[go: up one dir, main page]

CN107172066A - A method and device for realizing private network communication - Google Patents

A method and device for realizing private network communication Download PDF

Info

Publication number
CN107172066A
CN107172066A CN201710440050.5A CN201710440050A CN107172066A CN 107172066 A CN107172066 A CN 107172066A CN 201710440050 A CN201710440050 A CN 201710440050A CN 107172066 A CN107172066 A CN 107172066A
Authority
CN
China
Prior art keywords
management
terminal
control
server
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710440050.5A
Other languages
Chinese (zh)
Inventor
沈涛
傅祥影
李剀
胡应添
刘昕
陈凤江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comba Telecom Technology Guangzhou Ltd
Comba Telecom Systems Guangzhou Co Ltd
Tianjin Comba Telecom Systems Co Ltd
Comba Network Systems Co Ltd
Original Assignee
Comba Telecom Technology Guangzhou Ltd
Comba Telecom Systems China Ltd
Comba Telecom Systems Guangzhou Co Ltd
Tianjin Comba Telecom Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comba Telecom Technology Guangzhou Ltd, Comba Telecom Systems China Ltd, Comba Telecom Systems Guangzhou Co Ltd, Tianjin Comba Telecom Systems Co Ltd filed Critical Comba Telecom Technology Guangzhou Ltd
Priority to CN201710440050.5A priority Critical patent/CN107172066A/en
Publication of CN107172066A publication Critical patent/CN107172066A/en
Priority to PCT/CN2017/118702 priority patent/WO2018227929A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method and a device for realizing private network communication, wherein the method comprises the following steps: the terminal receives a control strategy issued by a control server in a mobile communication private network, wherein the control strategy is used for controlling the use authority of at least one functional object in the terminal; and the terminal communicates in the mobile communication private network according to the control strategy, so that the terminal communicating in the private network is effectively controlled.

Description

一种专网通信的实现方法及设备A method and device for realizing private network communication

技术领域technical field

本发明涉及通信领域,尤其涉及一种专网通信的实现方法及设备。The present invention relates to the communication field, in particular to a method and equipment for realizing private network communication.

背景技术Background technique

为了确保监狱安全稳定,根据司法部严禁手机带入监狱的规定,监狱目前采用集群对讲系统,该系统对于提高通信保障能力、保证日常勤务通讯及应急调度指挥、维护监狱持续安全稳定发挥了重要作用,提高了快速反应和处置能力。但是现代社会,手机等无线通信系统的终端日益成为人们工作和生活中所不可缺少的重要工具,由于监内严禁使用手机,给监区内的民警的工作和生活带来较大的不便。In order to ensure the safety and stability of the prison, according to the regulations of the Ministry of Justice that mobile phones are strictly prohibited from being brought into the prison, the prison currently adopts a cluster intercom system, which plays an important role in improving communication security capabilities, ensuring daily service communication and emergency dispatching command, and maintaining the continuous security and stability of the prison. function, improving the rapid response and disposal capabilities. However, in modern society, the terminals of wireless communication systems such as mobile phones have increasingly become indispensable important tools in people's work and life. Because the use of mobile phones is strictly prohibited in the prison, it brings greater inconvenience to the work and life of the police in the prison area.

基于目前监狱信息管控和指挥系统的实际情况,迫切需要提供一种新型的专网通信方法,可以将无线通信技术和信息安全管控进行有效的融合,达到在监狱等特殊场合也可以让合法用户使用手机进行正常通信的目的。Based on the actual situation of the current prison information management and command system, it is urgent to provide a new type of private network communication method, which can effectively integrate wireless communication technology and information security management and control, so that legal users can also use it in special occasions such as prisons. The purpose of the normal communication of the mobile phone.

发明内容Contents of the invention

本发明实施例提供一种专网通信的实现方法及设备,用以提供一种实现对专网内进行通信的终端进行有效地管控。Embodiments of the present invention provide a method and device for implementing private network communication, which are used to provide a method for effectively managing and controlling terminals that communicate within the private network.

一方面,本发明方法包括一种专网通信的实现方法,该方法包括:所述终端接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限;所述终端根据所述管控策略在所述移动通信专网中进行通信。On the one hand, the method of the present invention includes a method for implementing private network communication, the method comprising: the terminal receiving a management and control strategy issued by a management and control server in the mobile communication private network, wherein the management and control strategy is used to control the terminal The use authority of at least one functional object; the terminal communicates in the private mobile communication network according to the management and control policy.

另一方面,基于同样的发明构思,本发明实施例还提供一种专网通信的实现方法,该方法包括:On the other hand, based on the same inventive concept, the embodiment of the present invention also provides a method for implementing private network communication, the method including:

移动通信专网内的管控服务器接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;The management and control server in the mobile communication private network receives the management and control strategy sent by the management and control operation client, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal;

所述管控服务器向所述管控服务器控制区域内的终端发送管控策略。The management and control server sends the management and control policy to the terminals in the area controlled by the management and control server.

与上述方法相对应,本发明实施例提供一种终端,该终端包括:Corresponding to the above method, an embodiment of the present invention provides a terminal, the terminal includes:

接收单元,用于接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限;The receiving unit is configured to receive a management and control strategy issued by a management and control server in the mobile communication private network, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal;

处理单元,用于根据所述管控策略在所述移动通信专网中进行通信。A processing unit, configured to communicate in the private mobile communication network according to the management and control policy.

本发明实施例还提供一种管控服务器,该管控服务器位于移动通信专网内,包括:The embodiment of the present invention also provides a management and control server, the management and control server is located in the mobile communication private network, including:

接收单元,用于接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;A receiving unit, configured to receive a management and control strategy sent by the management and control operation client, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal;

发送单元,用于向所述管控服务器控制区域内的终端发送管控策略。A sending unit, configured to send the management and control policy to the terminals in the area controlled by the management and control server.

本发明实施例提供一种专网通信方法,主要是终端通过刷卡等方式进入专网覆盖的区域时,被专网的管控服务器管控,管控服务器下发管控策略到终端,控制终端的各项功能对象的使用权限,使终端在功能受限的情况下连接到专网,由于专网通信具备通道加密能力,从而完全阻断可能外泄数据的通道,可见,这一移动通信专网在保证监狱等特殊场景安全稳定的前提下,可以实现了手机等终端的正常语音通信功能,使得特殊场所内的合法手机用户在可控的条件下可以实现正常通信。The embodiment of the present invention provides a private network communication method, mainly when the terminal enters the area covered by the private network by swiping a card, etc., it is controlled by the management and control server of the private network, and the management and control server issues a management and control policy to the terminal to control various functions of the terminal The use authority of the object allows the terminal to connect to the private network with limited functions. Since the private network communication has the channel encryption capability, it completely blocks the channel that may leak data. It can be seen that this mobile communication private network is guaranteed Under the premise of security and stability in special scenarios, the normal voice communication function of terminals such as mobile phones can be realized, so that legitimate mobile phone users in special places can realize normal communication under controllable conditions.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.

图1为本发明实施例提供的一种新型的专网通信的实现系统示意图;FIG. 1 is a schematic diagram of a novel private network communication implementation system provided by an embodiment of the present invention;

图2为本发明实施例提供的一种专网通信的实现方法流程示意图一;FIG. 2 is a first schematic flow diagram of a method for implementing private network communication provided by an embodiment of the present invention;

图3为本发明实施例提供的一种智能终端进入专网的通信方法示意图;FIG. 3 is a schematic diagram of a communication method for an intelligent terminal to enter a private network provided by an embodiment of the present invention;

图4为本发明实施例提供的一种智能终端离开专网的通信方法示意图;FIG. 4 is a schematic diagram of a communication method for an intelligent terminal to leave a private network provided by an embodiment of the present invention;

图5为本发明实施例提供的一种基于上述专网通信系统的语音通信系统架构图;FIG. 5 is an architecture diagram of a voice communication system based on the above-mentioned private network communication system provided by an embodiment of the present invention;

图6为本发明实施例提供的一种管控通信系统中集群调度系统架构图;FIG. 6 is an architecture diagram of a cluster scheduling system in a management and control communication system provided by an embodiment of the present invention;

图7为本发明实施例提供的一种专网通信的实现方法流程示意图二;FIG. 7 is a second schematic flow diagram of a method for implementing private network communication provided by an embodiment of the present invention;

图8为本发明实施例提供的一种终端;FIG. 8 is a terminal provided by an embodiment of the present invention;

图9为本发明实施例提供的一种管控服务器。FIG. 9 is a management and control server provided by an embodiment of the present invention.

具体实施方式detailed description

为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments . Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本文中结合终端和/或基站来描述各种方面。终端,指向用户提供语音和/或数据连通性的设备,包括无线终端或有线终端。无线终端可以是具有无线连接功能的手持式设备、或连接到无线调制解调器的其他处理设备,经无线接入网与一个或多个核心网进行通信的移动终端。例如,无线终端可以是移动电话(或称为“蜂窝”电话)、手机和具有移动终端的计算机。又如,无线终端也可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置。再如,无线终端可以为移动站(英文为:mobile station)、接入点(英文为:accesspoint)、或用户设备(英文为:user equipment,简称UE)的一部分。Various aspects are described herein in connection with terminals and/or base stations. Terminal refers to a device that provides voice and/or data connectivity to users, including wireless terminals or wired terminals. The wireless terminal may be a handheld device with a wireless connection function, or other processing device connected to a wireless modem, and a mobile terminal that communicates with one or more core networks via a wireless access network. Wireless terminals may be, for example, mobile telephones (or "cellular" telephones), cell phones, and computers with mobile terminals. As another example, the wireless terminal may also be a portable, pocket, hand-held, computer built-in or vehicle-mounted mobile device. For another example, the wireless terminal may be a mobile station (English: mobile station), an access point (English: accesspoint), or a part of a user equipment (English: user equipment, referred to as UE).

如图1所示,本发明实施例提供一种新型的专网通信的实现系统,该系统主要由如下几个子系统组成:运营商固话网(Public Switched Telephone Network,PSTN)、软交换网关、语音通信服务器、集群调度服务器、集群调度操作平台、后台管控服务器、管控操作平台、专网核心网设备、千兆光交换机、微基站、扩展交换机、射频单元等构成。As shown in Figure 1, the embodiment of the present invention provides a novel private network communication implementation system, which is mainly composed of the following subsystems: operator's fixed telephone network (Public Switched Telephone Network, PSTN), softswitch gateway, Voice communication server, cluster scheduling server, cluster scheduling operation platform, background management and control server, management and control operation platform, private network core network equipment, gigabit optical switch, micro base station, extension switch, radio frequency unit, etc.

其中,运营商固话网就是日常生活中常用的电话网,提供公共固定电话业务。专网核心网设备通过软交换网关,接入到运营商固话网,实现专网和公网之间的互联互通。其中,软交换网关实现呼叫代理,包括基本呼叫控制功能,如呼叫选路,管理控制(建立会话、拆除会话),信令互通等。软交换网关是本系统的内部专网核心网设备接入到运营商固话网的关键网元,是企业专网和公网链路的连接桥梁。Among them, the operator's fixed telephone network is a telephone network commonly used in daily life, providing public fixed telephone services. The private network core network equipment is connected to the operator's fixed-line network through the softswitch gateway to realize the interconnection and intercommunication between the private network and the public network. Among them, the softswitch gateway implements call proxy, including basic call control functions, such as call routing, management control (session establishment, session teardown), signaling intercommunication, and the like. The softswitch gateway is the key network element for the system's internal private network core network equipment to connect to the operator's fixed-line network, and is the connection bridge between the enterprise private network and the public network link.

其中,专网核心网设备是本系统提供专网无线通信服务的核心组成部分,专网核心网设备的功能主要是提供用户面连接、对用户的管理以及对业务完成承载;用户连接的建立包括移动性管理、呼叫管理、交换等功能。用户管理包括用户的描述、Qos(Qos:Qualityof Service,服务质量)、用户通信记录(Accounting)、安全性(由鉴权中心提供相应的安全性措施包含了对移动业务的安全性管理和对外部网络访问的安全性处理)。承载连接包括到分组数据网和内部网等。专网通信系统的内部语音通信,主叫的智能终端通过微基站,接入到专网核心网设备,通过专网核心网的网络接入控制、数据路由和转发处理,寻呼到被叫的智能终端,形成专网内部的本地语音通信回环网络。专网核心网设备和微基站构成了的专网通信,如果通过软交换网关的接口对接运营商固话网,就可以实现专网中的终端与公网中的终端的互相通话。Among them, the private network core network equipment is the core component of the system to provide private network wireless communication services. The functions of the private network core network equipment are mainly to provide user plane connections, manage users, and carry out services; the establishment of user connections includes Mobility management, call management, switching and other functions. User management includes user description, Qos (Qos: Quality of Service, quality of service), user communication records (Accounting), security (corresponding security measures provided by the authentication center include security management of mobile services and external security handling of network access). Bearer connections include to packet data networks and intranets, etc. In the internal voice communication of the private network communication system, the calling intelligent terminal is connected to the private network core network equipment through the micro base station, and is paged to the called party through the network access control, data routing and forwarding processing of the private network core network. Smart terminals form a local voice communication loopback network inside the private network. The private network communication composed of the private network core network equipment and the micro base station, if the interface of the softswitch gateway is connected to the fixed line network of the operator, the terminals in the private network and the terminals in the public network can communicate with each other.

