CN108306907A

CN108306907A - A kind of management method of terminal, network function and terminal

Info

Publication number: CN108306907A
Application number: CN201610875933.4A
Authority: CN
Inventors: 王胡成
Original assignee: China Academy of Telecommunications Technology CATT
Current assignee: China Academy of Telecommunications Technology CATT
Priority date: 2016-09-30
Filing date: 2016-09-30
Publication date: 2018-07-20

Abstract

The embodiment of the present invention provides a kind of management method of terminal, network function and terminal, this method and may include：First network function receives the message that terminal is sent, and the first network function is located in network example；The first network function determines whether the terminal allows to access the network example；The first network function sends management message to the terminal.The embodiment of the present invention may be implemented to realize effective management to network example by above-mentioned management message.

Description

A kind of management method of terminal, network function and terminal

Technical field

The present invention relates to a kind of field of communication technology more particularly to management method of terminal, network function and terminals.

Background technology

Mobile communications network needs to support abundanter network application following, adapts to the business demand of various scenes, And meet the service performance requirements of different user, and need to support the equipment access of various businesses.These diversified business Demand proposes the everyways such as the mobile management of network, bandwidth demand, service quality, safety and charging different need It asks.Operator is the diversified business demand of support, while in order to reduce the cost of network construction and operation, improve network management Flexibility and network resource availability, propose that network example supports certain types of communication in future mobile communications network Business.Wherein, network example be appreciated that one group of network functional group at be capable of providing particular communication service or network capabilities System or subsystem.In addition, network example is properly termed as network slice again, or it is properly termed as network slice example.However, mesh It cannot achieve in preceding mobile communications network and network example effectively managed.

Invention content

The purpose of the present invention is to provide a kind of management method of terminal, network function and terminals, solve and cannot achieve The problem of network example is effectively managed.

In order to achieve the above object, the embodiment of the present invention provides a kind of management method of terminal, including：

First network function receives the message that terminal is sent, and the first network function is located in network example；

The first network function determines whether the terminal allows to access the network example；

The first network function sends management message to the terminal.

Optionally, the message is the access request that the terminal accesses the network example；Or the message be The network example establishes the foundation request of session.

Optionally, the first network function determines whether the terminal allows to access the network example, including：

The first network function sends request to the second network function and checks whether the terminal allows to access the net The message of network example, the message carry the mark of the terminal；

The first network function receives the inspection result that second network function is sent, wherein the inspection result Be second network function according to the situation about identifying whether in terminal identification list of the terminal determination, the end End identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.

The first network function obtains the mark of the terminal；

Terminal described in the first network functional check is identified whether in terminal iidentification corresponding with the network example In list, whether allow to access the network example with the determination terminal.

Optionally, the method further includes：

The first network function receives the second network function or third network function is sending with the network example The corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.

Optionally, the internal indicator that the terminal identification list includes is that second network function passes through signing information number According to the internal indicator that outer logo is converted by library, the outer logo is that second network function receives the network example The outer logo that corresponding server is sent；Or

The internal indicator that the terminal identification list includes is that the third network function will by signing information database The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding The outer logo that server is sent.

The first network function obtains the signing information of the terminal；

It whether there is the mark of the network example in signing information described in the first network functional check；

If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network Example；

If the mark of the network example is not present in the signing information, determining the terminal not allows to access the net Network example.

Optionally, if the application journey that the signing information, which also records, has the terminal that can be used in the network example The mark of sequence, then the management message carry the mark of the application program；Or

If the signing information also records the application program for having the terminal that can not be used in the network example It identifies, then the management message carries the mark of the application program.

Optionally, the first network function obtains the signing information of the terminal, including：

The first network function obtains the signing information of the terminal from signing information database, wherein the label The record that about information database includes has the signing information of the mark of the network example to be, the signing information database receives To after terminal identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list And obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.

Optionally, the first network function sends management message to the terminal, including：

The response message that the first network function is returned to the terminal, wherein the response message carries as follows One or more：

Application program identification list, the application program identification list are included in answering of being used in the network example It is included in the application program that can not be used in the network example with the mark or the application program identification list of program Mark；

Server identification list, the server identification list are included in the application clothes being able to access that in the network example The mark of device of being engaged in or the application server identifier list are included in the application service that can not be accessed in the network example The mark of device；

List of server addresses, the list of server addresses are included in the application clothes being able to access that in the network example The address of business device or the application server identifier list are included in the application service that can not be accessed in the network example The address of device.

Optionally, the method further includes：

The first network function sends the application server address list to the user plane functions of the network example.

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

The embodiment of the present invention also provides a kind of management method of terminal, including：

Second network function receives the instance management information that the corresponding server of network example is sent；

Second network function uses the instance management information, and the instance management information is for managing the network The terminal of example accesses.

Optionally, the instance management information includes terminal identification list corresponding with the network example, and described second Network function uses the instance management information, including：

Second network function receives the request that the first network function being located in the network example is sent and checks eventually Whether end allows the message for accessing the network example, the message to carry the mark of terminal, and the terminal is to described first Network function sends the terminal for the access request for accessing the network example；

Second network function checks the identifying whether in the terminal identification list of the terminal, to be used for It indicates receiving or refuses the inspection result of the access request；

Second network function returns to the inspection result to the first network function.

Second network function sends the terminal iidentification row to the first network function in the network example Table, so that the access network that the first network function receives or rejects according to the terminal identification list is real The access request of example.

Optionally, the terminal identification list includes outer logo, second network function to the network example Corresponding first network function sends the terminal identification list, including：

The outer logo is converted into internal indicator by second network function by signing information database, and to position In in the network example first network function send include the internal indicator terminal identification list.

Optionally, the instance management information includes terminal identification list corresponding with the network example and the network The mark of example, second network function use the instance management information, including：

Second network function sends the terminal identification list and the network example to signing information database Mark, so that the signing information database will add the network in the signing information of the terminal in the terminal identification list The mark of example.

Optionally, the instance management information further includes the mark for the application program that can be used in the network example Know, second network function also sends the mark for having the application program to the signing information database, so that the label About information database will add the mark of the application program in the signing information of the terminal in the terminal identification list；Or

The instance management information further includes the mark for the application program that can not be used in the network example, described Second network function also sends the mark for having the application program to the signing information database, so that the signing information number The mark of the application program will be added in the signing information of the terminal in the terminal identification list according to library.

Optionally, second network function uses the instance management information, including：

Second network function sends instance management information, institute to the first network function in the network example It includes following one or more to state instance management information：

Optionally, the network example is third-party network example.

The embodiment of the present invention also provides a kind of network function, and the network function is first network function, including：

First receiving module, the message for receiving terminal transmission, the first network function are located in network example；

Determining module, for determining whether the terminal allows to access the network example；

First sending module, for sending management message to the terminal.

Optionally, the determining module, including：

Transmission unit checks whether terminal allows to access the network example for sending request to the second network function Message, the message carry the mark of the terminal；

Receiving unit, the inspection result sent for receiving second network function, wherein the inspection result is institute The second network function is stated according to the situation about identifying whether in terminal identification list of the terminal and determination, the terminal mark It is the terminal identification list corresponding with the network example that second network function obtains in advance to know list.

Optionally, the determining module, including：

First acquisition unit, the mark for obtaining the terminal；

First inspection unit, for checking the identifying whether in terminal iidentification corresponding with the network example of the terminal In list, whether allow to access the network with the determination terminal.

Optionally, the network function further includes：

Second receiving module, for receives the second network function or third network function transmission with the network example The corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.

The internal indicator that the terminal identification list includes is that the third network function will by signing information database The internal indicator that outer logo is converted into, the outer logo are that the third network function reception network example is corresponding The external mark that server is sent

Optionally, the determining module, including：

Second acquisition unit, the signing information for obtaining the terminal；

Second inspection unit, for checking the mark that whether there is the network example in the signing information；

First determination unit, if for there are the marks of the network example in the signing information, it is determined that the end End allows to access the network example；

Second determination unit, if the mark for the network example to be not present in the signing information, it is determined that described Terminal does not allow to access the network example.

Optionally, the second acquisition unit is used to obtain the signing information of the terminal from signing information database, Wherein, the record that the signing information database includes has the signing information of the mark of the network example to be, the signing letter After breath database receives terminal identification list, the net will be added in the signing information of the terminal in the terminal identification list The mark of network example and obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.

Optionally, the response message that first sending module is used to return to the terminal, wherein the response message Carry following one or more：

Optionally, the network function further includes：

Second sending module, for sending the application server address row to the user plane functions of the network example Table.

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

The embodiment of the present invention also provides a kind of network function, and the network function is the second network function, including：

Receiving module, the instance management information sent for receiving the corresponding server of network example；

Using module, for using the instance management information, the instance management information real for managing the network The terminal access of example.

Optionally, the instance management information includes terminal identification list corresponding with the network example, the use Module, including：

Receiving unit checks that terminal is for receiving the request that the first network function being located in the network example is sent The no message for allowing to access the network example, the message carry the mark of terminal, and the terminal is to the first network Function sends the terminal for the access request for accessing the network example；

Inspection unit, for checking the identifying whether in the terminal identification list of the terminal, to obtain being used for table Show the inspection result of receiving or the refusal access request；

Transmission unit, for returning to the inspection result to the first network function.

Optionally, the instance management information includes terminal identification list corresponding with the network example, the use Module is used to send the terminal identification list to the first network function in the network example, so that first net The access request for the access network example that network function receives or rejects according to the terminal identification list.

Optionally, the terminal identification list includes outer logo, described to be used to pass through signing information data using module The outer logo is converted into internal indicator by library, and it includes institute to be sent to the first network function in the network example State the terminal identification list of internal indicator.

Optionally, the instance management information includes terminal identification list corresponding with the network example and the network The mark of example, it is described to be used to send the terminal identification list and the network example to signing information database using module Mark so that the signing information database will add the net in the signing information of the terminal in the terminal identification list The mark of network example.

Optionally, described to be used to send instance management to the first network function in the network example using module Information, the instance management information include following one or more：

Optionally, the network example is third-party network example.

The above-mentioned technical proposal of the present invention at least has the advantages that：

The embodiment of the present invention, first network function receive the message that terminal is sent, and the first network function is located at network In example；The first network function determines whether the terminal allows to access the network example；The first network function Management message is sent to the terminal.It may be implemented to realize effective management to network example by above-mentioned management message in this way.

Description of the drawings

Fig. 1 is the applicable schematic network structure of the embodiment of the present invention；

Fig. 2 is a kind of flow diagram of network example management method provided in an embodiment of the present invention；

Fig. 3 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 4 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 5 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 6 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 7 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 8 is the example schematic of another network example management method provided in an embodiment of the present invention；

Fig. 9 is the flow diagram of another network example management method provided in an embodiment of the present invention；

Figure 10 is the flow diagram of another network example management method provided in an embodiment of the present invention；

Figure 11 is a kind of structural schematic diagram of network function provided in an embodiment of the present invention；

Figure 12 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 13 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 14 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 15 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 16 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 17 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 18 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 19 is a kind of structural schematic diagram of terminal provided in an embodiment of the present invention；

Figure 20 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 21 is the structural schematic diagram of another network function provided in an embodiment of the present invention；

Figure 22 is the structural schematic diagram of another terminal provided in an embodiment of the present invention.

Specific implementation mode

To keep the technical problem to be solved in the present invention, technical solution and advantage clearer, below in conjunction with attached drawing and tool Body embodiment is described in detail.

Referring to Fig. 1, Fig. 1 is the applicable schematic network structure of the embodiment of the present invention, as shown in Figure 1, including：Terminal 11, first network function 12, the second network function 13, third network function 14, signing information database 15 and server 16.Its In, terminal 11 can be user terminal, such as：Mobile phone, computer, household appliance, tablet computer (Tablet Personal Computer), laptop computer (Laptop Computer), personal digital assistant (personal digital Assistant, abbreviation PDA), mobile Internet access device (Mobile Internet Device, MID) or wearable device Terminal devices such as (Wearable Device).It should be noted that not limiting the specific of terminal 11 in embodiments of the present invention Type.First network function 12 can be the network function being located in a certain network example, or in multiple network examples Network function, i.e., the network function between network example share public function (common function).Such as：Position In the network function of third-party network example, which can be control plane function, such as mobile management function to ps domain, session Management function or authentication functions.Above-mentioned second network function 13 can be the policy control functions in carrier network, Huo Zheyun Seek ability open platform/function in quotient's network.Third network function 14 can be ability open platform in carrier network/ Function, it should be noted that the second network function 13 and third network function 14 can only include wherein in above-mentioned network structure One, such as：Then can not include third when second network function 13 is ability open platform/function in carrier network Then may include the second net when network function 14 or the second network function 13 are the policy control functions in carrier network Network function 13 and third network function 14.It should be noted that do not limit in embodiments of the present invention first network function 12, The concrete type of second network function 13 and third network function 14.Above-mentioned signing information database 15 can be that ownership signing is used Family server (Home Subscriber Server, HSS).Above-mentioned server 16 can be with belonging to first network function 12 The corresponding server of network example, or can be the service that service is provided for the network example belonging to first network function 12 Device, such as：Above-mentioned first network function is the network function in third-party network example, then server 16 can be third party Server.

In addition, in the embodiment of the present invention, network example is properly termed as network slice again, or is properly termed as network slice in fact Example.Third-party network example can be understood as the network subsystem that one group of network function of third-party application provider establishment is constituted System.Network function can be 3GPP use or the networks that define of 3GPP in processing function, and define behaviour and 3GPP defines interface (Network function is a3GPP adopted or 3GPP defined processing function in a network,which has defined functional behaviour and 3GPP defined interfaces).In addition, control plane function can be the network function positioned at control plane, user plane functions can be located at The network function of user plane.Policy control functions can generate network-control rule according to application layer message or network layer information Then or strategy functional entity, ability open platform/function can be the network of safe the opening service of 3GPP networks and ability Set of interfaces.

Referring to Fig. 2, the embodiment of the present invention provides a kind of management method of terminal, as shown in Fig. 2, including the following steps：

201, first network function receives the message that terminal is sent, and the first network function is located in network example；

202, the first network function determines whether the terminal allows to access the network example；

203, first network function sends management message to the terminal.

