CN107332639B - Method and system for realizing private network communication - Google Patents

Method and system for realizing private network communication Download PDF

Info

Publication number
CN107332639B
CN107332639B CN201710439642.5A CN201710439642A CN107332639B CN 107332639 B CN107332639 B CN 107332639B CN 201710439642 A CN201710439642 A CN 201710439642A CN 107332639 B CN107332639 B CN 107332639B
Authority
CN
China
Prior art keywords
private network
base station
micro base
white list
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710439642.5A
Other languages
Chinese (zh)
Other versions
CN107332639A (en
Inventor
胡应添
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comba Network Systems Co Ltd
Original Assignee
Comba Telecom Technology Guangzhou Ltd
Comba Telecom Systems China Ltd
Comba Telecom Systems Guangzhou Co Ltd
Tianjin Comba Telecom Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comba Telecom Technology Guangzhou Ltd, Comba Telecom Systems China Ltd, Comba Telecom Systems Guangzhou Co Ltd, Tianjin Comba Telecom Systems Co Ltd filed Critical Comba Telecom Technology Guangzhou Ltd
Priority to CN201710439642.5A priority Critical patent/CN107332639B/en
Publication of CN107332639A publication Critical patent/CN107332639A/en
Application granted granted Critical
Publication of CN107332639B publication Critical patent/CN107332639B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/80Jamming or countermeasure characterized by its function
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K3/00Jamming of communication; Counter-measures
    • H04K3/60Jamming involving special techniques
    • H04K3/62Jamming involving special techniques by exposing communication, processing or storing systems to electromagnetic wave radiation, e.g. causing disturbance, disruption or damage of electronic circuits, or causing external injection of faults in the information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a system for realizing private network communication, wherein the system comprises the following steps: the system comprises a micro base station, a gateway, special network core network equipment and a shielding device; the shielding device is used for shielding wireless signals of each frequency band of a non-private network type in a coverage area of the micro base station and shielding wireless signals of a private network type and a non-private network frequency band; the micro base station is used for receiving an uplink signal sent by a first private network communication terminal, and if the first private network communication terminal is determined to be a terminal in a white list set, the uplink signal is sent to private network core network equipment through a gateway; the private network core network equipment is used for receiving an uplink signal sent by the micro base station through the gateway and sending a downlink signal to the micro base station; the micro base station is further used for receiving a downlink signal sent by the private network core network device, and if the second private network communication terminal corresponding to the downlink signal is determined to be a terminal in the white list set, the downlink signal is sent to the second private network communication terminal, so that a novel private network communication system is provided.

