CN110086839A

CN110086839A - A kind of dynamic access method and device of remote equipment

Info

Publication number: CN110086839A
Application number: CN201810077566.2A
Authority: CN
Inventors: 姚琦
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2018-01-26
Filing date: 2018-01-26
Publication date: 2019-08-02
Anticipated expiration: 2038-01-26
Also published as: WO2019144719A1; CN110086839B

Abstract

The application provides the dynamic access method and device of a kind of remote equipment.This method comprises: when terminal determines and does not record the MAC Address in data packet, determine that the corresponding remote equipment of the MAC Address is new remote equipment, it that is to say the remote equipment for not accessing the terminal, therefore, the terminal sends session modification request message to session management network element, and if terminal receive session management network element transmission be used to indicate the successful instruction message of session modification, terminal records the MAC Address.Hereby it is achieved that the remote equipment of dynamic application access is linked into the terminal, it is relatively more flexible.

Description

A kind of dynamic access method and device of remote equipment

Technical field

This application involves mobile communication technology field more particularly to the dynamic access methods and device of a kind of remote equipment.

Background technique

In Internet of Things communication scenes, terminal device may without network protocol (internet protocol, IP) Location mostly uses Ethernet double layered communication particularly with traditional industrial equipment.In the epoch of all things on earth interconnection, these equipment need Be connected with external network, carry out information exchange and communication, with realize to the Weigh sensor of article, positioning, tracking, monitoring and Management.In addition, family product and the amusement of the diet of the mankind are closely bound up, in recent years, smart home increasingly obtains the pass of people Note, every class family product may be from different vendor, using different standards, and there may be incompatible feelings for communication between each other Condition needs the terminal of a bridge mode to connect each remote equipment, realize hardware intelligentized updating and Intelligent hardware it Between interconnect.How each remote equipment subsequent for terminal, access and carry out data transmission, as what is primarily solved Problem.

The cut-in method for providing remote equipment at present will be linked into the remote of the terminal usually when terminal establishes session Each network element of the MAC Address authorized appropriation of end equipment into network, subsequent each network element are real based on the MAC Address that these are authorized Now to the forwarding or processing of the data packet of remote equipment or signaling.

Above scheme is only applicable to the fixed scene of remote equipment, is unable to the new remote equipment of dynamic access, thus not enough Flexibly.

Summary of the invention

The application provides the dynamic access method and device of a kind of remote equipment, and to realize, dynamic access is new at the terminal Remote equipment.

In a first aspect, the application provides a kind of dynamic access method of remote equipment, this method comprises: terminal reception comes from The data packet of remote equipment, include in the data packet remote equipment media access control (media access control, MAC) address；If terminal does not record the MAC Address, session modification request message is sent to session management network element, which repairs Changing request message includes the MAC Address；Terminal receives the instruction message from session management network element, which is used to indicate Session modification success；Terminal records the MAC Address.

When terminal, which determines, does not record the MAC Address in data packet, that is, determine that the corresponding remote equipment of the MAC Address is new Remote equipment, that is to say the remote equipment for not accessing the terminal, therefore, the terminal to session management network element send session modification Request message, for request modification session, and, if terminal receive session management network element transmission be used to indicate session modification Successful instruction message, then terminal records the MAC Address.Hereby it is achieved that the remote equipment of dynamic application access is linked into The terminal, it is relatively more flexible.

In one possible implementation, terminal records the MAC Address, comprising: MAC is added in MAC Address by terminal Address list, the MAC Address list include at least one MAC Address, and the corresponding remote equipment of a MAC Address, one remote End equipment corresponds at least one MAC Address.

In another possible implementation, terminal records the MAC Address, comprising: the mark of terminal record terminal With the corresponding relationship of MAC Address.

In another possible implementation, terminal records the MAC Address, comprising: terminal records remote equipment The corresponding relationship of mark and MAC Address.

Second aspect, the application provide a kind of dynamic access method of remote equipment, this method comprises: terminal reception comes from The data packet of remote equipment includes the MAC Address of remote equipment in the data packet；Terminal sends the data to user's veil member Packet；Terminal receives the instruction message from session management network element, and instruction message is used to indicate session modification success；Terminal record should MAC Address.

Terminal receives the data packet that remote equipment is sent, and sends data packets to user's veil member, when user's veil member Determine that then triggering session managed network element modifies session when not recording the MAC Address in data packet, if session management network element modifies meeting It talks about successfully, is then used to indicate the successful instruction message of session modification to terminal transmission, when terminal receives session management network element hair After the instruction message sent, then the MAC Address is recorded.Hereby it is achieved that the remote equipment of dynamic application access is linked into the end End, it is relatively more flexible.

In one possible implementation, terminal records MAC Address, comprising: MAC Address is added in MAC Address by terminal List, MAC Address list include at least one MAC Address, the corresponding remote equipment of a MAC Address, a remote equipment At least one corresponding MAC Address.

The third aspect, the application provide a kind of dynamic access method of remote equipment, this method comprises: firstly, session pipe It manages network element and receives the session modification request message for carrying out self terminal, session modification request message includes the mark of the session of terminal and remote The MAC Address of end equipment；Alternatively, session management network element receives the notification message from user's veil member, notification message includes eventually The mark of the session at end and the MAC Address of remote equipment, notification message is for notifying modification session；Then, session management network element Forward rule is generated according to MAC Address and the mark of session, and forward rule is sent to user's veil member.

The above method, when session management network element receives the session modification request message of terminal or receives user's veil member Notification message when, that is, can determine and need to modify meeting according to the MAC Address that carries in session modification request message or notification message The relevant information of words, then session management network element generates new forward rule according to MAC Address and the mark of session, and is sent to use Family veil member.The MAC Address of the remote equipment of dynamic application access is sent to corresponding network element to realize, such as user face Network element, in order to which the subsequent data packet that can be sent to the corresponding remote equipment of the MAC Address is handled, thus this method ratio Relatively flexibly.

In one possible implementation, session management network element generates forwarding rule according to MAC Address and the mark of session Then, comprising: session management network element generates forward rule according to the mark and MAC Address of the corresponding downlink tunnel of mark of session, The forward rule is the corresponding relationship of the mark of MAC Address and downlink tunnel.

It is above-mentioned to give a kind of specific implementation for generating forward rule, the fairly simple easy realization of which.

In one possible implementation, further comprise: the mark of session management network element recording conversation is corresponding The mark of downlink tunnel and the corresponding relationship of MAC Address.

In this way, session management network element can be managed the corresponding remote equipment of the MAC Address according to MAC Address.

In one possible implementation, further comprise: MAC Address is sent to tactful control by session management network element Network element processed.

In this way, policy control network element can be managed the corresponding remote equipment of the MAC Address according to MAC Address.

In one possible implementation, further comprise: session management network element sends to certificate server and authenticates Request message, authentication request message authenticate remote equipment for requesting；Session management network element, which receives, comes from authentication service The authentication response message of device, authentication response message, which is used to indicate, to be authenticated successfully.

The above method, session management network element also request certificate server to authenticate the corresponding remote equipment of MAC Address, It when only authenticating successfully, just determines and accesses the remote equipment and record the MAC Address, thus be conducive to be promoted safety when communication Property.

In one possible implementation, authentication request message includes MAC Address, and MAC Address is used for remote equipment It is authenticated；Alternatively, if session modification request message include remote equipment mark or notification message include remote equipment mark Know, then authentication request message includes the mark of MAC Address and remote equipment, and the mark of remote equipment is for carrying out remote equipment Certification.

It is presented above two kinds of authentication methods, a kind of mode is to authenticate using MAC Address to remote equipment, another Mode is to be authenticated using the mark of remote equipment to remote equipment, can select one kind according to the actual situation, relatively more flexible.

Fourth aspect, the application provide a kind of dynamic access method of remote equipment, this method comprises: session management network element The session modification request message for carrying out self terminal is received, session modification request message includes the mark and remote equipment of the session of terminal MAC address；Alternatively, session management network element receives the notification message from user's veil member, notification message The mark of session including terminal and the MAC Address of remote equipment, notification message is for notifying modification session；Session management network element Instruction message is sent to terminal, instruction message is used to indicate session modification success.

Disappear when session management network element receives the session modification request message of terminal or receives the notice of user's veil member When breath, that is, it can determine the correlation needed according to the MAC Address modification session carried in session modification request message or notification message Information, further, session management network element send instruction message to terminal, session modification success are used to indicate, so that terminal can The MAC Address is recorded, hereby it is achieved that the remote equipment of dynamic application access is linked into the terminal, thus this method compares Flexibly.

5th aspect, the application provides a kind of dynamic access method of remote equipment, this method comprises: session management network element The session modification request message for carrying out self terminal is received, session modification request message includes the mark and remote equipment of the session of terminal MAC address；Alternatively, session management network element receives the notification message from user's veil member, notification message The mark of session including terminal and the MAC Address of remote equipment, notification message is for notifying modification session；Session management network element Authentication request message is sent to certificate server, authentication request message authenticates remote equipment for requesting；Session management Network element receives the authentication response message from certificate server, and authentication response message, which is used to indicate, to be authenticated successfully；Session management net Member generates forward rule according to the mark and MAC Address of the corresponding downlink tunnel of mark of session.

Disappear when session management network element receives the session modification request message of terminal or receives the notice of user's veil member When breath, that is, it can determine the correlation needed according to the MAC Address modification session carried in session modification request message or notification message Information, then session management network element request certificate server authenticates the corresponding remote equipment of the MAC Address, if certification is logical It crosses, then session management network element generates new forward rule according to MAC Address and the mark of session, and is sent to user's veil member. The MAC Address of the remote equipment of dynamic application access is sent to corresponding network element to realize, if user's veil is first, so as to The data packet that the corresponding remote equipment of the MAC Address sends or receives can be handled in subsequent, thus it is relatively more flexible.

In one possible implementation, session management network element generates forwarding rule according to MAC Address and the mark of session Then, comprising: session management network element generates forward rule according to the mark and MAC Address of the corresponding downlink tunnel of mark of session, Forward rule is the corresponding relationship of the mark of MAC Address and downlink tunnel.

It is presented above two kinds of authentication methods, a kind of mode is to authenticate using MAC Address to remote equipment, another Mode is to be authenticated using the mark of remote equipment to remote equipment, can select one kind according to the actual situation.

