WO2018227929A1 - Procédé et dispositif de mise en œuvre d'une communication par réseau privé - Google Patents

Procédé et dispositif de mise en œuvre d'une communication par réseau privé Download PDF

Info

Publication number
WO2018227929A1
WO2018227929A1 PCT/CN2017/118702 CN2017118702W WO2018227929A1 WO 2018227929 A1 WO2018227929 A1 WO 2018227929A1 CN 2017118702 W CN2017118702 W CN 2017118702W WO 2018227929 A1 WO2018227929 A1 WO 2018227929A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
management
private network
control
switching instruction
Prior art date
Application number
PCT/CN2017/118702
Other languages
English (en)
Chinese (zh)
Inventor
沈涛
傅祥影
李剀
胡应添
刘昕
陈凤江
Original Assignee
京信通信系统(中国)有限公司
京信通信系统(广州)有限公司
京信通信技术(广州)有限公司
天津京信通信系统有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 京信通信系统(中国)有限公司, 京信通信系统(广州)有限公司, 京信通信技术(广州)有限公司, 天津京信通信系统有限公司 filed Critical 京信通信系统(中国)有限公司
Publication of WO2018227929A1 publication Critical patent/WO2018227929A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and a device for implementing private network communication.
  • the prison In order to ensure the safety and stability of the prison, according to the regulations of the Ministry of Justice prohibiting the introduction of mobile phones into prisons, the prison currently uses a cluster intercom system, which plays an important role in improving communication support capabilities, ensuring daily service communication and emergency dispatching, and maintaining the prison's continued security and stability. The role is to improve the rapid response and disposal capacity.
  • the terminals of wireless communication systems such as mobile phones are increasingly becoming an indispensable tool in people's work and life. Because the use of mobile phones is strictly prohibited in the prison, it brings great inconvenience to the work and life of the police in the prison.
  • the embodiment of the invention provides a method and a device for implementing private network communication, which are used to provide an effective control of a terminal communicating in a private network.
  • the method of the present invention includes a method for implementing private network communication, the method comprising: receiving, by the terminal, a management policy delivered by a management server in a mobile communication private network, wherein the management policy is used to control the The right to use at least one functional object in the terminal; the terminal communicates in the mobile communication private network according to the management policy.
  • the method further includes: receiving, by the terminal, a first switching instruction delivered by the control server of the mobile communication private network;
  • the terminal operates in a security mode according to the first switching instruction, where the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the terminal receives the second switching instruction that is sent by the management server, where the second switching instruction is received when the terminal leaves the control area of the management server;
  • the terminal exits the security mode according to the second switching instruction.
  • the terminal further includes:
  • the terminal determines an operating condition that satisfies the management policy, where the operating condition is that the terminal is located in a control area of the management server during an active time period of the management policy.
  • the terminal performs communication in the mobile communication private network according to the management policy, including:
  • the terminal accesses the mobile communication private network through the dedicated access point APN configured by the mobile communication private network for communication.
  • an embodiment of the present invention further provides a method for implementing private network communication, where the method includes:
  • the control server in the mobile communication private network receives the management and control policy sent by the management operation client, wherein the management control policy is used to control the usage rights of at least one functional object in the terminal;
  • the management server sends a management policy to the terminal in the control server control area.
  • the method further includes: the management server sends a first switching instruction to the terminal, where the first switching instruction is used to indicate that the terminal works in a security mode, where the security mode refers to the A mode in which each functional object inside the terminal can be controlled by the management server.
  • the management server sends a second switching instruction to the terminal operating in the security mode, where the second switching instruction is used to indicate that the terminal exits the security mode, and the second switching instruction is Received when the terminal leaves the control area of the management server.
  • an embodiment of the present invention provides a terminal, where the terminal includes:
  • a receiving unit configured to receive a management and control policy delivered by a management server in the mobile communication private network, where the control policy is used to control usage rights of at least one functional object in the terminal;
  • a processing unit configured to perform communication in the mobile communication private network according to the management policy.
  • the embodiment of the invention further provides a management server, which is located in the mobile communication private network, and includes:
