CN108306907A - A kind of management method of terminal, network function and terminal - Google Patents
A kind of management method of terminal, network function and terminal Download PDFInfo
- Publication number
- CN108306907A CN108306907A CN201610875933.4A CN201610875933A CN108306907A CN 108306907 A CN108306907 A CN 108306907A CN 201610875933 A CN201610875933 A CN 201610875933A CN 108306907 A CN108306907 A CN 108306907A
- Authority
- CN
- China
- Prior art keywords
- network
- terminal
- network function
- mark
- identification list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the present invention provides a kind of management method of terminal, network function and terminal, this method and may include:First network function receives the message that terminal is sent, and the first network function is located in network example;The first network function determines whether the terminal allows to access the network example;The first network function sends management message to the terminal.The embodiment of the present invention may be implemented to realize effective management to network example by above-mentioned management message.
Description
Technical field
The present invention relates to a kind of field of communication technology more particularly to management method of terminal, network function and terminals.
Background technology
Mobile communications network needs to support abundanter network application following, adapts to the business demand of various scenes,
And meet the service performance requirements of different user, and need to support the equipment access of various businesses.These diversified business
Demand proposes the everyways such as the mobile management of network, bandwidth demand, service quality, safety and charging different need
It asks.Operator is the diversified business demand of support, while in order to reduce the cost of network construction and operation, improve network management
Flexibility and network resource availability, propose that network example supports certain types of communication in future mobile communications network
Business.Wherein, network example be appreciated that one group of network functional group at be capable of providing particular communication service or network capabilities
System or subsystem.In addition, network example is properly termed as network slice again, or it is properly termed as network slice example.However, mesh
It cannot achieve in preceding mobile communications network and network example effectively managed.
Invention content
The purpose of the present invention is to provide a kind of management method of terminal, network function and terminals, solve and cannot achieve
The problem of network example is effectively managed.
In order to achieve the above object, the embodiment of the present invention provides a kind of management method of terminal, including:
First network function receives the message that terminal is sent, and the first network function is located in network example;
The first network function determines whether the terminal allows to access the network example;
The first network function sends management message to the terminal.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, the first network function determines whether the terminal allows to access the network example, including:
The first network function sends request to the second network function and checks whether the terminal allows to access the net
The message of network example, the message carry the mark of the terminal;
The first network function receives the inspection result that second network function is sent, wherein the inspection result
Be second network function according to the situation about identifying whether in terminal identification list of the terminal determination, the end
End identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.
Optionally, the first network function determines whether the terminal allows to access the network example, including:
The first network function obtains the mark of the terminal;
Terminal described in the first network functional check is identified whether in terminal iidentification corresponding with the network example
In list, whether allow to access the network example with the determination terminal.
Optionally, the method further includes:
The first network function receives the second network function or third network function is sending with the network example
The corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.
Optionally, the internal indicator that the terminal identification list includes is that second network function passes through signing information number
According to the internal indicator that outer logo is converted by library, the outer logo is that second network function receives the network example
The outer logo that corresponding server is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will by signing information database
The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding
The outer logo that server is sent.
Optionally, the first network function determines whether the terminal allows to access the network example, including:
The first network function obtains the signing information of the terminal;
It whether there is the mark of the network example in signing information described in the first network functional check;
If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network
Example;
If the mark of the network example is not present in the signing information, determining the terminal not allows to access the net
Network example.
Optionally, if the application journey that the signing information, which also records, has the terminal that can be used in the network example
The mark of sequence, then the management message carry the mark of the application program;Or
If the signing information also records the application program for having the terminal that can not be used in the network example
It identifies, then the management message carries the mark of the application program.
Optionally, the first network function obtains the signing information of the terminal, including:
The first network function obtains the signing information of the terminal from signing information database, wherein the label
The record that about information database includes has the signing information of the mark of the network example to be, the signing information database receives
To after terminal identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list
And obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.
Optionally, the first network function sends management message to the terminal, including:
The response message that the first network function is returned to the terminal, wherein the response message carries as follows
One or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the method further includes:
The first network function sends the application server address list to the user plane functions of the network example.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
The embodiment of the present invention also provides a kind of management method of terminal, including:
Second network function receives the instance management information that the corresponding server of network example is sent;
Second network function uses the instance management information, and the instance management information is for managing the network
The terminal of example accesses.
Optionally, the instance management information includes terminal identification list corresponding with the network example, and described second
Network function uses the instance management information, including:
Second network function receives the request that the first network function being located in the network example is sent and checks eventually
Whether end allows the message for accessing the network example, the message to carry the mark of terminal, and the terminal is to described first
Network function sends the terminal for the access request for accessing the network example;
Second network function checks the identifying whether in the terminal identification list of the terminal, to be used for
It indicates receiving or refuses the inspection result of the access request;
Second network function returns to the inspection result to the first network function.
Optionally, the instance management information includes terminal identification list corresponding with the network example, and described second
Network function uses the instance management information, including:
Second network function sends the terminal iidentification row to the first network function in the network example
Table, so that the access network that the first network function receives or rejects according to the terminal identification list is real
The access request of example.
Optionally, the terminal identification list includes outer logo, second network function to the network example
Corresponding first network function sends the terminal identification list, including:
The outer logo is converted into internal indicator by second network function by signing information database, and to position
In in the network example first network function send include the internal indicator terminal identification list.
Optionally, the instance management information includes terminal identification list corresponding with the network example and the network
The mark of example, second network function use the instance management information, including:
Second network function sends the terminal identification list and the network example to signing information database
Mark, so that the signing information database will add the network in the signing information of the terminal in the terminal identification list
The mark of example.
Optionally, the instance management information further includes the mark for the application program that can be used in the network example
Know, second network function also sends the mark for having the application program to the signing information database, so that the label
About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list;Or
The instance management information further includes the mark for the application program that can not be used in the network example, described
Second network function also sends the mark for having the application program to the signing information database, so that the signing information number
The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.
Optionally, second network function uses the instance management information, including:
Second network function sends instance management information, institute to the first network function in the network example
It includes following one or more to state instance management information:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network example is third-party network example.
The embodiment of the present invention also provides a kind of network function, and the network function is first network function, including:
First receiving module, the message for receiving terminal transmission, the first network function are located in network example;
Determining module, for determining whether the terminal allows to access the network example;
First sending module, for sending management message to the terminal.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, the determining module, including:
Transmission unit checks whether terminal allows to access the network example for sending request to the second network function
Message, the message carry the mark of the terminal;
Receiving unit, the inspection result sent for receiving second network function, wherein the inspection result is institute
The second network function is stated according to the situation about identifying whether in terminal identification list of the terminal and determination, the terminal mark
It is the terminal identification list corresponding with the network example that second network function obtains in advance to know list.
Optionally, the determining module, including:
First acquisition unit, the mark for obtaining the terminal;
First inspection unit, for checking the identifying whether in terminal iidentification corresponding with the network example of the terminal
In list, whether allow to access the network with the determination terminal.
Optionally, the network function further includes:
Second receiving module, for receives the second network function or third network function transmission with the network example
The corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.
Optionally, the internal indicator that the terminal identification list includes is that second network function passes through signing information number
According to the internal indicator that outer logo is converted by library, the outer logo is that second network function receives the network example
The outer logo that corresponding server is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will by signing information database
The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding
The external mark that server is sent
Optionally, the determining module, including:
Second acquisition unit, the signing information for obtaining the terminal;
Second inspection unit, for checking the mark that whether there is the network example in the signing information;
First determination unit, if for there are the marks of the network example in the signing information, it is determined that the end
End allows to access the network example;
Second determination unit, if the mark for the network example to be not present in the signing information, it is determined that described
Terminal does not allow to access the network example.
Optionally, if the application journey that the signing information, which also records, has the terminal that can be used in the network example
The mark of sequence, then the management message carry the mark of the application program;Or
If the signing information also records the application program for having the terminal that can not be used in the network example
It identifies, then the management message carries the mark of the application program.
Optionally, the second acquisition unit is used to obtain the signing information of the terminal from signing information database,
Wherein, the record that the signing information database includes has the signing information of the mark of the network example to be, the signing letter
After breath database receives terminal identification list, the net will be added in the signing information of the terminal in the terminal identification list
The mark of network example and obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.
Optionally, the response message that first sending module is used to return to the terminal, wherein the response message
Carry following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network function further includes:
Second sending module, for sending the application server address row to the user plane functions of the network example
Table.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
The embodiment of the present invention also provides a kind of network function, and the network function is the second network function, including:
Receiving module, the instance management information sent for receiving the corresponding server of network example;
Using module, for using the instance management information, the instance management information real for managing the network
The terminal access of example.
Optionally, the instance management information includes terminal identification list corresponding with the network example, the use
Module, including:
Receiving unit checks that terminal is for receiving the request that the first network function being located in the network example is sent
The no message for allowing to access the network example, the message carry the mark of terminal, and the terminal is to the first network
Function sends the terminal for the access request for accessing the network example;
Inspection unit, for checking the identifying whether in the terminal identification list of the terminal, to obtain being used for table
Show the inspection result of receiving or the refusal access request;
Transmission unit, for returning to the inspection result to the first network function.
Optionally, the instance management information includes terminal identification list corresponding with the network example, the use
Module is used to send the terminal identification list to the first network function in the network example, so that first net
The access request for the access network example that network function receives or rejects according to the terminal identification list.
Optionally, the terminal identification list includes outer logo, described to be used to pass through signing information data using module
The outer logo is converted into internal indicator by library, and it includes institute to be sent to the first network function in the network example
State the terminal identification list of internal indicator.
Optionally, the instance management information includes terminal identification list corresponding with the network example and the network
The mark of example, it is described to be used to send the terminal identification list and the network example to signing information database using module
Mark so that the signing information database will add the net in the signing information of the terminal in the terminal identification list
The mark of network example.
Optionally, the instance management information further includes the mark for the application program that can be used in the network example
Know, second network function also sends the mark for having the application program to the signing information database, so that the label
About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list;Or
The instance management information further includes the mark for the application program that can not be used in the network example, described
Second network function also sends the mark for having the application program to the signing information database, so that the signing information number
The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.
Optionally, described to be used to send instance management to the first network function in the network example using module
Information, the instance management information include following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network example is third-party network example.
The above-mentioned technical proposal of the present invention at least has the advantages that:
The embodiment of the present invention, first network function receive the message that terminal is sent, and the first network function is located at network
In example;The first network function determines whether the terminal allows to access the network example;The first network function
Management message is sent to the terminal.It may be implemented to realize effective management to network example by above-mentioned management message in this way.
Description of the drawings
Fig. 1 is the applicable schematic network structure of the embodiment of the present invention;
Fig. 2 is a kind of flow diagram of network example management method provided in an embodiment of the present invention;
Fig. 3 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 4 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 5 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 6 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 7 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 8 is the example schematic of another network example management method provided in an embodiment of the present invention;
Fig. 9 is the flow diagram of another network example management method provided in an embodiment of the present invention;
Figure 10 is the flow diagram of another network example management method provided in an embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of network function provided in an embodiment of the present invention;
Figure 12 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 13 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 14 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 15 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 16 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 17 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 18 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 19 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention;
Figure 20 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 21 is the structural schematic diagram of another network function provided in an embodiment of the present invention;
Figure 22 is the structural schematic diagram of another terminal provided in an embodiment of the present invention.
Specific implementation mode
To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool
Body embodiment is described in detail.
Referring to Fig. 1, Fig. 1 is the applicable schematic network structure of the embodiment of the present invention, as shown in Figure 1, including:Terminal
11, first network function 12, the second network function 13, third network function 14, signing information database 15 and server 16.Its
In, terminal 11 can be user terminal, such as:Mobile phone, computer, household appliance, tablet computer (Tablet Personal
Computer), laptop computer (Laptop Computer), personal digital assistant (personal digital
Assistant, abbreviation PDA), mobile Internet access device (Mobile Internet Device, MID) or wearable device
Terminal devices such as (Wearable Device).It should be noted that not limiting the specific of terminal 11 in embodiments of the present invention
Type.First network function 12 can be the network function being located in a certain network example, or in multiple network examples
Network function, i.e., the network function between network example share public function (common function).Such as:Position
In the network function of third-party network example, which can be control plane function, such as mobile management function to ps domain, session
Management function or authentication functions.Above-mentioned second network function 13 can be the policy control functions in carrier network, Huo Zheyun
Seek ability open platform/function in quotient's network.Third network function 14 can be ability open platform in carrier network/
Function, it should be noted that the second network function 13 and third network function 14 can only include wherein in above-mentioned network structure
One, such as:Then can not include third when second network function 13 is ability open platform/function in carrier network
Then may include the second net when network function 14 or the second network function 13 are the policy control functions in carrier network
Network function 13 and third network function 14.It should be noted that do not limit in embodiments of the present invention first network function 12,
The concrete type of second network function 13 and third network function 14.Above-mentioned signing information database 15 can be that ownership signing is used
Family server (Home Subscriber Server, HSS).Above-mentioned server 16 can be with belonging to first network function 12
The corresponding server of network example, or can be the service that service is provided for the network example belonging to first network function 12
Device, such as:Above-mentioned first network function is the network function in third-party network example, then server 16 can be third party
Server.
In addition, in the embodiment of the present invention, network example is properly termed as network slice again, or is properly termed as network slice in fact
Example.Third-party network example can be understood as the network subsystem that one group of network function of third-party application provider establishment is constituted
System.Network function can be 3GPP use or the networks that define of 3GPP in processing function, and define behaviour and
3GPP defines interface (Network function is a3GPP adopted or 3GPP defined processing
function in a network,which has defined functional behaviour and 3GPP defined
interfaces).In addition, control plane function can be the network function positioned at control plane, user plane functions can be located at
The network function of user plane.Policy control functions can generate network-control rule according to application layer message or network layer information
Then or strategy functional entity, ability open platform/function can be the network of safe the opening service of 3GPP networks and ability
Set of interfaces.
Referring to Fig. 2, the embodiment of the present invention provides a kind of management method of terminal, as shown in Fig. 2, including the following steps:
201, first network function receives the message that terminal is sent, and the first network function is located in network example;
202, the first network function determines whether the terminal allows to access the network example;
203, first network function sends management message to the terminal.
Wherein, above-mentioned message can be the access request for the above-mentioned network example of access that terminal is sent, certainly, connecing here
Enter request it can be appreciated that attach request (Attach Request).Or above-mentioned message can be terminal send described
Network example establishes the foundation request of session, such as:PDU session request.When first network function receive it is above-mentioned
After message, so that it may whether allow to access the network example with the determination terminal, to return to above-mentioned management to above-mentioned terminal
Message, i.e., above-mentioned management message are the knots whether first network function allows to access the network example based on the determination terminal
The management message that fruit sends.Such as:Receive the sound that the either response message of refusal access request or response session establish request
Message is answered, and the response message can also be included in the management such as the mark for the application program that above-mentioned network example can use letter
Breath.It is generated in addition, above-mentioned management message can be above-mentioned first network function, such as:It is corresponding based on above-mentioned network example
What terminal identification list generated, or the mark of application program that allows to use based on above-mentioned network example generates, Huo Zheji
It is generated in the mark for the application server that above-mentioned network example allows to access or address.
In the embodiment of the present invention, it can be realized by above-mentioned management message and above-mentioned network example is effectively managed.
Optionally, above-mentioned message is the access request that the terminal accesses the network entity, then the first network work(
The management message that can be sent to the terminal, including:
The first network function is returned to the terminal receives the message of access request or disappearing for refusal access request
Breath.
In the embodiment, if the access request of terminal transmission may be implemented, it can determine whether the terminal allows
The network example is accessed, to return to corresponding response message to terminal, such as:Allow to access the network example, then the sound
It is to receive the message of access request to answer message, such as Attach accept message;It, should if not allowing to access the network example
Response message is the message for refusing access request, such as Attach reject message.In addition, first network function determines the end
Whether end allows to access the network example be that first network function is based on the corresponding terminal iidentification row of above-mentioned network example
Table and determination, such as:When the mark of above-mentioned terminal is located in the terminal identification list, it is determined that the terminal allows to access institute
Network example is stated, conversely, not allowing to access the network example.
Optionally, the first network function determines whether the terminal allows to access the network example, including:
It states first network function and sends whether the request inspection terminal allows to access the network to the second network function
The message of example, the message carry the mark of the terminal;
The first network function receives the inspection result that second network function is sent, wherein the inspection
The result is that second network function according to the situation about identifying whether in terminal identification list of the terminal and determination, institute
It is the terminal identification list corresponding with the network example that second network function obtains in advance to state terminal identification list.
In the embodiment, it may be implemented to determine whether the terminal allows described in access by above-mentioned second network function
Network example, such as:Determine whether the terminal allows to access the network example by the policing feature of carrier network.Its
In, above-mentioned terminal identification list can be the corresponding server of above-mentioned network example provided to the second network function allow to access
The user identifier of this network example, such as IMSI.When the mark of above-mentioned terminal is in above-mentioned terminal identification list, above-mentioned inspection
As a result it indicates to receive access request, otherwise indicates refusal access request.
Such as:With above-mentioned network example for third-party network example (3rd party Network slice
Instance, 3rd party NSI) it illustrates, as shown in figure 3, when third party service provider request mobile operator wounds
After building third-party network example, third-party application server can provide the use for allowing to access this network example to carrier network
Family identifies, i.e., above-mentioned terminal identification list, wherein the terminal identification list can be the outer logo for including terminal
(external ID).After the policy control functions in carrier network receive these external ID, the terminal mark is preserved
Know list (external ID list), which can be understood as white list.In addition, if policy control functions
Independently of third-party network example, i.e., it is not located in third-party network example, then when preserving terminal identification list, needs
Record the mark of corresponding network example.Wherein, outer logo (external ID) can be the terminal of 3GPP network-externals
(such as:UE mark).When there is terminal to wish to adhere to or be linked into third-party network example, it is real to be located at third party's network
First network function in example, such as authentication functions, certainly, first network function, which is likely to be, to be shared between network example
Public function (common function).First network function needs to send above-mentioned inspection message to policy control functions, to ask
Whether ask allows the terminal to adhere to or access, the mark of the inspection message carried terminal, such as:Outer logo (external
ID).Certainly, the mark of terminal can be by inquiring signing information database, such as HSS, to obtain the external of terminal
ID, as shown in figure 3, sending subscription information to signing information database asks (Subscription information
Request), (Subscription information are responded with the subscription information for receiving the return of signing information database
Response), which carries the outer logo of terminal.But it is not construed as limiting here, such as:In the access request that terminal is sent
The external ID or first network function for carrying terminal obtain the external ID for having the terminal in advance.Strategy control
Function processed by check terminal external ID whether in terminal identification list, to determine whether the UE access net
Network example, and return to inspection result.First network function can accept or reject terminal according to the inspection result received in this way
Attachment/access request.
Optionally, above-mentioned first network function determines whether the terminal allows to access the network example, including:
The first network function obtains the mark of the terminal;
Terminal described in the first network functional check is identified whether in terminal iidentification corresponding with the network example
In list, whether allow to access the network example with the determination terminal.
In the embodiment, the mark for obtaining above-mentioned terminal may be implemented, wherein the mark can be from signing information number
According to the outer logo or internal indicator of the terminal obtained in library.Certainly, it and can get by other means
The mark of above-mentioned terminal.So as to detect the mark that whether there is the terminal in above-mentioned terminal identification list, if can in the presence of if
Allow above-mentioned terminal to access the network example to determine, or be not present, does not then allow above-mentioned terminal to access the network real
Example.Wherein, above-mentioned terminal identification list can in advance be obtained with above-mentioned first network function, or can receive other networks
What function was sent, this embodiment of the present invention is not construed as limiting.
Optionally, method described above further includes:
The first network function receives the second network function or third network function is sending with the network example
Corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.
In the embodiment, it may be implemented to obtain above-mentioned terminal iidentification row from the second network function or third network function
Table, and determine whether the terminal allows to access the network example based on above-mentioned terminal identification list, such as:When above-mentioned terminal
Mark in above-mentioned terminal identification list when, obtain indicate receive access request, otherwise obtain indicate refusal access request, with
Realization is authenticated in first network function.Wherein, which can be the terminal introduced in the above embodiment
Identification list does not repeat herein.
And it may be implemented to reflect to terminal based on the internal indicator (internal ID) that above-mentioned terminal identification list includes
Whether power, allow to access the network example with the determination terminal.Wherein, the internal indicator of above-mentioned terminal can be from signing
It is obtained in information database, can also be that first network function obtains in advance.Wherein, if the internal indicator of terminal whether
In the terminal identification list, then the inspection result for indicating to receive access request is obtained, refusal access request is indicated conversely, obtaining
Inspection result.Wherein, internal indicator (internal ID) can be 3GPP network internals terminal (such as:UE mark),
Such as IMSI or IMEI (International mobile equipment identity, International Mobile Station Equipment Identification).
Wherein, the internal indicator that the terminal identification list includes is that second network function passes through signing information data
The internal indicator that outer logo is converted by library, the outer logo are that second network function receives the network example pair
The outer logo that the server answered is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will by signing information database
The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding
The outer logo that server is sent.
Above-mentioned second network function can be the policy control functions of carrier network, and above-mentioned third network function can be
Ability open platform/function of carrier network.And the inside for being converted into outer logo by above-mentioned signing information database
Mark can be, inquiry signing information database is to obtain the corresponding internal indicator of each outer logo, then by terminal identification list
The outer logo for including is converted into corresponding internal indicator.Or the inside that outer logo is converted by signing information database
Mark can be that terminal identification list is sent to signing information database, by signing information database by terminal identification list
Including outer logo be converted into corresponding internal indicator, and return to the second network function or third network function.Such as:
It is that third-party network example and third network function are illustrated with above-mentioned network example, as shown in figure 4, operation
The terminal identification list (UE external ID list) that third-party application server is sent first is converted to UE by quotient's network
Internal ID list are subsequently sent in third party's network slice.Such as:Ability open platform/work(of carrier network
After energy (third network function) receives the UE external ID list that third-party application server is sent, signing information is inquired
Outer logo (external ID) is converted to internal indicator (internal ID), is subsequently sent to by database, such as HSS
Specify the control plane function (first network function) of third-party network example, such as authentication functions.Or carrier network
After ability open platform/function receives the UE external ID list that third-party application server is sent, which is sent
To signing information database, signing information database is sent to finger after UE external ID are converted to UE internal ID
The control plane function of fixed third-party network of network, such as authentication functions.
After the control plane function of third-party network example receives the internal ID, the internal ID are preserved
List is white list.When have terminal wish to adhere to/be linked into third-party network example when, be located in third party's network slice
Control function, such as authentication functions, being checked whether according to white list allows the terminal to adhere to or access.Control plane function may need
Signing information database is inquired to obtain the internal ID of terminal.According to inspection result, in third-party network example
Control plane function receives or attachment/access request of refusal terminal.
It is obtained from the second network function or third network function it should be noted that can also be realized in the embodiment of the present invention
Above-mentioned terminal identification list is taken, and determines whether the terminal allows to access the network reality based on above-mentioned terminal identification list
Example, such as:When the mark of above-mentioned terminal is in above-mentioned terminal identification list, obtains and indicate to receive access request, otherwise obtain
It indicates refusal access request, is authenticated in first network function with realizing.Wherein, which can be above-mentioned reality
The terminal identification list introduced in mode is applied, is not repeated herein.Such as:With above-mentioned network example for third-party network example
It is illustrated, as shown in figure 5, when third party service provider request mobile operator creates third-party network slice
Afterwards, third-party application server can provide the user identifier for allowing to access this network example to carrier network, such as:
external ID.The second network function or third network function of subsequent operator make the external ID of these terminals
Specified third-party network example is sent to for white list, such as:Policy control functions (the second network in carrier network
Function) the external ID are received, external ID are then forwarded to the control plane work(of specified third-party network example
Energy (first network function), such as authentication functions.If policy control functions are independently of third-party network example, strategy control
Function processed needs first according to the corresponding control plane function of identifier lookup of specifying third-party network example.Or pass through operator
External ID are sent to specified third-party network and are sliced by ability open platform/function (third network function) of network
Control plane function, such as authentication functions.Ability open platform/function needs can be according to the mark of specified third-party network slice
Know and searches corresponding control plane function.
After the control plane function of third-party network slice receives the external ID, the external ID are preserved
List is white list, i.e., above-mentioned terminal identification list.When have terminal wish to adhere to/be linked into third-party network example when, position
In the control plane function of third party's network example, such as authentication functions, being checked whether according to white list allows the UE to adhere to or connect
Enter.Control plane function may need to inquire signing information database to obtain the external ID of terminal.According to inspection result,
Control plane function in third-party network example receives or attachment/access request of refusal UE.
Optionally, above-mentioned first network function determines whether the terminal allows to access the network example, including:
The first network function obtains the signing information of the terminal;
It whether there is the mark of the network example in signing information described in the first network functional check;
If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network
Example;
If the mark of the network example is not present in the signing information, it is determined that the terminal does not allow described in access
Network example.
In the embodiment, it may be implemented to determine whether terminal allows to access above-mentioned network reality according to the signing information of terminal
Example.Wherein, above-mentioned signing information can be obtained from signing information database, which includes signing
The signing information for having the mark of above-mentioned network example in information there are some records, to indicate the corresponding terminal of these signing informations
It is to allow to access above-mentioned network example.
Optionally, if the above-mentioned signing information also records answering of having the terminal that can be used in the network example
With the mark of program, then the management message carries the mark of the application program;Or
If the signing information also records the application program for having the terminal that can not be used in the network example
It identifies, then the management message carries the mark of the application program.
In the embodiment, if record has the mark of above-mentioned network example during the signing information of above-mentioned terminal may be implemented,
Then indicate that the terminal allows to access above-mentioned network example, then the mark of the application program by recording in signing information, limiting should
Terminal only allows to use specific application program in above-mentioned network example.Certainly, in some embodiments, above-mentioned signing information
It can also be the mark including application server or address, the terminal to limit the above-mentioned network example of access only allows to access special
Fixed application server.