6th aspect, the application provide a kind of dynamic access method of remote equipment, this method comprises: user's veil member is logical It crosses uplink tunnel and receives the data packet for carrying out self terminal, include the MAC address of remote equipment in data packet；User Veil member determines terminal according to the mark corresponding relationship of the session of the mark of uplink tunnel and the mark of uplink tunnel and terminal Session mark；If user's veil member does not record MAC Address, send a notification message to session management network element, notification message Mark including MAC Address and session, notification message is for notifying modification session；User's veil member is received from session management The forward rule of network element, forward rule are the mark of the corresponding downlink tunnel of mark of session and the corresponding relationship of MAC Address.

In one possible implementation, further includes: user's veil member determines the corresponding downlink tunnel of the mark of session The associated MAC Address of mark in, do not record the MAC Address in above-mentioned data packet.

That is, mark of user's veil member according to session, determines the mark of the corresponding downlink tunnel of mark of session；According to The mark of downlink tunnel determines the associated MAC Address of the mark of the downlink tunnel, then judges the mark association of the downlink tunnel MAC Address in whether include in the data packet MAC Address that carries show that user's veil member has recorded the data if including MAC Address in packet shows that user's veil member does not record the MAC Address in the data packet if not including.

7th aspect, the application provide a kind of device, which can be terminal, be also possible to chip.The device has Realize the function of each embodiment of above-mentioned first aspect.The function can also execute phase by hardware by hardware realization The software realization answered.The hardware or software include one or more modules corresponding with above-mentioned function.

Eighth aspect, the application provide a kind of device, comprising: processor and memory；The memory for storing instruction, When the apparatus is operative, which executes the instruction of memory storage so that the device execute above-mentioned first aspect or The dynamic access method of remote equipment in any implementation method of first aspect.It should be noted that the memory can collect At in processor, it is also possible to independently of except processor.

9th aspect, the application provide a kind of device, which includes processor, and the processor is used for and memory coupling It closes, and reads the instruction in memory and execute any implementation method of above-mentioned first aspect or first aspect according to described instruction In remote equipment dynamic access method.

Tenth aspect, the application provide a kind of device, which can be terminal, be also possible to chip.The device has Realize the function of each embodiment of above-mentioned second aspect.The function can also execute phase by hardware by hardware realization The software realization answered.The hardware or software include one or more modules corresponding with above-mentioned function.

Tenth on the one hand, and the application provides a kind of device, comprising: processor and memory；The memory refers to for storing It enables, when the apparatus is operative, which executes the instruction of memory storage, so that the device executes above-mentioned second aspect Or the dynamic access method of the remote equipment in any implementation method of second aspect.It should be noted that the memory can be with It is integrated in processor, is also possible to independently of except processor.

12nd aspect, the application provide a kind of device, which includes processor, and the processor is used for and memory Coupling, and read the instruction in memory and execute any realization side of above-mentioned second aspect or second aspect according to described instruction The dynamic access method of remote equipment in method.

13rd aspect, the application provide a kind of device, which can be session management network element, be also possible to chip. The device has the function of realizing each embodiment of the above-mentioned third aspect.The function can also be passed through by hardware realization Hardware executes corresponding software realization.The hardware or software include one or more modules corresponding with above-mentioned function.

Fourteenth aspect, the application provide a kind of device, comprising: processor and memory；The memory refers to for storing It enables, when the apparatus is operative, which executes the instruction of memory storage, so that the device executes the above-mentioned third aspect Or the dynamic access method of the remote equipment in any implementation method of the third aspect.It should be noted that the memory can be with It is integrated in processor, is also possible to independently of except processor.

15th aspect, the application provide a kind of device, which includes processor, and the processor is used for and memory Coupling, and read the instruction in memory and execute any realization side of the above-mentioned third aspect or the third aspect according to described instruction The dynamic access method of remote equipment in method.

16th aspect, the application provide a kind of device, which can be session management network element, be also possible to chip. The device has the function of realizing each embodiment of above-mentioned fourth aspect.The function can also be passed through by hardware realization Hardware executes corresponding software realization.The hardware or software include one or more modules corresponding with above-mentioned function.

17th aspect, the application provide a kind of device, comprising: processor and memory；The memory refers to for storing It enables, when the apparatus is operative, which executes the instruction of memory storage, so that the device executes above-mentioned fourth aspect Or the dynamic access method of the remote equipment in any implementation method of fourth aspect.It should be noted that the memory can be with It is integrated in processor, is also possible to independently of except processor.

18th aspect, the application provide a kind of device, which includes processor, and the processor is used for and memory Coupling, and read the instruction in memory and execute any realization side of above-mentioned fourth aspect or fourth aspect according to described instruction The dynamic access method of remote equipment in method.

19th aspect, the application provide a kind of device, which can be session management network element, be also possible to chip. The device has the function of realizing each embodiment of above-mentioned 5th aspect.The function can also be passed through by hardware realization Hardware executes corresponding software realization.The hardware or software include one or more modules corresponding with above-mentioned function.

20th aspect, the application provide a kind of device, comprising: processor and memory；The memory refers to for storing It enables, when the apparatus is operative, which executes the instruction of memory storage, so that the device executes above-mentioned 5th aspect Or the dynamic access method of the remote equipment in any implementation method in terms of the 5th.It should be noted that the memory can be with It is integrated in processor, is also possible to independently of except processor.

20th on the one hand, and the application provides a kind of device, which includes processor, and the processor is used for and storage Device coupling, and read the instruction in memory and execute any realization of above-mentioned 5th aspect or the 5th aspect according to described instruction The dynamic access method of remote equipment in method.

22nd aspect, the application provide a kind of device, which can be user's veil member, are also possible to chip. The device has the function of realizing each embodiment of above-mentioned 6th aspect.The function can also be passed through by hardware realization Hardware executes corresponding software realization.The hardware or software include one or more modules corresponding with above-mentioned function.

23rd aspect, the application provide a kind of device, comprising: processor and memory；The memory is for storing Instruction, when the apparatus is operative, the processor execute the instruction of memory storage, so that the device executes above-mentioned 6th side The dynamic access method of remote equipment in any implementation method of face or the 6th aspect.It should be noted that the memory can To be integrated in processor, it is also possible to independently of except processor.

Twenty-fourth aspect, the application provide a kind of device, which includes processor, and the processor is used for and storage Device coupling, and read the instruction in memory and execute any realization of above-mentioned 6th aspect or the 6th aspect according to described instruction The dynamic access method of remote equipment in method.

25th aspect, the application also provide a kind of system, which includes session management network element, the session management Network element can be used for executing times of the above-mentioned third aspect, fourth aspect, the 5th aspect and the third aspect, fourth aspect, the 5th aspect The step of being executed in one method by session management network element.In a possible design, the system can also include user face Network element, user's veil member can be used for executing in either above-mentioned 6th aspect and the 6th aspect method or the present invention is implemented The step of being executed in the scheme that example provides by user's veil member.In a possible design, which can also include this hair The other equipment interacted in the scheme that bright embodiment provides with the session management network element and/or user's veil member, such as eventually End, etc..

26th aspect, the application also provide a kind of computer readable storage medium, the computer-readable storage medium Program or instruction are stored in matter, when run on a computer, so that computer executes method described in above-mentioned various aspects.

27th aspect, the application also provides a kind of computer program product including instruction, when its on computers When operation, so that computer executes method described in above-mentioned various aspects.

These aspects or other aspects of the application can more straightforward in the following description.

Detailed description of the invention

Fig. 1 (a) is a kind of possible network architecture schematic diagram provided by the present application；

Fig. 1 (b) is another possible network architecture schematic diagram provided by the present application；

Fig. 2 is a kind of dynamic access method schematic diagram of remote equipment provided by the present application；

Fig. 3 is the dynamic access method schematic diagram of another remote equipment provided by the present application；

Fig. 4 is a kind of schematic device provided by the present application；

Fig. 5 is another schematic device provided by the present application；

Fig. 6 is another schematic device provided by the present application；

Fig. 7 is a kind of terminal schematic diagram provided by the present application；

Fig. 8 is another schematic device provided by the present application.

Specific embodiment

In order to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application make into One step it is described in detail.Concrete operation method in embodiment of the method also can be applied to Installation practice or system embodiment In.Wherein, in the description of the present application, unless otherwise indicated, the meaning of " plurality " is two or more, the meaning of "/" For "or".

The network architecture and business scenario of the embodiment of the present application description are to more clearly illustrate that the application is implemented The technical solution of example, does not constitute the restriction for technical solution provided by the embodiments of the present application, those of ordinary skill in the art It is found that technical solution provided by the embodiments of the present application is for similar with the differentiation of the network architecture and the appearance of new business scene The technical issues of, it is equally applicable.

It is a kind of possible network architecture schematic diagram that the application is applicable in as shown in Fig. 1 (a).The network architecture includes meeting Talk about managed network element and user's veil member.Optionally, which further includes terminal.Further, which can be with Including remote equipment.

Wherein, session management network element, the session management being mainly used in mobile network, such as session establishment, modification, release. Concrete function for example user distributes IP address, selection provides user plane functions network element of message forwarding capability etc..In 5G, session Managed network element can be conversation management functional (session management function, SMF) network element, certainly, logical in future Letter, as in the 6th generation network (6th generation, 6G), session management network element still can be SMF network element, or have other names Claim, the application is without limitation.

User's veil member, is mainly responsible for and handles user's message, such as forwarding, charging.In 5G, network slice choosing Selecting network element can be user plane functions (user plane function, UPF) network element, certainly, in future communications, in 6G, use Family veil member still can be UPF network element, or have other titles, and the application is without limitation.

Terminal is a kind of equipment with relay capabilities, such as can be trunk subscriber equipment (relay user Equipment, relay UE), bridged subscriber's equipment (bridge user equipment, bridge UE) etc..

Remote equipment can be linked into network by the terminal with relay capabilities, such as can be remote user equipment (remote user equipment, remote UE) etc..

The application, based on the network architecture shown in Fig. 1 (a), it can be achieved that the dynamic access of remote equipment specifically will be remote End equipment is linked into terminal and core net.Specifically, the session management network element in the application, user's veil member can have following Function.

Firstly, session management network element receives the session modification request message for carrying out self terminal, session modification request message includes The mark of the session of terminal and the MAC Address of remote equipment；Alternatively, session management network element receives the notice from user's veil member Message, notification message include the mark of the session of terminal and the MAC Address of remote equipment, and notification message is for notifying modification meeting Words；Then, session management network element generates forward rule according to MAC Address and the mark of session, and forward rule is sent to use Family veil member.

Disappear when session management network element receives the session modification request message of terminal or receives the notice of user's veil member When breath, that is, it can determine the correlation needed according to the MAC Address modification session carried in session modification request message or notification message Information, then session management network element generates new forward rule according to MAC Address and the mark of session, and is sent to user's veil Member.The MAC Address of the remote equipment of dynamic application access is sent to corresponding network element to realize, if user's veil is first, The data packet that the corresponding remote equipment of the MAC Address sends or receives can be handled in order to subsequent, thus it is cleverer It is living.

User's veil member includes remote equipment in data packet for receiving the data packet come self terminal by uplink tunnel MAC address；According to the mark pair of the session of the mark of uplink tunnel and the mark and terminal of uplink tunnel It should be related to, determine the mark of the session of terminal；If user's veil member does not record MAC Address, sent to session management network element logical Know message, notification message includes the mark of MAC Address and session, and notification message is for notifying modification session；Receiving will The forward rule of managed network element is talked about, forward rule is that the mark of the corresponding downlink tunnel of mark of session is corresponding with MAC Address Relationship.

It is another possible network architecture schematic diagram provided by the present application as shown in Fig. 1 (b).The network architecture be On the basis of the network architecture shown in Fig. 1 (a), the other network elements in part are increased.

In Fig. 1 (b), SMF network element and UPF network element are respectively session management network element shown in Fig. 1 (a) and user's veil member One specific example.Also, 4 remote equipments, respectively remote equipment 1, remote equipment are illustratively given in Fig. 1 (b) 2, remote equipment 3 and remote equipment 4.Wherein, remote equipment 1- remote equipment 3 is the fixed remote equipment for being linked into terminal, i.e., It is accessed during terminal establishes session, and remote equipment 4 needs dynamic access, that is, being to establish meeting in terminal The remote equipment that dynamic requests access after words.The application mainly introduces the method for 4 dynamic access of remote equipment.

Further, further include following network element in Fig. 1 (b):

Mobile management network element, the mobile management being mainly used in mobile network, such as user position update, user's registration Network or user's switching etc..In 5G, mobile management network element can be access and mobile management function to ps domain (access and Mobility management function, AMF) network element, in future communications, in 6G, mobile management network element still can be with It is AMF network element, or there are other titles, the application is not construed as limiting this.With mobile management network element for AMF network element in Fig. 1 (b) For be illustrated.

Policy control network element, including user contracting data management function, policy control functions, charging policy control function, Or service quality (quality of service, QoS) control etc..In 5G, policy control network element can be policy control function Energy (policy control function, PCF) network element, in future communications such as 6G, policy control network element still can be PCF Network element, or have other titles, the application is without limitation.It is said so that policy control network element is PCF network element as an example in Fig. 1 (b) It is bright.

Wireless access network (RAN, Radio Access Network) equipment is that one kind for terminal provides wireless communication function Equipment, including but not limited to: next-generation base station (next generation node B, gNB), radio network controller (radio network controller, RNC), base station controller (base station controller, BSC), base station are received Platform (base transceiver station, BTS), Home eNodeB are sent out (for example, home evolved nodeB or home Node B, HNB), Base Band Unit (baseband unit, BBU), transfer point (transmitting and receiving Point, TRP), launch point (transmitting point, TP), mobile switching centre etc..Base station in the application can be with Be the future may appear other communication systems in for terminal provide the equipment of wireless communication function.

Certificate server is a kind of physical entity or logic unit with authentication capability.For example, with certification in Fig. 1 (b) Server is data network authentication and authorization charging (data network-authentication, authorization and Accounting, DN-AAA) it is illustrated for server.DN-AAA server can be deployed in the network of operator deployment It is interior, it can also independently be deployed in outer data network.

It is understood that above-mentioned each network element is either network element in hardware device, is also possible to dedicated hard The virtualization instantiated on runs software function or platform (for example, cloud platform) on part.

For convenience of description, the application it is subsequent with session management network element be SMF network element, user's veil member be UPF network element, strategy Network element is controlled to be illustrated for PCF network element.Also, for convenience of description, further, by SMF network element, UPF network element, PCF Network element is briefly referred to as SMF, UPF, PCF.SMF, UPF and the PCF anywhere described in subsequent embodiment, respectively can be with Replace with session management network element, user's veil member and policy control network element.

Below with reference to Fig. 1 (a) and Fig. 1 (b), the dynamic access method of remote equipment provided by the present application is illustrated.

As shown in Fig. 2, being a kind of dynamic access method schematic diagram of remote equipment provided by the present application.This method include with Lower step:

Step 201, remote equipment sends data packet to terminal, and correspondingly, terminal receives the data packet from remote equipment.

It include the MAC Address of remote equipment in data packet.

In the application, after reception of the data packet, there are two types of processing modes, wherein the first processing mode pair for terminal Following step 202a is answered, second of processing mode corresponds to following step 202b.That is, can from step 202a and step 202b this Alternative in two kinds of processing modes.Also, if step 202b is executed, it can also need to be implemented step 202c.

That is, the application will execute step 202a, or execute step 202b- step 202c.

Step 202a, terminal then send session modification request to SMF and disappear if it is determined that do not record the MAC Address in data packet Breath, correspondingly, SMF receive the session modification request message for carrying out self terminal.

Terminal can get the remote equipment after the data packet for receiving remote equipment transmission from data packet MAC Address, and judge whether to have recorded the MAC Address.

Wherein, the mode of terminal record MAC Address, can be the corresponding relationship of the mark and MAC Address that record the terminal. Further, if there is multiple MAC Address in terminal, terminal can also generate an associated MAC Address list, then record Corresponding relationship between MAC Address list and the mark of the terminal.

Below in table form, the method for terminal record MAC Address is illustrated.It should be noted that actually answering In, however it is not limited to record MAC Address in table form.

The mark of terminal	MAC Address	The mark of session
			Termination ID 1	MAC1	Session id 1
Termination ID 1	MAC2	Session id 1
			Termination ID 1	MAC3	Session id 1

The MAC Address of table 1-1 terminal record

Referring to table 1-1, it is assumed that terminal is identified as Termination ID 1, and the MAC Address list of terminal record is currently included MAC1, MAC2 and MAC3, wherein MAC1 is the MAC Address of remote equipment 1, MAC2 is the MAC Address of remote equipment 2, MAC3 is The MAC Address of remote equipment 3.That is the corresponding remote equipment of a MAC Address, at this point, MAC Address can be also used for uniquely marking Know a remote equipment.

It is, of course, also possible to be that a remote equipment corresponds to multiple MAC Address, for example, MAC1 and MAC2 is in above-mentioned table 1-1 The MAC Address of remote equipment 1, MAC3 are the MAC Address of remote equipment 2, then in this case, MAC Address cannot be used for uniquely Identify a remote equipment.At this point it is possible to other marks, for example the mark of remote equipment is come one distal end of unique identification and is set It is standby.It should be noted that the available mark to remote equipment of terminal, gets terminal the side of the mark of remote equipment Method, the application is without limitation.

By taking table 1-1 as an example, the MAC Address of terminal current record includes MAC1, MAC2 and MAC3, show MAC1, MAC2 and The corresponding remote equipment of MAC3 has already accessed to terminal.

Further, the mark of the corresponding session of MAC1, MAC2 and MAC3 can also be recorded.Since terminal receives After the data packet that remote equipment is sent, need that the data packet is sent to UPF by the tunnel in user face by some session, because This, needs to record the corresponding relationship of the mark of MAC Address and session.For example, reference table 1-1, since the corresponding session of MAC1 is Session id 1, therefore, after the data packet incoming terminal that remote equipment 1 is sent, then terminal will be by the corresponding session of session id 1, will The data packet is sent to UPF.Wherein the mark of session is also possible to the other information mapped one by one with the session, such as the session Corresponding tunnel information.It should be noted that if the session of only one in terminal, then can not also record the mark of respective session Know.

Further, the mark of the corresponding remote equipment of each MAC Address can also be recorded, such as can be above-mentioned A column are further added by table 1-1, for recording the mark of the corresponding remote equipment of MAC Address, for example, the corresponding distal end MAC1 is set Standby 1 mark, MAC2 correspond to the mark of remote equipment 2, and MAC3 corresponds to the mark of remote equipment 3.

It should be noted that can establish multiple sessions in the application, in terminal, each session can correspond to one or more A MAC Address, the corresponding remote equipment of a MAC Address.The application is that MAC Address binds corresponding session for terminal Mode without limitation, such as can be according to the current quantity of associated MAC Address etc. of the current load of session, session Factor binds a suitable session for MAC Address.

It should be noted that can also be corresponding between the mark of a recording conversation and MAC Address in above-mentioned table 1-1 Relationship does not record the corresponding relationship with the mark of terminal.In i.e. above-mentioned table 1-1, the mark of terminal can not be recorded.

For example, the remote equipment for sending data packet to terminal is remote equipment 4, the remote equipment 4 in above-mentioned steps 201 MAC Address be MAC4, then remote equipment 4 send data packet in include MAC4.

After terminal receives the data packet of the transmission of remote equipment 4, MAC4 can be got from data packet, and judge terminal Whether the MAC Address 4 is had recorded.

For example, can search whether to have recorded MAC4 from above-mentioned table 1-1, due to not recording the MAC4 in the table 1, because This, terminal can determine the MAC4 not recorded in data packet, and then can determine that the remote equipment 4 is that a new distal end is set Standby, i.e., one new request is linked into the remote equipment of terminal.

When terminal, which determines, does not record the MAC4, terminal can bind a corresponding session, example for the remote equipment 4 Such as, it is also the corresponding session of session id 1 that terminal, which is the session that remote equipment 4 is bound, (session is properly termed as session 1).

Further, terminal sends session modification request message to SMF, includes terminal in the session modification request message The mark of session and the MAC Address of remote equipment.For example, including session id 1 and MAC4 in the session modification request message.

The session modification request message is for requesting modification session, namely the information for requesting modification session.Wherein, meeting The information of words includes the information such as the corresponding MAC Address of session.It is to be understood that the session modification request message will trigger SMF pairs The corresponding remote equipment of new MAC Address is verified, and judges whether to record the new MAC Address.

