CN108668278A - A kind of communication means based on terminal - Google Patents

A kind of communication means based on terminal Download PDF

Info

Publication number
CN108668278A
CN108668278A CN201810488574.6A CN201810488574A CN108668278A CN 108668278 A CN108668278 A CN 108668278A CN 201810488574 A CN201810488574 A CN 201810488574A CN 108668278 A CN108668278 A CN 108668278A
Authority
CN
China
Prior art keywords
communication
communication terminal
terminal
base station
base stations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201810488574.6A
Other languages
Chinese (zh)
Inventor
王歆歆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201810488574.6A priority Critical patent/CN108668278A/en
Publication of CN108668278A publication Critical patent/CN108668278A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices
    • H04W88/04Terminal devices adapted for relaying to or from another terminal or user

Abstract

The present invention provides a kind of communication means based on terminal, including:First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute base station Microcell (terminal basedsmallcell, TSC) based on terminal;The base stations TSC receive the access request of the second communication terminal, and establish and communicate to connect with second communication terminal;Second communication terminal carries out data interaction by a security isolation module of the base stations TSC with the communication base station or/and core net.The present invention also provides a kind of communication terminal and communication systems.The communication means based on terminal may insure to access the communication security of the second communication terminal of the base stations TSC.

Description

A kind of communication means based on terminal
Technical field
The present invention relates to field of communication technology more particularly to a kind of communication means, communication terminal and communications based on terminal System.
Background technology
Personalized, the diversified application that mobile Internet is provided, is greatly enriched people’s lives.It is same therewith When, the safety of communication equipment also becomes a problem needed to be considered.It is adopted especially with mobile terminals such as smart mobile phones It is continuously developed and is utilized with intelligent operating system and various applications, it inevitably can be by the computer from internet The infection of virus and network attack, cause the leakage of the interruption and user's private information of business.
On the other hand, with mobile terminal number be on the increase and the diversification of business demand, in order to further The bearing capacity and capacity of traditional network are improved, the miniaturization of base station and the densification of network node have become inevitable choosing It selects.It is neatly communicated for second as a kind of currently, having existed and base station functions being integrated on the mobile terminals such as smart mobile phone Terminal provides the scheme of cell manner access.Here the second communication terminal, it may be possible to the terminal of limited ability, such as low cost Internet-of-things terminal or other equipment.If building Microcell (the terminal based-small based on intelligent mobile phone terminal Cell, T-SC) base station, it is necessary to consider the safety problem of communication.Because in this scheme, the base stations T-SC are built in smart mobile phone On, T-SC base station equipments itself are also unsafe.Or traditional base station equipment is located at the network domains of operator, such as macro base It stands, safety is ensured using the security mechanism and Physics Security Tragedy (forbidding illegally entering base station configuring area) of network domains, Although to be recognized by the safety of security gateway SeGW such as Home eNodeB HNB/HeNB positioned at the region of user's deployment Card and authentication, safe ipsec tunnel is established to ensure base station between relevant core net (Core Network, CN) network element Safety, so as to complete the function of base station, including preserve institute's access user equipment (User Equipment, UE) and connect shape Carrying information (Context Information) under state, and carry out the control plane of access layer (Access Stratum, AS) The export of (Control Plane, CP) and user plane (User Plane, UP) security key, to support the foundation of radio bearer With switching etc. operations.The above factor is not directly provided with for T-SC base station equipments.
In current smart mobile phone design, the function of " dual system " is partly had been realized in, it can be cell phone system point At " safety zone " and " non-security district ", data that " safety zone " is reduced by this security isolation technology wind under attack Danger.But how using the intelligent mobile phone terminal of this dual system T-SC base station functions is provided, had not been studied and openly.And it is existing There is the dual system safe mobile phone technology in technology, the structure for T-SC base station functions can not be directly applied, because of the technology sheet Body only only accounts for the application demand of user, and the flow of the base stations T-SC convergence access itself may not be smart mobile phone itself Business, but the business of other connected UE.How the UE business of these convergences carries out safety assurance and isolation, is not yet solved Certainly.On the other hand, the base stations T-SC once support cell function, it is necessary to safeguard the carrying information of accessed UE, these information There itself have to be safety assurance.Otherwise, it these information is had leaked likely results in user and acted as fraudulent substitute for a person, to generate mistake Mandate accidentally even charging.Therefore, the intelligent mobile phone terminal of dual system will support the function of the base stations T-SC, also need to be directed to T-SC bases It stands and supports the independent safety protecting mechanism of information design of cell function.
Invention content
The present invention provides a kind of communication means based on terminal with safety protecting mechanism, to promote traditional communication net While the bearing capacity and capacity of network, the safety of the communication information is better ensured that.
In addition, the present invention also provides a kind of communication terminal, the first communication terminal using the communication means based on terminal with Communication base station or/and core net establish communication connection, and the second communication terminal is made to pass through the first communication terminal and the communication base It stands or/and core net carries out data interaction, can effectively promote the bearing capacity and capacity of conventional communication networks, and ensure to communicate The safety of information.