Optionally, above-mentioned first network function obtains the signing information of the terminal, including:
The first network function obtains the signing information of the terminal from signing information database, wherein the label
The record that about information database includes has the signing information of the mark of the network example to be, the signing information database receives
To after terminal identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list
And obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.
In the embodiment, the corresponding signing of mark that terminal identification list is included by signing information database may be implemented
Information adds the mark of above-mentioned network example, and above-mentioned network example can be accessed to realize that these identify corresponding terminal.Certainly,
Signing information database can also obtain the mark for the application program that can be used in above-mentioned network example, these are applied journey
The mark of sequence is added in the corresponding signing information of mark that terminal identification list includes.Such as:With above-mentioned network example for the
The network example and third network function of tripartite is illustrated, as shown in fig. 6, when third party service provider is asked
After mobile operator creates third-party network example, third-party application server can be provided to carrier network to be allowed to access this
The user identifier of network example, such as:The external ID of terminal, and allow the application program mark for accessing this network example
Know, such as:Application ID.Subsequent operator's handling capacity open platform or function carry out more the signing information of terminal
Newly.Such as:Terminal external ID can be converted to terminal i nternal ID, eventually based on terminal i nternal ID indexes
The signing information at end, recorded in the signing information of the terminal the third-party network example mark and terminal in the network
The mark for the application program that can be used in slice.When subsequent terminal is attached to the third-party network example, network example
Control plane function (first network function), such as authentication functions determine whether that accessing this cuts according to the signing information of terminal
Piece.If allowing, the Application ID list that can access the slice are further provided the terminal with.
Optionally, above-mentioned first network function sends management message to the terminal, including:
The response message that the first network function is returned to the terminal, wherein the response message carries as follows
One or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
In the embodiment, it can be taken by the list of above application program identification, application server identifier list and application
The management for the above-mentioned network example of at least one of device address list realization of being engaged in after terminal receives above-mentioned list, is accessing above-mentioned net
It is limited after network example using specific application program or accesses specific application servers.In addition, above application program identification arranges
At least one of table, application server identifier list and application server address list can be that above-mentioned first network function is advance
Storage or in the list of above application program identification, application server identifier list and application server address list at least
One can receive the second network function or third network function, be not construed as limiting to this embodiment of the present invention.In addition, should
Can be after determining that above-mentioned terminal allows to access above-mentioned network example, the response returned to the terminal disappears in embodiment
Breath.Or whether the above-mentioned determination terminal allows to access the network example can be understood as which application of above-mentioned terminal determined
Program can access above-mentioned network example or whether the above-mentioned determination terminal allows to access the network example and be appreciated that
Which server can be accessed by above-mentioned network example for the above-mentioned terminal of determination.
And in the embodiment, the message that above-mentioned terminal is sent to first network function can be described in terminal access
The access request of network entity establishes the foundation request of session in the network example.It is may be implemented in this way in access request
Response message in terminal send above-mentioned list, and can be sent to terminal in the response message that session establishment is asked above-mentioned
List.Wherein, the list of above application program identification, application server identifier list and application server address list can be
What one network function the second network function of reception or third network function were sent.Such as:It is third party with above-mentioned network example
Network example, above application program identification list be first network function receive third network function send carry out illustrate
Bright, as shown in fig. 7, after third party service provider request mobile operator creates third-party network example, third party answers
Can be provided to carrier network with server allows to access the application program identification list of this network example, such as:
Application ID list.Application program identification list is sent to first network function by subsequent operator.
Wherein, with first network function, face function (CP functions) is illustrated in order to control in Fig. 7, and in above-mentioned network example also
There are user plane functions (UP functions).Wherein it is possible to the ability open platform/function (third for passing through carrier network
Network function) Application ID list can be sent to the control plane function of specified third-party network example, then eventually
When end is attached to the network example, which is sent to terminal.Ability open platform/function can be with
It needs according to the corresponding control plane function of identifier lookup of specifying third-party network example.
Such as:It is third-party network example and application server identifier list or application with above-mentioned network example
List of server addresses is illustrated, as shown in figure 8, when third party service provider request mobile operator creates third
After the network example of side, third-party application server can provide this network example to carrier network allows the application service accessed
Device identification list (application server marks) or application server address list (application server IP
Address).Subsequent operator identifies these server or address list is sent to the control plane function of the network example.Such as:
Server IP list are sent to policy control functions (the second network function) by third-party application service, by policy control functions
Preserve mark or address list.When being subsequently attached to the terminal initiation session establishment request of the third-party network example, such as:
The network example is allowed access by PDU session requests (PDU session request), policy control functions
The mark or address list of application server are sent to the control plane function of the network example by IP-CAN sessions.
Or server IP list are sent to ability open platform/function (third network function) by third-party application service, by energy
The mark or address column for the application server that the third-party network example is allowed to access by power open platform/function
Table is sent to the control plane function of the network example.The control plane function of the slice preserves the mark of application server
Or address list.When being that terminal establishes session in the network example, the control plane function of the network example will be received or be preserved
The slice allow the IP address list of application server accessed to be configured to user plane functions, such as:To user
Face function sending strategy rule configuration (Policy rules conf).The control plane function is responsible for the application that will be received
The mark of server is converted to IP address.User plane is completed with postponing, the control plane function of the network example is complete in session establishment
Allow the mark or address list of the application server accessed at the session is returned to terminal in message.
Optionally, the above method further includes:
The first network function sends the application server address list to the user plane functions of the network example.
In the embodiment, first network function may be implemented and configure the network to the user plane functions of above-mentioned network example
Example allows the address list of the application server accessed.To which user plane functions can be based on the ground of these application servers
The access of location control terminal.Such as:Terminal as shown in Figure 8 provides the address of server to application layer (Deliver server IP
To app layer), user plane functions receive the data communication (Data traffic) of terminal, so that it may to match source destination IP
Address, it is the data transmission of non-server IP list to prevent destination address.
Optionally, in the embodiment of the present invention, network example described above is third-party network example;And/or
First network function face function in order to control.
It should be noted that the embodiment of the plurality of optional provided in the embodiment of the present invention can be realized independently, also may be used
With the realization that be combined with each other each other, this embodiment of the present invention is not construed as limiting.
In the embodiment of the present invention, first network function receives the message that terminal is sent, and the first network function is located at net
In network example;The first network function determines whether the terminal allows to access the network example;The first network work(
Management message can be sent to the terminal.It may be implemented to realize effective pipe to network example by above-mentioned management message in this way
Reason.
Referring to Fig. 9, the embodiment of the present invention provides the management method of another terminal, as shown in figure 9, including the following steps:
901, the second network function receives the instance management information that the corresponding server of network example is sent;
902, the second network function uses the instance management information, and the instance management information is for managing the network
The terminal of example accesses.
In the embodiment of the present invention, examples detailed above management information can be terminal identification list in embodiment shown in Fig. 2,
At least one of in application program identification list, application server identifier list and application server address list.Or it is above-mentioned
Instance management information can also be that these contents are generated above-mentioned list by the content in these lists, the second network function.
In the embodiment of the present invention, it can realize that the second network function is believed using examples detailed above management through the above steps
Breath, to manage above-mentioned network example.Wherein, above-mentioned second network function can be independently of the network work(of above-mentioned network example
Can, such as:Policy control functions or ability open platform/function of carrier network etc..Certainly, above-mentioned in some scenes
Second network function can also be the network function in above-mentioned network example, is not construed as limiting to this embodiment of the present invention.
Optionally, the instance management information includes terminal identification list corresponding with the network example, and described second
Network function uses the instance management information, including:
Second network function receives the request that the first network function being located in the network example is sent and checks eventually
Whether end allows the message for accessing the network example, the message to carry the mark of terminal, and the terminal is to described first
Network function sends the terminal for the access request for accessing the network example;
Second network function checks the identifying whether in the terminal identification list of the terminal, to be used for
It indicates receiving or refuses the inspection result of the access request;
Second network function returns to the inspection result to the first network function.
Optionally, the instance management information includes terminal identification list corresponding with the network example, and described second
Network function uses the instance management information, including:
Second network function sends the terminal iidentification row to the first network function in the network example
Table, so that the access network that the first network function receives or rejects according to the terminal identification list is real
The access request of example.
Optionally, the terminal identification list includes outer logo, second network function to the network example
Corresponding first network function sends the terminal identification list, including:
The outer logo is converted into internal indicator by second network function by signing information database, and to position
In in the network example first network function send include the internal indicator terminal identification list.
Optionally, the instance management information includes terminal identification list corresponding with the network example and the network
The mark of example, second network function use the instance management information, including:
Second network function sends the terminal identification list and the network example to signing information database
Mark, so that the signing information database will add the network in the signing information of the terminal in the terminal identification list
The mark of example.
Optionally, the instance management information further includes the mark for the application program that can be used in the network example
Know, second network function also sends the mark for having the application program to the signing information database, so that the label
About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list;Or
The instance management information further includes the mark for the application program that can not be used in the network example, described
Second network function also sends the mark for having the application program to the signing information database, so that the signing information number
The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.
Optionally, second network function uses the instance management information, including:
Second network function sends instance management information, institute to the first network function in the network example
It includes following one or more to state instance management information:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network example is third-party network example.
It should be noted that implementation of the present embodiment as second network function corresponding with embodiment shown in Fig. 2
Mode, specific embodiment may refer to the related description of embodiment shown in Fig. 2, with to avoid repeated explanation, this reality
Example is applied to repeat no more.In the present embodiment, it equally may be implemented effectively to manage network example.
Referring to Figure 10, the embodiment of the present invention provides the management method of another terminal, as shown in Figure 10, including following step
Suddenly:
1001, terminal in network example first network function send message;
1002, the terminal receives the management message that the first network function is sent, and the management message is described the
One network function determines whether the terminal allows to access the management message sent after the network example.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, the terminal receives the management message that the first network function is sent, including:
The terminal receives the response message that the first network function is sent, wherein the response message carry just like
The next item down is multinomial:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
After terminal receives above-mentioned list, so that it may not use corresponding application program in above-mentioned network example, or
Corresponding application server is not accessed.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
It should be noted that embodiment of the present embodiment as terminal corresponding with embodiment shown in Fig. 2, tool
The embodiment of body may refer to the related description of embodiment shown in Fig. 2, with to avoid repeated explanation, the present embodiment is no longer superfluous
It states.In the present embodiment, it equally may be implemented effectively to manage network example.
Referring to Figure 11, the embodiment of the present invention provides a kind of network function, which is first network function, network work(
Energy 1100 includes following module:
First receiving module 1101, the message for receiving terminal transmission, the first network function are located at network example
It is interior;
Determining module 1102, for determining whether the terminal allows to access the network example;
First sending module 1103, for sending management message to the terminal.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, as shown in figure 12, determining module 1102, including:
Transmission unit 11021 checks whether terminal allows to access the network for sending request to the second network function
The message of example, the message carry the mark of the terminal;
Receiving unit 11022, the inspection result sent for receiving second network function, wherein the inspection knot
Fruit is second network function determination according to the situation about identifying whether in terminal identification list of the terminal, described
Terminal identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.
Optionally, as shown in figure 13, determining module 1102, including:
First acquisition unit 11023, the mark for obtaining the terminal;
First inspection unit 11024, for checking the identifying whether at end corresponding with the network example of the terminal
It holds in identification list, whether allows to access the network with the determination terminal.
Optionally, as shown in figure 14, network function 1100 further includes:
Second receiving module 104, for receives the second network function or third network function transmission with the network
The corresponding terminal identification list of example, what the terminal identification list included is identified as the internal indicator of terminal.
Optionally, the internal indicator that the terminal identification list includes is that second network function passes through signing information number
According to the internal indicator that outer logo is converted by library, the outer logo is that second network function receives the network example
The outer logo that corresponding server is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will by signing information database
The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding
The external mark that server is sent
Optionally, as shown in figure 15, determining module 1102, including:
Second acquisition unit 11025, the signing information for obtaining the terminal;
Second inspection unit 11026, for checking the mark that whether there is the network example in the signing information;
First determination unit 11027, if for there are the marks of the network example in the signing information, it is determined that institute
Stating terminal allows to access the network example;
Second determination unit 11028, if the mark for the network example to be not present in the signing information, it is determined that
The terminal does not allow to access the network example.
Optionally, if the application journey that the signing information, which also records, has the terminal that can be used in the network example
The mark of sequence, then the management message carry the mark of the application program;Or
If the signing information also records the application program for having the terminal that can not be used in the network example
It identifies, then the management message carries the mark of the application program.
Optionally, second acquisition unit 11025 is used to obtain the signing information of the terminal from signing information database,
Wherein, the record that the signing information database includes has the signing information of the mark of the network example to be, the signing letter
After breath database receives terminal identification list, the net will be added in the signing information of the terminal in the terminal identification list
The mark of network example and obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.
Optionally, the response message that first sending module 1103 is used to return to the terminal, wherein the response
Message carries following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the target message is the access request that the terminal accesses the network entity;Or
The target message is the foundation request that session is established in the network example.
Optionally, as shown in figure 16, network function 1100 further includes:
Second sending module 1105, for sending the application server address to the user plane functions of the network example
List.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
It should be noted that above-mentioned network function 1100 can be in Fig. 1-embodiments shown in Fig. 10 in the present embodiment
First network function, the arbitrary embodiment of first network function can be by the present embodiment in Fig. 1-embodiment illustrated in fig. 10
Above-mentioned network function 1100 realized that and reach identical advantageous effect, details are not described herein again.
Referring to Figure 17, the embodiment of the present invention also provides a kind of network function, which is the second network function, is such as schemed
Shown in 17, network function 1700 includes:
Receiving module 1701, the instance management information sent for receiving the corresponding server of network example;
Using module 1702, for using the instance management information, the instance management information is for managing the net
The terminal of network example accesses.
Optionally, the instance management information includes terminal identification list corresponding with the network example, such as Figure 18 institutes
Show, using module 1702, including:
Receiving unit 17021, the request inspection that the first network function for receiving in the network example is sent
Whether terminal allows the message for accessing the network example, which carries the mark of terminal, and the terminal is to described the
One network function sends the terminal for the access request for accessing the network example;
Inspection unit 17022, for checking the identifying whether in the terminal identification list of the terminal, to be used
Receive or refuse the inspection result of the access request in expression;
Transmission unit 17023, for returning to the inspection result to the first network function.
Optionally, the instance management information includes terminal identification list corresponding with the network example, uses module
1702 to the first network function in the network example for sending the terminal identification list, so that first net
The access request for the access network example that network function receives or rejects according to the terminal identification list.
Optionally, the terminal identification list includes outer logo, described to use module by signing information database
The outer logo is converted into internal indicator, and it includes in described to be sent to the first network function in the network example
The terminal identification list of portion's mark.
Optionally, the instance management information includes terminal identification list corresponding with the network example and the network
The mark of example is used to send the terminal identification list and the network example to signing information database using module 1702
Mark so that the signing information database will add the net in the signing information of the terminal in the terminal identification list
The mark of network example.
Optionally, the instance management information further includes the mark for the application program that can be used in the network example
Know, second network function also sends the mark for having the application program to the signing information database, so that the label
About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list;Or
The instance management information further includes the mark for the application program that can not be used in the network example, described
Second network function also sends the mark for having the application program to the signing information database, so that the signing information number
The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.
Optionally, it is used to send instance management to the first network function in the network example using module 1702
Information, the instance management information include following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network example is third-party network example.
It should be noted that above-mentioned network function 1700 can be in Fig. 1-embodiments shown in Fig. 10 in the present embodiment
Second network function, the arbitrary embodiment of the second network function can be by the present embodiment in Fig. 1-embodiment illustrated in fig. 10
Above-mentioned network function 1700 realized that and reach identical advantageous effect, details are not described herein again.
Referring to Figure 19, the embodiment of the present invention also provides a kind of terminal, as shown in figure 19, including:
Sending module 1901 is used for the first network function transmission target message in network example;
Receiving module 1902, the management message sent for receiving the first network function, the management message is institute
It states first network function and determines whether the terminal allows to access the management message sent after the network example.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, receiving module 1902 is used to receive the response message that the first network function is sent, wherein the sound
Message is answered to carry following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the target message is the access request that the terminal accesses the network entity;Or
The target message is the foundation request that session is established in the network example.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
It should be noted that terminal 1900 can be the terminal in Fig. 1-embodiments shown in Fig. 10 in the present embodiment, figure
The arbitrary embodiment of terminal can be realized by the above-mentioned terminal 1900 in the present embodiment in 1- embodiment illustrated in fig. 10, with
And reach identical advantageous effect, details are not described herein again.
Referring to Figure 20, show that a kind of structure of network function, the network function are first network function, the network work(in figure
Can include:Processor 2000, transceiver 2010, memory 2020, user interface 2030 and bus interface, wherein:
Processor 2000 executes following process for reading the program in memory 2020:
The message that terminal is sent is received by transceiver 2010, the first network function is located in network example;
Determine whether the terminal allows to access the network example;
By transceiver 2010 management message is sent to the terminal.
Wherein, transceiver 2010, for sending and receiving data under the control of processor 2000.
In fig. 20, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2000 generation of processor
The various circuits for the memory that the one or more processors and memory 2020 of table represent link together.Bus architecture may be used also
To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all
It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2010 can
To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided
Member.For different user equipmenies, user interface 2030, which can also be, external the interface for needing equipment is inscribed, and connection is set
Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..
Processor 2000 is responsible for bus architecture and common processing, and memory 2020 can store processor 2000 and exist
Execute used data when operation.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, whether the determination terminal allows to access the network example, including:
Request is sent to the second network function check whether the terminal allows to access the network by transceiver 2010
The message of example, the message carry the mark of the terminal;
The inspection result that second network function is sent is received by transceiver 2010, wherein the inspection knot
Fruit is second network function determination according to the situation about identifying whether in terminal identification list of the terminal, described
Terminal identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.
Optionally, whether the determination terminal allows to access the network example, including:
Obtain the mark of the terminal;
Identifying whether in terminal identification list corresponding with the network example for the terminal is checked, described in determination
Whether terminal allows to access the network example.
Optionally, processor 2000 is additionally operable to:
It is sending with the network example pair that the second network function or third network function are received by transceiver 2010
The terminal identification list answered, what the terminal identification list included is identified as the internal indicator of terminal.
Optionally, the internal indicator that the terminal identification list includes is that second network function passes through signing information number
According to the internal indicator that outer logo is converted by library, the outer logo is that second network function receives the network example
The outer logo that corresponding server is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will by signing information database
The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding
The outer logo that server is sent.
Optionally, whether the determination terminal allows to access the network example, including:
Obtain the signing information of the terminal;
Check the mark that whether there is the network example in the signing information;
If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network
Example;
If the mark of the network example is not present in the signing information, it is determined that the terminal does not allow described in access
Network example.
Optionally, if the application journey that the signing information, which also records, has the terminal that can be used in the network example
The mark of sequence, then the management message carry the mark of the application program;Or
If the signing information also records the application program for having the terminal that can not be used in the network example
It identifies, then the management message carries the mark of the application program.
Optionally, the signing information for obtaining the terminal, including:
The signing information of the terminal is obtained from signing information database by transceiver 2010, wherein the signing
The record that information database includes has the signing information of the mark of the network example to be, the signing information database receives
After terminal identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list and
It obtains, the terminal identification list includes the mark for allowing to access the terminal of the network example.
Optionally, described to send management message to the terminal, including:
The response message returned to the terminal by transceiver 2010, wherein the response message is carried as next
Item is multinomial:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, processor 2000 is additionally operable to:
By transceiver 2010 the application server address list is sent to the user plane functions of the network example.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
It should be noted that in the present embodiment above-mentioned network function can be in Fig. 1-embodiments shown in Fig. 10 first
Network function, the arbitrary embodiment of first network function can be by upper in the present embodiment in Fig. 1-embodiment illustrated in fig. 10
It states network function to be realized, and reaches identical advantageous effect, details are not described herein again.
Referring to Figure 21, show that a kind of structure of network function, the network function are the second network function, the network work(in figure
Can include:Processor 2100, transceiver 2110, memory 2120, user interface 2130 and bus interface, wherein:
Processor 2100 executes following process for reading the program in memory 2120:
The instance management information that the corresponding server of network example is sent is received by transceiver 2110;
Using the instance management information, the instance management information is used to manage the terminal access of the network example.
Wherein, transceiver 2110, for sending and receiving data under the control of processor 2100.
In figure 21, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2100 generation of processor
The various circuits for the memory that the one or more processors and memory 2120 of table represent link together.Bus architecture may be used also
To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all
It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2110 can
To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided
Member.For different user equipmenies, user interface 2130, which can also be, external the interface for needing equipment is inscribed, and connection is set
Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..
Processor 2100 is responsible for bus architecture and common processing, and memory 2120 can store processor 2100 and exist
Execute used data when operation.
Optionally, the instance management information includes terminal identification list corresponding with the network example, the use
The instance management information, including:
The request that the first network function being located in the network example is sent is received by transceiver 2110 checks terminal
The message for accessing the network example, the message whether is allowed to carry the mark of terminal, the terminal is to first net
Network function sends the terminal for the access request for accessing the network example;
Identifying whether in the terminal identification list for the terminal is checked, to obtain for indicating to receive or refuse
The inspection result of the access request;
By transceiver 2110 inspection result is returned to the first network function.
Optionally, the instance management information includes terminal identification list corresponding with the network example, the use
The instance management information, including:
The terminal identification list is sent to the first network function in the network example by transceiver 2110,
So that the access network example that the first network function receives or rejects according to the terminal identification list
Access request.
Optionally, the terminal identification list includes outer logo, described to the first net corresponding with the network example
Network function sends the terminal identification list, including:
The outer logo is converted into internal indicator by signing information database, and by transceiver 2110 to positioned at
First network function transmission in the network example includes the terminal identification list of the internal indicator.
Optionally, the instance management information includes terminal identification list corresponding with the network example and the network
The mark of example, it is described using the instance management information, including:
The mark of the terminal identification list and the network example is sent to signing information database by transceiver 2110
Know, so that the signing information database will add the network reality in the signing information of the terminal in the terminal identification list
The mark of example.
Optionally, the instance management information further includes the mark for the application program that can be used in the network example
Know, second network function also sends the mark for having the application program to the signing information database, so that the label
About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list;Or
The instance management information further includes the mark for the application program that can not be used in the network example, described
Second network function also sends the mark for having the application program to the signing information database, so that the signing information number
The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.
Optionally, described using the instance management information, including:
Instance management information is sent to the first network function in the network example by transceiver 2110, it is described
Instance management information includes following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the network example is third-party network example.
It should be noted that in the present embodiment above-mentioned network function can be in Fig. 1-embodiments shown in Fig. 10 second
Network function, the arbitrary embodiment of the second network function can be by upper in the present embodiment in Fig. 1-embodiment illustrated in fig. 10
It states network function to be realized, and reaches identical advantageous effect, details are not described herein again.
Referring to Figure 22, show that a kind of structure of terminal, the terminal include in figure:Processor 2200, transceiver 2210, storage
Device 2220, user interface 2230 and bus interface, wherein:
Processor 2200 executes following process for reading the program in memory 2220:
By transceiver 2210 in network example first network function send target message;
The management message that the first network function is sent is received by transceiver 2210, and the management message is described the
One network function determines whether the terminal allows to access the management message sent after the network example.
Wherein, transceiver 2210, for sending and receiving data under the control of processor 2200.
In fig. 22, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2200 generation of processor
The various circuits for the memory that the one or more processors and memory 2220 of table represent link together.Bus architecture may be used also
To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all
It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2210 can
To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided
Member.For different user equipmenies, user interface 2230, which can also be, external the interface for needing equipment is inscribed, and connection is set
Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..
Processor 2200 is responsible for bus architecture and common processing, and memory 2220 can store processor 2200 and exist
Execute used data when operation.
Optionally, the message is the access request that the terminal accesses the network example;Or the message be
The network example establishes the foundation request of session.
Optionally, the management message for receiving the first network function and sending, including:
The response message that the first network function is sent is received by transceiver 2210, wherein the response message is taken
With following one or more:
Application program identification list, the application program identification list are included in answering of being used in the network example
It is included in the application program that can not be used in the network example with the mark or the application program identification list of program
Mark;
Server identification list, the server identification list are included in the application clothes being able to access that in the network example
The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example
The mark of device;
List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example
The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example
The address of device.
Optionally, the target message is the access request that the terminal accesses the network entity;Or
The target message is the foundation request that session is established in the network example.
Optionally, the network example is third-party network example;And/or
First network function face function in order to control.
It should be noted that above-mentioned terminal can be the terminal in Fig. 1-embodiments shown in Fig. 10 in the present embodiment, figure
The arbitrary embodiment of terminal can be realized by the above-mentioned terminal in the present embodiment in 1- embodiment illustrated in fig. 10, Yi Jida
To identical advantageous effect, details are not described herein again.
In several embodiments provided herein, it should be understood that disclosed method and apparatus, it can be by other
Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
For a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine
Or it is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed phase
Coupling, direct-coupling or communication connection between mutually can be by some interfaces, the INDIRECT COUPLING or communication of device or unit
Connection can be electrical, machinery or other forms.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that the independent physics of each unit includes, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can be stored in one and computer-readable deposit
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes receiving/transmission method described in each embodiment of the present invention
Part steps.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, abbreviation
ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disc or CD etc. are various to store
The medium of program code.
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (40)
1. a kind of management method of terminal, which is characterized in that including:
First network function receives the message that terminal is sent, and the first network function is located in network example;
The first network function determines whether the terminal allows to access the network example;
The first network function sends management message to the terminal.
2. the method as described in claim 1, which is characterized in that the message is that the terminal accesses connecing for the network example
Enter request;Or the message is that the foundation request of session is established in the network example.
3. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect
Enter the network example, including:
The first network function sends request to the second network function and checks whether the terminal allows to access the network reality
The message of example, the message carry the mark of the terminal;
The first network function receives the inspection result that second network function is sent, wherein the inspection result is institute
The second network function is stated according to the situation about identifying whether in terminal identification list of the terminal and determination, the terminal mark
It is the terminal identification list corresponding with the network example that second network function obtains in advance to know list.
4. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect
Enter the network example, including:
The first network function obtains the mark of the terminal;
Terminal described in the first network functional check is identified whether in terminal identification list corresponding with the network example
In, whether allow to access the network example with the determination terminal.
5. method as claimed in claim 4, which is characterized in that the method further includes:
First network function second network function of reception or third network function send corresponding with the network example
The terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.
6. method as claimed in claim 5, which is characterized in that the internal indicator that the terminal identification list includes is described the
The internal indicator that outer logo is converted by two network functions by signing information database, the outer logo are described second
Network function receives the outer logo that the corresponding server of the network example is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will be external by signing information database
The internal indicator being converted into is identified, the outer logo is that the third network function receives the corresponding service of the network example
The outer logo that device is sent.
7. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect
Enter the network example, including:
The first network function obtains the signing information of the terminal;
It whether there is the mark of the network example in signing information described in the first network functional check;
If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network reality
Example;
If the mark of the network example is not present in the signing information, determining the terminal not allows to access the network reality
Example.
8. the method for claim 7, which is characterized in that have the terminal in the net if the signing information also records
The mark for the application program that can be used in network example, then the management message carry the mark of the application program;Or
If the signing information also records the mark for the application program for having the terminal that can not be used in the network example,
Then the management message carries the mark of the application program.
9. the method for claim 7, which is characterized in that the first network function obtains the signing letter of the terminal
Breath, including:
The first network function obtains the signing information of the terminal from signing information database, wherein the signing letter
The record that breath database includes has the signing information of the mark of the network example to be, the signing information database receives end
After holding identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list and obtained
It arrives, the terminal identification list includes the mark for allowing to access the terminal of the network example.
10. the method as described in claim 1, which is characterized in that the first network function sends management to the terminal and disappears
Breath, including:
The response message that the first network function is returned to the terminal, wherein the response message is carried such as the next item down
Or it is multinomial:
Application program identification list, the application program identification list are included in the application journey that can be used in the network example
The mark of sequence or the application program identification list are included in the mark for the application program that can not be used in the network example
Know;
Server identification list, the server identification list are included in the application server being able to access that in the network example
Mark or the application server identifier list be included in the application server that can not be accessed in the network example
Mark;
List of server addresses, the list of server addresses are included in the application server being able to access that in the network example
Address or the application server identifier list be included in the application server that can not be accessed in the network example
Address.
11. method as claimed in claim 10, which is characterized in that the method further includes:
The first network function sends the application server address list to the user plane functions of the network example.
12. the method as described in any one of claim 1-11, which is characterized in that the network example is third-party network
Example;And/or
First network function face function in order to control.
13. a kind of management method of terminal, which is characterized in that including:
Second network function receives the instance management information that the corresponding server of network example is sent;
Second network function uses the instance management information, and the instance management information is for managing the network example
Terminal access.
14. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair
The terminal identification list answered, second network function use the instance management information, including:
Second network function receives the request that the first network function being located in the network example is sent and checks that terminal is
The no message for allowing to access the network example, the message carry the mark of terminal, and the terminal is to the first network
Function sends the terminal for the access request for accessing the network example;
Second network function checks the identifying whether in the terminal identification list of the terminal, to obtain for indicating
Receive or refuse the inspection result of the access request;
Second network function returns to the inspection result to the first network function.
15. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair
The terminal identification list answered, second network function use the instance management information, including:
Second network function sends the terminal identification list to the first network function in the network example, with
Make the access network example that the first network function receives or reject according to the terminal identification list
Access request.
16. method as claimed in claim 15, which is characterized in that the terminal identification list includes outer logo, and described
Two network functions send the terminal identification list to first network function corresponding with the network example, including:
The outer logo is converted into internal indicator by second network function by signing information database, and to positioned at institute
State the terminal identification list that the transmission of the first network function in network example includes the internal indicator.
17. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair
The mark of the terminal identification list and the network example answered, second network function use the instance management information, packet
It includes:
Second network function sends the mark of the terminal identification list and the network example to signing information database,
So that the signing information database will add the network example in the signing information of the terminal in the terminal identification list
Mark.
18. method as claimed in claim 17, which is characterized in that the instance management information further includes in the network example
In the mark of application program that can use, second network function also has described answer to signing information database transmission
With the mark of program, so that the signing information database will add in the signing information of the terminal in the terminal identification list
The mark of the application program;Or
The instance management information further includes the mark for the application program that can not be used in the network example, and described second
Network function also sends the mark for having the application program to the signing information database, so that the signing information database
The mark of the application program will be added in the signing information of terminal in the terminal identification list.
19. method as claimed in claim 13, which is characterized in that second network function is believed using the instance management
Breath, including:
Second network function sends instance management information, the reality to the first network function in the network example
Example management information includes following one or more:
Application program identification list, the application program identification list are included in the application journey that can be used in the network example
The mark of sequence or the application program identification list are included in the mark for the application program that can not be used in the network example
Know;
Server identification list, the server identification list are included in the application server being able to access that in the network example
Mark or the application server identifier list be included in the application server that can not be accessed in the network example
Mark;
List of server addresses, the list of server addresses are included in the application server being able to access that in the network example
Address or the application server identifier list be included in the application server that can not be accessed in the network example
Address.
20. the method as described in any one of claim 13-19, which is characterized in that the network example is third-party net
Network example.
21. a kind of network function, the network function is first network function, which is characterized in that including:
First receiving module, the message for receiving terminal transmission, the first network function are located in network example;
Determining module, for determining whether the terminal allows to access the network example;
First sending module, for sending management message to the terminal.
22. network function as claimed in claim 21, which is characterized in that the message is that the terminal accesses the network reality
The access request of example;Or the message is that the foundation request of session is established in the network example.
23. network function as claimed in claim 22, which is characterized in that the determining module, including:
Transmission unit checks whether terminal allows to access disappearing for the network example for sending request to the second network function
Breath, the message carry the mark of the terminal;
Receiving unit, the inspection result sent for receiving second network function, wherein the inspection result is described the
The determination according to the situation about identifying whether in terminal identification list of the terminal of two network functions, the terminal iidentification row
Table is the terminal identification list corresponding with the network example that second network function obtains in advance.
24. network function as claimed in claim 22, which is characterized in that the determining module, including:
First acquisition unit, the mark for obtaining the terminal;
First inspection unit, for checking the identifying whether in terminal identification list corresponding with the network example of the terminal
In, whether allow to access the network with the determination terminal.
25. network function as claimed in claim 24, which is characterized in that the network function further includes:
Second receiving module, for receives the second network function or third network function transmission it is corresponding with the network example
The terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.
26. network function as claimed in claim 25, which is characterized in that the internal indicator that the terminal identification list includes is
The internal indicator that outer logo is converted by second network function by signing information database, the outer logo are institute
It states the second network function and receives the outer logo that the corresponding server of the network example is sent;Or
The internal indicator that the terminal identification list includes is that the third network function will be external by signing information database
The internal indicator being converted into is identified, the outer logo is that the third network function receives the corresponding service of the network example
The external mark that device is sent.
27. network function as claimed in claim 22, which is characterized in that the determining module, including:
Second acquisition unit, the signing information for obtaining the terminal;
Second inspection unit, for checking the mark that whether there is the network example in the signing information;
First determination unit, if for there are the marks of the network example in the signing information, it is determined that the terminal permits
Perhaps the network example is accessed;
Second determination unit, if the mark for the network example to be not present in the signing information, it is determined that the terminal
Do not allow to access the network example.
28. network function as claimed in claim 27, which is characterized in that there is the terminal to exist if the signing information also records
The mark for the application program that can be used in the network example, then the management message carry the mark of the application program
Know;Or
If the signing information also records the mark for the application program for having the terminal that can not be used in the network example,
Then the management message carries the mark of the application program.
29. network function as claimed in claim 27, which is characterized in that the second acquisition unit is used for from signing information number
According to the signing information for obtaining the terminal in library, wherein the record that the signing information database includes has the network example
The signing information of mark be, after the signing information database receives terminal identification list, by the terminal identification list
In terminal signing information in add the mark of the network example and obtain, the terminal identification list includes allowing to connect
Enter the mark of the terminal of the network example.
30. network function as claimed in claim 21, which is characterized in that first sending module to the terminal for returning
The response message returned, wherein the response message carries following one or more:
Application program identification list, the application program identification list are included in the application journey that can be used in the network example
The mark of sequence or the application program identification list are included in the mark for the application program that can not be used in the network example
Know;
Server identification list, the server identification list are included in the application server being able to access that in the network example
Mark or the application server identifier list be included in the application server that can not be accessed in the network example
Mark;
List of server addresses, the list of server addresses are included in the application server being able to access that in the network example
Address or the application server identifier list be included in the application server that can not be accessed in the network example
Address.
31. network function as claimed in claim 30, which is characterized in that the network function further includes:
Second sending module, for sending the application server address list to the user plane functions of the network example.
32. the network function as described in any one of claim 21-31, which is characterized in that the network example is third party
Network example;And/or
First network function face function in order to control.
33. a kind of network function, the network function is the second network function, which is characterized in that including:
Receiving module, the instance management information sent for receiving the corresponding server of network example;
Using module, for using the instance management information, the instance management information is for managing the network example
Terminal accesses.
34. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real
The corresponding terminal identification list of example, it is described using module, including:
Receiving unit checks whether terminal permits for receiving the request that the first network function being located in the network example is sent
Perhaps the message of the network example is accessed, which carries the mark of terminal, and the terminal is to the first network function
Send the terminal for the access request for accessing the network example;
Inspection unit, for checking the identifying whether in the terminal identification list of the terminal, to obtain for indicating to connect
By or the refusal access request inspection result;
Transmission unit, for returning to the inspection result to the first network function.
35. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real
The corresponding terminal identification list of example, it is described to be used to send institute to the first network function in the network example using module
Terminal identification list is stated, so that the first network function connecing of receiving or reject according to the terminal identification list
Enter the access request of the network example.
36. network function as claimed in claim 35, which is characterized in that the terminal identification list includes outer logo, institute
It states and using module is used to that the outer logo to be converted into internal indicator by signing information database, and to positioned at the network
First network function transmission in example includes the terminal identification list of the internal indicator.
37. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real
The mark of example corresponding terminal identification list and the network example, it is described to be used to send to signing information database using module
The mark of the terminal identification list and the network example, so that the signing information database is by the terminal identification list
In terminal signing information in add the mark of the network example.
38. network function as claimed in claim 37, which is characterized in that the instance management information further includes in the network
The mark for the application program that can be used in example, second network function are also sent to the signing information database
The mark of application program is stated, so that the signing information database will be in the signing information of the terminal in the terminal identification list
Add the mark of the application program;Or
The instance management information further includes the mark for the application program that can not be used in the network example, and described second
Network function also sends the mark for having the application program to the signing information database, so that the signing information database
The mark of the application program will be added in the signing information of terminal in the terminal identification list.
39. network function as claimed in claim 33, which is characterized in that described to be used for positioned at network reality using module
First network function in example sends instance management information, and the instance management information includes following one or more:
Application program identification list, the application program identification list are included in the application journey that can be used in the network example
The mark of sequence or the application program identification list are included in the mark for the application program that can not be used in the network example
Know;
Server identification list, the server identification list are included in the application server being able to access that in the network example
Mark or the application server identifier list be included in the application server that can not be accessed in the network example
Mark;
List of server addresses, the list of server addresses are included in the application server being able to access that in the network example
Address or the application server identifier list be included in the application server that can not be accessed in the network example
Address.
40. the network function as described in any one of claim 33-39, which is characterized in that the network example is third party
Network example.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610875933.4A CN108306907A (en) | 2016-09-30 | 2016-09-30 | A kind of management method of terminal, network function and terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610875933.4A CN108306907A (en) | 2016-09-30 | 2016-09-30 | A kind of management method of terminal, network function and terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108306907A true CN108306907A (en) | 2018-07-20 |
Family
ID=62871828
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610875933.4A Pending CN108306907A (en) | 2016-09-30 | 2016-09-30 | A kind of management method of terminal, network function and terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108306907A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109302490A (en) * | 2018-11-12 | 2019-02-01 | 林昌盛威(北京)科技有限公司 | Network connection control method and system, gateway, Cloud Server |
CN111865569A (en) * | 2019-04-28 | 2020-10-30 | 华为技术有限公司 | Key negotiation method and device |
CN114205237A (en) * | 2020-08-26 | 2022-03-18 | 中国移动通信集团终端有限公司 | Authentication method and device of application program, electronic equipment and computer storage medium |
WO2023124680A1 (en) * | 2021-12-31 | 2023-07-06 | 华为技术有限公司 | Subscription management method and related apparatus |
CN114205237B (en) * | 2020-08-26 | 2024-07-16 | 中国移动通信集团终端有限公司 | Authentication method and device for application program, electronic equipment and computer storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102036216A (en) * | 2009-09-28 | 2011-04-27 | 华为终端有限公司 | Control method, device and system for local internet protocol (IP) access or selected IP traffic offload |
CN102438330A (en) * | 2011-12-06 | 2012-05-02 | 大唐移动通信设备有限公司 | Method for attaching to E-TRAN (Evolved Universal Terrestrial Radio Access Network) and mobility management entity |
CN102857908A (en) * | 2011-06-30 | 2013-01-02 | 中兴通讯股份有限公司 | Mapping method, device and system for terminal identifications |
US20150172997A1 (en) * | 2013-12-16 | 2015-06-18 | Qualcomm Incorporated | Methods and apparatus for provisioning of credentials in network deployments |
CN105813079A (en) * | 2016-05-17 | 2016-07-27 | 工业和信息化部电信研究院 | Terminal access method |
-
2016
- 2016-09-30 CN CN201610875933.4A patent/CN108306907A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102036216A (en) * | 2009-09-28 | 2011-04-27 | 华为终端有限公司 | Control method, device and system for local internet protocol (IP) access or selected IP traffic offload |
CN102857908A (en) * | 2011-06-30 | 2013-01-02 | 中兴通讯股份有限公司 | Mapping method, device and system for terminal identifications |
CN102438330A (en) * | 2011-12-06 | 2012-05-02 | 大唐移动通信设备有限公司 | Method for attaching to E-TRAN (Evolved Universal Terrestrial Radio Access Network) and mobility management entity |
US20150172997A1 (en) * | 2013-12-16 | 2015-06-18 | Qualcomm Incorporated | Methods and apparatus for provisioning of credentials in network deployments |
CN105813079A (en) * | 2016-05-17 | 2016-07-27 | 工业和信息化部电信研究院 | Terminal access method |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109302490A (en) * | 2018-11-12 | 2019-02-01 | 林昌盛威(北京)科技有限公司 | Network connection control method and system, gateway, Cloud Server |
CN111865569A (en) * | 2019-04-28 | 2020-10-30 | 华为技术有限公司 | Key negotiation method and device |
WO2020221019A1 (en) * | 2019-04-28 | 2020-11-05 | 华为技术有限公司 | Key agreement method and device |
CN111865569B (en) * | 2019-04-28 | 2022-08-26 | 华为技术有限公司 | Key negotiation method and device |
CN114205237A (en) * | 2020-08-26 | 2022-03-18 | 中国移动通信集团终端有限公司 | Authentication method and device of application program, electronic equipment and computer storage medium |
CN114205237B (en) * | 2020-08-26 | 2024-07-16 | 中国移动通信集团终端有限公司 | Authentication method and device for application program, electronic equipment and computer storage medium |
WO2023124680A1 (en) * | 2021-12-31 | 2023-07-06 | 华为技术有限公司 | Subscription management method and related apparatus |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11095664B2 (en) | Detection of spoofed call information | |
CN104125063B (en) | Authorization and authentication method, equipment and system | |
CN110519775A (en) | Conversation managing method, device and system | |
CN113115480A (en) | Address information sending method, address information obtaining method, address information sending device, address information obtaining device, address information equipment and address information medium | |
US11063990B2 (en) | Originating caller verification via insertion of an attestation parameter | |
WO2021135663A1 (en) | Application instance determination method, device, and system | |
EP3162104B1 (en) | A method to authenticate calls in a telecommunication system | |
CN101103609A (en) | Method and device for treating emergency call | |
CN110086757A (en) | Communication means and communication device | |
CN104333530B (en) | Information credibility verification method and device | |
JP6974688B2 (en) | Communication methods, terminals, telecommunications company servers and smart devices | |
US11671468B2 (en) | Authenticated calling voicemail integration | |
CN110035040B (en) | Method and device for signaling addressing | |
CN109547513A (en) | The treating method and apparatus of application context | |
CN110691110B (en) | Communication method, device, system, terminal, equipment and medium | |
CN113573326A (en) | Address acquisition method and device | |
US10244107B1 (en) | Systems and methods for causing display of a reputation indicator associated with a called party | |
CN108306907A (en) | A kind of management method of terminal, network function and terminal | |
CN108235823A (en) | Agency is without roaming cellular | |
CN105471820A (en) | Processing method and processing device for converged communication terminal discovery and ability detection | |
US9942766B1 (en) | Caller validation for end service providers | |
GB2598293A (en) | Apparatus, methods, and computer programs | |
US10778732B2 (en) | Method of detecting a spoofing of identity belonging to a domain | |
CN104301450B (en) | The method and device of addressing | |
CN106572142A (en) | Method, system and apparatus for discovering shared resources |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |