WO2018228517A1

WO2018228517A1 - Method for controlling access, network device, and terminal device

Info

Publication number: WO2018228517A1
Application number: PCT/CN2018/091436
Authority: WO
Inventors: 娄崇; 毕皓; 韩锋; 晋英豪
Original assignee: 华为技术有限公司
Priority date: 2017-06-16
Filing date: 2018-06-15
Publication date: 2018-12-20
Also published as: CN109151950B; CN109151950A

Abstract

Disclosed in an embodiment of the present application is a method for controlling access, which is used for reducing the complexity of controlling network slice access. The method of the embodiment of the present application comprises: a first network device sending a first message to a terminal device, the first message comprising a first mapping rule, and the first mapping rule comprising the information of at least one network slice of a radio access network; and the first network device sending access control information to the terminal device. Further provided in the embodiments of the present application are a network device and a terminal device.

Description

Access control method, network device and terminal device

This application claims the priority of the Chinese patent application filed on June 16, 2017, the Chinese Patent Office, the application number is 201710459461.9, and the invention is entitled "A method of access control, network equipment and terminal equipment". The citations are incorporated herein by reference.

Technical field

The present application relates to the field of communications, and in particular, to a method for access control, a network device, and a terminal device.

Background technique

In order to cope with various user cases that are emerging or imminent, different user use cases have significant differences in network performance requirements. The fifth generation mobile communication system (5G), such as new radio (NR) A significant feature is the proposed network architecture for network slices (NS). Software defined network (SDN) and network function virtualization (NFV) technology are the core technologies of the network slicing architecture. NFV technology can realize the virtualization of the underlying physical resources and load the virtual network function (network function). , NF) to a common platform, such as a virtual machine, SDN technology to achieve a logical connection between virtual machines, to build a path to carry signaling and data flow. The end-to-end service chain is configured through a dynamic connection between the radio access network (RAN) and the NF of the core network (CN) to construct a network slice. Operators can form a specific set of network functions and the network resources needed to run these network functions according to the requirements of key performance indicators (KPIs) such as capacity, coverage, rate, delay, and reliability for each specific business use case. In order to provide the required telecommunications services and network capability services to meet specific market scenarios and needs.

As shown in FIG. 1, a schematic diagram of supporting multiple network slices for 3GPP. The third generation partnership project (3GPP) divides the main types of 5G network slicing into the following three categories: enhanced mobile broadband (eMBB), massive machine type connection service (massive) Machine type communication (mMTC) and ultra-reliable and low latency communications (URLLC). Among them, eMBB is mainly for terminals with high demand for speed and mobility, such as mobile phones and multimedia devices. mMTC is mainly for IoT devices, with large-scale, low mobility and low speed requirements. URLLC mainly refers to the types of services and equipment that have strict requirements on delay and reliability, such as car networking and security information. For example, a mobile phone user can access an eMBB type network slice for high-speed download or watch 4K high-definition video, and the sensor device can access the mMTC network slice for small data packet transmission and system configuration update. User equipment can simultaneously access one or more or all network slices to meet business needs and achieve a better user experience.

If the current network is congested, the access control or user service (UE) access connection or service request can be restricted by access control, thereby managing network load and alleviating network congestion. Long Term Evolution The LTE system adopts the Access Barring Check (ABC) method. The current access control scheme has problems such as complex access control, poor compatibility, and relatively large system overhead.

Summary of the invention

The embodiment of the present application provides a method for access control, a network device, and a terminal device, which are used to reduce the complexity of network slice access control.

The wireless communication system to which the embodiment of the present application is applied may include a first network device, a terminal device, and a second network device. The terminal device is described by using the UE, the first network device in the RAN, and the second network device as the CN. That is, the wireless communication system may include a Radio Access Network (RAN) device, a Core Network (CN) device, and a User Equipment (UE). The communication system of the embodiment of the present application supports a network slicing architecture. The core network network slice in the communication system may share the core network device and/or the core network resource, or may monopolize the core network device and/or the core network resource. In the wireless communication system, the UE accesses one or more RAN network slices or CN network slices through the RAN device. Specifically, the RAN device selects the AMF for the UE according to the information provided by the UE and the Access and Mobility Management Function (AMF) information configured or acquired.

A first aspect of the present application provides a method for access control, which may include: a first network device sends a first message to a terminal device, where the first message includes a first mapping rule, where the first mapping rule includes at least Information of a radio access network RAN network slice; the first network device sends access control information to the terminal device. In the embodiment of the present application, because the RAN network slice and the core network CN network slice are usually one-to-many mapping relationship, the first mapping rule sent by the RAN to the UE includes at least one RAN network slice information, and In the prior art, the configuration content of the first mapping rule in the embodiment of the present application is smaller, and the complexity is relatively low.

With reference to the first aspect of the embodiments of the present application, in a first implementation manner of the first aspect of the embodiments, the first mapping rule and the access control information are used to perform access control on the terminal device. . In the embodiment of the present application, the first mapping rule and the access control information that are sent by the RAN to the UE may be used for the UE to perform access control and initiate access of the network slice. The first mapping rule includes information about at least one RAN network slice, because the information of the RAN network slice is generally one-to-many relationship with the CN network slice information, so the configuration content of the second mapping rule is smaller than the existing one. Configuration content, low complexity.

With reference to the first aspect of the embodiments of the present application, the first implementation manner of the first aspect, in a second implementation manner of the first aspect of the embodiments, the method may further include: receiving, by the first network device a second message from the second network device, the second message includes a second mapping rule, the second mapping rule includes at least one CN access category, and the first mapping rule further includes the at least one RAN network A mapping relationship between the sliced information and the at least one CN access category. In this embodiment of the present application, at least one CN access category may be understood as a corresponding connection of at least one factor (such as an access level of the UE, information of at least one CN network slice, an application, a service category, and the like) included in the mapping rule. The index into the control information. The information of the at least one RAN network slice is determined according to at least one access category, because the RAN holds a mapping relationship between the information of the preset RAN network slice and the information of the CN network slice. The RAN may determine information of the at least one CN network slice according to information of the currently available CN network slice, where the information of the at least one CN network slice corresponds to the at least one CN category, so the second mapping rule may include information of at least one RAN network slice. The mapping relationship of the at least one CN access category. An optional implementation manner of the second mapping rule is provided, where the first mapping rule further includes a mapping relationship between the information of the at least one RAN network slice and the at least one CN access category, which is added to the solution. Flexibility.

With reference to the first aspect of the embodiments of the present application, the first implementation manner of the first aspect, in a third implementation manner of the first aspect of the embodiments, the method may further include: receiving, by the first network device a third message from the second network device, the third message including a network slice selection assistance information Allowed NSSAI list allowed by the CN network, the first mapping rule further including information of the at least one RAN network slice and the CN Allowed The mapping relationship of NSSAI lists. In the embodiment of the present application, the information of the at least one CN network slice is determined according to the CN Allowed NSSAI list, and the RAN saves the mapping relationship between the preset RAN network slice information and the CN network slice information, so that at least one may be The information of the CN network slice determines information for at least one RAN network slice. An optional implementation manner of the second mapping rule is provided. The first mapping rule may further include a mapping relationship between the information of the at least one RAN network slice and the CN Allowed NSSAI list, which increases the flexibility of the solution.

With reference to the first aspect of the embodiments of the present application, the first implementation manner of the first aspect, in a fourth implementation manner of the first aspect of the embodiments, the method may further include: receiving, by the first network device a fourth message from the second network device, the fourth message including a second mapping rule and a network slice selection assistance information Allowed NSSAI list allowed by the CN network, the second mapping rule including at least one CN access category, The first mapping rule further includes information of the at least one RAN network slice, a mapping relationship between the at least one CN access category and the CN Allowed NSSAI list. In the embodiment of the present application, the information of the at least one CN network slice is determined according to the CN Allowed NSSAI list, and the RAN saves the mapping relationship between the preset RAN network slice information and the CN network slice information, so that at least one may be The CN network slice information determines information for at least one RAN network slice, and at least one CN access class corresponds to the CN Allowed NSSAI list. An optional implementation manner of the second mapping rule is provided, where the first mapping rule further includes information about the at least one RAN network slice, a mapping relationship between the CN Allowed NSSAI list and at least one CN access category, and The flexibility of the solution of the present application.

The CN may select at least one CN that the UE is allowed to access in the current registration area according to the network slice selection assistance information (CN NSSAI) allowed by the UE, the subscription information of the UE, the local policy, the availability of the network slice, and the like. The information of the network slice, the information of the at least one CN network slice may be presented in the form of a list, and may be referred to as a CN allowed NSSAI (CN Allowed NSSAI) list, and may also be represented in other manners, which is not limited.

With reference to the first aspect of the embodiments of the present application, any one of the first to the second implementation manners of the first aspect, in the fifth implementation manner of the first aspect of the embodiments, the first mapping rule further includes A mapping relationship between information of the at least one RAN network slice and information of currently available CN network slices. In the embodiment of the present application, the information of the at least one CN network slice is determined by the RAN according to the currently available information of the CN network slice, and another implementation manner of the second mapping rule is provided, which increases the flexibility of the solution. Sex.

With reference to the fourth implementation manner of the first aspect of the embodiments of the present application, in a fifth implementation manner of the first aspect of the embodiments, the first mapping rule further includes information about the at least one RAN network slice, A mapping relationship between currently available CN network slice information and at least one CN access category. In the embodiment of the present application, the information of the at least one CN network slice is determined by the RAN according to the currently available information of the CN network slice, and another implementation manner of the second mapping rule is provided, which increases the flexibility of the solution. Sex.