As another implementation, it can also be and do not execute above-mentioned steps 202a, but execute following step 202b- step Rapid 202c.

Step 202b, terminal by RAN equipment to UPF send data packet, correspondingly, UPF by uplink tunnel reception come The data packet of self terminal.

After terminal receives the data packet of remote equipment transmission, then the data packet is sent to by UPF by RAN equipment, It is to be understood that terminal sends data packet to UPF by the tunnel in user face.Specifically, terminal first sends data to RAN equipment Packet, then RAN equipment sends data packets to UPF by some uplink tunnel.Wherein, the side of RAN equipment selection uplink tunnel Formula can be according to the session that terminal is MAC Address binding and select corresponding uplink tunnel.

For the example shown in the table 1-1, for terminal in establishing the process of session 1 described in table 1-1, SMF or UPF are should Session is assigned with uplink tunnel resource, and the mark of IP address and tunnel including UPF is (for example, Tunnel End Point Identifier (tunnel Endpoint identifier, TEID)), and the uplink tunnel resource of distribution is sent to RAN equipment.To in RAN equipment Have recorded the corresponding relationship between the mark of session and uplink tunnel resource.

Terminal in establishing the process of session 1 described in table 1-1, RAN equipment can save air interface transmission channel (terminal with Transmission channel between RAN equipment) and uplink tunnel resource between mapping relations, therefore, terminal to RAN equipment send data Bao Shi, RAN equipment can determine corresponding uplink tunnel according to air interface transmission channel, will then by determining uplink tunnel Data packet is sent to UPF.

Step 202c, UPF are then sent a notification message to SMF if it is determined that do not record the MAC Address, and correspondingly, SMF is received Notification message from UPF.

After UPF receives data packet by uplink tunnel, the MAC Address in data packet is obtained, and judge whether remember in UPF The MAC Address is recorded.

As a kind of implementation, UPF can search whether to have recorded this directly from the MAC Address list that UPF is recorded MAC Address.For example, UPF can successively search whether to have recorded the MAC Address with the MAC Address list of traversal record.

As another implementation, UPF can determine the uplink according to the mark for the uplink tunnel for sending the data packet The mark of the corresponding downlink tunnel of mark in tunnel, then judges in the corresponding MAC Address of the mark of the downlink tunnel, if packet Include the MAC Address in the data packet.Wherein, the resource of downlink tunnel is to be distributed in establishing conversation procedure by RAN equipment, The resource of downlink tunnel includes the IP address of RAN equipment and the mark (for example, TEID) in tunnel.Also, under the distribution of RAN equipment The resource in row tunnel can be sent to SMF and UPF.It is to be understood that the corresponding tunnel of a session, which includes uplink tunnel Road and downlink tunnel, wherein uplink tunnel can be indicated that the resource of uplink tunnel includes UPF with the mark of uplink tunnel IP address and uplink tunnel mark；Correspondingly, downlink tunnel can be indicated with the mark of downlink tunnel, downlink tunnel Resource include the IP address of RAN equipment and the mark of downlink tunnel.

By taking the example of above-mentioned table 1-1 as an example, terminal corresponds to MAC1, MAC2 and MAC3 during establishing session 1 Session id 1 has recorded the mark of the corresponding downlink tunnel of the session then during the session establishment in UPF, with MAC Address Corresponding relationship.For example, in table form, reference table 2-1, for the mark of downlink tunnel recorded in UPF and MAC The corresponding relationship of location.

MAC Address	The mark of downlink tunnel
		MAC1	Downlink tunnel mark 1
MAC2	Downlink tunnel mark 1
		MAC3	Downlink tunnel mark 1

The corresponding relationship of the mark of the MAC Address and downlink tunnel of table 2-1 UPF record

Reference table 2-1, it is assumed that the data packet that terminal is sent includes MAC4, then UPF judges whether to have recorded in data packet The method of MAC4 are as follows: UPF sends the mark of the uplink tunnel of data packet according to RAN equipment, determines that the mark of uplink tunnel is corresponding Downlink tunnel mark, for example, downlink tunnel mark 1.Then according to downlink tunnel mark 1, corresponding MAC Address is determined: MAC1, MAC2 and MAC3.Due to wherein not including MAC4, thus UPF determination does not record MAC4.

Above-mentioned implementation, UPF determining Section MAC address first from all MAC Address of record, part MAC It may include the MAC Address in data packet in location, then further judge in the Section MAC address whether to include in data packet MAC Address.

Using any mode in above two mode, UPF is not if it is determined that record the MAC Address in the data packet, then Send a notification message to SMF, notification message include session mark and above-mentioned MAC Address.

The notification message is for notifying modification session, it is understood that is that the notification message is used to notify modification session Information, or it is to be understood that the notification message can be used for triggering SMF verifies to the corresponding remote equipment of the MAC Address.

According to above-mentioned steps 202a, then can be understood as triggering SMF by control plane, to verify the MAC Address corresponding remote End equipment.According to above-mentioned steps 202b- step 202c, then it is understood that triggering SMF by user face verifies the MAC Address pair The remote equipment answered.

Optionally, as a kind of implementation, SMF receives the session modification request message of terminal transmission or UPF is sent Notification message after, SMF verifies the corresponding remote equipment of the MAC Address by certificate server.Execute following steps Rapid 203- step 204.

Optionally, as another implementation, SMF receives the session modification request message or UPF hair of terminal transmission After the notification message sent, the corresponding remote equipment of the MAC Address can not also be verified, i.e. SMF can default the distal end Equipment is legal.Then in the implementation, do not need to execute following step 203- step 204.

Further, optionally, SMF can also judge locally whether have recorded the MAC Address.Wherein, if SMF locally remembers The MAC Address is recorded, then it is new MAC Address that SMF, which determines the MAC Address not, then terminates process.If SMF does not locally record this MAC Address, then SMF determines that the MAC Address is new MAC Address, then SMF continues follow-up process, such as executes step 203- step Rapid 209, or execute step 205- step 209.

If executing step 203- step 204:

Step 203, SMF sends authentication request message to certificate server, and correspondingly, certificate server, which receives, comes from SMF Authentication request message.

Authentication request message authenticates remote equipment for requesting.

MAC can be used since a MAC Address is assigned to only a remote equipment as a kind of implementation Address identifies a remote equipment.It then may include MAC Address in above-mentioned authentication request message, certificate server can be by this MAC Address verifies the corresponding remote equipment of the MAC Address.Such as a certification letter can be sent to the remote equipment Cease (such as identifying code), when certificate server receive remote equipment reply correct authentication information, then be proved to be successful.It is no Then, authentification failure.

It, can be with if carrying out one remote equipment of unique identification using the mark of remote equipment as another implementation The mark of MAC Address and remote equipment is carried in above-mentioned authentication request message, the mark of the remote equipment is for remote equipment It is authenticated.Certificate server can verify the remote equipment by the mark of the remote equipment.Such as it can be to this Remote equipment sends an authentication information (such as identifying code), when certificate server receives correctly recognizing for remote equipment reply Information is demonstrate,proved, then is proved to be successful.Otherwise, authentification failure.Wherein, the mark of the remote equipment can be carried by session modification request It is sent to SMF in message, or is carried by notification message and is sent to SMF.

Step 204, certificate server sends authentication response message to SMF, and correspondingly, SMF, which is received, comes from certificate server Authentication response message.

If certificate server sends authentication response message, the authentication response message to terminal device authentication success, to SMF It is used to indicate and authenticates successfully.

Optionally, MAC Address is also carried in the authentication response message, which is to authenticate to ask in above-mentioned steps 203 Seek the MAC Address carried in message.

Step 203- step 204 is optional.SMF can also be carried out step 205 after receiving 202c notification message. It is by certificate server to terminal device authentication success if performing above-mentioned steps 203- step 204.If being not carried out above-mentioned Step 203- step 204, it is believed that it is believable that SMF, which defaults the remote equipment,.

Step 205, SMF sends instruction message to terminal, and correspondingly, terminal receives the instruction message from SMF.

Instruction message is used to indicate session modification success.

Step 206, terminal records the MAC Address.

Terminal records the mode of the MAC Address are as follows: MAC Address is added to associated MAC Address list by terminal, associated MAC Address list includes at least one MAC Address, and a MAC Address corresponds to a remote equipment, and a remote equipment is corresponding extremely A few MAC Address.Alternatively, the mark of terminal record terminal and the corresponding relationship of MAC Address.Alternatively, can be such as table 1-1 institute Show, new MAC Address is added to above-mentioned table 1-1.

For example, if new MAC Address is MAC4, and the session of MAC4 binding is also session id 1, then the MAC4 is added To after table 1-1, table 1-2 is obtained.

The mark of terminal	MAC Address	The mark of session
			Termination ID 1	MAC1	Session id 1
Termination ID 1	MAC2	Session id 1
			Termination ID 1	MAC3	Session id 1
Termination ID 1	MAC4	Session id 1

The MAC Address of table 1-2 terminal record

201, step 202a, step 205 and step 206 through the above steps, when terminal determination does not record in data packet When MAC Address, that is, determines that the corresponding remote equipment of the MAC Address is new remote equipment, that is to say and do not access the remote of the terminal End equipment, therefore, the terminal send session modification request message to session management network element, for requesting modification session, then session Managed network element modifies the relevant information of session according to the MAC Address after receiving the session modification request message, and notifies end End records the MAC Address.Hereby it is achieved that the remote equipment of dynamic application access is linked into the terminal, it is relatively more flexible.

Alternatively, 201, step 202b, step 202c, step 205 and step 206 through the above steps, terminal is by the data Packet is sent to user's veil member, and when user's veil member, which determines, does not record the MAC Address in data packet, then user's veil member triggers Session management network element modifies the relevant information of session according to the MAC Address, and terminal is notified to record the MAC Address.Hereby it is achieved that The remote equipment of dynamic application access is linked into the terminal, it is relatively more flexible.

Step 207, SMF records the corresponding relationship between the MAC Address and the mark of session.

As a kind of implementation, SMF records the corresponding relationship between the MAC Address and the mark of session, specifically: The mark of the corresponding downlink tunnel of mark of SMF recording conversation and the corresponding relationship of MAC Address.

For example, the mode of SMF record MAC Address, it is identical can to record the mode of MAC Address with UPF.By taking table 2-1 as an example, The information of above-mentioned table 2-1 is then also had recorded in SMF.If the data packet terminal MAC address in above steps is MAC4, SMF After recording the MAC4, table 2-2 is obtained.

MAC Address	The mark of downlink tunnel
		MAC1	Downlink tunnel mark 1
MAC2	Downlink tunnel mark 1
		MAC3	Downlink tunnel mark 1
MAC4	Downlink tunnel mark 1

The corresponding relationship of the mark of the MAC Address and downlink tunnel of table 2-2 SMF record

Further, can with the following steps are included:

Step 208, SMF generates forward rule according to MAC Address and the mark of session, and forward rule is sent to UPF, Correspondingly, UPF receives the forward rule from SMF.

As a kind of implementation, which can be the mark and MAC of the corresponding downlink tunnel of mark of session The corresponding relationship of address.Therefore, if the data packet terminal MAC address in above steps is MAC4, SMF is sent to UPF Forward rule is that (1) MAC4, downlink tunnel identify.After UPF receives the forward rule, the forward rule is stored.

As an example, if UPF is the corresponding relationship for recording the mark of MAC Address and downlink tunnel in a manner of table 2-1, After UPF receives forward rule, above-mentioned table 2-1 can be updated according to the forward rule, obtain table 2-2 as shown above.

Further, can with the following steps are included:

Step 209, MAC Address is sent to PCF by SMF.

Wherein, it can recorde pair between MAC Address and the information (such as identification information or address information) of SMF on PCF It should be related to.

It should be noted that not having stringent to execute sequence between step 205- step 209 in the above method.Specifically Ground, step 205, step 207, step 208, the sequence between step 209 can be arbitrary, and for step 206, as long as It executes after step 205.

By the above method provided by the present application, it can be achieved that the dynamic access of remote equipment, thus provide it is a kind of more Flexible communication means.

A specific embodiment is given below, the dynamic access method of said distal ends equipment is illustrated.

As shown in figure 3, being the dynamic access method schematic diagram of another remote equipment provided by the present application.As an example, The MAC Address of remote equipment 1 is MAC1, and the MAC Address of remote equipment 2 is MAC2, and the MAC Address of remote equipment 3 is MAC3, far The MAC Address of end equipment 4 is MAC4.And remote equipment 1, remote equipment 2 and remote equipment 3 are to establish the process of session in terminal Middle access, and remote equipment 4 is then that dynamic requests access.

Further, be pre-configured in DN-AAA (a kind of specific example that DN-AAA is certificate server) (such as can To be human configuration) mark of remote equipment 1, remote equipment 2 and the MAC Address of remote equipment 3 and the corresponding terminal of MAC Address Know.For example, the information recorded on DN-AAA are as follows: (mark of terminal, MAC1, MAC2, MAC3).

This method includes three parts, and wherein first part is the access of remote equipment 1, remote equipment 2 and remote equipment 3 Journey includes the steps that following 1- steps 4；Second part is the dynamic access process of remote equipment 4, includes the steps that following 5- steps Rapid 10d；Part III is the normal process flow of uplink and downlink data packet, includes the steps that following 11- steps 15.

Firstly, introduce in the process for establishing session, terminal and each network element record MAC Address (MAC1, MAC2 and MAC3 process).

Step 1, terminal sends session establishment request message to AMF, and correspondingly, AMF receives the session establishment for carrying out self terminal Request message.

The mark of carried terminal in the session establishment request message, the mark (such as protocol Data Unit (protocol of session Data unit, PDU) session mark), network slice, data network title (data network name, DNN), Ethernet Conversation type etc..

Wherein, the session that the mark of session is established for indicating terminal.It is suitable that network slice and DNN are used to select by AMF SMF.The session that Ethernet conversation type is used to indicate foundation is Ethernet session.

Step 2, session establishment request message is forwarded to the SMF of selection by AMF.

The step, AMF are sliced according to DNN and network, a suitable SMF are selected, then by session establishment request message It is forwarded to SMF.

Step 3a, SMF according to local policy (such as receiving the session request or ethernet type session of DNN), determine to DN-AAA sends session authentication/authorization request message.

It include the mark of terminal in the session authentication/authorization request message.

Step 3b, DN-AAA send session authentication/authorization to SMF and reply message.

Session authentication/the authorization replies message to be pre-configured on middle carrying DN-AAA, MAC corresponding with the mark of the terminal Address.

Based on the specific example that the embodiment provides, then session authentication/the authorization reply message in include MAC1, MAC2 and MAC3。

Step 4, SMF establishes the corresponding uplink and downlink tunnel of session, and, the mark of MAC Address and session is stored on UPF Between corresponding relationship.

In the step, the operation needed to be implemented is specifically included that

First, establish the corresponding uplink and downlink tunnel of session.

SMF initiates the request of N4 session establishment to UPF, SMF or UPF distribution UPF uplink tunnel resource (including TEID and UPF IP address), and give uplink tunnel resource notification to RAN equipment.RAN equipment allocation of downlink tunnel resource (including TEID and RAN The IP address of equipment), and by downlink tunnel resource notification to UPF.The uplink and downlink tunnel of session is thus established.

Second, UPF record the corresponding relationship of the mark of MAC Address and session.

A kind of implementation is that forward rule, i.e. MAC Address and the corresponding relationship of downlink tunnel mark are sent to by SMF UPF.Wherein, MAC Address here is the MAC Address that DN-AAA is sent to SMF by step 3b.

Another implementation is that SMF notifies MAC Address to generate forward rule to UPF, UPF, i.e., MAC Address is under The corresponding relationship of row Tunnel Identifier.Wherein, MAC Address here is the MAC Address that DN-AAA is sent to SMF by step 3b.

For example, if indicating the MAC Address of UPF record and the corresponding relationship of downlink tunnel mark, UPF in table form The content of record is as shown in above-mentioned table 2-1.

Optionally, it also can recorde the corresponding relationship of MAC Address and downlink tunnel mark in SMF.If with the shape of table Formula indicates the MAC Address of SMF record and the corresponding relationship of downlink tunnel mark, then the content table 2-1 institute also described above of SMF record Show.

Optionally, further includes:

MAC Address is notified PCF, PCF to record the corresponding relationship of MAC Address and SMF by third, SMF.

PCF records the corresponding relationship of MAC Address and SMF, so that subsequent PCF can find corresponding meeting according to MAC Address Words.For example, be sent in the message of PCF may non-carried terminal for application function (application function, AF) network element Mark, but carry MAC Address, DNN and network slice etc. information, then PCF can be found corresponding according to MAC Address Then MAC Address is sent to corresponding SMF by SMF, find the mark of corresponding session according to MAC Address by SMF, and will The mark of words is sent to PCF, so that PCF can get the mark of session by above method.

Next, if there is new remote equipment, for example remote equipment 4 needs dynamic access to terminal, then can pass through Following step 5- step 10d is realized.

Step 5, terminal receives the data packet that remote equipment 4 is sent.

It include the MAC Address of remote equipment 4, i.e. MAC4 in data packet.

Next step 6a and step 7- step 10d is executed, wherein step 6a is to trigger SMF by control plane to modify meeting The information of words；Alternatively, executing step 6b- step 6c and step 7- step 10d, wherein step 6b- step 6c is by user face Trigger the information of SMF modification session.

Step 6a, terminal send session modification request message to SMF, and correspondingly, SMF receives the session modification request and disappears Breath.

Terminal, which determines, does not record MAC4, and then determines have new remote equipment to attempt access.Then terminal sends session to SMF Request message is modified, MAC Address (MAC Address of remote equipment 4 is MAC4) and session are carried in session modification request message Mark.For example, terminal is identified as session id 1 for the associated session of remote equipment.

It optionally, further include the mark of remote equipment 4 in session modification request message.

Step 6b, terminal deliver a packet to UPF, and correspondingly, UPF receives the data packet that terminal is sent.

It include the MAC Address of remote equipment 4, i.e. MAC4 in data packet.

Step 6c, UPF determination does not record MAC4, then sends a notification message to SMF, and correspondingly, SMF is received from UPF's Notification message.

It include the mark (i.e. session id 1) of MAC4 and session in notification message.For example, UPF is by searching for the above-mentioned of record Table 2-1, determination do not record MAC4.

Illustrate that UPF determines the specific implementation of the mark of the session carried in notification message below.

A kind of implementation is that uplink tunnel is also recorded in the session establishment process of above-mentioned steps 1- step 4 in UPF Corresponding relationship between mark and the mark of session.Therefore, UPF can be by step 6b, according to the uplink for receiving data packet The mark in tunnel determines the mark of the corresponding session of mark of the uplink tunnel.For example, by taking the record form of table as an example, then The corresponding relationship between the mark of the uplink tunnel as shown in table 3-1 and the mark of session is had recorded on UPF.

The mark of uplink tunnel	The mark of session
		Uplink tunnel mark 1	Session id 1
Uplink tunnel mark 2	Session id 2

Corresponding relationship between table 3-1 uplink tunnel mark and the mark of session

As another implementation, it can also be that UPF in the session establishment process of above-mentioned steps 1- step 4, is recorded Uplink tunnel mark and the corresponding relationship before N4 session identification, and have recorded between N4 session identification and the mark of session Corresponding relationship.Therefore, UPF, according to the mark for the uplink tunnel for receiving data packet, can determine the uplink by step 6b The corresponding N4 session identification of the mark in tunnel determines the mark of the corresponding session of N4 session identification then according to N4 session identification Know.For example, then having recorded the mark of the uplink tunnel as shown in table 3-2 and N4 session mark on UPF by taking the record form of table as an example Corresponding relationship between knowledge, and have recorded the corresponding relationship between N4 session identification and the mark of session as shown in table 3-3.

Wherein, N4 refers to the interface between UPF and SMF, used in N4 session refers to communicating between UPF and SMF Session mark.

The mark of uplink tunnel	N4 session identification
		Uplink tunnel mark 1	N4 session id 1
Uplink tunnel mark 2	N4 session id 2

Corresponding relationship between table 3-2 uplink tunnel mark and N4 session identification

The mark of session	N4 session identification
		Session id 1	N4 session id 1
Session id 2	N4 session id 2

Corresponding relationship between the mark and N4 session identification of table 3-3 session

Optionally, it can also safeguard that a blacklist, blacklist are used for the MAC Address of recording prohibition in UPF.When UPF connects It receives when including the data packet of MAC Address in blacklist, then directly by data packet discarding, without notifying to SMF.

