MAC位址,並且傳送位址更新封包給這些移動終端。In some embodiments, when a mobile terminal proposes to protect location privacy, the AS checks in the DM which mobile terminals are within a predetermined range of the mobile terminal, and then checks these in the AM. Whether the angle between the mobile terminal and the mobile terminal motion vector is less than a predetermined angle. If the angle is smaller than the predetermined angle, the mobile terminals will join the group that exchanges/updates the MAC address. If the angle is greater than the predetermined angle, the mobile terminals will not be in the group that exchanges/updates the MAC address. After deciding which mobile terminals need to exchange/update the MAC address, the AS decides the new MAC address or decides how to exchange the MAC address in the group in random numbers, and transmits the address update packet to these mobile terminals.
舉例來說,第6圖顯示依據本發明實施例之移動終端管理例子。如第6圖所示,黑點可以向AS提出保護位置隱私的要求,則AS會將既定範圍內(與黑點間之距離小於既定距離)的點都選出來,並偵測這些點的移動向量與黑點的夾角。若夾角小於既定角度,這些點,如深灰色的點被加入交換的群組。若夾角大於既定角度,這些點,如淺灰色的點則不加入此次交換的群組。最後,AS傳送位址更新封包至黑點及深灰色的點。移動終端交換/更新完MAC位址之後便可進入另一次的循環。必須注意的是,由於AS檢查既定範圍內有哪些移動終端存在時,這些移動終端亦可能在這個時間點上也會提出保護位置隱私的要求。當同時有兩個以上移動終端提出保護位置隱私的要求時,AS可以分別對這些移動終端做相關判定,所以相關符合條件且需要交換/更新MAC位址的移動終端都會加入交換群組中,並且去除重複的移動終端。在一些實施例中,當既定範圍內並未有任何移動終端符合相關條件時,則AS可以通知提出保護位置隱私要求之移動終端不需要進行MAC位址之交換/更新,以避免不必要網路位址交換/更新,而使網路效能降低。For example, Figure 6 shows an example of mobile terminal management in accordance with an embodiment of the present invention. As shown in Figure 6, the blackpoint can ask the AS for the privacy of the protection location, and the AS will select the points within the established range (the distance from the blackpoint is less than the predetermined distance) and detect the movement of these points. The angle between the vector and the black point. If the angle is less than the predetermined angle, these points, such as dark gray points, are added to the exchange group. If the angle is greater than the predetermined angle, these points, such as light gray points, are not added to the group of this exchange. Finally, the AS transport address updates the packet to black dots and dark gray dots. After the mobile terminal exchanges/updates the MAC address, it can enter another cycle. It must be noted that since the AS checks which mobile terminals exist within a given range, these mobile terminals may also propose protection of location privacy at this point in time. When more than two mobile terminals request the privacy of the protection location at the same time, the AS can separately make relevant decisions on the mobile terminals, so the relevant mobile terminals that meet the conditions and need to exchange/update the MAC address are added to the switching group, and Remove duplicate mobile terminals. In some embodiments, when no mobile terminal meets the relevant conditions within a predetermined range, the AS may notify the mobile terminal that proposes the protection location privacy requirement that the MAC address is not exchanged/updated to avoid unnecessary network. Address swap/update, which reduces network performance.
值得注意的是,上述實施例係透過管理伺服器AS進行相關移動終端管理,如距離及移動向量夾角計算。然而,在一些實施例中,存取點AP亦取代管理伺服器AS來進行本案之相關移動終端管理。It should be noted that the above embodiment performs related mobile terminal management, such as distance and motion vector angle calculation, through the management server AS. However, in some embodiments, the access point AP also replaces the management server AS for the associated mobile terminal management of the present case.
因此,透過本案之移動終端管理系統及方法可以依據移動終端之移動行為對於移動終端進行相關管理,從而減少不必要之網路位址交換/更新。Therefore, the mobile terminal management system and method of the present invention can perform related management on the mobile terminal according to the mobile behavior of the mobile terminal, thereby reducing unnecessary network address exchange/update.
