CN108990132B

CN108990132B - Access control method and device

Info

Publication number: CN108990132B
Application number: CN201710412128.2A
Authority: CN
Inventors: 徐敏; 张宏平
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2017-06-02
Filing date: 2017-06-02
Publication date: 2020-10-16
Anticipated expiration: 2037-06-02
Also published as: WO2018219253A1; CN108990132A

Abstract

The application discloses an access control method and device, which are used for solving the problem that access control cannot be performed when a terminal does not find a corresponding access type or finds a plurality of access types according to attributes corresponding to an initiated connection request when the terminal initiates the connection request in the prior art. The method comprises the following steps: when a terminal needs to send a connection request to an access network device, determining that an access type corresponding to the connection request cannot be matched, or determining that an access type corresponding to the connection request is matched but an access limiting parameter corresponding to the access type cannot be matched; and performing access control according to the default access limiting parameter configured to the terminal by the access network equipment, or performing access control according to the access limiting parameter matched with the first default access type configured to the terminal by the access network equipment, or performing access control according to the access limiting parameter matched with the second default access type preset in the terminal.

Description

Access control method and device

Technical Field

The present application relates to the field of mobile communications technologies, and in particular, to an access control method and apparatus.

Background

In a Long Term Evolution (LTE) system, multiple Access Control (AC) mechanisms are configured for different types of User Equipment (UE) or Service requirements to avoid system overload, such as Access Class Barring (ACB), extended Access Class Barring (EAB), Application specific Access Class Barring (ACDC), and the like for idle (idle) state UEs, and Service specific Access Class Barring (SSAC) for connected state UEs. Under different Access control mechanisms, AN Access Network (R) AN (Radio) device performs Access control on a UE by configuring Access restriction (barring) parameters for the UE.

Currently, in a Non-access stratum (NAS) flow such as an attach (attach) process or a location update process, a UE may obtain, from a Core Network (CN), a mapping relationship between an attribute for describing a connection request and an access type, where the access type is used to identify an access restriction parameter corresponding to the access type, as shown in table 1 below, an example of the mapping relationship between the attribute for describing the connection request and the access type is shown, where the attribute of the connection request includes, but is not limited to, one or more of the following: access class, slice (slice) identity, application identity, traffic type, and signaling type, etc.

Table 1: mapping relation between attribute of connection request and access type

Access class	Section mark	Application identification	Traffic/signaling type	…	Type of access
						*	7	*	*	3
*	*	3	*		5
						10	*	*	Emergency call	10
*	*	*	NAS signaling		2

In addition, the access network device may configure, through system messages or dedicated signaling, a mapping relationship for describing different access types and specific access restriction parameters for the UE. Before sending a connection request to the access network device, the subsequent UE may determine an access type corresponding to the connection request according to the attribute of the connection request and the obtained mapping relationship between the attribute for describing the connection request and the access type, match the corresponding access restriction parameter in the mapping relationship for describing different access types and the specific access restriction parameter according to the determined access type, and perform access using the matched specific access restriction parameter. Wherein, the access limiting parameters may include a probability of barring access (barring factor) and a duration of barring access (barring time); or whether one bit indicates access prohibition, etc.

However, before initiating an attach or a registration procedure after performing cell reselection across a Public Land Mobile Network (PLMN), because a mapping relationship between an attribute of a connection request sent by a core Network and an access type is not obtained, when initiating the connection request, the UE cannot determine an access type corresponding to the connection request to be initiated, and further cannot determine a corresponding access restriction parameter for performing access control, and at this time, the UE may give up access.

In addition, if the UE determines multiple access types according to the attribute of the connection request to be initiated and the obtained mapping relationship between the attribute for describing the connection request and the access types, the UE cannot determine which access type corresponds to the access restriction parameter for performing access control, and at this time, the UE gives up access. For example, if the slice identifier of the connection request to be initiated by the UE is 7 and the application identifier is 3, the UE determines that the values of the access types corresponding to the connection request are 3 and 5 respectively according to the mapping relationship between the attribute of the connection request and the access type shown in table 1 above, it cannot be determined whether to perform access control by using the access limiting parameter corresponding to 3 or by using the access limiting parameter corresponding to 5.

Therefore, in the prior art, when a UE initiates a connection request, access control cannot be performed or access failures occur when a corresponding access type is not found or multiple access types are found according to an attribute corresponding to the initiated connection request.

Disclosure of Invention

The embodiment of the application provides an access control method and device, which are used for solving the problem that in the prior art, when a terminal initiates a connection request, a corresponding access type is not found or a plurality of access types are not found according to an attribute corresponding to the initiated connection request, and access control cannot be performed.

In a first aspect, an embodiment of the present application provides an access control method, where the method includes: when a terminal needs to send a connection request to an access network device, determining that an access type corresponding to the connection request cannot be matched, or determining that an access type corresponding to the connection request is matched but an access limiting parameter corresponding to the access type cannot be matched, wherein the access type is used for identifying the corresponding access limiting parameter; and performing access control according to the default access limiting parameter configured to the terminal by the access network equipment, or according to the first default access type configured to the terminal by the access network equipment, matching the access limiting parameter corresponding to the first default access type, and performing access control according to the matched access limiting parameter, or according to the second default access type preset in the terminal, matching the access limiting parameter corresponding to the second default access type, and performing access control according to the matched access limiting parameter.

By the method, when the terminal needs to send the connection request to the access network equipment, if the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched, access control is performed according to the default access limiting parameter, or the access control is performed according to the access limiting parameter corresponding to the first default access type, or the access control is performed according to the access limiting parameter corresponding to the second default access type, so that the problem that the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched is solved, and overload of a wireless communication system is avoided.

In a possible embodiment, the terminal determines that the access type corresponding to the connection request is not matched by the following method: the terminal determines that the connection request is an access layer signaling request, or determines that a first mapping relation for describing the attribute of the connection request and the access type does not exist, or determines that the access type corresponding to the connection request cannot be matched in the first mapping relation according to the attribute of the connection request. The terminal determines the access type matched with the connection request but the access limiting parameter not matched with the access type through the following modes: the terminal determines that the access type corresponding to the connection request is matched in a first mapping relation between the attribute for describing the connection request and the access type according to the attribute of the connection request, but the access limiting parameter corresponding to the access type is not matched in a second mapping relation between different access types and specific access limiting parameters.

In one possible embodiment, the default access restriction parameter and/or the first default access type are determined by the access network device according to one or more of a public land mobile network PLMN type, a type of connection request, and a slice type, wherein the type of connection request is an access stratum signaling request or a non-access stratum signaling request or a service request.

In a specific embodiment, the terminal determines that the access type corresponding to the connection request cannot be matched by the following steps: the non-access layer of the terminal determines that no first mapping relation exists, or determines that the access type corresponding to the connection request cannot be matched in the first mapping relation according to the attribute of the connection request, or determines that the access type corresponding to the connection request is matched in the first mapping relation but the access limiting parameter corresponding to the access type cannot be matched in the second mapping relation; the method comprises the steps that a non-access stratum of a terminal sends a first message to an access stratum of the terminal, the access stratum of the terminal determines that the first message does not carry an access type corresponding to a connection request, wherein the first message is used for carrying the connection request and the access type corresponding to the connection request, or the non-access stratum of the terminal sends a second message to the access stratum of the terminal, and the second message is used for indicating that the non-access stratum of the terminal does not match the access type corresponding to the connection request.

In a second aspect, an embodiment of the present application provides an access control method, where the method includes: the access network equipment determines a default access limiting parameter and/or a first default access type and sends the first default access limiting parameter or the default access type to the terminal, wherein the access type is used for identifying the corresponding access limiting parameter; receiving a connection request sent by a terminal, wherein the connection request is sent by the terminal, and when the terminal needs to send the connection request to an access network device, the access type corresponding to the connection request cannot be matched, or when the access type corresponding to the connection request is matched but the access limiting parameter corresponding to the access type cannot be matched, the access request is subjected to access control according to the default access limiting parameter or the access limiting parameter matched according to the first default access type and is sent.

By the method, the access network equipment determines a default access limiting parameter or a first default access type, and sends the default access limiting parameter or the first default access type to the terminal, and receives a connection request which is determined to be not matched with the access type corresponding to the connection request when the terminal needs to send the connection request to the access network equipment, or determines the access type which is matched with the access type corresponding to the connection request but is not matched with the access limiting parameter corresponding to the access type, and carries out access control and sends the connection request according to the default access limiting parameter or the access limiting parameter matched with the first default access type, thereby solving the problem that the terminal cannot carry out access control when the access type corresponding to the connection request is not matched with the access type or the access type corresponding to the connection request but is not matched with the access limiting parameter corresponding to the access type, overload of the wireless communication system is avoided.

In one possible embodiment, the access network device determines the default access restriction parameter and/or the first default access type according to one or more of a public land mobile network PLMN type, a type of the connection request, and a slice type, and the type of the connection request is an access stratum signaling request or a non-access stratum signaling request or a service request.

In a third aspect, an embodiment of the present application provides an access control method, where the method includes: when a terminal needs to send a connection request to an access network device, determining that an access type corresponding to the connection request cannot be matched, or determining that an access type corresponding to the connection request is matched but an access limiting parameter corresponding to the access type cannot be matched, wherein the access type is used for identifying the corresponding access limiting parameter; the connection request is sent to the access network device.

By the method, when the terminal needs to send the connection request to the access network equipment, if the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched, the connection request is sent to the access network equipment, and the problems that the terminal cannot carry out access control and access failure when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched are solved.

In a fourth aspect, an embodiment of the present application provides an access control method, where the method includes: when a terminal needs to send a connection request to access network equipment, matching at least two access types in a first mapping relation between the attribute for describing the connection request and the access types according to the attribute of the connection request, wherein the access types are used for identifying corresponding access limiting parameters; the terminal matches corresponding access limiting parameters in a third mapping relation configured by the access network equipment according to a combined access type formed by at least two matched access types, and performs access control according to the matched access limiting parameters, wherein the third mapping relation at least comprises a mapping relation between the combined access type formed by a plurality of access types and the specific access limiting parameters, or matches access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and the specific access limiting parameters according to the at least two matched access types, performs access control according to the matched access limiting parameters, or selects one access type from the at least two matched access types, and matches the access limiting parameters corresponding to the selected access type in a second mapping relation for describing different access types and the specific access limiting parameters, and performing access control according to the matched access limiting parameters.

By the method, when the terminal needs to send a connection request to the access network equipment, if at least two access types are matched, according to the matched at least two access types, the corresponding access limiting parameters are matched in the third mapping relation and access control is performed according to the matched access limiting parameters, or according to the matched at least two access types, the access limiting parameters respectively corresponding to the at least two access types are matched in the second mapping relation, access control is performed according to the matched access limiting parameters, or one access type is selected from the matched at least two access types, the access limiting parameters corresponding to the selected access type are matched in the second mapping relation for describing different access types and specific access limiting parameters, and access control is performed according to the matched access limiting parameters, the problem that access control cannot be performed due to the fact that at least two access types are matched when the terminal needs to send a connection request to the access network equipment is solved, and overload of a wireless communication system is avoided.

In a possible embodiment, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, when the terminal matches a corresponding access restriction parameter in the third mapping relationship configured by the access network device according to a combined access type formed by the at least two matched access types, the terminal further matches the corresponding access restriction parameter in the third mapping relationship according to the at least two matched access types.

In a possible embodiment, if the terminal matches at least two access restriction parameters in the third mapping relationship, the access control is performed through the following steps: the terminal judges whether the matched at least two access limiting parameters are met or not in sequence according to the use sequence set by the access network equipment, if the terminal meets the currently judged access limiting parameters, the terminal sends the connection request to the access network equipment, and if not, the terminal continues to judge the next access limiting parameter; and if the terminal does not meet the last access limiting parameter in the matched at least two access limiting parameters, the connection request is not sent, so that the access control can be realized when the terminal is matched with a plurality of access limiting parameters in the third mapping relation.

In a possible embodiment, the method for controlling access by a terminal according to at least two matched access types, includes, in a second mapping relationship used for describing different access types and specific access restriction parameters, matching access restriction parameters corresponding to the at least two access types, and performing access control according to the matched access restriction parameters, specifically including: the terminal respectively judges whether the matched access limiting parameters are met, if the terminal meets any one of the matched access limiting parameters, the connection request is sent to the access network equipment, otherwise, the connection request is not sent, the problem that when the terminal needs to send the connection request to the access network equipment, at least two access types are matched, and access control cannot be carried out is solved, and the probability that the terminal accesses the network is improved.

In one possible embodiment, the terminal selects one access type from the at least two matched access types by: the terminal selects an access type with the highest priority from the at least two access types according to the priorities of the at least two access types; or the terminal respectively determines the number of the attributes matched by the at least two access types in the first mapping relation, and selects the access type with the most number of the attributes matched by the at least two access types.

In a fifth aspect, an embodiment of the present application provides an access control method, where the method includes: the access network equipment sends a third mapping relation to the terminal, wherein the third mapping relation at least comprises a mapping relation between a combined access type formed by a plurality of access types and a specific access limiting parameter, and the access types are used for identifying the corresponding access limiting parameters; receiving a connection request sent by a terminal, wherein the connection request is that when the terminal needs to send the connection request to an access network device, at least two access types are matched in a first mapping relation for describing the attributes of the connection request and the access types according to the attributes of the connection request, corresponding access limiting parameters are matched in a third mapping relation according to a combined access type formed by the at least two access types, and access control is carried out according to the matched access limiting parameters and the connection request is sent.

By the method, the access network equipment sends the third mapping relation to the terminal and receives the connection request sent by the terminal, the connection request is that the terminal is matched with at least two access types in the first mapping relation for describing the attributes and the access types of the connection request according to the attributes of the connection request when the connection request is needed to be sent to the access network equipment, the corresponding access limiting parameters are matched in the third mapping relation according to the combined access type formed by the at least two access types, and the access control is carried out and the connection request is sent according to the matched access limiting parameters, so that the problem that the access control cannot be carried out when the terminal needs to send the connection request to the access network equipment due to the matching of the at least two access types is solved, and the overload of a wireless communication system is avoided.

In a possible implementation manner, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to the access network device, at least two access types are matched in the first mapping relationship between the attribute for describing the connection request and the access type according to the attribute of the connection request, and the corresponding access restriction parameter is matched in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and access control is performed according to the matched access restriction parameter and the sent access request.

In a sixth aspect, an embodiment of the present application further provides a terminal, where the terminal has a function of implementing a terminal behavior in the method example of the first aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In a possible design, the structure of the terminal includes a determining unit and a control unit, and these units may execute corresponding functions in the method example of the first aspect, for which specific reference is made to detailed description in the method example of the first aspect, which is not described herein again.

In one possible design, the terminal structurally includes a memory, a transceiver for receiving and transmitting data, and a processor configured to enable the terminal to perform the corresponding functions of the method of the first aspect. The memory is coupled to the processor and retains program instructions and data necessary for the terminal.

In a seventh aspect, an embodiment of the present application further provides an access network device, where the access network device has a function of implementing an access network device behavior in the example of the method in the second aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In a possible design, the structure of the access network device includes a processing unit and a receiving unit, and these units may execute corresponding functions in the method example of the second aspect, for specific reference, detailed description in the method example of the second aspect is given, and details are not repeated here.

In one possible design, the terminal includes a memory, a transceiver configured to receive and transmit data, and a processor configured to support the access network device to perform the corresponding functions of the method of the second aspect. The memory is coupled to the processor and retains program instructions and data necessary for the access network equipment.

In an eighth aspect, an embodiment of the present application further provides a terminal, where the terminal has a function of implementing a terminal behavior in the method example in the third aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In a possible design, the structure of the terminal includes a determining unit and a sending unit, and these units may execute corresponding functions in the method example of the third aspect, for specific reference, detailed description in the method example of the third aspect is omitted here for details.

In one possible design, the terminal includes a memory, a transceiver configured to receive and transmit data, and a processor configured to enable the terminal to perform the corresponding functions of the method of the third aspect. The memory is coupled to the processor and retains program instructions and data necessary for the terminal.

In a ninth aspect, an embodiment of the present application further provides a terminal, where the terminal has a function of implementing a terminal behavior in the method example in the fourth aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In a possible design, the structure of the terminal includes a determining unit and a sending unit, and these units may execute corresponding functions in the method example of the fourth aspect, for specific reference, detailed description in the method example of the fourth aspect is given, and details are not repeated here.

In one possible design, the terminal includes a memory, a transceiver configured to receive and transmit data, and a processor configured to enable the terminal to perform the corresponding functions of the method of the fourth aspect. The memory is coupled to the processor and retains program instructions and data necessary for the terminal.

In a tenth aspect, an embodiment of the present application further provides an access network device, where the access network device has a function of implementing an access network device behavior in the method example of the fifth aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In a possible design, the structure of the access network device includes a processing unit and a receiving unit, and these units may execute corresponding functions in the method example of the fifth aspect, for specific reference, detailed description in the method example of the fifth aspect is given, and details are not repeated here.

In one possible design, the structure of the terminal includes a memory, a transceiver for receiving and transmitting data, and a processor configured to support the access network device to perform the corresponding functions in the method of the fifth aspect. The memory is coupled to the processor and retains program instructions and data necessary for the access network equipment.

In an eleventh aspect, an embodiment of the present application further provides a mobile communication system, where the mobile communication system includes: terminal equipment, access network equipment and core network equipment.

In a twelfth aspect, embodiments of the present application further provide a computer storage medium, where a software program is stored, and when the software program is read and executed by one or more processors, the software program can implement the method provided by any one of the designs of any aspect.

Drawings

Fig. 1 is a schematic diagram of a mobile communication system according to an embodiment of the present application;

fig. 2 is an access control method according to an embodiment of the present application;

fig. 3 is another access control method provided in the embodiment of the present application;

fig. 4 is a diagram of another access control method according to an embodiment of the present application;

fig. 5 is a further access control method provided in the embodiment of the present application;

fig. 6 is a diagram of another access control method according to an embodiment of the present application;

fig. 7 is a further access control method according to an embodiment of the present application;

fig. 8 is a schematic diagram of a terminal filtering process provided in an embodiment of the present application;

fig. 9 is a further access control method according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of an access control apparatus according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of a terminal according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application;

fig. 13 is a schematic structural diagram of an access network device according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application;

fig. 15 is a schematic structural diagram of another terminal according to an embodiment of the present application;

fig. 16 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application;

fig. 17 is a schematic structural diagram of another terminal according to an embodiment of the present application;

fig. 18 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application;

fig. 19 is a schematic structural diagram of another access network device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings.

The embodiment of the application provides an access control method and a device based on the method, which are used for solving the problem that access control cannot be performed when a terminal does not find a corresponding access type or finds a plurality of access types according to an attribute corresponding to an initiated connection request when the terminal initiates the connection request in the prior art. The method and the device are based on the same inventive concept, and because the principles of solving the problems of the method and the device are similar, the implementation of the device and the method can be mutually referred, and repeated parts are not repeated.

Hereinafter, some terms related to the embodiments of the present application are explained to facilitate understanding by those skilled in the art.

In embodiments of the present application, a terminal may communicate with one or more core networks via a RAN, for example, the terminal may be a mobile telephone (or "cellular" telephone), a computer with mobile terminals, etc., for example, the terminal may also be a portable, pocket, hand-held, computer-included, or vehicle-mounted mobile device that exchanges voice and/or data with a radio access network. The terminal in the embodiment of the present application may also be a D2D (Device to Device) terminal or an M2M (Machine to Machine) terminal. The Access device may be an LTE system or an evolved Node B (eNB) in the LTE system, a macro base station, a micro base station (also referred to as a "small base station"), a pico base station, an Access Point (AP) or a Transmission Point (TP), and may also be a base station in a future network, such as a base station in a 5G network.

In the embodiment of the present application, the access type may be represented by numbers or letters; access restriction parameters include, but are not limited to, access probability and duration of barred access.

Embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

Fig. 1 shows an architecture of a mobile communication system, which mainly includes a terminal, an access network device, and a core network device. The access network may be a Global System for Mobile communications (GSM), a Universal Mobile Telecommunications System (UMTS), a fifth generation communications System (5G), or other Mobile communications systems, and provides radio access related services for the terminal, so as to implement a radio physical layer function, resource scheduling and radio resource management, radio access control, and mobility management function. The access network includes at least one RAN device, such as an eNodeB. The RAN device is connected to a core network device (e.g., a Mobility Management Entity (MME), a Serving Gateway (S-GW), or a Serving GPRS Support Node (SGSN)), so as to implement functions such as radio access bearer control. The core network device is responsible for connecting the terminal to different networks according to a connection request sent by the terminal through the access network device, and services such as charging, mobility management and the like, and configuring a first mapping relationship and a Quality of Service (Qos) rule (rule) for describing the attribute of the connection request and the access type for the terminal. It should be noted that the embodiments of the present application do not limit the types of access networks.

As shown in fig. 2, an embodiment of the present application provides an access control method, which is described as follows.

S201: when a terminal needs to send a connection request to an access network device, determining that an access type corresponding to the connection request cannot be matched, or determining that an access type corresponding to the connection request is matched but an access limiting parameter corresponding to the access type cannot be matched, wherein the access type is used for identifying the corresponding access limiting parameter.

The terminal determines that the access type corresponding to the connection request is not matched, wherein the access type corresponding to the connection request comprises one of the following scenes: a scene I, a terminal determines that the connection request is an access layer signaling request; determining, by the terminal, a first mapping relation which is not used for describing the attribute of the connection request and the access type, wherein the first mapping relation is sent to the terminal by the core network device; and a third scenario, where the terminal determines that the access type corresponding to the connection request cannot be matched in the first mapping relationship according to the attribute of the connection request, for example, an attribute corresponding to a newly introduced connection request but is not supported in the first mapping relationship, or the attribute of the connection request cannot be matched in the first mapping relationship with the corresponding access type.

The scenario that the terminal determines that the access type corresponding to the connection request is matched but the access limiting parameter corresponding to the access type is not matched includes: the terminal determines, according to the attribute of the connection request, that the access type corresponding to the connection request is matched in a first mapping relation between the attribute for describing the connection request and the access type, but the access restriction parameter corresponding to the access type is not matched in a second mapping relation between different access types and specific access restriction parameters, wherein the second mapping relation is sent to the terminal by the access network device.

The first mapping relation configured by the core network device is stored in a non-access layer of the terminal, when the terminal needs to send a connection request to the access network device, the non-access layer of the terminal matches an access type corresponding to the connection request in a first mapping system according to an attribute of the connection request, and sends a first message carrying the connection request and the access type corresponding to the connection request to the access layer of the terminal. If the terminal does not match the access type corresponding to the connection request, the first message does not carry the access type corresponding to the connection request, and only carries the connection request, or the non-access layer of the terminal sends a second message to the access layer of the terminal, wherein the second message is used for indicating that the non-access layer of the terminal does not match the access type corresponding to the connection request, so that the access layer of the terminal can determine that the access type corresponding to the connection request to be initiated is not matched according to the first message or the second message sent by the non-access layer. When the access layer of the terminal determines that the connection request is an access layer signaling request, the access layer of the terminal performs access control according to a default access limiting parameter configured to the terminal by the access network device, or an access limiting parameter corresponding to a first default access type configured to the terminal by the access network device, or an access limiting parameter corresponding to a second default access type preset in the terminal.

S202: the terminal carries out access control according to the default access limiting parameter configured to the terminal by the access network equipment, or matches the access limiting parameter corresponding to the first default access type according to the first default access type configured to the terminal by the access network equipment, and carries out access control according to the matched access limiting parameter, or matches the access limiting parameter corresponding to the second default access type according to the second default access type preset in the terminal, and carries out access control according to the matched access limiting parameter.

Before the terminal determines that a connection request needs to be sent to the access network equipment, the access network equipment determines default access limiting parameters or a first default access type and sends the determined default access limiting parameters or the first default access type to the terminal.

Accordingly, the terminal receives the default access limitation parameter or the default access type sent by the access network equipment.

Optionally, the Access Network device determines the default Access restriction parameter and/or the first default Access type according to one or more of a Public Land Mobile Network (PLMN) type, a type of a connection request to be initiated by the terminal, and a slice type, where the type of the connection request is an Access Stratum (AS) signaling request or a non-Access Stratum (nas) signaling request or a service request, so that the terminal can perform Access control according to a specific PLMN or a specific connection request type or a slice type. Specifically, the access network device may determine the default access restriction parameter and/or the first default access type by any one of the following manners:

in a first mode, the access network device determines a default access restriction parameter and/or the first default access type according to a PLMN type or a slice type or a type of a connection request (AS signaling request or NAS signaling request or service request) supported by a cell in the access network. For example, the access network device sets different default access limiting parameters and/or the first default access type according to different PLMN types, or the access network device sets different default access limiting parameters and/or the first default access type according to different slice types, or the access network device sets different default access limiting parameters and/or the first default access type according to different connection request types. Alternatively, the access network device may also set a uniform restriction parameter and/or a first default access type for the terminal. For example, the access network device may set a uniform restriction parameter and/or a first default access type for different PLMNs, or the access network device may set a uniform restriction parameter and/or a first default access type for different connection request types.

And secondly, the access network equipment determines the default access limiting parameter and/or the first default access type according to at least two of the PLMN type, the slice type and the connection request type. For example, the access network device sets different default access restriction parameters and/or the first default access type according to different PLMN types and further according to the type of the connection request or the type of slice, or sets different default access restriction parameters and/or the first default access type according to different types of slice and further according to the type of the connection request or the type of PLMN, or sets different default access restriction parameters and/or the first default access type according to different types of connection request and further according to the type of slice or the type of PLMN. For another example, the access network device further sets different default access restriction parameters and/or the first default access type according to the types of the connection requests for different slice types under different PLMN types, or the access network device further sets different default access restriction parameters and/or the first default access type according to the types of the slice for different connection requests for different PLMN types.

After the access network equipment determines the default limiting parameter and/or the first default access type, the determined default limiting parameter and/or the first default access type can be broadcasted to the terminal through a system message. If the terminal is in a connected state, the access network device may also configure the determined default restriction parameter and/or the first default access type to the terminal through dedicated signaling.

Optionally, the second default access type is protocol-specified, for example, the second default access type is pre-configured into the terminal according to the protocol specification when the terminal is shipped from a factory.

After the terminal obtains the first default access type or the second default access type, the access limiting parameter corresponding to the first default access type or the second default access type is matched in a second mapping relation configured for the terminal by the access network equipment, and access control is carried out according to the matched access limiting parameter. For example, if the access restriction parameter matched by the terminal is 80% (the access probability is 80%), 200 (the access prohibition duration is 200s), and the range of the random number generated by the terminal is 1-10, when the random number generated by the terminal is less than or equal to 8, it is determined that the terminal satisfies the access restriction parameter, and a connection request is sent to the access network device, otherwise, it is determined that the terminal does not satisfy the access restriction parameter, and the terminal is prohibited from sending the connection request to the access network device within 200 s. Since the principle that the terminal performs access control according to the default access restriction parameter is similar to the principle that the terminal performs access control according to the access restriction parameter matched with the first default access type or the second default access type, the detailed description is omitted here.

By the method, when the terminal needs to send the connection request to the access network equipment, if the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched, access control is performed according to the default access limiting parameter, or the access control is performed according to the access limiting parameter corresponding to the default access type, so that the problem that the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched is solved, and overload of a wireless communication system is avoided.

As shown in fig. 3, an embodiment of the present application provides an access control method, which is described as follows.

S201: when the terminal needs to send a connection request to the access network device, determining that the access type corresponding to the connection request cannot be matched, or determining that the access type corresponding to the connection request is matched but the access limiting parameter corresponding to the access type cannot be matched.

S301: the terminal sends the connection request to the access network device.

As shown in fig. 4, an embodiment of the present application further provides an access control method, which is described as follows.

S401: when a terminal needs to send a connection request to an access network device, at least two access types are matched in a first mapping relation between the attribute for describing the connection request and the access types according to the attribute of the connection request, wherein the access types are used for identifying corresponding access limiting parameters.

Specifically, the non-access stratum of the terminal matches at least two access types in a first mapping relation sent by the core network device according to the attribute of the access request, and notifies the matched at least two access types to the access stratum of the terminal through a first message.

S402: and the terminal matches the corresponding access limiting parameters in a third mapping relation configured by the access network equipment according to the combined access type formed by the matched at least two access types, and performs access control according to the matched access limiting parameters, wherein the third mapping relation at least comprises the mapping relation between the combined access type formed by the multiple access types and the specific access limiting parameters.

Optionally, after the terminal matches the at least two access types in the first mapping relationship, the terminal combines the at least two matched access types to obtain all possible combined access types. For example, if the terminal matches the access types including 2, 3 and 4 in the first mapping relationship, the obtained combined access type is 2 and (and)3, 2 and 4, 2 and 3 and 4, 2 or (or)3 or 4.

Optionally, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the terminal further matches the corresponding access restriction parameter in the third mapping relationship according to the at least two matched access types when the corresponding access restriction parameter is matched in the third mapping relationship configured by the access network device.

Before the terminal determines that a connection request needs to be sent to the access network device, the access network device sends the third mapping relationship to the terminal, wherein the use sequence of the access limiting parameters in the third mapping relationship is set by the access network device. The access network device may send the third mapping relationship to the terminal by, but not limited to, the following two ways: in a first mode, the access network equipment can broadcast the third mapping relation to the terminal through a system message; and in a second mode, if the terminal is in a connected state, the access network equipment can also send the third mapping relation to the terminal through a dedicated signaling. The access network device may set an order of the access limiting parameters in the third mapping relationship in a display manner or an implicit manner, where the display manner is to set a use order identifier for each access limiting parameter in the third mapping relationship, the implicit manner is to send the access limiting parameters in the third mapping relationship to the terminal according to a set order, and the order of sending the access limiting parameters in the third mapping relationship is the use order of the access limiting parameters in the third mapping relationship.

If the terminal matches a plurality of access restriction rules in the third mapping relation according to the combined access type formed by the at least two matched access types or the at least two matched access types and the combined access type formed by the at least two matched access types, sequentially judging whether the matched access restriction parameters are met or not according to the use sequence set by the access network equipment, if the terminal meets the currently judged access restriction parameters, sending a connection request to the access network equipment, otherwise, continuously judging the next access restriction parameter; and if the terminal does not meet the last access limiting parameter in the matched access limiting parameters, the connection request is not sent, so that the access control can be realized when the terminal is matched with a plurality of access limiting parameters in the third mapping relation.

Optionally, if the terminal does not satisfy the last access restriction parameter in the multiple matched access restriction parameters, access control may be performed according to a default access restriction parameter configured to the terminal by the access network device, or according to a first default access type configured to the terminal by the access network device, an access restriction parameter corresponding to the first default access type is matched, and access control is performed according to the matched access restriction parameter, or according to a second default access type preset in the terminal, an access restriction parameter corresponding to the second default access type is matched, and access control is performed according to the matched access restriction parameter.

Further, when the third mapping relation further includes indication information of specific access limiting parameters, the indication information is used to indicate whether the terminal continues to determine the next access limiting parameter, if the terminal matches a plurality of access limiting parameters in the third mapping relationship, then according to the use sequence set by the access network equipment, it is sequentially judged whether the matched access limiting parameters are satisfied, if the terminal satisfies the currently judged access limiting parameters, and determines the indication information of the access limiting parameter as not to continue judging the next access limiting parameter, sending a connection request to the access network equipment, if the terminal does not meet the currently judged access limiting parameter, and determining that the indication information of the access limiting parameter is that the next access limiting parameter is not to be continuously judged, not sending the connection request, otherwise, continuously judging the next access limiting parameter. For example, the third mapping relationship is as follows, where the CAT value indicates an access type, the White/Black indicates indication information corresponding to an access restriction parameter, and the specific meaning is shown in table 2:

check item 1 CAT value is 10 or 11 or 12,100%, 300s, White;

check entry 2 CAT value was 6, 80%, 300s, Black;

inspection items 3 cat 5 and cat 6, 60%, 200s, Black

Table 2 indication information of access restriction parameters

For the check item 1, all terminals with CAT values of 10, 11 or 12 can directly initiate connection, without continuous judgment, and other terminals continue to judge the check item 2; for the check item 2, 80% of the terminals with the CAT value of 6 can access the network, if the access limiting parameter is not satisfied, the terminals are prohibited from initiating the related service connection for 300s, and the terminals satisfying the access limiting parameter continue to judge the check item 3; for check item 3, 60% of terminals with CAT value 5 and 6 can access the network, and the passing UE and other UEs can initiate connection, if the access restriction parameter is not satisfied, 200s of related service connection is prohibited from being initiated, and if the terminal satisfies the access restriction parameter, the connection is initiated.

In a possible embodiment, after the terminal is matched with the at least two access types, according to the at least two matched access types and the combined access type formed by the at least two access types, each access type and each combined access type in the third mapping relationship are sequentially matched according to the use sequence set by the access network device, if the matching is successful, whether the access restriction parameter corresponding to the successfully matched access type or combined access type is met is judged, otherwise, the next access type or combined access type in the third mapping relationship is continuously matched.

If the terminal cannot match the corresponding access limiting parameter in the third mapping relation according to the at least two matched access types, sending a connection request to the access network device, or performing access control according to a default access limiting parameter configured to the terminal by the access network device, or matching the access limiting parameter corresponding to the first default access type according to the first default access type configured to the terminal by the access network device, and performing access control according to the matched access limiting parameter, or matching the access limiting parameter corresponding to the second default access type according to the second default access type preset in the terminal, and performing access control according to the matched access limiting parameter.

And when the terminal performs access control according to the matched access limiting parameters, if the matched access limiting parameters are determined to be met, the connection request is sent to the access network equipment, otherwise, the connection request is not sent. The method for the terminal to determine whether the matched access restriction parameter is satisfied refers to the related description in S202, and is not described herein again.

By the method, when the terminal needs to send the connection request to the access network equipment, if at least two access types are matched, the corresponding access limiting parameters are matched in the third mapping relation according to the matched at least two access types, and access control is performed according to the matched access limiting parameters, so that the problem that access control cannot be performed when the terminal needs to send the connection request to the access network equipment due to the fact that the at least two access types are matched is solved, and overload of a wireless communication system is avoided.

As shown in fig. 5, an embodiment of the present application further provides an access control method, which is described as follows.

S501: and the terminal matches the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters according to the at least two access types, and performs access control according to the matched access limiting parameters.

Optionally, the performing, by the terminal, access control according to the matched access restriction parameter specifically includes: the terminal respectively judges whether the matched access limiting parameters are met, if the terminal meets any one of the matched access limiting parameters, a connection request is sent to the access network equipment, otherwise, the connection request is not sent. It should be noted that, in the embodiment of the present application, the terminal does not limit the order in which the terminal determines whether the matched access restriction parameters are satisfied, and the terminal may randomly select the matched access restriction parameters for determination, or select the matched access restriction parameters for determination according to a set rule, for example, the terminal determines according to the order from high to low of the priority of the access type corresponding to the matched access restriction parameters.

Specifically, the access stratum of the terminal notifies the non-access stratum of the terminal of the determination result, and the non-access stratum of the terminal restricts the sending of the connection request which does not satisfy the access restriction parameter corresponding to the matched access type.

In a possible embodiment, when a terminal needs to initiate at least two connection requests simultaneously, the corresponding at least two access types are matched in a first mapping relation according to attributes of the at least two connection requests, whether access limiting parameters corresponding to the matched at least two access types are met is judged, if the terminal meets any one of the matched access limiting parameters, the connection request is sent to an access network device, otherwise, the connection request is not sent.

By the method, when the terminal needs to send the connection request to the access network equipment, if the at least two access types are matched, access control is performed according to the matched at least two access types and the access limiting parameters respectively corresponding to the at least two access types matched in the second mapping relation according to the matched access limiting parameters, so that the problem that access control cannot be performed when the terminal needs to send the connection request to the access network equipment due to the fact that the at least two access types are matched is solved, and overload of a wireless communication system is avoided.

As shown in fig. 6, an embodiment of the present application further provides an access control method, which is described as follows.

S601: and the terminal selects one access type from the at least two matched access types, matches the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performs access control according to the matched access limiting parameter.

Optionally, the terminal selects one access type from the at least two matched access types for access control by, but not limited to, one of the following two manners: and the mode A, the terminal selects the access type with the highest priority from the matched at least two access types according to the matched priorities of the at least two access types. For example, the access type is identified by a number, and a smaller number indicates a higher priority of the access type, and the terminal selects the access type with the smallest value among the at least two matched access types. And B, the terminal determines that the matched at least two access types are matched with the attribute quantity in the first mapping relation respectively, and selects the access type with the most matched attribute quantity in the matched at least two access types. For example, the attribute matched to the access type 1 matched to the terminal includes an access class and an application identifier, the attribute matched to the access type 2 matched to the terminal includes an access class and a service type, and the attribute matched to the access type 3 matched to the terminal includes an access class, an application identifier and a service type, then the access type 3 is selected. Specifically, the non-access layer of the terminal selects one access type from the at least two matched access types, performs matching, and notifies the access layer of the terminal of the selected access type, and the access layer of the terminal performs access control.

In a possible embodiment, the terminal needs to initiate at least two connection requests simultaneously, match the at least two corresponding access types in the first mapping relationship according to the attributes of the at least two connection requests, select one access type from the at least two matched access types, match the access restriction parameter corresponding to the selected access type in the second mapping relationship, and perform access control according to the matched access restriction parameter. And the terminal selects one access type from the at least two matched access types by adopting the mode A or the mode B to perform access control.

By the method, when the terminal needs to send the connection request to the access network equipment, if at least two access types are matched, one access type is selected from the at least two matched access types according to the at least two matched access types, and access control is performed according to the access limiting parameter corresponding to the selected access type matched in the second mapping relation, so that the problem that the access control cannot be performed when the terminal needs to send the connection request to the access network equipment due to the fact that the at least two access types are matched is solved.

For a connected terminal, the NAS of the terminal cannot distinguish which application triggers a connection request Packet corresponding to a new service, and after filtering (filter), the NAS directly sends the Packet to a Data Radio Bearer (DRB) corresponding to a Qos flow identifier (identity, ID) (Qos flow ID, QFI), and sends the Packet in a Packet Data Convergence Protocol (PDCP) of the DRB, so that access control cannot be performed.

S701: and when the terminal needs to send a connection request to the access network equipment, the access network equipment sends a fourth mapping relation for describing the DRB ID and the specific access limiting parameter to the terminal through a special signaling.

For example, if the RAN device determines that the terminal currently establishes 3 RBs for user data transmission, or the CN provisions the RAN that the terminal has 3 Qos flows, the RAN configures corresponding access restriction parameters according to related load or priority information:

1) DRB ID 1, Access restriction parameter 1(factor 1, barringTime 1)

2) DRB ID 2, Access restriction parameter 2(factor 2, barringTime 2)

3) DRB ID 3, Access restriction parameter 3(factor 3, barringTime 3)

4) default DRB, access restriction parameter 4(factor 4, barringTime 4)

S702: the terminal determines that the service type corresponding to the connection request is a new service type, and determines the DRB ID corresponding to the connection request.

In a possible implementation manner, in the filtering process, the terminal determines a QFI of a new service type corresponding to the connection request according to a packet filtering criterion (Qos flow template) in a Qos rule configured for the terminal by a core network, and then, determines a DRB ID corresponding to the connection request according to a fifth mapping relationship configured by an access network device and used for describing the DRB ID and the QFI, where the packet filtering criterion includes, but is not limited to, an Internet Protocol (IP) quintuple or priority, and the Qos rule further includes a rule ID. Specifically, as shown in fig. 8, the terminal determines the QFI corresponding to the connection request according to the filtering obtained in advance in the NAS, and then maps the connection request to the corresponding DRB according to the fifth mapping relationship for transmission. If a connection request corresponding to a new service obtains a Qos rule in advance in a Protocol Data Unit (PDU) session (session) establishment or Qos flow establishment process, mapping a Qos flow ID according to related information, if a corresponding DRB ID is matched in the fifth mapping relationship according to the mapped Qos flow ID, the connection request may be sent on a corresponding DRB resource, and if a corresponding DRB ID is not matched in the fifth mapping relationship, determining a DRB ID corresponding to a preset (default) DRB as the DRB ID corresponding to the connection request, and sending the connection request at the default DRB; if the pre-obtained Qos rule does not map the Qos flowID corresponding to the connection request, the DRB ID corresponding to the preset (default) DRB is also determined as the DRB ID corresponding to the connection request, and the connection request is sent at the default DRB. Specifically, the NAS of the terminal sends the matched DRB ID or default DRB ID to the AS of the terminal for access control.

Specifically, the terminal determines the terminal according to a destination address in the IP quintuple, determines whether the terminal has previously sent a data packet to the destination address, determines whether the service type corresponding to the connection request is a new service type if the terminal has previously sent the data packet to the destination address, and otherwise determines that the service type corresponding to the connection request is the new service type.

S703: the terminal matches the access limiting parameter corresponding to the determined DRB ID in the fourth mapping table, and performs access control according to the matched access limiting parameter.

If the terminal meets the matched access limiting parameters, the data transmission process is continued, otherwise, the terminal is informed to stop sending and wait for a period of time and then access control is carried out. Specifically, the AS of the terminal performs access control according to the access limiting parameter corresponding to the determined DRB ID, if the access limiting parameter is met, the NAS of the terminal is informed to continue the data transmission process, otherwise, the NAS of the terminal is informed to stop sending and wait for a period of time before performing access control.

By the method, when the terminal in the connection state needs to send a connection request to the access network device, the access network device sends a fourth mapping relation for describing the DRB ID and the specific access limiting parameter to the terminal through a special signaling, the terminal determines that the service type corresponding to the connection request is a new service type, determines the DRB ID corresponding to the connection type, matches the access limiting parameter corresponding to the determined DRB ID in the fourth mapping table, and performs access control according to the matched access limiting parameter, so that the problem that the connection state terminal cannot perform access control on the connection request corresponding to the new service type is solved.

To solve the problem that the connected terminal cannot perform access control, an embodiment of the present application further provides an access control method as shown in fig. 9, which is described below.

S901: and when the terminal needs to send a connection request to the access network equipment, the access network equipment sends a sixth mapping relation for describing the QFI and the specific access limiting parameters to the terminal through a special signaling.

1) QFI 1, Access Limit parameter 1(factor 1, barringTime 1)

2) QFI 2, Access Limit parameter 2(factor 2, barringTime 2)

3) QFI 3, Access restriction parameter 3(factor 3, barringTime 3)

4) default QFI, Access restriction parameter 4(factor 4, barringTime 4)

S902: and the terminal determines the service type corresponding to the connection request as a new service type and determines the QFI corresponding to the connection request.

The method for determining the service type corresponding to the connection request as the new service type and determining the QFI corresponding to the connection request by the terminal is described in S802, and details are not repeated here. If the pre-obtained Qos rule does not map the Qos flowID corresponding to the connection request, a default QFI is also determined as the QFI corresponding to the connection request. Specifically, the NAS of the terminal sends the determined QFI to the AS of the terminal for access control.

S903: and the terminal matches the access limiting parameter corresponding to the determined QFI in the sixth mapping table and performs access control according to the matched access limiting parameter.

If the terminal meets the matched access limiting parameters, the data transmission process is continued, otherwise, the transmission is stopped, and access control is performed after waiting for a period of time. Specifically, the AS of the terminal performs access control according to the determined access limiting parameter corresponding to the QFI, if the access limiting parameter is met, the NAS of the terminal is informed to continue the data transmission flow, otherwise, the NAS of the terminal is informed to stop sending and wait for a period of time before performing access control.

By the method, when the terminal in the connection state needs to send a connection request to the access network device, the access network device sends a sixth mapping relation for describing the DRB ID and the specific access limiting parameter to the terminal through a dedicated signaling, the terminal determines that the service type corresponding to the connection request is a new service type, determines the QFI corresponding to the connection type, matches the access limiting parameter corresponding to the determined QFI in the sixth mapping table, and performs access control according to the matched access limiting parameter, so that the problem that the connection state terminal cannot perform access control on the connection request corresponding to the new service type is solved.

Based on the foregoing embodiments, an embodiment of the present application further provides an access control apparatus, where the access control apparatus is configured to implement the access control method shown in fig. 2, and referring to fig. 10, the access control apparatus 1000 includes: a determination unit 1001 and a control unit 1002. Wherein the content of the first and second substances,

a determining unit 1001, configured to determine that the access type corresponding to the connection request is not matched when the apparatus 1000 needs to send a connection request to an access network device, or determine that the access type corresponding to the connection request is matched but the access restriction parameter corresponding to the access type is not matched, where the access type is used to identify the corresponding access restriction parameter;

a control unit 1002, configured to perform access control according to a default access restriction parameter configured to the apparatus 1000 by the access network device, or match an access restriction parameter corresponding to the first default access type according to a first default access type configured to the apparatus by the access network device, and perform access control according to the matched access restriction parameter, or match an access restriction parameter corresponding to the second default access type according to a second default access type preset in the apparatus, and perform access control according to the matched access restriction parameter.

Optionally, the determining unit 1001 is specifically configured to: determining that the connection request is an access stratum signaling request, or determining that a first mapping relation for describing attributes of the connection request and access types does not exist, or determining that the access types corresponding to the connection request cannot be matched in the first mapping relation according to the attributes of the connection request; or determining that the access type corresponding to the connection request is matched in a first mapping relation between the attribute for describing the connection request and the access type according to the attribute of the connection request, but the access restriction parameter corresponding to the access type is not matched in a second mapping relation between different access types and specific access restriction parameters.

Optionally, the default access restriction parameter and/or the first default access type are/is determined by the access network device according to one or more of a public land mobile network PLMN type, a type of the connection request, and a slice type, where the type of the connection request is an access stratum signaling request or a non-access stratum signaling request or a service request.

Optionally, the determining unit 1001 is specifically configured to: determining, by a non-access stratum of the apparatus, that the first mapping relationship does not exist, or determining, by the non-access stratum of the apparatus, that an access type corresponding to the connection request is not matched in the first mapping relationship according to the attribute of the connection request, or determining, by the non-access stratum of the apparatus, that an access type corresponding to the connection request is matched in the first mapping relationship but an access restriction parameter corresponding to the access type is not matched in the second mapping relationship; sending a first message to an access layer of the device through a non-access layer of the device, and determining that the first message does not carry an access type corresponding to the connection request through the access layer of the device, where the first message is used to carry the connection request and the access type corresponding to the connection request, or sending a second message to the access layer of the device through the non-access layer of the device, where the second message is used to indicate that the non-access layer of the device does not match the access type corresponding to the connection request.

The embodiment of the invention provides an access control device, when the device needs to send a connection request to an access network device, if the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request is matched, but the access limiting parameter corresponding to the access type cannot be matched, access control is carried out according to a default access limiting parameter, or the access control is carried out according to the access limiting parameter corresponding to a first default access type, or the access control is carried out according to the access limiting parameter corresponding to a second default access type, so that the problem that the access control cannot be carried out when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request cannot be matched, but the access limiting parameter corresponding to the access type cannot be matched is solved, and overload of a wireless communication system is avoided.

Based on the above embodiments, the present application further provides a terminal, which is configured to implement the access control method shown in fig. 2 and has the function of the access control apparatus 1000 shown in fig. 10. Referring to fig. 11, the terminal 1100 includes: the device comprises a transceiver 1101, a processor 1102 and a memory 1104, wherein the transceiver 1101, the processor 1102 and the memory 1104 are connected with each other.

Optionally, the transceiver 1101, the processor 1102 and the memory 1104 are connected to each other through a bus 1103; the bus 1103 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 11, but this is not intended to represent only one bus or type of bus.

The transceiver 1101 is used for receiving and transmitting data.

The processor 1102 is configured to implement the access control method shown in fig. 2, and includes:

when the terminal needs to send a connection request to access network equipment, determining that the access type corresponding to the connection request is not matched, or determining that the access type corresponding to the connection request is matched but the access restriction parameter corresponding to the access type is not matched, wherein the access type is used for identifying the corresponding access restriction parameter, and performing access control according to default access limiting parameters configured to the terminal by the access network equipment, or matching the access limiting parameter corresponding to the first default access type according to the first default access type configured to the terminal by the access network device, and performing access control according to the matched access limiting parameter, or matching the access limiting parameters corresponding to the second default access type according to a second default access type preset in the terminal, and performing access control according to the matched access limiting parameters.

Optionally, the processor 1102 is specifically configured to: determining that the connection request is an access stratum signaling request, or determining that a first mapping relation for describing attributes of the connection request and access types does not exist, or determining that the access types corresponding to the connection request cannot be matched in the first mapping relation according to the attributes of the connection request; or determining that the access type corresponding to the connection request is matched in a first mapping relation between the attribute for describing the connection request and the access type according to the attribute of the connection request, but the access restriction parameter corresponding to the access type is not matched in a second mapping relation between different access types and specific access restriction parameters.

Optionally, the processor 1102 is specifically configured to: determining, by a non-access stratum of the terminal, that the first mapping relationship does not exist, or determining, by the non-access stratum of the terminal, that an access type corresponding to the connection request is not matched in the first mapping relationship according to the attribute of the connection request, or determining, by the non-access stratum of the terminal, that an access type corresponding to the connection request is matched in the first mapping relationship but an access restriction parameter corresponding to the access type is not matched in the second mapping relationship; and sending a first message to an access layer of the terminal through a non-access layer of the terminal, and determining that the first message does not carry an access type corresponding to the connection request through the access layer of the terminal, where the first message is used to carry the connection request and the access type corresponding to the connection request, or sending a second message to the access layer of the terminal through the non-access layer of the terminal, where the second message is used to indicate that the non-access layer of the terminal does not match the access type corresponding to the connection request.

The embodiment of the invention provides a terminal, which is used for performing access control according to a default access limiting parameter if an access type corresponding to a connection request cannot be matched or the access type corresponding to the connection request cannot be matched but an access limiting parameter corresponding to the access type cannot be matched when the terminal needs to send the connection request to an access network device, or performing access control according to the access limiting parameter corresponding to a first default access type or performing access control according to the access limiting parameter corresponding to a second default access type, so that the problem that the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched or the access type corresponding to the connection request cannot be matched but the access limiting parameter corresponding to the access type cannot be matched is solved, and overload of a wireless communication system is avoided.

Based on the foregoing embodiments, an embodiment of the present application further provides an access control apparatus, where the access control apparatus is configured to implement the access control method shown in fig. 2, and referring to fig. 12, the access control apparatus 1200 includes: a processing unit 1201 and a receiving unit 1202. Wherein the content of the first and second substances,

a processing unit 1201, configured to determine a default access restriction parameter and/or a first default access type, and send the default access restriction parameter and/or the first default access type to a terminal, where the access type is used to identify a corresponding access restriction parameter;

a receiving unit 1202, configured to receive a connection request sent by the terminal, where the connection request is sent by the terminal when the terminal needs to send a connection request to the apparatus, and the connection request is sent by determining that an access type corresponding to the connection request is not matched, or performing access control according to the default access limiting parameter or according to the access limiting parameter matched according to the first default access type when the access type corresponding to the connection request is determined to be matched but the access limiting parameter corresponding to the access type is not matched.

Optionally, the processing unit 1201 is specifically configured to: determining the default access restriction parameter and/or the first default access type according to one or more of a Public Land Mobile Network (PLMN) type, a type of the connection request and a slice type, wherein the type of the connection request is an access stratum signaling request or a non-access stratum signaling request or a service request.

The embodiment of the invention provides an access control device, which is used for determining default access limiting parameters and/or a first default access type, sending the default access limiting parameters or the first default access type to a terminal, and when a receiving terminal needs to send a connection request to the device, determining an access type which cannot be matched with the connection request and corresponds to the connection request, or determining an access type which matches with the connection request and does not match with the access limiting parameters corresponding to the access type, performing access control according to the default access limiting parameters or the access limiting parameters matched with the first default access type and sending the connection request, so that the problem that the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request matches with the access type but cannot match with the access limiting parameters corresponding to the access type is solved, overload of the wireless communication system is avoided.

Based on the foregoing embodiments, an embodiment of the present application further provides an access network device, where the access network device 1300 is configured to implement the access control method shown in fig. 2, and has the function of the access control apparatus 1200 shown in fig. 12. Referring to fig. 13, the access network apparatus includes: the wireless communication device comprises a transceiver 1301, a processor 1302 and a memory 1304, wherein the transceiver 1301, the processor 1302 and the memory 1304 are connected with each other.

Optionally, the transceiver 1301, the processor 1302, and the memory 1304 are connected to each other through a bus 1303; the bus 1303 may be a PCI bus or an EISA bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 13, but this is not intended to represent only one bus or type of bus.

The transceiver 1301 is used for receiving and transmitting data.

The processor 1302 is configured to call the program instructions stored in the memory 1304, and perform: determining a default access limiting parameter or a first default access type, controlling the transceiver to send the default access limiting parameter or the first default access type to a terminal, where the access type is used to identify a corresponding access limiting parameter, and controlling the transceiver to receive a connection request sent by the terminal, where the connection request is that when the terminal needs to send a connection request to the access network device, it is determined that an access type corresponding to the connection request cannot be matched, or when it is determined that an access type corresponding to the connection request is matched but an access limiting parameter corresponding to the access type is not matched, access control is performed according to the default access limiting parameter or an access limiting parameter matched according to the first default access type, and the access control is sent.

The memory 1304 is used for storing program instructions.

Optionally, the processor 1302 is specifically configured to: determining the default access restriction parameter and/or the first default access type according to one or more of a Public Land Mobile Network (PLMN) type, a type of the connection request and a slice type, wherein the type of the connection request is an access stratum signaling request or a non-access stratum signaling request or a service request.

The embodiment of the invention provides access network equipment, which is used for determining default access limiting parameters or a first default access type, sending the first default access limiting parameters or the default access type to a terminal, and when the receiving terminal needs to send a connection request to the access network equipment, determining an access type which cannot be matched with the connection request and corresponds to the connection request, or determining an access type which matches with the connection request and does not match with the access limiting parameters corresponding to the access type, performing access control according to the default access limiting parameters or the access limiting parameters matched with the first default access type and sending the connection request, solving the problem that the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched, or the access type corresponding to the connection request is matched, but the access limiting parameters corresponding to the access type cannot be matched, overload of the wireless communication system is avoided.

Based on the foregoing embodiments, an embodiment of the present application further provides an access control apparatus, where the access control apparatus is configured to implement the access control method shown in fig. 3, and referring to fig. 14, the access control apparatus 1400 includes: a determination unit 1401 and a transmission unit 1402. Wherein the content of the first and second substances,

a determining unit 1401, configured to determine, when the apparatus 1400 needs to send a connection request to an access network device, that an access type corresponding to the connection request is not matched, or that an access type corresponding to the connection request is matched but an access restriction parameter corresponding to the access type is not matched, where the access type is used to identify a corresponding access restriction parameter;

a sending unit 1402, configured to send the connection request to the access network device.

The embodiment of the invention provides an access control device, which is used for sending a connection request to an access network device if the access type corresponding to the connection request cannot be matched or the access type corresponding to the connection request cannot be matched but the access limiting parameter corresponding to the access type cannot be matched when the device needs to send the connection request to the access network device, so that the problem that the access failure occurs because the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched or the access type corresponding to the connection request cannot be matched but the access limiting parameter corresponding to the access type cannot be matched is solved.

Based on the above embodiments, the present application further provides a terminal, which is configured to implement the access control method shown in fig. 3 and has the function of the access control apparatus 1400 shown in fig. 14. Referring to fig. 15, the terminal 1500 includes: the device comprises a transceiver 1501, a processor 1502 and a memory 1504, wherein the transceiver 1501, the processor 1502 and the memory 1504 are connected with each other.

Optionally, the transceiver 1501, the processor 1502 and the memory 1504 are connected to each other by a bus 1503; the bus 1503 may be a PCI bus, an EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 15, but this is not intended to represent only one bus or type of bus.

The transceiver 1501 is used for receiving and transmitting data.

The processor 1502 is configured to call the program instructions stored in the memory 1504 to execute: when the terminal needs to send a connection request to an access network device, determining that an access type corresponding to the connection request cannot be matched, or determining that an access type corresponding to the connection request is matched but an access limitation parameter corresponding to the access type cannot be matched, wherein the access type is used for identifying the corresponding access limitation parameter and indicating the transceiver to send the connection request to the access network device.

The memory 1504 is used to store program instructions.

The embodiment of the invention provides a terminal, which is used for sending a connection request to an access network device if the access type corresponding to the connection request cannot be matched or the access type corresponding to the connection request cannot be matched but the access limiting parameter corresponding to the access type cannot be matched when the device needs to send the connection request to the access network device, so that the problem that access failure occurs because the terminal cannot perform access control when the access type corresponding to the connection request cannot be matched or the access type corresponding to the connection request cannot be matched but the access limiting parameter corresponding to the access type cannot be matched is solved.

Based on the foregoing embodiments, an embodiment of the present application further provides an access control apparatus, where the access control apparatus is configured to implement the access control method shown in fig. 4, fig. 5, or fig. 6, and referring to fig. 16, the access control apparatus 1600 includes: a determination unit 1601 and a control unit 1602. Wherein the content of the first and second substances,

the determining unit 1601 is configured to, when the apparatus 1600 needs to send a connection request to an access network device, match at least two access types in a first mapping relationship between an attribute for describing the connection request and an access type according to an attribute of the connection request, where the access type is used to identify a corresponding access restriction parameter;

a control unit 1602, configured to match, according to a combined access type formed by the at least two access types, a corresponding access restriction parameter in a third mapping relationship configured by the access network device, and perform access control according to the matched access restriction parameter, where the third mapping relationship at least includes a mapping relationship between the combined access type formed by the multiple access types and a specific access restriction parameter; or according to the at least two access types, matching the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameters; or selecting one access type from the at least two access types, matching the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameter.

Optionally, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the control unit 1602 is further configured to: and matching corresponding access limiting parameters in the third mapping relation according to the at least two access types.

Optionally, if the apparatus matches at least two access limiting parameters in the third mapping relationship, the control unit 1602 is specifically configured to: according to the use sequence set by the access network equipment, sequentially judging whether the matched at least two access limiting parameters are met, if the device meets the currently judged access limiting parameters, sending the connection request to the access network equipment, and if not, continuously judging the next access limiting parameter; and if the device does not meet the last access restriction parameter in the matched at least two access restriction parameters, not sending the connection request.

Optionally, the control unit 1602 is specifically configured to: and respectively judging whether the matched access limiting parameters are met, if the device meets any one of the matched access limiting parameters, sending the connection request to the access network equipment, otherwise, not sending the connection request.

Optionally, the control unit 1602 is specifically configured to: selecting an access type with the highest priority from the at least two access types according to the priorities of the at least two access types; or respectively determining the number of the attributes matched by the at least two access types in the first mapping relation, and selecting the access type with the most number of the attributes matched by the at least two access types.

The embodiment of the present invention provides an access control apparatus, configured to, when a terminal needs to send a connection request to an access network device, match, according to at least two matched access types, corresponding access restriction parameters in a third mapping relationship according to the at least two matched access types, and perform access control according to the matched access restriction parameters, or match, according to the at least two matched access types, access restriction parameters respectively corresponding to the at least two access types in a second mapping relationship, perform access control according to the matched access restriction parameters, or select one access type from the at least two matched access types, match, in a second mapping relationship used for describing different access types and specific access restriction parameters, an access restriction parameter corresponding to a selected access type, and perform access control according to the matched access restriction parameter, the problem that access control cannot be performed due to the fact that at least two access types are matched when the terminal needs to send a connection request to the access network equipment is solved, and overload of a wireless communication system is avoided.

Based on the above embodiments, the present application further provides a terminal, which is configured to implement the access control method shown in fig. 4, 5, or 6, and has the function of the access control apparatus 1600 shown in fig. 16. Referring to fig. 17, the terminal 1700 includes: a transceiver 1701, a processor 1702, and a memory 1704, wherein the transceiver 1701, the processor 1702, and the memory 1704 are coupled to each other.

Optionally, the transceiver 1701, the processor 1702 and the memory 1704 are connected to each other through a bus 1703; the bus 1703 may be a PCI bus or an EISA bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 17, but this does not mean only one bus or one type of bus.

The transceiver 1701 is used for receiving and transmitting data.

The processor 1702 is configured to call the program instructions stored in the memory, and perform: when the terminal needs to send a connection request to the access network equipment, matching at least two access types in a first mapping relation for describing the attributes of the connection request and the access types according to the attributes of the connection request, wherein the access types are used for identifying corresponding access limiting parameters, matching the corresponding access limiting parameters in a third mapping relation configured by the access network equipment according to a combined access type formed by the at least two access types, and performing access control according to the matched access limiting parameters, wherein the third mapping relation at least comprises the mapping relation between the combined access type formed by the multiple access types and specific access limiting parameters; or according to the at least two access types, matching the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameters; or selecting one access type from the at least two access types, matching the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameter.

The memory 1704 is used for storing program instructions.

Optionally, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the processor 1702 is further configured to: and matching corresponding access limiting parameters in the third mapping relation according to the at least two access types.

Optionally, if the terminal matches at least two access restriction parameters in the third mapping relationship, the processor 1702 is specifically configured to: according to the use sequence set by the access network equipment, sequentially judging whether the matched at least two access limiting parameters are met, if the terminal meets the currently judged access limiting parameters, indicating the transceiver to send the connection request to the access network equipment, and if not, continuously judging the next access limiting parameter; and if the terminal does not meet the last access limiting parameter in the matched at least two access limiting parameters, indicating the transceiver not to send the connection request.

Optionally, the processor 1702 is specifically configured to: and respectively judging whether the matched access limiting parameters are met, if the terminal meets any one of the matched access limiting parameters, indicating the transceiver to send the connection request to the access network equipment, and otherwise, indicating the transceiver not to send the connection request.

Optionally, the processor 1702 is specifically configured to: selecting an access type with the highest priority from the at least two access types according to the priorities of the at least two access types; or respectively determining the number of the attributes matched by the at least two access types in the first mapping relation, and selecting the access type with the most number of the attributes matched by the at least two access types.

The embodiment of the present invention provides a terminal, configured to, when the terminal needs to send a connection request to an access network device, match, according to at least two matched access types, corresponding access restriction parameters in a third mapping relationship according to the at least two matched access types, and perform access control according to the matched access restriction parameters, or match, according to the at least two matched access types, access restriction parameters respectively corresponding to the at least two access types in a second mapping relationship, perform access control according to the matched access restriction parameters, or select one access type from the at least two matched access types, match, in a second mapping relationship used for describing different access types and specific access restriction parameters, an access restriction parameter corresponding to a selected access type, and perform access control according to the matched access restriction parameter, the problem that access control cannot be performed due to the fact that at least two access types are matched when the terminal needs to send a connection request to the access network equipment is solved, and overload of a wireless communication system is avoided.

Based on the foregoing embodiments, an embodiment of the present application further provides an access control apparatus, where the access control apparatus is configured to implement the access control method shown in fig. 6, and referring to fig. 18, the access control apparatus 1800 includes: a transmitting unit 1801 and a receiving unit 1802. Wherein the content of the first and second substances,

a sending unit 1801, configured to send a third mapping relationship to the terminal, where the third mapping relationship at least includes a mapping relationship between a combined access type formed by multiple access types and a specific access restriction parameter, and the access type is used to identify a corresponding access restriction parameter;

a receiving unit 1802, configured to receive a connection request sent by the terminal, where the connection request is sent by the terminal to the apparatus, and the connection request is obtained by matching at least two access types in a first mapping relationship between an attribute for describing a connection request and an access type according to an attribute of the connection request, matching a corresponding access restriction parameter in a third mapping relationship according to a combined access type formed by the at least two access types, and performing access control and sending according to the matched access restriction parameter.

Optionally, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to the apparatus, at least two access types are matched in the first mapping relationship between the attribute for describing the connection request and the access type according to the attribute of the connection request, and a corresponding access restriction parameter is matched in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and access control is performed according to the matched access restriction parameter and sent according to the matched access restriction parameter.

The embodiment of the invention provides an access control device, which is used for sending a third mapping relation to a terminal and receiving a connection request sent by the terminal, wherein the connection request is that the terminal is matched with at least two access types in a first mapping relation for describing the attribute of the connection request and the access types according to the attribute of the connection request when the terminal needs to send the connection request to an access network device, the corresponding access limiting parameters are matched in the third mapping relation according to a combined access type formed by the at least two access types, and the access control is carried out and sent according to the matched access limiting parameters, so that the problem that the access control cannot be carried out due to the fact that the at least two access types are matched when the terminal needs to send the connection request to the access network device is solved, and the overload of a wireless communication system is avoided.

Based on the above embodiments, the present application further provides an access network device, which is used to implement the access control method shown in fig. 6 and has the function of the access control apparatus 1800 shown in fig. 18. Referring to fig. 19, the access network apparatus 1900 includes: a transceiver 1901, a processor 1902, and a memory 1904, wherein the transceiver 1901, the processor 1902, and the memory 1904 are interconnected.

Optionally, the transceiver 1901, the processor 1902, and the memory 1904 are interconnected via a bus 1903; the bus 1903 may be a PCI bus or an EISA bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 19, but it is not intended that there be only one bus or one type of bus.

The transceiver 1901 is configured to receive and transmit data.

The processor 1902 is configured to call the program instructions stored in the memory, and perform: controlling the transceiver to send a third mapping relation to the terminal, where the third mapping relation at least includes a mapping relation between a combined access type formed by multiple access types and a specific access restriction parameter, and the access type is used to identify a corresponding access restriction parameter, and controlling the transceiver to receive a connection request sent by the terminal, wherein the connection request is when the terminal needs to send a connection request to the access network device, matching to at least two access types in a first mapping relation of attributes and access types for describing the connection request according to the attributes of the connection request, and in said third mapping relationship according to a combined access type formed by said at least two access types, matching the corresponding access limiting parameters, and performing access control and sending according to the matched access limiting parameters.

The memory 1904 is used to store program instructions.

Optionally, if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to the access network device, at least two access types are matched in the first mapping relationship between the attribute for describing the connection request and the access type according to the attribute of the connection request, and a corresponding access restriction parameter is matched in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and access control is performed according to the matched access restriction parameter and sent.

The embodiment of the invention provides access network equipment, which is used for sending a third mapping relation to a terminal and receiving a connection request sent by the terminal, wherein the connection request is that the terminal is matched with at least two access types in a first mapping relation used for describing the attribute of the connection request and the access types according to the attribute of the connection request when the terminal needs to send the connection request to the access network equipment, the corresponding access limiting parameters are matched in the third mapping relation according to a combined access type formed by the at least two access types, and the access control is carried out and sent according to the matched access limiting parameters, so that the problem that the access control cannot be carried out due to the fact that the at least two access types are matched when the terminal needs to send the connection request to the access network equipment is solved, and the overload of a wireless communication system is avoided.

The embodiment of the present invention further provides a computer-readable storage medium, which is used for storing computer software instructions required to be executed for executing the processor, and which contains a program required to be executed for executing the processor.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. An access control method, the method comprising:

when a terminal needs to send a connection request to access network equipment, matching at least two access types in a first mapping relation between attributes for describing the connection request and the access types according to the attributes of the connection request, wherein the access types are used for identifying corresponding access limiting parameters;

the terminal matches a corresponding access limiting parameter in a third mapping relation configured by the access network equipment according to a combined access type formed by the at least two access types, and performs access control according to the matched access limiting parameter, wherein the third mapping relation at least comprises a mapping relation between the combined access type formed by the multiple access types and a specific access limiting parameter; or according to the at least two access types, matching the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameters; or selecting one access type from the at least two access types, matching the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameter.

2. The method of claim 1, wherein if the third mapping further comprises a mapping of a single access type to a specific access barring parameter, the method further comprises:

and the terminal matches the corresponding access limiting parameters in the third mapping relation according to the at least two access types.

3. The method according to claim 1 or 2, wherein if the terminal matches at least two access limiting parameters in the third mapping relationship, performing access control according to the matched access limiting parameters, comprises:

the terminal sequentially judges whether the matched at least two access limiting parameters are met or not according to the use sequence set by the access network equipment, if the terminal meets the currently judged access limiting parameters, the terminal sends the connection request to the access network equipment, and if not, the terminal continues to judge the next access limiting parameter;

and if the terminal does not meet the last access limiting parameter in the matched at least two access limiting parameters, not sending the connection request.

4. The method of claim 1, wherein the terminal matches, according to the at least two access types, access restriction parameters respectively corresponding to the at least two access types in a second mapping relationship for describing different access types and specific access restriction parameters, and performs access control according to the matched access restriction parameters, including:

and the terminal respectively judges whether the matched access limiting parameters are met, if the terminal meets any one of the matched access limiting parameters, the connection request is sent to the access network equipment, and otherwise, the connection request is not sent.

5. The method of claim 1, wherein the terminal selecting one of the at least two access types comprises:

the terminal selects an access type with the highest priority from the at least two access types according to the priorities of the at least two access types; or

And the terminal respectively determines the number of the attributes matched by the at least two access types in the first mapping relation, and selects the access type with the most number of the attributes matched by the at least two access types.

6. An access control method, the method comprising:

the access network equipment sends a third mapping relation to the terminal, wherein the third mapping relation at least comprises a mapping relation between a combined access type formed by a plurality of access types and a specific access limiting parameter, and the access types are used for identifying the corresponding access limiting parameters;

the access network equipment receives a connection request sent by the terminal, wherein the connection request is that when the terminal needs to send the connection request to the access network equipment, at least two access types are matched in a first mapping relation between attributes for describing the connection request and the access types according to the attributes of the connection request, corresponding access limiting parameters are matched in a third mapping relation according to a combined access type formed by the at least two access types, and access control is carried out according to the matched access limiting parameters and the connection request is sent.

7. The method of claim 6, wherein if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to an access network device, at least two access types are matched in the first mapping relationship between the attribute for describing the connection request and the access type according to the attribute of the connection request, and the corresponding access restriction parameter is matched in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and access control is performed according to the matched access restriction parameter, and the access control is sent.

8. An access control apparatus, characterized in that the apparatus comprises:

a determining unit, configured to match at least two access types in a first mapping relationship between an attribute used for describing a connection request and an access type according to an attribute of the connection request when the apparatus needs to send the connection request to an access network device, where the access type is used to identify a corresponding access restriction parameter;

a control unit, configured to match a corresponding access restriction parameter in a third mapping relationship configured by the access network device according to a combined access type formed by the at least two access types, and perform access control according to the matched access restriction parameter, where the third mapping relationship at least includes a mapping relationship between the combined access type formed by the multiple access types and a specific access restriction parameter; or according to the at least two access types, matching the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameters; or selecting one access type from the at least two access types, matching the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameter.

9. The apparatus as claimed in claim 8, wherein if said third mapping further comprises a mapping of a single access type to specific access barring parameters, said control unit is further configured to:

and matching corresponding access limiting parameters in the third mapping relation according to the at least two access types.

10. The apparatus according to claim 8 or 9, wherein if the apparatus matches at least two access restriction parameters in the third mapping relationship, the control unit is specifically configured to:

according to the use sequence set by the access network equipment, sequentially judging whether the matched at least two access limiting parameters are met, if the device meets the currently judged access limiting parameters, sending the connection request to the access network equipment, and if not, continuously judging the next access limiting parameter;

and if the device does not meet the last access restriction parameter in the matched at least two access restriction parameters, not sending the connection request.

11. The apparatus of claim 8, wherein the control unit is specifically configured to:

and respectively judging whether the matched access limiting parameters are met, if the device meets any one of the matched access limiting parameters, sending the connection request to the access network equipment, otherwise, not sending the connection request.

12. The apparatus of claim 8, wherein the control unit is specifically configured to:

selecting an access type with the highest priority from the at least two access types according to the priorities of the at least two access types; or

And respectively determining the number of the attributes matched by the at least two access types in the first mapping relation, and selecting the access type with the most number of the attributes matched by the at least two access types.

13. An access control apparatus, characterized in that the apparatus comprises:

a sending unit, configured to send a third mapping relationship to the terminal, where the third mapping relationship at least includes a mapping relationship between a combined access type formed by multiple access types and a specific access restriction parameter, and the access type is used to identify a corresponding access restriction parameter;

a receiving unit, configured to receive a connection request sent by the terminal, where the connection request is sent by the terminal to the device, and the connection request is obtained by matching at least two access types in a first mapping relationship between an attribute for describing a connection request and an access type according to an attribute of the connection request, matching a corresponding access restriction parameter in a third mapping relationship according to a combined access type formed by the at least two access types, and performing access control and sending according to the matched access restriction parameter.

14. The apparatus of claim 13, wherein if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to the apparatus, the terminal matches at least two access types in the first mapping relationship between the attribute describing the connection request and the access type according to the attribute of the connection request, matches corresponding access restriction parameters in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and performs access control according to the matched access restriction parameters and sends the access restriction parameters.

15. A terminal, characterized in that the terminal comprises:

a memory for storing program instructions;

a transceiver for receiving and transmitting data;

a processor for calling the program instructions stored in the memory to perform: when the terminal needs to send a connection request to access network equipment, matching at least two access types in a first mapping relation for describing the attributes of the connection request and the access types according to the attributes of the connection request, wherein the access types are used for identifying corresponding access limiting parameters, matching the corresponding access limiting parameters in a third mapping relation configured by the access network equipment according to a combined access type formed by the at least two access types, and performing access control according to the matched access limiting parameters, wherein the third mapping relation at least comprises the mapping relation between the combined access type formed by the multiple access types and specific access limiting parameters; or according to the at least two access types, matching the access limiting parameters respectively corresponding to the at least two access types in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameters; or selecting one access type from the at least two access types, matching the access limiting parameter corresponding to the selected access type in a second mapping relation for describing different access types and specific access limiting parameters, and performing access control according to the matched access limiting parameter.

16. The terminal of claim 15, wherein if the third mapping further comprises a mapping of a single access type to specific access barring parameters, the processor is further configured to:

17. The terminal of claim 15 or 16, wherein if the terminal matches at least two access restriction parameters in the third mapping relationship, the processor is specifically configured to:

according to the use sequence set by the access network equipment, sequentially judging whether the matched at least two access limiting parameters are met, if the terminal meets the currently judged access limiting parameters, indicating the transceiver to send the connection request to the access network equipment, and if not, continuously judging the next access limiting parameter;

and if the terminal does not meet the last access limiting parameter in the matched at least two access limiting parameters, indicating the transceiver not to send the connection request.

18. The terminal of claim 15, wherein the processor is further configured to:

and respectively judging whether the matched access limiting parameters are met, if the terminal meets any one of the matched access limiting parameters, indicating the transceiver to send the connection request to the access network equipment, and otherwise, indicating the transceiver not to send the connection request.

19. The terminal of claim 15, wherein the processor is further configured to:

20. An access network device, characterized in that the access network device comprises:

a memory for storing program instructions;

a transceiver for receiving and transmitting data;

a processor for calling the program instructions stored in the memory to perform: the method comprises the steps of controlling a transceiver to send a third mapping relation to a terminal, wherein the third mapping relation at least comprises a mapping relation between a combined access type formed by a plurality of access types and specific access limiting parameters, the access types are used for identifying corresponding access limiting parameters, and controlling the transceiver to receive a connection request sent by the terminal, and the connection request is that when the terminal needs to send the connection request to an access network device, at least two access types are matched in a first mapping relation between attributes used for describing the connection request and the access types according to the attributes of the connection request, the corresponding access limiting parameters are matched in the third mapping relation according to the combined access type formed by the at least two access types, and access control is carried out according to the matched access limiting parameters and the access control is sent.

21. The access network device of claim 20, wherein if the third mapping relationship further includes a mapping relationship between a single access type and a specific access restriction parameter, the connection request is that when the terminal needs to send a connection request to the access network device, at least two access types are matched in the first mapping relationship between the attribute for describing the connection request and the access type according to the attribute of the connection request, and corresponding access restriction parameters are matched in the third mapping relationship according to a combined access type formed by the at least two access types and the at least two access types, and access control is performed according to the matched access restriction parameters and sent.