Step 7, SMF determines to initiate the authorization of session re-authentication.

SMF can judge whether to initiate the authorization of session re-authentication according to following manner: SMF judges whether with recording the MAC Location (i.e. MAC4), if having recorded the MAC Address, SMF decides not to initiate session re-authentication authorization, goes to step 10d；If not The MAC Address is recorded, then determines to initiate the authorization of session re-authentication.

The step 7 is optional step, if not executing step 7, SMF default needs to initiate session re-authentication authorization.

Step 8a, SMF send session authentication/authorization request message to DN-AAA, and correspondingly, DN-AAA, which is received, comes from SMF Session authentication/authorization request message.

Session authentication/the authorization request message includes MAC4, and the MAC4 is for identifying remote equipment 4.

Alternatively, session authentication/authorization request message includes the mark of MAC4 and remote equipment 4, the mark of the remote equipment 4 For identifying remote equipment 4.

Alternatively, session authentication/authorization request message includes the mark of remote equipment 4, the mark of the remote equipment 4 is for marking Know remote equipment 4.

DN-AAA authenticates remote equipment 4.Specific verification process can refer to prior art relevant programme, here no longer It repeats.

It should be noted that if session authentication/authorization request message includes the mark of MAC4 and remote equipment 4, the distal end The mark of equipment 4 is for identifying remote equipment 4, then mark of the DN-AAA based on the remote equipment 4 tests remote equipment 4 Card.

If session authentication/the authorization request message includes MAC4, which is used to identify remote equipment 4, then DN-AAA base Remote equipment 4 is verified in the MAC4.

Alternatively, session authentication/authorization request message includes the mark of MAC4 and remote equipment 4, the mark of the remote equipment 4 For identifying remote equipment 4, then mark of the DN-AAA based on the remote equipment 4 verifies remote equipment 4.

Alternatively, session authentication/authorization request message includes the mark of remote equipment 4, the mark of the remote equipment 4 is for marking Know remote equipment 4, then mark of the DN-AAA based on the remote equipment 4 verifies remote equipment 4.

Step 8b, DN-AAA send session authentication/authorization to SMF and reply message, and correspondingly, SMF, which is received, comes from DN-AAA Session authentication/authorization reply message.

If authenticating successfully, session authentication/authorization replies message instruction and authenticates successfully.

For example, as a kind of implementation, if above-mentioned session authentication/authorization request message includes MAC4, when certification at When function, the MAC4 can be carried in session authentication/authorization replies message, be replied message when SMF receives session authentication/authorization, When determining including MAC4, it is determined that authenticate successfully.

As another implementation, if above-mentioned session authentication/authorization request message does not include MAC4, when authenticating successfully When, instruction information can be carried in session authentication/authorization replies message, which, which is used to indicate, authenticates successfully, when SMF connects It receives session authentication/authorization to reply message, be authenticated successfully according to instruction information therein determination.

Above-mentioned session authentication/authorization request message, session authentication/authorization reply message, embodiment respectively shown in Fig. 2 In authentication request message, a specific example of authentication response message.

It should be noted that above-mentioned steps 8a- step 8c is optional step.When not executing step 8a- step 8c, then SMF default authenticates successfully the remote equipment 4.

Step 9a, SMF send session management policy request message to PCF, and correspondingly, PCF receives the session pipe from SMF Manage policy request message.

It include MAC4 in the session management policy request message.

Step 9b, PCF send session management strategy to SMF and reply message, and correspondingly, SMF receives the session pipe from PCF Reason strategy replies message.

As a kind of implementation, PCF can generate new strategy according to the MAC4, and be carried on session management strategy and return SMF is sent in multiple message.

Step 9b is optional step.

Step 10a, SMF record the mark corresponding relationship of the MAC Address and session.

Specifically, the mark (i.e. downlink tunnel mark 1) of the corresponding downlink tunnel of mark of SMF recording conversation is with MAC The corresponding relationship of location (i.e. MAC4).SMF also sends session modification request message to UPF, and correspondingly, UPF receives the meeting from SMF Words modification request message.

The session modification request message includes forward rule, which is MAC4 corresponding with downlink tunnel mark 1 Relationship.

That is, SMF according to session id 1, determines the corresponding downlink tunnel of session id 1 mark 1, MAC4 and downlink are then generated The corresponding relationship of Tunnel Identifier 1, and be carried in session modification request message and be sent to UPF.

As a kind of implementation, if authentification failure, SMF is unsuccessfully indicated to UPF transmission, and UPF will according to unsuccessfully instruction Blacklist is added in the MAC4.It is subsequent, when UPF receives the data packet of MAC4, then direct packet discard.

Step 10b, UPF send session modification to SMF and reply message, and correspondingly, SMF receives the session modification from UPF It replies message.

Step 10b is optional step.

Step 10c, SMF send instruction message to terminal, and correspondingly, terminal receives the instruction message from SMF.

The instruction message is used to indicate session modification success.

It optionally, include MAC4 in the instruction message.

As a kind of implementation, if executing above-mentioned steps 6a, the instruction message of step 10c in the concrete realization may be used To be that session modification replies message.

Step 10d, terminal record the information of remote equipment 4.

The information of the remote equipment 4 of terminal record, for example including MAC4, the mark etc. of remote equipment 4.

5- step 10d through the above steps realizes the dynamic access to remote equipment 4.

The normal process flow of uplink and downlink data packet is described below.

In up direction, include the following steps 11- step 12.

Step 11, remote equipment 4 sends upstream data packet to UPF by terminal.

It include MAC4 in the upstream data packet.

Step 12, after UPF receives upstream data packet, whether detection source MAC has been authorized.

The source MAC is the MAC Address namely MAC4 of the remote equipment 4 in upstream data packet.

UPF is by judging whether to have recorded the source MAC, to determine whether the source MAC has authorized.If record , it is determined that it has authorized, if not recording, it is determined that unauthorized.

Wherein, however, it is determined that unauthorized then abandons the upstream data packet.If it is determined that having authorized, then by the upstream data packet It is sent to data network (data network, DN).

Since remote equipment 4 is linked into terminal by abovementioned steps, UPF determines that the MAC4 has been authorized, therefore meeting Upstream data packet is sent to DN.

In down direction, include the following steps 13- step 15.

Step 13, DN sends downlink data packet to UPF.

It include target MAC (Media Access Control) address in the downlink data packet, such as the target MAC (Media Access Control) address is the MAC Address of remote equipment 4, That is MAC4.

Step 14, after UPF receives downlink data packet, whether testing goal MAC Address has been authorized.

Whether the method whether UPF testing goal MAC Address has authorized detects source MAC authorization method phase with UPF Together, it can refer to foregoing description.

Step 15, if UPF determines that target MAC (Media Access Control) address has authorized, downlink data packet is sent to phase by downlink tunnel The remote equipment answered.

More than, a kind of method for accessing new remote equipment is given, it can be achieved that by new remote equipment is dynamically connect Enter to terminal, thus it is relatively more flexible.

It is above-mentioned that mainly scheme provided by the present application is described from the angle of interaction between each network element.It is understood that , in order to realize the above functions, it comprises execute the corresponding hardware configuration of each function and/or soft for above-mentioned each network element of realization Part module.Those skilled in the art should be readily appreciated that, described in conjunction with the examples disclosed in the embodiments of the present disclosure Unit and algorithm steps, the present invention can be realized with the combining form of hardware or hardware and computer software.Some function is studied carefully Unexpectedly it is executed in a manner of hardware or computer software driving hardware, the specific application and design constraint depending on technical solution Condition.Professional technician can use different methods to achieve the described function each specific application, but this Kind is realized and be should not be considered as beyond the scope of the present invention.

Based on identical inventive concept, as shown in figure 4, being a kind of schematic device provided by the present application, which can be with It is user's veil member, session management network element or chip, the method that any of the above-described embodiment can be performed.

The device 400 includes at least one processor 401, communication line 402, memory 403 and at least one communication Interface 404.

Processor 401 can be a general central processor (central processing unit, CPU), micro process Device, application-specific integrated circuit (application specific integrated circuit, ASIC) or one or more A integrated circuit executed for controlling application scheme program.

Communication line 402 may include an access, and information is transmitted between said modules.

Communication interface 404, using the device of any transceiver one kind, for other equipment or communication, such as Ethernet, wireless access network (radio access network, RAN), WLAN (wireless local area Networks, WLAN) etc..

Memory 403 can be read-only memory (read-only memory, ROM) or can store static information and instruction Other kinds of static storage device, random access memory (random access memory, RAM) or letter can be stored The other kinds of dynamic memory of breath and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory (electricallyer server able programmable read-only memory, EEPROM), CD-ROM (compact disc read-only memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, swash Optical disc, optical disc, Digital Versatile Disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can use In carry or storage have instruction or data structure form desired program code and can by computer access it is any its His medium, but not limited to this.Memory, which can be, to be individually present, and is connected by communication line 402 with processor.Memory It can be integrated with processor.

Wherein, memory 403 be used for store execution application scheme computer executed instructions, and by processor 401 Control executes.Processor 401 is for executing the computer executed instructions stored in memory 403, to realize that the application is following The sending method for the multicast message that embodiment provides.

Optionally, the computer executed instructions in the embodiment of the present application can also be referred to as application code, the application Embodiment is not especially limited this.

In the concrete realization, as one embodiment, processor 401 may include one or more CPU, such as in Fig. 4 CPU0 and CPU1.

In the concrete realization, as one embodiment, device 400 may include multiple processors, such as the processing in Fig. 4 Device 401 and processor 408.Each of these processors can be monokaryon (single-CPU) processor, can also be with It is multicore (multi-CPU) processor.Here processor can refer to one or more equipment, circuit, and/or for locating Manage the processing core of data (such as computer program instructions).

When device shown in Fig. 4 is chip, such as it can be the chip of user's veil member or the core of session management network element Piece, then the chip includes processor 401 (can also include processor 408), communication line 402, memory 403 and communication interface 404.Specifically, communication interface 404 can be input interface, pin or circuit etc..Memory 403 can be register, caching Deng.Processor 401 and processor 408 can be a general CPU, microprocessor, ASIC, or one or more for controlling The integrated circuit that the program of the dynamic access method of the remote equipment of any of the above-described embodiment executes.