本發明之方法,或特定型態或其部份,可以以程式碼的型態存在。程式碼可以包含於實體媒體,如軟碟、光碟片、硬碟、或是任何其他機器可讀取(如電腦可讀取)儲存媒體,亦或不限於外在形式之電腦程式產品,其中,當程式碼被機器,如電腦載入且執行時,此機器變成用以參與本發明之裝置。程式碼也可以透過一些傳送媒體,如電線或電纜、光纖、或是任何傳輸型態進行傳送,其中,當程式碼被機器,如電腦接收、載入且執行時,此機器變成用以參與本發明之裝置。當在一般用途處理單元實作時,程式碼結合處理單元提供一操作類似於應用特定邏輯電路之獨特裝置。The method of the invention, or a particular type or portion thereof, may exist in the form of a code. The code may be included in a physical medium such as a floppy disk, a CD, a hard disk, or any other machine readable (such as computer readable) storage medium, or is not limited to an external computer program product, wherein When the code is loaded and executed by a machine, such as a computer, the machine becomes a device for participating in the present invention. The code can also be transmitted via some transmission medium, such as a wire or cable, fiber optics, or any transmission type, where the machine becomes part of the program when it is received, loaded, and executed by a machine, such as a computer. Invented device. When implemented in a general purpose processing unit, the code combination processing unit provides a unique means of operation similar to application specific logic.
雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何熟悉此項技藝者,在不脫離本發明之精神和範圍內,當可做些許更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。While the present invention has been described in its preferred embodiments, the present invention is not intended to limit the invention, and the present invention may be modified and modified without departing from the spirit and scope of the invention. The scope of protection is subject to the definition of the scope of the patent application.
100...移動終端管理系統100. . . Mobile terminal management system
AS...管理伺服器AS. . . Management server
AP1、AP2、APλ ...存取點AP1, AP2, AP λ . . . Access point
MS1、MS2、MS3、MS4、MS5、MS6、uj 、uj 、uk 、Gλ -{ui }...移動終端MS1, MS2, MS3, MS4, MS5, MS6, u j , u j , u k , G λ -{u i }. . . Mobile terminal
S202、S204、...、S216...步驟S202, S204, ..., S216. . . step
S302、S304、...、S310...步驟S302, S304, ..., S310. . . step
S502、S504、...、S512...步驟S502, S504, ..., S512. . . step
第1圖為一示意圖係顯示依據本發明實施例之移動終端管理系統。1 is a schematic diagram showing a mobile terminal management system in accordance with an embodiment of the present invention.
第2圖為一流程圖係顯示依據本發明實施例之移動終端管理方法。2 is a flow chart showing a mobile terminal management method according to an embodiment of the present invention.
第3圖為一流程圖係顯示依據本發明實施例之移動終端管理方法。FIG. 3 is a flow chart showing a mobile terminal management method according to an embodiment of the present invention.
第4圖為一示意圖係顯示依據本發明實施例之相對地圖建立例子。Figure 4 is a schematic diagram showing an example of relative map creation in accordance with an embodiment of the present invention.
第5圖為一流程圖係顯示依據本發明實施例之移動終端管理方法。Figure 5 is a flow chart showing a mobile terminal management method according to an embodiment of the present invention.
第6圖為一示意圖係顯示依據本發明實施例之移動終端管理例子。Figure 6 is a diagram showing an example of management of a mobile terminal according to an embodiment of the present invention.
S302、S304、...、S310...步驟S302, S304, ..., S310. . . step
Claims (22)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW098100135A TWI418193B (en) | 2009-01-06 | 2009-01-06 | Mobile station management systems and methods, and computer program products thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW098100135A TWI418193B (en) | 2009-01-06 | 2009-01-06 | Mobile station management systems and methods, and computer program products thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201027955A TW201027955A (en) | 2010-07-16 |
| TWI418193B true TWI418193B (en) | 2013-12-01 |
Family
ID=44853357
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW098100135A TWI418193B (en) | 2009-01-06 | 2009-01-06 | Mobile station management systems and methods, and computer program products thereof |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI418193B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6816437B1 (en) * | 2002-06-03 | 2004-11-09 | Massachusetts Institute Of Technology | Method and apparatus for determining orientation |
| TWI239198B (en) * | 2002-12-03 | 2005-09-01 | Ibm | A system and method to anonymously test for proximity of mobile users without revealing individual phase space coordinates |
| US6961541B2 (en) * | 2002-05-24 | 2005-11-01 | Aeroscout, Inc. | Method and apparatus for enhancing security in a wireless network using distance measurement techniques |
| US7054615B2 (en) * | 2002-02-13 | 2006-05-30 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for providing enhanced user privacy in a mobile communications network |
| US7088237B2 (en) * | 2003-02-14 | 2006-08-08 | Qualcomm Incorporated | Enhanced user privacy for mobile station location services |
| US7366522B2 (en) * | 2000-02-28 | 2008-04-29 | Thomas C Douglass | Method and system for location tracking |
-
2009
- 2009-01-06 TW TW098100135A patent/TWI418193B/en not_active IP Right Cessation
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7366522B2 (en) * | 2000-02-28 | 2008-04-29 | Thomas C Douglass | Method and system for location tracking |
| US7054615B2 (en) * | 2002-02-13 | 2006-05-30 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for providing enhanced user privacy in a mobile communications network |
| US6961541B2 (en) * | 2002-05-24 | 2005-11-01 | Aeroscout, Inc. | Method and apparatus for enhancing security in a wireless network using distance measurement techniques |
| US6816437B1 (en) * | 2002-06-03 | 2004-11-09 | Massachusetts Institute Of Technology | Method and apparatus for determining orientation |
| TWI239198B (en) * | 2002-12-03 | 2005-09-01 | Ibm | A system and method to anonymously test for proximity of mobile users without revealing individual phase space coordinates |
| US7088237B2 (en) * | 2003-02-14 | 2006-08-08 | Qualcomm Incorporated | Enhanced user privacy for mobile station location services |
Non-Patent Citations (2)
| Title |
|---|
| A. Kushki, K. Plataniotis, and A.N. Venetsanopoulos, "Location Tracking in Wireless Local Area Networks with Adaptive Radio Maps,"IEEE ICASSP 2006 * |
| Huang, L., Matsuura, K., Yamane, H., Sezaki, K," Enhancing Wireless Location Privacy Using Silent Period", Wireless Communications and Networking Conference, 2005 IEEE ,13-17 March 2005, IEEE Computer Society Press, Los Alamitos (2005) * |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201027955A (en) | 2010-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12245040B2 (en) | Provision of location-specific user information | |
| Gope et al. | Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment | |
| Lei et al. | A blockchain based certificate revocation scheme for vehicular communication systems | |
| Sheikh et al. | A comprehensive survey on VANET security services in traffic management system | |
| Ansari et al. | Chaos‐based privacy preserving vehicle safety protocol for 5G connected autonomous vehicle networks | |
| US10045208B2 (en) | Method and apparatus for secured social networking | |
| Zheng et al. | Location based handshake and private proximity test with location tags | |
| Malandrino et al. | Verification and inference of positions in vehicular networks through anonymous beaconing | |
| CN111149324A (en) | Cryptographic method and system for managing digital certificates having linked values | |
| EP4021052B1 (en) | DETECTION OF MISCONDUCT BY A TRUSTED AGENT THROUGH LOSS OF GRANULES | |
| US11490249B2 (en) | Securing vehicle privacy in a driving infrastructure | |
| CN104093145A (en) | An Authentication Method Between Adjacent Mobile Terminal Users | |
| US20230328635A1 (en) | Non-Waking Maintenance of Near Owner State | |
| JPWO2019054372A1 (en) | Data transfer system and data transfer method | |
| CN104754576B (en) | Device authentication method, user equipment and the network equipment | |
| TWI418193B (en) | Mobile station management systems and methods, and computer program products thereof | |
| US20220052856A1 (en) | Method and apparatus for securing real-time data transfer from a device | |
| CN111328025B (en) | A trajectory tracking method, terminal device, base station and server | |
| Ni et al. | A mobile phone‐based physical‐social location proof system for mobile social network service | |
| JP6259600B2 (en) | Communication program, information processing apparatus, communication terminal apparatus, communication system, and communication method | |
| Punitha et al. | Privacy preservation and authentication on secure geographical routing in VANET | |
| CN110113344A (en) | A kind of marine multiple mobile platforms personal identification method based on distributed cryptographic | |
| Rath et al. | Communiqué issues in MANET and VANET protocols with network security disquiet | |
| WO2023200693A1 (en) | Non-waking maintenance of near owner state | |
| JP5388382B2 (en) | Data exchange server and data exchange method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |