CN108668278A - A kind of communication means based on terminal - Google Patents
A kind of communication means based on terminal Download PDFInfo
- Publication number
- CN108668278A CN108668278A CN201810488574.6A CN201810488574A CN108668278A CN 108668278 A CN108668278 A CN 108668278A CN 201810488574 A CN201810488574 A CN 201810488574A CN 108668278 A CN108668278 A CN 108668278A
- Authority
- CN
- China
- Prior art keywords
- communication
- communication terminal
- terminal
- base station
- base stations
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/04—Terminal devices adapted for relaying to or from another terminal or user
Abstract
The present invention provides a kind of communication means based on terminal, including:First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute base station Microcell (terminal basedsmallcell, TSC) based on terminal;The base stations TSC receive the access request of the second communication terminal, and establish and communicate to connect with second communication terminal;Second communication terminal carries out data interaction by a security isolation module of the base stations TSC with the communication base station or/and core net.The present invention also provides a kind of communication terminal and communication systems.The communication means based on terminal may insure to access the communication security of the second communication terminal of the base stations TSC.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of communication means, communication terminal and communications based on terminal
System.
Background technology
Personalized, the diversified application that mobile Internet is provided, is greatly enriched people’s lives.It is same therewith
When, the safety of communication equipment also becomes a problem needed to be considered.It is adopted especially with mobile terminals such as smart mobile phones
It is continuously developed and is utilized with intelligent operating system and various applications, it inevitably can be by the computer from internet
The infection of virus and network attack, cause the leakage of the interruption and user's private information of business.
On the other hand, with mobile terminal number be on the increase and the diversification of business demand, in order to further
The bearing capacity and capacity of traditional network are improved, the miniaturization of base station and the densification of network node have become inevitable choosing
It selects.It is neatly communicated for second as a kind of currently, having existed and base station functions being integrated on the mobile terminals such as smart mobile phone
Terminal provides the scheme of cell manner access.Here the second communication terminal, it may be possible to the terminal of limited ability, such as low cost
Internet-of-things terminal or other equipment.If building Microcell (the terminal based-small based on intelligent mobile phone terminal
Cell, T-SC) base station, it is necessary to consider the safety problem of communication.Because in this scheme, the base stations T-SC are built in smart mobile phone
On, T-SC base station equipments itself are also unsafe.Or traditional base station equipment is located at the network domains of operator, such as macro base
It stands, safety is ensured using the security mechanism and Physics Security Tragedy (forbidding illegally entering base station configuring area) of network domains,
Although to be recognized by the safety of security gateway SeGW such as Home eNodeB HNB/HeNB positioned at the region of user's deployment
Card and authentication, safe ipsec tunnel is established to ensure base station between relevant core net (Core Network, CN) network element
Safety, so as to complete the function of base station, including preserve institute's access user equipment (User Equipment, UE) and connect shape
Carrying information (Context Information) under state, and carry out the control plane of access layer (Access Stratum, AS)
The export of (Control Plane, CP) and user plane (User Plane, UP) security key, to support the foundation of radio bearer
With switching etc. operations.The above factor is not directly provided with for T-SC base station equipments.
In current smart mobile phone design, the function of " dual system " is partly had been realized in, it can be cell phone system point
At " safety zone " and " non-security district ", data that " safety zone " is reduced by this security isolation technology wind under attack
Danger.But how using the intelligent mobile phone terminal of this dual system T-SC base station functions is provided, had not been studied and openly.And it is existing
There is the dual system safe mobile phone technology in technology, the structure for T-SC base station functions can not be directly applied, because of the technology sheet
Body only only accounts for the application demand of user, and the flow of the base stations T-SC convergence access itself may not be smart mobile phone itself
Business, but the business of other connected UE.How the UE business of these convergences carries out safety assurance and isolation, is not yet solved
Certainly.On the other hand, the base stations T-SC once support cell function, it is necessary to safeguard the carrying information of accessed UE, these information
There itself have to be safety assurance.Otherwise, it these information is had leaked likely results in user and acted as fraudulent substitute for a person, to generate mistake
Mandate accidentally even charging.Therefore, the intelligent mobile phone terminal of dual system will support the function of the base stations T-SC, also need to be directed to T-SC bases
It stands and supports the independent safety protecting mechanism of information design of cell function.
Invention content
The present invention provides a kind of communication means based on terminal with safety protecting mechanism, to promote traditional communication net
While the bearing capacity and capacity of network, the safety of the communication information is better ensured that.
In addition, the present invention also provides a kind of communication terminal, the first communication terminal using the communication means based on terminal with
Communication base station or/and core net establish communication connection, and the second communication terminal is made to pass through the first communication terminal and the communication base
It stands or/and core net carries out data interaction, can effectively promote the bearing capacity and capacity of conventional communication networks, and ensure to communicate
The safety of information.
In addition, the present invention also provides a kind of communication system, the first communication terminal using the communication means based on terminal with
Communication base station or/and core net establish communication connection, and the second communication terminal is made to pass through the first communication terminal and the communication base
It stands or/and core net carries out data interaction, can effectively promote the bearing capacity and capacity of conventional communication networks, and ensure to communicate
The safety of information.
A kind of communication means based on terminal, includes the following steps:
First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute the Microcell based on terminal
The base station (terminal based-small cell, T-SC);
The base stations T-SC receive the access request of the second communication terminal, and establish communication link with second communication terminal
It connects;
The security isolation module and the communication base station or/and core that second communication terminal passes through the base stations T-SC
Heart net carries out data interaction.
Wherein, the security isolation module is set in a physical memory of first communication terminal or the peace
Full isolation module is arranged independently of first communication terminal, and is built with the communication terminal by wireline interface or wireless interface
Vertical connection, the interior data stored of the security isolation module can not be by the application programs unrelated with T-SC base station communications or using journey
Sequence program interface call.
Wherein, the security isolation module includes the first secure isolation zone and the second secure isolation zone, first safety
Isolated area is used to preserve and safeguard the parameter information when first terminal is run as the base stations T-SC, second safety
Isolated area is for preserving and safeguarding that second communication terminal passes through the base stations T-SC and the communication base station or/and core net
Carry out the convergence data flow of formation when data interaction.
Wherein, first communication terminal includes the first operating mode and the second operating mode, first operating mode
Default mode of operation when being run as general communication terminal for the first communication terminal, second operating mode are the first communication
Operating mode when terminal is run as the base stations T-SC, and second operating mode is compatible with first operating mode.
Wherein, the security isolation module further includes third secure isolation zone, and the third secure isolation zone is for preserving
With maintenance first communication terminal data friendship is carried out with the communication base station or/and core net under second operating mode
The native data stream formed when mutually.
Wherein, it further includes step that the base stations T-SC, which are established with second communication terminal before communication connection,:Switching institute
The operating mode for stating the first communication terminal is the second operating mode, under second operating mode, first communication terminal
Data interaction is carried out using only the security isolation module and second terminal, communication base station or/and core net.
Wherein, second communication terminal by the security isolation modules of the base stations T-SC and the communication base station or/
It is specially with the step of core net progress data interaction:The base stations T-SC receive the first number that second communication terminal is sent
According to and be stored in second secure isolation zone, and according to the first data described in the identification information pair of second communication terminal into
Line flag, and first data after label are sent to the communication base station or/and core net.
Wherein, second communication terminal by the security isolation modules of the base stations T-SC and the communication base station or/
Further include with the step of core net progress data interaction:The base stations T-SC receive the communication base station or/and core net is sent
The second data and be stored in second secure isolation zone, and according to the label information of second data and described second logical
Believe that the identification information of terminal determines the target terminal for receiving second data, and second data are sent to the target
Terminal
Wherein, further include step before the access request of the second communication terminal of the base stations the T-SC reception:The T-SC bases
The second communication terminal stood into its radiation scope sends broadcast message, to illustrate itself to have base station functions, and passes through transmission
Synchronizing signal and system information, so that second communication terminal accesses the base stations T-SC..
Wherein, the base stations T-SC further include step when receiving the access request of the second communication terminal:To described second
The identity of communication terminal is authenticated, and whether has permission the access base stations T-SC with determination second communication terminal.
Wherein, the communication means based on terminal further includes:Second communication terminal disconnects and the base stations T-SC
After connection, the first communication terminal closes T-SC base station functions, and switches back into the first operating mode.
Wherein, the communication means further includes:Second communication terminal by the safety of the base stations T-SC every
Data interaction is carried out from module and a third communication terminal.
A kind of communication terminal, including:
Connection establishment module, for establishing the communication connection between the communication terminal and communication base station or/and core net,
To constitute base station Microcell (terminal based-small cell, T-SC) based on terminal;
Base station module, for providing communication service to the second communication terminal, so that second communication terminal is described in
The base stations T-SC carry out data interaction with the communication base station or/and core net;
Security isolation module passes through the base stations T-SC and the communication base station for storing second communication terminal
Or/and core net carries out when data interaction the convergence data flow of formation and the communication terminal when being run as the base stations T-SC
Parameter information.
Wherein, the communication terminal includes the first operating mode and the second operating mode, and first operating mode is institute
Operating mode when communication terminal is run as general communication terminal is stated, second operating mode is the communication terminal conduct
The operating mode when base stations T-SC are run, and second operating mode is compatible with first operating mode.
Wherein, the base station module is set in the communication terminal or is arranged independently of the communication terminal, and passes through
Wireline interface or wireless interface are established with the communication terminal to be connected.
Wherein, the communication terminal further includes authentication module, is used for when receiving the access request of the second communication terminal, right
The identity of second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal
It stands.
Wherein, the communication terminal further includes memory module, and the security isolation module is set in the memory module
Or in the base station module, the security isolation module includes the first secure isolation zone, the second secure isolation zone and third safety
Isolated area, first secure isolation zone is used to preserve and safeguard parameter information required when the base stations the T-SC operation, described
Second secure isolation zone for preserve and safeguard second communication terminal by the base stations T-SC and the communication base station or/
The convergence data flow that data interaction between core net is formed, the third secure isolation zone are described logical for preserving and safeguarding
Believe native data stream of the terminal works under the second operating mode.
Wherein, second secure isolation zone is additionally operable to preserve and safeguard that second communication terminal passes through the T-SC bases
The convergence data flow stood with formation when third communication terminal progress data interaction.
A kind of communication system, including communication base station, core net, communication terminal, the first communication terminal, the second communication terminal and
Third communication terminal, the communication connection between first communication terminal and the communication base station or/and core net, composition are based on
Base station Microcell (terminal based-small cell, T-SC) of terminal, second communication terminal pass through the T-SC
Base station carries out data interaction with the communication base station, core net or/and the third communication terminal.
Communication means of the present invention based on terminal, it is multiple only by being distributed in the physical memory of the first communication terminal
Vertical secure isolation zone, required parameter information when preserving and safeguard that the base stations T-SC are run, convergence data flow and primary
Data flow, so that it is guaranteed that accessing the communication security of the second communication terminal of the base stations T-SC.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the flow diagram of the communication means based on terminal of present pre-ferred embodiments.
Fig. 2 is the structural schematic diagram of the communication terminal of present pre-ferred embodiments.
Fig. 3 is the structural schematic diagram of another embodiment of communication terminal provided by the invention.
Fig. 4 is the structural schematic diagram of the communication system of present pre-ferred embodiments.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, present pre-ferred embodiments provide a kind of communication means based on terminal comprising following steps:
Step S1:One integrated Microcell (small cell) base station functions are provided and there is the first operating mode and the second work
First communication terminal of operation mode, first communication terminal are established with communication base station or/and core net and are communicated to connect, to constitute
Base station Microcell (terminal based-small cell, T-SC) based on terminal.Wherein, first operating mode is
Default mode of operation when first communication terminal is run as general communication terminal, second operating mode are described the
Operating mode when one communication terminal is run as the base stations T-SC, and second operating mode is compatible with first Working mould
Formula, i.e., described first communication terminal in the second operation mode, other than the base stations T-SC can be used as to run, also can be used as common
Communication terminal is run.In the present embodiment, the first communication terminal acquiescence is in the first operating mode.
Step S2:The base stations T-SC receive the access request of the second communication terminal, and are built with second communication terminal
Vertical communication connection.
Step S3:A security isolation module and the communication base station of second communication terminal by the base stations T-SC
Or/and core net carries out data interaction.
In step s 2, further include step before the access request of the second communication terminal of the base stations the T-SC reception:It is described
Second communication terminal of the base stations T-SC into its radiation scope sends broadcast message, to illustrate itself to have base station functions, and leads to
Transmission synchronizing signal, system information etc. are crossed, so that the second communication terminal can access the base stations T-SC.It is appreciated that institute
It can be advance to state the base stations T-SC and send the period of other signals such as broadcast message or synchronizing signal, system information and time-frequency location
Definition.
In step s 2, it further includes step that the base stations T-SC, which are established with second communication terminal before communication connection,:
The operating mode for switching first communication terminal is the second operating mode, and under second operating mode, described first is logical
Believe that terminal is used only the security isolation module and carries out data interaction with the second terminal, communication base station or/and core net.
