CN101031141B - Safety telecommunication method - Google Patents
Safety telecommunication method Download PDFInfo
- Publication number
- CN101031141B CN101031141B CN2006100675303A CN200610067530A CN101031141B CN 101031141 B CN101031141 B CN 101031141B CN 2006100675303 A CN2006100675303 A CN 2006100675303A CN 200610067530 A CN200610067530 A CN 200610067530A CN 101031141 B CN101031141 B CN 101031141B
- Authority
- CN
- China
- Prior art keywords
- base station
- message
- acting server
- request message
- contact request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The method is used for realizing a security communication between the first base station and second base station. The first base station comprises: at least one first proxy server. It comprises: 202) the first base station sends a first message to the second base station; the first message comprises a first network address of first proxy server and a first ID of the first base station; 204) the second base station responds to the first message, and according to the ID of the first base station, sends a connection request message to the first base station; the first base station responds to the connection request message, and sends a confirmation message to the second base station. By the invention the address of base station is not opened on the public network so as to reduce the possibility of getting a network attack.
Description
Technical field
The present invention relates to communication technical field, in particular to safety communicating method.
Background technology
In recent years, along with the continuous progress of the communication technology, the communications industry development rapidly.Wireless technology is flourish at present, and frequency spectrum resource is very valuable.In order to make full use of limited frequency spectrum resources, International Telecommunication Association marks the frequency range of exempting to permit (LE Band) specially.Under the prerequisite that does not influence other equipment operate as normal, LE equipment can take this frequency range arbitrarily.
Each LE equipment in the network, parameters such as its position, the resource that takies, transmitting power are not advance plannings and configure, and all are independently to deacclimatize environment of living in by equipment itself, utonomous working.
The LE equipment work needs to adapt to environment of living in the LE frequency range, can detect to disturb and avoid disturbing, or consult with interference source.Therefore LE equipment needs to consult how to share this frequency range with other LE equipment, and this just involves the signaling communication between the LE equipment.And two LE equipment in advance and do not know the other side's address, and this needs a side wherein that oneself address is broadcasted away, and the other side receives and can advise afterwards communicating by letter.
Because need carry out two equipment of resource negotiation is the equipment that resource clashes, their coverage exists overlapping.By the terminal in the common overlay area, two LE equipment can carry out address broadcasting by wireless mode.After the address that obtains the other side, can switch to wired mode and carry out follow-up negotiation work.
Here the address of saying is exactly the IP address usually.In fact, two equipment that need to consult resource belong to two different operators or two networks that do not have trusting relationship usually, and the broadcasting in eating dishes without rice or wine of service in base station IP address can bring very big potential hazard.Intercept the IP address of LE base station if any rogue device, just can pretend to need to consult resource, perhaps the LE base station is attacked and made the base station paralysis.Be example with a new base station IBS who starts below, need consult interface-free resources with the base station OBS of another one operate as normal,
In addition, the license mandate of the use nonexcludability of the band segment of certain areas that is to say you in the license that obtains this frequency range, and other people also can obtain the right of using this frequency range under your unwitting situation.
Also has a kind of situation, though be the power that exclusively enjoys of certain enterprise or operator certain frequency range of having obtained certain zone, but it does not have means or is unwilling to utilize the first mode of afterwards layouting of planning to lay and be provided with website, and wishes to consult resource allocation dynamically according to the actual situation that takies of residing interface-free resources flexibly between each equipment.
For convenience, the equipment/base station under above three kinds of situations is commonly referred to as LE equipment/base station or compossibility base station.
Each LE equipment in the network, parameters such as its position, the resource that takies, transmitting power are not advance plannings and configure, all be independently to deacclimatize environment of living in, in allowed band, independently carry out the selection of resource and share out the work with the negotiation of other LE equipment by equipment itself.
In the LE network,, usually need between equipment, carry out the negotiation of resource for making each equipment operate as normal or optimally work.The present invention aims to provide a kind of safe and practical LE devices communicating mode, thereby guarantees LE equipment not under fire, continues operate as normal.
A kind of common situation that needs between the LE base station to communicate by letter is, IBS starts back scanning less than the frequency range of free time, it need with the hold consultation utilization of shared frequency spectrum of the adjacent station of OBS.The information interaction owing to hold consultation between the base station that does not have reliable wireless mode supply and demand to consult, the communication negotiation process between IBS and the OBS mainly adopts wired mode, but this must be based upon on wired contact method basis of IBS or the known the other side of OBS.
