CN109963320A

CN109963320A - The control method and equipment of service access

Info

Publication number: CN109963320A
Application number: CN201811545031.XA
Authority: CN
Inventors: 张万强; 赵旸; 弗兰克马德曼
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2012-10-26
Filing date: 2012-10-26
Publication date: 2019-07-02
Anticipated expiration: 2032-10-26
Also published as: CN104662966B; CN104662966A; CN109963320B; WO2014063360A1

Abstract

The invention discloses a kind of control methods of service access, the method passes through pre-configuration by terminal, or service lists information or grade of service index information are obtained from network, the service lists information includes the identification information for the business for allowing and/or forbidding, and the grade of service index information includes the mark and class information for the business for allowing and/or forbidding；After the terminal receives the instruction that the network issues, then judge whether the business that terminal to be initiated allows to access according to the service lists information or grade of service index information, if, then the terminal service access to be initiated request is initiated to the network, if it is not, then forbidding initiating the terminal service access to be initiated request to the network.Internet resources can be saved in special scenes or in the case where network congestion to realize, ensure the access of permission business, reinforce operator to the processing capacity of control and the emergency event of business.

Description

The control method and equipment of service access

Technical field

The invention belongs to the communications field more particularly to the control methods and equipment of service access.

Background technique

In recent years, mobile Internet application development is rapid, and mobile phone terminal can easily download the various application programs of installation.But It is in the case where network congestion, these applications will aggravate wireless access network (Radio AccessNetwork, RAN) or core The congestion of the side net (Core Network, CN).When congestion occurs for network, certain application access networks should be forbidden to save network Resource.In addition, some applications also result in problem, such as certain applications can leak of user in the case where user does not permit People's information violates local law.Therefore, should provide a kind of mechanism allows network that can forbid certain applications access networks.And it is another Aspect, certain applications are extremely important under special circumstances, such as when natural calamity occurs, the service of disaster information announcement board or calamity Do harm to the safety that voice information services etc. can allow people to confirm relatives.Therefore it is hoped that there will be a kind of control access mechanisms for operator, i.e., Network remains to provide access for above-mentioned critical services in the case where congestion occurs, and can forbid other business simultaneously to guarantee The use of important service.

Third generation partner program (The 3rd Generation Partnership Project, 3GPP) has proposed The mechanism of some access controls such as access rank and forbid (Access Class Barring, ACB), domain access control (Domain Specific Access Control, DSAC), service access control (Service Specific Access Control, SSAC) and the access control (Extended Access Barring, EAB) of extension etc..ACB and EAB is gathered around in network The user terminal of all business initiates (Mobile origination, MO) request, DSAC mechanism on limiting terminal in the case of plug Only controlling terminal can initiate circuit switching (Circuit Switched, CS) domain business or packet switch (Packet Switched) domain business, also only the business such as voice or visual telephone are initiated in control to SSAC.

It can be realized the permission or limitation control to specific transactions there has been no a kind of mechanism at present, it is therefore desirable to provide one kind Mechanism still allows specific transactions to access network in the case where access control is implemented.Based on the demand, 3GPP normal structure Propose data connection and congestion control (Application specific Congestion control based on business For Data Connectivity, ACDC) research project, it discusses to above-mentioned application scenarios and demand, but do not mention also at present Corresponding solution out.

Summary of the invention

The embodiment of the invention provides the control methods of service access, realize and access network-based control to specific transactions.? When network congestion or disaster occur, network advertisement terminal ACDC starting is carried out the control of business by terminal, or by network Terminal access message is controlled, guarantees still to allow specific transactions to access network in the case where access control is implemented, and is prohibited Only other service access networks.Internet resources can be saved in special scenes or in the case where network congestion in this way, ensure and permit Perhaps the access of business reinforces operator to the processing capacity of control and the emergency event of business.

In a first aspect, a kind of control method of service access, which is characterized in that the described method includes:

Terminal obtains service lists information or grade of service index information, the service lists information include allow and/or The identification information for the business forbidden, the grade of service index information include the mark and grade for the business for allowing and/or forbidding Information；

After the terminal receives the instruction that the network issues, then according to the service lists information or grade of service rope Fuse breath judges whether the business that terminal to be initiated allows to access, if so, initiating what the terminal to be initiated to the network Service access request, if it is not, then forbidding initiating the terminal service access to be initiated request to the network.

In the possible implementation of the first of first aspect, the terminal obtains service lists information or industry from network Business hierarchy index information specifically:

The terminal reception service lists information or grade of service index information by way of OMA DM by the network.

In the possible implementation of second of first aspect, the terminal obtains service lists information or industry from network Business hierarchy index information specifically:

The terminal reception service lists information or grade of service index letter by way of NAS signaling by the network Breath.

In the third possible implementation of first aspect, the terminal obtains service lists information or industry from network Business hierarchy index information specifically:

, the terminal reception service lists information or grade of service index letter by way of system broadcasts by the network Breath.

With reference to first aspect or the first possible implementation of first aspect or with reference to first aspect second can Can implementation or the third possible implementation with reference to first aspect, the 4th kind of possible realization side of first aspect Formula, it is described after receive the instruction that the network issues when the terminal, then according to the service lists information or grade of service rope Fuse breath judges whether the business that terminal to be initiated allows specifically:

After the terminal receives the instruction that the network issues, the Non-Access Stratum or access layer of the terminal are according to the industry Business list information or grade of service index information judge whether the business that terminal to be initiated allows to access.

With reference to first aspect or the first possible implementation of first aspect or with reference to first aspect second can 4th kind of possible realization of the implementation or the third possible implementation or first aspect with reference to first aspect of energy Mode, the 5th kind of possible implementation of first aspect, the method also includes:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When allowing to access, then the terminal establishes connection request message to network initiation, and carrying business in the solicited message is The mark of no permission, so that the network judges whether the business that the terminal to be initiated allows according to the mark.

The 5th kind of possible implementation with reference to first aspect, it is described when the terminal is according to the service lists information Or the grade of service index information business that judges that terminal to be initiated when allowing, then the terminal is believed to the network initiated request It ceases, the mark whether business that carries in the solicited message allows, so that the network judges the terminal according to the mark Whether the business to be initiated allows specifically:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When permission, then the access layer of the terminal initiates RRC connection request information to the network, in the RRC connection request information The mark whether carrying business allows, so that the network judges whether the business that the terminal to be initiated permits according to the mark Perhaps it accesses；

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When allowing to access, then the Non-Access Stratum of the terminal initiates NAS message to the network, and carrying business in the NAS message is The mark of no permission, so that the network judges whether the business that the terminal to be initiated allows to access according to the mark.

6th kind of possible implementation of first aspect, the terminal receive the instruction that the network issues specifically:

The terminal is by way of system broadcast message or the mode of the mode of dedicated signaling or application layer is obtained from network Fetching is shown.

The 6th kind of possible implementation with reference to first aspect, it is described when the terminal receives the finger that the network issues After showing, then judge whether the business that terminal to be initiated allows specifically according to the service lists information or grade of service index information Are as follows:

After the terminal receives the instruction that the network issues, the terminal is arranged by terminal firewall according to the business Table information or grade of service index information judge whether the business that terminal to be initiated allows to access.

Second aspect, a kind of control method of service access, which comprises

Service lists information or grade of service index information are configured to terminal by network；

The instruction that the network is issued to the terminal, so that the terminal is according to the service lists information or business etc. Grade index information judges whether the business that terminal to be initiated allows to access.

The possible implementation of the first of second aspect, the network configuration service lists information or grade of service index Information is to terminal specifically:

The network by way of OMA DM configuration service list information or configuration service hierarchy index information to terminal.

The possible implementation of second of second aspect, the network configuration service lists information or grade of service index Information is to terminal specifically:

The network configuration service list information or configuration service hierarchy index information by way of NAS signaling are given eventually End.

The third possible implementation of second aspect, the network configuration service lists information or grade of service index Information is to terminal specifically:

The network configuration service list information or configuration service hierarchy index information by way of system broadcasts are given eventually End.

Second in conjunction with the possible implementation of the first of second aspect or second aspect or combination second aspect can The implementation of energy or the third the possible implementation for combining second aspect, the 4th kind of possible realization side of second aspect Formula, the network issue instruction to the terminal specifically:

The network is by way of system broadcasts or the mode of dedicated signaling sends an indication to terminal.

In conjunction with the 4th kind of possible implementation of second aspect, the 5th kind of possible implementation of second aspect, institute State method further include:

What the network received that the terminal sends establishes connection request message, and described establish in connection request message carries Whether business allows the mark accessed；

The network judges whether the business that terminal to be initiated allows to access according to the mark.