  • a receiving unit configured to receive a management policy sent by the management operation client, where the management policy is used to control usage rights of at least one functional object in the terminal;
  • a sending unit configured to send a management policy to the terminal in the control server of the control server.
  • the receiving unit is further configured to receive a first switching instruction that is sent by the management server of the mobile communication private network;
  • the terminal further includes: a switching unit, configured to operate in a security mode according to the first switching instruction, where the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the receiving unit is further configured to receive a second switching instruction that is sent by the management server, where the second switching instruction is received when the terminal leaves the control area of the management server;
  • the switching unit is further configured to exit the security mode according to the second switching instruction.
  • the terminal further includes:
  • a determining unit configured to determine an operating condition that satisfies the management policy, wherein the operating condition is that the terminal is located in a control area of the management server during an active time period of the management policy.
  • the processing unit is specifically configured to:
  • the dedicated access point APN configured by the mobile communication private network accesses the mobile communication private network for communication.
  • the embodiment of the present invention provides a management server, where the management server is located in a mobile communication private network, and includes:
  • a receiving unit configured to receive a management policy sent by the management operation client, where the management policy is used to control usage rights of at least one functional object in the terminal;
  • a sending unit configured to send a management policy to the terminal in the control server of the control server.
  • the sending unit is further configured to: send a first switching instruction to the terminal, where the first switching instruction is used to indicate that the terminal works in a security mode, where the security mode refers to the terminal
  • the internal functional objects can be controlled by the management server.
  • the sending unit is further configured to: send a second switching instruction to the terminal, where the second switching instruction is used to indicate that the terminal exits a security mode, and the second switching instruction is the terminal Received when leaving the control area of the management server.
  • an embodiment of the present application provides a terminal device, including: a communication interface, a processor, and a memory;
  • the processor calls an instruction stored in the memory to perform the following processing:
  • processor is further configured to:
  • the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the processor is further configured to:
  • the processor is further configured to:
  • the processor is further configured to determine an operating condition that satisfies the management policy before the communication is performed in the mobile communication private network according to the management policy, where the operating condition is that the terminal is in the management policy
  • the active time period is located in the control area of the management server.
  • processor is specifically configured to:
  • the dedicated access point APN configured by the mobile communication private network accesses the mobile communication private network for communication.
  • an embodiment of the present application provides a management server, including: a communication interface, a processor, and a memory;
  • the processor calls an instruction stored in the memory to perform the following processing:
  • the processor is further configured to send, by using the communication interface, a first switching instruction to the terminal, where the first switching instruction is used to indicate that the terminal works in a security mode, where the security mode is Refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the processor is further configured to send, by using the communication interface, the second switching instruction to the terminal operating in the security mode, where the second switching instruction is used to indicate that the terminal exits the security mode, and The second switching instruction is received when the terminal leaves the control area of the management server.
  • an embodiment of the present invention provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions are used to cause the computer to execute any of the above The method and device for shielding wireless signals.
  • an embodiment of the present invention provides a computer program product, the computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instruction is When the computer is executed, the computer is caused to perform the method and apparatus for shielding the wireless signal according to any of the above.
  • the embodiment of the present invention provides a private network communication method, which is mainly when a terminal enters an area covered by a private network by means of a card, etc., and is controlled by a control server of the private network, and the control server delivers a control policy to the terminal to control various functions of the terminal.
  • the use permission of the object enables the terminal to connect to the private network when the function is limited. Since the private network communication has the channel encryption capability, thereby completely blocking the channel that may leak data, it can be seen that the mobile communication private network is in the prison. Under the premise of special scene security and stability, the normal voice communication function of the mobile phone and other terminals can be realized, so that the legitimate mobile phone users in the special place can realize normal communication under the controllable conditions.
  • FIG. 1 is a schematic diagram of a system for implementing a special private network communication according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart 1 of a method for implementing private network communication according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a communication method for an intelligent terminal to enter a private network according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a communication method for an intelligent terminal to leave a private network according to an embodiment of the present invention
  • FIG. 5 is a structural diagram of a voice communication system based on the above-mentioned private network communication system according to an embodiment of the present invention.
  • FIG. 6 is a structural diagram of a cluster scheduling system in a management and control communication system according to an embodiment of the present invention.
  • FIG. 7 is a schematic flowchart 2 of a method for implementing private network communication according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a terminal according to an embodiment of the present invention.
  • FIG. 9 is a management server according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
  • a terminal a device that provides voice and/or data connectivity to a user, including a wireless terminal or a wired terminal.
  • the wireless terminal can be a handheld device with wireless connectivity, or other processing device connected to a wireless modem, and a mobile terminal that communicates with one or more core networks via a wireless access network.
  • the wireless terminal can be a mobile phone (or "cellular" phone), a cell phone, and a computer with a mobile terminal.
  • the wireless terminal can also be a portable, pocket, handheld, computer built-in or in-vehicle mobile device.
  • the wireless terminal may be part of a mobile station (mobile station), an access point (English: access point), or a user equipment (English: user equipment, referred to as UE).
  • an embodiment of the present invention provides a system for implementing private network communication, which is mainly composed of the following subsystems: a Public Switched Telephone Network (PSTN), a softswitch gateway, A voice communication server, a cluster scheduling server, a cluster scheduling operation platform, a background management server, a management and control operation platform, a private network core network device, a Gigabit optical switch, a micro base station, an extension switch, and a radio unit.
  • PSTN Public Switched Telephone Network
  • Softswitch gateway A voice communication server
  • a cluster scheduling server a cluster scheduling operation platform
  • a background management server a management and control operation platform
  • a private network core network device a Gigabit optical switch
  • micro base station an extension switch
  • an extension switch an extension switch
  • the operator's fixed-line network is a telephone network commonly used in daily life, providing public fixed-line telephone services.
  • the core network equipment of the private network accesses the fixed line of the operator through the softswitch gateway to realize the interconnection between the private network and the public network.
  • the softswitch gateway implements a call agent, including basic call control functions, such as call routing, management control (establishing a session, tearing down a session), and signaling interworking.
  • the softswitch gateway is the key network element for the internal private network equipment of the system to access the fixed line network of the operator, and is the connection bridge between the enterprise private network and the public network link.
  • the private network core network equipment is a core component of the system for providing private network wireless communication services.
  • the functions of the private network core network equipment are mainly to provide user plane connection, management of users, and completion of service completion; establishment of user connections includes Mobility management, call management, exchange and other functions.
  • User management includes user description, QoS (Qos: Quality of Service), user communication record (Accounting), and security (the security measures provided by the authentication center include security management and protection for mobile services. Security handling of external network access).
  • Bearer connections include to packet data networks and intranets.
  • the internal voice communication of the private network communication system the calling intelligent terminal accesses the core network equipment of the private network through the micro base station, and the network access control, data routing and forwarding processing of the private network core network, paging to the called party
  • the intelligent terminal forms a local voice communication loopback network inside the private network.
  • the background management server and the management operation client are connected, and the administrator controls and operates the remote processing and control of the client, and operates some management policies and saves them to the background management server.
  • the management and operation client can implement rights management, file management, personnel management, application management, secure address book management, and policy management.
  • the security control of the mobile phone, after the policy is issued, whether the mobile phone restarts or shuts down the boot can not be released can achieve the following functions: mandatory program installation, deletion, update; WiFi (Wireless Fidelity, wireless fidelity) on / off / off ; GPS (Global Positioning System) on/off/off; 3G (3rd-Generation, 3rd Generation Mobile Communication) module on/off/off; BT (Bluetooth) on/off/off; camera On/off/off; screenshot function on/off; USB connection.
  • the voice communication server in the private network communication system is a VoIP (Voice over Internet Protocol) server, which is a technology that mainly uses IP phones and introduces corresponding value-added services. VoIP can transmit voice, fax, video, and data services on an IP network. In this system, voice call services are mainly implemented.
  • VoIP Voice over Internet Protocol
  • the cluster scheduling server is an all-IP architecture communication platform, which is a multimedia command and dispatch platform integrating video scheduling, voice scheduling and instant information.
  • Support cluster intercom can be one-click call, dynamic reorganization, late entry, etc.; with voice scheduling function, including organizational structure and rights management, support instant messaging, message distribution and user status presentation. It also has management functions, including multi-level access control management, multi-user group management functions and multi-unit management functions.
  • the cluster scheduling server is connected to the cluster scheduling operation platform, and the cluster scheduling server implements video scheduling, voice scheduling, and instant information functions, and implements scheduling management functions such as group call, group call, monitoring, conference, and recording through the scheduling platform.
  • the embodiment of the present invention provides a schematic flowchart of a method for implementing private network communication. As shown in FIG. 2 , the specific implementation method includes:
  • Step S101 The terminal receives a management policy delivered by a management server in a mobile communication private network, where the management control policy is used to control usage rights of at least one functional object in the terminal.
  • Step S102 The terminal performs communication in the mobile communication private network according to the management and control policy.
  • the functional objects in the terminal refer to functions such as Bluetooth, WIFI, USB, or various applications, and the application may include a recorder, a camera, a dialing, a short message, and the like.
  • the control strategy mainly includes the following aspects: Bluetooth enable/disable, WIFI enable/disable, recording enable/disable, camera enable/disable, GPS enable/disable, mobile data traffic enable/disable, USB connection enable/disable, USB debug enable / disable and other aspects.
  • the method further includes: receiving, by the terminal, the first switching instruction delivered by the control server of the mobile communication private network ;
  • the terminal operates in a security mode according to the first switching instruction, where the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the terminal when the terminal leaves the control area of the management server, the terminal receives a second switching instruction issued by the management server, and the terminal exits the security mode according to the second switching instruction.
  • the smart terminal applicable to the private network communication has two working modes of a normal mode and a security mode, and can switch the working mode according to the network environment.
  • the functions are not limited, including: call, short message, Internet access, photographing, recording, WIFI, intercom, etc.; when the intelligent terminal subsystem works in the security mode, it can be used for text messages, Internet access,
  • the functions of taking pictures, recording, WIFI, etc. are restricted, and only the intercom and call functions are allowed.
  • the call function is limited to dialing or answering whitelist users.
  • such terminals can have the function of NFC (Near Field Communication).
  • the intelligent terminal When entering the monitoring area, the intelligent terminal can be switched to the security mode by using the NFC function, and is also included in the background control system.
  • the dual-mode intelligent terminal accesses the LTE private network and is in a safe mode, completely blocking the channel that may leak data. Including Bluetooth, WIFI, external SD card, MMS and so on.
  • the system is configured with a dedicated APN (APN: Access Point Name access point) (the user cannot modify the APN by itself) to connect to the working intranet.
  • APN Access Point Name access point
  • the intranet communication has channel encryption capability. When you leave the surveillance area, you can switch to normal mode by swiping the smart terminal.
  • the smart terminal when the smart terminal enters a specific supervision area, the user must swipe the card through the smart terminal.
  • the access control system identifies the intelligent terminal subsystem through NFC (Near Field Communication), and the intelligent terminal automatically Switching to the security system, and switching to the normal system is not allowed in the working area.
  • NFC Near Field Communication
  • the intelligent terminal When the intelligent terminal enters the supervision area, the intelligent terminal enters a safe working mode.
  • the intelligent terminal acquires the server-side policy control, It automatically detects whether it meets the policy conditions, including: the role of the base station, the scope of the policy, and the time of the policy. If the policy condition is met, that is, the smart terminal is located in the policy area, the smart terminal is forced to enter the security mode to implement security protection for the policy area.
  • the NFC card processing needs to be performed again.
  • the private network communication system determines that the user will leave the supervision area, and the system prompts whether it goes to the normal mode and releases the smart. Control of the terminal.
  • the intelligent terminal enters the normal working mode, and the terminal functions are not limited, including: call, short message, Internet access, photographing, recording, WIFI, intercom and other functions.
  • the embodiment of the invention adopts the dual mode intelligent terminal, and has the following advantages: (1)
  • the dual mode intelligent terminal is divided into two completely independent ROM (Read-Only Memory) partitions, and the two partitions are completely mutually exclusive. Not affected.
  • the safety mode is adopted during the work in the monitoring area. When leaving the monitoring area, it will return to the normal mode without mutual interference and without affecting each other.
  • the dual-mode intelligent terminal adopts a customized development application in a safe mode to cooperate with a private network to implement a whitelist landing phone function.
  • the terminal in combination with the above intelligent terminal, in the prison area covered by the private network communication, the terminal can only use the internal private network for communication, and the private network communication system provides the white list call and the cluster intercom function for the terminal, and all the white lists have control. Operation client unified configuration and push, you can dial whitelist phone, whitelist contacts can also call back. The management and control client can effectively control the terminal. After the policy is delivered, the terminal cannot release the control.
  • FIG. 5 is a structural diagram of a voice communication system based on the above-mentioned private network communication system according to an embodiment of the present invention.
  • the system is mainly composed of an LTE core network, a distributed small base station, and a soft switching gateway.
  • the communication standard and communication frequency band of the internal private network communication should be planned well, and a certain frequency band of one operator is generally selected for internal private network communication.
  • the calling intelligent terminal accesses the LTE core network through the distributed small base station, and pages the called intelligent terminal through the network access control, data routing and forwarding processing of the LTE core network.
  • the LTE private network consisting of the LTE core network and the distributed small base station connects to the fixed line of the operator through the E1 interface of the softswitch gateway to realize mutual communication between the inside and outside of the prison.
  • FIG. 6 is a structural diagram of a cluster scheduling system in a management and control communication system according to an embodiment of the present invention; the system is mainly composed of an LTE core network, a distributed small base station, a cluster scheduling server, and a cluster scheduling operation platform.
  • the LTE private network inside the prison mainly implements the cluster intercom function by the cluster scheduling server.
  • the mobile terminal needs to install an independent intercom APP, which can realize the intercom function of the mobile phone and the mobile terminal, and can realize the group call, group call and monitoring through the cluster scheduling operation platform. , scheduling, recording and other scheduling management functions.
  • Cluster intercom The intercom function is integrated in the security mode, and the prison police communicates internally through the intercom function.
  • Support multiple intercom call modes of dual-system intelligent terminals including support group calls, single calls and other call modes.
  • the system can implement the scheduling command function and support priority settings such as group priority, member priority, service priority, and voice preemption.
  • Support group members to perform group call in case of sudden situation.
  • Support high-priority group calls to force interrupts of low-priority group calls, and automatically restore default group intercom after high-priority group calls;
  • the platform management staff can initiate the whole network intercom call (the provincial bureau can only refer to the prison management platform and the grassroots unit to the prison user).
  • the dispatched duty person is involved in multiple calls at the same time. Calls that can be initiated and participated include: single call, group call (temporary group call, predefined group call), etc., and have the highest outgoing call authority.
  • the communication management policy can also be configured through the management and control platform.
  • the strategies include: only allowing voice or SMS or data services, allowing voice and short message services, allowing voice and data. Business, etc., specific strategies and data are saved to the communication management server.
  • Each user unit can increase or decrease according to the “white list” of the independent management authorization communication according to their needs; in addition, only the mobile phone number of the operator that is allowed to open the communication can apply for authorization, and the mobile phone numbers of other unauthorized operators cannot be obtained.
  • Authorization For example, whitelist users, only China Mobile, China Unicom or China Telecom's mobile phone number can be authorized to communicate normally.
  • the embodiment of the present invention further provides a schematic flowchart of a method for implementing private network communication.
  • the specific implementation method includes:
  • Step S201 The management server in the mobile communication private network receives the management and control policy sent by the management operation client, where the management control policy is used to control the usage rights of at least one functional object in the terminal;
  • Step S202 the control server sends a control policy to the terminal in the control area of the control server.
  • the management server sends a first switching instruction to the terminal, where the first switching instruction is used to indicate that the terminal works in a security mode, where
  • the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.
  • the management server sends a second switching instruction to the terminal working in the security mode, where the second switching instruction is used to indicate the terminal exit safe Mode.
  • the private network communication system to which the management server is applied is consistent with the above, and the implementation process of the private network communication is consistent with the foregoing method, and therefore will not be described again.
  • an embodiment of the present invention further provides a terminal, where the terminal can perform the foregoing method embodiments.
  • the terminal provided by the embodiment of the present invention includes: a receiving unit 301 and a processing unit 302, where:
  • the receiving unit 301 is configured to receive a management policy delivered by a management server in the mobile communication private network, where the control policy is used to control usage rights of at least one functional object in the terminal;
  • the processing unit 302 is configured to perform communication in the mobile communication private network according to the management policy.
  • the receiving unit 301 is further configured to receive a first switching instruction that is sent by the management server of the mobile communication private network;
  • the terminal further includes: a switching unit 303, configured to work in a security mode according to the first switching instruction, where the security mode refers to that each functional object inside the terminal can be controlled by the control server. mode.
  • the receiving unit 301 is further configured to receive a second switching instruction that is sent by the management server, where the second switching instruction is received when the terminal leaves the control area of the management server;
  • the switching unit 303 is further configured to exit the security mode according to the second switching instruction.
  • the terminal further includes: a determining unit 304, configured to determine that the terminal meets an operating condition of the management policy, where the operating condition is that the terminal is located in a working time period of the management policy In the control area of the management server.
  • processing unit 302 is specifically configured to: access the mobile communication private network through the dedicated access point APN configured by the mobile communication private network for communication.
  • the embodiment of the present invention further provides a management server, where the management server can be implemented in the mobile communication private network, as shown in FIG.
  • the receiving unit 401 is configured to receive a management policy sent by the management operation client, where the management policy is used to control usage rights of at least one functional object in the terminal;
  • the sending unit 402 is configured to send a management policy to the terminal in the control server control area.
  • the sending unit 402 is further configured to send a first switching instruction to the terminal, where the first switching instruction is used to indicate that the terminal works in a security mode, where the security mode refers to the terminal
  • the internal functional objects can be controlled by the management server.
  • the sending unit 402 is further configured to send a management policy to the terminal working in the security mode, where the management policy is used to control usage rights of at least one functional object in the terminal.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • FIG. 10 is a schematic structural diagram of an electronic device according to the present invention.
  • the electronic device 1000 includes: a communication interface 1001, a processor 1002, a memory 1003, and a bus system 1004.
  • the memory 1003 is configured to store a computer program, and may also store some data information and the like received by the electronic device.
  • the computer program can include program code, which can include computer operating instructions and the like.
  • the memory 1003 may be a random access memory (RAM) or a non-volatile memory (NVM), such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed.
  • the memory 1003 can also be a memory in the processor 1002.
  • the memory 1003 can store elements, executable modules or data structures, etc., or a subset thereof, or an extended set thereof:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system Includes a variety of system programs for implementing various basic services and handling hardware-based tasks.
  • the processor 1002 is used for operation of the electronic device 1000, and the processor 1002 may also be referred to as a central processing unit (CPU).
  • CPU central processing unit
  • the communication interface 1001 is configured to perform processing such as information transmission and reception of other devices connected to the electronic device 1000.
  • the bus system 1004 may include a power bus, a control bus, a status signal bus, and the like in addition to the data bus.
  • various buses are labeled as bus system 1004 in the figure. For ease of representation, only the schematic drawing is shown in FIG.
  • the method disclosed in the foregoing embodiment of the present application may be applied to the processor 1002 or implemented by the processor 1002.
  • the processor 1002 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the foregoing method may be completed by hardware integrated logic circuits in the processor 1002 or instructions in software form.
  • the processor 1002 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium can be located in the memory 1003, and the processor 1002 can read the information stored in the memory 1003 and perform the above method steps in conjunction with the hardware.
  • the processor provided in this embodiment may receive the management and control policy delivered by the management server in the mobile communication private network through the communication interface, where the management policy is used for Controlling usage rights of at least one functional object in the terminal; performing communication in the mobile communication private network according to the management and control policy.
  • the management policy is used for Controlling usage rights of at least one functional object in the terminal; performing communication in the mobile communication private network according to the management and control policy.
  • the processor provided in this embodiment may receive a management policy sent by the management operation client through the communication interface, where the management policy is used to control at least the terminal A usage right of a functional object sends a management policy to a terminal in the control server control area.
  • the embodiment of the present invention provides a private network communication method, which is mainly when a terminal enters an area covered by a private network by means of a card, etc., and is controlled by a management server of the private network, and the control server issues a management and control policy to the terminal, and controls the terminal.
  • the use rights of each functional object enable the terminal to connect to the private network when the function is limited. Since the private network communication has the channel encryption capability, thereby completely blocking the channel that may leak data, it is seen that the mobile communication private network Under the premise of ensuring the security and stability of special scenes such as prisons, the normal voice communication functions of terminals such as mobile phones can be realized, so that legitimate mobile phone users in special places can realize normal communication under controlled conditions.
  • the present invention also provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the wireless of any of the above Signal shielding method.
  • the present invention also provides a computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to perform the method of shielding the wireless signal according to any one of the above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé et un dispositif de mise en œuvre d'une communication par réseau privé, le procédé comportant les étapes suivantes: un terminal reçoit une politique de gestion émise par un serveur de gestion dans un réseau privé de communications mobiles, la politique de gestion étant utilisée pour réguler les droits d'utilisation d'au moins un objet fonctionnel dans le terminal; et le terminal réalise une communication dans le réseau privé de communications mobiles selon la politique de gestion de façon à permettre la gestion efficace du terminal réalisant la communication dans le réseau privé.
PCT/CN2017/118702 2017-06-12 2017-12-26 Procédé et dispositif de mise en œuvre d'une communication par réseau privé WO2018227929A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710440050.5 2017-06-12
CN201710440050.5A CN107172066A (zh) 2017-06-12 2017-06-12 一种专网通信的实现方法及设备