Because running parameters such as the frequency spectrum of LE equipment, position, transmitting power, coverage are not advance planning, their startup, withdraw from and all have very big randomness.Will start so have which base station around the OBS base station there is no telling of operate as normal, have the adjacent station of which OBS around does not know the new IBS base station that starts yet.By broadcasting to eating dishes without rice or wine, IBS can send the contact information of oneself in the scope that it interferes with, receive that like this terminal of information just can report these information in the OBS base station under it, for the subsequent contacts between OBS initiation and the IBS.
In a word, need and acquisition the other side's openly own by certain mode contact method between the LE equipment, disclosed method can be various.Can utilize its contact method that is relayed to the other side base station such as existing by the terminal that contact details is broadcast to the other side in the common overlay area when overlapping when coverage, perhaps by known region server according to information searching the other side such as position and contact method thereof or the like.After the contact method that obtains the other side, can switch to wired mode and carry out follow-up negotiation work.
Need between the LE base station that compossibility consults directly by eating dishes without rice or wine or means such as public servicer are open and obtain the network address of relevant LE base station, and utilize the disclosed network address to begin contact.Here the address of saying is exactly the network address (as the IP address) usually.In fact, the equipment of needs negotiation resource often belongs to different operators or does not have the network of trusting relationship mutually, and the direct of service in base station IP address openly can bring very big potential hazard.If malicious attacker has been obtained the service IP address of wireless base station, just can directly initiate various attack to the network port of base station.
Fig. 1 shows the schematic diagram that obtains the network address and communicate between the LE base station in the correlation technique.Its IP address is broadcasted in the base station that begins to start (Initializing Base Station is abbreviated as IBS) in eating dishes without rice or wine.The terminal of being disturbed then uploads to the IP address that receives base station (the Operating Base Station of the operate as normal under oneself, be abbreviated as OBS), OBS directly initiates the contact request from wired network according to submitted IP address, also feedback message is to behind the OBS in the IBS request of receiving, follow-up communication mechanism has just been set up.As mentioned above, the IBS base station with the address in the middle broadcasting of eating dishes without rice or wine, just the network address of IBS oneself is open, under attack easily.
Therefore, need a kind of technology that can guarantee the communication security between the LE base station.
Summary of the invention
The present invention aims to provide the safety communicating method that has overcome one or more problems that limitation and defective owing to prior art cause basically.
To achieve these goals, the invention provides a kind of communication means, be used to realize the secure communication between at least the first base station and second base station, described first base station comprises at least one first acting server, may further comprise the steps: S202, described first base station sends first message to described second base station, and described first message comprises first Base Station Identification of first network address and described first base station of described first acting server; And S204, described second base station in response is in described first message, according to described first Base Station Identification, send the contact request message to described first base station, described first base station in response sends response message in described contact request message to described second base station, thus the secure communication of realization and described second base station.
At described step S204, when described first message is received in described second base station, carry out following steps: S208, described second base station sends a request message to described first agency service according to described first network address; S210, described first acting server will be given described first base station from the described request forwards of described second base station; S212, described first base station in response sends response message in the described first described request message of acting on behalf of server forwards to described first acting server; And S214, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
At described step S204, described second base station judges according to first condition whether described first base station is credible, if it is credible, then carry out following steps: S206, send the contact request message to described first base station, described first base station in response sends response message in described contact request message to described second base station, thus the secure communication of realization and described second base station.
At described step S204, described second base station judges according to described first condition whether described first base station is credible, if insincere, then carry out following steps: S208, described second base station sends a request message to described first agency service according to described first network address; S210, described first acting server will be given described first base station from the described request forwards of described second base station; S212, described first base station in response sends response message in the described first described request message of acting on behalf of server forwards to described first acting server; And S214, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
In technique scheme, described second base station comprises at least one second acting server, and described second base station establishes a communications link by described second acting server and described first base station or described first acting server.Described first base station and described second base station are the wireless base stations.The IP address that described first network address is described first acting server.Described Base Station Identification be can described first base station of unique indication any sign, comprise following one of at least: the MAC Address of base station identifier, base station and the port numbers of acting server.Described first condition comprise following one of at least: described first base station and described second base station known each other separately the network address, known each other be the rule of the correct and manual configuration of the base station of same operator, known shared same acting server, known the other side's encrypted public key and signature.Described first base station radio is broadcasted described first message, receives described contact request message by wired connection.