Description

Method and system for realizing private network communication
Technical Field
The present invention relates to the field of communications, and in particular, to a method and a system for implementing private network communications.
Background
Prison is used as a national punning and punishing executing organ, is responsible for the heavy tasks of maintaining stability, punishing and transforming criminals and protecting socialist economic construction, and urgently requires the modernization of self construction. Prison management is gradually converted from the traditional civil defense, physical defense and joint defense modes into the mode of taking technical defense as a main part, the core requirement of prison management work is to ensure the safety and stability of prison places, and ten applications are required to be built in emphasis in national prison informatization construction planning of the department of justice, wherein the first application comprises prison safety precaution; as the internet has evolved into the mobile internet, the most prominent information security concern has shifted from networks to wireless communications. In 2009, a number of regulations on strengthening the safety management work of prisons (35 for short) were issued, item 3 in the text specifically requiring that "a cell phone signal shielding device should be installed in a prison"; in 2012, the judicial department starts the information second-stage project of prisons nationwide to build ten major applications, namely a prison safety precaution and communication command system; in 2014, the application demonstration project of managing and controlling the internet of things by national prisoners is jointly started by the development and modification commission and the finance department, and the internet of things is advocated to be applied to prisons.
Therefore, the establishment of a high-tech modern unified command system for prisons is imperative, communication services such as telephone call stealing and data transmission are strictly forbidden in the prisons, and therefore the intrusion of all standard network signals outside the prisons is imperative. A cluster intercom system is adopted in the prison at present, the communication means of the system is single and laggard, and the current communication management mode of the prison needs to be updated by means of modern communication technology capability urgently.
Disclosure of Invention
The embodiment of the invention provides a method and a system for realizing private network communication, which are used for providing a novel private network communication system.
The embodiment of the invention provides a system for realizing private network communication, which comprises: the system comprises a micro base station, a gateway, special network core network equipment and a shielding device;
the shielding device is used for shielding wireless signals of each frequency band of a non-private network type in the coverage area of the micro base station and shielding wireless signals of a private network type and a non-private network frequency band in the coverage area of the micro base station;
the micro base station is used for receiving an uplink signal sent by a first private network communication terminal, and if the first private network communication terminal is determined to be a terminal in a white list set, the uplink signal is sent to the private network core network equipment through the gateway;
the private network core network equipment is used for receiving an uplink signal sent by the micro base station through the gateway and sending a downlink signal to the micro base station;
the micro base station is further configured to receive a downlink signal sent by the private network core network device, and send the downlink signal to a second private network communication terminal if it is determined that the second private network communication terminal corresponding to the downlink signal is a terminal in a white list set.
Based on the same inventive concept, the embodiment of the present invention further provides a method for implementing private network communication, where the method includes:
a micro base station receives an uplink signal which is shielded by a shielding device and sent by a first private network communication terminal in a coverage area of the micro base station, wherein the shielding device shields wireless signals of each frequency band of a non-private network system in the coverage area of the micro base station and shields wireless signals of a private network system and a non-private network frequency band in the coverage area of the micro base station;
and if the micro base station determines that the first private network communication terminal is a terminal in a white list set, the micro base station sends the uplink signal to the private network core network equipment through the gateway.
The embodiment of the invention realizes the functions of shielding full-system full-frequency-band signals and allowing the terminal to utilize specific system signals of specific operators for wireless communication, on one hand, the private network for mobile communication provided by the embodiment of the invention allows a white list user terminal to carry out normal private network internal communication, and on the other hand, the non-private network signals are effectively shielded by using the shielding device, specifically, the terminal sends uplink signals to the micro base station and is accessed to a private network core network through a gateway, so that the terminal in the coverage area of the micro base station can carry out normal internal wireless communication, on the other hand, the shielding device can realize shielding of the non-private network signals, shield the invasion of all system network signals in the coverage area of the micro base station, and prevent illegal user communication.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a first schematic diagram of a system for implementing a new type of private network communication according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system for implementing a new type of private network communication according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a local controller according to an embodiment of the present invention;
fig. 4 is a third schematic diagram of a system for implementing a new type of private network communication according to an embodiment of the present invention;
fig. 5 is a fourth schematic view of a system for implementing a new private network communication according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a system for implementing a new type of private network communication according to an embodiment of the present invention;
fig. 7 is a flowchart illustrating a method for implementing private network communication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Various aspects are described herein in connection with a terminal and/or a base station. Terminals, devices (devices) that provide voice and/or data connectivity to a user, including wireless terminals or wired terminals. The wireless terminal may be a handheld device having wireless connection capabilities, or other processing device connected to a wireless modem, a mobile terminal communicating with one or more core networks via a radio access network. For example, a wireless terminal may be a mobile telephone (or "cellular" telephone), a handset, and a computer having a mobile terminal. As another example, a wireless terminal may be a portable, pocket, hand-held, computer-included, or vehicle-mounted mobile device. For another example, the wireless terminal may be a mobile station (mobile station), an access point (access point), or a part of a User Equipment (UE).
As shown in fig. 1, an embodiment of the present invention provides a novel system for implementing private network communication, where the system includes: the system comprises a micro base station, a gateway, special network core network equipment and a shielding device;
the shielding device is used for shielding wireless signals of each frequency band of a non-private network type in the coverage area of the micro base station and shielding wireless signals of a private network type and a non-private network frequency band in the coverage area of the micro base station;
the micro base station is used for receiving an uplink signal sent by a first private network communication terminal, and if the first private network communication terminal is determined to be a terminal in a white list set, the uplink signal is sent to the private network core network equipment through the gateway;
the private network core network equipment is used for receiving an uplink signal sent by the micro base station through the gateway and sending a downlink signal to the micro base station;
the micro base station is further configured to receive a downlink signal sent by the private network core network device, and send the downlink signal to a second private network communication terminal if it is determined that the second private network communication terminal corresponding to the downlink signal is a terminal in a white list set.
The private network core network equipment is a core component of the system for providing private network wireless communication service, and mainly has the functions of providing user plane connection, managing users and completing service bearing; the establishment of the user connection includes functions of mobility management, call management, switching, etc. The user management comprises the description of the user, the Qos (quality of Service), the user communication record (Accounting), and the security (the provision of corresponding security measures by the authentication center includes the security management of the mobile Service and the security processing of the access to the external network). Bearer connectivity includes to packet data networks and intranets, etc.
The internal voice communication signaling flow of the private network communication system formed in the places such as prisons or examination rooms covered by the micro base station is as follows: (1) the intelligent terminal of the calling party is accessed to the core network equipment of the private network through the micro base station and sends an uplink signal to the core network equipment of the private network; (2) the private network core network device pages the called intelligent terminal through network access control, data routing and forwarding processing of the private network core network, sends downlink signals to the micro base station, and then sends the downlink signals to the calling intelligent terminal through the micro base station to form a local voice communication loop network in the private network. It can be seen that private network communication is formed by private network core network equipment and the micro base station, and terminals in places such as prisons or examination rooms covered by the micro base station can communicate with each other by utilizing the private network.
The micro base station is a single-mode micro base station and only serves for covering wireless signals of one system of one operator. In addition, in general, in the places needing shielding, such as prisons, examination rooms and the like, few users are allowed to communicate, and therefore, single-mode micro base station coverage is adopted. Moreover, the frequency points can be configured very rarely, so that a small section of frequency band of one standard is selected, the frequency spectrum resources are saved, and the cost is reduced. For example, the GSM (Global System for mobile communication, Global System for mobile communications) System 1M bandwidth of 900MHz of china mobile can be selected for wireless communication of private networks. The single-mode micro base station can be connected with the gateway and the indoor distribution subsystem at the same time, and then is accessed to the public network core network equipment through the soft switch gateway, so that the downlink signal of the public network core network equipment covers the indoor terminal through the single-mode micro base station through the indoor distribution subsystem, and in addition, the single-mode micro base station transmits the uplink signal of the terminal in the indoor distribution subsystem to the operator core network, so that a normal and complete uplink and downlink wireless communication link is formed.
The shielding device can select a multi-mode signal shielding device, the multi-mode signal shielding device is a multi-mode multi-band signal source, and comprises 2G, 3G and 4G signal sources, all operators and frequency bands are covered, wireless signals of all systems and all frequency bands of various operators except the system and the frequency band where a private network is located can be shielded, and the shielded area is ensured to be covered without blind spots. If the specific frequency band of the multi-mode multi-band signal source comprises: moving in China: GSM: 890-909/935-954 MHz; TD-SCDMA (Time Division-Synchronous Code Division Multiple Access): 2010-2025 MHz; TD-LTE (Time Division Long Term Evolution): 1880-1920MHz, 2575-2635MHz and 2300M-24000M; china Unicom: GSM: 909-915/954-960 MHz; WCDMA (Wideband Code Division Multiple Access): 1950-1955/2130-2145 MHz; FDD-LTE (frequency division duplex-long term evolution): 1755-1765/1850-1860 MHz; 1955-1980/2145-2170 MHz; china telecom: FDD-LTE: 1755-1785/1850-1880 MHz; 1920-1940/2110-2130 MHz; CDMA (Code Division Multiple Access): 870 and 880 MHz.
When the multimode signal shielding device is connected with the indoor distribution subsystem, the multimode multi-band shielding signals can be covered to an indoor specific area without blind spots, and the shielding processing of the terminal signals in the area is realized. The first shielding method is as follows: the multimode signal shielding device can emit various standard signal interference noise levels to deteriorate the signal-to-noise ratio of a macro base station signal of a public network, and according to the wireless communication principle, when the signal-to-noise ratio is lower than a certain threshold, a terminal cannot normally analyze the signal-to-noise ratio, namely the terminal displays no signal. The second shielding method may be to shield the mobile phones in the target area by using a "virtual base station". The virtual base station utilizes the technology of the mobile communication protocol layer, a shielding network is superposed on the network coverage of an operator, and a terminal in a target area is transferred from the operator network to the shielding network in modes of reselection and the like by methods of fine coverage, parameter adjustment and the like, so that the way of transmitting information (including conversation, short multimedia messages and data services) to the outside by the terminal is cut off, and the purpose of shielding communication signals of the operator is achieved. The shielding device equipment adopting a high-power full-frequency-band signal or virtual base station mode uniformly distributes shielding signals in an area to be shielded through an indoor deployment distribution subsystem, so that the shielding effect of the area to be shielded is achieved, and meanwhile, the interference of public network signals outside the area to be shielded is avoided. The indoor distribution subsystem is composed of a Radio Remote Unit (RRU), an antenna feeder system, and the like, and realizes indoor seamless coverage of wireless signals.
In addition, besides normal shielding, some scenes also need to accurately capture the terminal identification of the illegal user on the basis of signal shielding, and timely collect and pay the terminals such as the mobile phone of the illegal user, so that greater destructive behavior is avoided. In order to implement this function, the embodiment of the present invention further enhances the function of the masker, so that the masker has a function of capturing the identifier of the terminal of the illegal user. The specific principle is as follows: according to the principle that a terminal is accessed into a core network, a multimode signal shielding device is used as a virtual base station to continuously send signaling such as position updating and request, so that illegal users are induced to be accessed into the virtual base station, and the users are always resident in the virtual base station. However, the virtual base station is not connected to the operator core network, so that normal wireless communication service functions, such as telephone and short message, cannot be completed. However, since the illegal user can be allowed to access the virtual base station, information such as IMSI (International Mobile subscriber identity Number) of the user can be captured by collecting uplink signals of the terminal, and since the position information of the user can be approximately obtained through the virtual base station, the terminal of the illegal user can be captured quickly.
Furthermore, the shielding device reports the detected business behaviors to the control server in real time, the business behaviors are displayed on the control operation client, and when the business behaviors of the unauthorized users appear, the private network communication system can give out sound and light alarm to prompt an administrator to quickly capture the mobile phone of the unauthorized user, so that greater harm is avoided. The management and control operation client is further configured to generate a white list set, and send the white list set to a management and control server, where the white list set includes an identifier of at least one terminal. In addition, the management and control server is further configured to receive and store the white list set sent by the management and control operation client, and issue the white list set to the micro base station.
Further, the private network communication system may further include a local controller, where the local controller is configured to receive the uplink signal sent by the micro base station, perform encryption processing and data aggregation processing on the received uplink signal, and send the uplink signal after the encryption processing and the data aggregation processing to the private network core network device or the public network core network device. The system controls the data flow direction through a local controller installed at the rear end of a base station, all signaling data directly flow to a core network device of a private network and are processed by a core network, and data which does not pass access authentication is directly filtered by the local controller, as shown in fig. 2. The uplink signal sent by the micro base station directly forwards the traffic belonging to the local content service to the local content server according to the target IP and the port number, where the content represented by the local content server may include: enterprise management platforms such as enterprise networks and OA.
The local controller comprises the following modules: as shown in fig. 3, the secure access module server of the local controller and the secure access module client constitute a server and a client of Internet protocol security (IPsec), and a secure end-to-end link is constructed between the micro base station and the core network. IPsec is a type of Virtual Private Network (VPN) used to establish an encrypted tunnel between a server and a client and to transmit sensitive data. The signaling processing module completes the convergence and forwarding of the S1 signaling of the LTE, converges and forwards the uplink signaling of the micro base station to the private network core network, and converges and forwards the downlink signaling of the private network core network to the micro base station. The data processing module completes the convergence and forwarding of the S1 data of the LTE, converges and forwards the uplink data of the micro base station to the private network core network, and converges and forwards the downlink data of the private network core network to the micro base station. The system comprises a signaling processing module, a data processing module, a security access module server, a security access module client, a micro base station and a security access module, wherein the signaling processing module and the data processing module are simultaneously connected with the security access module server and the security access module client, and send downlink signaling and data of a private network core network to the micro base station after IPsec encryption; and after the signaling and the data IPsec which are uploaded by the micro base station are decrypted, the signaling and the data IPsec are sent to a private network core network.
The centralized control Management module of the local controller completes functions of Radio Resource Management (RRM), a Self-organizing Network (Self-organizing Network), mobility Management, overall Network parameter configuration, and local traffic offload, which are functions that the conventional gateway does not have, and these functions ensure that the special function requirements of an intranet private Network can be completed.
Further, in order to realize that the terminal in the private network can perform wireless communication with the terminal in the public network, the private network communication system further comprises public network core network equipment, wherein the public network core network equipment, namely an operator core network, is a core component of the system for providing normal wireless communication service, and the operator core network mainly has the functions of providing user plane connection, managing users and completing service bearing and is used as a bearing network for providing an interface to an external network. The establishment of the user connection includes mobility management, call management, switching/routing, voice notification (connection to intelligent network peripheral equipment is completed in conjunction with intelligent network services), and other functions. The user management includes the description of the user, Qos (Quality of Service), user communication record, and security (the provision of corresponding security measures by the authentication center includes security management for mobile services and security processing for external network access). Bearer connections include PSTN (Public Switched telephone network) to the outside, external circuit data networks and packet data networks, the internet and intranets, etc. As shown in fig. 4, the system shown in fig. 4 mainly includes a private network core network, a local controller, a micro base station, and an IMS converged communication switch. The internal private network mainly realizes the voice call function by the IMS converged communication switch, a mobile phone in the prison range can use a private network core network to go through a Session Initiation Protocol (SIP), registration and authentication are carried out on the IMS converged communication switch, the IMS converged communication switch provides the voice call function to realize the voice call in the prison, and meanwhile, the IMS converged communication switch and an operator public network can be butted through an E1 interface to realize the mutual call inside and outside the prison. The IMS converged communication switch can also realize the communication among the voice phone, the IP phone and the mobile phone in the prison, and realize interconnection and intercommunication of various communication modes in the prison; in addition, because an independent private network is arranged in the prison, a mobile phone entering the private network range cannot use the authentication mode of a public network, so that cards need to be issued independently, a terminal needs a full-network dual-card dual-standby mobile phone, an operator public network card is used outside the prison, and the use of the private network card can be automatically switched when the terminal arrives in the prison.
The internal and external voice communication signaling flows of the private network communication system formed in the places such as prisons or examination rooms covered by the micro base station are as follows: (1) the intelligent terminal of the calling party is accessed to the core network equipment of the private network through the micro base station and sends an uplink signal to the core network equipment of the private network; (2) the private network core network equipment is accessed into an IMS core network of an operator public network through an IMS fusion communication switch, pages to a called intelligent terminal, sends a downlink signal to a micro base station, and then sends the downlink signal to a calling intelligent terminal through the micro base station to form a voice communication loop network inside and outside the private network. Therefore, the public network core network equipment, the private network core network equipment and the micro base station form private network communication, and terminals in places such as prisons or examination rooms covered by the micro base station can communicate with terminals of an external public network by using the private network.
The IMS converged communication switch is a key network element for accessing an internal private network of the system to an operator public network, and is a connection bridge of an enterprise private network and an operator public network link, wherein the internal private network is accessed to an IMS core network of the operator public network. The system provides voice, data, standard definition/high definition video conferences and telepresence conferences, supports multi-terminal access, provides comprehensive interoperability, and can integrate not only the traditional mobile fixed and SIP networks but also the traditional H.323 conference of the existing network and an enterprise OA system.
As shown in fig. 5, an embodiment of the present invention provides a novel authorization communication system in a mobile communication informatization integrated application system, where the system mainly includes a private network core network, a local controller, a micro base station, a communication management and control server, and a communication management and control operation platform. The white list communication control is realized on the micro base station, and the configuration, the addition and deletion and the like of the specific white list user are operated on a communication control operation platform. Through communication management and control operation platform, realize increasing of white list user and delete processing, moreover, the strategy of communication management and control also can be disposed through communication management and control operation platform, and the strategy includes: only voice or short message or data service is allowed, voice and short message service is allowed, voice and data service is allowed, and the like, and specific strategies and data are stored in the communication management and control server. Each user unit manages a white list of authorized communication independently and increases and decreases in time according to needs; in addition, only the mobile phone number of the operator allowed to communicate openly can apply for authorization, and the mobile phone numbers of other unauthorized operators cannot authorize. For example, white list users can only authorize normal communication by the mobile phone number of china mobile, china unicom or chinese telecom; the specific method comprises the following steps: the method comprises the steps of obtaining IMSI signals of white list users in advance, configuring the IMSI of the white list users through a communication control operation platform, storing data to a communication control server, in practical application, sending a white list user list and corresponding IMSI signals by the communication control server, and automatically configuring a micro base station system.
Further, the private network communication system further includes: a management and control server, a management and control operation client, a network management server and a cluster scheduling server, as shown in fig. 6. The management and control server is connected with the gateway and the management and control operation client, some management and control strategies are operated through remote processing and control of the management and control operation client, and the management and control strategies are stored on the management and control server. The processing such as white list setting, increase and decrease, and the like, and the communication policy setting of the white list user include: only voice or short message or data service is allowed, voice and short message service is allowed, voice and data service is allowed, and the like.
Further, the management and control operation client is further configured to generate a management and control policy, where the management and control policy is used to control the function permission of the internal application program of the terminal in the white list set. That is to say, for a terminal in the white list, the management and control server issues a management and control policy to the terminal in the white list, which may control the switching of some application programs of the terminal in the terminal, for example, turning off functions such as bluetooth and short message, and turning on a call function.
The private network communication system can also comprise a network management server which is simultaneously connected with the gateway, the single-mode micro base station and the multi-mode signal shielding device to realize the functions of user interface management, user group management, software management, log management, system maintenance, parameter setting, alarm reporting, system function switching and the like of the gateway, the single-mode micro base station and the multi-mode signal shielding device, wherein a common network management interface is based on a TR-069 protocol.
The cluster scheduling server is a communication platform with an all-IP architecture, and is a multimedia commanding and scheduling platform integrating video scheduling, voice scheduling and instant information. Supporting cluster talkback, one-key calling, dynamic recombination, late entry and the like can be realized; the system has the voice scheduling function, comprises organization architecture and authority management, supports instant messages, and realizes the distribution of the messages and the presentation of user states. And meanwhile, the system also has management functions including multilevel authority control management, multi-user group management and multi-unit management.
The trunking dispatching server is connected with the trunking dispatching operation platform, the trunking dispatching server realizes video dispatching, voice dispatching and instant information functions, and dispatching management functions such as group calling, monitoring, meeting, recording and the like are realized through the dispatching platform.
Based on the same inventive concept, an embodiment of the present invention provides a flowchart of a method for implementing private network communication, and as shown in fig. 7, the method specifically includes:
step S101, a micro base station receives an uplink signal which is shielded by a shielding device and sent by a first private network communication terminal in a coverage area of the micro base station, wherein the shielding device shields wireless signals of all frequency bands of a non-private network system in the coverage area of the micro base station and shields wireless signals of a private network system and a non-private network frequency band in the coverage area of the micro base station.
Step S102, if the micro base station determines that the first private network communication terminal is a terminal in a white list set, the micro base station sends the uplink signal to the private network core network equipment through the gateway.
Further, the micro base station receives a downlink signal sent by the private network core network device;
and the micro base station determines that a second private network communication terminal corresponding to the downlink signal is a terminal in a white list set according to the downlink signal, and then sends the downlink signal to the second private network communication terminal.
In addition, when the private network communication system is connected to the public network core network device, the micro base station receives an uplink signal which is shielded by the shielding device and sent by a third private network communication terminal in the coverage area of the micro base station;
and if the micro base station determines that the third private network communication terminal is a terminal in a white list set, the micro base station sends the uplink signal to the public network core network equipment through the gateway.
Further, the micro base station receives a downlink signal sent by the public network core network device;
and the micro base station determines that a fourth private network communication terminal corresponding to the downlink signal is a terminal in a white list set according to the downlink signal, and then sends the downlink signal to the fourth private network communication terminal.
Further, before the micro base station sends the uplink signal to the private network core network device or the public network core network device through the gateway, the method further includes:
and the micro base station sends the uplink signal to a local controller through the gateway for encryption processing and data aggregation processing.
Further, the management and control server issues a management and control policy to the terminals in the white list, so that the terminals in the white list set internally include the management and control policy, and the management and control policy is used for controlling the function permission of the internal application program of the terminals in the white list set.
Specifically, the implementation method for private network communication provided by the embodiment of the present invention includes the following implementation steps:
firstly, selecting information such as an operator, a communication system, a communication frequency band and the like for private network wireless communication, for example, a 1805-1806 MHz frequency band of China Mobile DCS1800, which can be used for private network communication;
and step b, determining that the white list mobile phone users which can carry out private network communication and non-white list mobile phone users can not normally communicate. A white list can be set on the single-mode micro base station (in practical application, a communication control server issues a white list user list and a corresponding IMSI signal, and automatically configures the single-mode micro base station system), only the mobile phone in the white list can reside in the micro base station cell and allow communication, and other mobile phones cannot normally reside; the method comprises the steps of realizing the normal communication service inside a private network among white list users based on private network core network equipment, a gateway subsystem, a single-mode micro base station and an indoor distribution subsystem, and realizing the normal communication service between the private network and a public network among the white list users based on the private network core network equipment, the public network core network equipment, the gateway subsystem, the single-mode micro base station and the indoor distribution subsystem.
And c, based on the multimode signal shielding device and the indoor distribution subsystem, all other operators, communication systems and communication frequency bands which do not allow normal communication outside the private network are completely shielded, such as 1805-1806 MHz frequency bands of China Mobile DCS1800(digital cellular System at 1800MHz, 1800MHz digital cellular System), and the method can be used for indoor normal communication, and comprises the following steps: china Unicom full-system full-band signals including GSM, DCS, WCDMA, LTE, etc.; shielding China telecom full-system full-band signals including CDMA, LTE and the like; the method is used for shielding all band signals of TD-LTE, TD-SCDMA and GSM 900MHz of China mobile, and shielding signals of the band 1806-1840 MHz of DCS1800MHz of China mobile.
D, the administrator realizes the addition and deletion processing of the white list user through the management and control operation client, and the management and control strategy can also be configured through the management and control operation client, and the strategy comprises the following steps: only voice or short message or data service is allowed, voice and short message service is allowed, voice and data service is allowed, and the like, and specific strategies and data are stored in the communication management and control server. Each user unit manages a white list of authorized communication independently and increases and decreases in time according to needs; in addition, only the mobile phone number of the operator allowed to communicate openly can apply for authorization, and the mobile phone numbers of other unauthorized operators cannot authorize. For example, white list users can only authorize normal communication by mobile phone numbers of China Mobile;
e, realizing full-system full-frequency band shielding of signals in a specific area based on the multimode signal shielding device and the indoor distribution subsystem; based on an operator core network, a gateway subsystem, a single-mode micro base station and an indoor distribution subsystem, wireless coverage of specific standard signals of a specific operator is achieved. Therefore, the embodiment of the invention provides a novel indoor wireless communication system, which realizes the functions of signal shielding of full-system full frequency bands and wireless communication of specific-system signals of specific operators.
In summary, the embodiments of the present invention implement full-system full-band signal shielding and a function of allowing a terminal to perform wireless communication using a specific system signal of a specific operator, on one hand, the private mobile communication network provided in the embodiments of the present invention allows a white list user terminal to perform normal private network internal communication, and effectively shields a non-private network signal using a shielding device, and specifically, the terminal sends an uplink signal to a micro base station, and accesses to a private network core network through a gateway to perform normal internal wireless communication for the terminal in a coverage area of the micro base station, and on the other hand, the shielding device can shield the non-private network signal, shield intrusion of all system network signals in the coverage area of the micro base station, and prevent an illegal user from performing communication.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (14)

1. A system for implementing private network communication, the system comprising: the system comprises a micro base station, a gateway, special network core network equipment and a shielding device;
the shielding device is used for shielding wireless signals of each frequency band of a non-private network type in the coverage area of the micro base station and shielding wireless signals of a private network type and a non-private network frequency band in the coverage area of the micro base station;
the micro base station provides wireless signal coverage of a preset frequency band of a preset system; the micro base station is used for receiving an uplink signal sent by a first private network communication terminal, and if the first private network communication terminal is determined to be a terminal in a white list set, the uplink signal is sent to the private network core network equipment through the gateway;
the private network core network equipment is used for receiving an uplink signal sent by the micro base station through the gateway and sending a downlink signal to the micro base station;
the micro base station is further configured to receive a downlink signal sent by the private network core network device, and send the downlink signal to a second private network communication terminal if it is determined that the second private network communication terminal corresponding to the downlink signal is a terminal in a white list set.
2. The system of claim 1, wherein the micro base station is further configured to receive an uplink signal sent by a third private network communication terminal, and if it is determined that the third private network communication terminal is a terminal in a white list set, send the uplink signal to a public network core network device through the gateway;
the micro base station is further configured to receive a downlink signal sent by the public network core network device, and send the downlink signal to a fourth private network communication terminal if it is determined that the fourth private network communication terminal corresponding to the downlink signal is a terminal in a white list set.
3. The system of claim 1 or 2, wherein the system further comprises: a local controller;
the local controller is used for receiving the uplink signal sent by the micro base station, performing encryption processing and data aggregation processing on the received uplink signal, and sending the uplink signal after the encryption processing and the data aggregation processing to the private network core network device or the public network core network device.
4. The system of claim 1, wherein the masker is specifically to:
transmitting interference signals to interfere wireless signals of all frequency bands of the non-private network system and wireless signals of the non-private network system and interfering the private network system;
or, superimposing a shielding signal on the wireless signal of each frequency band of the non-private network system in the coverage area of the micro base station, and superimposing a shielding signal on the wireless signal of the private network system and the non-private network frequency band in the coverage area of the micro base station.
5. The system of claim 1, further comprising a governance operation client;
the management and control operation client is used for generating a white list set and sending the white list set to a management and control server, wherein the white list set comprises an identifier of at least one terminal.
6. The system of claim 5, further comprising a policing server;
and the management and control server is used for receiving and storing the white list set sent by the management and control operation client and issuing the white list set to the micro base station.
7. The system of claim 5, wherein the governance operation client is further configured to generate a governance policy for controlling functional permissions of internal applications of the terminals in the whitelist set.
8. A method for implementing private network communication is characterized in that the method comprises the following steps:
a micro base station receives an uplink signal which is shielded by a shielding device and sent by a first private network communication terminal in a coverage area of the micro base station, wherein the shielding device shields wireless signals of each frequency band of a non-private network system in the coverage area of the micro base station and shields wireless signals of a private network system and a non-private network frequency band in the coverage area of the micro base station; the micro base station provides wireless signal coverage of a preset frequency band of a preset system;
and if the micro base station determines that the first private network communication terminal is a terminal in a white list set, the micro base station sends the uplink signal to private network core network equipment through a gateway.
9. The method of claim 8, further comprising:
the micro base station receives a downlink signal sent by the private network core network equipment;
and the micro base station determines that a second private network communication terminal corresponding to the downlink signal is a terminal in a white list set according to the downlink signal, and then sends the downlink signal to the second private network communication terminal.
10. The method of claim 8, further comprising:
the micro base station receives an uplink signal which is shielded by a shielding device and sent by a third private network communication terminal in the coverage area of the micro base station;
and if the micro base station determines that the third private network communication terminal is a terminal in a white list set, the micro base station sends the uplink signal to public network core network equipment through the gateway.
11. The method of claim 10, further comprising:
the micro base station receives a downlink signal sent by the public network core network equipment;
and the micro base station determines that a fourth private network communication terminal corresponding to the downlink signal is a terminal in a white list set according to the downlink signal, and then sends the downlink signal to the fourth private network communication terminal.
12. The method according to claim 8 or 10, wherein before the micro base station sends the uplink signal to the private network core network device or the public network core network device through the gateway, the method further includes:
and the micro base station sends the uplink signal to a local controller through the gateway for encryption processing and data aggregation processing.
13. The method of claim 8 or 10, wherein before the micro base station receives the uplink signal transmitted by the first private network communication terminal in the coverage area of the micro base station shielded by the shield, the method further comprises:
and the micro base station receives the white list set issued by the management and control server, wherein the white list set comprises the identification of at least one terminal.
14. The method of claim 9, wherein the terminals in the white list set internally contain a control policy, and the control policy is used for controlling the functional authority of internal applications of the terminals in the white list set.
CN201710439642.5A 2017-06-12 2017-06-12 Method and system for realizing private network communication Active CN107332639B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710439642.5A CN107332639B (en) 2017-06-12 2017-06-12 Method and system for realizing private network communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710439642.5A CN107332639B (en) 2017-06-12 2017-06-12 Method and system for realizing private network communication

