KR20190132168A - Method and apparatus on access control mechanism for restricted local operator services - Google Patents

Abstract

The present disclosure relates to a communication technique for fusing a 5G communication system with IoT technology to support a higher data transmission rate than that of a 4G system and a system thereof. The present disclosure can be applied to an intelligent service (for example, smart home, a smart building, a smart city, a smart car or a connected car, healthcare, digital education, retail business, security and safety related services, etc.) based on a 5G communication system and IoT-related technology. According to the present invention, disclosed are a method and an apparatus for controlling a connection of a terminal in a network for providing a restricted local operator service (RLOS).

Description

METHOD AND APPARATUS ON ACCESS CONTROL MECHANISM FOR RESTRICTED LOCAL OPERATOR SERVICES}

The present invention relates to a method and apparatus for controlling access of a terminal in a network for providing a restricted service of an operator (RLOS).

In order to meet the increasing demand for wireless data traffic since the commercialization of 4G communication systems, efforts are being made to develop improved 5G communication systems or pre-5G communication systems. For this reason, a 5G communication system or a pre-5G communication system is called a system after a 4G network (Beyond 4G Network) or a system after an LTE system (Post LTE). In order to achieve high data rates, 5G communication systems are being considered for implementation in the ultra-high frequency (mmWave) band (eg, such as the 60 Gigabit (60 GHz) band). In 5G communication system, beamforming, massive array multiple input / output (Full-Dimensional MIMO), and full dimensional multiple input / output (FD-MIMO) are used in 5G communication systems to increase path loss mitigation and propagation distance of radio waves in the ultra-high frequency band. Array antenna, analog beam-forming, and large scale antenna techniques are discussed. In addition, in order to improve the network of the system, in the 5G communication system, an advanced small cell, an advanced small cell, a cloud radio access network (cloud RAN), an ultra-dense network ), Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), and interference cancellation Technology development, etc. In addition, in 5G systems, Hybrid FSK and QAM Modulation (FQAM) and Slide Window Superposition Coding (SWSC), Advanced Coding Modulation (ACM), and FBMC (Filter Bank Multi Carrier) and NOMA are advanced access technologies. (non orthogonal multiple access), and sparse code multiple access (SCMA) are being developed.

Meanwhile, the Internet is evolving from a human-centered connection network where humans create and consume information, and an Internet of Things (IoT) network that exchanges and processes information among distributed components such as things. The Internet of Everything (IoE) technology, which combines big data processing technology through connection with cloud servers and the like, is emerging. In order to implement the IoT, technical elements such as sensing technology, wired / wireless communication and network infrastructure, service interface technology, and security technology are required, and recently, a sensor network for connection between things, a machine to machine , M2M), Machine Type Communication (MTC), etc. are being studied. In an IoT environment, intelligent Internet technology (IT) services can be provided that collect and analyze data generated from connected objects to create new value in human life. IoT is a field of smart home, smart building, smart city, smart car or connected car, smart grid, health care, smart home appliances, advanced medical services, etc. through convergence and complex of existing information technology (IT) technology and various industries. It can be applied to.

Accordingly, various attempts have been made to apply the 5G communication system to the IoT network. For example, technologies such as sensor network, machine to machine (M2M), machine type communication (MTC), and the like, are implemented by techniques such as beamforming, MIMO, and array antennas. It is. Application of cloud radio access network (cloud RAN) as the big data processing technology described above may be an example of convergence of 5G technology and IoT technology.

Meanwhile, in order to provision a SIM profile to a terminal without a Subscriber Identification Module (SIM) profile, such as an open market-oriented terminal equipped with an embedded Subscriber Identification Module (eSIM), a terminal without a SIM profile is allowed to access a cellular network. There is a discussion of ways to enable limited services. In this case, the terminal accessing the network may receive a service provided by the operator, such as SIM provisioning or IMS voice call, through a limited service provider (RLOS).

At this time, if a terminal attempting to access a limited service continuously accesses the network, there is a burden on the processing capacity of the network, so that the terminal continuously prevents unauthorized access to the network for excessively limited service. I need a solution.

An object of the present invention is to provide a limited service provider (RLOS: Restricted Local Operator Services) by allowing a wireless network to be authenticated to a terminal without a SIM profile, such as an open market-oriented terminal equipped with an eSIM. It is to provide a method for preventing a terminal attempting to access a network for limited service continuously and excessively unauthorized access to the network.

The present invention for solving the above problems is a control signal processing method in a wireless communication system, comprising the steps of: receiving a first control signal transmitted from a base station; Processing the received first control signal; And transmitting a second control signal generated based on the processing to the base station.

According to an embodiment of the present invention, by controlling the access to the terminal connected to the network without authentication for a limited service by preventing the terminal from continuously excessively unauthorized network access, the connection of the cellular network It has the effect of reducing the waste of resources and efficiently managing the resources of the network.

1 is a diagram illustrating the structure of an EPS-based cellular network for servicing an unauthorized terminal.
FIG. 2 is a diagram illustrating a structure of a 5GS-based cellular network for serving an unauthorized terminal.
3 is a diagram illustrating a process of restricting access when an unauthorized terminal is excessively connected in an EPS system.
4 is a diagram illustrating a process of restricting access when an unauthorized terminal is excessively connected in a 5G system.
5 is a block diagram showing the structure of a terminal according to an embodiment of the present invention.
6 is a block diagram illustrating a structure of a base station according to an embodiment of the present invention.
7 is a block diagram illustrating a structure of an MME according to an embodiment of the present invention.
8 is a block diagram showing the structure of an AMF according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with the accompanying drawings. In addition, in describing the present invention, when it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, and may be changed according to intentions or customs of users or operators. Therefore, the definition should be made based on the contents throughout the specification.

Advantages and features of the present invention, and methods for achieving them will be apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various forms, and only the embodiments of the present invention make the disclosure of the present invention complete and the general knowledge in the technical field to which the present invention belongs. It is provided to fully convey the scope of the invention to those skilled in the art, and the present invention is defined only by the scope of the claims. Like reference numerals refer to like elements throughout.

FIG. 1 is a diagram illustrating a structure of an EPS-based cellular network for serving an unauthorized terminal, and FIG. 2 is a diagram illustrating a structure of a 5GS-based cellular network for serving an unauthorized terminal.

UE (UE) has a Restricted Local Operator's services (RLOS) service function to select and access a network providing RLOS services. When the UE accesses the Packet Core Network and secures connectivity without going through an authentication process, the UE may receive an RLOS service provided by an operator.

 The packet core network to which the terminal accesses to secure connectivity is a cellular network providing data communication, and may be, for example, an EPS (Evolved Packet System) or 5GS network providing LTE network service. There is an MM functional entity that is responsible for mobility management of the terminal and an SM functional entity that is responsible for session management, and signaling messages are processed through this. In the case of EPS, the MME (Mobility Management Entity) is an SM functional entity and an SM functional as shown in FIG. It plays the role of an entity.

The MME selects a GW (Gateway) for serving the RLOS in the case of the UE accessing the RLOS, and the UE may access an AS (Application Server) through a limited connectivity service through the GW. For example, the AS may be a proxy-call session control function (P-CSCF) for a captive portal or an IMS service.

As shown in FIG. 2, in the case of 5GS, an Access and Mobility Management Function (AMF) plays a role of an MM functional entity and an SMF and an SM functional entity. GW corresponds to UPF. The PCRF (Policy and Charging Rules Function) corresponds to the Policy Control Function (PCF). Therefore, the embodiments mentioned in the present invention specify that not only EPS network but also 5GS can be applied.

3 illustrates a process of restricting access when an unauthorized terminal is excessively connected in an EPS system according to an exemplary embodiment of the present invention.

When the RLOS service is available, the base station 1c-200 broadcasts information indicating RLOS support in a System Information Block (SIB) message (1c-001). Upon receiving the SIB message, the terminal 1c-100 selects an appropriate PLMN from among available PLMNs (Public Land Mobile Networks) supporting the searched RLOS when the RLOS service is needed (1c-002).

The UE sends a attach request to the MME 1c-300 with the selected PLMN and requests a network connection, and informs that the attach type is for RLOS (1c-003). For example, you can use attach type = 'RLOS'. In this case, the attach request message may include an identity of the terminal, for example, an International Mobile Station Equipment Identity (IMEI). The UE may piggyback and send a PDN connectivity request to the Attach request message.

The MME determines whether the RLOS service is available for the UE that sent the attach request. (1c-004)

The MME determines that the RLOS service is not available due to system problems when the network is difficult to access temporarily, such as a congestion or temporary error.

On the other hand, the MME determines whether the RLOS service for each terminal is possible according to the previous access record for the terminal sending the attach request.

That is, the MME maintains the black list or the white list based on the IMEI of the terminal, and determines that the RLOS service is impossible when the terminal of the terminal sending the attach request is in the black list or the IMEI of the terminal is not in the white list. .

For example, the black list may be maintained as follows. When the terminal corresponding to the received IMEI accesses the RLOS service, the MME increments a counter by 1 and records the number of times the terminal accesses the RLOS service within a predetermined time. At this time, if the service provider attempts to access the service within a predetermined number of times, the corresponding IMEI is included in the black list. Accordingly, the MME rejects the attach request. Of course, the IMEI that was included in the black list is deleted over time.

The white list can be maintained as follows. The operator manages the IMEI information of UEs that are allowed to attach for RLOS in a white list. On the other hand, when the terminal corresponding to the IMEI in the white list is connected to receive the RLOS service, the counter is incremented by 1 and the number of times the terminal accesses to receive the RLOS service can be recorded within a predetermined time. In this case, when attempting access within a predetermined time more than a predetermined number of times, the IMEI of the terminal may be excluded from the white list for a predetermined time. Of course, IMEI, which has been excluded over time, will be included in the white list.

The black list and white list of the IMEI managed by the MME are shared with other MMEs in the MME pool or are shared between MMEs of the corresponding PLMN.

 Alternatively, another method for maintaining a black list and a white list for IMEI is when the terminal is connected to the network more than a certain threshold based on the ratio of the time that the terminal is connected to the network for the RLOS within a certain reference time. You can also include the IMEI in the black list or exclude it from the white list.

When the MME determines that the UE's RLOS service is not available, if it rejects the attach request, the MME sends an Attach reject message to the UE, and includes a reject cause informing that the attach reject message is not allowed to access the RLOS service. Can be. For example, reject cause = “RLOS is not allowed” to simply indicate that access is not allowed, or reject cause = “RLOS by classifying rejection due to system problems and connection rejection due to excessive connection of the terminal. Different reject causes may be included, such as "is not allowed due to congestion or temporary error" and reject cause = "RLOS is not allowed due to abusive use".

Along with the attach reject message, an RLOS Back Off timer value may be transmitted to the UE as information on how long the UE will not be allowed to access the RLOS service (1c-005).

For example, depending on the reject cause, the RLOS back off timer value indicates the time until the congestion or temporary error situation of the system is expected to be terminated or when it is not determined as an excessive attach attempt for the RLOS service of the terminal. This indicates the time until the IMEI is deleted from the black list of the IMEI, or the estimated time until the IMEI is included in the white list of the IMEI.

The UE does not perform an attach request for the RLOS on the same PLMN until the RLOS Back Off timer expires.

If the RLOS Back Off timer value is not delivered to the UE separately through an attach reject message, the UE may follow the RLOS back off timer value set to a default value according to the reject cause.

The UE may manage a forbidden RLOS PLMN list in order not to attempt attach for the RLOS to the PLMN during the RLOS back off time.

When the forbidden RLOS PLMN list receives a reject message for the attachment to the RLOS, the forbidden RLOS PLMN list registers the PLMN that received the attach reject in the forbidden RLOS PLMN list and maintains the RLOS back off timer until the value ends. Also, for PLMNs with reject cause = “RLOS is not allowed”, register in the forbidden RLOS PLMN list, or for PLMNs with reject cause = “RLOS is not allowed due to congestion or temporary error”. Only PLMNs that have been registered or received reject cause = “RLOS is not allowed due to abusive use” can be registered in the forbidden RLOS PLMN list.

Although the UE detects the PLMN included in the forbidden RLOS PLMN list as a PLMN capable of RLOS service, when the UE informs the user of the list of valid PLMNs, the UE excludes it from the list or includes the RLOS service in the list of valid PLMNs. Even though it may include an indication that the PLMN is not available at this time.

On the other hand, when the terminal attempts to PLMN selection or attach to receive the normal service, the forbidden RLOS PLMN list is ignored, even if the RLOS Back Off timer has not expired for the selected PLMN, the terminal is the RLOS Back Off timer Ignore this and perform attach process for normal service.

4 illustrates a process of restricting access when an unauthorized terminal is excessively connected in a 5G system according to an exemplary embodiment of the present invention.

When the RLOS service is available, the base station 1d-200 broadcasts information indicating RLOS support in the SIB message (1d-001). Upon receiving the SIB message, the terminal 1d-100 selects a suitable PLMN from among available PLMNs supporting the searched RLOS when the RLOS service is needed (1d-002).

The UE sends a registration request to the AMF 1d-300 with the selected PLMN, requesting network access, and informs that the registration type is for RLOS (1d-003). For example, you can use registration type = 'RLOS'. In this case, the registration request message may include, for example, a PEI (Permanent Equipment Identifier).

The AMF determines whether the RLOS service is available for the terminal that sent the registration request. (1d-004)

AMF judges that RLOS service is impossible due to system problem when network access is temporarily difficult due to congestion or temporary error.

Meanwhile, the AMF determines whether the RLOS service for each terminal is possible according to the previous access record for the terminal that has sent the registration request.

That is, the AMF maintains the black list or the white list based on the PEI of the terminal, and determines that the RLOS service is impossible when the PEI of the terminal sending the registration request is in the black list or the PEI of the terminal is not in the white list. .

For example, the black list may be maintained as follows. The AMF increments the counter by one when the UE corresponding to the received PEI accesses the RLOS service and records the number of times the UE accesses the RLOS service within a predetermined time. At this time, if the service provider attempts to access the service within a predetermined number of times, the corresponding PEI is included in the black list. Accordingly, the AMF rejects the registration request. Of course, the PEI that was included in the black list is deleted over time.

The white list can be maintained as follows. The operator manages the PEI information of the UE, which allows registration for RLOS in advance, in a white list. On the other hand, when the terminal corresponding to the PEI in the white list is connected to receive the RLOS service, the counter is incremented by 1 and the number of times the terminal accesses to receive the RLOS service can be recorded within a predetermined time. At this time, when attempting access within a predetermined time more than a predetermined number of times, the PEI of the terminal may be excluded from the white list for a predetermined time. Of course, over time, any PEIs that have been excluded will be included in the white list.

The black list and white list for the PEI managed by the AMF are shared with other AMFs in the AMF set, or between AMFs of the corresponding PLMN.

 Alternatively, another method for maintaining a black list and a white list for the PEI is that the terminal is connected to the network excessively above a certain threshold based on the percentage of time that the terminal is connected to the network for the RLOS within a certain reference time. PEIs can be included in the black list or excluded from the white list.

If the AMF determines that the terminal's RLOS service is not available and rejects the registration request, the AMF sends a registration reject message to the terminal, and includes a reject cause informing that the registration reject message is not allowed to access the RLOS service. Can be. For example, reject cause = “RLOS is not allowed” to simply indicate that access is not allowed, or reject cause = “RLOS by classifying rejection due to system problems and connection rejection due to excessive connection of the terminal. Different reject causes may be included, such as "is not allowed due to congestion or temporary error" and reject cause = "RLOS is not allowed due to abusive use".

Along with the registration reject message, the RLOS back off timer value may be transmitted to the UE as information on how long the UE will not be allowed to access the RLOS service (1d-005).

For example, depending on the reject cause, the RLOS back off timer value indicates the time until the congestion or temporary error condition of the system is expected to be terminated, or when it is not determined as an excessive registration attempt for the RLOS service of the terminal. This indicates the time until the PEI of the UE is deleted from the black list of the PEI or the expected time until the PEI of the UE is included in the white list of the PEI.

The UE does not perform a registration request for the RLOS for the same PLMN until the RLOS Back Off timer expires.

If the RLOS Back Off timer value is not transmitted to the UE separately through a registration reject message, the UE may follow the RLOS back off timer value set to a default value according to the reject cause.

The UE may manage a forbidden RLOS PLMN list in order not to attempt registration for the RLOS in the PLMN during the RLOS back off time.

When the forbidden RLOS PLMN list receives a reject message for the registration for the RLOS, the forbidden RLOS PLMN list registers the PLMN that has received the registration rejection in the forbidden RLOS PLMN list and maintains the RLOS back off timer until the value ends. Also, for PLMNs with reject cause = “RLOS is not allowed”, register in the forbidden RLOS PLMN list, or for PLMNs with reject cause = “RLOS is not allowed due to congestion or temporary error”. Only PLMNs that have been registered or received reject cause = “RLOS is not allowed due to abusive use” can be registered in the forbidden RLOS PLMN list.

Although the UE detects the PLMN included in the forbidden RLOS PLMN list as a PLMN capable of RLOS service, when the UE informs the user of the list of valid PLMNs, the UE excludes it from the list or includes the RLOS service in the list of valid PLMNs. Even though it may include an indication that the PLMN is not available at this time.

On the other hand, when the terminal attempts to PLMN selection or attach to receive the normal service, the forbidden RLOS PLMN list is ignored, even if the RLOS Back Off timer has not expired for the selected PLMN, the terminal is the RLOS Back Off timer Ignore this and perform attach process for normal service.

5 is a diagram illustrating a structure of a terminal according to an embodiment of the present invention.

Referring to FIG. 5, the terminal may include a transceiver 510, a terminal controller 520, and a storage 530. In the present invention, the terminal controller 520 may be defined as a circuit or an application specific integrated circuit or at least one processor.

The transceiver 510 may transmit / receive a signal with another network entity. The transceiver 510 may receive, for example, an SIB from a base station according to an embodiment of the present invention, and may transmit an attach request to an MME.

The terminal controller 520 can control the overall operation of the terminal according to the embodiment proposed by the present invention. For example, the terminal controller 520 may control the signal flow between blocks to perform the operation according to the above-described drawings and flowcharts. In detail, the terminal controller may determine whether an RLOS service is required based on the SIB message, and select a PLMN supporting RLOS.

The storage unit 530 may store at least one of information transmitted and received through the transceiver 510 and information generated through the terminal controller 520.

6 is a diagram illustrating a structure of a base station according to an embodiment of the present invention.

Referring to FIG. 6, the base station may include a transceiver 610, a base station controller 620, and a storage 630. In the present invention, the base station controller 620 may be defined as a circuit or application specific integrated circuit or at least one processor.

The transceiver 610 may transmit and receive a signal with another network entity. The transceiver 610 may broadcast the SIB, for example.

The base station controller 620 may control the overall operation of the base station according to the embodiment proposed by the present invention. For example, when the RLOS service is available, the base station controller 620 may control the transceiver 610 to broadcast information indicating RLOS support in the SIB.

The storage unit 630 may store at least one of information transmitted and received through the transceiver 610 and information generated by the base station controller 620.

7 is a diagram illustrating a structure of an MME according to an embodiment of the present invention.

Referring to FIG. 7, the MME may include a transceiver 710, an MME controller 720, and a storage 730. In the present invention, the MME controller 720 may be defined as a circuit or application specific integrated circuit or at least one processor.

The transceiver 710 may transmit and receive signals with other network entities. The transceiver 710 may receive, for example, an attach request transmitted from the terminal or transmit a response (for example, attach reject) to the terminal.

The MME controller 720 may control the overall operation of the MME according to the embodiment proposed by the present invention. For example, the MME control unit 720 may determine whether the RLOS service is available for the terminal sending the attach request.

The storage unit 730 may store at least one of information transmitted and received through the transceiver 710 and information generated through the MME controller 720.

8 is a diagram illustrating the structure of an AMF according to an embodiment of the present invention.

Referring to FIG. 8, the AMF may include a transceiver 810, an AMF controller 820, and a storage 830. In the present invention, the AMF control unit 820 may be defined as a circuit or application specific integrated circuit or at least one processor.

The transceiver 810 may transmit and receive a signal with another network entity. For example, the transceiver 810 may receive a registration request transmitted from the terminal or transmit a response (for example, a registration reject) to the terminal.

The AMF control unit 820 may control the overall operation of the AMF according to the embodiment proposed by the present invention. For example, the AMF controller 820 may determine whether the RLOS service is available for the terminal that sent the registration request.

The storage unit 830 may store at least one of information transmitted and received through the transceiver 810 and information generated through the AMF controller 820.

The embodiments disclosed in the specification and the drawings above are merely presented specific examples to easily explain the contents of the present invention and help understanding thereof, and are not intended to limit the scope of the present invention. Therefore, the scope of the present invention should be construed that all changes or modifications derived based on the technical spirit of the present invention are included in the scope of the present invention in addition to the embodiments disclosed herein.

Claims (1)

In the control signal processing method in a wireless communication system,
Receiving a first control signal transmitted from a base station;
Processing the received first control signal; And
And transmitting a second control signal generated based on the processing to the base station.

Images