In said method, further may further comprise the steps: S906, described contact request message is judged directly from second base station in described first base station whether, if, then proceed to step S908, if not, then proceed to step S910; S908, described first base station directly sends feedback message to described second base station, is connected thereby set up safety with described second base station; Whether S910 judges described contact request message from described first acting server, if, then proceed to step S912, if not, then proceed to step S914; S912, described first base station sends feedback message by described first acting server to described second base station, is connected thereby set up safety with described second base station; And S914, described first base station is judged as illegal contact request with described contact request message, and it is abandoned.
In said method, further may further comprise the steps: S1002, described second base station receives the reporting message from described first base station; S1004, the Base Station Identification of the network address and described first base station of the acting server in the described reporting message is extracted in described second base station; S1006, described second base station judges whether described first base station is the base station of trusting each other with described second base station, if, then carry out step S1008 and step S1010, if not, then carry out step S1012 and step S1014; S1008, described second base station directly sends the contact request message to the network address or described first acting server of described first base station; S1010, described second base station receives the feedback message from described first base station or described first acting server, obtains with described first base station and contacts directly; S1012, described second base station sends the contact request message by first acting server of second acting server to described first base station of itself; And S1014, get in touch with described first base station by the feedback message of described second acting server reception from described first base station in described second base station.
Described first message further comprises real-time key.Described real-time key is the random data that described first base station produces in real time, has certain term of validity.Described contact request message comprises described real-time key, if described real-time key is expired, then described first base station abandons described contact request message.The network address of described first base station and described first Base Station Identification form unique mapping relations, and the network address of described second base station and described second Base Station Identification form unique mapping relations.
Because bearer service is wanted in the base station, so the IP address of base station must be relatively-stationary.And the compossibility that links to each other with each base station agency only is used for agency's transmitting-receiving compossibility signaling, so the influence of its IP address change configuration is less and can back up mutually.And the information that the compossibility agency need handle is not frequent, and required bandwidth is very little, and the possibility of back under attack paralysis is less, and RTK mechanism has further limited the bandwidth of illegal signaling.The simple cost of compossibility agent functionality is low, is convenient to adopt a plurality of agency's backups to improve reliability.
In the present invention, the network address purposes of base station only is limited in the scope of trust, and not can eat dishes without rice or wine and whole network in open, it is reduced greatly in cable network possibility under attack.
By technique scheme, the present invention has realized following technique effect:
1. because base station self networks interface will carry lot of data business and relevant control, the change of its IP address can bring a lot of harmful effects.And the compossibility that links to each other with each base station agency only is used for agency's transmitting-receiving compossibility signaling, so its network address change configuration does not influence the main business of base station, and can back up mutually between many agencies.The compossibility agency needs the information of processing less simultaneously, and required bandwidth is little, and the possibility of back under attack paralysis is less.The simple cost of compossibility agent functionality is low, is convenient to adopt a plurality of agency's backups to improve reliability;
2. in the present invention, the network address of base station only is limited in the scope of trust, can not disclose in public network, and it is reduced in cable network possibility under attack; And
3. receive when attacking paralysis single agency, can continue with the contact of LE equipment room and the business network of base station self is not produced harmful effect by change Agent IP address or the mode of enabling backup agent.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 shows the message interaction process figure that obtains the network address and communicate between the LE base station in the correlation technique;
Fig. 2 shows the flow chart of communication means according to an embodiment of the invention;
Fig. 3 shows the message interaction process figure corresponding with communication means shown in Figure 2;
Fig. 4 shows the flow chart of communication means according to another embodiment of the invention;
Fig. 5 shows the flow chart of communication means according to still a further embodiment;
Fig. 6 shows the message interaction process figure of communication means according to still another embodiment of the invention;
Fig. 7 shows according to the message interaction process figure of the communication means of an embodiment more of the present invention;
Fig. 8 shows according to the message interaction process figure of the communication means of an embodiment more of the present invention;
Fig. 9 shows the schematic flow sheet of IBS in above-mentioned communication means; And
Figure 10 shows the schematic flow sheet of OBS in above-mentioned communication means.