The application can carry out the division of functional module according to above method example to device, for example, can correspond to each Two or more functions can also be integrated in a processing module by each functional module of function division.Above-mentioned collection At module both can take the form of hardware realization, can also be realized in the form of software function module.It needs to illustrate Being is schematically in addition only a kind of logical function partition can have in actual implementation to the division of module in the application Division mode.For example, Fig. 5 shows a kind of device in the case where each function division of use correspondence each functional module Schematic diagram, the device 500 can be session management network element involved in above-described embodiment, or in session management network element Chip, the device 500 include receiving unit 501, transmission unit 502 and processing unit 503.

In the first implementation:

The receiving unit 501, for receiving the session modification request message for carrying out self terminal, the session modification request disappears Breath includes the mark of the session of the terminal and the MAC address of remote equipment；Alternatively, the receiving unit 501, for receiving the notification message from user's veil member, the notification message includes the mark of the session of the terminal and remote The MAC Address of end equipment, the notification message is for notifying modification session；

The processing unit 503, for generating forward rule according to the MAC Address and the mark of the session；

The transmission unit 502, for the forward rule to be sent to user's veil member.

As a kind of possible implementation, the processing unit 503 is specifically used for: according to the mark pair of the session The mark for the downlink tunnel answered and the MAC Address, generate the forward rule, the forward rule be the MAC Address with The corresponding relationship of the mark of the downlink tunnel.

As a kind of possible implementation, the processing unit 503, the mark for being also used to record the session is corresponding The mark and the corresponding relationship of the MAC Address of downlink tunnel.

As a kind of possible implementation, the transmission unit 502 is also used to the MAC Address being sent to strategy Control network element.

As a kind of possible implementation, the transmission unit 502 is also used to send certification request to certificate server Message, the authentication request message authenticate the remote equipment for requesting；The receiving unit 501, is also used to connect The authentication response message from the certificate server is received, the authentication response message, which is used to indicate, to be authenticated successfully.

As a kind of possible implementation, the authentication request message includes the MAC Address, and the MAC Address is used It is authenticated in the remote equipment；Alternatively, if the session modification request message include the remote equipment mark or The notification message includes the mark of the remote equipment, then the authentication request message includes the MAC Address and described remote The mark of end equipment, the mark of the remote equipment is for authenticating the remote equipment.

In the second implementation:

The transmission unit 502, for sending instruction message to the terminal, the instruction message is used to indicate session and repairs It is changed to function.

It should be understood that the device can be used to implement the step executed in the method for the embodiment of the present application by session management network element Suddenly, correlated characteristic is referred to above, and details are not described herein again.

Specifically, function/realization process of receiving unit 501, processing unit 503 and transmission unit 502 in Fig. 5 The computer executed instructions stored in memory 503 can be called to realize by the processor 501 in Fig. 5.Alternatively, in Fig. 5 Function/realization process of processing unit 503 calculating that stores in memory 503 can be called by the processor 501 in Fig. 5 Machine executes instruction to realize, function/realization process of receiving unit 501 and transmission unit 502 in Fig. 5 can be by Fig. 5 Communication interface 504 realize.

Optionally, when the device 500 is chip or circuit, then function/reality of receiving unit 501 and transmission unit 502 Existing process can also be realized by pin or circuit etc..Optionally, when the device 500 is chip, memory 503 can be Storage unit in chip, such as register, caching.Certainly, when the device 500 is session management network element, memory 503 can To be the storage unit positioned at chip exterior in session management network element, the embodiment of the present application is not especially limited this.

The application can carry out the division of functional module according to above method example to device, for example, can correspond to each Two or more functions can also be integrated in a processing module by each functional module of function division.Above-mentioned collection At module both can take the form of hardware realization, can also be realized in the form of software function module.It needs to illustrate Being is schematically in addition only a kind of logical function partition can have in actual implementation to the division of module in the application Division mode.For example, Fig. 6 shows a kind of device in the case where each function division of use correspondence each functional module Schematic diagram, the device 600 can be the member of user's veil involved in above-described embodiment, or be the core in user's veil member Piece, the device 600 include receiving unit 601, transmission unit 602 and processing unit 603.

The receiving unit 601 includes in the data packet for receiving the data packet come self terminal by uplink tunnel The MAC address of remote equipment；

The processing unit 603, for according to the mark of the mark of the uplink tunnel and the uplink tunnel with it is described The mark corresponding relationship of the session of terminal, determines the mark of the session of the terminal；

The transmission unit 602, if sending a notification message for not recording the MAC Address to session management network element, The notification message includes the mark of the MAC Address and the session, and the notification message is for notifying modification session；

The receiving unit 601 is also used to receive the forward rule from the session management network element, the forwarding rule It is then the mark and the corresponding relationship of the MAC Address of the corresponding downlink tunnel of mark of the session.

As a kind of possible implementation, the processing unit 602 is also used to determine that the mark of the session is corresponding The MAC Address is not recorded in the associated MAC Address of the mark of downlink tunnel.

It should be understood that the device can be used to implement the step of being executed in the method for the embodiment of the present application by user's veil member, Correlated characteristic is referred to above, and details are not described herein again.

Specifically, function/realization process of receiving unit 601, processing unit 603 and transmission unit 602 in Fig. 6 The computer executed instructions stored in memory 603 can be called to realize by the processor 601 in Fig. 6.Alternatively, in Fig. 6 Function/realization process of processing unit 603 calculating that stores in memory 603 can be called by the processor 601 in Fig. 6 Machine executes instruction to realize, function/realization process of receiving unit 601 and transmission unit 602 in Fig. 6 can be by Fig. 6 Communication interface 604 realize.

Optionally, when the device 600 is chip or circuit, then function/reality of receiving unit 601 and transmission unit 602 Existing process can also be realized by pin or circuit etc..Optionally, when the device 600 is chip, memory 603 can be Storage unit in chip, such as register, caching.Certainly, when the device 600 is user's veil member, memory 603 can be with It is the storage unit positioned at chip exterior in user's veil member, the embodiment of the present application is not especially limited this.

Fig. 7 shows a kind of rough schematic view of possible design structure of terminal involved in the embodiment of the present invention. The terminal 700 includes transmitter 701, receiver 702 and processor 703.Wherein, processor 703 or controller, figure " controller/processor 703 " is expressed as in 7.Optionally, the terminal 700 can also include modem processor 705, In, modem processor 705 may include encoder 706, modulator 707, decoder 708 and demodulator 709.

In one example, transmitter 701 adjusts (for example, analog-converted, filtering, amplification and up-conversion etc.) output sampling And uplink signal is generated, which is transmitted to RAN equipment described in above-described embodiment via antenna.Under On line link, antenna receives the down link signal that RAN equipment emits in above-described embodiment.Receiver 702 is adjusted (for example, filter Wave, amplification, down coversion and digitlization etc.) from antenna received signal and provide input sample.In modem processor 705 In, encoder 706 receives the business datum to send on uplink and signaling message, and to business datum and signaling message Handled (for example, format, encode and interweave).Modulator 707 is further processed (for example, symbol mapping and modulation) coding Business datum and signaling message afterwards simultaneously provide output sampling.The processing of demodulator 709 (for example, demodulation) input sample simultaneously provides Sign estimation.Decoder 708 handles (for example, deinterleaving and decoding) sign estimation and provides the solution for being sent to terminal 700 The data and signaling message of code.Encoder 706, modulator 707, demodulator 709 and decoder 708 can be by the modulatedemodulates that synthesize Processor 705 is adjusted to realize.These units are handled according to the wireless access technology that wireless access network uses.It needs to illustrate , when terminal 700 does not include modem processor 705, the above-mentioned function of modem processor 705 can also be by Device 703 is managed to complete.

Processor 703 carries out control management to the movement of terminal 700, for executing in the embodiments of the present invention by terminal 700 treatment processes carried out.For example, processor 703 is also used to execute the treatment process of terminal involved in method shown in Fig. 2-Fig. 3 And/or other processes of technical solution described herein.

Further, terminal 700 can also include memory 704, and memory 704 is used to store the journey for terminal 700 Sequence code and data.

The application can carry out the division of functional module according to above method example to device, for example, can correspond to each Two or more functions can also be integrated in a processing module by each functional module of function division.Above-mentioned collection At module both can take the form of hardware realization, can also be realized in the form of software function module.It needs to illustrate Being is schematically in addition only a kind of logical function partition can have in actual implementation to the division of module in the application Division mode.For example, Fig. 8 shows a kind of device in the case where each function division of use correspondence each functional module Schematic diagram, the device 800 can be terminal involved in above-described embodiment, or be the chip in terminal, the device 800 packet Include receiving unit 801, transmission unit 802 and processing unit 803.

In the first implementation:

The receiving unit 801 includes the distal end in the data packet for receiving the data packet from remote equipment The MAC address of equipment；

The transmission unit 802 is sent if not recording the MAC Address for described device to session management network element Session modification request message, the session modification request message include the MAC Address；

The receiving unit 801 is also used to receive the instruction message from the session management network element, the instruction message It is used to indicate session modification success；

The processing unit 803, for recording the MAC Address.

As a kind of possible implementation, the processing unit 803 is specifically used for: MAC is added in the MAC Address Address list, the MAC Address list include at least one MAC Address, the corresponding remote equipment of a MAC Address, and one Remote equipment corresponds at least one MAC Address.

As a kind of possible implementation, the processing unit 803 is specifically used for: record the mark of the terminal with The corresponding relationship of the MAC Address.

In the second implementation:

The transmission unit 802, for sending the data packet to user's veil member；

The receiving unit 801, is also used to receive the instruction message from session management network element, and the instruction message is used for Indicate session modification success；

The processing unit 803, for recording the MAC Address.

It should be understood that the device can be used to implement the step of being executed in the method for the embodiment of the present invention by terminal, it is related special Sign is referred to above, and details are not described herein again.

Specifically, function/realization process of receiving unit 801, processing unit 803 and transmission unit 802 in Fig. 8 The computer executed instructions stored in memory 803 can be called to realize by the processor 801 in Fig. 8.Alternatively, in Fig. 8 Function/realization process of processing unit 803 calculating that stores in memory 803 can be called by the processor 801 in Fig. 8 Machine executes instruction to realize, function/realization process of receiving unit 801 and transmission unit 802 in Fig. 8 can be by Fig. 8 Communication interface 804 realize.