The security isolation module is set in a physical memory of first communication terminal or the security isolation
Module is arranged independently of first communication terminal, and is established and connected with the communication terminal by wireline interface or wireless interface
It connects.Required parameter information, convergence data flow when the security isolation module is to preserve and safeguard the base stations the T-SC operation
With native data stream.In the present embodiment, the security isolation module include the first secure isolation zone, the second secure isolation zone and
Third secure isolation zone.First secure isolation zone is used to preserve and safeguard parameter letter required when the base stations the T-SC operation
Breath.Second secure isolation zone is for preserving and safeguarding the convergence data flow.The third secure isolation zone is for preserving and tieing up
Protect the native data stream.In the present embodiment, described to pacify first secure isolation zone, the second secure isolation zone and third
The memory size of full isolated area can be set to identical or different.The base stations T-SC parameter information required when running, convergence
Data flow and native data stream are stored in the secure isolation zone, can prevent it from running unrelated answer with the base stations T-SC by any
With program (Application, App) or other applications programming interface (Application Programming
Interface, API) it calls and accesses.It is appreciated that if the operation of the base stations T-SC is received from Operator Core Network
The configuration of network entity, then its configuration information should be also stored in the security isolation module.
In step s 2, the base stations T-SC further include step when receiving the access request of the second communication terminal:To institute
The identity for stating the second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal
It stands.By carrying out identification authentication to the second communication terminal before access, the second communication terminal of access request is initiated with judgement is
It is no to have permission access, the access of illegal terminal can be prevented, safety and the confidentiality of communication are improved.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net
When carrying out data interaction, there is also data interactions between first communication terminal itself and the communication base station or/and core net.Its
In, second communication terminal passes through the data interaction shape between the base stations T-SC and the communication base station or/and core net
At convergence data flow;Data interaction between first communication terminal itself and the communication base station or/and core net forms primary
Data flow.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net
Carry out data interaction the step of be specially:The base stations T-SC receive the first data that second communication terminal is sent and store
It is marked in second secure isolation zone, and according to the first data described in the identification information pair of second communication terminal,
And first data after label are sent to the communication base station or/and core net;The base stations T-SC receive described logical
Second data of letter base station or/and core net transmission are simultaneously stored in second secure isolation zone, and according to second data
Label information and the identification information of second communication terminal determine the target terminal for receiving second data, and will be described
Second data are sent to the target terminal.
In step s3, second communication terminal passes through the base stations T-SC and the communication base station or/and core net
Carry out data interaction the step of further include:The base stations T-SC are according to the mark of the first communication terminal and second communication terminal
Information, judge access data stream type, and according to different data stream types respectively with the communication base station or/and core net
Carry out data interaction.When the data flow for accessing the base stations T-SC is convergence data flow, the convergence data flow is stored to institute
It states in the second secure isolation zone, to prevent it from running unrelated App or other API Calls and visit with the base stations T-SC by any
Ask, and finally after data wireless access level or higher convergence layer are accumulated with the communication base station or/and core net
It interacts, another second communication terminal being connect with the base stations T-SC can be also forwarded to via the base stations T-SC.When connecing
When the data flow for entering the base stations T-SC is native data stream, the native data circulation is stored in the third isolated area,
And it crosses between the first communication terminal and the communication base station or/and core net and carries out data interaction.
In step s3, after second communication terminal leaves the radiation scope of the base stations T-SC, further include:It is described
Second communication terminal is disconnected with after the connections of the base stations T-SC, and the first communication terminal closes T-SC base station functions, and switches back into the
One operating mode.
It is appreciated that the communication means based on terminal may also include:Second communication terminal passes through the T-SC
The security isolation module of base station carries out data interaction with a third communication terminal.Second secure isolation zone is additionally operable to protect
It deposits and safeguards and formed when second communication terminal carries out data interaction by the base stations T-SC with the third communication terminal
Convergence data flow.Wherein, second communication terminal and the third communication terminal can be general communication terminal, such as hand
The terminal of the mobile communication terminals such as machine, tablet computer or limited ability, such as internet-of-things terminal of low cost.
The communication means based on terminal, by distributing multiple independent peaces in the physical memory of the first communication terminal
Full isolated area, required parameter information, convergence data flow and native data stream when preserving and safeguard that the base stations T-SC are run,
To effectively prevent the parameter information and convergence data flow to run unrelated App or other API with the base stations T-SC by any
It calls and accesses, it is ensured that access the communication security of the second communication terminal of the base stations T-SC.
Referring to Fig. 2, present pre-ferred embodiments also provide a kind of communication terminal 100, which includes connection
Module 10 is established, is communicated to connect for being established with communication base station or/and core net, to constitute the Microcell based on terminal
The base station (terminal based-small cell, T-SC);Base station module 20, for providing communication to one second communication terminal
Service, so that second communication terminal carries out data friendship by the base stations T-SC and the communication base station or/and core net
Mutually;Security isolation module 30, for store second communication terminal by the base stations T-SC and the communication base station or/and
Ginseng when the convergence data flow of formation and the communication terminal are run as the base stations T-SC when core net carries out data interaction
Number information.It is appreciated that the base station module 20 can be set in communication terminal 100, it is independently of communication terminal 100 and sets
It sets, and can be established and be connected with communication terminal 100 by wireline interface or wireless interface.
The communication terminal 100 has the first operating mode and the second operating mode, first operating mode logical for this
Operating mode when letter terminal is run as general communication terminal, second operating mode are the communication terminal as T-SC bases
The operating mode stood when running, and second operating mode is compatible with first operating mode, i.e., the communication terminal is second
Under operating mode, other than the base stations T-SC can be used as to run, general communication terminal operation also can be used as.In the present embodiment,
Communication terminal acquiescence is in the first operating mode.
The security isolation module 30 is set in the physical memory of the communication terminal 100, including the first secure isolation zone
31, the second secure isolation zone 33 and third secure isolation zone 35.First secure isolation zone 31 is for preserving and safeguarding the T-
The base stations SC parameter information required when running.Second secure isolation zone 33 is for preserving and safeguarding that second communication terminal is logical
The convergence data flow that the data interaction crossed between the base stations T-SC and the communication base station or/and core net is formed.The third
Secure isolation zone 35 is for preserving and safeguarding that the communication terminal 100 works in the native data stream under the second operating mode.When this
When communication terminal 100 is worked under the second operating mode, which is used only first secure isolation zone 31, the
Two secure isolation zones 33 and third secure isolation zone 35, to ensure to access the second of the base stations T-SC in the second operation mode
The communication security of communication terminal.It is appreciated that the security isolation module 30 may also be disposed in the base station module 20, work as institute
When stating base station module 20 and being arranged independently of the communication terminal 100, the security isolation module 30 and base station module 20 are by having
Line interface or wireless interface are established with the communication terminal 100 to be connected.
The communication terminal 100 further includes authentication module 40, is used for when receiving the access request of the second communication terminal, right
The identity of second communication terminal is authenticated, and whether has permission the access T-SC bases with determination second communication terminal
It stands.By carrying out identification authentication to the second communication terminal before access, the second communication terminal of access request is initiated with judgement is
It is no to have permission access, the access of illegal terminal can be prevented, safety and the confidentiality of communication are improved.
The communication terminal 100 further includes handover module 50, the operating mode for switching the communication terminal 100.It is described
Before communication connection is established in the base stations T-SC with second communication terminal 401, the communication terminal is switched by the handover module 50
100 operating mode is the second operating mode, and under second operating mode, the peace is used only in the communication terminal 100
Full isolation module carries out data interaction with the second terminal, communication base station or/and core net.
It is appreciated that second communication terminal can also pass through the security isolation module 30 and one of the base stations T-SC
Third communication terminal carries out data interaction.Second secure isolation zone 33 is additionally operable to preserve and safeguard second communication terminal
Pass through the convergence data flow of formation when the base stations T-SC and third communication terminal progress data interaction.Wherein, described
Two communication terminals and the third communication terminal can be general communication terminal, such as mobile phone, tablet computer mobile communication terminal,
Or the terminal of limited ability, such as internet-of-things terminal of low cost.
It should be noted that the embodiment of the communication terminal 100 in the embodiment of the present invention can be with specific reference to above-mentioned side
The embodiment of the first communication terminal in method embodiment, which is not described herein again.
Referring to Fig. 3, Fig. 3 show the structural schematic diagram of the communication terminal 100 of another embodiment of the present invention.The communication is whole
End 100 may include:At least one processor 101, such as CPU, at least one communication bus 102, user interface 103, base station
Module 104, at least one communication interface 105, memory 106 and display screen (Display) 107.Wherein, communication bus 102
For realizing the connection communication between these components.Wherein, user interface 103 may include mouse, keyboard or display screen, optional
User interface 103 can also include standard wireline interface and wireless interface.Base station module 104 is used for and communication base station or/and core
Heart net establishes communication connection, to constitute base station Microcell (terminal based-small cell, T-SC) based on terminal.
Communication interface 105 may include optionally the wireline interface (such as data line interface, cable interface) of standard, wireless interface (such as
WI-FI interfaces, blue tooth interface, near-field communication interface).Memory 106 can be high-speed RAM memory, can also be non-shakiness
Fixed memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 106 optionally can be with
It is at least one storage device for being located remotely from aforementioned processor 101.As shown in figure 3, as a kind of computer storage media
May include operating system, network communication module, security isolation module and Subscriber Interface Module SIM in memory 106.Wherein, institute
State operation of the operating system for cooperateing with 100 each component part of communication terminal.The network communication module may include such as Fig. 2 institutes
Show connection establishment module, authentication module and the handover module in embodiment.In the security isolation module and embodiment illustrated in fig. 2
Security isolation module is equivalent.The Subscriber Interface Module SIM is used to preserve and safeguard the user data of the communication terminal 100.
In communication terminal 100 shown in Fig. 3, the base station module 104 is additionally operable to that one second communication terminal is allow to lead to
It crosses the base stations T-SC and carries out data interaction with the communication base station, core net or/and a third communication terminal.It is appreciated that
Base station module 104 described in the present embodiment answers function and structure having the same with the base station module 20 in embodiment illustrated in fig. 2.
Equally, the base station module 104 can be set in the communication terminal 100, be independently of the setting of communication terminal 100, and
It can be established and be connected with the communication terminal 100 by wireline interface or wireless interface.
Required parameter information, convergence number when the security isolation module is to preserve and safeguard the base stations the T-SC operation
According to stream and native data stream, to prevent it from running unrelated application program (Application, App) with the base stations T-SC by any
Or other applications programming interface (Application Programming Interface, API) is called and is accessed.It can
To understand, the security isolation module may also be disposed in the base station module 104, when the base station module 104 is independently of institute
When stating communication terminal 100 and being arranged, the security isolation module and base station module 104 by wireline interface or wireless interface with it is described
Communication terminal 100 establishes connection.
Communication terminal 100 described in the present embodiment can be mobile phone, tablet computer, laptop, palm PC, shifting
Dynamic internet device (MID, mobile internet device), wearable device (such as smartwatch, Intelligent bracelet, meter
Walk device etc.) or other can be in the terminal device of installation and deployment instant messaging application client device.Second communication terminal
Can be general communication terminal, such as mobile phone, tablet computer mobile communication terminal or limited ability with the third communication terminal
Terminal, such as low cost internet-of-things terminal.
Referring to Fig. 4, present pre-ferred embodiments also provide a kind of communication system 500, which includes first
Communication terminal 100, communication base station 200, core net 300, the second communication terminal 401 and third communication terminal 403.Wherein, described
First communication terminal 100 integrates Microcell (small cell) base station functions and has the first operating mode and the second Working mould
Formula.First communication terminal 100 is established with the communication base station 200 or/and core net 300 and is communicated to connect, and is constituted based on eventually
The base station Microcell (terminal based-small cell, T-SC) at end.Second communication terminal 401 passes through the T-
The base stations SC carry out data interaction with the communication base station 200, core net 300 or/and the third communication terminal 403.Wherein, institute
It is operating mode when the first communication terminal is run as general communication terminal, second operating mode to state the first operating mode
Operating mode when being run as the base stations T-SC for the first communication terminal, and second operating mode compatibility, first work
Pattern, i.e. the first communication terminal in the second operation mode, other than the base stations T-SC can be used as to run, also can be used as common logical
Believe terminal operating.In the present embodiment, the first communication terminal acquiescence is in the first operating mode.
The first secure isolation zone 31, the second secure isolation zone are preset in one physical memory of first communication terminal 100
33 and third secure isolation zone 35.It is required when first secure isolation zone 31 is for preserving and safeguarding the base stations the T-SC operation
Parameter information.Second secure isolation zone 33 is for preserving and safeguarding that second communication terminal 401 passes through the base stations T-SC
The convergence number that data interaction between the communication base station 200, core net 300 or/and the third communication terminal 403 is formed
According to stream.The third secure isolation zone 35 is for preserving and safeguarding that first communication terminal 100 works under the second operating mode
Native data stream.It is appreciated that first secure isolation zone 31, the second secure isolation zone 33 and third secure isolation zone 35 are also
It can be arranged independently of first communication terminal 100, and be built with first communication terminal by wireline interface or wireless interface
Vertical connection.
In the present embodiment, in a physical memory of first communication terminal 100 further include other storage regions 37,
Other described storage regions 37 are used to preserving and safeguarding operating system, network communication module and the user in embodiment illustrated in fig. 3
Interface module.It is appreciated that the physical memory of first communication terminal 100 of the present embodiment institute in embodiment as shown in figure 3
It is equivalent to state memory 106.
When second communication terminal 401 and third communication terminal 403 are located within the radiation scope of the base stations T-SC, institute
It states the second communication terminal 401 and third communication terminal 403 and establishes communication connection, second communication terminal with the base stations T-SC
401 by the base stations T-SC and the communication base station 200, core net into 300 or/and 403 line number of third communication terminal
According to interaction.Second communication terminal 401 and third communication terminal 403 can be general communication terminals, such as mobile phone, tablet computer
The terminal of equal mobile communication terminals or limited ability, such as internet-of-things terminal of low cost.
Second communication terminal 401 and third communication terminal 403 of the base stations T-SC into its radiation scope send broadcast
Information, to illustrate itself to have base station functions;Or the base stations T-SC execute the operation of traditional communication base station, send synchronous letter
Number, system information etc. so that second communication terminal 401 and third communication terminal 403 can access the base stations T-SC.
It is appreciated that period and the time-frequency position of other signals of the base stations T-SC the transmission broadcast message or synchronizing signal, system information etc.
It can be pre-defined to set.
The base stations T-SC are when receiving the access request of 401 third communication terminal 403 of the second communication terminal, to institute
The identity for stating 401 third communication terminal 403 of the second communication terminal is authenticated, with determination 401 third of the second communication terminal
Whether communication terminal 403 has permission the access base stations T-SC.When second communication terminal, 401 third communication terminal 403 has
When the standby permission for accessing the base stations T-SC, it is the second operating mode that the first communication terminal 100, which switches its operating mode,.And works as and be somebody's turn to do
When first communication terminal 100 is worked under the second operating mode, which is used only first security isolation
Area 31, the second secure isolation zone 33 and third secure isolation zone 35, to ensure to access the T-SC bases in the second operation mode
The communication security for the second communication terminal stood.
The communication terminal 100 constitutes the base stations T-SC, for second communication terminal by integrating the base station module 20
401 carry out data by the base stations the T-SC and communication base station 200, the core net 300 or/and third communication terminal 403
Interaction, and by distributing multiple independent secure isolation zones in the physical memory of the first communication terminal, to preserve and safeguard the
One communication terminal 100 parameter information required when being run as the base stations T-SC, convergence data flow and native data stream, to prevent
It states ring parameter information, convergence data flow and native data stream and runs unrelated App or other API tune with the base stations T-SC by any
With and access, to effectively ensuring to access the communication security of the second communication terminal of the base stations T-SC.It is above disclosed only
For a kind of preferred embodiment of the present invention, of course, the scope of rights of the present invention cannot be limited by this, ordinary skill
Personnel are appreciated that all or part of flow of realization above-described embodiment, and equivalent changes made in accordance with the claims of the present invention,
It still belongs to the scope covered by the invention.
Claims (8)
1. a kind of communication means based on terminal, which is characterized in that the communication means includes the following steps:
First communication terminal is established with communication base station or/and core net and is communicated to connect, to constitute the Microcell based on terminal
The base station (terminal based-small cell, T-SC);
The base stations T-SC receive the access request of the second communication terminal, and establish and communicate to connect with second communication terminal;
The security isolation module and the communication base station or/and core net that second communication terminal passes through the base stations T-SC
Data interaction is carried out, the security isolation module includes the first secure isolation zone and the second secure isolation zone, first safety
Isolated area is used to preserve and safeguard parameter information when first communication terminal is run as the base stations T-SC, described second
Secure isolation zone is for preserving and safeguarding that second communication terminal passes through the base stations T-SC and the communication base station or/and core
Heart net carries out the convergence data flow of formation when data interaction.
2. the communication means based on terminal as described in claim 1, which is characterized in that the security isolation module is set to institute
It states in a physical memory of the first communication terminal or the security isolation module is arranged independently of first communication terminal,
And established and connected with the communication terminal by wireline interface or wireless interface, the data stored in the security isolation module without
Method is called by the application program unrelated with T-SC base station communications or application programming interface.
3. the communication means based on terminal as described in claim 1, which is characterized in that first communication terminal includes first
Operating mode and the second operating mode, first operating mode are when the first communication terminal is run as general communication terminal
Default mode of operation, operating mode when second operating mode runs for the first communication terminal as the base stations T-SC, and institute
It states the second operating mode and is compatible with first operating mode.
4. the communication means based on terminal as claimed in claim 3, which is characterized in that the security isolation module further includes
Three secure isolation zones, the third secure isolation zone is for preserving and safeguarding first communication terminal in second Working mould
The native data stream of formation when data interaction is carried out with the communication base station or/and core net under formula.
5. the communication means based on terminal as claimed in claim 4, which is characterized in that the base stations T-SC are logical with described second
Believe that before terminal establishes communication connection further include step:The operating mode for switching first communication terminal is the second Working mould
Formula, under second operating mode, first communication terminal is communicated using only the security isolation module with described second
Terminal, communication base station or/and core net carry out data interaction.
6. the communication means based on terminal as claimed in claim 4, which is characterized in that second communication terminal passes through described
The step of security isolation module of the base stations T-SC and the communication base station or/and core net carry out data interaction be specially:It is described
The base stations T-SC receive the first data that second communication terminal is sent and are stored in second secure isolation zone, and according to institute
It states the first data described in the identification information pair of the second communication terminal to be marked, and first data after label is sent to
The communication base station or/and core net.
7. the communication means based on terminal as claimed in claim 6, which is characterized in that second communication terminal passes through described
The step of security isolation module of the base stations T-SC and the communication base station or/and core net carry out data interaction further include:It is described
The base stations T-SC receive the second data of the communication base station or/and core net transmission and are stored in second secure isolation zone,
And it is determined according to the identification information of the label information of second data and second communication terminal and receives second data
Target terminal, and second data are sent to the target terminal.
8. the communication means based on terminal as described in claim 1, which is characterized in that the base stations T-SC receive the second communication
Further include step before the access request of terminal:Second communication terminal of the base stations T-SC into its radiation scope sends wide
Information is broadcast, to illustrate itself to have base station functions, and by sending synchronizing signal and system information, so that second communication
Terminal accesses the base stations T-SC.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810488574.6A CN108668278A (en) | 2018-05-21 | 2018-05-21 | A kind of communication means based on terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810488574.6A CN108668278A (en) | 2018-05-21 | 2018-05-21 | A kind of communication means based on terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108668278A true CN108668278A (en) | 2018-10-16 |
Family
ID=63777207
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810488574.6A Withdrawn CN108668278A (en) | 2018-05-21 | 2018-05-21 | A kind of communication means based on terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108668278A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114567548A (en) * | 2022-01-26 | 2022-05-31 | 三维通信股份有限公司 | Base station security gateway configuration management method, system and electronic device |
-
2018
- 2018-05-21 CN CN201810488574.6A patent/CN108668278A/en not_active Withdrawn
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114567548A (en) * | 2022-01-26 | 2022-05-31 | 三维通信股份有限公司 | Base station security gateway configuration management method, system and electronic device |
CN114567548B (en) * | 2022-01-26 | 2023-11-07 | 三维通信股份有限公司 | Security gateway configuration management method, system and electronic device of base station |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2814276B1 (en) | Access authentication method and device for wireless local area network hotspot | |
US6928166B2 (en) | Radio communication device and user authentication method for use therewith | |
CN104639624B (en) | A kind of method and apparatus for realizing mobile terminal remote access control | |
CN103987025A (en) | Roaming communication method based on mobile two-channel virtual card number authentication and roaming communication equipment based on mobile two-channel virtual card number authentication | |
CN104050742A (en) | Intelligent door and control method and system thereof | |
EP2234438B1 (en) | Wireless personal area network accessing method | |
CN100493247C (en) | Access authentication method in data packet network at high speed | |
CN103714285A (en) | NFC-based method and device for achieving mobile terminal access right control | |
CN104168557A (en) | Upgrading method for operating systems and upgrading device for operating systems | |
CN101232419B (en) | Wireless local area network access method based on primitive | |
CN105790957A (en) | eSIM card data sharing method and related equipment and system thereof | |
CN100581125C (en) | Access method suitable for WPAN | |
CN103297968A (en) | Wireless terminal identifying method, wireless terminal identifying device and wireless terminal identifying system | |
CN109041054A (en) | A kind of network side initiates the method for secret protection of number change | |
BRPI1002815B1 (en) | MOBILE COMMUNICATION SYSTEM, GATEWAY APPLIANCE FOR CONNECTING TO A BASE STATION AND A NUCLEUS NETWORK, METHOD OF COMMUNICATION BY A MOBILE COMMUNICATION SYSTEM AND METHOD OF COMMUNICATION BY A GATEWAY APPLIANCE CONNECTING A BASE STATION TO A CORE NETWORK | |
CN105025273B (en) | Connection method, cipher set-up method and the system of storied building visible intercommunication system | |
CN102546533A (en) | Method and system for accessing internet of things business server through unregistered residential gateway | |
CN108668278A (en) | A kind of communication means based on terminal | |
CN104718771B (en) | Method for disabling the application of the network insertion in safety element | |
EP2802116A1 (en) | Mobile device security | |
WO2017101211A1 (en) | Method and apparatus for accessing wireless communication system, and terminal | |
CN105578469B (en) | Communication means, communication terminal and communication system based on terminal | |
CN104891283A (en) | Elevator control system combined with card password | |
CN101540985A (en) | Method for implementing terminal zero intervention charging of WAPI system | |
CN106658499A (en) | Wireless authentication service management mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20181016 |
|
WW01 | Invention patent application withdrawn after publication |