Embodiment
Describe the present invention in detail referring now to accompanying drawing.In the present invention, IBS is the used network address of broadcast base station own service not, but broadcasts its compossibility agency's address and the Base Station Identification of self.The Base Station Identification here is any mark that can uniquely be indicated to this base station, for example can be the base station identifier of fixed allocation, also can be the MAC Address of base station, or even agency's port numbers etc.
Fig. 2 shows the flow chart of communication means according to an embodiment of the invention.This communication means, be used to realize the secure communication between at least the first base station and second base station, described first base station comprises at least one first acting server, it may further comprise the steps: S202, described first base station sends first message to described second base station, and described first message comprises first Base Station Identification of first network address and described first base station of described first acting server; And S204, described second base station in response is in described first message, according to described first Base Station Identification, send the contact request message to described first base station, described first base station in response sends response message in described contact request message to described second base station, thus the secure communication of realization and described second base station.
Fig. 3 shows the message interaction process figure corresponding with communication means shown in Figure 2.IBS utilizes radio open, sends acting server (the being also referred to as the agency) network address of P1 and the Base Station Identification of IBS of IBS to OBS.If OBS judges IBS and is and the base station of OBS mutual trust, then sends the contact solicited message to IBS.IBS sends response message in response to the contact solicited message to OBS.
Fig. 4 shows the flow chart of communication means according to another embodiment of the invention.This communication means may further comprise the steps: S402, and described first base station sends first message to described second base station, and described first message comprises first Base Station Identification of first network address and described first base station of described first acting server; S404, when described first message was received in described second base station, described second base station sent a request message to described first agency service according to described first network address; S406, described first acting server will be given described first base station from the described request forwards of described second base station; S408, described first base station in response sends response message in the described first described request message of acting on behalf of server forwards to described first acting server; And S410, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
Fig. 5 shows the flow chart of communication means according to still a further embodiment.This communication means is used to realize the secure communication between at least the first base station and second base station, and first base station comprises at least one first acting server, and second base station comprises at least one second acting server, and this method may further comprise the steps:
S202, first base station sends first message to second base station, and first message comprises first Base Station Identification of first network address and first base station of described first acting server;
S204, second base station in response according to first Base Station Identification, judges according to first condition whether described first base station is credible in described first message, if credible, then proceeds to step S206; And
S206, second base station is to first base station transmission contact request message, and first base station in response sends response message in the contact request message to second base station, thus the secure communication of the realization and second base station.
Described first condition comprise following one of at least: described first base station and described second base station known each other separately the network address, known each other be the rule of the correct and manual configuration of the base station of same operator, known shared same acting server, known the other side's encrypted public key and signature.Described Base Station Identification be can described first base station of unique indication any sign, comprise following one of at least: the MAC Address of base station identifier, base station and the port numbers of acting server.
According to another embodiment, at step S204, described second base station in response according to described first Base Station Identification, judges according to described first condition whether described first base station is credible in described first message, if insincere, then carries out following steps:
S208, described second base station sends a request message to described first agency service according to described first network address;
S210, described first acting server will be given described first base station from the described request forwards of described second base station;
S212, described first base station in response sends response message in the described first described request message of acting on behalf of server forwards to described first acting server; And
S214, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
In said method, first base station is IBS, and second base station is OBS.
Fig. 6 shows the message interaction process figure of communication means according to still another embodiment of the invention.Promptly Xiang Huxinren IBS and OBS can directly carry out interacting message.In the message that OBS receives, the base station of sign is the trust base station of our station, and can find the network address of IBS at our station, and then OBS directly mails to IBS with corresponding queued session message.IBS and OBS directly carry out the session contact thus.Different with the message interaction process figure shown in Fig. 3 is, IBS has the P1 of agency, and IBS utilizes radio open, sends the network address of acting on behalf of P1 of IBS and the Base Station Identification of IBS to OBS.If OBS judges IBS and is not and the base station of OBS mutual trust that then the P1 that acts on behalf of to IBS sends solicited message, acts on behalf of P1 request message is transmitted to IBS.IBS sends response message in response to request message to acting on behalf of P1, acts on behalf of P1 and transmits response message to OBS.
Fig. 7 shows according to the message interaction process figure of the communication means of an embodiment more of the present invention.