Publications (2)

Publication Number Publication Date
CN107332639A CN107332639A (en) 2017-11-07
CN107332639B true CN107332639B (en) 2020-01-14

Family

ID=60195334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710439642.5A Active CN107332639B (en) 2017-06-12 2017-06-12 Method and system for realizing private network communication

Country Status (1)

Country Link
CN (1) CN107332639B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235261B (en) * 2017-12-30 2021-04-30 深圳森虎科技股份有限公司 Method for reliably transmitting information of multimode intelligent communication equipment
CN110519545B (en) * 2018-05-22 2021-11-23 中兴通讯股份有限公司 Conference authority control method and system, server, terminal and storage medium
CN110661753B (en) * 2018-06-30 2021-10-22 华为技术有限公司 Network registration method, device and system
CN109274428B (en) * 2018-08-24 2024-06-04 浙江三维通信科技有限公司 Digital optical fiber distributed signal management and control system
CN109089003B (en) * 2018-09-21 2021-04-13 深圳市蜜蜂新智慧科技有限公司 Converged communication system
CN111726240B (en) * 2019-03-22 2022-01-21 华为技术有限公司 Terminal control method, device and system
CN111083697B (en) * 2020-01-10 2022-08-26 中国联合网络通信集团有限公司 Access method, terminal, micro base station and access system
CN111565436B (en) * 2020-04-15 2022-08-12 中国联合网络通信集团有限公司 Communication method and access network equipment
CN113543246B (en) * 2020-04-21 2023-11-21 成都鼎桥通信技术有限公司 Network switching method and device
CN111885600B (en) * 2020-09-02 2023-04-07 中国联合网络通信集团有限公司 Access method of dual-card terminal, terminal and server
CN114245326B (en) * 2022-02-25 2022-05-27 南京北路智控科技股份有限公司 Method, system and equipment for intercommunication between coal mine private network and operator LTE core network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527574A (en) * 2009-03-27 2009-09-09 王方松 Shielding system for seamless grading management
CN103152121A (en) * 2013-03-05 2013-06-12 京信通信系统(广州)有限公司 Intelligent shielding signal generator and system for cell phone signals
CN106686583A (en) * 2016-02-05 2017-05-17 焦秉立 Method and device for safe communication in WiFi environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8965365B2 (en) * 2012-07-11 2015-02-24 Apple Inc. Robust frequency scan in presence of strong adjacent systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527574A (en) * 2009-03-27 2009-09-09 王方松 Shielding system for seamless grading management
CN103152121A (en) * 2013-03-05 2013-06-12 京信通信系统(广州)有限公司 Intelligent shielding signal generator and system for cell phone signals
CN106686583A (en) * 2016-02-05 2017-05-17 焦秉立 Method and device for safe communication in WiFi environment

Also Published As

Publication number Publication date
CN107332639A (en) 2017-11-07

Similar Documents

Publication Publication Date Title
CN107332639B (en) Method and system for realizing private network communication
CN107342838B (en) Method and system for realizing private network communication
US11140611B2 (en) SIM whitelisting and multi-operator core networks
US11997585B2 (en) SIM whitelisting and multi-operator core networks
WO2018227929A1 (en) Method and device for implementing private network communication
CN107294641B (en) A kind of screen method and device of wireless signal
DE202006020958U1 (en) Self-configuring cellular base station
US20150350459A1 (en) Billing system, billing apparatus, and billing method
CN107332640B (en) A kind of screen method and device of wireless signal
CN105830473B (en) A kind of means of communication, user equipment, access network equipment and application server
US10499263B2 (en) Wireless in-band backhaul communication
US9444851B2 (en) Intercepting device-to-device communication
EP4135376A1 (en) Method and device for secure communication
CN102869042B (en) Method and system for transmitting wireless data streams
US10313856B2 (en) Unified communication system based on micro base station
CN113765874A (en) Private network and dual-mode networking method based on 5G mobile communication technology
US9107071B2 (en) Method and system for transmitting wireless data streams
EP4132092A1 (en) N14 interface support indicator for service continuity
CN110968106A (en) Aircraft control method and device
CN106258015B (en) Service distribution method and device
CN104618895B (en) Safe communication system based on micro-base station
CN118301634A (en) Communication method and communication device
CN112533205B (en) Method and system for realizing intelligent communication based on non-operator wireless network
CN118102259A (en) Unmanned aerial vehicle management and control method, communication device and storage medium
CN103780599A (en) Realization method and device for cross-domain bidirectional mobile telephone service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200108

Address after: 510663 No. 10, Shenzhou Road, Science City, Guangzhou, economic and Technological Development Zone, Huangpu District, Guangzhou, Guangdong Province

Patentee after: Jingxin Communication System (China) Co., Ltd.

Address before: 510663 Luogang District Science City, Guangzhou, Shenzhou Road, No. 10, Guangdong

Co-patentee before: Jingxin Communication System (Guangzhou) Co., Ltd.

Patentee before: Jingxin Communication System (China) Co., Ltd.

Co-patentee before: Jingxin Communication Technology (Guangzhou) Co., Ltd.

Co-patentee before: TIANJIN COMBA TELECOM SYSTEMS CO., LTD.

TR01 Transfer of patent right
CP01 Change in the name or title of a patent holder

Address after: 510663 No.10, Shenzhou Road, Guangzhou Science City, economic and Technological Development Zone, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Jingxin Network System Co.,Ltd.

Address before: 510663 No.10, Shenzhou Road, Guangzhou Science City, economic and Technological Development Zone, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Comba Telecom System (China) Ltd.

CP01 Change in the name or title of a patent holder