In conjunction with the 5th kind of possible implementation of second aspect, the 6th kind of possible implementation of second aspect, institute The mark business whether carried in the solicited message that network is sent according to the terminal allows is stated, judges the industry to be initiated of terminal Whether business allows specifically:

Whether business permission is carried in the RRC connection request information that the wireless access network of the network is initiated according to terminal Mark, judges whether the business that terminal to be initiated allows.

In conjunction with the 5th kind of possible implementation of second aspect, the 7th kind of possible implementation of second aspect, institute The mark business whether carried in the solicited message that network is sent according to the terminal allows is stated, judges the industry to be initiated of terminal Whether business allows specifically:

The mark that business permission whether is carried in the NAS message that the core net of the network is initiated according to terminal, judges end Whether the business to be initiated of end allows.

8th kind of possible implementation of second aspect, the network believe service lists information or grade of service index Breath is configured to terminal specifically:

Service lists information or grade of service index information are configured to terminal by SOCKS server by the network.

In conjunction with the 8th kind of possible implementation of second aspect, the instruction that the network is issued to the terminal is specific Are as follows:

The network is by way of system broadcasts or the mode of the mode of dedicated signaling or application layer is to the terminal Issue instruction.

The third aspect, a kind of terminal device, the equipment include:

Acquiring unit obtains service lists information or grade of service index information, the service lists information for terminal Identification information comprising the business for allowing and/or forbidding, the grade of service index information include the business for allowing and/or forbidding Mark and class information；The service lists information or grade of service index information that the acquiring unit will acquire are sent to access Control unit；

The access control unit, for after the terminal receives the instruction that the network issues, then according to the industry Business list information or grade of service index information judge whether the business that terminal to be initiated allows to access, if so, to the net Network initiates the terminal service access to be initiated request, if it is not, then forbidding initiating what the terminal to be initiated to the network Service access request.

The possible implementation of the first of the third aspect, the acquiring unit are specifically used for:

The possible implementation of second of the third aspect, the acquiring unit are specifically used for:

The third possible implementation of the third aspect, the acquiring unit are specifically used for:

Second in conjunction with the possible implementation of the first of the third aspect or the third aspect or the third aspect is possible The possible implementation of the third of implementation or the third aspect, the 4th kind of possible implementation of the third aspect are described Access control unit is specifically used for:

Second in conjunction with the possible implementation of the first of the third aspect or the third aspect or the third aspect is possible 4th kind of possible implementation of the possible implementation of the third of implementation or the third aspect or the third aspect, third 5th kind of possible implementation of aspect, the equipment further include:

Unit is identified, for judging terminal according to the service lists information or grade of service index information when the terminal When the business to be initiated allows, then to the network initiated request information, carry business in the solicited message is the terminal The mark of no permission, so that the network judges whether the business that the terminal to be initiated allows according to the mark.

In conjunction with the 5th kind of possible implementation of the third aspect, the mark unit is specifically used for:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When allowing to access, then the access layer of the terminal initiates radio resource control RRC connectivity request message to the network, described The mark whether business allows is carried in RRC connection request information, so that the network judges the terminal according to the mark Whether the business to be initiated, which allows, is accessed；

6th kind of possible implementation of the third aspect, the access control unit are specifically used for:

In conjunction with the 6th kind of possible implementation of the third aspect, the access control unit is specifically used for:

Fourth aspect, a kind of network element device, the equipment include:

Service lists information or grade of service index information are configured to terminal for network by configuration unit；

Issuance unit, for the instruction that the network is issued to the terminal, so that the terminal is arranged according to the business Table information or grade of service index information judge whether the business that terminal to be initiated allows to access.

The possible implementation of the first of fourth aspect, the configuration unit are specifically used for:

The possible implementation of second of fourth aspect, the configuration unit are specifically used for:

The third possible implementation of fourth aspect, the configuration unit are specifically used for:

Second in conjunction with the possible implementation of the first of fourth aspect or fourth aspect or fourth aspect is possible The possible implementation of the third of implementation or fourth aspect, the 4th kind of possible implementation of fourth aspect are described Issuance unit is specifically used for:

In conjunction with the 4th kind of possible implementation of fourth aspect, the 5th kind of possible implementation of fourth aspect, institute State equipment further include:

Processing unit receives the connection request message of establishing of the terminal transmission for the network, described to establish connection The mark whether business allows to access is carried in request message；

In conjunction with the 5th kind of possible implementation of fourth aspect, the processing unit is specifically used for:

6th kind of possible implementation of fourth aspect, the configuration unit are specifically used for:

Service lists information or grade of service index information are handed down to terminal by SOCKS server by the network.

In conjunction with the 6th kind of possible implementation of fourth aspect, the issuing unit is specifically used for:

5th aspect, a kind of terminal device, the equipment include:

The first possible implementation of 5th aspect, the equipment includes processor, communication interface, memory and total Line；

Wherein processor, communication interface, memory complete mutual communication by bus；

The communication interface, for being communicated with network element device；

The processor, for executing program；

The memory, for storing program；

Wherein for terminal, by being pre-configured, or from network, acquisition service lists information or the grade of service index letter to program Breath, the service lists information or grade of service index information include the identification information for the business for allowing and/or forbidding；For working as After the terminal receives the instruction that the network issues, then judged according to the service lists information or grade of service index information Whether the business to be initiated of terminal allows to access, and asks if so, initiating the service access that the terminal to be initiated to the network It asks, if it is not, then forbidding initiating the terminal service access to be initiated request to the network.

In conjunction with the first possible implementation of the 5th aspect, second of possible implementation of the 5th aspect, institute Acquiring unit is stated to be specifically used for:

In conjunction with the first possible implementation of the 5th aspect, the third possible implementation of the 5th aspect, institute Acquiring unit is stated to be specifically used for:

In conjunction with the first possible implementation of the 5th aspect, the 4th kind of possible implementation of the 5th aspect, institute Acquiring unit is stated to be specifically used for:

The terminal reception service lists information or grade of service index letter by way of system broadcasts by the network Breath.

In conjunction with the 5th aspect the first possible implementation or the 5th aspect second of possible implementation or The 4th kind of possible implementation of the third possible implementation of the 5th aspect or the 5th aspect, the 5th of the 5th aspect the The possible implementation of kind, the access control unit are specifically used for:

In conjunction with the 5th aspect the first possible implementation or the 5th aspect second of possible implementation or The of the 4th kind of possible implementation or the 5th aspect of the third possible implementation of 5th aspect or the 5th aspect Five kinds of possible implementations, the 6th kind of possible implementation of the 5th aspect, the equipment further include:

In conjunction with the 6th kind of possible implementation of the 5th aspect, the mark unit is specifically used for:

In conjunction with the first possible implementation of the 5th aspect, the 7th kind of possible implementation of the 5th aspect, institute Access control unit is stated to be specifically used for:

In conjunction with the 7th kind of possible implementation of the 5th aspect, the 8th kind of possible implementation of the 5th aspect, institute Access control unit is stated to be specifically used for:

6th aspect, a kind of network element device, the network element device include:

Issuance unit is used for, the instruction that the network is issued to the terminal, so that the terminal is arranged according to the business Table information or grade of service index information judge whether the business that terminal to be initiated allows to access.

The first possible implementation of 6th aspect, the network element device includes processor, communication interface, memory And bus:

The communication interface, for being communicated with terminal device；

The processor, for executing program；

The memory, for storing program；

Wherein service lists information or grade of service index information are configured to terminal for network by program；, the network The instruction issued to the terminal, so that the terminal judges eventually according to the service lists information or grade of service index information Whether the business to be initiated of end allows to access.

In conjunction with the first possible implementation of the 6th aspect, second of possible implementation of the 6th aspect, institute Configuration unit is stated to be specifically used for:

In conjunction with the first possible implementation of the 6th aspect, the third possible implementation of the 6th aspect, institute Configuration unit is stated to be specifically used for:

In conjunction with the first possible implementation of the 6th aspect, the 4th kind of possible implementation of the 6th aspect, institute Configuration unit is stated to be specifically used for:

, the network configuration service list information or configuration service hierarchy index information by way of system broadcasts are given eventually End.

In conjunction with the 6th aspect the first possible implementation method or the 6th aspect second of possible implementation method or The 4th kind of possible implementation method of the third possible implementation method of the 6th aspect or the 6th aspect, the of the 6th aspect Five kinds of possible implementation methods, the issuing unit are specifically used for:

In conjunction with the 5th kind of possible implementation of the 6th aspect, the 6th kind of possible implementation of the 6th aspect, institute State equipment further include:

In conjunction with the 6th kind of possible implementation of the 6th aspect, the processing unit is specifically used for:

In conjunction with the first possible implementation of the 6th aspect, the 7th kind of possible implementation of the 6th aspect, institute Configuration unit is stated to be specifically used for:

In conjunction with the 7th kind of possible implementation of the 6th aspect, the issuing unit is specifically used for:

The invention discloses a kind of control method of service access, the method obtains business column by terminal from network Table information or grade of service index information；After the terminal receives the instruction that the network issues, then arranged according to the business Table information or grade of service index information judge whether the business that terminal to be initiated allows, if so, initiating institute to the network The business to be initiated of terminal is stated, if it is not, then forbidding initiating the business to be initiated of the terminal to the network；The network can also The service access message to be initiated the terminal is verified, and realizes that network controls the business to be initiated of the terminal System.By above-mentioned terminal or network-based control, realizes the service access control under special scenes or network congestion, save net Network resource reinforces operator to the processing capacity of control and the emergency event of business to ensure the access of permission business.