IBS broadcasts its compossibility agency's address and the Base Station Identification of self.The Base Station Identification here is any mark that can uniquely be indicated to this base station, for example can be the base station identifier of fixed allocation, also can be the MAC Address of base station, or even agency's port numbers etc.
And the OBS that receives this information will be only when judging that this IBS is the base station of non-mutual trust by own agency to agency's initiation of IBS communication to IBS; When (following optional) judges that as OBS discovery IBS is the base station of trusting fully and the network address of containing the other side base station in database (situations of same operator or other unified configurations), can select by this base station directly and the other side base station communicate, or communicate by the agency of this base station and the other side base station.
The base station of mutual trust is the base station of one group of unified management, has write down the other side's the sign and the network address in advance, can trust each other in each base station of for example same subordinate of operator.Whether the Base Station Identification identification of OBS by IBS is with the our station mutual trust and can checks in the other side's the network address.This compossibility proxy information is finished configuration before IBS eats dishes without rice or wine initialization, trust each other in compossibility agency and base station itself, the agency maintains secrecy the base station network address of IBS in this programme, externally consult only to occur with agency's the network address and the sign of base station, Base Station Identification is in the unique mapping in the network address of Agency and base station.
In the message that OBS receives, the base station of sign is not the trust base station of our station, perhaps can not find out the network address of IBS at our station, then OBS is with corresponding queued session message, additional oneself Base Station Identification, the sign of IBS and act on behalf of the address of P1 is transmitted to the P2 that acts on behalf of of oneself.P2 carries out session according to the address of acting on behalf of P1 and P1 and transmits, and the message that P1 will receive from P2 is transmitted to IBS according to the sign of IBS.After IBS makes response, act on behalf of P1 by it again and be transmitted to P2, P2 changes and sends back to OBS.According to this in proper order, IBS and OBS can finish required session contact.
When OBS judges this IBS is base station trusty, this base station, and this base station can find the address of IBS according to Base Station Identification, and then above-mentioned communication process can be simplified to the process shown in figure below, does not promptly directly get in touch with by acting on behalf of two base stations.
Fig. 8 shows according to the message interaction process figure of the communication means of an embodiment more of the present invention.This is on the basis of the foregoing description, has increased the promptness that RTK (Real Time Key, key in real time) judges message response.
Can get rid of the rogue device camouflage by broadcasting agency's address and consult resource.In addition, if the message of broadcasting is leaked on eating dishes without rice or wine, IBS acts on behalf of the attack that P1 also might suffer big flow.For strengthening agency's anti-attack ability, can in the radio broadcasting message of IBS, increase a real-time key RTK.RTK is the random data that is produced in real time by IBS, each RTK the term of validity for some time.Because whether its randomness and actual effect, rogue device are difficult to simulation, illegal with this response of judging OBS.
When at first IBS carries out radio broadcasting, also this RTK is passed to it and act on behalf of P1, safeguard its validity by P1.The contact request that OBS feeds back also needs this value transparent transmission is returned.If IBS to act on behalf of the RTK that P1 receives in the contact request be the RTK of overtime (expired), think that then this request illegally, abandons.Like this, the initial procedure of getting in touch with by the agency between IBS and the OBS is as shown below, requires the P1 that acts on behalf of of IBS that the request message that forwards from P2 is carried out filtration treatment by timing, abandons overtime contact request, and other processes are with aforementioned.
Fig. 9 shows the schematic flow sheet of IBS in above-mentioned communication means.
IBS just waits for the contact request from the OBS response on cable network after sending out broadcast.This contact request may receive from known base station, also may receive from local agent, and IBS need mail to this locality response the place, source of contact request.And be regarded as illegally from the response of other interfaces or equipment, do discard processing.Idiographic flow as shown in Figure 9, at first, IBS sends agent address and the Base Station Identification (S902) of oneself by eating dishes without rice or wine; Receive wired contact request (S904) then from OBS; Then, judge that whether wired contact request is from known base station (S906); If judged result is that wired contact request is from known base station, then directly send feedback information (S908) to this base station; If judged result is wired contact request is not from known base station, judge that then whether wired contact request is from agency (S910); If judged result is that wired contact request is from the agency, then send feedback message (S912) by the agency; If judged result is wired contact request is not from the agency, then should wired contact request be judged as illegal contact request, and abandoned (S914).