Optionally, when the device 800 is chip or circuit, then function/reality of receiving unit 801 and transmission unit 802 Existing process can also be realized by pin or circuit etc..Optionally, when the device 800 is chip, memory 803 can be Storage unit in chip, such as register, caching.Certainly, when the device 800 is terminal, memory 803 can be terminal The interior storage unit positioned at chip exterior, the embodiment of the present application are not especially limited this.

In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program Product includes one or more computer instructions.When loading on computers and executing the computer program instructions, all or It partly generates according to process or function described in the embodiment of the present invention.The computer can be general purpose computer, dedicated meter Calculation machine, computer network or other programmable devices.The computer instruction can store in computer readable storage medium In, or from a computer readable storage medium to the transmission of another computer readable storage medium, for example, the computer Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or Data center is transmitted.The computer readable storage medium can be any usable medium that computer can access or It is comprising data storage devices such as one or more usable mediums integrated server, data centers.The usable medium can be with It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state hard disk (Solid State Disk, SSD)) etc..

Various illustrative logic units and circuit described in the embodiment of the present application can be by general processors, number Word signal processor, specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic devices, from Door or transistor logic are dissipated, discrete hardware components or above-mentioned any combination of design carry out implementation or operation described function.It is logical It can be microprocessor with processor, optionally, which may be any traditional processor, controller, micro- Controller or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and Wei Chu Device, multi-microprocessor are managed, one or more microprocessors combine a digital signal processor core or any other like Configuration is to realize.

The step of method described in the embodiment of the present application or algorithm can be directly embedded into hardware, processor execute it is soft The combination of part unit or the two.Software unit can store in RAM memory, flash memory, ROM memory, EPROM storage Other any form of storaging mediums in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this field In.Illustratively, storaging medium can be connect with processor, so that processor can read information from storaging medium, and It can be to storaging medium stored and written information.Optionally, storaging medium can also be integrated into the processor.Processor and storaging medium can To be set in asic, ASIC be can be set in terminal device.Optionally, processor and storaging medium also can be set in end In different components in end equipment.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

Although in conjunction with specific features and embodiment, invention has been described, it is clear that, do not departing from this hair In the case where bright spirit and scope, it can be carry out various modifications and is combined.Correspondingly, the specification and drawings are only institute The exemplary illustration of the invention that attached claim is defined, and be considered as covered in the scope of the invention any and all and repair Change, change, combining or equivalent.Obviously, those skilled in the art various changes and modifications can be made to the invention without It is detached from the spirit and scope of the present invention.If in this way, these modifications and changes of the present invention belong to the claims in the present invention and its Within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.

Claims

1. a kind of dynamic access method of remote equipment characterized by comprising

Terminal receives the data packet from remote equipment, includes the media access control of the remote equipment in the data packet MAC Address；

If the terminal does not record the MAC Address, session modification request message, the session are sent to session management network element Modifying request message includes the MAC Address；

The terminal receives the instruction message from the session management network element, the instruction message be used to indicate session modification at Function；

The terminal records the MAC Address.

2. the method according to claim 1, wherein the terminal records the MAC Address, comprising:

MAC Address list is added in the MAC Address by the terminal, and the MAC Address list includes at least one MAC Address, The corresponding remote equipment of one MAC Address, a remote equipment correspond at least one MAC Address.

3. the method according to claim 1, wherein the terminal records the MAC Address, comprising:

The terminal records the mark and the corresponding relationship of the MAC Address of the terminal.

4. a kind of dynamic access method of remote equipment characterized by comprising

Terminal receives the data packet from remote equipment, and sends the data packet to user's veil member, wraps in the data packet Include the MAC address of the remote equipment；

The terminal receives the instruction message from session management network element, and the instruction message is used to indicate session modification success；

The terminal records the MAC Address.

5. according to the method described in claim 4, it is characterized in that, the terminal records the MAC Address, comprising:

6. according to the method described in claim 4, it is characterized in that, the terminal records the MAC Address, comprising:

7. a kind of dynamic access method of remote equipment characterized by comprising

Session management network element receives the session modification request message for carrying out self terminal, and the session modification request message includes the end The mark of the session at end and the MAC address of remote equipment；Alternatively, session management network element, which receives, comes from user face The notification message of network element, the notification message include the mark of the session of the terminal and the MAC Address of remote equipment, described logical Know message for notify modification session；

The session management network element generates forward rule according to the MAC Address and the mark of the session, and by the forwarding Rule is sent to user's veil member.

8. the method according to the description of claim 7 is characterized in that the session management network element is according to the MAC Address and institute The mark for stating session generates forward rule, comprising:

Mark and the MAC Address of the session management network element according to the corresponding downlink tunnel of mark of the session, generate The forward rule, the forward rule are the corresponding relationship of the mark of the MAC Address and the downlink tunnel.

9. method according to claim 7 or 8, which is characterized in that the method also includes:

The mark that the session management network element records the corresponding downlink tunnel of mark of the session is corresponding with the MAC Address Relationship.

10. method according to any one of claims 7 to 9, which is characterized in that the method also includes:

The MAC Address is sent to policy control network element by the session management network element.

11. method according to any one of claims 7 to 10, which is characterized in that the method also includes:

The session management network element sends authentication request message to certificate server, and the authentication request message is for requesting to institute Remote equipment is stated to be authenticated；

The session management network element receives the authentication response message from the certificate server, and the authentication response message is used for Instruction authenticates successfully.

12. according to the method for claim 11, which is characterized in that the authentication request message includes the MAC Address, institute MAC Address is stated for authenticating to the remote equipment；Alternatively,

If the session modification request message includes the mark of the remote equipment or the notification message includes that the distal end is set Standby mark, then the authentication request message includes the mark of the MAC Address and the remote equipment, the remote equipment Mark is for authenticating the remote equipment.

13. a kind of dynamic access method of remote equipment characterized by comprising

The session management network element sends instruction message to the terminal, and the instruction message is used to indicate session modification success.

14. a kind of dynamic access method of remote equipment characterized by comprising

User's veil member includes the media of remote equipment come the data packet of self terminal, in the data packet by uplink tunnel reception Access control MAC address；

User's veil member is according to the mark of the uplink tunnel and the session of the uplink tunnel identified with the terminal Mark corresponding relationship, determine the mark of the session of the terminal；

If user's veil member does not record the MAC Address, send a notification message to session management network element, the notice disappears Breath includes the mark of the MAC Address and the session, and the notification message is for notifying modification session；

User's veil member receives the forward rule from the session management network element, and the forward rule is the session The corresponding downlink tunnel of mark mark and the corresponding relationship of the MAC Address.

15. according to the method for claim 14, which is characterized in that the method also includes:

User's veil member determines in the associated MAC Address of mark of the corresponding downlink tunnel of mark of the session, does not remember Record the MAC Address.

16. a kind of device, which is characterized in that including processing unit, transmission unit and receiving unit；

The receiving unit includes the remote equipment in the data packet for receiving the data packet from remote equipment MAC address；

The transmission unit sends session modification to session management network element if not recording the MAC Address for described device Request message, the session modification request message include the MAC Address；

The receiving unit is also used to receive the instruction message from the session management network element, and the instruction message is for referring to Show session modification success；

The processing unit, for recording the MAC Address.

17. device according to claim 16, which is characterized in that the processing unit is specifically used for:

MAC Address list is added in the MAC Address, the MAC Address list includes at least one MAC Address, MAC Location corresponds to a remote equipment, and a remote equipment corresponds at least one MAC Address.

18. according to the method for claim 16, which is characterized in that the processing unit is specifically used for:

Record the mark and the corresponding relationship of the MAC Address of the terminal.

19. a kind of device, which is characterized in that including processing unit, transmission unit and receiving unit；

The transmission unit, for sending the data packet to user's veil member；

The receiving unit, is also used to receive the instruction message from session management network element, and the instruction message is used to indicate meeting It talks about successfully modified；

The processing unit, for recording the MAC Address.

20. device according to claim 19, which is characterized in that the processing unit is specifically used for:

21. device according to claim 19, which is characterized in that the processing unit is specifically used for:

22. a kind of device, which is characterized in that including processing unit, transmission unit and receiving unit；

The receiving unit, for receiving the session modification request message for carrying out self terminal, the session modification request message includes The mark of the session of the terminal and the MAC address of remote equipment；Alternatively, the receiving unit, for connecing The notification message from user's veil member is received, the notification message includes the mark and remote equipment of the session of the terminal MAC Address, the notification message is for notifying modification session；

The processing unit, for generating forward rule according to the MAC Address and the mark of the session；

The transmission unit, for the forward rule to be sent to user's veil member.

23. device according to claim 22, which is characterized in that the processing unit is specifically used for:

According to the mark of the corresponding downlink tunnel of mark of the session and the MAC Address, the forward rule is generated, it is described Forward rule is the corresponding relationship of the mark of the MAC Address and the downlink tunnel.

24. the device according to claim 22 or 23, which is characterized in that the processing unit is also used to record the meeting The mark and the corresponding relationship of the MAC Address of the corresponding downlink tunnel of mark of words.

25. the device according to any one of claim 22 to 24, which is characterized in that the transmission unit, be also used to Certificate server sends authentication request message, and the authentication request message authenticates the remote equipment for requesting；

The receiving unit is also used to receive the authentication response message from the certificate server, the authentication response message It is used to indicate and authenticates successfully.

26. a kind of device, which is characterized in that including transmission unit and receiving unit；

The transmission unit, for sending instruction message to the terminal, the instruction message is used to indicate session modification success.

27. a kind of device, which is characterized in that including processing unit, transmission unit and receiving unit；

The receiving unit includes that distal end is set for receiving the data packet come self terminal by uplink tunnel, in the data packet Standby MAC address；

The processing unit, for according to the mark of the uplink tunnel and the mark of the uplink tunnel and the terminal The mark corresponding relationship of session, determines the mark of the session of the terminal；

The transmission unit is described logical if sending a notification message for not recording the MAC Address to session management network element Know that message includes the mark of the MAC Address and the session, the notification message is for notifying modification session；

The receiving unit, is also used to receive the forward rule from the session management network element, and the forward rule is institute State the mark and the corresponding relationship of the MAC Address of the corresponding downlink tunnel of mark of session.

28. device according to claim 27, which is characterized in that the processing unit is also used to determine the session It identifies in the associated MAC Address of mark of corresponding downlink tunnel, does not record the MAC Address.