Wherein, above-mentioned message can be the access request for the above-mentioned network example of access that terminal is sent, certainly, connecing here Enter request it can be appreciated that attach request (Attach Request).Or above-mentioned message can be terminal send described Network example establishes the foundation request of session, such as：PDU session request.When first network function receive it is above-mentioned After message, so that it may whether allow to access the network example with the determination terminal, to return to above-mentioned management to above-mentioned terminal Message, i.e., above-mentioned management message are the knots whether first network function allows to access the network example based on the determination terminal The management message that fruit sends.Such as：Receive the sound that the either response message of refusal access request or response session establish request Message is answered, and the response message can also be included in the management such as the mark for the application program that above-mentioned network example can use letter Breath.It is generated in addition, above-mentioned management message can be above-mentioned first network function, such as：It is corresponding based on above-mentioned network example What terminal identification list generated, or the mark of application program that allows to use based on above-mentioned network example generates, Huo Zheji It is generated in the mark for the application server that above-mentioned network example allows to access or address.

In the embodiment of the present invention, it can be realized by above-mentioned management message and above-mentioned network example is effectively managed.

Optionally, above-mentioned message is the access request that the terminal accesses the network entity, then the first network work( The management message that can be sent to the terminal, including：

The first network function is returned to the terminal receives the message of access request or disappearing for refusal access request Breath.

In the embodiment, if the access request of terminal transmission may be implemented, it can determine whether the terminal allows The network example is accessed, to return to corresponding response message to terminal, such as：Allow to access the network example, then the sound It is to receive the message of access request to answer message, such as Attach accept message；It, should if not allowing to access the network example Response message is the message for refusing access request, such as Attach reject message.In addition, first network function determines the end Whether end allows to access the network example be that first network function is based on the corresponding terminal iidentification row of above-mentioned network example Table and determination, such as：When the mark of above-mentioned terminal is located in the terminal identification list, it is determined that the terminal allows to access institute Network example is stated, conversely, not allowing to access the network example.

It states first network function and sends whether the request inspection terminal allows to access the network to the second network function The message of example, the message carry the mark of the terminal；

The first network function receives the inspection result that second network function is sent, wherein the inspection The result is that second network function according to the situation about identifying whether in terminal identification list of the terminal and determination, institute It is the terminal identification list corresponding with the network example that second network function obtains in advance to state terminal identification list.

In the embodiment, it may be implemented to determine whether the terminal allows described in access by above-mentioned second network function Network example, such as：Determine whether the terminal allows to access the network example by the policing feature of carrier network.Its In, above-mentioned terminal identification list can be the corresponding server of above-mentioned network example provided to the second network function allow to access The user identifier of this network example, such as IMSI.When the mark of above-mentioned terminal is in above-mentioned terminal identification list, above-mentioned inspection As a result it indicates to receive access request, otherwise indicates refusal access request.

Such as：With above-mentioned network example for third-party network example (3rd party Network slice Instance, 3rd party NSI) it illustrates, as shown in figure 3, when third party service provider request mobile operator wounds After building third-party network example, third-party application server can provide the use for allowing to access this network example to carrier network Family identifies, i.e., above-mentioned terminal identification list, wherein the terminal identification list can be the outer logo for including terminal (external ID).After the policy control functions in carrier network receive these external ID, the terminal mark is preserved Know list (external ID list), which can be understood as white list.In addition, if policy control functions Independently of third-party network example, i.e., it is not located in third-party network example, then when preserving terminal identification list, needs Record the mark of corresponding network example.Wherein, outer logo (external ID) can be the terminal of 3GPP network-externals (such as：UE mark).When there is terminal to wish to adhere to or be linked into third-party network example, it is real to be located at third party's network First network function in example, such as authentication functions, certainly, first network function, which is likely to be, to be shared between network example Public function (common function).First network function needs to send above-mentioned inspection message to policy control functions, to ask Whether ask allows the terminal to adhere to or access, the mark of the inspection message carried terminal, such as：Outer logo (external ID).Certainly, the mark of terminal can be by inquiring signing information database, such as HSS, to obtain the external of terminal ID, as shown in figure 3, sending subscription information to signing information database asks (Subscription information Request), (Subscription information are responded with the subscription information for receiving the return of signing information database Response), which carries the outer logo of terminal.But it is not construed as limiting here, such as：In the access request that terminal is sent The external ID or first network function for carrying terminal obtain the external ID for having the terminal in advance.Strategy control Function processed by check terminal external ID whether in terminal identification list, to determine whether the UE access net Network example, and return to inspection result.First network function can accept or reject terminal according to the inspection result received in this way Attachment/access request.

Optionally, above-mentioned first network function determines whether the terminal allows to access the network example, including：

The first network function obtains the mark of the terminal；

In the embodiment, the mark for obtaining above-mentioned terminal may be implemented, wherein the mark can be from signing information number According to the outer logo or internal indicator of the terminal obtained in library.Certainly, it and can get by other means The mark of above-mentioned terminal.So as to detect the mark that whether there is the terminal in above-mentioned terminal identification list, if can in the presence of if Allow above-mentioned terminal to access the network example to determine, or be not present, does not then allow above-mentioned terminal to access the network real Example.Wherein, above-mentioned terminal identification list can in advance be obtained with above-mentioned first network function, or can receive other networks What function was sent, this embodiment of the present invention is not construed as limiting.

Optionally, method described above further includes：

The first network function receives the second network function or third network function is sending with the network example Corresponding terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.

In the embodiment, it may be implemented to obtain above-mentioned terminal iidentification row from the second network function or third network function Table, and determine whether the terminal allows to access the network example based on above-mentioned terminal identification list, such as：When above-mentioned terminal Mark in above-mentioned terminal identification list when, obtain indicate receive access request, otherwise obtain indicate refusal access request, with Realization is authenticated in first network function.Wherein, which can be the terminal introduced in the above embodiment Identification list does not repeat herein.

And it may be implemented to reflect to terminal based on the internal indicator (internal ID) that above-mentioned terminal identification list includes Whether power, allow to access the network example with the determination terminal.Wherein, the internal indicator of above-mentioned terminal can be from signing It is obtained in information database, can also be that first network function obtains in advance.Wherein, if the internal indicator of terminal whether In the terminal identification list, then the inspection result for indicating to receive access request is obtained, refusal access request is indicated conversely, obtaining Inspection result.Wherein, internal indicator (internal ID) can be 3GPP network internals terminal (such as：UE mark), Such as IMSI or IMEI (International mobile equipment identity, International Mobile Station Equipment Identification).