Figure 10 shows the schematic flow sheet of OBS in above-mentioned communication means.
Whether OBS is the sign of trusting the base station according to Base Station Identification contained in the message that receives, and does different processing.When the base station receive by its SS transmit the message report after, whether the indicated base station of sign contained in the detect-message is this base station trusted and the base station of having write down its network address.If then this OBS base station is directly by the network address and this base station communication of this base station, perhaps this OBS base station is directly acted on behalf of by the IBS in the message and is sent and IBS contact request.Otherwise this OBS base station can only be by the agency of oneself, to the agency's transmission of IBS and the contact request of IBS.
At first, OBS receives reporting information (S1002); Then, agency network address in the OBS extraction reporting message and the Base Station Identification (S1004) of IBS; Then, OBS judges whether this IBS is the base station (S1006) of trusting each other with OBS; If, then directly send and get in touch with solicited message (S1008) to the network address of IBS or its agency, receive direct feedback information of IBS and IBS then and obtain and contact directly (S1010); If not, sending contact request message (S1012) by own agency to the IBS agency, then, receive IBS through feedback information and the IBS that acts on behalf of formally get in touch (S1014) by the agency.
Because bearer service is wanted in the base station, so the IP address of base station must be relatively-stationary.And the compossibility that links to each other with each base station agency only is used for agency's transmitting-receiving compossibility signaling, so the influence of its IP address change configuration is less and can back up mutually.And the information that the compossibility agency need handle is not frequent, and required bandwidth is very little, and the possibility of back under attack paralysis is less, and RTK mechanism has further limited the bandwidth of illegal signaling.The simple cost of compossibility agent functionality is low, is convenient to adopt a plurality of agency's backups to improve reliability.
In the present invention, the network address purposes of base station only is limited in the scope of trust, and not can eat dishes without rice or wine and whole network in open, it is reduced greatly in cable network possibility under attack.
By technique scheme, the present invention has realized following technique effect:
1. because base station self networks interface will carry lot of data business and relevant control, the change of its IP address can bring a lot of harmful effects.And the compossibility that links to each other with each base station agency only is used for agency's transmitting-receiving compossibility signaling, so its network address change configuration does not influence the main business of base station, and can back up mutually between many agencies.The compossibility agency needs the information of processing less simultaneously, and required bandwidth is little, and the possibility of back under attack paralysis is less.The simple cost of compossibility agent functionality is low, is convenient to adopt a plurality of agency's backups to improve reliability;
2. in the present invention, the network address of base station only is limited in the scope of trust, can not disclose in public network, and it is reduced in cable network possibility under attack; And
3. receive when attacking paralysis single agency, can continue with the contact of LE equipment room and the business network of base station self is not produced harmful effect by change Agent IP address or the mode of enabling backup agent.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (16)
1. communication means is used to be implemented at least the first base station of exempting from licensed band and the secure communication between second base station, it is characterized in that, may further comprise the steps:
S202, described first base station sends first message to described second base station, and described first message comprises first network address of at least one first acting server of described first base station and first Base Station Identification of described first base station; And
S204, described first base station receives the contact request message that described second base station sends, described contact request message be by described second base station in response in described first message, send to described first base station according to described first Base Station Identification; Described first base station in response sends response message in described contact request message to described second base station, thus the secure communication of realization and described second base station.
2. communication means according to claim 1 is characterized in that, described step S204 may further comprise the steps:
S404, described second base station sends described contact request message according to described first network address to described first acting server;
S406, described first acting server will be transmitted to described first base station from the described contact request message of described second base station;
S408, described first base station in response sends response message in the described first described contact request message of acting on behalf of server forwards to described first acting server; And
S410, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
3. communication means according to claim 1 is characterized in that, at described step S204, described second base station judges according to first condition whether described first base station is credible, if credible, then carries out following steps:
S206 sends the contact request message to described first base station, and described first base station in response sends response message in described contact request message to described second base station, thus the secure communication of realization and described second base station.
4. communication means according to claim 1 is characterized in that, at described step S204, described second base station judges according to first condition whether described first base station is credible, if insincere, then carries out following steps:
S208, described second base station sends described contact request message according to described first network address to described first agency service;
S210, described first acting server will be transmitted to described first base station from the described contact request message of described second base station;
S212, described first base station in response sends response message in the described first described contact request message of acting on behalf of server forwards to described first acting server; And
S214, described first acting server is transmitted to described second base station with the described response message that described first base station sends.
