Method for identifying internet access of mobile phone through personal computer (PC) based on signaling analysis

A signaling analysis and identification method technology, applied in the field of mobile communications, can solve problems such as inability to obtain terminal models, failure to analyze, and problems with identification accuracy

Active Publication Date: 2013-01-02
5 Cites 13 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0008] However, in the identification technology based on IMEI, only the terminal type used by the user in the network access process can be identified, and the special user behavior after network access cannot be analyzed, such as the user uses a mobile terminal to connect to the PC to surf the Internet; The...
View more

Method used

[0020] The present embodiment is based on the separate analysis of the Gb and IuPS interface data of the GPRS and TD network, and only needs to collect the raw data of any interface. Use the service switch mirroring method for data collection, that is, mirror the required interface data to the spare port on the live network service exchange for output for col...
View more


The invention discloses a method for identifying internet access of a mobile phone through a personal computer (PC) based on signaling analysis, which belongs to the technical field of the mobile communication. The method comprises following steps of collecting original data of all user behaviors on an internet, analyzing an original data signaling and a protocol, acquiring terminal identification information, utilizing the terminal identification information to filter the internet access request transmitted by a mobile phone terminal and the internet access request transmitted by an emulational mobile phone to obtain the internet access request which is transmitted by directly utilizing a PC operation system, further filtering the internet access request transmitted by a small laptop computer and an internet access card, and determining the rest internet access request to bee the internet access utilized by the mobile phone through the PC. According to the method, a hyper text transport protocol (HTTP) characteristic in a mobile network is utilized, the internet access service flow of users in a second-generation/third-generation (2G/3G)) network is collected, a user-agent field in the HTTP is analyzed, and finally the terminal type transmitting the service is accurately judged through a terminal characteristic library.

Application Domain

TransmissionSecurity arrangement

Technology Topic

Mobile phoneProtocol for Carrying Authentication for Network Access +12


  • Method for identifying internet access of mobile phone through personal computer (PC) based on signaling analysis
  • Method for identifying internet access of mobile phone through personal computer (PC) based on signaling analysis


  • Experimental program(1)

Example Embodiment

[0016] The present invention will be further described below in conjunction with the drawings and specific embodiments.
[0017] The method for identifying that a mobile phone is connected to a PC to surf the Internet in the embodiment of the present invention mainly uses the HTTP protocol feature in the mobile network, collects the business process of users surfing the Internet in the 2/3G network, and analyzes and analyzes the User-Agent field in the HTTP protocol. Analyze and finally determine the type of terminal (mobile terminal, network card, netbook, PC) that initiates the service based on the terminal feature database. If the User-Agent information in the HTTP request submitted by the user using the data service does not include the mobile phone manufacturer/model/operating system, netbook and network card manufacturer/model, and it is not a copycat, it can be determined that the user is using a mobile phone to connect PC Internet.
[0018] Such as figure 1 As shown, this embodiment provides a method for identifying a mobile phone connected to a PC to access the Internet based on signaling analysis, including:
[0019] Step 101: Collect raw data. Collecting raw data refers to the collection of all user behaviors on the mobile Internet. These data mainly include the mobile network mobility management process, the session management process, and the interaction process between the user, the media gateway, and the SP server.
[0020] This embodiment is implemented based on separate analysis of the Gb and IuPS interface data of the GPRS and TD networks, and only the original data of any one interface needs to be collected. Use the service switch mirroring method for data collection, that is, mirror the required interface data to the vacant port output on the live network service exchange for collection and use. This method only needs to mirror the data on the switch, without interrupting services and adding optical splitter equipment, and is convenient for later maintenance. If the mirroring port is operated or interrupted, it will not affect the existing network services of the original port and is the safest for the operation of the existing network. .
[0021] Step 102: Analyze the signaling and protocol. Analyzing the signaling and protocol mainly refers to analyzing the original data and obtaining important information useful for terminal identification. Specifically, the content of analysis mainly includes:
[0022] (1) Gb/IuPS interface signaling process: including the packet authentication process and the process of creating PDP (User Dynamic Context). The purpose is to obtain the IMEI, IMSI (International Mobile Subscriber Identity) and IP of the user terminal from these two processes. Address three pieces of information. The analytical method is:
[0023] Filter the signaling messages with the GMM message type of 0x13 on the Gb/IuPS interface, and intercept the 9th to 20th bytes of the GMM (Management Management Protocol) layer of the message to obtain IMEI information;
[0024] Filter the signaling message of the Gb/IuPS interface SM (session management) message type of 0x10, and intercept the first to eighth bytes from the 0d 88 two bytes in the message to obtain the IMSI information; intercept In this message, the third to sixth bytes from the two bytes of 2b 06 to the back, obtain the user's IP address information.
[0025] (2) Gb/IuPS/Gn interface HTTP business process: the purpose is to obtain the user terminal's agent (User-Agent) information from the HTTP request. The analytical method is:
[0026] First, identify the message that carries two consecutive bytes of 504f and 4745, which are HTTP Post and HTTP Get messages, respectively, and then intercept the bytes between 5573 and 0d 0a from these two types of messages, which are User-Agent information.
[0027] Step 103: Filter Internet requests initiated by using the mobile phone terminal.
[0028] Step 1031: Filter terminal vendors. If the user uses the mobile terminal of a regular manufacturer to access the GPRS network and use the data service (2G and 3G network filtering methods are the same), the user-agent information in the HTTP request initiated by the user can match the clear terminal manufacturer name (such as: "Nokia ", "TCL", etc.), if any terminal manufacturer is matched, the HTTP request is marked as "initiated by mobile terminal".
[0029] Step 1032. Filter the terminal operating system. Under certain circumstances, some mobile phones will not report the terminal manufacturer and model in the User-Agent information that initiates the HTTP request, but only the browser and operating system. At this time, it is necessary to match the mobile phone's operating system to determine whether it is a mobile phone. Service request initiated by the terminal. Currently, there are nine operating systems used on mobile phones: PalmOS, Symbian, Windows mobile, Linux and Android, iPhoneOS, bada, MeeGo, and BlackBerry, so the HTTP request to which it belongs can be marked as "initiated by mobile terminal".
[0030] Step 104: Filter the Internet request initiated by the fake machine. If a user uses a counterfeit machine to access the Internet, he will not see any information about the phone manufacturer, phone model, or phone operating system in the User-Agent information requested by the HTTP. When a user uses a counterfeit machine to access the Internet, the User-Agent information reported is "MAUI WAP Browser", which is also a common counterfeit machine logo. Therefore, in this embodiment, the user whose UA contains "MAUI WAP Browser" is identified as a "counterfeit machine Internet user".
[0031] Step 105: Filter and obtain the Internet request initiated directly using the PC operating system. When a user uses a netbook, a network card or a mobile phone to connect to the PC to surf the Internet, only the browser and PC operating system version related information can be seen in the User-Agent information requested by the HTTP. Perform string matching on the User-Agent field. If it matches the operating system of the PC, the request must not be initiated by the mobile terminal. This step is to further confirm that the HTTP request is initiated by the PC and not from other terminal devices except the mobile phone.
[0032] However, it needs to be further distinguished whether it is initiated by a netbook/network card or by a mobile phone connected to a PC.
[0033] Step 106: Filter Internet requests initiated by using the netbook/network card. The IMEI information of the terminal can be used to analyze whether the user who initiated the HTTP request is using a netbook or a network card. The specific method is as follows:
[0034] Step 1061. According to the user IP address carried in the HTTP request, the user's IMSI can be obtained through the PDP (User Dynamic Context) activation process associated with the user IP address.
[0035] Step 1062: Acquire the IMEI information of the device in the packet authentication encryption response message initiated by the user according to the IMSI associated Attach process.
[0036] Step 1063. Perform matching analysis on the acquired IMEI information with the IMEI database of China Mobile's terminal equipment to obtain the terminal type (netbook, network card, mobile terminal), and mark the service request to which the netbook and network card belong to "netbook/netcard initiated" .
[0037] After the above filtering, the remaining users use their mobile phones to connect to the PC to surf the Internet.
[0038] In a sample analysis of 300 2G communities, it was found that 22 communities had mobile phones connected to laptops to access the Internet, accounting for 7.3% of the total number of samples. Among them, there are the following 5 communities where mobile phones connect to laptops and generate a lot of traffic:
[0039] Community name
[0040] WLAN network construction should be focused on communities where mobile phones are connected to laptops to access the Internet.
[0041] The embodiment of the present invention solves the shortcomings of terminal type identification and user online mode identification in the prior art through the method of IMEI and User-Agent correlation analysis. Compared with the existing technology, this proposal has the following technical advantages:
[0042] Able to comprehensively analyze and identify the terminal type, terminal brand, terminal model and other information used by the user during the network access process and business use process;
[0043] Able to accurately identify mobile terminals, internet cards, netbooks, mobile phones connected to PCs and other user Internet access methods;
[0044] It can effectively solve the problem that the user cannot accurately identify the phone model through User-Agent after modifying the UA information of the phone.
[0045] In a specific application example, a provincial data service optimization service project locates the hotspot community where the mobile phone connects to the PC to access the Internet by collecting and analyzing Gb interface signaling, and provides operators with network construction and optimization references. Sampling and analysis of the distribution area of ​​users connected to laptops with mobile phones in 2G communities, the results are as follows figure 2 Shown.
[0046] The method of the present invention is not limited to the examples described in the specific implementation manners. Those skilled in the art can obtain other implementation manners based on the technical solutions of the present invention, which also belong to the technical innovation scope of the present invention.


no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products