Detailed description of the invention

It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability For the those of ordinary skill of domain, without any creative labor, it can also be obtained according to these attached drawings others Attached drawing.

Fig. 1 is a kind of control method flow chart for service access that the embodiment of the present invention one provides；

Fig. 2 is a kind of control method flow chart of service access provided by Embodiment 2 of the present invention；

Fig. 3 is a kind of control method flow chart for service access that the embodiment of the present invention three provides；

Fig. 4 is a kind of control method flow chart for service access that the embodiment of the present invention four provides；

Fig. 5 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Fig. 6 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Fig. 7 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Fig. 8 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Fig. 9 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 10 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 11 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 12 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 13 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 14 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention；

Figure 15 is a kind of equipment structure chart for terminal device that the embodiment of the present invention five provides；

Figure 16 is a kind of equipment structure chart for network element device that the embodiment of the present invention six provides；

Figure 17 is a kind of equipment structure chart for terminal device that the embodiment of the present invention seven provides；

Figure 18 is a kind of equipment structure chart for network element device that the embodiment of the present invention eight provides.

Specific embodiment

In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.

The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Embodiment one

It is a kind of method flow diagram of the control for service access that the embodiment of the present invention one provides with reference to Fig. 1, Fig. 1.Such as Fig. 1 It is shown, method includes the following steps:

Step 101, terminal obtains service lists information or grade of service index information, and the service lists information includes to permit Perhaps and/or the identification information of business forbidden, the grade of service index information includes the mark for the business for allowing and/or forbidding And class information；

In this step, terminal can obtain service lists information or grade of service index information by way of pre-configuration. The service lists information or grade of service index information can be stored in SIM cards of mobile phones in advance by the mode of the pre-configuration On, the service lists information can be black or white list form, include the service identification for allowing or forbidding business in list. The grade of service index information includes allowing or forbidding outside the service identification of business, further includes the hierarchy index letter of type of service Breath, business is divided, and establish index information according to division by the type of business, allows terminal to preset type Business carries out permission or quiescing, and permission or quiescing can also be carried out to different grades of business.

In this step, according to the service lists information, when the business that the terminal to be initiated is believed in the service lists It is allowed in breath, then judges that the business that the terminal to be initiated allows to access；

Or according to the grade of service index information, believe when the business that the terminal to be initiated is indexed in the grade of service It is the grade for belonging to permission in breath, then judges that the business that the terminal to be initiated allows to access.

Wherein, terminal obtains service lists information from network or the mode of grade of service index information includes but is not limited to Such as under type: passing through open type moving alliance device management (Open Mobile Alliance Device by receiving network Management, OMA DM) mode service lists information or grade of service index information, or receive network pass through Non-Access Stratum The mode service lists information or grade of service index information of (Non-Access Stratum, NAS) signaling, or receive network and lead to The service lists information or grade of service index information that the mode of system broadcasts issues are crossed, or, the terminal is received by the net Network service lists information or grade of service index information by way of system broadcasts.

Preferable, the terminal obtains service lists information or grade of service index information from network specifically:

In this step, service lists information or grade of service index information are configured to institute by way of OMA DM by network State terminal.With specific reference to the step 501 of Fig. 5, network is indexed service lists information or the grade of service by way of OMA DM Information configuration is to terminal.

Wherein, service lists information or business that the terminal is issued by way of receiving the network by OMA DM Hierarchy index information allows to carry out configuration service list information or grade of service index information to the single user of terminal.

In this step, NAS signaling includes but is not limited to that terminal initiates attachment or tracing section updating or Routing Area Update or PDN The mode of connection request message is established in connection foundation etc., when the core net of the network is in attachment or tracing section updating or Route Area The terminal is sent by service lists information or grade of service index information in the response messages such as update or PDN connection foundation. Step 601 with specific reference to Fig. 6 and 602.

Wherein, service lists information or industry that the terminal is issued by way of receiving the network by NAS signaling Business hierarchy index information allows to carry out configuration service list information or grade of service index information to the single user of terminal.

In this step, if congestion occurs for core net, by network congestion condition notification to wireless access network；It is described wirelessly to connect It networks in the case where knowing that congestion occurs for core network congestion or itself, determines data connection congestion control of the starting based on business Make (Application specific Congestion control for Data Connectivity, ACDC) message；Nothing For line access by system broadcast message, notice terminal will start ACDC, and simultaneity factor broadcast message carries ACDC service lists Information configuration is to terminal.Specific steps are with reference to the step 701-703 in Fig. 7.

Wherein, service lists information or industry that the terminal is issued by way of receiving the network by system broadcasts Business hierarchy index information allows to carry out all users of terminal to configure identical service lists information or grade of service rope Fuse breath, but configuration service list information or grade of service index information can not be carried out to the single user of terminal.

Step 102, after the terminal receives the instruction that the network issues, then according to the service lists information or industry Business hierarchy index information judges whether the business that terminal to be initiated allows, if so, initiating the terminal to the network will send out The service access request risen, if it is not, then forbidding initiating the terminal service access to be initiated request to the network.

In this step, the service lists information or grade of service index information include that business allows and/or forbids accessing Information, when terminal receives the business to be initiated of the terminal that the network issues, according to the service lists information or business etc. The information whether business to be initiated of terminal in grade index information allows to access, judges business that terminal to be initiated in the industry Whether allow to access in business list information or grade of service index information, if so, initiating the terminal to the network will send out The service access request risen, if it is not, then forbidding initiating the terminal service access to be initiated request to the network.The finger Show for notifying the terminal to carry out access control to business, for example, the instruction can be instruction or the network hair of ACDC starting The instruction of raw congestion.

It is preferable, after the terminal receives the instruction that the network issues, then according to the service lists information or Grade of service index information judges whether the business that terminal to be initiated allows specifically:

After the terminal receives the instruction that the network issues, the Non-Access Stratum of the terminal is believed according to the service lists Breath or grade of service index information judge whether the business that terminal to be initiated allows.

Wherein, the instruction that network issues includes but is not limited to using the mode for issuing instruction.

Can be preferential, it is described after receive the instruction that the network issues when the terminal, then according to service lists letter Breath or grade of service index information judge whether the business that terminal to be initiated allows specifically:

After the terminal receives the instruction that the network issues, the access layer of the terminal is according to the service lists information Or grade of service index information judges whether the business that terminal to be initiated allows.

In this step, when terminal receives what the network issued by way of OMA DM or NAS signaling or system broadcasts When service lists information or grade of service index information, after the terminal receives the instruction below the network, the terminal Access layer or Non-Access Stratum the industry to be initiated of terminal judged according to the service lists information or grade of service index information Whether business allows.With specific reference to the explanation in Fig. 5, Fig. 6, Fig. 7.

Preferable, it is described after the terminal receives the network and issues instruction, then according to the service lists information Or grade of service index information judges whether the business that terminal to be initiated allows specifically:

After the terminal receives the instruction that the network issues, the terminal is arranged by terminal firewall according to the business Table information or grade of service index information judge whether the business that terminal to be initiated allows.

In this step, with reference to shown in the step 806 of Fig. 8, UE firewall judges whether business permits by checking service lists Perhaps；With reference to shown in the step 903 of Fig. 9, whether UE firewall allows according to business, is allowed by open or closed port or is refused Exhausted service lists.

Preferable, the terminal receives the instruction that the network issues specifically:

The terminal is obtained from network by way of system broadcast message and is indicated.

In this step, congestion occurs for wireless access network or core net occurs to notify wireless access network when congestion；Wirelessly connect It networks and sends ACDC starting notice and service lists information or grade of service index information to SOCKS server, it is described wirelessly to connect When networking through system broadcast message to terminal Non-Access Stratum or access layer notice starting ACDC, at the same by service lists information or Grade of service index information is sent to the terminal Non-Access Stratum or access layer.With specific reference to the step 801-803 of Fig. 8.

The terminal by way of dedicated signaling or the mode of application layer from network obtain indicate.

In this step, core net occurs under congestion situation, and congestion occurs by core net notice SOCKS server core net； Or when wireless access network generation congestion, congestion is occurred by wireless access network notice SOCKS server wireless access network.Fire prevention After wall server receives core net or wireless access network congestion information, it is (whole to UE firewall to send ACDC starting notification message Hold firewall), while service lists information or grade of service index information are sent to UE firewall.With specific reference to being walked in Fig. 9 Rapid 901-902.

The embodiment of the invention discloses a kind of control method of service access, the method terminal is by being pre-configured or from net Service lists information or grade of service index information are obtained in network；After the terminal receives the instruction that the network issues, then Judge whether the business that terminal to be initiated allows according to the service lists information or grade of service index information, if so, to The network initiates the business to be initiated of the terminal, if it is not, then forbidding initiating the industry to be initiated of the terminal to the network Business.Service access control in the case where realization special scenes or network congestion, saves Internet resources to ensure permission business Access reinforces operator to the processing capacity of control and the emergency event of business.

Embodiment two

It is a kind of method flow diagram of the control of service access provided by Embodiment 2 of the present invention with reference to Fig. 2, Fig. 2.Such as Fig. 2 It is shown, which comprises

Step 201, terminal obtains service lists information or grade of service index information, and the service lists information includes to permit Perhaps and/or the identification information of business forbidden, the grade of service index information includes the mark for the business for allowing and/or forbidding And class information；

Step 202, after the terminal receives the instruction that the network issues, then according to the service lists information or industry Business hierarchy index information judges whether the business that terminal to be initiated allows to access, if so, initiating the terminal to the network The service access to be initiated request, if it is not, then forbidding initiating the terminal service access to be initiated request to the network；

Step 203, when the terminal judges that terminal will be sent out according to the service lists information or grade of service index information When the business risen allows to access, then the terminal establishes connection request message to network initiation, takes in the solicited message With the mark whether business allows, so that the network judges whether the business that the terminal to be initiated permits according to the mark Perhaps.

Preferable, it is described that terminal is judged according to the service lists information or grade of service index information when the terminal When the business to be initiated allows, then the terminal establishes connection request message to network initiation, takes in the solicited message With the mark whether business allows, so that the network judges whether the business that the terminal to be initiated allows according to the mark Specifically:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When allowing to access, then the access layer of the terminal initiates radio resource control RRC connectivity request message to the network, described The mark whether business allows is carried in RRC connection request information, so that the network judges the terminal according to the mark Whether the business to be initiated, which allows, is accessed.

In this step, in conjunction with Figure 10, the embodiment of Figure 11, Figure 12, when the terminal according to the service lists information or When the business that grade of service index information judges that terminal to be initiated allows, then the access layer of the terminal is initiated to the network RRC connection request information, the mark whether business that carries in the RRC connection request information allows so that the network according to The mark judges whether the business that the terminal to be initiated allows.With specific reference to shown in Figure 13.

Wherein, when terminal judges that business allows by access layer, it is subsequent continue to send RRC connection to network establish connection and ask Carrying IE value in message is sought, so that the network continues to judge whether business allows according to the IE value.It can be right to realize Business does further detection, prevents that correct judgement can be done by network when terminal operating is detected and broken down.

Can be preferential, it is described that terminal is judged according to the service lists information or grade of service index information when the terminal When the business to be initiated allows, then to the network initiated request information, carry business in the solicited message is the terminal The mark of no permission, so that the network judges whether the business that the terminal to be initiated allows according to the mark specifically:

In this step, in conjunction with Fig. 5, embodiment in Fig. 6, Fig. 7, when the terminal is according to the service lists information or industry When the business that business hierarchy index information judges that terminal to be initiated allows, then the Non-Access Stratum of the terminal is initiated to the network NAS message, the mark whether business that carries in the NAS message allows, so that the network is according to mark judgement Whether the business to be initiated of terminal allows.With specific reference to shown in Figure 14.

Wherein, it is subsequent to continue to establish connection to network transmission RRC connection when terminal judges that business allows by Non-Access Stratum IE value is carried in request message, so that the network continues to judge whether business allows according to the IE value.It can be with to realize Further detection is done to business, prevents that correct judgement can be done by network when terminal operating is detected and broken down.

It is subsequent to continue to network when terminal judges that business allows by Non-Access Stratum or access layer in the embodiment of the present invention It sends RRC connection and establishes carrying information unit (Information Element, IE) in connection request message, indicate that the RRC connects Connecing request is initiated by permission business so that the network continues to judge whether business allows according to the IE value.It can to realize To do further detection to business, prevent from that correct judgement can be done by network when terminal operating is detected and broken down.

Embodiment three

It is a kind of method flow diagram of the control for service access that the embodiment of the present invention three provides with reference to Fig. 3, Fig. 3.It is described Method includes:

Step 301, service lists information or grade of service index information are configured to terminal by network；

Preferable, the network configuration service lists information or grade of service index information are to terminal specifically:

In this step, with reference to the step 501 or step 1001 of Fig. 5 or Figure 10.The network is matched by way of OMA DM Purchase of property business list information or configuration service hierarchy index information are to terminal.

Wherein, network can carry out configuration service list information or the grade of service to single user by way of OMA DM Index information.

In this step, the step 601 with reference to shown in Fig. 6 or Figure 11 and 602 or 1101 and 1102, when terminal is attached in initiation Or tracing section updating or Routing Area Update or PDN connection establish etc. when establishing connection request message, core net attachment or with By service lists information or grade of service index information in the response messages such as the update of track area or Routing Area Update or PDN connection foundation It is sent to terminal.

Wherein, network can carry out configuration service list information or business etc. to single user by way of NAS signaling Grade index information.

In this step, with reference to shown in the step 703 or step 1203 of Fig. 7 or Figure 12, wireless access network passes through system broadcasts Message, notice terminal access layer will start ACDC, while carrying ACDC business configuration list configuration by system broadcast message and arriving Terminal.

Wherein, network multiple users can be carried out configuring by way of system broadcasts identical service lists information or Grade of service index information.

In this step, with reference to Fig. 8 step 803 or Fig. 9 in step 902, the network is by SOCKS server by industry Business list information or grade of service index information are handed down to terminal.

Wherein, service lists information or grade of service index information are handed down to by network by way of SOCKS server Terminal can carry out configuration service list information or grade of service index information to single user.

Step 302, the instruction that the network is issued to the terminal, so that the terminal is believed according to the service lists Breath or grade of service index information judge whether the business that terminal to be initiated allows to access.

Preferable, the network issues instruction to the terminal specifically:

In this step, in conjunction with Fig. 5 or Fig. 6 or Fig. 7 or Figure 10 or Figure 11 or Figure 12 or embodiment shown in Fig. 8, the net Network is by way of system broadcasts or the mode of dedicated signaling sends an indication to terminal.

Preferable, the network issues instruction to the terminal specifically:

The network issues instruction to the terminal by way of application layer.

In this step, with reference to the step 902 of Fig. 9, the network issues instruction to the terminal by way of application layer.

The embodiment of the invention discloses a kind of control method of service access, the method terminal passes through network configuration business List information or grade of service index information are to terminal；, the network issues instruction to the terminal so that the terminal according to The service lists information or grade of service index information judge whether the business that terminal to be initiated allows.Realize special scenes or Service access control in the case where network congestion, saves Internet resources to ensure the access of permission business, reinforces operator pair The processing capacity of control and the emergency event of business.

Example IV

With reference to Fig. 4, figure is a kind of control mode flow chart for service access that the embodiment of the present invention four provides.

Step 401, service lists information or grade of service index information are configured to terminal by network；

Step 402, the network issues instruction to the terminal, so that the terminal is according to the service lists information Or grade of service index information judges whether the business that terminal to be initiated allows；

Step 403, the mark that the business whether carried in the solicited message that the network is sent according to the terminal allows, Judge whether the business that terminal to be initiated allows.

Preferable, the mark that the business whether carried in the solicited message that the network is sent according to the terminal allows Know, judge whether the business that terminal to be initiated allows specifically:

Illustrate embodiment one, embodiment two, embodiment three, the embodiment in example IV in order to clearer, below with The mode of Signalling exchange does more detailed description to embodiment one, two, three, four.Wherein, following figure Fig. 5, Fig. 6, Fig. 7, Fig. 8, Fig. 9, Figure 10, Figure 11, Figure 12, Figure 13, Figure 14 are the control methods for the Service control access that the embodiment of the present invention one, two, three, four provides Schematic diagram.

Fig. 5 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 5:

501, network is configured service lists to terminal by way of OMA DM, and service lists can be black or white list Form, include the service identification for allowing or forbidding business in list；

If 502, congestion occurs for core net, by network congestion condition notification to wireless access network；

503, in the case where knowing that congestion occurs for core network congestion or itself, wireless access network determines wireless access network Start ACDC；

504, wireless access network will start ACDC by system broadcast message, notice terminal access layer；For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

505, access layer is after receiving the ACDC initiation message of system broadcasts, by ACDC starting notice to the non-access of terminal Layer；

506, it when application layer initiates business, is sent from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request carries service related information, and the service related information is corresponding with the mark of business in service lists, such as all uses Application identities identify business；

507, the service identification that terminal Non-Access Stratum carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 501 see the business to be initiated in allowing service lists；

508, to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；If The business to be initiated then continues follow-up business start flow in allowing service lists.

Preferable, step 506, which can be used, in Fig. 5 sends terminal Non-Access Stratum for the application identities of service request, by Service identification information is sent to terminal access layer again by the terminal Non-Access Stratum, carries out whether business allows by terminal access layer Judgement；To initiation business not in the service lists of permission, then terminal Non-Access Stratum refuses the service request；To hair The business risen then continues follow-up business start flow, with specific reference to shown in Figure 10 in the service lists of permission.

Fig. 6 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 6:

601, terminal establishes connection request in initiation attachment or tracing section updating or Routing Area Update or PDN connection foundation etc. Message.

602, core net is in the response messages such as attachment or tracing section updating or Routing Area Update PDN connection foundation by business List is sent to terminal, and it includes the business for allowing or forbidding business in list that service lists, which can be black or white list form, Mark；

If 603, congestion occurs for core net, by network congestion condition notification to wireless access network；

604, in the case where knowing that congestion occurs for core network congestion or itself, wireless access network determines wireless access network Start ACDC；

605, wireless access network will start ACDC by system broadcast message, notice terminal access layer；For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

606, access layer is after receiving the ACDC initiation message of system broadcasts, by ACDC starting notice to the non-access of terminal Layer；

607, it when application layer initiates business, is sent from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request carries service related information, and the service related information is corresponding with the mark of business in service lists, such as all uses Application identities identify business；

608, the service identification that terminal Non-Access Stratum carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 602 see the business to be initiated in allowing service lists；

609, to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；If The business to be initiated then continues follow-up business start flow in allowing service lists.

In this Fig. 6, it can also judge whether business allows by terminal access layer, i.e., in step 606 by non-access ACDC service list is sent to access layer by layer.Service request is sent to Non-Access Stratum by application layer in step 607, then is connect by non- Enter layer and be sent to access layer, the judgement whether business allows is carried out by terminal access layer: not allowing industry to the business of initiation It is engaged in list, then terminal Non-Access Stratum refuses the service request；To initiation business allow service lists in, then continue after Continuous business start flow, with specific reference to shown in Figure 11.

Fig. 7 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 7:

If 701, congestion occurs for core net, by network congestion condition notification to wireless access network；

702, wireless access network determines starting ACDC in the case where knowing that congestion occurs for core network congestion or itself；

703, for wireless access network by system broadcast message, notice terminal access layer will start ACDC, simultaneity factor broadcast Message carries ACDC service lists and configures to terminal, and service lists can be the form of black/white business list, includes permitting in list Perhaps/forbid the service identification of business.For the terminal of connected state, the notification message of ACDC can also be sent by dedicated signaling, It is not limited to the advice method of broadcast message；

704, access layer is non-access to terminal by ACDC starting notice after receiving the ACDC initiation message of system broadcasts Layer.

705, it when application layer initiates business, is sent from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request carries service related information, and the service related information is corresponding with the mark of business in service lists, such as all uses Application identities identify business；

706, the service identification that terminal Non-Access Stratum carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 701 see the business to be initiated in allowing service lists；

707, to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；If The business to be initiated then continues follow-up business start flow in allowing service lists.

In Fig. 7, it can also judge whether business allows by terminal access layer, i.e. omited steps 704, and in step Service identification information is sent to terminal access layer by terminal Non-Access Stratum after 705, carries out whether business permits by terminal access layer Perhaps judgement: to initiation business not allow service lists in, then terminal Non-Access Stratum refuses the service request；To hair The business risen then continues follow-up business start flow in allowing service lists.With specific reference to shown in Figure 12.

Fig. 8 is a kind of control mode schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 8:

801, congestion occurs for wireless access network or core net occurs to notify wireless access network when congestion；

802, wireless access network sends ACDC starting notice and service lists to SOCKS server；

803, wireless access network notifies ACDC starting to terminal Non-Access Stratum/access layer by broadcast message, simultaneously will ACDC service lists are sent to Non-Access Stratum/access layer.For the terminal of connected state, the notification message of ACDC can also be by special It is sent with signaling, is not limited to the advice method of broadcast message；

804, terminal Non-Access Stratum/access layer notice UE firewall ACDC starting, while ACDC service lists being sent to UE firewall；

805, terminal applies layer/operating system sends service request and gives UE firewall, which carries service identification；

806, UE firewall checks ACDC service lists, confirms whether the business allows to initiate

807, UE firewall is initiated according to inspection result, permission/refusal business.

Fig. 9 is a kind of control mode schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 9:

901, core net occurs under congestion situation, and congestion occurs by core net notice SOCKS server core net；Or When congestion occurs for wireless access network, congestion is occurred by wireless access network notice SOCKS server wireless access network；

902, it after SOCKS server receives core net or wireless access network congestion information, sends ACDC and starts notification message UE firewall is given, while ACDC service list is handed down to UE firewall；

903, terminal firewall is first sent to when terminal originating service request, terminal firewall checks ACDC service list, Judge whether the business allows；

904, whether terminal firewall allows according to business, allows or refuse business to ask by open or closed port It asks, achievees the purpose that terminal side service initiates control.

Figure 10 is a kind of control mode schematic diagram of service access provided in an embodiment of the present invention.It is as shown in Figure 10:

1001, network is configured service lists to terminal by OMA DM (equipment management), and service lists can be black/white The form of list includes the traffic flag of Enable/Disable business in list；

1002, ACDC service lists are sent to access layer by Non-Access Stratum；

If 1003, congestion occurs for core net, by network congestion condition notification to wireless access network；

1004, wireless access network in the case where knowing that congestion occurs for core network congestion or itself, determine by wireless access network Surely start ACDC；

1005, wireless access network will start ACDC by system broadcast message, notice terminal access layer；For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

1006, it when application layer initiates business, is sent out from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request is sent, service related information is carried, the service related information is corresponding with the mark of business in service lists, such as all adopts Business is identified with application identities；

1007, the service identification that terminal access layer carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 1001 see the business to be initiated in allowing service lists；

1008a) to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；

1008b) then continue follow-up business start flow in allowing service lists to the business of initiation.

Figure 11 is a kind of control mode schematic diagram of service access provided in an embodiment of the present invention.It is as shown in figure 11:

1101, terminal is established connection and is asked in initiation attachment or tracing section updating or Routing Area Update or PDN connection foundation etc. Seek message.

1102, core net is in the response messages such as attachment or tracing section updating or Routing Area Update PDN connection foundation by industry Business list is sent to terminal, and it includes the industry for allowing or forbidding business in list that service lists, which can be black or white list form, Business mark；

If 1103, congestion occurs for core net, by network congestion condition notification to wireless access network；

1104, wireless access network in the case where knowing that congestion occurs for core network congestion or itself, determine by wireless access network Surely start ACDC；

1105, wireless access network will start ACDC by system broadcast message, notice terminal access layer；For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

1106, ACDC service list is sent to access layer by Non-Access Stratum；

1107, service request is sent to Non-Access Stratum by application layer, then is sent to access layer by Non-Access Stratum, is connect by terminal Enter layer and carry out the judgement that whether allows of business: to initiation business not in allowing service lists, then terminal Non-Access Stratum is refused The exhausted service request；To initiation business allow service lists in, then continue follow-up business start flow；

1108, the service identification that terminal access layer carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 1102 see the business to be initiated in allowing service lists；

1109, to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；If The business to be initiated then continues follow-up business start flow in allowing service lists.

Figure 12 is a kind of control mode schematic diagram of service access provided in an embodiment of the present invention.It is as shown in figure 12:

If 1201, congestion occurs for core net, by network congestion condition notification to wireless access network；

1202, wireless access network determines starting ACDC in the case where knowing that congestion occurs for core network congestion or itself；

1203, for wireless access network by system broadcast message, notice terminal access layer will start ACDC, simultaneity factor broadcast Message carries ACDC service lists and configures to terminal, and service lists can be the form of black/white business list, includes permitting in list Perhaps/forbid the service identification of business.For the terminal of connected state, the notification message of ACDC can also be sent by dedicated signaling, It is not limited to the advice method of broadcast message；

1204, it when application layer initiates business, is sent from application layer or application layer by operating system to the access layer of terminal Service request carries service related information, and the service related information is corresponding with the mark of business in service lists, such as all uses Application identities identify business；

1205, the service identification that terminal access layer carries in obtaining the service request that application layer or operating system are sent Afterwards, whether the ACDC service lists received in checking step 1201 see the business to be initiated in allowing service lists；

1206a), to the business of initiation not in allowing service lists, then terminal Non-Access Stratum refuses the service request；

1206a), then continue follow-up business start flow in allowing service lists to the business of initiation.

Figure 13 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention.The method includes as follows Step:

1301, terminal configures ACDC service lists, and configuration mode includes: terminal pre-configuration, or by way of OMA DM, Or it is broadcasted by system message to terminal, or obtained by processes such as attachment/tracing section updating/Routing Area Update/PDN connection foundation Take ACDC service lists.The embodiment is without restriction to the mode of configurating terminal ACDC service lists.Service lists can be it is black/ The form of white list includes the service identification of Enable/Disable business in list；

If 1302, congestion occurs for core net, by network congestion condition notification to wireless access network；

1303, wireless access network in the case where knowing that congestion occurs for core network congestion or itself, determine by wireless access network Surely start ACDC；

1304, wireless access network will start ACDC by system broadcast message, notice terminal access layer.For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

1305, access layer is non-access to terminal by ACDC starting notice after receiving the ACDC initiation message of system broadcasts Layer；

1306, it when application layer initiates business, is sent out from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request is sent, service related information is carried, the service related information is corresponding with the mark of business in service lists, such as all adopts Business is identified with application identities；

1307, the service identification that terminal access layer carries in obtaining the service request that application layer or operating system are sent Afterwards, whether terminal ACDC service lists in checking step 1301 see the business to be initiated in allowing service lists；

1308, to the business of initiation in allowing service lists, then access layer is established connection in the RRC connection of initiation and is asked It asks in message, carries IE information, such as " MO-ACDC permitted ".

1309, network element checks that the RRC connects if wireless access network is when receiving RRC connection and establishing connection request message It connects to establish in connection request message and whether carries IE information described in step 1308, such as " MO-ACDC permitted ".

1310, network element, as wireless access network establishes in connection request message whether carry step according to RRC connection IE information described in 1308 establishes connection request message to determine whether accepting or rejecting RRC connection, if RRC connection is established RRC connection in connection request message not comprising this IE value is established connection request message and is prohibited, by the mechanism come to sending out The business risen is controlled.

Figure 14 is a kind of control method schematic diagram of service access provided in an embodiment of the present invention.The method is as follows:

1401, terminal configures ACDC service lists, and configuration mode includes: terminal pre-configuration, or by way of OMA DM, Or it is broadcasted by system message to terminal, or obtained by processes such as attachment/tracing section updating/Routing Area Update/PDN connection foundation Take ACDC service lists.The embodiment is without restriction to the mode of configurating terminal ACDC service lists.Service lists can be it is black/ The form of white list includes the service identification of Enable/Disable business in list；

If 1402, congestion occurs for core net, by network congestion condition notification to wireless access network；

1403, wireless access network in the case where knowing that congestion occurs for core network congestion or itself, determine by wireless access network Surely start ACDC；

1404, wireless access network will start ACDC by system broadcast message, notice terminal access layer.For connected state The notification message of terminal, ACDC can also be sent by dedicated signaling, be not limited to the advice method of broadcast message；

1405, access layer is non-access to terminal by ACDC starting notice after receiving the ACDC initiation message of system broadcasts Layer；

1406, it when application layer initiates business, is sent out from application layer or application layer by operating system to the Non-Access Stratum of terminal Service request is sent, service related information is carried, the service related information is corresponding with the mark of business in service lists, such as all adopts Business is identified with application identities；

1407, the service identification that terminal Non-Access Stratum carries in obtaining the service request that application layer or operating system are sent Afterwards, whether terminal ACDC service lists in checking step 1401 see the business to be initiated in allowing service lists；

1408, to the business of initiation in allowing service lists, then Non-Access Stratum establishes connection request in the NAS of initiation In message, such as service request or PDN connectivity reqeust message, IE information, such as " ACDC are carried service permitted”。

1409, network element checks that the NAS is established and connects if MME or SGSN is when receiving NAS and establishing connection request message It connects and whether carries IE information described in step 1408 in request message, such as " ACDC service permitted ".

1410, network element, if whether MME or SGSN is according to carrying IE information described in step 1408 in NAS message To determine whether accepting or rejecting NAS request, the NAS of this IE value is not included if established in connection request message in NAS message Message is prohibited, and is controlled by the mechanism the business to be initiated.

Embodiment five

It is a kind of terminal device structure chart provided in the embodiment of the present invention five with reference to Figure 15, Figure 15.The equipment includes:

Acquiring unit 1501 accesses control unit 1502, identifies unit 1503；

Wherein, acquiring unit 1501 is used to execute the step 101 in one Fig. 1 of embodiment, and access control unit 1502 is used for The step 102 in one Fig. 1 of embodiment is executed, mark unit 1503 is used to execute the step 203 of Fig. 2 in embodiment two.

Those of ordinary skill in the art will appreciate that be each included by the terminal device in the embodiment of the present invention five A unit is only divided according to the functional logic, but is not limited to the above division, as long as can be realized corresponding function Energy；In addition, the specific name of each functional unit is also only for convenience of distinguishing each other, the guarantor being not intended to limit this application Protect range.

Acquiring unit 1501 obtains service lists information or grade of service index information, the service lists for terminal Information includes the identification information for the business for allowing and/or forbidding, and the grade of service index information includes to allow and/or forbid The mark and class information of business；The service lists information or grade of service index information that the acquiring unit will acquire are sent to Access control unit；

In this unit, terminal can obtain service lists information or grade of service index information by way of pre-configuration. The service lists information or grade of service index information can be stored on SIM cards of mobile phones by the pre- mode in advance, described Service lists information can be black or white list form, include the service identification for allowing or forbidding business in list.The industry Business hierarchy index information includes allowing or forbidding outside the service identification of business, further includes the hierarchy index information of business importance, Business is divided by the priority of business, and index information is established according to division, allow terminal to certain business into Row allows or quiescing, and permission or quiescing can also be carried out to different grades of business.

Wherein, terminal obtains service lists information from network or grade of service index information includes but is not limited to pass through to connect Network service lists information or grade of service index information by way of OMA DM are received, or receives network and passes through NAS signaling Mode service lists information or grade of service index information, or receive the service lists that network is issued by way of system broadcasts Information or grade of service index information, or receive service lists information or industry that network is issued by the SOCKS server of network Business hierarchy index information.

Preferable, the acquiring unit 1501 is specifically used for:

In this unit, service lists information or grade of service index information are configured to institute by way of OMA DM by network State terminal.With specific reference to the step 501 of Fig. 5, network is indexed service lists information or the grade of service by way of OMA DM Information configuration is to terminal.

Preferable, the acquiring unit is specifically used for:

In this unit, terminal is initiating the foundation such as attachment or tracing section updating or Routing Area Update or PDN connection foundation company When connecing request message, the core net of the network is rung in attachment or tracing section updating or Routing Area Update or PDN connection foundation etc. It answers in message and sends the terminal for service lists information or grade of service index information.With specific reference to Fig. 6 step 601 and 602。

Preferable, the acquiring unit 1501 is specifically used for:

In this unit, if congestion occurs for core net, by network congestion condition notification to wireless access network；It is described wirelessly to connect It networks in the case where knowing that congestion occurs for core network congestion or itself, determines instruction；Wireless access network passes through system broadcasts Message, notice terminal will start ACDC, and simultaneity factor broadcast message carries ACDC service lists information configuration to terminal.Specific step The rapid step 701-703 with reference in Fig. 7.

The access control unit 1502, for after the terminal receives the instruction that the network issues, then according to institute It states service lists information or grade of service index information judges whether the business that terminal to be initiated allows, if so, to the net Network initiates the business to be initiated of the terminal, if it is not, then forbidding initiating the business to be initiated of the terminal to the network.

Preferable, the access control unit 1502 is specifically used for:

In this unit, when terminal receives what the network issued by way of OMA DM or NAS signaling or system broadcasts When service lists information or grade of service index information, after the terminal receives the instruction below the network, the terminal Access layer or Non-Access Stratum the industry to be initiated of terminal judged according to the service lists information or grade of service index information Whether business allows.With specific reference to the explanation in Fig. 5, Fig. 6, Fig. 7.

Preferable, the access control unit 1502 is specifically used for:

After the terminal receives the starting ACDC message that the network issues, the terminal is by terminal firewall according to institute It states service lists information or grade of service index information judges whether the business that terminal to be initiated allows.

In this unit, with reference to shown in the step 806 of Fig. 8, UE firewall judges whether business permits by checking service lists Perhaps；With reference to shown in the step 903 of Fig. 9, whether UE firewall allows according to business, is allowed by open or closed port or is refused Exhausted service lists.

Preferable, the access control unit 1502 is specifically used for:

In this unit, congestion occurs for wireless access network or core net occurs to notify wireless access network when congestion；Wirelessly connect It networks and sends ACDC starting notice and service lists information or grade of service index information to SOCKS server, it is described wirelessly to connect When networking through system broadcast message to terminal Non-Access Stratum or access layer notice starting ACDC, at the same by service lists information or Grade of service index information is sent to the terminal Non-Access Stratum or access layer.With specific reference to the step 801-803 of Fig. 8.

Preferable, the access control unit 1502 is specifically used for:

In this unit, core net occurs under congestion situation, and congestion occurs by core net notice SOCKS server core net； Or when wireless access network generation congestion, congestion is occurred by wireless access network notice SOCKS server wireless access network.Fire prevention After wall server receives core net or wireless access network congestion information, it is (whole to UE firewall to send ACDC starting notification message Hold firewall), while service lists information or grade of service index information are sent to UE firewall.With specific reference to being walked in Fig. 9 Rapid 901-902.

As another preferable embodiment, the equipment further include:

Unit 1503 is identified, for judging when the terminal according to the service lists information or grade of service index information When business that terminal to be initiated allows, then the terminal carries industry in the solicited message to the network initiated request information The mark whether business allows, so that the network judges whether the business that the terminal to be initiated allows according to the mark.

Preferable, the mark unit 1503 is specifically used for:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When permission, then the access layer of the terminal initiates RRC connection request information to the network, in the RRC connection request information The mark whether carrying business allows, so that the network judges whether the business that the terminal to be initiated permits according to the mark Perhaps.

In this unit, in conjunction with Figure 10, the embodiment of Figure 11, Figure 12, when the terminal according to the service lists information or When the business that grade of service index information judges that terminal to be initiated allows, then the access layer of the terminal is initiated to the network RRC connection request information, the mark whether business that carries in the RRC connection request information allows so that the network according to The mark judges whether the business that the terminal to be initiated allows.With specific reference to shown in Figure 13.

Preferable, the mark unit 1503 is specifically used for:

When the terminal judges the business to be initiated of terminal according to the service lists information or grade of service index information When permission, then the Non-Access Stratum of the terminal initiates NAS message to the network, carries whether business permits in the NAS message Perhaps mark, so that the network judges whether the business that the terminal to be initiated allows according to the mark.

In this unit, in conjunction with Fig. 5, embodiment in Fig. 6, Fig. 7, when the terminal is according to the service lists information or industry When the business that business hierarchy index information judges that terminal to be initiated allows, then the Non-Access Stratum of the terminal is initiated to the network NAS message, the mark whether business that carries in the NAS message allows, so that the network is according to mark judgement Whether the business to be initiated of terminal allows.With specific reference to shown in Figure 14.

The embodiment of the invention discloses a kind of equipment of control business, the equipment includes acquiring unit 1501, access control Unit 1502 processed, terminal obtain service lists information or the grade of service by acquiring unit 1501 for pre-configuration or from network Index information；It is used for after the terminal receives the instruction that the network issues by access control unit 1502, then according to institute It states service lists information or grade of service index information judges whether the business that terminal to be initiated allows, if so, to the net Network initiates the business to be initiated of the terminal, if it is not, then forbidding initiating the business to be initiated of the terminal to the network.It realizes Service access control in the case where special scenes or network congestion, saves Internet resources to ensure the access of permission business, adds Processing capacity of the strong operator to control and the emergency event of business.

Embodiment six

It is a kind of network element device structure chart that the embodiment of the present invention six provides with reference to Figure 16, Figure 16.The equipment includes:

Configuration unit 1601, issuance unit 1602, processing unit 1603；

Wherein, configuration unit 1601 is used to execute the step 301 in three Fig. 3 of embodiment, and issuance unit 1602 is for executing Step 302 in three Fig. 3 of embodiment, processing unit 1603 are used to execute the step 403 of Fig. 4 in example IV.

Service lists information or grade of service index information are configured to terminal for network by configuration unit 1601；

Preferable, configuration unit 1601 is specifically used for:

In this unit, with reference to the step 501 or step 1001 of Fig. 5 or Figure 10.The network is matched by way of OMA DM Purchase of property business list information or configuration service hierarchy index information are to terminal.

Preferable, the configuration unit 1601 is specifically used for:

In this unit, the step 601 with reference to shown in Fig. 6 or Figure 11 and step 602 or step 1101 and step 1102, when Terminal is when connection request message is established in initiation attachment or tracing section updating or Routing Area Update or PDN connection foundation etc., core Net is in the response messages such as attachment or tracing section updating or Routing Area Update or PDN connection foundation by service lists information or business Hierarchy index information is sent to terminal.

Preferable, the configuration unit 1601 is specifically used for:

In this unit, with reference to shown in the step 703 or step 1203 of Fig. 7 or Figure 12, wireless access network passes through system broadcasts Message, notice terminal access layer will start ACDC, while carrying ACDC business configuration list configuration by system broadcast message and arriving Terminal.

Preferable, the configuration unit 1601 is specifically used for:

In this unit, with reference to Fig. 8 step 803 or Fig. 9 in step 902, the network is by SOCKS server by industry Business list information or grade of service index information are handed down to terminal.

Issuance unit 1602, is used for, and the network issues instruction to the terminal, so that the terminal is according to the business List information or grade of service index information judge whether the business that terminal to be initiated allows.

Preferable, the issuing unit 1602 is specifically used for:

In this unit, in conjunction with Fig. 5 or Fig. 6 or Fig. 7 or Figure 10 or Figure 11 or Figure 12 or embodiment shown in Fig. 8, the net Network is by way of system broadcasts or the mode of dedicated signaling sends an indication to terminal.

Preferable, the issuing unit 1602 is specifically used for:

The network issues instruction to the terminal by way of application layer.

In this unit, with reference to the step 902 of Fig. 9, the network issues instruction to the terminal by way of application layer.

As a kind of preferable embodiment, the equipment further include:

Processing unit 1603, the business whether carried in the solicited message sent for the network according to the terminal permit Perhaps mark, judges whether the business that terminal to be initiated allows.

Preferable, the processing unit 1603 is specifically used for:

Embodiment seven

It is a kind of terminal device 1700 provided in an embodiment of the present invention with reference to Figure 17, Figure 17, the terminal device can be Cell phone etc., the specific embodiment of the invention do not limit the specific implementation of the terminal device.The equipment 1700 is wrapped It includes:

Processor (processor) 1701, communication interface (Communications Interface) 1702, memory (memory) 1703, bus 1704.

Processor 1701, communication interface 1702, memory 1703 complete mutual communication by bus 1704.

Communication interface 1702, for being communicated with network element；

Processor 1701, for executing program 1705.

Specifically, program 1705 may include program code, and said program code includes computer operation instruction.

Processor 1701 may be a central processor CPU or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.

Memory 1703, for storing program 1705.Memory 1703 may include high speed RAM memory, it is also possible to also Including nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Program 1705 specifically may be used To include:

Acquiring unit 1501 for terminal by pre-configuration, or obtains service lists information or the grade of service from network Index information, the service lists information or grade of service index information include the identification information for the business for allowing and/or forbidding；

Control unit 1502 is accessed, for after the terminal receives the instruction that the network issues, then according to the industry Business list information or grade of service index information judge whether the business that terminal to be initiated allows, if so, sending out to the network The business to be initiated of the terminal is played, if it is not, then forbidding initiating the business to be initiated of the terminal to the network.

Corresponding units in program 1705 in the specific implementation embodiment shown in Figure 15 of each unit, this will not be repeated here.

Embodiment eight

It is a kind of network element device 1800 provided in an embodiment of the present invention with reference to Figure 18, Figure 18, the specific embodiment of the invention is simultaneously The specific implementation of the terminal device is not limited.The equipment 1800 includes:

Processor (processor) 1801, communication interface (Communications Interface) 1802, memory (memory) 1803, bus 1804.

Processor 1801, communication interface 1802, memory 1803 complete mutual communication by bus 1804.

Communication interface 1802, for being communicated with network element；

Processor 1801, for executing program 1805.

Specifically, program 1805 may include program code, and said program code includes computer operation instruction.

Processor 1801 may be a central processor CPU or specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement the integrated electricity of one or more of the embodiment of the present invention Road.

Memory 1803, for storing program 1805.Memory 1803 may include high speed RAM memory, it is also possible to also Including nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Program 1805 specifically may be used To include:

Issuance unit 1602, is used for, the instruction that the network is issued to the terminal, so that the terminal is according to the industry Business list information or grade of service index information judge whether the business that terminal to be initiated allows.

Corresponding units in program 1805 in the specific implementation embodiment shown in Figure 16 of each unit, this will not be repeated here.

The foregoing is merely the preferred embodiment of the present invention, are not intended to limit the scope of the present invention..It is any Made any modifications, equivalent replacements, and improvements etc. within the spirit and principles in the present invention, should be included in the present invention claims Within scope.

Claims

1. a kind of control method of service access, which is characterized in that the described method includes:

Terminal obtains service lists information or grade of service index information, and the service lists information includes to allow and/or forbid Business identification information, the grade of service index information includes the mark and class information of business for allowing and/or forbidding；

After the terminal is received from network to be indicated, the terminal is according to the service lists information or grade of service index information Judge whether the business that the terminal to be initiated allows to access；

When the business to be initiated of terminal determination allows to access, then the terminal is asked to network originated traffic access It asks.

2. the method according to claim 1, wherein the terminal is according to the service lists information or business etc. Grade index information judges whether the business that the terminal to be initiated allows to access, comprising:

When the business that the terminal to be initiated is allowed in the service lists information, then the terminal judges the terminal The business to be initiated allows to access；

Or, when the business to be initiated of the terminal is the grade for belonging to permission in the grade of service index information, then it is described Terminal judges that the business that the terminal to be initiated allows to access.

3. the method according to claim 1, wherein the terminal obtains service lists information or grade of service rope Fuse breath, comprising:

The terminal receives the industry configured by way of open type moving alliance device management OMA DM by the network Business list information or the grade of service index information.

4. the method according to claim 1, wherein the terminal obtains service lists information or grade of service rope Fuse breath, comprising:

The terminal receives the service lists information configured by way of Non-Access Stratum NAS signaling by the network or institute State grade of service index information.

5. the method according to claim 1, wherein the terminal obtains service lists information or grade of service rope Fuse breath, comprising:

The terminal receives the service lists information or the business configured by way of system broadcasts by the network Hierarchy index information.

6. method according to claim 1-5, which is characterized in that the terminal is according to the service lists information Or grade of service index information judges whether the business that terminal to be initiated allows, comprising:

The Non-Access Stratum or access layer of the terminal are according to the service lists information or the judgement of grade of service index information Whether the business to be initiated of terminal allows to access.

7. any one of -6 method according to claim 1, which is characterized in that the method also includes:

When the terminal judges that the business that terminal to be initiated allows to access, then the terminal establishes connection to network initiation Request message, the mark establishing in connectivity request message the business that carries and whether allowing.

8. disappearing the method according to the description of claim 7 is characterized in that the terminal establishes connection request to network initiation Breath, comprising:

The access layer of the terminal initiates radio resource control RRC connection request message, the RRC connection request to the network The mark whether business allows is carried in message；Or

The Non-Access Stratum of the terminal initiates NAS message to the network, and the mark whether business allows is carried in the NAS message Know.

9. being indicated the method according to claim 1, wherein the terminal is received from network, comprising:

The terminal is by way of system broadcast message or the mode of the mode of dedicated signaling or application layer is obtained from the network Fetching is shown.

10. according to the method described in claim 9, it is characterized in that, the terminal is according to the service lists information or business Hierarchy index information judges whether the business that terminal to be initiated allows, comprising:

The terminal judges the terminal according to the service lists information or grade of service index information by terminal firewall Whether the business to be initiated, which allows, is accessed.

11. a kind of control method of service access, which is characterized in that the described method includes:

The network issues instruction to the terminal；

Wherein, the service lists information or grade of service index information are for judging whether the business that the terminal to be initiated permits Perhaps it accesses.

12. according to the method for claim 11, which is characterized in that the network is by service lists information or grade of service rope Fuse breath is configured to terminal, comprising:

The network configured by way of OMA DM the service lists information or the configuration grade of service index information to The terminal.

13. according to the method for claim 11, which is characterized in that the network is by service lists information or grade of service rope Fuse breath is configured to terminal, comprising:

The network configured by way of NAS signaling the service lists information or the configuration grade of service index information to The terminal.

14. according to the method for claim 11, which is characterized in that the network is by service lists information or grade of service rope Fuse breath is configured to terminal, comprising:

The network configures the service lists information or the configuration grade of service index information by way of system broadcasts To the terminal.

15. the described in any item methods of 1-14 according to claim 1, which is characterized in that the network is to bristling with anger under the terminal Show, comprising:

The network by way of system broadcasts or the mode of dedicated signaling by it is described instruction be sent to the terminal.

16. according to the method for claim 15, which is characterized in that the method also includes:

The network establishes connection request message from terminal reception, described to establish in connection request message whether carry business Allow the mark accessed；

17. according to the method for claim 16, which is characterized in that the connection request message of establishing includes that RRC connection is asked Seek message.

18. according to the method for claim 16, which is characterized in that the connection request message of establishing includes NAS message.

19. according to the method for claim 11, which is characterized in that the network is by service lists information or grade of service rope Fuse breath is configured to terminal, comprising:

The service lists information or the grade of service index information are configured to institute by SOCKS server by the network State terminal.

20. according to the method for claim 19, which is characterized in that the network issues instruction to the terminal, comprising:

The network is by way of system broadcasts or the mode of the mode of dedicated signaling or application layer is issued to the terminal The instruction.

21. a kind of terminal device, which is characterized in that the equipment includes:

Acquiring unit obtains service lists information for terminal or grade of service index information, the service lists information includes The identification information of business for allowing and/or forbidding, the grade of service index information include the mark for the business for allowing and/or forbidding Knowledge and class information；

The access control unit, for after the terminal receives the instruction that network issues, then being believed according to the service lists Breath or grade of service index information judge whether the business that the terminal to be initiated allows to access, when the terminal determination will be initiated Business allow access, then to the network originated traffic access request.

22. terminal device according to claim 21, which is characterized in that the access control unit is used for:

When the business that the terminal to be initiated is allowed in the service lists information, then judge what the terminal to be initiated Business allows to access；

Or when the business to be initiated of the terminal is the grade for belonging to permission in the grade of service index information, then institute is judged Stating the business that terminal to be initiated allows to access.

23. equipment according to claim 21, which is characterized in that the acquiring unit is specifically used for:

The terminal receives the service lists information configured by way of OMA DM by the network or described business etc. Grade index information.

24. equipment according to claim 21, which is characterized in that the acquiring unit is specifically used for:

The terminal receives the service lists information configured by way of NAS signaling by the network or described business etc. Grade index information.

25. equipment according to claim 21, which is characterized in that the acquiring unit is specifically used for:

26. according to the described in any item equipment of claim 21-25, which is characterized in that the access control unit is specifically used for:

After the terminal receives the instruction that the network issues, the Non-Access Stratum or access layer of the terminal are arranged according to the business Table information or grade of service index information judge whether the business that the terminal to be initiated allows to access.

27. according to the described in any item equipment of claim 21-26, which is characterized in that the equipment further include:

Unit is identified, for when the terminal judge that the business that terminal to be initiated allows access, then the terminal to be to the net Connection request message, the mark establishing in connectivity request message the business that carries and whether allowing are established in network initiation.

28. equipment according to claim 27, which is characterized in that the connectivity request message of establishing includes radio resource control RRC connection request message processed；Or

The connectivity request message of establishing includes NAS message.

29. equipment according to claim 21, which is characterized in that the access control unit is specifically used for:

30. equipment according to claim 29, which is characterized in that the access control unit is specifically used for:

After the terminal receives the instruction that the network issues, the terminal is believed by terminal firewall according to the service lists Breath or grade of service index information judge whether the business that the terminal to be initiated allows to access.

31. the equipment according to any one of claim 21 to 30, which is characterized in that be initiated when the terminal determination Business is not allow to access, and the access control unit is also used to forbid to the network originated traffic access request.

32. a kind of network element device, which is characterized in that the equipment includes:

Issuance unit issues instruction to the terminal for the network；

Wherein, the service lists information or grade of service index information judge whether the business that terminal to be initiated allows to access.

33. equipment according to claim 32, which is characterized in that the configuration unit is specifically used for:

The network configured by way of OMA DM the service lists information or the configuration service hierarchy index information to The terminal.

34. equipment according to claim 32, which is characterized in that the configuration unit is specifically used for:

35. equipment according to claim 32, which is characterized in that the configuration unit is specifically used for:

36. according to the described in any item equipment of claim 32-35, which is characterized in that the issuing unit is specifically used for:

37. equipment according to claim 36, which is characterized in that the equipment further include:

Processing unit establishes connection request message from terminal reception for the network, described to establish connection request message Whether middle carrying business allows the mark accessed；

38. the equipment according to claim 37, which is characterized in that the connection request message of establishing includes that RRC connection is asked Seek message.

39. the equipment according to claim 37, which is characterized in that the connection request message of establishing includes NAS message.

40. equipment according to claim 32, which is characterized in that the configuration unit is specifically used for:

41. equipment according to claim 40, which is characterized in that the issuing unit is specifically used for:

42. a kind of terminal device, which is characterized in that the equipment includes processor, communication interface, memory and bus；

The processor, for executing program；

The memory, for storing program, so that the terminal device executes the side as described in any in claims 1 to 10 Method.

43. a kind of network element device, which is characterized in that the network element device includes processor, communication interface, memory and bus:

The communication interface, for being communicated with terminal device；

The processor, for executing program；

The memory, for storing program, so that the network element device is executed as described in any in claim 11 to 20 Method.