5. according to each described communication means in the claim 1 to 4, it is characterized in that, described second base station comprises at least one second acting server, and described second base station establishes a communications link by described second acting server and described first base station or described first acting server.
6. according to each described communication means in the claim 1 to 4, it is characterized in that described first base station and described second base station are the wireless base stations.
7. according to each described communication means in the claim 1 to 4, it is characterized in that the IP address that described first network address is described first acting server.
8. according to each described communication means in the claim 1 to 4, it is characterized in that, described Base Station Identification be can described first base station of unique indication any sign, comprise following one of at least: the MAC Address of base station identifier, base station and the port numbers of acting server.
9. according to claim 3 or 4 described communication meanss, it is characterized in that, described first condition comprise following one of at least: described first base station and described second base station known each other separately the network address, known each other be the rule of the correct and manual configuration of the base station of same operator, known shared same acting server, known the other side's encrypted public key and signature.
10. according to each described communication means in the claim 1 to 4, it is characterized in that described first base station radio is broadcasted described first message, receive described contact request message by wired connection.
11. communication means according to claim 10 is characterized in that, further may further comprise the steps:
S906, described contact request message is judged directly from second base station in described first base station whether, if, then proceed to step S908, if not, then proceed to step S910;
S908, described first base station directly sends response message to described second base station, is connected thereby set up safety with described second base station;
Whether S910 judges described contact request message from described first acting server, if, then proceed to step S912, if not, then proceed to step S914;
S912, described first base station sends response message by described first acting server to described second base station, is connected thereby set up safety with described second base station; And
S914, described first base station is judged as illegal contact request with described contact request message, and it is abandoned.
12., it is characterized in that described first message further comprises real-time key according to each described communication means in the claim 1 to 4.
13. communication means according to claim 12 is characterized in that, described real-time key is the random data that described first base station produces in real time, has the term of validity.
14. communication means according to claim 13 is characterized in that, described contact request message comprises described real-time key, if described real-time key is expired, then described first base station abandons described contact request message.
15. according to each described communication means in the claim 1 to 4, it is characterized in that, the network address of described first base station and described first Base Station Identification form unique mapping relations, and the network address of described second base station and second Base Station Identification form unique mapping relations.
16. a communication means is used to be implemented at least the first base station of exempting from licensed band and the secure communication between second base station, it is characterized in that, may further comprise the steps:
S1002, described second base station receives first message from described first base station;
S1004, the Base Station Identification of the network address and described first base station of the acting server in described first message is extracted in described second base station;
S1006, described second base station judges whether described first base station is the base station of trusting each other with described second base station, if, then carry out step S1008 and step S1010, if not, then carry out step S1012 and step S1014;
S1008, described second base station directly sends the contact request message to the network address or described first acting server of described first base station;
S1010, described second base station receives the response message from described first base station or described first acting server, obtains with described first base station and contacts directly;
S1012, described second base station sends the contact request message by first acting server of second acting server to described first base station of itself; And
S1014, get in touch with described first base station by the response message of described second acting server reception from described first base station in described second base station.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100675303A CN101031141B (en) | 2006-02-28 | 2006-02-28 | Safety telecommunication method |
| PCT/CN2007/000442 WO2007098678A1 (en) | 2006-02-28 | 2007-02-08 | An agent server, a method for realizing the agent by the agent server and a system and method of security communication system |
| US12/200,761 US20090044280A1 (en) | 2006-02-28 | 2008-08-28 | Proxy server, method for realizing proxy, and secure communication system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100675303A CN101031141B (en) | 2006-02-28 | 2006-02-28 | Safety telecommunication method |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110323785.2A Division CN102355468B (en) | 2006-02-28 | 2006-02-28 | Safe communication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101031141A CN101031141A (en) | 2007-09-05 |
| CN101031141B true CN101031141B (en) | 2011-11-09 |
Family
ID=38716147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100675303A Expired - Fee Related CN101031141B (en) | 2006-02-28 | 2006-02-28 | Safety telecommunication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101031141B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2011241482A1 (en) * | 2010-04-15 | 2012-12-06 | Australian Postal Corporation | Communication system and method |
| CN102075537B (en) * | 2011-01-19 | 2013-12-04 | 华为技术有限公司 | Method and system for realizing data transmission between virtual machines |
| CN103200061A (en) * | 2013-04-17 | 2013-07-10 | 北京推博信息技术有限公司 | Method of building trust relationship between communication devices and communication devices and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630405A (en) * | 2003-12-18 | 2005-06-22 | 中国电子科技集团公司第三十研究所 | Method of bidirectional authentication during subscriber switch in digital cellular mobile communication system |
| CN1656708A (en) * | 2002-05-28 | 2005-08-17 | 摩托罗拉公司 | Dynamic mobile station configuration in wireless communications systems and methods therefor |
| WO2005076648A1 (en) * | 2004-02-06 | 2005-08-18 | Telefonaktiebolaget L. M. Ericsson (Publ) | Handover between a cellular network and an unlicensed-radio access network using a single identifier for all the access points |
-
2006
- 2006-02-28 CN CN2006100675303A patent/CN101031141B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1656708A (en) * | 2002-05-28 | 2005-08-17 | 摩托罗拉公司 | Dynamic mobile station configuration in wireless communications systems and methods therefor |
| CN1630405A (en) * | 2003-12-18 | 2005-06-22 | 中国电子科技集团公司第三十研究所 | Method of bidirectional authentication during subscriber switch in digital cellular mobile communication system |
| WO2005076648A1 (en) * | 2004-02-06 | 2005-08-18 | Telefonaktiebolaget L. M. Ericsson (Publ) | Handover between a cellular network and an unlicensed-radio access network using a single identifier for all the access points |
Non-Patent Citations (1)
| Title |
|---|
| IEEE802.16 Working Group.DraftIEEE Stand for Local and metropolitan area networks.《IEEE 802.16h-06/004》.2006,第75至第79页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101031141A (en) | 2007-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Barua et al. | Security and privacy threats for bluetooth low energy in iot and wearable devices: A comprehensive survey | |
| CN101119206B (en) | Identification based integrated network terminal united access control method | |
| JP3570310B2 (en) | Authentication method and authentication device in wireless LAN system | |
| CN103354543B (en) | Determine that destination node is for the method for the propinquity of source node and corresponding node | |
| CN106376003B (en) | Detect WLAN connection and WLAN data transmission method for uplink and its device | |
| CN102006276B (en) | Licensing and certificate distribution via secondary or divided signaling communication pathway | |
| CN109462850A (en) | A kind of network collocating method and smart machine of smart machine | |
| KR20170140157A (en) | Secure Dynamic Networks and Protocols | |
| CN105577680A (en) | Key generation method, encrypted data analyzing method, devices and key managing center | |
| JP2006524017A (en) | ID mapping mechanism for controlling wireless LAN access with public authentication server | |
| CN102202299A (en) | Realization method of end-to-end voice encryption system based on 3G/B3G | |
| CN112491550B (en) | Mobile terminal equipment credibility authentication method and system based on Internet of vehicles | |
| CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN105553666A (en) | Security authentication system and method for smart power terminal | |
| US20090044280A1 (en) | Proxy server, method for realizing proxy, and secure communication system and method thereof | |
| CN108235300B (en) | Method and system for protecting user data security of mobile communication network | |
| CN105530612A (en) | WIFI authentication method using mobile terminal to access outdoor device and system | |
| CN101031141B (en) | Safety telecommunication method | |
| CN101534236A (en) | Encryption method and device for relay station communication | |
| CN108449758A (en) | A kind of binding method and system of Intelligent hardware | |
| CN102883265B (en) | The positional information method of sending and receiving of access user, equipment and system | |
| JPH1141280A (en) | Communication system, vpn repeater and recording medium | |
| JP4775154B2 (en) | COMMUNICATION SYSTEM, TERMINAL DEVICE, PROGRAM, AND COMMUNICATION METHOD | |
| EP1658701B1 (en) | Method, system and mobile terminal for establishing a vpn connection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING ZHIXUN HUOBAN TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20150703 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150703 Address after: 100193 Beijing City, northeast of Haidian District, South Road, No. 29, building 3, room 4, room 4516 Patentee after: Beijing wisdom partner Technology Co., Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111109 Termination date: 20170228 |