其中,后台管控服务器和管控操作客户端连接,管理员通过管控操作客户端的远程处理和控制,将一些管控策略进行操作,并保存到后台管控服务器上。Among them, the background management and control server is connected with the management and control operation client, and the administrator operates some management and control strategies through the remote processing and control of the management and control operation client, and saves them on the background management and control server.

其中,管控操作客户端,可以实现权限管理、文件管理、人员管理、应用管理、安全通讯录管理、策略管理等。其中,对手机进行安全管控,策略下发后无论手机重启还是关机开机都无法解除控制,可以实现如下功能:强制程序安装、删除、更新;WiFi(WirelessFidelity,无线保真)开启/禁用/关闭;GPS(Global Positioning System,全球定位系统)开启/禁用/关闭;3G(3rd-Generation,第三代移动通信技术)模块开启/禁用/关闭;BT(Bluetooth,蓝牙)开启/禁用/关闭;摄像头开启/禁用/关闭;截图功能开启/禁用;USB连接功能。Among them, the management and control operation client can realize rights management, file management, personnel management, application management, security address book management, policy management, etc. Among them, the security control of the mobile phone is carried out. After the policy is issued, the control cannot be released regardless of whether the mobile phone is restarted or turned off. The following functions can be realized: mandatory program installation, deletion, and update; WiFi (Wireless Fidelity, Wireless Fidelity) on/off/off; GPS (Global Positioning System, Global Positioning System) on/off/off; 3G (3rd-Generation, third-generation mobile communication technology) module on/off/off; BT (Bluetooth, Bluetooth) on/off/off; camera on /disable/disable; screenshot function enable/disable; USB connection function.

进一步地,专网通信系统中的语音通信服务器就是一个VoIP(Voice overInternet Protocol,网络电话)服务器,是一种以IP电话为主,并推出相应的增值业务的技术。VoIP可以在IP网络上的传送语音、传真、视频、和数据等业务,在本系统主要实现语音通话业务为主。Furthermore, the voice communication server in the private network communication system is a VoIP (Voice over Internet Protocol, network telephone) server, which is a technology based on IP telephony and which provides corresponding value-added services. VoIP can transmit voice, fax, video, and data services on the IP network, and the system mainly realizes voice call services.

其中,集群调度服务器是全IP的架构的通信平台,集视频调度,语音调度、即时信息于一体的多媒体指挥调度平台。支持集群对讲,可以一键呼叫、动态重组、迟后进入等;具有语音调度功能,包括组织架构和权限管理,支持即时消息,实现消息的分发和用户状态呈现。同时也具备管理功能,包括多级权限控制管理、多用户组管理功能和多单位管理功能。Among them, the cluster dispatch server is a communication platform with an all-IP architecture, a multimedia command and dispatch platform integrating video dispatch, voice dispatch, and instant information. Support cluster intercom, one-key call, dynamic reorganization, delayed entry, etc.; have voice scheduling function, including organizational structure and authority management, support instant messaging, realize message distribution and user status presentation. At the same time, it also has management functions, including multi-level authority control management, multi-user group management functions and multi-unit management functions.

其中,集群调度服务器与集群调度操作平台相连接,由集群调度服务器实现视频调度,语音调度、即时信息功能,通过调度平台实现群呼,组呼,监听、会议、录音等调度管理功能。Among them, the cluster scheduling server is connected with the cluster scheduling operation platform, and the cluster scheduling server realizes video scheduling, voice scheduling, and instant messaging functions, and the scheduling management functions such as group call, group call, monitoring, conference, and recording are realized through the scheduling platform.

基于图1所示的专网通信系统,本发明实施例提供一种专网通信的实现方法流程示意图,如图2所示,具体地实现方法包括:Based on the private network communication system shown in Figure 1, an embodiment of the present invention provides a schematic flowchart of a method for implementing private network communication, as shown in Figure 2, and the specific implementation method includes:

步骤S101,所述终端接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限。Step S101 , the terminal receives a management and control policy issued by a management and control server in a private mobile communication network, wherein the management and control policy is used to control the use authority of at least one functional object in the terminal.

步骤S102,所述终端根据所述管控策略在所述移动通信专网中进行通信。Step S102, the terminal communicates in the private mobile communication network according to the management and control policy.

需要说明的是,在步骤S101中,终端中的功能对象指的是蓝牙、WIFI、USB或者各种应用程序等功能,应用程序可以包含录音器、相机、拨号、短信等程序。管控策略则主要包括以下几方面:蓝牙启用/禁用、WIFI启用/禁用、录音启用/禁用、相机启用/禁用、GPS启用/禁用、移动数据流量启用/禁用、USB连接启用/禁用、USB调试启用/禁用等方面。It should be noted that in step S101, the functional objects in the terminal refer to functions such as Bluetooth, WIFI, USB, or various application programs, and the application programs may include programs such as recorder, camera, dialer, and short message. The control strategy mainly includes the following aspects: enable/disable Bluetooth, enable/disable WIFI, enable/disable recording, enable/disable camera, enable/disable GPS, enable/disable mobile data flow, enable/disable USB connection, enable USB debugging /disable etc.

进一步地,在执行步骤S101之前,即终端接收移动通信专网内的管控服务器下发的管控策略之前,还包括:所述终端接收所述移动通信专网的管控服务器下发的第一切换指令;Further, before step S101 is executed, that is, before the terminal receives the management and control strategy issued by the management and control server in the private mobile communication network, the method further includes: the terminal receiving a first switching instruction issued by the management and control server of the mobile communication private network ;

所述终端根据所述第一切换指令工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。The terminal works in a security mode according to the first switching instruction, wherein the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server.

进一步地,当终端离开所述管控服务器的控制区域时,所述终端接收所述管控服务器下发的第二切换指令,所述终端根据所述第二切换指令退出所述安全模式。Further, when the terminal leaves the control area of the management and control server, the terminal receives a second switching instruction issued by the management and control server, and the terminal exits the security mode according to the second switching instruction.