In addition, the present invention also provides a kind of communication system, the first communication terminal using the communication means based on terminal with Communication base station or/and core net establish communication connection, and the second communication terminal is made to pass through the first communication terminal and the communication base It stands or/and core net carries out data interaction, can effectively promote the bearing capacity and capacity of conventional communication networks, and ensure to communicate The safety of information.
A kind of communication means based on terminal, includes the following steps:
First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute the Microcell based on terminal The base station (terminal based-small cell, T-SC);
The base stations T-SC receive the access request of the second communication terminal, and establish communication link with second communication terminal It connects;
The security isolation module and the communication base station or/and core that second communication terminal passes through the base stations T-SC Heart net carries out data interaction.
Wherein, the security isolation module is set in a physical memory of first communication terminal or the peace Full isolation module is arranged independently of first communication terminal, and is built with the communication terminal by wireline interface or wireless interface Vertical connection, the interior data stored of the security isolation module can not be by the application programs unrelated with T-SC base station communications or using journey Sequence program interface call.
Wherein, the security isolation module includes the first secure isolation zone and the second secure isolation zone, first safety Isolated area is used to preserve and safeguard the parameter information when first terminal is run as the base stations T-SC, second safety Isolated area is for preserving and safeguarding that second communication terminal passes through the base stations T-SC and the communication base station or/and core net Carry out the convergence data flow of formation when data interaction.
Wherein, first communication terminal includes the first operating mode and the second operating mode, first operating mode Default mode of operation when being run as general communication terminal for the first communication terminal, second operating mode are the first communication Operating mode when terminal is run as the base stations T-SC, and second operating mode is compatible with first operating mode.
Wherein, the security isolation module further includes third secure isolation zone, and the third secure isolation zone is for preserving With maintenance first communication terminal data friendship is carried out with the communication base station or/and core net under second operating mode The native data stream formed when mutually.
Wherein, it further includes step that the base stations T-SC, which are established with second communication terminal before communication connection,:Switching institute The operating mode for stating the first communication terminal is the second operating mode, under second operating mode, first communication terminal Data interaction is carried out using only the security isolation module and second terminal, communication base station or/and core net.
Wherein, second communication terminal by the security isolation modules of the base stations T-SC and the communication base station or/ It is specially with the step of core net progress data interaction:The base stations T-SC receive the first number that second communication terminal is sent According to and be stored in second secure isolation zone, and according to the first data described in the identification information pair of second communication terminal into Line flag, and first data after label are sent to the communication base station or/and core net.
Wherein, second communication terminal by the security isolation modules of the base stations T-SC and the communication base station or/ Further include with the step of core net progress data interaction:The base stations T-SC receive the communication base station or/and core net is sent The second data and be stored in second secure isolation zone, and according to the label information of second data and described second logical Believe that the identification information of terminal determines the target terminal for receiving second data, and second data are sent to the target Terminal
Wherein, further include step before the access request of the second communication terminal of the base stations the T-SC reception:The T-SC bases The second communication terminal stood into its radiation scope sends broadcast message, to illustrate itself to have base station functions, and passes through transmission Synchronizing signal and system information, so that second communication terminal accesses the base stations T-SC..
Wherein, the base stations T-SC further include step when receiving the access request of the second communication terminal:To described second The identity of communication terminal is authenticated, and whether has permission the access base stations T-SC with determination second communication terminal.
Wherein, the communication means based on terminal further includes:Second communication terminal disconnects and the base stations T-SC After connection, the first communication terminal closes T-SC base station functions, and switches back into the first operating mode.
Wherein, the communication means further includes:Second communication terminal by the safety of the base stations T-SC every Data interaction is carried out from module and a third communication terminal.
A kind of communication terminal, including:
Connection establishment module, for establishing the communication connection between the communication terminal and communication base station or/and core net, To constitute base station Microcell (terminal based-small cell, T-SC) based on terminal;
Base station module, for providing communication service to the second communication terminal, so that second communication terminal is described in The base stations T-SC carry out data interaction with the communication base station or/and core net;
Security isolation module passes through the base stations T-SC and the communication base station for storing second communication terminal Or/and core net carries out when data interaction the convergence data flow of formation and the communication terminal when being run as the base stations T-SC Parameter information.
Wherein, the communication terminal includes the first operating mode and the second operating mode, and first operating mode is institute Operating mode when communication terminal is run as general communication terminal is stated, second operating mode is the communication terminal conduct The operating mode when base stations T-SC are run, and second operating mode is compatible with first operating mode.
Wherein, the base station module is set in the communication terminal or is arranged independently of the communication terminal, and passes through Wireline interface or wireless interface are established with the communication terminal to be connected.
Wherein, the communication terminal further includes authentication module, is used for when receiving the access request of the second communication terminal, right The identity of second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal It stands.
Wherein, the communication terminal further includes memory module, and the security isolation module is set in the memory module Or in the base station module, the security isolation module includes the first secure isolation zone, the second secure isolation zone and third safety Isolated area, first secure isolation zone is used to preserve and safeguard parameter information required when the base stations the T-SC operation, described Second secure isolation zone for preserve and safeguard second communication terminal by the base stations T-SC and the communication base station or/ The convergence data flow that data interaction between core net is formed, the third secure isolation zone are described logical for preserving and safeguarding Believe native data stream of the terminal works under the second operating mode.
Wherein, second secure isolation zone is additionally operable to preserve and safeguard that second communication terminal passes through the T-SC bases The convergence data flow stood with formation when third communication terminal progress data interaction.
A kind of communication system, including communication base station, core net, communication terminal, the first communication terminal, the second communication terminal and Third communication terminal, the communication connection between first communication terminal and the communication base station or/and core net, composition are based on Base station Microcell (terminal based-small cell, T-SC) of terminal, second communication terminal pass through the T-SC Base station carries out data interaction with the communication base station, core net or/and the third communication terminal.
Communication means of the present invention based on terminal, it is multiple only by being distributed in the physical memory of the first communication terminal Vertical secure isolation zone, required parameter information when preserving and safeguard that the base stations T-SC are run, convergence data flow and primary Data flow, so that it is guaranteed that accessing the communication security of the second communication terminal of the base stations T-SC.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Obtain other attached drawings according to these attached drawings.
Fig. 1 is the flow diagram of the communication means based on terminal of present pre-ferred embodiments.
Fig. 2 is the structural schematic diagram of the communication terminal of present pre-ferred embodiments.
Fig. 3 is the structural schematic diagram of another embodiment of communication terminal provided by the invention.
Fig. 4 is the structural schematic diagram of the communication system of present pre-ferred embodiments.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, present pre-ferred embodiments provide a kind of communication means based on terminal comprising following steps:
Step S1:One integrated Microcell (small cell) base station functions are provided and there is the first operating mode and the second work First communication terminal of operation mode, first communication terminal are established with communication base station or/and core net and are communicated to connect, to constitute Base station Microcell (terminal based-small cell, T-SC) based on terminal.Wherein, first operating mode is Default mode of operation when first communication terminal is run as general communication terminal, second operating mode are described the Operating mode when one communication terminal is run as the base stations T-SC, and second operating mode is compatible with first Working mould Formula, i.e., described first communication terminal in the second operation mode, other than the base stations T-SC can be used as to run, also can be used as common Communication terminal is run.In the present embodiment, the first communication terminal acquiescence is in the first operating mode.
Step S2:The base stations T-SC receive the access request of the second communication terminal, and are built with second communication terminal Vertical communication connection.
Step S3:A security isolation module and the communication base station of second communication terminal by the base stations T-SC Or/and core net carries out data interaction.
In step s 2, further include step before the access request of the second communication terminal of the base stations the T-SC reception:It is described Second communication terminal of the base stations T-SC into its radiation scope sends broadcast message, to illustrate itself to have base station functions, and leads to Transmission synchronizing signal, system information etc. are crossed, so that the second communication terminal can access the base stations T-SC.It is appreciated that institute It can be advance to state the base stations T-SC and send the period of other signals such as broadcast message or synchronizing signal, system information and time-frequency location Definition.
In step s 2, it further includes step that the base stations T-SC, which are established with second communication terminal before communication connection,: The operating mode for switching first communication terminal is the second operating mode, and under second operating mode, described first is logical Believe that terminal is used only the security isolation module and carries out data interaction with the second terminal, communication base station or/and core net.
The security isolation module is set in a physical memory of first communication terminal or the security isolation Module is arranged independently of first communication terminal, and is established and connected with the communication terminal by wireline interface or wireless interface It connects.Required parameter information, convergence data flow when the security isolation module is to preserve and safeguard the base stations the T-SC operation With native data stream.In the present embodiment, the security isolation module include the first secure isolation zone, the second secure isolation zone and Third secure isolation zone.First secure isolation zone is used to preserve and safeguard parameter letter required when the base stations the T-SC operation Breath.Second secure isolation zone is for preserving and safeguarding the convergence data flow.The third secure isolation zone is for preserving and tieing up Protect the native data stream.In the present embodiment, described to pacify first secure isolation zone, the second secure isolation zone and third The memory size of full isolated area can be set to identical or different.The base stations T-SC parameter information required when running, convergence Data flow and native data stream are stored in the secure isolation zone, can prevent it from running unrelated answer with the base stations T-SC by any With program (Application, App) or other applications programming interface (Application Programming Interface, API) it calls and accesses.It is appreciated that if the operation of the base stations T-SC is received from Operator Core Network The configuration of network entity, then its configuration information should be also stored in the security isolation module.
In step s 2, the base stations T-SC further include step when receiving the access request of the second communication terminal:To institute The identity for stating the second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal It stands.By carrying out identification authentication to the second communication terminal before access, the second communication terminal of access request is initiated with judgement is It is no to have permission access, the access of illegal terminal can be prevented, safety and the confidentiality of communication are improved.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net When carrying out data interaction, there is also data interactions between first communication terminal itself and the communication base station or/and core net.Its In, second communication terminal passes through the data interaction shape between the base stations T-SC and the communication base station or/and core net At convergence data flow;Data interaction between first communication terminal itself and the communication base station or/and core net forms primary Data flow.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net Carry out data interaction the step of be specially:The base stations T-SC receive the first data that second communication terminal is sent and store It is marked in second secure isolation zone, and according to the first data described in the identification information pair of second communication terminal, And first data after label are sent to the communication base station or/and core net;The base stations T-SC receive described logical Second data of letter base station or/and core net transmission are simultaneously stored in second secure isolation zone, and according to second data Label information and the identification information of second communication terminal determine the target terminal for receiving second data, and will be described Second data are sent to the target terminal.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net Carry out data interaction the step of further include:The base stations T-SC are according to the mark of the first communication terminal and second communication terminal Information, judge access data stream type, and according to different data stream types respectively with the communication base station or/and core net Carry out data interaction.When the data flow for accessing the base stations T-SC is convergence data flow, the convergence data flow is stored to institute It states in the second secure isolation zone, to prevent it from running unrelated App or other API Calls and visit with the base stations T-SC by any Ask, and finally after data wireless access level or higher convergence layer are accumulated with the communication base station or/and core net It interacts, another second communication terminal being connect with the base stations T-SC can be also forwarded to via the base stations T-SC.When connecing When the data flow for entering the base stations T-SC is native data stream, the native data circulation is stored in the third isolated area, And it crosses between the first communication terminal and the communication base station or/and core net and carries out data interaction.
In step s3, after second communication terminal leaves the radiation scope of the base stations T-SC, further include:It is described Second communication terminal is disconnected with after the connections of the base stations T-SC, and the first communication terminal closes T-SC base station functions, and switches back into the One operating mode.
It is appreciated that the communication means based on terminal may also include:Second communication terminal passes through the T-SC The security isolation module of base station carries out data interaction with a third communication terminal.Second secure isolation zone is additionally operable to protect It deposits and safeguards and formed when second communication terminal carries out data interaction by the base stations T-SC with the third communication terminal Convergence data flow.Wherein, second communication terminal and the third communication terminal can be general communication terminal, such as hand The terminal of the mobile communication terminals such as machine, tablet computer or limited ability, such as internet-of-things terminal of low cost.
The communication means based on terminal, by distributing multiple independent peaces in the physical memory of the first communication terminal Full isolated area, required parameter information, convergence data flow and native data stream when preserving and safeguard that the base stations T-SC are run, To effectively prevent the parameter information and convergence data flow to run unrelated App or other API with the base stations T-SC by any It calls and accesses, it is ensured that access the communication security of the second communication terminal of the base stations T-SC.
Referring to Fig. 2, present pre-ferred embodiments also provide a kind of communication terminal 100, which includes connection Module 10 is established, is communicated to connect for being established with communication base station or/and core net, to constitute the Microcell based on terminal The base station (terminal based-small cell, T-SC);Base station module 20, for providing communication to one second communication terminal Service, so that second communication terminal carries out data friendship by the base stations T-SC and the communication base station or/and core net Mutually;Security isolation module 30, for store second communication terminal by the base stations T-SC and the communication base station or/and Ginseng when the convergence data flow of formation and the communication terminal are run as the base stations T-SC when core net carries out data interaction Number information.It is appreciated that the base station module 20 can be set in communication terminal 100, it is independently of communication terminal 100 and sets It sets, and can be established and be connected with communication terminal 100 by wireline interface or wireless interface.
The communication terminal 100 has the first operating mode and the second operating mode, first operating mode logical for this Operating mode when letter terminal is run as general communication terminal, second operating mode are the communication terminal as T-SC bases The operating mode stood when running, and second operating mode is compatible with first operating mode, i.e., the communication terminal is second Under operating mode, other than the base stations T-SC can be used as to run, general communication terminal operation also can be used as.In the present embodiment, Communication terminal acquiescence is in the first operating mode.
The security isolation module 30 is set in the physical memory of the communication terminal 100, including the first secure isolation zone 31, the second secure isolation zone 33 and third secure isolation zone 35.First secure isolation zone 31 is for preserving and safeguarding the T- The base stations SC parameter information required when running.Second secure isolation zone 33 is for preserving and safeguarding that second communication terminal is logical The convergence data flow that the data interaction crossed between the base stations T-SC and the communication base station or/and core net is formed.The third Secure isolation zone 35 is for preserving and safeguarding that the communication terminal 100 works in the native data stream under the second operating mode.When this When communication terminal 100 is worked under the second operating mode, which is used only first secure isolation zone 31, the Two secure isolation zones 33 and third secure isolation zone 35, to ensure to access the second of the base stations T-SC in the second operation mode The communication security of communication terminal.It is appreciated that the security isolation module 30 may also be disposed in the base station module 20, work as institute When stating base station module 20 and being arranged independently of the communication terminal 100, the security isolation module 30 and base station module 20 are by having Line interface or wireless interface are established with the communication terminal 100 to be connected.
The communication terminal 100 further includes authentication module 40, is used for when receiving the access request of the second communication terminal, right The identity of second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal It stands.By carrying out identification authentication to the second communication terminal before access, the second communication terminal of access request is initiated with judgement is It is no to have permission access, the access of illegal terminal can be prevented, safety and the confidentiality of communication are improved.
The communication terminal 100 further includes handover module 50, the operating mode for switching the communication terminal 100.It is described Before communication connection is established in the base stations T-SC with second communication terminal 401, the communication terminal is switched by the handover module 50 100 operating mode is the second operating mode, and under second operating mode, the peace is used only in the communication terminal 100 Full isolation module carries out data interaction with the second terminal, communication base station or/and core net.
It is appreciated that second communication terminal can also pass through the security isolation module 30 and one of the base stations T-SC Third communication terminal carries out data interaction.Second secure isolation zone 33 is additionally operable to preserve and safeguard second communication terminal Pass through the convergence data flow of formation when the base stations T-SC and third communication terminal progress data interaction.Wherein, described Two communication terminals and the third communication terminal can be general communication terminal, such as mobile phone, tablet computer mobile communication terminal, Or the terminal of limited ability, such as internet-of-things terminal of low cost.
It should be noted that the embodiment of the communication terminal 100 in the embodiment of the present invention can be with specific reference to above-mentioned side The embodiment of the first communication terminal in method embodiment, which is not described herein again.
Referring to Fig. 3, Fig. 3 show the structural schematic diagram of the communication terminal 100 of another embodiment of the present invention.The communication is whole End 100 may include:At least one processor 101, such as CPU, at least one communication bus 102, user interface 103, base station Module 104, at least one communication interface 105, memory 106 and display screen (Display) 107.Wherein, communication bus 102 For realizing the connection communication between these components.Wherein, user interface 103 may include mouse, keyboard or display screen, optional User interface 103 can also include standard wireline interface and wireless interface.Base station module 104 is used for and communication base station or/and core Heart net establishes communication connection, to constitute base station Microcell (terminal based-small cell, T-SC) based on terminal. Communication interface 105 may include optionally the wireline interface (such as data line interface, cable interface) of standard, wireless interface (such as WI-FI interfaces, blue tooth interface, near-field communication interface).Memory 106 can be high-speed RAM memory, can also be non-shakiness Fixed memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 106 optionally can be with It is at least one storage device for being located remotely from aforementioned processor 101.As shown in figure 3, as a kind of computer storage media May include operating system, network communication module, security isolation module and Subscriber Interface Module SIM in memory 106.Wherein, institute State operation of the operating system for cooperateing with 100 each component part of communication terminal.The network communication module may include such as Fig. 2 institutes Show connection establishment module, authentication module and the handover module in embodiment.In the security isolation module and embodiment illustrated in fig. 2 Security isolation module is equivalent.The Subscriber Interface Module SIM is used to preserve and safeguard the user data of the communication terminal 100.
In communication terminal 100 shown in Fig. 3, the base station module 104 is additionally operable to that one second communication terminal is allow to lead to It crosses the base stations T-SC and carries out data interaction with the communication base station, core net or/and a third communication terminal.It is appreciated that Base station module 104 described in the present embodiment answers function and structure having the same with the base station module 20 in embodiment illustrated in fig. 2. Equally, the base station module 104 can be set in the communication terminal 100, be independently of the setting of communication terminal 100, and It can be established and be connected with the communication terminal 100 by wireline interface or wireless interface.
Required parameter information, convergence number when the security isolation module is to preserve and safeguard the base stations the T-SC operation According to stream and native data stream, to prevent it from running unrelated application program (Application, App) with the base stations T-SC by any Or other applications programming interface (Application Programming Interface, API) is called and is accessed.It can To understand, the security isolation module may also be disposed in the base station module 104, when the base station module 104 is independently of institute When stating communication terminal 100 and being arranged, the security isolation module and base station module 104 by wireline interface or wireless interface with it is described Communication terminal 100 establishes connection.