Publications (1)

Publication Number Publication Date
WO2018227929A1 true WO2018227929A1 (fr) 2018-12-20

Family

ID=59825339

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/118702 WO2018227929A1 (fr) 2017-06-12 2017-12-26 Procédé et dispositif de mise en œuvre d'une communication par réseau privé

Country Status (2)

Country Link
CN (1) CN107172066A (fr)
WO (1) WO2018227929A1 (fr)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172066A (zh) * 2017-06-12 2017-09-15 天津京信通信系统有限公司 一种专网通信的实现方法及设备
CN109699026B (zh) * 2017-10-23 2021-03-19 大唐移动通信设备有限公司 一种基站的通信管控方法和装置
CN110266878A (zh) * 2019-05-24 2019-09-20 北京指掌易科技有限公司 一种实现将普通终端作为工作专用终端的方法
CN112351465B (zh) * 2019-08-08 2023-01-31 成都鼎桥通信技术有限公司 网络模式切换方法和装置
CN112579388A (zh) * 2019-09-30 2021-03-30 奇安信科技集团股份有限公司 移动终端管控方法及装置
CN110839268B (zh) * 2019-10-12 2021-11-09 国网浙江省电力有限公司杭州供电公司 基于无线专网的wifi管控方法
CN110708694A (zh) * 2019-10-15 2020-01-17 武汉诚迈科技有限公司 公专网同时在线的实现方法、系统、存储介质及电子设备
CN111885608B (zh) * 2020-06-16 2023-05-23 中国人民解放军战略支援部队信息工程大学 基于空中接口的移动终端管控系统及方法
CN111767971A (zh) * 2020-06-30 2020-10-13 深圳市筑泰防务智能科技有限公司 基于电子标签的终端管控方法、装置、终端以及可读存储介质
CN112203305A (zh) * 2020-09-30 2021-01-08 中国联合网络通信集团有限公司 移动终端管理方法、终端管理平台、管理网元及移动终端
CN113422772B (zh) * 2021-06-22 2023-05-30 中国联合网络通信集团有限公司 专网终端访问处理方法、装置及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242444A (zh) * 2006-09-01 2008-08-13 捷讯研究有限公司 基于位置对手持移动通信装置特征的禁止操作
CN101873571A (zh) * 2010-06-24 2010-10-27 华为终端有限公司 终端状态控制方法及终端
CN104581719A (zh) * 2013-10-21 2015-04-29 沈阳讯网网络科技有限公司 一种对移动终端进行通讯权限管理的方法及系统
US20150350090A1 (en) * 2014-05-29 2015-12-03 Tait Limited Policy implementation over lmr and ip networks
CN107172066A (zh) * 2017-06-12 2017-09-15 天津京信通信系统有限公司 一种专网通信的实现方法及设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242444A (zh) * 2006-09-01 2008-08-13 捷讯研究有限公司 基于位置对手持移动通信装置特征的禁止操作
CN101873571A (zh) * 2010-06-24 2010-10-27 华为终端有限公司 终端状态控制方法及终端
CN104581719A (zh) * 2013-10-21 2015-04-29 沈阳讯网网络科技有限公司 一种对移动终端进行通讯权限管理的方法及系统
US20150350090A1 (en) * 2014-05-29 2015-12-03 Tait Limited Policy implementation over lmr and ip networks
CN107172066A (zh) * 2017-06-12 2017-09-15 天津京信通信系统有限公司 一种专网通信的实现方法及设备

Also Published As

Publication number Publication date
CN107172066A (zh) 2017-09-15

Similar Documents

Publication Publication Date Title
WO2018227929A1 (fr) Procédé et dispositif de mise en œuvre d'une communication par réseau privé
EP3764671B1 (fr) Procédé et appareil de communication
CN107770815B (zh) 一种基于位置的mec方法及设备
CN107332639B (zh) 一种专网通信的实现方法及系统
US9386623B2 (en) Method and apparatus for maintaining priority and quality of service across multi-user devices
US9608875B2 (en) Individually unique key performance indicator management
CN106559591B (zh) 基于呼叫转移实现的手机终端通话方法及装置
WO2017166221A1 (fr) Procédé, dispositif et système de contrôle d'accès radio
WO2018227927A1 (fr) Procédé et dispositif de création d'effet d'écran pour des signaux
JP2002165031A (ja) 電話網ノード装置
CN107342838B (zh) 一种专网通信的实现方法及系统
US20140280937A1 (en) Method and apparatus for determining public safety priority on a broadband network
US20230112588A1 (en) Communication method and related device
CN109246835B (zh) 一种通信方法及装置
WO2011079721A1 (fr) Procédé de communication et système de gestion locale
KR100926051B1 (ko) 통신 제한 중에 페이지에 대해 응답하는 시스템 및 방법
US20230164878A1 (en) Radio barrier processing method and network device
KR20060029631A (ko) 무선 커뮤니케이터
WO2012163113A1 (fr) Procédé et dispositif de protection de service de données
CN104185160A (zh) 一种移动业务应用迁移系统及其代理终端
CN114025412B (zh) 业务访问方法、系统、装置及存储介质
CN112770107B (zh) 一种承载的修改方法及相关装置
CN104378505A (zh) 会议模式设置方法及装置
FI128086B (en) Remote control of wireless user equipment
WO2020034972A1 (fr) Procédé et dispositif de migration de session

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17913547

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 30/04/2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17913547

Country of ref document: EP

Kind code of ref document: A1