Wherein, the internal indicator that the terminal identification list includes is that second network function passes through signing information data The internal indicator that outer logo is converted by library, the outer logo are that second network function receives the network example pair The outer logo that the server answered is sent；Or

Above-mentioned second network function can be the policy control functions of carrier network, and above-mentioned third network function can be Ability open platform/function of carrier network.And the inside for being converted into outer logo by above-mentioned signing information database Mark can be, inquiry signing information database is to obtain the corresponding internal indicator of each outer logo, then by terminal identification list The outer logo for including is converted into corresponding internal indicator.Or the inside that outer logo is converted by signing information database Mark can be that terminal identification list is sent to signing information database, by signing information database by terminal identification list Including outer logo be converted into corresponding internal indicator, and return to the second network function or third network function.Such as： It is that third-party network example and third network function are illustrated with above-mentioned network example, as shown in figure 4, operation The terminal identification list (UE external ID list) that third-party application server is sent first is converted to UE by quotient's network Internal ID list are subsequently sent in third party's network slice.Such as：Ability open platform/work(of carrier network After energy (third network function) receives the UE external ID list that third-party application server is sent, signing information is inquired Outer logo (external ID) is converted to internal indicator (internal ID), is subsequently sent to by database, such as HSS Specify the control plane function (first network function) of third-party network example, such as authentication functions.Or carrier network After ability open platform/function receives the UE external ID list that third-party application server is sent, which is sent To signing information database, signing information database is sent to finger after UE external ID are converted to UE internal ID The control plane function of fixed third-party network of network, such as authentication functions.

After the control plane function of third-party network example receives the internal ID, the internal ID are preserved List is white list.When have terminal wish to adhere to/be linked into third-party network example when, be located in third party's network slice Control function, such as authentication functions, being checked whether according to white list allows the terminal to adhere to or access.Control plane function may need Signing information database is inquired to obtain the internal ID of terminal.According to inspection result, in third-party network example Control plane function receives or attachment/access request of refusal terminal.

It is obtained from the second network function or third network function it should be noted that can also be realized in the embodiment of the present invention Above-mentioned terminal identification list is taken, and determines whether the terminal allows to access the network reality based on above-mentioned terminal identification list Example, such as：When the mark of above-mentioned terminal is in above-mentioned terminal identification list, obtains and indicate to receive access request, otherwise obtain It indicates refusal access request, is authenticated in first network function with realizing.Wherein, which can be above-mentioned reality The terminal identification list introduced in mode is applied, is not repeated herein.Such as：With above-mentioned network example for third-party network example It is illustrated, as shown in figure 5, when third party service provider request mobile operator creates third-party network slice Afterwards, third-party application server can provide the user identifier for allowing to access this network example to carrier network, such as： external ID.The second network function or third network function of subsequent operator make the external ID of these terminals Specified third-party network example is sent to for white list, such as：Policy control functions (the second network in carrier network Function) the external ID are received, external ID are then forwarded to the control plane work(of specified third-party network example Energy (first network function), such as authentication functions.If policy control functions are independently of third-party network example, strategy control Function processed needs first according to the corresponding control plane function of identifier lookup of specifying third-party network example.Or pass through operator External ID are sent to specified third-party network and are sliced by ability open platform/function (third network function) of network Control plane function, such as authentication functions.Ability open platform/function needs can be according to the mark of specified third-party network slice Know and searches corresponding control plane function.

After the control plane function of third-party network slice receives the external ID, the external ID are preserved List is white list, i.e., above-mentioned terminal identification list.When have terminal wish to adhere to/be linked into third-party network example when, position In the control plane function of third party's network example, such as authentication functions, being checked whether according to white list allows the UE to adhere to or connect Enter.Control plane function may need to inquire signing information database to obtain the external ID of terminal.According to inspection result, Control plane function in third-party network example receives or attachment/access request of refusal UE.

The first network function obtains the signing information of the terminal；

If the mark of the network example is not present in the signing information, it is determined that the terminal does not allow described in access Network example.

In the embodiment, it may be implemented to determine whether terminal allows to access above-mentioned network reality according to the signing information of terminal Example.Wherein, above-mentioned signing information can be obtained from signing information database, which includes signing The signing information for having the mark of above-mentioned network example in information there are some records, to indicate the corresponding terminal of these signing informations It is to allow to access above-mentioned network example.

Optionally, if the above-mentioned signing information also records answering of having the terminal that can be used in the network example With the mark of program, then the management message carries the mark of the application program；Or

In the embodiment, if record has the mark of above-mentioned network example during the signing information of above-mentioned terminal may be implemented, Then indicate that the terminal allows to access above-mentioned network example, then the mark of the application program by recording in signing information, limiting should Terminal only allows to use specific application program in above-mentioned network example.Certainly, in some embodiments, above-mentioned signing information It can also be the mark including application server or address, the terminal to limit the above-mentioned network example of access only allows to access special Fixed application server.

Optionally, above-mentioned first network function obtains the signing information of the terminal, including：

In the embodiment, the corresponding signing of mark that terminal identification list is included by signing information database may be implemented Information adds the mark of above-mentioned network example, and above-mentioned network example can be accessed to realize that these identify corresponding terminal.Certainly, Signing information database can also obtain the mark for the application program that can be used in above-mentioned network example, these are applied journey The mark of sequence is added in the corresponding signing information of mark that terminal identification list includes.Such as：With above-mentioned network example for the The network example and third network function of tripartite is illustrated, as shown in fig. 6, when third party service provider is asked After mobile operator creates third-party network example, third-party application server can be provided to carrier network to be allowed to access this The user identifier of network example, such as：The external ID of terminal, and allow the application program mark for accessing this network example Know, such as：Application ID.Subsequent operator's handling capacity open platform or function carry out more the signing information of terminal Newly.Such as：Terminal external ID can be converted to terminal i nternal ID, eventually based on terminal i nternal ID indexes The signing information at end, recorded in the signing information of the terminal the third-party network example mark and terminal in the network The mark for the application program that can be used in slice.When subsequent terminal is attached to the third-party network example, network example Control plane function (first network function), such as authentication functions determine whether that accessing this cuts according to the signing information of terminal Piece.If allowing, the Application ID list that can access the slice are further provided the terminal with.

Optionally, above-mentioned first network function sends management message to the terminal, including：

In the embodiment, it can be taken by the list of above application program identification, application server identifier list and application The management for the above-mentioned network example of at least one of device address list realization of being engaged in after terminal receives above-mentioned list, is accessing above-mentioned net It is limited after network example using specific application program or accesses specific application servers.In addition, above application program identification arranges At least one of table, application server identifier list and application server address list can be that above-mentioned first network function is advance Storage or in the list of above application program identification, application server identifier list and application server address list at least One can receive the second network function or third network function, be not construed as limiting to this embodiment of the present invention.In addition, should Can be after determining that above-mentioned terminal allows to access above-mentioned network example, the response returned to the terminal disappears in embodiment Breath.Or whether the above-mentioned determination terminal allows to access the network example can be understood as which application of above-mentioned terminal determined Program can access above-mentioned network example or whether the above-mentioned determination terminal allows to access the network example and be appreciated that Which server can be accessed by above-mentioned network example for the above-mentioned terminal of determination.

And in the embodiment, the message that above-mentioned terminal is sent to first network function can be described in terminal access The access request of network entity establishes the foundation request of session in the network example.It is may be implemented in this way in access request Response message in terminal send above-mentioned list, and can be sent to terminal in the response message that session establishment is asked above-mentioned List.Wherein, the list of above application program identification, application server identifier list and application server address list can be What one network function the second network function of reception or third network function were sent.Such as：It is third party with above-mentioned network example Network example, above application program identification list be first network function receive third network function send carry out illustrate Bright, as shown in fig. 7, after third party service provider request mobile operator creates third-party network example, third party answers Can be provided to carrier network with server allows to access the application program identification list of this network example, such as： Application ID list.Application program identification list is sent to first network function by subsequent operator. Wherein, with first network function, face function (CP functions) is illustrated in order to control in Fig. 7, and in above-mentioned network example also There are user plane functions (UP functions).Wherein it is possible to the ability open platform/function (third for passing through carrier network Network function) Application ID list can be sent to the control plane function of specified third-party network example, then eventually When end is attached to the network example, which is sent to terminal.Ability open platform/function can be with It needs according to the corresponding control plane function of identifier lookup of specifying third-party network example.

Such as：It is third-party network example and application server identifier list or application with above-mentioned network example List of server addresses is illustrated, as shown in figure 8, when third party service provider request mobile operator creates third After the network example of side, third-party application server can provide this network example to carrier network allows the application service accessed Device identification list (application server marks) or application server address list (application server IP Address).Subsequent operator identifies these server or address list is sent to the control plane function of the network example.Such as： Server IP list are sent to policy control functions (the second network function) by third-party application service, by policy control functions Preserve mark or address list.When being subsequently attached to the terminal initiation session establishment request of the third-party network example, such as： The network example is allowed access by PDU session requests (PDU session request), policy control functions The mark or address list of application server are sent to the control plane function of the network example by IP-CAN sessions. Or server IP list are sent to ability open platform/function (third network function) by third-party application service, by energy The mark or address column for the application server that the third-party network example is allowed to access by power open platform/function Table is sent to the control plane function of the network example.The control plane function of the slice preserves the mark of application server Or address list.When being that terminal establishes session in the network example, the control plane function of the network example will be received or be preserved The slice allow the IP address list of application server accessed to be configured to user plane functions, such as：To user Face function sending strategy rule configuration (Policy rules conf).The control plane function is responsible for the application that will be received The mark of server is converted to IP address.User plane is completed with postponing, the control plane function of the network example is complete in session establishment Allow the mark or address list of the application server accessed at the session is returned to terminal in message.

Optionally, the above method further includes：

In the embodiment, first network function may be implemented and configure the network to the user plane functions of above-mentioned network example Example allows the address list of the application server accessed.To which user plane functions can be based on the ground of these application servers The access of location control terminal.Such as：Terminal as shown in Figure 8 provides the address of server to application layer (Deliver server IP To app layer), user plane functions receive the data communication (Data traffic) of terminal, so that it may to match source destination IP Address, it is the data transmission of non-server IP list to prevent destination address.

Optionally, in the embodiment of the present invention, network example described above is third-party network example；And/or

First network function face function in order to control.

It should be noted that the embodiment of the plurality of optional provided in the embodiment of the present invention can be realized independently, also may be used With the realization that be combined with each other each other, this embodiment of the present invention is not construed as limiting.

In the embodiment of the present invention, first network function receives the message that terminal is sent, and the first network function is located at net In network example；The first network function determines whether the terminal allows to access the network example；The first network work( Management message can be sent to the terminal.It may be implemented to realize effective pipe to network example by above-mentioned management message in this way Reason.

Referring to Fig. 9, the embodiment of the present invention provides the management method of another terminal, as shown in figure 9, including the following steps：

901, the second network function receives the instance management information that the corresponding server of network example is sent；

902, the second network function uses the instance management information, and the instance management information is for managing the network The terminal of example accesses.

In the embodiment of the present invention, examples detailed above management information can be terminal identification list in embodiment shown in Fig. 2, At least one of in application program identification list, application server identifier list and application server address list.Or it is above-mentioned Instance management information can also be that these contents are generated above-mentioned list by the content in these lists, the second network function.

In the embodiment of the present invention, it can realize that the second network function is believed using examples detailed above management through the above steps Breath, to manage above-mentioned network example.Wherein, above-mentioned second network function can be independently of the network work(of above-mentioned network example Can, such as：Policy control functions or ability open platform/function of carrier network etc..Certainly, above-mentioned in some scenes Second network function can also be the network function in above-mentioned network example, is not construed as limiting to this embodiment of the present invention.

Optionally, the network example is third-party network example.

It should be noted that implementation of the present embodiment as second network function corresponding with embodiment shown in Fig. 2 Mode, specific embodiment may refer to the related description of embodiment shown in Fig. 2, with to avoid repeated explanation, this reality Example is applied to repeat no more.In the present embodiment, it equally may be implemented effectively to manage network example.

Referring to Figure 10, the embodiment of the present invention provides the management method of another terminal, as shown in Figure 10, including following step Suddenly：

1001, terminal in network example first network function send message；

1002, the terminal receives the management message that the first network function is sent, and the management message is described the One network function determines whether the terminal allows to access the management message sent after the network example.

Optionally, the terminal receives the management message that the first network function is sent, including：

The terminal receives the response message that the first network function is sent, wherein the response message carry just like The next item down is multinomial：

After terminal receives above-mentioned list, so that it may not use corresponding application program in above-mentioned network example, or Corresponding application server is not accessed.

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

It should be noted that embodiment of the present embodiment as terminal corresponding with embodiment shown in Fig. 2, tool The embodiment of body may refer to the related description of embodiment shown in Fig. 2, with to avoid repeated explanation, the present embodiment is no longer superfluous It states.In the present embodiment, it equally may be implemented effectively to manage network example.

Referring to Figure 11, the embodiment of the present invention provides a kind of network function, which is first network function, network work( Energy 1100 includes following module：

First receiving module 1101, the message for receiving terminal transmission, the first network function are located at network example It is interior；

Determining module 1102, for determining whether the terminal allows to access the network example；

First sending module 1103, for sending management message to the terminal.

Optionally, as shown in figure 12, determining module 1102, including：

Transmission unit 11021 checks whether terminal allows to access the network for sending request to the second network function The message of example, the message carry the mark of the terminal；

Receiving unit 11022, the inspection result sent for receiving second network function, wherein the inspection knot Fruit is second network function determination according to the situation about identifying whether in terminal identification list of the terminal, described Terminal identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.

Optionally, as shown in figure 13, determining module 1102, including：

First acquisition unit 11023, the mark for obtaining the terminal；

First inspection unit 11024, for checking the identifying whether at end corresponding with the network example of the terminal It holds in identification list, whether allows to access the network with the determination terminal.

Optionally, as shown in figure 14, network function 1100 further includes：

Second receiving module 104, for receives the second network function or third network function transmission with the network The corresponding terminal identification list of example, what the terminal identification list included is identified as the internal indicator of terminal.

Optionally, as shown in figure 15, determining module 1102, including：

Second acquisition unit 11025, the signing information for obtaining the terminal；

Second inspection unit 11026, for checking the mark that whether there is the network example in the signing information；

First determination unit 11027, if for there are the marks of the network example in the signing information, it is determined that institute Stating terminal allows to access the network example；

Second determination unit 11028, if the mark for the network example to be not present in the signing information, it is determined that The terminal does not allow to access the network example.

Optionally, second acquisition unit 11025 is used to obtain the signing information of the terminal from signing information database, Wherein, the record that the signing information database includes has the signing information of the mark of the network example to be, the signing letter After breath database receives terminal identification list, the net will be added in the signing information of the terminal in the terminal identification list The mark of network example and obtain, the terminal identification list includes the mark for allowing to access the terminal of the network example.

Optionally, the response message that first sending module 1103 is used to return to the terminal, wherein the response Message carries following one or more：

Optionally, the target message is the access request that the terminal accesses the network entity；Or

The target message is the foundation request that session is established in the network example.

Optionally, as shown in figure 16, network function 1100 further includes：

Second sending module 1105, for sending the application server address to the user plane functions of the network example List.

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

It should be noted that above-mentioned network function 1100 can be in Fig. 1-embodiments shown in Fig. 10 in the present embodiment First network function, the arbitrary embodiment of first network function can be by the present embodiment in Fig. 1-embodiment illustrated in fig. 10 Above-mentioned network function 1100 realized that and reach identical advantageous effect, details are not described herein again.

Referring to Figure 17, the embodiment of the present invention also provides a kind of network function, which is the second network function, is such as schemed Shown in 17, network function 1700 includes：

Receiving module 1701, the instance management information sent for receiving the corresponding server of network example；

Using module 1702, for using the instance management information, the instance management information is for managing the net The terminal of network example accesses.

Optionally, the instance management information includes terminal identification list corresponding with the network example, such as Figure 18 institutes Show, using module 1702, including：

Receiving unit 17021, the request inspection that the first network function for receiving in the network example is sent Whether terminal allows the message for accessing the network example, which carries the mark of terminal, and the terminal is to described the One network function sends the terminal for the access request for accessing the network example；

Inspection unit 17022, for checking the identifying whether in the terminal identification list of the terminal, to be used Receive or refuse the inspection result of the access request in expression；

Transmission unit 17023, for returning to the inspection result to the first network function.

Optionally, the instance management information includes terminal identification list corresponding with the network example, uses module 1702 to the first network function in the network example for sending the terminal identification list, so that first net The access request for the access network example that network function receives or rejects according to the terminal identification list.

Optionally, the terminal identification list includes outer logo, described to use module by signing information database The outer logo is converted into internal indicator, and it includes in described to be sent to the first network function in the network example The terminal identification list of portion's mark.

Optionally, the instance management information includes terminal identification list corresponding with the network example and the network The mark of example is used to send the terminal identification list and the network example to signing information database using module 1702 Mark so that the signing information database will add the net in the signing information of the terminal in the terminal identification list The mark of network example.

Optionally, it is used to send instance management to the first network function in the network example using module 1702 Information, the instance management information include following one or more：

Optionally, the network example is third-party network example.

It should be noted that above-mentioned network function 1700 can be in Fig. 1-embodiments shown in Fig. 10 in the present embodiment Second network function, the arbitrary embodiment of the second network function can be by the present embodiment in Fig. 1-embodiment illustrated in fig. 10 Above-mentioned network function 1700 realized that and reach identical advantageous effect, details are not described herein again.

Referring to Figure 19, the embodiment of the present invention also provides a kind of terminal, as shown in figure 19, including：

Sending module 1901 is used for the first network function transmission target message in network example；

Receiving module 1902, the management message sent for receiving the first network function, the management message is institute It states first network function and determines whether the terminal allows to access the management message sent after the network example.

Optionally, receiving module 1902 is used to receive the response message that the first network function is sent, wherein the sound Message is answered to carry following one or more：

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

It should be noted that terminal 1900 can be the terminal in Fig. 1-embodiments shown in Fig. 10 in the present embodiment, figure The arbitrary embodiment of terminal can be realized by the above-mentioned terminal 1900 in the present embodiment in 1- embodiment illustrated in fig. 10, with And reach identical advantageous effect, details are not described herein again.

Referring to Figure 20, show that a kind of structure of network function, the network function are first network function, the network work(in figure Can include：Processor 2000, transceiver 2010, memory 2020, user interface 2030 and bus interface, wherein：

Processor 2000 executes following process for reading the program in memory 2020：

The message that terminal is sent is received by transceiver 2010, the first network function is located in network example；

Determine whether the terminal allows to access the network example；

By transceiver 2010 management message is sent to the terminal.

Wherein, transceiver 2010, for sending and receiving data under the control of processor 2000.

In fig. 20, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2000 generation of processor The various circuits for the memory that the one or more processors and memory 2020 of table represent link together.Bus architecture may be used also To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2010 can To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided Member.For different user equipmenies, user interface 2030, which can also be, external the interface for needing equipment is inscribed, and connection is set Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..

Processor 2000 is responsible for bus architecture and common processing, and memory 2020 can store processor 2000 and exist Execute used data when operation.

Optionally, whether the determination terminal allows to access the network example, including：

Request is sent to the second network function check whether the terminal allows to access the network by transceiver 2010 The message of example, the message carry the mark of the terminal；

The inspection result that second network function is sent is received by transceiver 2010, wherein the inspection knot Fruit is second network function determination according to the situation about identifying whether in terminal identification list of the terminal, described Terminal identification list is the terminal identification list corresponding with the network example that second network function obtains in advance.

Obtain the mark of the terminal；

Identifying whether in terminal identification list corresponding with the network example for the terminal is checked, described in determination Whether terminal allows to access the network example.

Optionally, processor 2000 is additionally operable to：

It is sending with the network example pair that the second network function or third network function are received by transceiver 2010 The terminal identification list answered, what the terminal identification list included is identified as the internal indicator of terminal.

Obtain the signing information of the terminal；

Check the mark that whether there is the network example in the signing information；

Optionally, the signing information for obtaining the terminal, including：

The signing information of the terminal is obtained from signing information database by transceiver 2010, wherein the signing The record that information database includes has the signing information of the mark of the network example to be, the signing information database receives After terminal identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list and It obtains, the terminal identification list includes the mark for allowing to access the terminal of the network example.

Optionally, described to send management message to the terminal, including：

The response message returned to the terminal by transceiver 2010, wherein the response message is carried as next Item is multinomial：

Optionally, processor 2000 is additionally operable to：

By transceiver 2010 the application server address list is sent to the user plane functions of the network example.

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

It should be noted that in the present embodiment above-mentioned network function can be in Fig. 1-embodiments shown in Fig. 10 first Network function, the arbitrary embodiment of first network function can be by upper in the present embodiment in Fig. 1-embodiment illustrated in fig. 10 It states network function to be realized, and reaches identical advantageous effect, details are not described herein again.

Referring to Figure 21, show that a kind of structure of network function, the network function are the second network function, the network work(in figure Can include：Processor 2100, transceiver 2110, memory 2120, user interface 2130 and bus interface, wherein：

Processor 2100 executes following process for reading the program in memory 2120：

The instance management information that the corresponding server of network example is sent is received by transceiver 2110；

Using the instance management information, the instance management information is used to manage the terminal access of the network example.

Wherein, transceiver 2110, for sending and receiving data under the control of processor 2100.

In figure 21, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2100 generation of processor The various circuits for the memory that the one or more processors and memory 2120 of table represent link together.Bus architecture may be used also To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2110 can To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided Member.For different user equipmenies, user interface 2130, which can also be, external the interface for needing equipment is inscribed, and connection is set Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..

Processor 2100 is responsible for bus architecture and common processing, and memory 2120 can store processor 2100 and exist Execute used data when operation.

Optionally, the instance management information includes terminal identification list corresponding with the network example, the use The instance management information, including：

The request that the first network function being located in the network example is sent is received by transceiver 2110 checks terminal The message for accessing the network example, the message whether is allowed to carry the mark of terminal, the terminal is to first net Network function sends the terminal for the access request for accessing the network example；

Identifying whether in the terminal identification list for the terminal is checked, to obtain for indicating to receive or refuse The inspection result of the access request；

By transceiver 2110 inspection result is returned to the first network function.

The terminal identification list is sent to the first network function in the network example by transceiver 2110, So that the access network example that the first network function receives or rejects according to the terminal identification list Access request.

Optionally, the terminal identification list includes outer logo, described to the first net corresponding with the network example Network function sends the terminal identification list, including：

The outer logo is converted into internal indicator by signing information database, and by transceiver 2110 to positioned at First network function transmission in the network example includes the terminal identification list of the internal indicator.

Optionally, the instance management information includes terminal identification list corresponding with the network example and the network The mark of example, it is described using the instance management information, including：

The mark of the terminal identification list and the network example is sent to signing information database by transceiver 2110 Know, so that the signing information database will add the network reality in the signing information of the terminal in the terminal identification list The mark of example.

Optionally, described using the instance management information, including：

Instance management information is sent to the first network function in the network example by transceiver 2110, it is described Instance management information includes following one or more：

Optionally, the network example is third-party network example.

It should be noted that in the present embodiment above-mentioned network function can be in Fig. 1-embodiments shown in Fig. 10 second Network function, the arbitrary embodiment of the second network function can be by upper in the present embodiment in Fig. 1-embodiment illustrated in fig. 10 It states network function to be realized, and reaches identical advantageous effect, details are not described herein again.

Referring to Figure 22, show that a kind of structure of terminal, the terminal include in figure：Processor 2200, transceiver 2210, storage Device 2220, user interface 2230 and bus interface, wherein：

Processor 2200 executes following process for reading the program in memory 2220：

By transceiver 2210 in network example first network function send target message；

The management message that the first network function is sent is received by transceiver 2210, and the management message is described the One network function determines whether the terminal allows to access the management message sent after the network example.

Wherein, transceiver 2210, for sending and receiving data under the control of processor 2200.

In fig. 22, bus architecture may include the bus and bridge of any number of interconnection, specifically by 2200 generation of processor The various circuits for the memory that the one or more processors and memory 2220 of table represent link together.Bus architecture may be used also To link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, these are all It is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver 2210 can To be multiple element, that is, includes transmitter and receiver, the list for being communicated over a transmission medium with various other devices is provided Member.For different user equipmenies, user interface 2230, which can also be, external the interface for needing equipment is inscribed, and connection is set Standby including but not limited to keypad, display, loud speaker, microphone, control stick etc..

Processor 2200 is responsible for bus architecture and common processing, and memory 2220 can store processor 2200 and exist Execute used data when operation.

Optionally, the management message for receiving the first network function and sending, including：

The response message that the first network function is sent is received by transceiver 2210, wherein the response message is taken With following one or more：

Optionally, the network example is third-party network example；And/or

First network function face function in order to control.

It should be noted that above-mentioned terminal can be the terminal in Fig. 1-embodiments shown in Fig. 10 in the present embodiment, figure The arbitrary embodiment of terminal can be realized by the above-mentioned terminal in the present embodiment in 1- embodiment illustrated in fig. 10, Yi Jida To identical advantageous effect, details are not described herein again.

In several embodiments provided herein, it should be understood that disclosed method and apparatus, it can be by other Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only For a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component can combine Or it is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed phase Coupling, direct-coupling or communication connection between mutually can be by some interfaces, the INDIRECT COUPLING or communication of device or unit Connection can be electrical, machinery or other forms.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that the independent physics of each unit includes, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of hardware adds SFU software functional unit.

The above-mentioned integrated unit being realized in the form of SFU software functional unit can be stored in one and computer-readable deposit In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes receiving/transmission method described in each embodiment of the present invention Part steps.And storage medium above-mentioned includes：USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic disc or CD etc. are various to store The medium of program code.

The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications It should be regarded as protection scope of the present invention.

Claims

1. a kind of management method of terminal, which is characterized in that including：

The first network function sends management message to the terminal.

2. the method as described in claim 1, which is characterized in that the message is that the terminal accesses connecing for the network example Enter request；Or the message is that the foundation request of session is established in the network example.

3. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect Enter the network example, including：

The first network function sends request to the second network function and checks whether the terminal allows to access the network reality The message of example, the message carry the mark of the terminal；

The first network function receives the inspection result that second network function is sent, wherein the inspection result is institute The second network function is stated according to the situation about identifying whether in terminal identification list of the terminal and determination, the terminal mark It is the terminal identification list corresponding with the network example that second network function obtains in advance to know list.

4. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect Enter the network example, including：

The first network function obtains the mark of the terminal；

Terminal described in the first network functional check is identified whether in terminal identification list corresponding with the network example In, whether allow to access the network example with the determination terminal.

5. method as claimed in claim 4, which is characterized in that the method further includes：

First network function second network function of reception or third network function send corresponding with the network example The terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.

6. method as claimed in claim 5, which is characterized in that the internal indicator that the terminal identification list includes is described the The internal indicator that outer logo is converted by two network functions by signing information database, the outer logo are described second Network function receives the outer logo that the corresponding server of the network example is sent；Or

The internal indicator that the terminal identification list includes is that the third network function will be external by signing information database The internal indicator being converted into is identified, the outer logo is that the third network function receives the corresponding service of the network example The outer logo that device is sent.

7. method as claimed in claim 2, which is characterized in that the first network function determines whether the terminal allows to connect Enter the network example, including：

The first network function obtains the signing information of the terminal；

If there are the marks of the network example in the signing information, it is determined that the terminal allows to access the network reality Example；

If the mark of the network example is not present in the signing information, determining the terminal not allows to access the network reality Example.

8. the method for claim 7, which is characterized in that have the terminal in the net if the signing information also records The mark for the application program that can be used in network example, then the management message carry the mark of the application program；Or

If the signing information also records the mark for the application program for having the terminal that can not be used in the network example, Then the management message carries the mark of the application program.

9. the method for claim 7, which is characterized in that the first network function obtains the signing letter of the terminal Breath, including：

The first network function obtains the signing information of the terminal from signing information database, wherein the signing letter The record that breath database includes has the signing information of the mark of the network example to be, the signing information database receives end After holding identification list, the mark of the network example will be added in the signing information of the terminal in the terminal identification list and obtained It arrives, the terminal identification list includes the mark for allowing to access the terminal of the network example.

10. the method as described in claim 1, which is characterized in that the first network function sends management to the terminal and disappears Breath, including：

The response message that the first network function is returned to the terminal, wherein the response message is carried such as the next item down Or it is multinomial：

Application program identification list, the application program identification list are included in the application journey that can be used in the network example The mark of sequence or the application program identification list are included in the mark for the application program that can not be used in the network example Know；

Server identification list, the server identification list are included in the application server being able to access that in the network example Mark or the application server identifier list be included in the application server that can not be accessed in the network example Mark；

List of server addresses, the list of server addresses are included in the application server being able to access that in the network example Address or the application server identifier list be included in the application server that can not be accessed in the network example Address.

11. method as claimed in claim 10, which is characterized in that the method further includes：

12. the method as described in any one of claim 1-11, which is characterized in that the network example is third-party network Example；And/or

First network function face function in order to control.

13. a kind of management method of terminal, which is characterized in that including：

Second network function uses the instance management information, and the instance management information is for managing the network example Terminal access.

14. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair The terminal identification list answered, second network function use the instance management information, including：

Second network function receives the request that the first network function being located in the network example is sent and checks that terminal is The no message for allowing to access the network example, the message carry the mark of terminal, and the terminal is to the first network Function sends the terminal for the access request for accessing the network example；

Second network function checks the identifying whether in the terminal identification list of the terminal, to obtain for indicating Receive or refuse the inspection result of the access request；

15. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair The terminal identification list answered, second network function use the instance management information, including：

Second network function sends the terminal identification list to the first network function in the network example, with Make the access network example that the first network function receives or reject according to the terminal identification list Access request.

16. method as claimed in claim 15, which is characterized in that the terminal identification list includes outer logo, and described Two network functions send the terminal identification list to first network function corresponding with the network example, including：

The outer logo is converted into internal indicator by second network function by signing information database, and to positioned at institute State the terminal identification list that the transmission of the first network function in network example includes the internal indicator.

17. method as claimed in claim 13, which is characterized in that the instance management information includes and the network example pair The mark of the terminal identification list and the network example answered, second network function use the instance management information, packet It includes：

Second network function sends the mark of the terminal identification list and the network example to signing information database, So that the signing information database will add the network example in the signing information of the terminal in the terminal identification list Mark.

18. method as claimed in claim 17, which is characterized in that the instance management information further includes in the network example In the mark of application program that can use, second network function also has described answer to signing information database transmission With the mark of program, so that the signing information database will add in the signing information of the terminal in the terminal identification list The mark of the application program；Or

The instance management information further includes the mark for the application program that can not be used in the network example, and described second Network function also sends the mark for having the application program to the signing information database, so that the signing information database The mark of the application program will be added in the signing information of terminal in the terminal identification list.

19. method as claimed in claim 13, which is characterized in that second network function is believed using the instance management Breath, including：

Second network function sends instance management information, the reality to the first network function in the network example Example management information includes following one or more：

20. the method as described in any one of claim 13-19, which is characterized in that the network example is third-party net Network example.

21. a kind of network function, the network function is first network function, which is characterized in that including：

First sending module, for sending management message to the terminal.

22. network function as claimed in claim 21, which is characterized in that the message is that the terminal accesses the network reality The access request of example；Or the message is that the foundation request of session is established in the network example.

23. network function as claimed in claim 22, which is characterized in that the determining module, including：

Transmission unit checks whether terminal allows to access disappearing for the network example for sending request to the second network function Breath, the message carry the mark of the terminal；

Receiving unit, the inspection result sent for receiving second network function, wherein the inspection result is described the The determination according to the situation about identifying whether in terminal identification list of the terminal of two network functions, the terminal iidentification row Table is the terminal identification list corresponding with the network example that second network function obtains in advance.

24. network function as claimed in claim 22, which is characterized in that the determining module, including：

First acquisition unit, the mark for obtaining the terminal；

First inspection unit, for checking the identifying whether in terminal identification list corresponding with the network example of the terminal In, whether allow to access the network with the determination terminal.

25. network function as claimed in claim 24, which is characterized in that the network function further includes：

Second receiving module, for receives the second network function or third network function transmission it is corresponding with the network example The terminal identification list, what the terminal identification list included is identified as the internal indicator of terminal.

26. network function as claimed in claim 25, which is characterized in that the internal indicator that the terminal identification list includes is The internal indicator that outer logo is converted by second network function by signing information database, the outer logo are institute It states the second network function and receives the outer logo that the corresponding server of the network example is sent；Or

The internal indicator that the terminal identification list includes is that the third network function will be external by signing information database The internal indicator being converted into is identified, the outer logo is that the third network function receives the corresponding service of the network example The external mark that device is sent.

27. network function as claimed in claim 22, which is characterized in that the determining module, including：

Second acquisition unit, the signing information for obtaining the terminal；

First determination unit, if for there are the marks of the network example in the signing information, it is determined that the terminal permits Perhaps the network example is accessed；

Second determination unit, if the mark for the network example to be not present in the signing information, it is determined that the terminal Do not allow to access the network example.

28. network function as claimed in claim 27, which is characterized in that there is the terminal to exist if the signing information also records The mark for the application program that can be used in the network example, then the management message carry the mark of the application program Know；Or

29. network function as claimed in claim 27, which is characterized in that the second acquisition unit is used for from signing information number According to the signing information for obtaining the terminal in library, wherein the record that the signing information database includes has the network example The signing information of mark be, after the signing information database receives terminal identification list, by the terminal identification list In terminal signing information in add the mark of the network example and obtain, the terminal identification list includes allowing to connect Enter the mark of the terminal of the network example.

30. network function as claimed in claim 21, which is characterized in that first sending module to the terminal for returning The response message returned, wherein the response message carries following one or more：

31. network function as claimed in claim 30, which is characterized in that the network function further includes：

Second sending module, for sending the application server address list to the user plane functions of the network example.

32. the network function as described in any one of claim 21-31, which is characterized in that the network example is third party Network example；And/or

First network function face function in order to control.

33. a kind of network function, the network function is the second network function, which is characterized in that including：

Using module, for using the instance management information, the instance management information is for managing the network example Terminal accesses.

34. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real The corresponding terminal identification list of example, it is described using module, including：

Receiving unit checks whether terminal permits for receiving the request that the first network function being located in the network example is sent Perhaps the message of the network example is accessed, which carries the mark of terminal, and the terminal is to the first network function Send the terminal for the access request for accessing the network example；

Inspection unit, for checking the identifying whether in the terminal identification list of the terminal, to obtain for indicating to connect By or the refusal access request inspection result；

35. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real The corresponding terminal identification list of example, it is described to be used to send institute to the first network function in the network example using module Terminal identification list is stated, so that the first network function connecing of receiving or reject according to the terminal identification list Enter the access request of the network example.

36. network function as claimed in claim 35, which is characterized in that the terminal identification list includes outer logo, institute It states and using module is used to that the outer logo to be converted into internal indicator by signing information database, and to positioned at the network First network function transmission in example includes the terminal identification list of the internal indicator.

37. network function as claimed in claim 33, which is characterized in that the instance management information includes and the network is real The mark of example corresponding terminal identification list and the network example, it is described to be used to send to signing information database using module The mark of the terminal identification list and the network example, so that the signing information database is by the terminal identification list In terminal signing information in add the mark of the network example.

38. network function as claimed in claim 37, which is characterized in that the instance management information further includes in the network The mark for the application program that can be used in example, second network function are also sent to the signing information database The mark of application program is stated, so that the signing information database will be in the signing information of the terminal in the terminal identification list Add the mark of the application program；Or

39. network function as claimed in claim 33, which is characterized in that described to be used for positioned at network reality using module First network function in example sends instance management information, and the instance management information includes following one or more：

40. the network function as described in any one of claim 33-39, which is characterized in that the network example is third party Network example.