Communication terminal 100 described in the present embodiment can be mobile phone, tablet computer, laptop, palm PC, shifting Dynamic internet device (MID, mobile internet device), wearable device (such as smartwatch, Intelligent bracelet, meter Walk device etc.) or other can be in the terminal device of installation and deployment instant messaging application client device.Second communication terminal Can be general communication terminal, such as mobile phone, tablet computer mobile communication terminal or limited ability with the third communication terminal Terminal, such as low cost internet-of-things terminal.
Referring to Fig. 4, present pre-ferred embodiments also provide a kind of communication system 500, which includes first Communication terminal 100, communication base station 200, core net 300, the second communication terminal 401 and third communication terminal 403.Wherein, described First communication terminal 100 integrates Microcell (small cell) base station functions and has the first operating mode and the second Working mould Formula.First communication terminal 100 is established with the communication base station 200 or/and core net 300 and is communicated to connect, and is constituted based on eventually The base station Microcell (terminal based-small cell, T-SC) at end.Second communication terminal 401 passes through the T- The base stations SC carry out data interaction with the communication base station 200, core net 300 or/and the third communication terminal 403.Wherein, institute It is operating mode when the first communication terminal is run as general communication terminal, second operating mode to state the first operating mode Operating mode when being run as the base stations T-SC for the first communication terminal, and second operating mode compatibility, first work Pattern, i.e. the first communication terminal in the second operation mode, other than the base stations T-SC can be used as to run, also can be used as common logical Believe terminal operating.In the present embodiment, the first communication terminal acquiescence is in the first operating mode.
The first secure isolation zone 31, the second secure isolation zone are preset in one physical memory of first communication terminal 100 33 and third secure isolation zone 35.It is required when first secure isolation zone 31 is for preserving and safeguarding the base stations the T-SC operation Parameter information.Second secure isolation zone 33 is for preserving and safeguarding that second communication terminal 401 passes through the base stations T-SC The convergence number that data interaction between the communication base station 200, core net 300 or/and the third communication terminal 403 is formed According to stream.The third secure isolation zone 35 is for preserving and safeguarding that first communication terminal 100 works under the second operating mode Native data stream.It is appreciated that first secure isolation zone 31, the second secure isolation zone 33 and third secure isolation zone 35 are also It can be arranged independently of first communication terminal 100, and be built with first communication terminal by wireline interface or wireless interface Vertical connection.
In the present embodiment, in a physical memory of first communication terminal 100 further include other storage regions 37, Other described storage regions 37 are used to preserving and safeguarding operating system, network communication module and the user in embodiment illustrated in fig. 3 Interface module.It is appreciated that the physical memory of first communication terminal 100 of the present embodiment institute in embodiment as shown in figure 3 It is equivalent to state memory 106.
When second communication terminal 401 and third communication terminal 403 are located within the radiation scope of the base stations T-SC, institute It states the second communication terminal 401 and third communication terminal 403 and establishes communication connection, second communication terminal with the base stations T-SC 401 by the base stations T-SC and the communication base station 200, core net into 300 or/and 403 line number of third communication terminal According to interaction.Second communication terminal 401 and third communication terminal 403 can be general communication terminals, such as mobile phone, tablet computer The terminal of equal mobile communication terminals or limited ability, such as internet-of-things terminal of low cost.
Second communication terminal 401 and third communication terminal 403 of the base stations T-SC into its radiation scope send broadcast Information, to illustrate itself to have base station functions;Or the base stations T-SC execute the operation of traditional communication base station, send synchronous letter Number, system information etc. so that second communication terminal 401 and third communication terminal 403 can access the base stations T-SC. It is appreciated that period and the time-frequency position of other signals of the base stations T-SC the transmission broadcast message or synchronizing signal, system information etc. It can be pre-defined to set.
The base stations T-SC are when receiving the access request of 401 third communication terminal 403 of the second communication terminal, to institute The identity for stating 401 third communication terminal 403 of the second communication terminal is authenticated, with determination 401 third of the second communication terminal Whether communication terminal 403 has permission the access base stations T-SC.When second communication terminal, 401 third communication terminal 403 has When the standby permission for accessing the base stations T-SC, it is the second operating mode that the first communication terminal 100, which switches its operating mode,.And works as and be somebody's turn to do When first communication terminal 100 is worked under the second operating mode, which is used only first security isolation Area 31, the second secure isolation zone 33 and third secure isolation zone 35, to ensure to access the T-SC bases in the second operation mode The communication security for the second communication terminal stood.
The communication terminal 100 constitutes the base stations T-SC, for second communication terminal by integrating the base station module 20 401 carry out data by the base stations the T-SC and communication base station 200, the core net 300 or/and third communication terminal 403 Interaction, and by distributing multiple independent secure isolation zones in the physical memory of the first communication terminal, to preserve and safeguard the One communication terminal 100 parameter information required when being run as the base stations T-SC, convergence data flow and native data stream, to prevent It states ring parameter information, convergence data flow and native data stream and runs unrelated App or other API tune with the base stations T-SC by any With and access, to effectively ensuring to access the communication security of the second communication terminal of the base stations T-SC.It is above disclosed only For a kind of preferred embodiment of the present invention, of course, the scope of rights of the present invention cannot be limited by this, ordinary skill Personnel are appreciated that all or part of flow of realization above-described embodiment, and equivalent changes made in accordance with the claims of the present invention, It still belongs to the scope covered by the invention.

Claims (8)

1. a kind of communication means based on terminal, which is characterized in that the communication means includes the following steps:
First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute the Microcell based on terminal The base station (terminal based-small cell, T-SC);
The base stations T-SC receive the access request of the second communication terminal, and establish and communicate to connect with second communication terminal;
The security isolation module and the communication base station or/and core net that second communication terminal passes through the base stations T-SC Data interaction is carried out, the security isolation module includes the first secure isolation zone and the second secure isolation zone, first safety Isolated area is used to preserve and safeguard parameter information when first communication terminal is run as the base stations T-SC, described second Secure isolation zone is for preserving and safeguarding that second communication terminal passes through the base stations T-SC and the communication base station or/and core Heart net carries out the convergence data flow of formation when data interaction.
2. the communication means based on terminal as described in claim 1, which is characterized in that the security isolation module is set to institute It states in a physical memory of the first communication terminal or the security isolation module is arranged independently of first communication terminal, And established and connected with the communication terminal by wireline interface or wireless interface, the data stored in the security isolation module without Method is called by the application program unrelated with T-SC base station communications or application programming interface.
3. the communication means based on terminal as described in claim 1, which is characterized in that first communication terminal includes first Operating mode and the second operating mode, first operating mode are when the first communication terminal is run as general communication terminal Default mode of operation, operating mode when second operating mode runs for the first communication terminal as the base stations T-SC, and institute It states the second operating mode and is compatible with first operating mode.
4. the communication means based on terminal as claimed in claim 3, which is characterized in that the security isolation module further includes Three secure isolation zones, the third secure isolation zone is for preserving and safeguarding first communication terminal in second Working mould The native data stream of formation when data interaction is carried out with the communication base station or/and core net under formula.
5. the communication means based on terminal as claimed in claim 4, which is characterized in that the base stations T-SC are logical with described second Believe that before terminal establishes communication connection further include step:The operating mode for switching first communication terminal is the second Working mould Formula, under second operating mode, first communication terminal is communicated using only the security isolation module with described second Terminal, communication base station or/and core net carry out data interaction.
6. the communication means based on terminal as claimed in claim 4, which is characterized in that second communication terminal passes through described The step of security isolation module of the base stations T-SC and the communication base station or/and core net carry out data interaction be specially:It is described The base stations T-SC receive the first data that second communication terminal is sent and are stored in second secure isolation zone, and according to institute It states the first data described in the identification information pair of the second communication terminal to be marked, and first data after label is sent to The communication base station or/and core net.
7. the communication means based on terminal as claimed in claim 6, which is characterized in that second communication terminal passes through described The step of security isolation module of the base stations T-SC and the communication base station or/and core net carry out data interaction further include:It is described The base stations T-SC receive the second data of the communication base station or/and core net transmission and are stored in second secure isolation zone, And it is determined according to the identification information of the label information of second data and second communication terminal and receives second data Target terminal, and second data are sent to the target terminal.
8. the communication means based on terminal as described in claim 1, which is characterized in that the base stations T-SC receive the second communication Further include step before the access request of terminal:Second communication terminal of the base stations T-SC into its radiation scope sends wide Information is broadcast, to illustrate itself to have base station functions, and by sending synchronizing signal and system information, so that second communication Terminal accesses the base stations T-SC.
CN201810488574.6A 2018-05-21 2018-05-21 A kind of communication means based on terminal Withdrawn CN108668278A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810488574.6A CN108668278A (en) 2018-05-21 2018-05-21 A kind of communication means based on terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810488574.6A CN108668278A (en) 2018-05-21 2018-05-21 A kind of communication means based on terminal

Publications (1)

Publication Number Publication Date
CN108668278A true CN108668278A (en) 2018-10-16

Family

ID=63777207

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810488574.6A Withdrawn CN108668278A (en) 2018-05-21 2018-05-21 A kind of communication means based on terminal

Country Status (1)

Country Link
CN (1) CN108668278A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567548A (en) * 2022-01-26 2022-05-31 三维通信股份有限公司 Base station security gateway configuration management method, system and electronic device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567548A (en) * 2022-01-26 2022-05-31 三维通信股份有限公司 Base station security gateway configuration management method, system and electronic device
CN114567548B (en) * 2022-01-26 2023-11-07 三维通信股份有限公司 Security gateway configuration management method, system and electronic device of base station

Similar Documents

Publication Publication Date Title
EP2814276B1 (en) Access authentication method and device for wireless local area network hotspot
US6928166B2 (en) Radio communication device and user authentication method for use therewith
CN104639624B (en) A kind of method and apparatus for realizing mobile terminal remote access control
CN103987025A (en) Roaming communication method based on mobile two-channel virtual card number authentication and roaming communication equipment based on mobile two-channel virtual card number authentication
CN104050742A (en) Intelligent door and control method and system thereof
EP2234438B1 (en) Wireless personal area network accessing method
CN100493247C (en) Access authentication method in data packet network at high speed
CN103714285A (en) NFC-based method and device for achieving mobile terminal access right control
CN104168557A (en) Upgrading method for operating systems and upgrading device for operating systems
CN101232419B (en) Wireless local area network access method based on primitive
CN105790957A (en) eSIM card data sharing method and related equipment and system thereof
CN100581125C (en) Access method suitable for WPAN
CN103297968A (en) Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system
CN109041054A (en) A kind of network side initiates the method for secret protection of number change
BRPI1002815B1 (en) MOBILE COMMUNICATION SYSTEM, GATEWAY APPLIANCE FOR CONNECTING TO A BASE STATION AND A NUCLEUS NETWORK, METHOD OF COMMUNICATION BY A MOBILE COMMUNICATION SYSTEM AND METHOD OF COMMUNICATION BY A GATEWAY APPLIANCE CONNECTING A BASE STATION TO A CORE NETWORK
CN105025273B (en) Connection method, cipher set-up method and the system of storied building visible intercommunication system
CN102546533A (en) Method and system for accessing internet of things business server through unregistered residential gateway
CN108668278A (en) A kind of communication means based on terminal
CN104718771B (en) Method for disabling the application of the network insertion in safety element
EP2802116A1 (en) Mobile device security
WO2017101211A1 (en) Method and apparatus for accessing wireless communication system, and terminal
CN105578469B (en) Communication means, communication terminal and communication system based on terminal
CN104891283A (en) Elevator control system combined with card password
CN101540985A (en) Method for implementing terminal zero intervention charging of WAPI system
CN106658499A (en) Wireless authentication service management mode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20181016

WW01 Invention patent application withdrawn after publication