也就是说,适用于该专网通信的智能终端具有普通模式和安全模式两种工作模式,且能够根据网络环境进行工作模式的切换。其中,当智能终端工作于普通模式,功能不受限,包括:通话、短信、上网、拍照、录音、WIFI、对讲等功能;当智能终端子系统工作于安全模式,可对短信、上网、拍照、录音、WIFI等功能进行限制,只允许使用对讲、通话功能,其中,通话功能只限于拨打或接听白名单用户。另外,这类终端可以具备NFC(Near FieldCommunication,近距离无线通讯技术)的功能。进入监区时可以利用智能终端自带NFC功能切换到安全模式,并同时纳入后台管控系统中,双模式智能终端接入到LTE专网,处于安全模式,完全阻断可能外泄数据的通道,包括蓝牙、WIFI、外置SD卡、彩信等。通过系统配置的专属APN(APN:Access Point Name接入点)(用户无法自行修改APN)连接到工作内网,内网通信具备通道加密能力。离开监区时,可通过刷智能终端切换到普通模式。That is to say, the smart terminal suitable for the private network communication has two working modes, normal mode and safe mode, and can switch the working mode according to the network environment. Among them, when the smart terminal works in the normal mode, the functions are not limited, including: calling, text message, surfing the Internet, taking pictures, recording, WIFI, intercom, etc.; when the smart terminal subsystem works in the safe mode, it can Functions such as taking pictures, recording, and WIFI are restricted, and only intercom and call functions are allowed. Among them, the call function is limited to dialing or answering whitelist users. In addition, this type of terminal may have an NFC (Near Field Communication, short-range wireless communication technology) function. When entering the surveillance area, you can use the NFC function of the smart terminal to switch to the safe mode, and at the same time incorporate it into the background management and control system. The dual-mode smart terminal is connected to the LTE private network and is in the safe mode, completely blocking the channel that may leak data. Including Bluetooth, WIFI, external SD card, MMS, etc. Connect to the work intranet through the exclusive APN (APN: Access Point Name access point) configured by the system (users cannot modify the APN by themselves), and the intranet communication has channel encryption capabilities. When leaving the prison area, you can switch to the normal mode by swiping the smart terminal.

此外,由于监狱等场所的内部是独立的专网,进入该专网范围的手机等终端无法使用公网的认证鉴权方式,因此需要单独发卡,终端需要全网通双卡双待手机,在监狱等场所的外部使用运营商公网卡,到了监狱等场所的内部会自动切换到使用专网卡。其中,终端进行模式切换的原理如下:In addition, because prisons and other places have independent private networks inside, mobile phones and other terminals entering the private network range cannot use public network authentication and authentication methods, so they need to issue separate cards, and terminals need full Netcom dual-card dual-standby mobile phones. The external use of the operator's public network card in places such as prisons will automatically switch to the use of private network cards in places such as prisons. Among them, the principle of terminal mode switching is as follows:

场景一:scene one:

如图3所示,当智能终端在进入特定的监管区的时候,用户必须通过智能终端进行刷卡,门禁系统通过NFC(Near Field Communication,近场通信)对智能终端子系统进行识别,智能终端自动切换到安全系统,并且在工作区域内不允许切换到普通系统,当智能终端判进入了监管区,则智能终端进入到安全的工作模式,此时,在智能终端获取到服务器端策略管控后,自动检测其是否满足策略条件,包括:策略作用基站、策略作用范围和策略作用时间。若满足策略条件,即智能终端策略时间内位于策略区域中,则智能终端强制进入安全模式,以实现对策略区域的安全保护。As shown in Figure 3, when the smart terminal enters a specific supervision area, the user must swipe the card through the smart terminal, and the access control system recognizes the smart terminal subsystem through NFC (Near Field Communication, near field communication), and the smart terminal automatically Switch to the security system, and it is not allowed to switch to the normal system in the working area. When the smart terminal enters the supervision area, the smart terminal enters the safe working mode. At this time, after the smart terminal obtains the server-side policy control, Automatically detect whether it meets the policy conditions, including: policy action base station, policy action range and policy action time. If the policy conditions are satisfied, that is, the smart terminal is located in the policy area within the policy time, the smart terminal is forced to enter the security mode, so as to realize the security protection of the policy area.

场景二:Scene two:

如图4所示,当终端离开特定的监管区的时候,需要再次进行NFC打卡处理,专网通信系统判断出用户将离开监管区,系统提示其是否转到普通模式中去,并解除对智能终端的管控。智能终端进入到普通工作模式,终端功能不受限,包括:通话、短信、上网、拍照、录音、WIFI、对讲等功能。As shown in Figure 4, when the terminal leaves a specific supervision area, it needs to perform NFC punch-in processing again. The private network communication system judges that the user will leave the supervision area, and the system prompts whether to switch to the normal mode, and releases the smart Terminal management and control. The smart terminal enters the normal working mode, and the terminal functions are not limited, including: calling, text message, surfing the Internet, taking pictures, recording, WIFI, intercom and other functions.

本发明实施例采用双模式的智能终端,主要有如下优点:(1)双模式的智能终端分为两个完全独立的ROM(Read-Only Memory,只读内存)分区,两个分区间互相完全不受影响。在监区内工作期间采用安全模式,离开监区即恢复到普通模式,互不干扰,互不影响。(2)在监区内工作期间采用安全模式配合后台进行对双模式的智能终端的全面管控,使智能终端成为工作专用设备,同时还能满足一些方便的工作需要如电话、对讲等功能,这样可以最大限度的减少在监区内重复设备的使用。(3)双模式的智能终端在安全模式下采用定制开发的应用程序配合专网实现白名单落地电话的功能。The embodiment of the present invention adopts the dual-mode intelligent terminal, which mainly has the following advantages: (1) the dual-mode intelligent terminal is divided into two completely independent ROM (Read-Only Memory, read-only memory) partitions, and the two partitions are completely independent of each other. Not affected. When working in the prison area, the safety mode is adopted, and the normal mode is restored when leaving the prison area, without interfering with or affecting each other. (2) During the working period in the surveillance area, the security mode is used to cooperate with the background to comprehensively control the dual-mode intelligent terminal, so that the intelligent terminal becomes a special device for work, and at the same time, it can also meet some convenient work needs such as telephone, intercom and other functions. This minimizes the use of duplication of equipment within the surveillance area. (3) The dual-mode intelligent terminal adopts the custom-developed application program and cooperates with the private network to realize the function of whitelist landing phone in the security mode.

可见,结合使用上述智能终端,在专网通信覆盖的监狱区域内,终端只能使用内部专网进行通信,专网通信系统为终端提供白名单通话和集群对讲功能,所有白名单都有管控操作客户端统一配置和推送,可以拨打白名单电话,白名单联系人也可以回拨。管控操作客户端可以有效的对终端进行安全管控,策略下发后终端无法解除控制。It can be seen that, in combination with the above-mentioned smart terminals, in the prison area covered by private network communication, the terminal can only use the internal private network for communication. The private network communication system provides terminals with whitelist calls and group intercom functions, and all whitelists are controlled. The operation client is configured and pushed in a unified manner, and whitelist calls can be made, and whitelist contacts can also call back. The control operation client can effectively control the security of the terminal, and the terminal cannot be released after the policy is issued.

图5是本发明实施例提供的一种基于上述专网通信系统的语音通信系统架构图。本系统主要由LTE核心网、分布式小基站、软交换网关构成。其中,内部专网通信的通信制式和通信频段要规划好,一般选择一个运营商的某一个频段,用于内部专网通信。Fig. 5 is an architecture diagram of a voice communication system based on the above-mentioned private network communication system provided by an embodiment of the present invention. This system is mainly composed of LTE core network, distributed small base stations, and softswitch gateways. Among them, the communication system and communication frequency band of the internal private network communication should be well planned. Generally, a certain frequency band of an operator is selected for internal private network communication.

LTE专网的内部语音通信,主叫的智能终端通过分布式小基站,接入到LTE核心网,通过LTE核心网的网络接入控制、数据路由和转发处理,寻呼到被叫的智能终端,形成本地语音通信回环网络。LTE核心网和分布式小基站构成的LTE专网,通过软交换网关的E1接口对接运营商固话网,实现监狱内外的互相通话。In the internal voice communication of the LTE private network, the calling smart terminal accesses the LTE core network through distributed small base stations, and paging to the called smart terminal through the network access control, data routing and forwarding processing of the LTE core network , forming a local voice communication loopback network. The LTE private network composed of LTE core network and distributed small base stations is connected to the operator's fixed-line network through the E1 interface of the softswitch gateway to realize mutual communication inside and outside the prison.

进一步地,图6是本发明实施例提供的一种管控通信系统中集群调度系统架构图;本系统主要由LTE核心网、分布式小基站、集群调度服务器和集群调度操作平台构成。监狱内部LTE专网主要由集群调度服务器实现集群对讲功能,手机端需要安装独立的对讲APP,可以实现手机与手机端的对讲功能,可以通过集群调度操作平台实现群呼,组呼,监听、会议、录音等调度管理功能。Further, Fig. 6 is a diagram of a cluster scheduling system architecture in a management and control communication system provided by an embodiment of the present invention; the system is mainly composed of an LTE core network, distributed small base stations, a cluster scheduling server, and a cluster scheduling operation platform. The LTE private network inside the prison mainly uses the cluster scheduling server to realize the cluster intercom function. The mobile terminal needs to install an independent intercom APP, which can realize the intercom function between the mobile phone and the mobile terminal, and can realize group calls, group calls, and monitoring through the cluster scheduling operation platform. , meeting, recording and other scheduling management functions.

集群对讲:对讲功能集成在安全模式下,狱警通过对讲功能进行内部通讯。Cluster intercom: The intercom function is integrated in the safe mode, and the prison guards communicate internally through the intercom function.

1、支持双系统智能终端的多种对讲通话方式,包括支持组呼、单呼等呼叫方式。系统可实现调度指挥功能,支持群组优先、成员优先、业务优先、话权抢占等优先级设置。支持群组成员突发状况下进行群组呼叫功能。支持高优先级组呼强制打断低优先级组呼、高优先级组呼结束后自动恢复默认组对讲;1. Support multiple intercom call methods of dual-system intelligent terminals, including support for group call, single call and other call methods. The system can realize dispatching and commanding functions, and supports priority settings such as group priority, member priority, business priority, and talk right preemption. Support group call function in case of emergency of group members. Support high-priority group calls to forcibly interrupt low-priority group calls, and automatically restore the default group intercom after the high-priority group calls end;

2、提供应急指挥调度能力,平台管理值班人员可以发起全网对讲呼叫(省局可对各监狱管理平台、基层单位只能对本监狱用户)。调度值班人员同时参与多个呼叫。可以发起、参与的呼叫包括:单呼、组呼(临时组呼、预定义组呼)等,并具有最高呼出权限。2. Provide emergency command and dispatch capabilities, platform management personnel on duty can initiate intercom calls across the network (provincial bureaus can communicate with each prison management platform, and grassroots units can only communicate with the prison users). Dispatch watch attendants on multiple calls at the same time. Calls that can be initiated and participated include: individual calls, group calls (temporary group calls, predefined group calls), etc., and have the highest outgoing authority.

通过管控操作平台,实现对白名单用户的增删处理,而且,通信管控的策略也可以通过管控操作平台进行配置,策略包括:只允许语音或短信或数据业务,允许语音和短信业务,允许语音和数据业务等,具体策略和数据保存到通信管控服务器内。各个使用单位,根据各自独立管理授权通信的“白名单”,根据需要及时增减;另外,仅被允许通信开放的运营商的手机号才能申请获得授权,其他非授权的运营商的手机号无法授权。如,白名单用户,仅仅中国移动、中国联通或中国电信的手机号才能被授权正常通信。Through the management and control operation platform, the addition and deletion of whitelist users can be realized. Moreover, the communication management and control strategy can also be configured through the management and control operation platform. The strategies include: only allow voice or SMS or data services, allow voice and SMS services, and allow voice and data Business, etc., specific policies and data are stored in the communication management and control server. Each user unit, according to the "white list" that independently manages the authorized communication, can increase or decrease in time as needed; in addition, only the mobile phone numbers of operators that are allowed to communicate openly can apply for authorization, and the mobile phone numbers of other non-authorized operators cannot authorized. For example, for whitelist users, only the mobile phone numbers of China Mobile, China Unicom or China Telecom can be authorized to communicate normally.

基于同样的发明构思,本发明实施例进一步地提供一种专网通信的实现方法流程示意图,如图7所示,具体地实现方法包括:Based on the same inventive concept, an embodiment of the present invention further provides a schematic flowchart of a method for implementing private network communication, as shown in FIG. 7 , and the specific implementation method includes:

步骤S201,移动通信专网内的管控服务器接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;Step S201, the management and control server in the mobile communication private network receives the management and control strategy sent by the management and control operation client, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal;

步骤S202,所述管控服务器向所述管控服务器控制区域内的终端发送管控策略。Step S202, the management and control server sends a management and control policy to the terminals in the control area of the management and control server.

进一步地,所述终端进入所述管控服务器的控制区域时,所述管控服务器向所述终端发送第一切换指令,所述第一切换指令用于指示所述终端工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。Further, when the terminal enters the control area of the management server, the management server sends a first switching instruction to the terminal, and the first switching instruction is used to instruct the terminal to work in a safe mode, wherein the The security mode refers to a mode in which each functional object inside the terminal can be controlled by the management and control server.

进一步地,当所述终端离开所述管控服务器的控制区域时,所述管控服务器向所述工作在安全模式的终端发送第二切换指令,其中,所述第二切换指令用于指示所述终端退出安全模式。Further, when the terminal leaves the control area of the management server, the management server sends a second switching instruction to the terminal working in safe mode, wherein the second switching instruction is used to instruct the terminal to exit safe mode.

具体地,管控服务器所适用的专网通信系统与上文一致,且专网通信的实现过程与上述方法一致,故不再赘述。Specifically, the private network communication system applicable to the management and control server is consistent with the above, and the implementation process of the private network communication is consistent with the above method, so details are not repeated here.

基于相同的技术构思,本发明实施例还提供一种终端,该终端可执行上述方法实施例。本发明实施例提供的终端如图8所示,包括:接收单元301、处理单元302,其中:Based on the same technical concept, embodiments of the present invention also provide a terminal, which can execute the above method embodiments. The terminal provided by the embodiment of the present invention is shown in FIG. 8, and includes: a receiving unit 301 and a processing unit 302, wherein:

接收单元301,用于接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限;The receiving unit 301 is configured to receive a management and control strategy issued by a management and control server in the private mobile communication network, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal;

处理单元302,用于根据所述管控策略在所述移动通信专网中进行通信。The processing unit 302 is configured to communicate in the private mobile communication network according to the management and control policy.

进一步地,所述接收单元301,还用于接收所述移动通信专网的管控服务器下发的第一切换指令;Further, the receiving unit 301 is also configured to receive a first switching instruction issued by the management and control server of the mobile communication private network;

另外,所述终端还包括:切换单元303,用于根据所述第一切换指令工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。In addition, the terminal further includes: a switching unit 303, configured to work in a safe mode according to the first switching instruction, wherein the safe mode refers to a function in which each functional object inside the terminal can be controlled by the management server. model.

进一步地,所述接收单元301,还用于接收所述管控服务器下发的第二切换指令,其中,所述第二切换指令为所述终端离开所述管控服务器的控制区域时接收到的;Further, the receiving unit 301 is further configured to receive a second switching instruction issued by the management server, wherein the second switching instruction is received when the terminal leaves the control area of the management server;

所述切换单元303,还用于根据所述第二切换指令退出安全模式。The switching unit 303 is further configured to exit the security mode according to the second switching instruction.

进一步地,所述终端还包括:确定单元304,用于确定所述终端满足所述管控策略的运行条件,其中,所述运行条件为所述终端在所述管控策略的作用时间段内位于所述管控服务器的控制区域中。Further, the terminal further includes: a determining unit 304, configured to determine that the terminal satisfies the operation condition of the management and control policy, wherein the operation condition is that the terminal is located in the In the control area of the above-mentioned management and control server.

进一步地,所述处理单元302具体用于:通过所述移动通信专网配置的专属接入点APN接入到所述移动通信专网中进行通信。Further, the processing unit 302 is specifically configured to: access the private mobile communication network through the dedicated access point APN configured on the private mobile communication network to perform communication.

基于相同的技术构思,本发明实施例还提供一种管控服务器,该管控服务器可执行上述方法实施例,该管控服务器位于移动通信专网内,如图9所示,包括:Based on the same technical concept, the embodiment of the present invention also provides a management and control server, which can execute the above method embodiment, the management and control server is located in the mobile communication private network, as shown in Figure 9, including:

接收单元401,用于接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;The receiving unit 401 is configured to receive a management and control policy sent by the management and control operation client, wherein the management and control policy is used to control the use authority of at least one functional object in the terminal;

发送单元402,用于向所述管控服务器控制区域内的终端发送管控策略。The sending unit 402 is configured to send the management policy to the terminals in the area controlled by the management server.

进一步地,所述发送单元402,还用于向所述终端发送第一切换指令,所述第一切换指令用于指示所述终端工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。Further, the sending unit 402 is also configured to send a first switching instruction to the terminal, the first switching instruction is used to instruct the terminal to work in a safe mode, where the safe mode refers to that the terminal A mode in which each internal functional object can be controlled by the management server.

进一步地,所述发送单元402,还用于向所述工作在安全模式的终端发送管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限。Further, the sending unit 402 is further configured to send a management and control policy to the terminal working in the security mode, where the management and control policy is used to control the usage authority of at least one functional object in the terminal.

综上所述,本发明实施例提供一种新型的移动通信专网,终端通过刷卡等方式进入专网覆盖的区域时,被专网的管控服务器管控,管控服务器下发管控策略到终端,控制终端的各项功能对象的使用权限,使终端在功能受限的情况下连接到专网,由于专网通信具备通道加密能力,从而完全阻断可能外泄数据的通道,可见,这一移动通信专网在保证监狱等特殊场景安全稳定的前提下,可以实现了手机等终端的正常语音通信功能,使得特殊场所内的合法手机用户在可控的条件下可以实现正常通信。To sum up, the embodiment of the present invention provides a new type of mobile communication private network. When a terminal enters the area covered by the private network by swiping a card, it is controlled by the management and control server of the private network, and the management and control server issues a management and control policy to the terminal to control The use rights of various functional objects of the terminal enable the terminal to connect to the private network with limited functions. Since the private network communication has channel encryption capabilities, it completely blocks the channel that may leak data. It can be seen that this mobile communication On the premise of ensuring the safety and stability of special scenes such as prisons, the private network can realize the normal voice communication function of terminals such as mobile phones, so that legitimate mobile phone users in special places can realize normal communication under controllable conditions.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While preferred embodiments of the invention have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (16)

1.一种专网通信的实现方法,其特征在于,该方法包括:1. A method for realizing private network communication, characterized in that the method comprises: 所述终端接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限;The terminal receives a management and control strategy issued by a management and control server in the mobile communication private network, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal; 所述终端根据所述管控策略在所述移动通信专网中进行通信。The terminal communicates in the private mobile communication network according to the management and control policy. 2.如权利要求1所述的方法,其特征在于,所述终端接收移动通信专网内的管控服务器下发的管控策略之前,还包括:2. The method according to claim 1, wherein before the terminal receives the management and control strategy issued by the management and control server in the mobile communication private network, it also includes: 所述终端接收所述移动通信专网的管控服务器下发的第一切换指令;The terminal receives a first switching instruction issued by the management and control server of the mobile communication private network; 所述终端根据所述第一切换指令工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。The terminal works in a security mode according to the first switching instruction, wherein the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server. 3.如权利要求2所述的方法,其特征在于,还包括:3. The method of claim 2, further comprising: 所述终端接收所述管控服务器下发的第二切换指令,其中,所述第二切换指令为所述终端离开所述管控服务器的控制区域时接收到的;The terminal receives a second switching instruction issued by the management server, where the second switching instruction is received when the terminal leaves the control area of the management server; 所述终端根据所述第二切换指令退出所述安全模式。The terminal exits the security mode according to the second switching instruction. 4.如权利要求1或2所述的方法,其特征在于,所述终端根据所述管控策略在所述移动通信专网中进行通信之前,还包括:4. The method according to claim 1 or 2, wherein the terminal further comprises: 所述终端确定满足所述管控策略的运行条件,其中,所述运行条件为所述终端在所述管控策略的作用时间段内位于所述管控服务器的控制区域中。The terminal determines that the operation condition of the management and control policy is satisfied, wherein the operation condition is that the terminal is located in the control area of the management and control server within the effective time period of the management and control policy. 5.如权利要求1所述的方法,其特征在于,所述终端根据所述管控策略在所述移动通信专网中进行通信,包括:5. The method according to claim 1, wherein the terminal communicates in the mobile communication private network according to the management and control strategy, comprising: 所述终端通过所述移动通信专网配置的专属接入点APN接入到所述移动通信专网中进行通信。The terminal accesses the private mobile communication network through the dedicated access point APN configured by the private mobile communication network for communication. 6.一种专网通信的实现方法,其特征在于,该方法包括:6. A method for implementing private network communication, characterized in that the method comprises: 移动通信专网内的管控服务器接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;The management and control server in the mobile communication private network receives the management and control strategy sent by the management and control operation client, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal; 所述管控服务器向所述管控服务器控制区域内的终端发送管控策略。The management and control server sends the management and control policy to the terminals in the area controlled by the management and control server. 7.如权利要求6所述的方法,其特征在于,还包括:7. The method of claim 6, further comprising: 所述管控服务器向所述终端发送第一切换指令,所述第一切换指令用于指示所述终端工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。The management and control server sends a first switching instruction to the terminal, the first switching instruction is used to instruct the terminal to work in a safe mode, where the safe mode means that each functional object inside the terminal can be controlled by Describes the mode of control of the management server. 8.如权利要求6所述的方法,其特征在于,还包括:8. The method of claim 6, further comprising: 所述管控服务器向所述工作在安全模式的终端发送第二切换指令,其中,所述第二切换指令用于指示所述终端退出安全模式,且所述第二切换指令为所述终端离开所述管控服务器的控制区域时接收到的。The management and control server sends a second switching instruction to the terminal working in the security mode, wherein the second switching instruction is used to instruct the terminal to exit the security mode, and the second switching instruction is for the terminal to leave the Received when the control area of the control server is described. 9.一种终端,其特征在于,该终端包括:9. A terminal, characterized in that the terminal comprises: 接收单元,用于接收移动通信专网内的管控服务器下发的管控策略,其中,所述管控策略用于控制所述终端中至少一个功能对象的使用权限;The receiving unit is configured to receive a management and control strategy issued by a management and control server in the mobile communication private network, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal; 处理单元,用于根据所述管控策略在所述移动通信专网中进行通信。A processing unit, configured to communicate in the private mobile communication network according to the management and control policy. 10.如权利要求9所述的终端,其特征在于,所述接收单元,还用于接收所述移动通信专网的管控服务器下发的第一切换指令;10. The terminal according to claim 9, wherein the receiving unit is further configured to receive a first switching instruction issued by the management and control server of the mobile communication private network; 所述终端还包括:The terminal also includes: 切换单元,用于根据所述第一切换指令工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。The switching unit is configured to work in a safe mode according to the first switching instruction, wherein the safe mode refers to a mode in which each functional object inside the terminal can be controlled by the management server. 11.如权利要求10所述的终端,其特征在于,所述接收单元,还用于接收所述管控服务器下发的第二切换指令,其中,所述第二切换指令为所述终端离开所述管控服务器的控制区域时接收到的;11. The terminal according to claim 10, wherein the receiving unit is further configured to receive a second switching instruction issued by the management server, wherein the second switching instruction is when the terminal leaves the Received when the control area of the control server is described; 所述切换单元,还用于根据所述第二切换指令退出安全模式。The switching unit is further configured to exit the security mode according to the second switching instruction. 12.如权利要求9或10所述的终端,其特征在于,还包括:12. The terminal according to claim 9 or 10, further comprising: 确定单元,用于确定满足所述管控策略的运行条件,其中,所述运行条件为所述终端在所述管控策略的作用时间段内位于所述管控服务器的控制区域中。The determining unit is configured to determine that the operation condition of the management and control policy is satisfied, wherein the operation condition is that the terminal is located in the control area of the management and control server within the effective time period of the management and control policy. 13.如权利要求9所述的终端,其特征在于,所述处理单元具体用于:13. The terminal according to claim 9, wherein the processing unit is specifically configured to: 通过所述移动通信专网配置的专属接入点APN接入到所述移动通信专网中进行通信。The dedicated access point APN configured through the mobile communication private network is connected to the mobile communication private network for communication. 14.一种管控服务器,其特征在于,该管控服务器位于移动通信专网内,包括:14. A management and control server, characterized in that the management and control server is located in a mobile communication private network, comprising: 接收单元,用于接收管控操作客户端发送的管控策略,其中,所述管控策略用于控制终端中至少一个功能对象的使用权限;A receiving unit, configured to receive a management and control strategy sent by the management and control operation client, wherein the management and control strategy is used to control the use authority of at least one functional object in the terminal; 发送单元,用于向所述管控服务器控制区域内的终端发送管控策略。A sending unit, configured to send the management and control policy to the terminals in the area controlled by the management and control server. 15.如权利要求14所述的管控服务器,其特征在于,所述发送单元,还用于:向所述终端发送第一切换指令,所述第一切换指令用于指示所述终端工作在安全模式,其中,所述安全模式是指所述终端内部的各个功能对象能够被所述管控服务器控制的模式。15. The management and control server according to claim 14, wherein the sending unit is further configured to: send a first switching instruction to the terminal, the first switching instruction is used to instruct the terminal to work in a safe mode, wherein the security mode refers to a mode in which each functional object inside the terminal can be controlled by the management server. 16.如权利要求15所述的管控服务器,其特征在于,所述发送单元还用于:向所述终端发送第二切换指令,其中,所述第二切换指令用于指示所述终端退出安全模式,且所述第二切换指令为所述终端离开所述管控服务器的控制区域时接收到的。16. The management server according to claim 15, wherein the sending unit is further configured to: send a second switching instruction to the terminal, wherein the second switching instruction is used to instruct the terminal to exit the security mode, and the second switching instruction is received when the terminal leaves the control area of the management server.
CN201710440050.5A 2017-06-12 2017-06-12 A method and device for realizing private network communication Pending CN107172066A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710440050.5A CN107172066A (en) 2017-06-12 2017-06-12 A method and device for realizing private network communication
PCT/CN2017/118702 WO2018227929A1 (en) 2017-06-12 2017-12-26 Method and device for implementing private network communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710440050.5A CN107172066A (en) 2017-06-12 2017-06-12 A method and device for realizing private network communication

Publications (1)

Publication Number Publication Date
CN107172066A true CN107172066A (en) 2017-09-15

Family

ID=59825339

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710440050.5A Pending CN107172066A (en) 2017-06-12 2017-06-12 A method and device for realizing private network communication

Country Status (2)

Country Link
CN (1) CN107172066A (en)
WO (1) WO2018227929A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018227929A1 (en) * 2017-06-12 2018-12-20 京信通信系统(中国)有限公司 Method and device for implementing private network communication
CN109699026A (en) * 2017-10-23 2019-04-30 大唐移动通信设备有限公司 A kind of the communication management-control method and device of base station
CN110266878A (en) * 2019-05-24 2019-09-20 北京指掌易科技有限公司 A method of it realizes using ordinary terminal as work special-purpose terminal
CN110708694A (en) * 2019-10-15 2020-01-17 武汉诚迈科技有限公司 Method, system, storage medium and electronic device for realizing simultaneous online public and private networks
CN110839268A (en) * 2019-10-12 2020-02-25 国网浙江省电力有限公司杭州供电公司 WIFI control method based on wireless private network
CN111767971A (en) * 2020-06-30 2020-10-13 深圳市筑泰防务智能科技有限公司 Terminal control method and device based on electronic tag, terminal and readable storage medium
CN111885608A (en) * 2020-06-16 2020-11-03 中国人民解放军战略支援部队信息工程大学 Mobile terminal management and control system and method based on air interface
CN112203305A (en) * 2020-09-30 2021-01-08 中国联合网络通信集团有限公司 Mobile terminal management method, terminal management platform, management network element and mobile terminal
CN112351465A (en) * 2019-08-08 2021-02-09 成都鼎桥通信技术有限公司 Network mode switching method and device
CN112579388A (en) * 2019-09-30 2021-03-30 奇安信科技集团股份有限公司 Mobile terminal control method and device
CN113422772A (en) * 2021-06-22 2021-09-21 中国联合网络通信集团有限公司 Private network terminal access processing method and device and electronic equipment
CN115361699A (en) * 2022-08-30 2022-11-18 青岛海信移动通信技术股份有限公司 Traffic early warning method, traffic early warning device, terminal equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242444A (en) * 2006-09-01 2008-08-13 捷讯研究有限公司 Disabling operation of features on a handheld mobile communication device based upon location
CN101873571A (en) * 2010-06-24 2010-10-27 华为终端有限公司 Terminal state control method and terminal
CN104581719A (en) * 2013-10-21 2015-04-29 沈阳讯网网络科技有限公司 Method and system for conducting communication authority management on mobile terminal
US20150350090A1 (en) * 2014-05-29 2015-12-03 Tait Limited Policy implementation over lmr and ip networks

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107172066A (en) * 2017-06-12 2017-09-15 天津京信通信系统有限公司 A method and device for realizing private network communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242444A (en) * 2006-09-01 2008-08-13 捷讯研究有限公司 Disabling operation of features on a handheld mobile communication device based upon location
CN101873571A (en) * 2010-06-24 2010-10-27 华为终端有限公司 Terminal state control method and terminal
CN104581719A (en) * 2013-10-21 2015-04-29 沈阳讯网网络科技有限公司 Method and system for conducting communication authority management on mobile terminal
US20150350090A1 (en) * 2014-05-29 2015-12-03 Tait Limited Policy implementation over lmr and ip networks

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018227929A1 (en) * 2017-06-12 2018-12-20 京信通信系统(中国)有限公司 Method and device for implementing private network communication
CN109699026A (en) * 2017-10-23 2019-04-30 大唐移动通信设备有限公司 A kind of the communication management-control method and device of base station
CN109699026B (en) * 2017-10-23 2021-03-19 大唐移动通信设备有限公司 Communication management and control method and device for base station
CN110266878A (en) * 2019-05-24 2019-09-20 北京指掌易科技有限公司 A method of it realizes using ordinary terminal as work special-purpose terminal
CN112351465A (en) * 2019-08-08 2021-02-09 成都鼎桥通信技术有限公司 Network mode switching method and device
CN112351465B (en) * 2019-08-08 2023-01-31 成都鼎桥通信技术有限公司 Network mode switching method and device
CN112579388A (en) * 2019-09-30 2021-03-30 奇安信科技集团股份有限公司 Mobile terminal control method and device
CN110839268A (en) * 2019-10-12 2020-02-25 国网浙江省电力有限公司杭州供电公司 WIFI control method based on wireless private network
CN110839268B (en) * 2019-10-12 2021-11-09 国网浙江省电力有限公司杭州供电公司 Wireless private network-based WIFI control method
CN110708694A (en) * 2019-10-15 2020-01-17 武汉诚迈科技有限公司 Method, system, storage medium and electronic device for realizing simultaneous online public and private networks
CN111885608A (en) * 2020-06-16 2020-11-03 中国人民解放军战略支援部队信息工程大学 Mobile terminal management and control system and method based on air interface
CN111767971A (en) * 2020-06-30 2020-10-13 深圳市筑泰防务智能科技有限公司 Terminal control method and device based on electronic tag, terminal and readable storage medium
CN112203305A (en) * 2020-09-30 2021-01-08 中国联合网络通信集团有限公司 Mobile terminal management method, terminal management platform, management network element and mobile terminal
CN113422772A (en) * 2021-06-22 2021-09-21 中国联合网络通信集团有限公司 Private network terminal access processing method and device and electronic equipment
CN113422772B (en) * 2021-06-22 2023-05-30 中国联合网络通信集团有限公司 Private network terminal access processing method, device and electronic equipment
CN115361699A (en) * 2022-08-30 2022-11-18 青岛海信移动通信技术股份有限公司 Traffic early warning method, traffic early warning device, terminal equipment and medium

Also Published As

Publication number Publication date
WO2018227929A1 (en) 2018-12-20

Similar Documents

Publication Publication Date Title
CN107172066A (en) A method and device for realizing private network communication
CN107332639B (en) Method and system for realizing private network communication
US9608875B2 (en) Individually unique key performance indicator management
CN105430143B (en) Communication processor, VoLTE realization method, mobile terminal and data card
CN100407819C (en) Method for monitoring cluster business processing and cluster communication system
CN107342838B (en) Method and system for realizing private network communication
CN102724203A (en) Internet protocol (IP) call dialing method for intelligent terminal
EP2175606A1 (en) A method, an exchange and a device for conversation handover between the terminals
US20140179278A1 (en) Systems and methods of voice call setup involving mobile devices
CN107124706B (en) Method, device and system for switching calls among mobile phones
CN106604250B (en) A realization method of TD-LTE trunking system preempting priority call
WO2013151252A1 (en) Method and device for using multiple heterogeneous networks while changing conditions of use for wireless communications network
CN103139718B (en) The method of a kind of PoC time delay optimization process and device
CN101242610A (en) A method and mobile terminal for blocking incoming call
CN108737669A (en) A kind of method flexibly conversed, system and terminal
CN100479542C (en) A method for voice monitoring in the cluster communication system
US10602412B2 (en) Management of voice conversations with switching among different communication techniques
CN103379455B (en) A short message filtering method, base station and system
TW201618528A (en) Telephone conference system and method
WO2006039851A1 (en) Method and system of implementing call authority based on intellectual mobile network
EP2136527A1 (en) A method and a server for enabling a multimode communication unit to benefit from the services of a local area network when said unit is roaming in a wide area network
CN102625270B (en) Method and system capable of achieving one-phone multi-number function based on client software mode
CN205039896U (en) Terminal and phone system
CA2808578C (en) Systems and methods of voice call setup involving mobile devices
CN103067589B (en) Hang-up conversation reminding method and conversation terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170915