With reference to the first aspect of the embodiments of the present application, any one of the first to fifth implementation manners of the first aspect, in the sixth implementation manner of the first aspect of the embodiments, the first mapping rule further includes A mapping relationship between the information of the at least one RAN network slice and the at least one RAN access category. In the embodiment of the present application, the at least one RAN access category is an access category of the RAN reconfiguration, which may be understood as searching for at least one factor (for example, information of at least one RAN network slice, etc.) included in the second mapping rule. Index of access control information. Another alternative implementation of the second mapping rule is provided, which increases the flexibility of the solution of the present application.

With reference to the first aspect of the embodiments of the present application, any one of the first to sixth implementation manners of the first aspect, in the seventh implementation manner of the first aspect of the embodiments, the first mapping rule further includes The information of the at least one RAN network slice, the mapping relationship between the CN Allowed NSSAI list and the RAN access category. In the embodiment of the present application, the information of the at least one CN network slice is determined by the RAN according to the CN Allowed NSSAI list, and another implementation manner of the second mapping rule is provided, which increases the flexibility of the solution.

With reference to the first aspect of the embodiments of the present application, any one of the first to seventh implementation manners of the first aspect, in the eighth implementation manner of the first aspect of the embodiments, the first mapping rule further includes The information of the at least one RAN network slice, the information of the currently available CN network slice, and the mapping relationship of the RAN access category. In the embodiment of the present application, the information of the at least one CN network slice is determined by the RAN according to the currently available information of the CN network slice, and another implementation manner of the second mapping rule is provided, which increases the flexibility of the solution. Sex.

It should be noted that, in any one of the foregoing first to eighth implementation manners, the information of the at least one RAN network slice included in the second mapping rule may be related to the at least one RAN access category, or the CN Allowed NSSAI list. Or, the CN Allowed NSSAI list has a mapping relationship with at least one RAN access category, or information of currently available CN network slices, or at least one CN access category. However, the second mapping rule may also not include at least one RAN access category, or a CN Allowed NSSAI list, or a CN Allowed NSSAI list and at least one RAN access category, or information of currently available CN network slices. Or, at least one CN access category, the RAN only needs to know that they have a mapping relationship, and is not limited.

A second aspect of the present application provides a method for access control, which may include: receiving, by a terminal device, a first message from a first network device, where the first message includes a first mapping rule, and the first mapping rule Information including at least one radio access network RAN network slice; the terminal device receiving access control information from the first network device. In the embodiment of the present application, because the information of the RAN network slice and the CN network slice information are usually one-to-many mapping relationship, the first mapping rule sent by the RAN to the UE includes at least one RAN network slice information. Compared with the prior art, the configuration content of the first mapping rule in the embodiment of the present application is smaller, and the complexity is relatively low.

With reference to the second aspect of the embodiments of the present application, in a first implementation manner of the second aspect of the embodiments, the method further includes: the terminal device according to the first mapping rule and the access control information Perform access control. In the embodiment of the present application, the UE may perform an access control check according to information of at least one RAN network slice, because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, so the second mapping rule The configuration content is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved. The case where the information of the CN network slice requested by the UE is inconsistent with the information of the allocated CN network slice is also solved, because the information of the different CN network slices of the same service type is mostly the same in the RAN network slice information of the RAN.

With reference to the second aspect of the embodiments of the present application, the first implementation manner of the second aspect, in the second implementation manner of the second aspect of the embodiments, the first mapping rule further includes the at least one RAN network The mapping relationship between the sliced information and at least one RAN access category. In the embodiment of the present application, the UE may perform access control check according to information of at least one RAN network slice or at least one RAN access category, which improves the selectivity and flexibility of the technical solution of the present application, because the RAN network slice information Generally, the information of the CN network slice is a one-to-many relationship. Therefore, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

With reference to the second aspect of the embodiments of the present application, the first implementation manner of the second aspect, in the third implementation manner of the second aspect of the embodiments, the first mapping rule further includes the at least one RAN network The mapping relationship between the sliced information and at least one CN access category. In the embodiment of the present application, the UE may perform access control check according to information of at least one RAN network slice or at least one CN access category, which improves the selectivity and flexibility of the technical solution of the present application, because the RAN network slice information Generally, the information of the CN network slice is a one-to-many relationship. Therefore, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

With reference to the second aspect of the embodiments of the present application, the first implementation manner of the second aspect, in the fourth implementation manner of the second aspect of the embodiments, the first mapping rule further includes the at least one RAN network The mapping relationship between the sliced information and the information of at least one CN network slice. In the embodiment of the present application, the UE may perform an access control check according to the information of the at least one RAN network slice or the information of the at least one CN network slice, which improves the selectivity and flexibility of the technical solution of the present application, because the RAN network is sliced. The information is generally one-to-many relationship with the CN network slice information. Therefore, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

With reference to the second aspect of the embodiments of the present application, the first implementation manner of the second aspect, in the fifth implementation manner of the second aspect of the embodiments, the first mapping rule further includes the at least one RAN network The sliced information, the mapping of the information of the at least one CN network slice to the at least one RAN access category. In this embodiment of the present application, wherein at least one CN network slice information is determined by the RAN according to a CN Allowed NSSAI list or a currently available CN network slice. The UE may perform the access control check of the RAN network slice according to the at least one RAN network slice, or may perform the access control check of the RAN network slice according to the at least one CN access category. . Because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, the control of the RAN network slice granularity is implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN. In the case, since the information of different CN network slices of the same service type is mapped in the RAN, the information of the RAN network slice is the same in most cases.

With reference to the second aspect of the embodiments of the present application, the first implementation manner of the second aspect, in the sixth implementation manner of the second aspect of the embodiments, the first mapping rule further includes the at least one RAN network The information of the slice, the mapping of the information of the at least one CN network slice to the at least one CN access category. In the embodiment of the present application, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice, and improve the The selectivity and flexibility of the technical solution of the present application. The control of the RAN network slice granularity is also implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information of different CN network slices of the same service type is mapped in the RAN RAN network. The sliced information is mostly the same.

A third aspect of the present application provides a method for access control, which may include: the second network device sends a second message to the first network device, where the second message includes a second mapping rule, and the second mapping rule Includes at least one CN access category. In the embodiment of the present application, the second mapping rule includes at least one CN access category, which may be used by the RAN to identify at least one according to a mapping relationship between the preset RAN network slice information and the CN network slice information. CN network slice information provides an achievable way.

With reference to the third aspect of the embodiments of the present application, in a first possible implementation manner of the third aspect of the embodiments, the second message includes a CN network slice selection auxiliary information Allowed NSSAI list. In the embodiment of the present application, if the second message includes the CN network slice selection auxiliary information Allowed NSSAI list, the RAN may directly determine the information of the at least one CN network slice according to the CN Allowed NSSAI list, thereby determining the second mapping rule. The information of at least one RAN network slice provides an achievable way.

With reference to the first possible implementation manner of the third aspect of the embodiments of the present application, in a second possible implementation manner of the third aspect of the embodiments, the second mapping rule includes the at least one CN access category. A mapping relationship with the CN Allowed NSSAI list.

A fourth aspect of the embodiments of the present application provides a network device, which has the function of reducing the complexity of network slice access control. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

A fifth aspect of the embodiments of the present application provides a terminal device, which has the function of reducing the complexity of network slice access control. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

A sixth aspect of the embodiments of the present application provides a network device, which has the function of reducing the complexity of network slice access control. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

A seventh aspect of the present application provides a network device, which may include:

a memory, a transceiver, the memory and the transceiver are connected by a bus;

The memory is configured to store an operation instruction;

The transceiver is configured to send, by using the operation instruction, a first message to a terminal device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one RAN network slice; The terminal device sends access control information.

The eighth aspect of the embodiments of the present application provides a wireless communication apparatus, which may include:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with the terminal device through the transceiver circuit, The memory is for storing program instructions, the at least one processor is configured to execute the program instructions stored in the memory, such that the wireless communication device performs the method according to any one of the first aspects of the embodiments of the present application The portion of the operation of the first network device. The wireless communication device may be a network device or a system chip that applies a corresponding function in a network side device.

A ninth aspect of the present application provides a wireless communication apparatus, which may include:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with a network side device through the transceiver circuit, The memory is for storing program instructions, the at least one processor is configured to execute the program instructions stored in the memory, such that the wireless communication device performs the method according to any one of the second aspects of the embodiments of the present application The part of the terminal device operation. The wireless communication device can be either a terminal device or a system chip that applies a corresponding function in the terminal device.

A tenth aspect of the present application provides a communication system, where the communication system includes a first network device, a terminal device, and a second network device, where the first network device is optional to perform the first aspect or the first aspect of the present application. The first network device in the implementation manner; the terminal device is the terminal device in the optional implementation manner of the second aspect or the second aspect of the application; the second network device is configured to perform the third aspect or the The second network device of any of the alternative implementations of the three aspects.

The eleventh aspect of the present application provides a storage medium. It should be noted that the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be implemented by software. The computer software product is stored in a storage medium for storing computer software instructions for use in the above apparatus, comprising: the first network device for performing the first aspect, the second aspect or the third aspect A program designed by a terminal device or a second network device.

The storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes.

A twelfth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing a computer to perform the method as described in the first aspect of the present application or any of the alternative implementations of the first aspect .

A thirteenth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing the computer to perform the method as described in the second aspect or any alternative implementation of the second aspect of the present application .

A fourteenth aspect of the embodiments of the present application provides a computer program product comprising instructions, when executed on a computer, causing the computer to perform the method as described in any of the optional implementations of the third aspect or the third aspect of the present application. .

As can be seen from the above technical solutions, the embodiments of the present application have the following advantages:

An embodiment of the present application sends a first message to a terminal device by using a first network device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one RAN network slice; the first network device sends The terminal device sends access control information. Because the information of the RAN network slice and the information of the CN network slice are usually one-to-many mapping relationship, the first mapping rule sent by the RAN to the UE includes information of at least one RAN network slice, which is compared with the prior art. The configuration content of the first mapping rule in the embodiment of the present application is smaller and the complexity is relatively low.

DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the embodiments and the prior art description will be briefly described below. Obviously, the drawings in the following description are only some implementations of the present application. For example, other drawings can also be obtained from these drawings.

FIG. 1 is a schematic diagram of 3GPP supporting multiple network slices in the embodiment of the present application;

2A is a schematic diagram of a scenario applied in an embodiment of the present application;

2B is a schematic structural diagram of a wireless communication system applied in an embodiment of the present application;

FIG. 3 is a schematic diagram of an embodiment of a method for access control according to an embodiment of the present application;

4 is a schematic diagram of another embodiment of a method for access control in an embodiment of the present application;

FIG. 5A is a schematic diagram of an embodiment of a network device according to an embodiment of the present application;

FIG. 5B is a schematic diagram of another embodiment of a network device according to an embodiment of the present application;

6A is a schematic diagram of an embodiment of a terminal device according to an embodiment of the present application;

6B is a schematic diagram of another embodiment of a terminal device according to an embodiment of the present application;

FIG. 7 is a schematic diagram of another embodiment of a network device according to an embodiment of the present application;

FIG. 8 is a schematic diagram of another embodiment of a terminal device according to an embodiment of the present application.

detailed description

In the following, the technical solutions in the embodiments of the present application are described in conjunction with the accompanying drawings in the embodiments of the present application. It is obvious that the described embodiments are only a part of the present application. Embodiments, rather than all of the embodiments. Based on the embodiments in the present application, they should all fall within the scope of protection of the present application.

The embodiments of the present application relate to a radio access network device, a terminal device, and a core network device.

The access network device, which may also be referred to as a base station, is a device deployed in the radio access network to provide wireless communication functions for the terminal device, including but not limited to: various forms of macro base stations, micro base stations (also It is called a small station, a relay station, a Transmission Reception Point (TRP), an evolved Node B (eNB), a radio network controller (RNC), and a Node B (Node B, NB). Base Station Controller (BSC), Base Transceiver Station (BTS), home base station (for example, Home evolved NodeB, or Home Node B, HNB), and baseband unit for processing communication data (BaseBand) Unit, BBU), etc. In systems employing different wireless access technologies, the names of wireless access network devices with similar wireless communication capabilities may vary. For convenience of description, in all embodiments of the present application, the foregoing apparatus for providing a wireless communication function for a terminal device is collectively referred to as a radio access network device.

The terminal device is also referred to as a user equipment (UE) or a mobile station (MS) in the wireless communication standard. The terminal device involved in the embodiment of the present application is a wireless transceiver function. The equipment can be deployed on land, indoors or outdoors, hand-held or on-board; it can also be deployed on the water (such as ships); it can also be deployed in the air (such as airplanes, balloons, satellites, etc.). The terminal device may include various types of mobile phones, tablets, computers with wireless transceiver functions, wireless data cards, virtual reality (VR) terminal devices, and augmented reality (Augmented Reality, AR) terminal equipment, terminal equipment of machine type communication (MTC), terminal equipment in industrial control, terminal equipment in self driving, and remote medical Terminal equipment, terminal equipment in smart grid, terminal equipment in transportation safety, terminal equipment in smart city, smart home (home equipment with wireless communication function, such as refrigerator, TV, washing machine or furniture, etc., as well as wearable devices (such as smart watches, smart bracelets, pedometers, etc.) and so on. The terminal device referred to in the present application can also be set to a fixed position, and has a device similar to the wireless communication function of the foregoing terminal device. In a system using a different wireless access technology, the name of the terminal device having a similar wireless communication function may be different. For the convenience of description, in the embodiment of the present application, the device having the wireless communication function is collectively referred to as a terminal. device.

The core network device may be a device having an access and mobility management network function, a session management network function (SMF), a user plane network function, an authentication management network function, and an AMF.

The term "and/or" appearing in this patent application is merely an association describing the associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, while A exists. And B, there are three cases of B alone. In addition, the character "/" in the present application generally indicates that the context of the context is an "or" relationship.

Various objects such as various messages/information/devices/network elements/systems/devices/actions/operations/processes/concepts may be named in this patent application, but these specific names do not constitute relevant The definition of the object may be changed according to factors such as scene, context or usage habits. The understanding of the technical meaning of the relevant object shall be determined mainly from the functions and technical effects embodied/executed in the technical solution. .

With the emergence of a variety of communication system services, there is a significant difference in the network performance requirements of different communication services. 5G introduces the concept of network slicing to cope with the difference in network performance requirements of different communication services.

A complete network slice includes but is not limited to RAN network slices and CN network slices to jointly build an end-to-end network slice architecture. CN network slices pass through a set of customized NFs, including access and mobility management functions (Access and Mobility Management). Function, AMF), Session Management Function (SMF), User Plane Function (UPF), etc. The RAN network slice is configured by scheduling and a set of different first protocol layer 1 (such as physical layer), second protocol layer 2 (such as media access control layer, radio link control layer, data packet aggregation layer, etc.) Implement different RAN network slices. The implementation form of the specific RAN network slice is not limited herein, and may be implemented by atomization, modularization, or by software, instantiation, or the like.

In general, the CN network slice is different according to the tenant and the service type, and the number of RAN network slices is small due to factors such as limited air interface resources. The CN network slice and the RAN network slice are many-to-one or many-to-many. Relationships, extreme situations can reach a one-to-one ratio.

At present, the discussion of network architecture in 3GPP mainly focuses on network slice selection. The purpose of network slice selection is to select a suitable network slice for the UE, and associate the UE with a specific network slice, thereby establishing a control plane CP corresponding to the network slice. (control plane, CP) and / or user plane UP (user plane, UP) connection.

The following is a brief description of network slice based access control, as follows:

Network slicing can be regarded as a logically independent virtual network. Different network slicing needs to ensure the isolation requirement. Therefore, when the load of one network slice is too heavy, it is necessary to avoid negative impact on other network slicing, so the network slice based connection Incoming control can effectively ensure the isolation of network slices, so as to meet the business requirements signed by operators and network slicing customers, or the requirements of Service Level Agreement (SLA).

Specifically, the access control may limit the proportion of the UE accessing the network, for example, designing an access restriction parameter, including an access factor, an access back-off, and the like, thereby limiting the network access of the UE proportionally. To achieve the purpose of access control, different access restriction parameters can be set for different services, thereby implementing service-specific access control, and restricting access of certain users according to different user access levels.

Currently, the LTE system supports multiple access control technologies, and the following implementation methods are known:

1) Ordinary Access Barring Check (ABC), which performs access control according to signaling, emergency services, data, etc., and can also be connected according to different Public Land Mobile Network (PLMN). Into control

2) Extended Access Barring (EAB), which extends the normal ABC to limit access of UEs with low access priority;

3) Application Specific Congestion Control for Data Communication (ACDC) for data communication, which can classify applications and set different access control parameters according to different categories (category);

4) Service Specific Access Control (SSAC), which can be applied to Multimedia Telephony (Multi Media Telephony), including voice, video call, message service, video image sharing, and the like.

In one technology, the existing ABC scheme of LTE is applied to network slicing, that is, the RAN uses the CN network slice supported by the network as a separate ABC category, and broadcasts access control information applicable to each CN network slice, thereby implementing CN network slice access control; RAN broadcast CN network slice applicable access control information, such as CN network slice 1 access control information, CN network slice 2 access control information; UE reads system information in each CN network The slice access control information is combined with the CN network slice to initiate the connection, and the corresponding access control information is saved; the UE performs an access control check to determine whether a Radio Resource Control (RRC) connection request needs to be initiated.

However, the above technology only adds the category of the CN network slice based on the existing LTE. The excessive number of CN network slices causes the technical overhead and the backward compatibility to be poor.

In the 5G system standard setting process, a unified access barring is proposed, and a common architecture can be designed to simplify the 5G access control mechanism.

In this solution, the CN may configure an access category applicable to the UE, and the configuration includes a mapping rule, for example, mapping the access level of the UE, the information of the CN network slice, the application, the service category, and the like to a specific access category ( Access category), which can be called the CN access category. The CN access category may be understood as an index of the access control information corresponding to at least one factor (for example, an access level of the UE, information of at least one CN network slice, an application, a service category, and the like) included in the mapping rule. Further, the mapping rule may be sent by the CN to the UE through a non-access stratum (NAS) message, and is transmitted during registration or registration area update. The mapping rules can be presented in the form of a table, as shown in Table 1 below.

Table 1

The UE may trigger the network access, and according to the obtained configuration information, the configuration information may include a mapping rule, and determine the CN access category corresponding to the access. The RAN indicates the CN access control information corresponding to the CN access category through the system message, for example, the access restriction ratio and the restricted time, or the bit map may be used to indicate whether the UE access needs to be restricted or the like. The UE performs the access restriction check again, that is, before initiating the access attempt, the UE first uses the determined CN access category to determine whether the access can be initiated; if the UE determines that the access is not restricted, the access attempt is initiated.

The scheme is controlled by the CN, but the number of CN network slices is too large. To ensure that different combinations of EAB/ACDC and CN network slices can be mapped to the appropriate access category, the NAS configuration table is too large and complex. High; and the CN network slice requested by the UE may be different from the CN network slice allocated by the network. For example, the CN network slice of a tenant requested by the UE is unavailable in the current area, and the CN allocates an identical CN network slice of another tenant that can be replaced or a CN network slice of the same service type. The granularity of the RAN access control is different from that of the CN network slice, resulting in poor access control flexibility of the RAN based on the network slice.

FIG. 2A is a schematic diagram of a scenario applied to an embodiment of the present application. The LTE system is used as an example. The UE is located in the coverage of one or more cells (carriers) provided by the macro base station or the small base station, and the number of cells serving the UE may be one or more. When there are multiple serving cells of the UE, the UE may work according to carrier aggregation (CA) or dual connectivity (DC) or coordinated multiple point transmission (CoMP), at least one of which The cell provides more than one air interface technology format, such as more than one transmission time interval (TTI), more than one subcarrier spacing width, more than one cyclic prefix length, etc. Transmission characteristics while providing wireless resources to the UE. The present application is also applicable to a Universal Mobile Telecommunications System (UMTS) system, a Code Division Multiple Access (CDMA) system, a wireless local area network (WLAN), or a future 5G (the fifth generation). ) Wireless communication systems, etc.

FIG. 2B is a schematic structural diagram of a wireless communication system applied to an embodiment of the present application. The first network device, the terminal device, and the second network device may be included. The terminal device is described by using the UE, the first network device in the RAN, and the second network device as the CN. That is, the wireless communication system may include a Radio Access Network (RAN) device 110, a Core Network (CN) device 120, and a User Equipment (UE) 130. The communication system of the embodiment of the present application supports a network slicing architecture in which core network network slices can share core network equipment and/or core network resources, and can also monopolize core network equipment and/or core network resources. As shown in FIG. 2B, in the wireless communication system, the UE 130 accesses one or more RAN network slices or CN network slices through the RAN device 110. Specifically, the RAN device 110 selects the AMF for the UE 130 according to the information provided by the UE 130 and the Access and Mobility Management Function (AMF) information configured or acquired.

In the embodiment of the present application, the first network device sends a first message to the terminal device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one RAN network slice; the first network device Sending access control information to the terminal device. The terminal device may perform an access control check according to the received first mapping rule and the access control information. Because the information of the RAN network slice and the information of the CN network slice are usually one-to-many mapping relationship, the first mapping rule sent by the RAN to the UE includes information of at least one RAN network slice, which is compared with the prior art. The configuration content of the first mapping rule in the embodiment of the present application is smaller and the complexity is relatively low. The problem that the CN network slice is more, which causes the NAS level table configuration to be too large and the complexity is too high.

Further, the first mapping rule may further include a mapping relationship between the information of the at least one RAN network slice and the at least one RAN access category, or the first mapping rule further includes information about the at least one RAN network slice. The mapping relationship of the at least one CN access category, or the first mapping rule may further include information of the at least one RAN network slice, a mapping relationship between the at least one RAN access category and the at least one CN access category. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is solved, because the information of the same CN network slice or the information of the service type mapped on the RAN network slice of the RAN is mostly the same. The access control of the RAN based on the RAN network slice granularity is also implemented.

In the following embodiments, the terminal device is described by using the UE, the first network device in the RAN, and the second network device as the CN.

The technical solution of the present application is further described in the following embodiments. As shown in FIG. 3, it is a schematic diagram of an embodiment of the method for access control in the embodiment of the present application, including:

301. The UE sends an uplink message to the CN.

In this embodiment of the present application, the UE sends an uplink message to the CN through the RAN. The uplink message may be a non-access stratum (NAS) message such as a registration request or a registration area update request. That is, the UE initiates a registration management request to the CN through the RAN (for example, the CN may be an access management function, an access, and a mobility management function, etc.), requesting the UE to register with the CN, and completing functions such as identity recognition, authentication, or registration area update.

It should be understood that the NAS message may be any uplink message related to registration management, and is not limited to NAS messages such as the above-mentioned registration request or registration area update request. In a possible implementation manner, the uplink message may carry at least one network slice selection assistance information (NSSAI) allowed by the CN network, and is used to assist the CN to select, for the UE, information about the CN network slice suitable for accessing. .

302. The CN acquires a first mapping rule, where the first mapping rule includes at least one CN access category.

In the embodiment of the present application, after the CN receives the uplink message, the CN configures the CN access category applicable to the UE, and the first mapping rule is obtained, where the first mapping rule includes at least one CN access category. For example, the first mapping rule may include an access level of the UE, information of at least one CN network slice, an application, a service category, and the like, mapped to a specific access category, which may be referred to herein as a CN access category. The CN access category may be understood as an index for finding access control information corresponding to at least one factor (eg, access level of the UE, information of at least one CN network slice, application, service category, etc.) included in the first mapping rule. Further, the CN access category may be indicated by a number, a letter, a byte, or the like, and is not specifically limited in the embodiment of the present application.

Optionally, the first mapping rule may be presented in the form of a table, where the first mapping rule does not include information about at least one CN network slice, as shown in Table 2 below:

Table 2

Optionally, in the first mapping rule, information about at least one CN network slice may be included, as shown in Table 3 below:

table 3

It should be noted that Tables 2 and 3 are only one example of the first mapping rule. The first mapping rule includes at least one CN access category, and other factors may be greater or smaller than those shown in Tables 2 and 3 above.

Optionally, if the first mapping rule includes information about at least one CN network slice, the information of the at least one CN network slice may be represented by at least one network slice selection assistance information (NSSAI) allowed by the CN network. Specifically, the network slice selection auxiliary information allowed by the CN network includes but is not limited to the following related information:

Network slice type: for example, enhanced mobile broadband service (eMBB), ultra-reliable low-latency communication (URLLC), massive machine type communication (mMTC), etc. Slice type information. Further, the network slice type may refer to an end-to-end network slice type, including a RAN network slice type and a CN network slice type, and may also refer to a RAN network slice type, or a CN network slice type.

Service type: related to a specific service, such as video service, car network service, voice service, etc., indicating service characteristics or specific service information.

Network slice differentiation: The auxiliary network slice type and service type are used to further distinguish network slice information. It can be used to distinguish network slices under the same network slice type or service type.

Tenant information: Used to indicate the customer information for creating or renting the network slice, such as Tencent, State Grid, etc.

User group information: Group information for indicating that users are grouped according to certain characteristics, such as the level of the user.

Network slice instance information: used to indicate the instance ID and feature information created for the network slice. For example, the network slice instance is assigned an identifier for indicating the network slice instance, and a new identifier may be mapped on the basis of the network slice instance identifier, and the network slice instance is associated with the identifier, and the receiver may identify the representative according to the identifier. Specific network slice instance.

Dedicated Core Network (DCN) identification: This identifier is used to uniquely indicate a proprietary core network, such as the core network of the Internet of Things. Optionally, the DCN identifier may be mapped to the network slice identifier, and the network slice identifier may be mapped by the DCN identifier, and the DCN identifier may also be mapped by using the network slice identifier.

It should be noted that the CN Allowed NSSAI list is determined in such a manner that the CN can select the UE according to factors such as the network slice selection assistance information (CN NSSAI) allowed by the UE, the UE subscription information, the local policy, and the availability of the network slice. Information of at least one CN network slice that is allowed to be accessed in the current registration area, the information of the at least one CN network slice may be presented in the form of a list, which may be referred to as a CN allowed NSSAI (CN Allowed NSSAI) list, or may be other The way is expressed, the specific is not limited.

303. The CN sends the first downlink message to the RAN.

In this embodiment, the CN sends a first downlink message to the RAN, and the RAN receives the first downlink message from the CN. The first downlink message may include a first mapping rule and a CN Allowed NSSAI list, where the first mapping rule includes at least one CN access category; or the first downlink message may include a first mapping rule, where the first mapping rule includes at least one The CN access category; or the first downlink message may include a CN Allowed NSSAI list.

Optionally, when both the first mapping rule and the CN Allowed NSSAI list need to be sent to the RAN, the first downlink message may include the first mapping rule, and the CN Allowed NSSAI list may also be sent to the RAN by another downlink message. For the first mapping rule, refer to Table 2 and Table 3 above, and details are not described herein again. The first downlink message may be a NAS message, and is sent to the RAN through the CN and the RAN interface. For example, the CN sends the first downlink message to the RAN through the N2 interface.

304. The RAN acquires a second mapping rule, where the second mapping rule includes information of at least one RAN network slice.

In this embodiment of the present application, the RAN receives the first downlink message sent by the CN. The first downlink message may include a first mapping rule and a CN Allowed NSSAI list, where the first mapping rule includes at least one CN access category; or the first downlink message may include a first mapping rule, where the first mapping rule includes at least one The CN access category; or the first downlink message may include a CN Allowed NSSAI list. Further, the RAN acquires a second mapping rule, where the second mapping rule includes information of at least one RAN network slice. Optionally, the first downlink message received by the RAN may include a first mapping rule, and another received downlink message may include a CN Allowed NSSAI list.

It should be understood that if the downlink message received by the RAN includes a CN Allowed NSSAI list, the information of the at least one RAN network slice has a mapping relationship with the CN Allowed NSSAI list, and the second mapping rule may include the at least one RAN network slice. The information is related to the CN Allowed NSSAI list; if the CN Allowed NSSAI list is not included in the downlink message received by the RAN, the information of the at least one RAN network slice is mapped to the currently available CN network slice information, and the second mapping is performed. The rules may include information of the at least one RAN network slice and information of currently available CN network slices. Exemplarily, the RAN saves the mapping relationship between the information of the preset RAN network slice and the information of the CN network slice. For example, the mapping relationship may be pre-configured by the network management or through the CN device through the interface information between the CN and the RAN. Configuration. The information of one or more CN network slices may correspond to information of a RAN network slice, as shown in Table 4 below:

RAN Network slice，接入网网络切片的信息RAN Network slice, access network network slice information	CN Network slice，核心网网络切片的信息CN Network slice, core network network slice information
11	1，21,2
22	3，43,4
33	5，6，7，85,6,7,8
44	9，10，11，129,10,11,12
55	13，1413,14
66	15，1615,16
77	17，18，1917,18,19
88	20，21，2220, 21, 22
99	23，2423,24
1010	25，2625,26

Table 4

(1) If the downlink message received by the RAN includes the CN Allowed NSSAI list, the second mapping rule may be found according to the mapping relationship between the preset RAN network slice information and the CN network slice information, as shown in Table 4 above. The information of the at least one RAN network slice corresponding to the allowed NSSAI list is used as the second mapping rule. Further, the information of the at least one RAN network slice is mapped to a specific access category, which may be referred to as a RAN access category. For example, the access category may use a RAN network slice ID or a new access category to determine a second mapping rule. The RAN access category may be understood as an index for finding access control information corresponding to at least one factor (for example, information of at least one RAN network slice, etc.) included in the second mapping rule.

It should be understood that, according to the description in step 302, the CN Allowed NSSAI list is a representation of information of at least one CN network slice allowed to be accessed in the current registration area of the UE, so the CN Allowed NSSAI list is at least one CN network. The sliced information, for example: CN Allowed NSSAI list is shown in Table 5:

CN Allowed NSSAI列表CN Allowed NSSAI list
33
99
1717
2020

table 5

In Table 5, 3, 9, 17, and 20 may be identifiers of CN network slices, or may be network slice type, service type, network slice division, tenant information, user group information, network slice instance information, and proprietary core network. Indicators and other indications are used to distinguish different CN network slices, which are not limited.

For example, as shown in Table 6, the second mapping rule may include information of at least one RAN network slice, and the information of the at least one RAN network slice is found through the list shown in Table 5 in the above Table 4, because CN The Allowed NSSAI list is information of at least one CN network slice, so it can be searched by the mapping relationship between the preset RAN network slice information and the CN network slice information. The information of the RAN network slice may be indicated by the RAN network slice identifier, as follows:

与CN Allowed NSSAI列表对应的至少一个RAN网络切片的信息Information of at least one RAN network slice corresponding to the CN Allowed NSSAI list
22
44
77
88

Table 6

In the solution shown in Table 6, the UE may perform an access control check according to information of at least one RAN network slice, because the information of the RAN network slice is generally one-to-many relationship with the CN network slice information, so the second mapping The configuration content of the rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

For example, as shown in Table 7, the second mapping rule may include a mapping relationship between information of at least one RAN network slice and at least one RAN access category, as follows:

Table 7

In the solution shown in Table 7, the UE may perform access control check according to information of at least one RAN network slice or at least one RAN access category, which improves the selectivity and flexibility of the technical solution of the present application. Because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. The control of the RAN network slice granularity is realized. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

For example, as shown in Table 8, the second mapping rule may include a mapping relationship between information of at least one RAN network slice and information of at least one CN network slice, as follows:

Table 8

In the solution shown in Table 8, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. The selectivity and flexibility of the technical solution of the present application are improved. Because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. The control of the RAN network slice granularity is realized. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

For example, as shown in Table 9, the second mapping rule may include information of at least one RAN network slice, information of at least one CN network slice, and a mapping relationship of at least one RAN access category, as follows:

Table 9

In the solution shown in Table 9, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. Alternatively, the access control check of the RAN network slice may be performed according to the at least one RAN access category, which improves the selectivity and flexibility of the technical solution of the present application. Because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. The control of the RAN network slice granularity is realized. The situation that the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN is also solved, because the information of the different CN network slices of the same service type is mapped in the RAN network, and the information of the RAN network slice is the same in most cases. .

It should be noted that, in the second mapping rule described in the foregoing Table 7-9, at least one RAN network slice information may be associated with at least one RAN access category, or a CN Allowed NSSAI list, or a CN Allowed NSSAI list and At least one RAN access category has a mapping relationship, but the second mapping rule may also not include at least one RAN access category, or a CN Allowed NSSAI list, or a CN Allowed NSSAI list and at least one RAN access category, The RAN knows their mapping relationship, which is not limited.

(2) If the downlink message received by the RAN does not include the CN Allowed NSSAI list, the second mapping rule may be found according to the mapping relationship between the preset RAN network slice information and the CN network slice information, as shown in Table 4 above. The current RAN or the information of the at least one CN network slice allowed by the entire network, that is, the information of the at least one RAN network slice corresponding to the currently available CN network slice information is used as the second mapping rule. Further, the information of the at least one RAN network slice is mapped to a specific access category, which may be referred to as a RAN access category. For example, the access category may use a RAN network slice identifier (NSRPI), or a new access category may be used to determine the second mapping rule. The RAN access category may be understood as an index that searches for access control information corresponding to at least one factor (eg, information of at least one RAN network slice, etc.) included in the second mapping rule.

For example, referring to any of the foregoing Table 6, Table 7, Table 8, and Table 9, the second mapping rule may include information of at least one RAN network slice, or may include information of at least one RAN network slice and at least one RAN. a mapping relationship of the access category, or may include a mapping relationship between information of the at least one RAN network slice and information of the at least one CN network slice, or may include information of at least one RAN network slice, information of at least one CN network slice, and A mapping relationship of at least one RAN access category. It should be understood that, in the implementation of (2), the determined information of the at least one CN network slice is determined by the RAN according to information of the currently available CN network slice, and the determined quantity of information of the at least one CN network slice may be The number of pieces of information of at least one CN network slice determined by the manner of (1) above.

It should be noted that, in the implementation of (2), there is no CN Allowed NSSAI list, and the RAN is information of at least one CN network slice determined according to information of currently available CN network slices. Then, referring to the second mapping rule described in Table 7-9 above, the information of the at least one RAN network slice may be related to at least one RAN access category, or the information of the currently available CN network slice, or the currently available CN. The information of the network slice has a mapping relationship with the at least one RAN access category, but the second mapping rule may also not include at least one RAN access category, information of the currently available CN network slice, or the currently available CN network. The sliced information, and at least one RAN access category, are not specifically limited.

Optionally, in the second mapping rule, the information of the at least one RAN network slice mentioned above, the information of the at least one CN network slice, the at least one CN access category, and other factors may also be included. The specific is not limited.

It should be noted that, in the embodiment of the present application, the information of at least one RAN network slice may be represented by a self-defined identifier that has a mapping relationship with at least one CN network slice, and may also use a RAN network slice identifier and a RAN network slice type. Information, RAN service type, RAN network slice classification, RAN tenant information, RAN network slice instance information, etc. are used to distinguish different RAN network slices, which are not limited.

Further, in the embodiment of the present application, if the first mapping rule is included in the first downlink message, the RAN only plays the role of forwarding, that is, the first mapping rule is forwarded to the UE. It should be understood that the RAN access category may be indicated by a number, a letter, a byte, etc., and is not specifically limited in the embodiment of the present application.

305. The RAN sends the second downlink message to the UE, where the second downlink message includes a second mapping rule.

In the embodiment of the present application, after acquiring the second mapping rule, the RAN may send second downlink information to the UE, where the second downlink information includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice. The UE receives the second downlink message from the RAN. The second downlink message may be an AS message such as a radio resource control (RRC). For the second mapping rule, reference may be made to any of the foregoing Table 6, Table 7, Table 8, and Table 9, and details are not described herein again.

Optionally, the second downlink message may further include a first mapping rule, where the first mapping rule includes at least one CN access category, or the RAN sends the first mapping rule to the UE by using another downlink message, where the first mapping rule may be Refer to Table 2 and Table 3 above for details, and details are not described here.

306. The UE determines information about at least one RAN network slice according to the second mapping rule.

In this embodiment, the UE receives the second downlink message sent by the RAN, where the second downlink message includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice. For the second mapping rule, reference may be made to any of the foregoing Table 6, Table 7, Table 8, and Table 9, and details are not described herein again.

Optionally, the second mapping rule includes a first mapping rule, or the UE receives another downlink message, and the other downlink message includes a first mapping rule, where the first mapping rule includes at least one CN access category.

307. The RAN sends the access control information to the UE.

In this embodiment of the present application, the RAN sends RAN access control information to the UE, and the UE receives RAN access control information from the RAN. It should be understood that the RAN access control information may be access control information of information of all RAN network slices, or may be access control information of information of at least one RAN network slice.

Optionally, the RAN sends CN access control information to the UE, and the UE receives CN access control information from the RAN. It should be understood that the CN access control information may be access control information of information of all CN network slices, or may be access control information of information of at least one CN network slice.

308. The UE performs access control according to the second mapping rule and the access control information.

In this embodiment of the present application, the UE may perform an access restriction check according to the second mapping rule and the RAN access control information. Before initiating an access attempt, the UE may perform ABC according to information of at least one RAN network slice or access control information corresponding to at least one RAN access category, thereby determining whether an access or service request can be initiated.

One possible way is that the corresponding access control information has an access restriction timer. If the access restriction timer set by the RAN network slice is running, the terminal device determines that the network access request or the service request cannot be initiated. Otherwise, the terminal device uses a random number algorithm to select a uniformly distributed random number between 0 and 1. If the random number is smaller than the corresponding access restriction factor in the access control information, the terminal device determines that the RAN network slice can be If the random number is greater than or equal to the corresponding access restriction factor, the terminal device determines that the RAN network slice is not accessible, and the terminal device starts an access restriction timer corresponding to the RAN network slice, for example, The timing of the access restriction timer may be (0.7+0.6* random number)* access restriction time.

Another possible way is that the RAN access control information includes a bit map, and different bits of the bit map correspond to different RAN network slice information or different RAN access categories. For example, the corresponding bit number value is “0”, indicating that the network slice access request or service request can be initiated, otherwise it cannot be initiated. The specific ABC mechanism can also refer to any ABC applicable to the LTE system or the 5G system, which is not limited herein. If not, the UE initiates an access attempt or service request to the first RAN network slice.

Optionally, the UE may perform an access restriction check according to the first mapping rule and the CN access control information. Before initiating an access attempt, the UE may perform ABC according to information of at least one RAN network slice or access control information corresponding to at least one RAN access category, thereby determining whether an access or service request can be initiated. The specific ABC mechanism can refer to any ABC applicable to the LTE system or the 5G system, which is not limited herein. If not restricted, the UE may initiate an access attempt or service request to the first CN network slice.

It should be noted that the access control check performed by the RAN according to the second mapping rule and the access control information includes, but is not limited to, the two possible implementation manners mentioned above, and the other is performed according to the second mapping rule and the access control information. The manner in which the control check is entered is also within the scope of protection of the present application.

In this embodiment, the RAN sends a second downlink message to the UE, where the second downlink message includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice; and the RAN sends the information to the UE. The RAN accesses control information. It should be noted that the second mapping rule determined by the RAN has nothing to do with the first mapping rule sent by the RAN to receive the CN. The UE may initiate an access request to the information of the first RAN network slice in the information of the at least one RAN network slice according to the RAN access control information. Because the information of the RAN network slice and the information of the CN network slice are usually one-to-many mapping relationship, the second mapping rule sent by the RAN to the UE includes information of at least one RAN network slice, which is compared with the prior art. The configuration of the second mapping rule in the embodiment of the present application is smaller and the complexity is relatively low. The problem of CN network slicing is solved, which causes the NAS level table configuration to be too large and the complexity is too high. Further, the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because information of different CN network slices of the same service type is mapped to the RAN network slice information of the RAN. identical. The access control of the RAN based on the RAN network slice granularity is also implemented.

FIG. 4 is a schematic diagram of another embodiment of an access control method according to an embodiment of the present application, including:

401. The UE sends an uplink message to the CN.

402. The CN acquires a first mapping rule.

In the embodiment of the present application, steps 401 and 402 are similar to steps 301 and 302 shown in FIG. 3 above, and details are not described herein again.

403. The CN sends the first downlink message to the RAN, where the first downlink message includes a first mapping rule.

In this embodiment, the CN sends a first downlink message to the RAN, and the RAN receives the first downlink message from the CN. The first downlink message includes a first mapping rule, and the first mapping rule includes at least one CN access category, which can be referred to the foregoing Table 2 and Table 3, and details are not described herein again.

Optionally, the first downlink message may further include a CN Allowed NSSAI list, or the CN sends the CN Allowed NSSAI list to the RAN by using another downlink message. It should be understood that the first downlink message may be a NAS message, and is sent to the RAN through the CN and the RAN interface. For example, the CN sends the first downlink message to the RAN through the N2 interface.

404. The RAN acquires a second mapping rule, where the second mapping rule includes information of at least one RAN network slice.

In this embodiment of the present application, the RAN receives the first downlink message sent by the CN. The first downlink message includes a first mapping rule, and the first mapping rule includes at least one CN access category. Optionally, the first downlink message may further include a CN Allowed NSSAI list, or the RAN receives another CN downlinked NSSAI list. Further, the RAN acquires a second mapping rule, where the second mapping rule includes information of at least one RAN network slice.

It should be understood that if the downlink message received by the RAN includes a CN Allowed NSSAI list, the information of the at least one RAN network slice has a mapping relationship with the CN Allowed NSSAI list, and the second mapping rule may include the at least one RAN network slice. The information is related to the CN Allowed NSSAI list; if the CN Allowed NSSAI list is not included in the downlink message received by the RAN, the information of the at least one RAN network slice is mapped to the currently available CN network slice information, and the second mapping is performed. The rules may include information of the at least one RAN network slice and information of currently available CN network slices.

It should be noted that the second mapping rule may add information of at least one RAN network slice to the first mapping rule, or the second mapping rule is determined by the RAN according to the first mapping rule and the CN Allowed NSSAI list, or The second mapping rule is determined by the RAN according to the first mapping rule and the information of the currently available CN network slice.

Exemplarily, the RAN saves the mapping relationship between the information of the preset RAN network slice and the information of the CN network slice. For example, the mapping relationship may be pre-configured by the network management or through the CN device through the interface information between the CN and the RAN. Configuration. The information of one or more CN network slices may correspond to information of one RAN network slice, as shown in Table 10 below:

Table 10

It should be understood that, according to the description in the above steps, the CN Allowed NSSAI list is a representation of information of at least one CN network slice allowed to be accessed in the current registration area of the UE, so the CN Allowed NSSAI list is at least one CN. The network slice information, for example: CN Allowed NSSAI list is shown in Table 11:

CN Allowed NSSAI列表CN Allowed NSSAI list
33
99
1717
2020

Table 11

In Table 11, 3, 9, 17, and 20 may be identifiers of CN network slices, or may be network slice type, service type, network slice division, tenant information, user group information, network slice instance information, and proprietary core network. Indicators and other indications are used to distinguish different CN network slices, which are not limited.

(1) If the downlink message received by the RAN includes the first mapping rule and the CN Allowed NSSAI list, the RAN may find the information of the corresponding at least one RAN network slice in the foregoing table 10 according to the CN Allowed NSSAI list, and the second mapping The rule adds information of at least one RAN network slice to the first mapping rule. Exemplarily, the second mapping rule may include but is not limited to the following forms, as follows:

1) If the first mapping rule is the above table 2, and the second mapping rule adds information of at least one RAN network slice based on the first mapping rule, the second mapping rule may be as shown in Table 12 below:

Table 12

In the scheme shown in Table 12, the UE may perform an access control check according to information of at least one RAN network slice or at least one CN access category, because the information of the RAN network slice is generally paired with the information of the CN network slice. The relationship between the RAN network slice granularity and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information mapping of different CN network slices of the same service type is The information of the RAN's RAN network slice is mostly the same.

2) If the first mapping rule is the above table 2, the second mapping rule adds at least one RAN network slice information and at least one RAN access class generation based on the first mapping rule. The RAN access category may be understood as an index for finding access control information corresponding to at least one factor (for example, information of at least one RAN network slice, etc.) included in the second mapping rule. The information of at least one RAN network slice may be mapped to a specific access category, which may be referred to as a RAN access category. Then the second mapping rule can be as shown in Table 13 below:

Table 13

In the solution shown in Table 13, the UE may perform access control check of the RAN network slice according to at least one RAN network slice, or may perform RAN network slice access control check according to at least one RAN access category, or may be according to at least one CN access category. Perform an access control check of the RAN network slice. Because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, the control of the RAN network slice granularity is implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN. In the case, since the information of different CN network slices of the same service type is mapped in the RAN, the information of the RAN network slice is the same in most cases.

3) If the first mapping rule is the above table 2, the second mapping rule adds at least one RAN network slice information and at least one CN network slice corresponding to the CN NSSAI list on the basis of the first mapping rule. Then the second mapping rule can be as shown in Table 14 below:

Table 14

In the solution shown in Table 14, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. The selectivity and flexibility of the technical solution of the present application are improved. The control of the RAN network slice granularity is also implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information of different CN network slices of the same service type is mapped in the RAN RAN network. The sliced information is mostly the same.

4) If the first mapping rule is the above table 2, the second mapping rule adds at least one RAN network slice information, at least one RAN access category, and at least one CN network slice corresponding to the CN NSSAI list on the basis of the first mapping rule. Information generated. The RAN access category may be understood as an index for finding access control information corresponding to at least one factor (for example, information of at least one RAN network slice, etc.) included in the second mapping rule. The information of at least one RAN network slice may be mapped to a specific access category, which may be referred to as a RAN access category. Then the second mapping rule can be as shown in Table 15 below:

Table 15

In the solution shown in Table 15, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. Alternatively, the access control check of the RAN network slice may be performed according to the at least one RAN access category, or the access control check of the CN network slice may be performed according to the at least one CN access category, which improves the technical solution of the present application. Optional and flexible. The control of the RAN network slice granularity is also implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information of different CN network slices of the same service type is mapped in the RAN RAN network. The sliced information is mostly the same.

5) If the first mapping rule is the above table 3, and the second mapping rule adds information of at least one RAN network slice based on the first mapping rule, the second mapping rule may be as shown in Table 16 below:

Table 16

In the solution shown in Table 16, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform the CN network according to the information of the at least one CN network slice or the at least one CN network slice information. The access control check of the slice improves the selectivity and flexibility of the technical solution of the present application. The control of the RAN network slice granularity is also implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information of different CN network slices of the same service type is mapped in the RAN RAN network. The sliced information is mostly the same.

6) If the first mapping rule is the above table 3, the second mapping rule adds at least one RAN network slice information and at least one RAN access class generation based on the first mapping rule. The RAN access category may be understood as an index for finding access control information corresponding to at least one factor (for example, information of at least one RAN network slice, etc.) included in the second mapping rule. The information of at least one RAN network slice may be mapped to a specific access category, which may be referred to as a RAN access category. Then the second mapping rule can be as shown in Table 17 below:

Table 17

In the solution shown in Table 17, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. Alternatively, the access control check of the RAN network slice may be performed according to the at least one RAN access category, or the access control check of the CN network slice may be performed according to the at least one CN access category, which improves the technical solution of the present application. Optional and flexible. The control of the RAN network slice granularity is also implemented, and the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because the information of different CN network slices of the same service type is mapped in the RAN RAN network. The sliced information is mostly the same.

(2) If the downlink message received by the RNA includes the first mapping rule and does not include the CN NSSAI list, the RAN may find the corresponding at least one RAN network slice in the foregoing table 10 according to the information of the currently available CN network slice. The second mapping rule adds information of at least one RAN network slice to the first mapping rule. Then, the obtained second mapping rule can be referred to any one of the foregoing implementations of Table 12-17, and details are not described herein again.

(3) If the downlink message received by the RAN includes the first mapping rule and the CN Allowed NSSAI list, the second mapping rule is determined by the RAN according to the first mapping rule and the CN Allowed NSSAI list. Exemplarily, the second mapping rule may include the implementation manner of any of the foregoing 12-17, but is not limited to the foregoing implementation manners, and may also include other implementation manners, as follows:

1) As shown in Table 18 below, the second mapping rule may include information of at least one RAN network slice.

Table 18

In the solution shown in Table 18, the UE may perform an access control check according to information of at least one RAN network slice, because the information of the RAN network slice is generally one-to-many relationship with the CN network slice information, so the second mapping The configuration content of the rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved.

2) As shown in Table 19 below, the second mapping rule may include a mapping relationship between information of at least one RAN network slice and at least one RAN access category.

Table 19

In the solution shown in Table 19, the UE may perform access control check according to information of at least one RAN network slice or at least one RAN access category, which improves the selectivity and flexibility of the technical solution of the present application, because the RAN network slice The information is generally one-to-many relationship with the CN network slice information. Therefore, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved.

3) As shown in Table 20 below, the second mapping rule may include a mapping relationship between information of at least one RAN network slice and information of at least one CN network slice.

Table 20

In the solution shown in Table 19, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. The optionalness and flexibility of the technical solution of the present application are improved, because the information of the RAN network slice is generally one-to-many relationship with the information of the CN network slice, so the configuration content of the second mapping rule is smaller than the existing configuration content. The complexity is low. Control of the RAN network slice granularity is also achieved.

4) As shown in Table 21 below, the second mapping rule may include information of at least one RAN network slice, information of at least one CN network slice, and a mapping relationship of at least one RAN access category.

Table 21

In the solution shown in Table 21, the UE may perform an access control check of the RAN network slice according to the information of the at least one RAN network slice, or may perform an access control check of the CN network slice according to the information of the at least one CN network slice. Alternatively, the access control check of the RAN network slice may be performed according to the at least one RAN access category, which improves the selectivity and flexibility of the technical solution of the present application, because the information of the RAN network slice is generally one of the information of the CN network slice. For many relationships, the configuration content of the second mapping rule is smaller than the existing configuration content, and the complexity is low. Control of the RAN network slice granularity is also achieved.

It should be noted that, in the second mapping rule described in the foregoing Table 18-21, at least one RAN network slice information may be associated with at least one RAN access category, or a CN Allowed NSSAI list, or a CN Allowed NSSAI list and At least one RAN access category, or at least one CN access category, or at least one CN access category and at least one RAN access category, or at least one CN access category and a CN Allowed NSSAI list, a mapping relationship exists, However, the second mapping rule may also not include at least one RAN access category, or a CN Allowed NSSAI list, or a CN Allowed NSSAI list and at least one RAN access category, or at least one CN access category, Alternatively, the at least one CN access category and the at least one RAN access category, or at least one CN access category and the CN Allowed NSSAI list, the RAN knows their mapping relationship, which is not limited.

(4) If the downlink message received by the RAN includes the first mapping rule and does not include the CN Allowed NSSAI list, the second mapping rule is determined by the RAN according to the first mapping rule and the information of the currently available CN network slice. For example, the second mapping rule may refer to the implementation manner of any of the foregoing 12-21, but is not limited to the foregoing implementation manners. However, in the foregoing implementation manner of 12-21, at least one information of the CN network slice is determined by The CN Allowed NSSAI list is determined, and if the RAN does not receive the CN Allowed NSSAI list, it is determined based on the currently available CN network slice information.

Further, in the embodiment of the present application, the first downlink message includes the first mapping rule, and the RAN reads the content of the first mapping rule, and then generates the second mapping rule, and then forwards the second mapping rule to the UE. It should be understood that the RAN access category may be indicated by a number, a letter, a byte, etc., and is not specifically limited in the embodiment of the present application.

405. The RAN sends the second downlink message to the UE.

In the embodiment of the present application, after acquiring the second mapping rule, the RAN may send second downlink information to the UE, where the second downlink information includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice. The UE receives the second downlink message from the RAN. The second downlink message may be an AS message such as a radio resource control (RRC). For the second mapping rule, refer to any of the foregoing Tables 12-20, and details are not described herein again.

406. The UE determines information about at least one RAN network slice according to the second mapping rule.

In this embodiment, the UE receives the second downlink message sent by the RAN, where the second downlink message includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice. For the second mapping rule, refer to any of the foregoing Tables 12-20, and details are not described herein again.

407. The RAN sends the access control information to the UE.

408. The UE performs access control according to the second mapping rule and the access control information.

In this embodiment, the RAN sends a second downlink message to the UE, where the second downlink message includes a second mapping rule, where the second mapping rule includes information of at least one RAN network slice; and the RAN sends the information to the UE. The RAN accesses control information. It should be noted that the second mapping rule determined by the RAN is related to the first mapping rule sent by the RAN to the CN. The UE may initiate an access request to the information of the first RAN network slice in the information of the at least one RAN network slice according to the RAN access control information. Because the information of the RAN network slice and the information of the CN network slice are usually one-to-many mapping relationship, the second mapping rule sent by the RAN to the UE includes information of at least one RAN network slice, which is compared with the prior art. The configuration of the second mapping rule in the embodiment of the present application is smaller and the complexity is relatively low. The problem of CN network slicing is solved, which causes the NAS level table configuration to be too large and the complexity is too high. Further, the information of the CN network slice requested by the UE is inconsistent with the information of the CN network slice allocated by the CN, because information of different CN network slices of the same service type is mapped to the RAN network slice information of the RAN. identical. The access control of the RAN based on the RAN network slice granularity is also implemented.

The method for access control in the embodiment of the present application is described above. The following describes the network device and the terminal device in the embodiment of the present application, as shown in FIG. 5A, which is a schematic diagram of an embodiment of the network device in the embodiment of the present application. Can include:

The first sending module 501 is configured to send a first message to the terminal device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The second sending module 502 is configured to send access control information to the terminal device.

It should be understood that the first sending module and the second sending module may be logically disposed separately or in the same module.

Optionally, in some embodiments of the present application, the first mapping rule and the access control information are used to perform access control on the terminal device.

Optionally, in some embodiments of the present application, as shown in FIG. 5B, which is a schematic diagram of another embodiment of the network device in the embodiment of the present application, the network device may further include:

The receiving module 503 is configured to receive a second message from the second network device, where the second message includes a second mapping rule, where the second mapping rule includes an access category applicable to the terminal configured by the at least one core network, where The first mapping rule further includes a mapping relationship between information of the at least one radio access network network slice and an access category applicable to the terminal configured by the at least one core network;

or,

The receiving module 503 is configured to receive a second message from the second network device, where the second message includes a network-selected network slice selection assistance information Allowed NSSAI list configured by the core network, where the first mapping rule further includes the a mapping relationship between information of at least one radio access network network slice and an Allowed NSSAI list configured by the core network;

or,

The receiving module 503 is configured to receive a second message from the second network device, where the second message includes a second mapping rule and a network-selected network slice selection assistance information Allowed NSSAI list configured by the core network, the second mapping The rule includes an access category applicable to the terminal configured by the at least one core network, where the first mapping rule further includes information of the at least one radio access network network slice, and an access category applicable to the terminal configured by the at least one core network. A mapping relationship with the Allowed NSSAI list of the core network configuration.

Optionally, in some embodiments of the present application, the first mapping rule further includes a mapping relationship between information of the at least one radio access network network slice and currently available network slice selection assistance information.

Optionally, in some embodiments of the present application, the first mapping rule further includes a mapping relationship between information of the at least one radio access network network slice and at least one radio access network access category.

As shown in FIG. 6A, a schematic diagram of an embodiment of a terminal device in the embodiment of the present application may include:

The first receiving module 601 is configured to receive a first message from the first network device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The second receiving module 602 receives the access control information from the first network device.

It should be understood that the first receiving module and the second receiving module may be logically disposed separately or in the same module.

Optionally, in some embodiments of the present application, as shown in FIG. 6B, which is a schematic diagram of another embodiment of the terminal device in the embodiment of the present application, the terminal device further includes:

The processing module 603 is configured to perform access control according to the first mapping rule and the access control information.

Optionally, in some embodiments of the present application, the first mapping rule further includes a mapping relationship between information of the at least one radio access network network slice and an access category applicable to the terminal configured by the at least one core network.

FIG. 7 is a schematic diagram of another embodiment of a network device according to an embodiment of the present application, including:

The network device may vary considerably depending on configuration or performance, and may include one or more central processing units (CPU) 722 (eg, one or more processors) and memory 732, one or one The storage medium 730 (for example, one or one of the Shanghai quantity storage devices) storing the application 742 or the data 744 above. Among them, the memory 732 and the storage medium 730 may be short-term storage or persistent storage. The program stored on storage medium 730 may include one or more modules (not shown), each of which may include a series of instruction operations in the network device. Still further, central processor 722 can be configured to communicate with storage medium 730, executing a series of instruction operations in storage medium 730 on the network device.

The network device may also include one or more power sources 726, one or more wired or wireless network interfaces 750, one or more input and output interfaces 758, and/or one or more operating systems 741, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and more.

The steps performed by the network device in the above embodiments may be based on the network device structure shown in FIG.

FIG. 8 is a schematic diagram of another embodiment of a network device in an embodiment of the present application.

For the convenience of description, only the parts related to the embodiments of the present application are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present application. The terminal device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), an in-vehicle computer, and the terminal device is used as a mobile phone as an example:

FIG. 8 is a block diagram showing a partial structure of a mobile phone related to a terminal device provided by an embodiment of the present application. Referring to FIG. 8, the mobile phone includes: a radio frequency (RF) circuit 810, a memory 820, an input unit 830, a display unit 840, a sensor 850, an audio circuit 860, a wireless fidelity (WiFi) module 870, and a processor 880. And power supply 890 and other components. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 8 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different component arrangements.

The following describes the components of the mobile phone in detail with reference to FIG. 8:

The RF circuit 810 can be used for receiving and transmitting signals during the transmission or reception of information or during a call. Specifically, after receiving the downlink information of the base station, it is processed by the processor 880. In addition, the uplink data is designed to be sent to the base station. Generally, RF circuit 810 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuitry 810 can also communicate with the network and other devices via wireless communication. The above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.

The memory 820 can be used to store software programs and modules, and the processor 880 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 820. The memory 820 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.). Moreover, memory 820 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 830 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset. Specifically, the input unit 830 may include a touch panel 831 and other input devices 832. The touch panel 831, also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 831 or near the touch panel 831. Operation), and drive the corresponding connecting device according to a preset program. Optionally, the touch panel 831 can include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 880 is provided and can receive commands from the processor 880 and execute them. In addition, the touch panel 831 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 831, the input unit 830 may also include other input devices 832. In particular, other input devices 832 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.

The display unit 840 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone. The display unit 840 can include a display panel 841. Alternatively, the display panel 841 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 831 can cover the display panel 841. When the touch panel 831 detects a touch operation thereon or nearby, the touch panel 831 transmits to the processor 880 to determine the type of the touch event, and then the processor 880 according to the touch event. The type provides a corresponding visual output on display panel 841. Although in FIG. 8, the touch panel 831 and the display panel 841 are two independent components to implement the input and input functions of the mobile phone, in some embodiments, the touch panel 831 can be integrated with the display panel 841. Realize the input and output functions of the phone.

The handset can also include at least one type of sensor 850, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 841 according to the brightness of the ambient light, and the proximity sensor may close the display panel 841 and/or when the mobile phone moves to the ear. Or backlight. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.

An audio circuit 860, a speaker 861, and a microphone 862 can provide an audio interface between the user and the handset. The audio circuit 860 can transmit the converted electrical data of the received audio data to the speaker 861 for conversion to the sound signal output by the speaker 861; on the other hand, the microphone 862 converts the collected sound signal into an electrical signal by the audio circuit 860. After receiving, it is converted into audio data, and then processed by the audio data output processor 880, sent to the other mobile phone via the RF circuit 810, or outputted to the memory 820 for further processing.

WiFi is a short-range wireless transmission technology, and the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 870, which provides users with wireless broadband Internet access. Although FIG. 8 shows the WiFi module 870, it can be understood that it does not belong to the essential configuration of the mobile phone, and can be omitted as needed within the scope of not changing the essence of the invention.

The processor 880 is the control center of the handset, and connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 820, and invoking data stored in the memory 820, executing The phone's various functions and processing data, so that the overall monitoring of the phone. Optionally, the processor 880 may include one or more processing units; preferably, the processor 880 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 880.

The handset also includes a power source 890 (such as a battery) that supplies power to the various components. Preferably, the power source can be logically coupled to the processor 880 through a power management system to manage functions such as charging, discharging, and power management through the power management system.

Although not shown, the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.

The steps performed by the terminal device in the foregoing method embodiments may be based on the terminal device structure shown in FIG. 8, and details are not described herein again.

The embodiment of the present application provides a wireless communication device. For the components of the communication device, reference may be made to the network device shown in FIG. 7 . In a feasible design, the hardware structure of the communication device is required according to the embodiment of the present application, and may include:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with the terminal device through the transceiver circuit, The memory is for storing program instructions, and the at least one processor is configured to execute the program instructions stored in the memory, such that the wireless communication device performs the first network device (ie, wireless access) in the foregoing embodiments. Various possible operations performed by the network device (for example, the operations performed by the radio access network device shown in FIG. 3 or FIG. 4). The wireless communication device may be either the wireless access network device or a system chip that performs corresponding functions in the wireless access network side device.

The embodiment of the present application further provides a wireless communication device, which may include:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with a network side device through the transceiver circuit, The memory is for storing program instructions, the at least one processor is configured to execute the program instructions stored in the memory, such that the wireless communication device performs various feasible operations performed by the terminal device in the above embodiments ( For example, the operation performed by the terminal device shown in FIG. 3 or FIG. 4). The wireless communication device can be either a terminal device or a system chip that applies a corresponding function in the terminal device.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a solid state disk (SSD)).

A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application, in essence or the contribution to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

The above embodiments are only used to explain the technical solutions of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that they can still The technical solutions described in the embodiments are modified, or the equivalents of the technical features are replaced by the equivalents. The modifications and substitutions of the embodiments do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims

A method for access control, comprising:

The first network device sends a first message to the terminal device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The first network device sends access control information to the terminal device.
The method according to claim 1, wherein the first mapping rule and the access control information are used for performing access control on the terminal device.
The method according to claim 1 or 2, wherein the method further comprises:

Receiving, by the first network device, a second message from the second network device, where the second message includes a second mapping rule, where the second mapping rule includes an access category applicable to the terminal configured by the at least one core network, where The first mapping rule further includes a mapping relationship between information of the at least one radio access network network slice and an access category applicable to the terminal configured by the at least one core network.
The method according to claim 1 or 2, wherein the method further comprises:

The first network device receives a third message from the second network device, where the third message includes a network slice selection assistance information list allowed by the network configured by the core network, where the first mapping rule further includes the at least one The mapping relationship between the information of the radio access network network slice and the network slice selection auxiliary information list allowed by the network configured by the core network.
The method according to claim 1 or 2, wherein the method further comprises:

The first network device receives a fourth message from the second network device, where the fourth message includes a second mapping rule and a network slice selection assistance information list allowed by the core network configuration, where the second mapping rule includes An access category applicable to the terminal configured by the at least one core network, where the first mapping rule further includes information of the at least one radio access network network slice, and an access category and a location applicable to the terminal configured by the at least one core network The mapping of the network slice allowed by the network configured by the core network to select the auxiliary information list.
The method according to any one of claims 1-3, wherein the first mapping rule further comprises a mapping relationship between information of the at least one radio access network network slice and currently available network slice selection assistance information.
The method according to any one of claims 1-6, wherein the first mapping rule further comprises a mapping relationship between information of the at least one radio access network network slice and at least one radio access network access category. .
A method for access control, comprising:

Receiving, by the terminal device, a first message from the first network device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The terminal device receives access control information from the first network device.
The method of claim 8 further comprising:

The terminal device performs access control according to the first mapping rule and the access control information.
The method according to claim 8 or 9, wherein the first mapping rule further comprises a mapping relationship between information of the at least one radio access network network slice and at least one radio access network access category.
The method according to any one of claims 8-9, wherein the first mapping rule further comprises information of the at least one radio access network network slice and an access category applicable to the terminal configured by the at least one core network. Mapping relationship.
A network device, comprising:

a first sending module, configured to send a first message to the terminal device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The second sending module is configured to send the access control information to the terminal device.
The network device according to claim 12, wherein the first mapping rule and the access control information are used for performing access control on the terminal device.
The network device according to claim 12 or 13, wherein the network device further comprises:

a receiving module, configured to receive a second message from the second network device, where the second message includes a second mapping rule, where the second mapping rule includes an access category applicable to the terminal configured by the at least one core network, The first mapping rule further includes a mapping relationship between the information of the at least one radio access network network slice and the access category applicable to the terminal configured by the at least one core network.
The network device according to claim 12 or 13, wherein the network device further comprises:

a receiving module, configured to receive a second message from the second network device, where the second message includes a network slice selection auxiliary information list allowed by the network configured by the core network, where the first mapping rule further includes the at least one wireless The mapping relationship between the information of the access network network slice and the network slice selection auxiliary information list allowed by the network configured by the core network.
The network device according to claim 12 or 13, wherein the network device further comprises:

a receiving module, configured to receive a second message from the second network device, where the second message includes a second mapping rule and a network slice selection auxiliary information list allowed by the network configured by the core network, where the second mapping rule includes at least An access category applicable to a terminal configured by a core network, where the first mapping rule further includes information of the at least one radio access network network slice, an access category applicable to the terminal configured by the at least one core network, and the The network slice configuration allowed by the core network selects the mapping relationship of the auxiliary information list.
The network device according to any one of claims 12-14, wherein the first mapping rule further comprises a mapping relationship between information of the at least one radio access network network slice and currently available network slice selection auxiliary information. .
The network device according to any one of claims 12-17, wherein the first mapping rule further comprises mapping of information of the at least one radio access network network slice to at least one radio access network access category relationship.
A terminal device, comprising:

a first receiving module, configured to receive a first message from the first network device, where the first message includes a first mapping rule, where the first mapping rule includes information of at least one radio access network network slice;

The second receiving module is configured to receive access control information from the first network device.
The terminal device according to claim 19, wherein the terminal device further comprises:

And a processing module, configured to perform an access control check according to the first mapping rule and the access control information.
The terminal device according to claim 19 or 20, wherein the first mapping rule further comprises a mapping relationship between information of the at least one radio access network network slice and at least one radio access network access category.
The terminal device according to any one of claims 19 to 21, wherein the first mapping rule further includes information of the at least one radio access network network slice and access applicable to at least one core network configured terminal. The mapping relationship of categories.
A computer readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1 to 11.
A computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 11.
A wireless communication device, comprising:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with the terminal device through the transceiver circuit, Said memory for storing program instructions, said at least one processor for executing said program instructions stored in said memory, said wireless communication device completing said method according to any of claims 1-7 A part of the operation of a network device.
A wireless communication device, comprising:

At least one processor, a memory, a transceiver circuit and a bus system, the processor, the memory, the transceiver circuit coupled by the bus system, the wireless communication device communicating with a network side device through the transceiver circuit, The memory is for storing program instructions, the at least one processor for executing the program instructions stored in the memory, such that the wireless communication device completes the method of any of claims 8-11 The part of the terminal device operation.