CN110602803B - Method for limiting user terminal to access UPF - Google Patents
Method for limiting user terminal to access UPF Download PDFInfo
- Publication number
- CN110602803B CN110602803B CN201910977304.6A CN201910977304A CN110602803B CN 110602803 B CN110602803 B CN 110602803B CN 201910977304 A CN201910977304 A CN 201910977304A CN 110602803 B CN110602803 B CN 110602803B
- Authority
- CN
- China
- Prior art keywords
- upf
- user terminal
- private
- identification information
- current user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/02—Access restriction performed under specific conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/11—Allocation or use of connection identifiers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method for limiting user terminal access UPF, firstly configuring private UPF, SMF obtaining current user terminal identification information, SMF selecting UPF for current user terminal according to identification information. The invention realizes the purpose of UPF user-level access restriction and realizes the special use or the privacy of UPF.
Description
Technical Field
The invention relates to the field of mobile communication, in particular to a method for limiting a user terminal to access UPF.
Background
In current 5G core networks, a Session Management Function (SMF) manages one or more User Plane Function (UPF). And after the user terminal UE is successfully registered, the SMF is responsible for selecting the UPF to be connected with the user terminal UE. Meanwhile, the SMF is also responsible for the establishment, modification and release of PDU sessions between the user terminal UE and the data network DN.
There are many methods for selecting a UPF currently, chinese patent application publication No. CN108307402A entitled "method, apparatus, and system for managing UPF", which flexibly selects a UPF according to capability information of one or more UPFs in a preset area, such as node information, Qos information, supported APN information, supported DCN information, network slice information, service type information, and the like, in combination with node information, location/area information, request of UE, Qos information, DCN information, APN, and the like of CPF. The flexibility of managing and selecting UPF is improved, the orientation is wider, and the access limitation of UPF to the user terminal is not mentioned.
The Chinese patent application publication number is CN110149675A, the invention name is 'a UPF selection method and device', the problem of inaccuracy when the UPF is selected by using parameters such as DNN and the like in the current 5G is solved by acquiring the service application ID supported by the UPF and matching the service application ID with the service application ID of the user terminal UE, and the identification information such as SUPI and the like of the user terminal is not used.
The invention discloses a method and a device for selecting a user plane, which are disclosed in Chinese patent application with the publication number of CN108271229A, and realize optimization and enhancement of a service path by determining the change of UE accessing an application server and reselecting a UPF for the UE, and do not mention a selection strategy of a private UPF.
The functions of one or more UPFs managed by the SMF are basically the same as those of the prior art, such as packet inspection, packet routing and forwarding, point of connection of PDU sessions to the data network, Qos processing and policy control, etc. The difference lies in the service types, geographical location information, access points and other information supported by the UPF, and most of the existing selection methods of the UPF control the selection of the UPF according to the information or information, and do not mention the policy of limiting the user terminal accessing the UPF.
The above prior art can achieve the purpose of accessing UPF for user equipment UE. However, in the 5G core network, for some private UPFs, the user terminals accessing the UPF need to be restricted, and only some specific user terminals can access the UPF.
In some special cases, a specific UE needs a corresponding private UPF to provide service to operate normally. Meanwhile, other UEs may connect to the private UPF, occupy the resources of the private UPF, and indirectly affect the normal operation of a specific UE.
Disclosure of Invention
In view of the above, in order to solve the above problems, the present invention provides a method for restricting a user terminal from accessing a UPF, so that a specific user terminal is allowed to access a private UPF, thereby satisfying user-level access restriction, avoiding other user terminals that do not need to access the private UPF from accessing the private UPF, and realizing the special or private use of the UPF.
The technical scheme of the invention is as follows:
a method of restricting access to UPF by a user terminal, comprising the steps of:
step S1, configuring private UPF;
step S2, SMF obtains the identification information of the current user terminal;
and step S3, the SMF selects UPF for the current user terminal according to the identification information.
Specifically, the step S1 includes:
step S101, configuring identification information of at least one specific user terminal in a private UPF;
step S102, the private UPF sends configured identification information of a specific user terminal when registering to the SMF;
step S103, the SMF stores the identification information of the specific user terminal and establishes a mapping table from the identification information to the corresponding private UPF.
Specifically, the step S2 includes:
step S201, the current user terminal initiates a PDU session establishment request to a core network through a nearby base station;
step S202, the AMF receives a PDU session establishment request of the current user terminal, and transmits the PDU session establishment request to the SMF, wherein the request carries identification information of the current user terminal;
step S203, the SMF receives the PDU session establishment request and stores the identification information of the current user terminal.
Preferably, the identification information includes, but is not limited to, SUPI, MSISDN or PEI.
Specifically, the step S3 includes:
s301, SMF selects a UPF group from UPFs managed by the SMF according to the existing UPF selection method;
step S302, judging whether a private UPF exists in the UPF group, and if so, going to step S303; if not, go to step S305;
step S303, judging whether the private UPF can provide service for the current user terminal, if so, going to step S304; if not, go to step S305;
step S304, selecting the private UPF to provide service for the current user terminal;
step S305, selecting a non-private UPF from the UPF group to provide service for the current user terminal.
Preferably, a particular user terminal is capable of connecting to multiple private UPFs.
Preferably, in step S303, whether the private UPF can provide a service for the current user terminal is determined according to the mapping table.
Preferably, the mapping table includes a corresponding relationship between the identification information of the specific user terminal and the private UPF.
Preferably, if the identification information in the mapping table is null, the private UPF is indicated to not limit the identification information of the user terminal.
Preferably, when the identification information of the current user terminal meets the identification information corresponding to the private UPF in the mapping table, the private UPF may provide a service for the current user terminal.
The invention has the beneficial effects that:
the private UPF and the identification information of the specific user terminal supported by the UPF are stored in the SMF, so that the SMF can conveniently judge that the private UPF in the UPF group can provide service for the current user terminal UE, the specific user terminal is ensured to be accessed into the corresponding private UPF certainly, and the non-specific user terminal is accessed into the common UPF, thereby meeting the requirements of the specific user terminal and achieving the purpose of user-level UPF access restriction.
Drawings
FIG. 1 is a diagram illustrating steps for restricting access of a user terminal to a UPF according to the present invention;
FIG. 2 is a diagram illustrating the steps of configuring private UPF according to the present invention;
fig. 3 is a schematic diagram of a step of acquiring identification information of a current user terminal by an SMF according to the present invention;
fig. 4 is a schematic diagram illustrating a step of selecting a UPF for a current user terminal by an SMF according to identification information according to the present invention;
fig. 5 is a flow chart of the matching and access UPF of the present invention;
fig. 6 is a diagram illustrating selection of UPF access by an SMF according to the present invention.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Example one
The invention realizes the purpose of UPF user-level access restriction, achieves the effect of accessing the private UPF by a specific user terminal by using the identification information matching method, and realizes the special use or the privacy of the UPF.
The method for limiting the user terminal to access the UPF comprises the following steps:
step S1, configuring private UPF, specifically including the following steps:
step S101, configuring identification information of a specific user terminal in a private UPF;
and configuring identification information of one or more specific user terminals into the private UPF when the private UPF is deployed. The identification information may be a single identification information, an identification information interval, or a null value.
Step S102, the private UPF sends configured identification information of a specific user terminal when registering to the SMF;
at the time of UPF registration, each private UPF sends identification information of a specific user terminal to the SMF of its home core network, where the specific user terminal is one or more, and the identification information includes, but is not limited to, the following: SUPI, MSISDN, PEI, etc. And according to the requirements of the user, when the UPF is configured, one or more types of the identification information are used for limiting the user terminal accessing the UPF. The UPF is configured using one or more types of identification information to meet different UPF configuration requirements. The SUPI, MSISDN and PEI can maximally determine a user terminal, ensuring that only specific user terminals can access the corresponding private UPF.
SUPI: a Permanent Identifier of a subscriber of the SUbscription Permanent Identifier;
MSISDN: mobile Station international ISDN number Mobile Station identification code;
PEI: permanent Equipment identity of the Permanent Equipment of the Permanent Equipment of.
Step S103, the SMF stores the identification information of the specific user terminal and establishes a mapping table from the identification information to the corresponding private UPF.
And the SMF establishes a mapping table from the identification information to the corresponding private UPF according to the identification information of the specific user terminal sent by the private UPF. A particular user terminal may be connected to multiple private UPFs. The identification information is null, which does not limit the identification information of the user terminal; the identification information carrying symbol (x) represents an identification information interval, and the identification information of the user terminal which is limited to be accessed by the UPF is positioned in the identification interval. The following table is an example of a mapping table between identification information in SMF and UPF, and this example is only for illustration and does not represent the final scheme.
Step S2, the SMF obtains the identification information of the current user terminal, which specifically includes:
step S201, the current user terminal UE initiates a PDU session establishment request to a core network by connecting nearby base stations. And the base station forwards the PDU session establishment request of the user terminal UE to the AMF of the home core network, wherein the request comprises the identification information of SUCI, PEI and the like of the user terminal UE.
Step S202, AMF receives PDU session establishment request of current user terminal UE, interacts with control plane network function (AUSF, UDM, NSSF, etc.), verifies the identity of user terminal UE, such as decrypts SUCI to obtain SUPI, searches MSISDN corresponding to the SUPI, etc., and then forwards PDU session establishment request to SMF.
Step S203, the SMF receives the PDU session establishment request and stores the identification information of the current user terminal UE.
And step S3, the SMF selects UPF for the current user terminal according to the identification information.
The method specifically comprises the following steps:
after obtaining the identification information of the current user terminal UE, the SMF selects a UPF group according to the existing UPF selection method; the existing UPF selection method, such as the method, device and system of patent CN108307402A for managing UPF, and patent CN110149675A for a UPF selection method and device, but not limited to this method, are only exemplified here.
And judging whether a private UPF exists in the UPF group, if so, and if the private UPF can provide service for the current user terminal UE, selecting the private UPF to provide service for the current user terminal. And if the private UPF can not provide the service for the current user terminal UE, selecting a non-private UPF in the UPF group to provide the service for the current user terminal. And if no private UPF exists, selecting a non-private UPF from the UPF group to provide service for the current user terminal.
In the example of fig. 6, when the UE1 connects to the core network, the SMF1 selects an UPF group (UPF1, UPF2, UPF3, UPF4, UPF5, etc.) according to a certain selection method according to the identification information of the UE; wherein the UPF1, UPF2, and UPF3 are private UPFs and the UPF4 and UPF5 are non-private UPFs. In the mapping table shown in fig. 6, the identification information of the current user terminal UE1 satisfies the identification information corresponding to the UPF1, and the UPF1 may provide service for the UE 1. The SMF1 selects the UPF1 to serve the current user terminal UE 1.
When the UE2 connects to the core network, the SMF1 selects a selected UPF group (UPF1, UPF2, UPF3, UPF4, UPF5, etc.) according to the identification information of the UE and a certain selection method; wherein the UPF1, UPF2, and UPF3 are private UPFs and the UPF4 and UPF5 are non-private UPFs. In the mapping table shown in fig. 6, the identification information of the current user terminal UE2 does not satisfy the identification information corresponding to the private UPF, and the private UPF cannot provide service for the UE 2. The SMF1 specifies a non-private UPF among the selected UPFs to serve the current user terminal UE2 (e.g., UPF 4).
When the UE3 connects to the core network, the SMF2 selects a UPF group (UPF6) according to a certain selection method based on the identification information of the UE, where the UPF6 is not a private UPF. The SMF2 shown in fig. 6 has no private UPF in the selected UPF group, and the SMF designates a UPF in the UPF group to serve the current user terminal UE3 (e.g., UPF 6).
The above description is for the purpose of illustrating embodiments of the invention and is not intended to limit the invention, and it will be apparent to those skilled in the art that any modification, equivalent replacement, or improvement made without departing from the spirit and principle of the invention shall fall within the protection scope of the invention.
Claims (9)
1. A method for restricting access of a user terminal to a UPF, characterized by: the method comprises the following steps:
step S1, configuring private UPF;
step S2, SMF obtains the identification information of the current user terminal;
step S3, SMF selects UPF for current user terminal according to the identification information;
the step S1 includes:
step S101, configuring identification information of at least one specific user terminal in a private UPF;
step S102, the private UPF sends configured identification information of a specific user terminal when registering to the SMF;
step S103, the SMF stores the identification information of the specific user terminal and establishes a mapping table from the identification information to the corresponding private UPF.
2. The method of claim 1, wherein the method further comprises: the step S2 includes:
step S201, the current user terminal initiates a PDU session establishment request to a core network through a nearby base station;
step S202, the AMF receives a PDU session establishment request of the current user terminal, and transmits the PDU session establishment request to the SMF, wherein the request carries identification information of the current user terminal;
step S203, the SMF receives the PDU session establishment request and stores the identification information of the current user terminal.
3. A method for restricting a user terminal to access UPF according to claim 1 or 2, characterized in that: the identification information includes but is not limited to SUPI, MSISDN or PEI.
4. The method of claim 1, wherein the method further comprises: the step S3 includes:
s301, SMF selects a UPF group from UPFs managed by the SMF according to the existing UPF selection method;
step S302, judging whether a private UPF exists in the UPF group, and if so, going to step S303; if not, go to step S305;
step S303, judging whether the private UPF can provide service for the current user terminal, if so, going to step S304; if not, go to step S305;
step S304, selecting the private UPF to provide service for the current user terminal;
step S305, selecting a non-private UPF from the UPF group to provide service for the current user terminal.
5. The method of claim 4, wherein the method further comprises: a particular user terminal can be connected to more than one private UPF.
6. The method of claim 4, wherein the method further comprises: in step S303, it is determined whether the private UPF can provide services for the current user terminal according to the mapping table.
7. The method of claim 6, wherein the method further comprises: the mapping table includes a corresponding relationship between identification information of a specific user terminal and a private UPF.
8. A method for restricting user terminal access to UPF according to claim 6 or 7, characterized in that: when the identification information of the current user terminal meets the identification information corresponding to the private UPF in the mapping table, the private UPF can provide service for the current user terminal.
9. The method of claim 7, wherein the step of restricting the access of the user terminal to the UPF comprises: and if the identification information in the mapping table is empty, the private UPF is represented to not limit the identification information of the user terminal.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910977304.6A CN110602803B (en) | 2019-10-15 | 2019-10-15 | Method for limiting user terminal to access UPF |
| PCT/CN2019/127745 WO2021072970A1 (en) | 2019-10-15 | 2019-12-24 | Method for restricting user terminal to access upf |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910977304.6A CN110602803B (en) | 2019-10-15 | 2019-10-15 | Method for limiting user terminal to access UPF |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110602803A CN110602803A (en) | 2019-12-20 |
| CN110602803B true CN110602803B (en) | 2020-12-08 |
Family
ID=68867349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910977304.6A Active CN110602803B (en) | 2019-10-15 | 2019-10-15 | Method for limiting user terminal to access UPF |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110602803B (en) |
| WO (1) | WO2021072970A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602803B (en) * | 2019-10-15 | 2020-12-08 | 广州爱浦路网络技术有限公司 | Method for limiting user terminal to access UPF |
| BR112022019957A2 (en) * | 2020-03-31 | 2022-12-13 | Huawei Tech Co Ltd | METHOD FOR OBTAINING TERMINAL DEVICE, DEVICE AND SYSTEM IDENTIFIER |
| CN114071791B (en) * | 2020-08-06 | 2024-01-26 | 北京佰才邦技术股份有限公司 | User plane function information reporting method, access network equipment and core network equipment |
| CN113422772B (en) * | 2021-06-22 | 2023-05-30 | 中国联合网络通信集团有限公司 | Private network terminal access processing method and device and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108370600A (en) * | 2017-05-09 | 2018-08-03 | 华为技术有限公司 | A kind of conversation managing method, terminal and system |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108307402A (en) * | 2016-08-31 | 2018-07-20 | 中兴通讯股份有限公司 | Manage the method, apparatus and system of UPF |
| US10728952B2 (en) * | 2017-01-09 | 2020-07-28 | Huawei Technologies Co., Ltd. | System and methods for session management |
| EP3635997B1 (en) * | 2017-06-06 | 2020-08-26 | Telefonaktiebolaget LM Ericsson (publ) | Technique for user plane function allocation |
| CN113596744B (en) * | 2017-09-30 | 2023-11-03 | 华为技术有限公司 | Communication method, device and system |
| CN109996346B (en) * | 2017-12-29 | 2021-07-16 | 华为技术有限公司 | Session establishment method, device and system |
| CN110167003B (en) * | 2018-01-12 | 2023-10-20 | 华为技术有限公司 | Session management method, device and system |
| CN110049504B (en) * | 2018-01-15 | 2021-06-22 | 华为技术有限公司 | Session management method and device |
| CN108271229B (en) * | 2018-01-31 | 2020-08-14 | 中国联合网络通信集团有限公司 | User plane selection method and device |
| CN110149675B (en) * | 2018-02-11 | 2020-12-04 | 大唐移动通信设备有限公司 | UPF selection method and device |
| CN110602803B (en) * | 2019-10-15 | 2020-12-08 | 广州爱浦路网络技术有限公司 | Method for limiting user terminal to access UPF |
-
2019
- 2019-10-15 CN CN201910977304.6A patent/CN110602803B/en active Active
- 2019-12-24 WO PCT/CN2019/127745 patent/WO2021072970A1/en active Application Filing
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108370600A (en) * | 2017-05-09 | 2018-08-03 | 华为技术有限公司 | A kind of conversation managing method, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110602803A (en) | 2019-12-20 |
| WO2021072970A1 (en) | 2021-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11122414B2 (en) | Method and apparatus for session management function selection | |
| CN110602803B (en) | Method for limiting user terminal to access UPF | |
| US10455489B2 (en) | Method for supporting PDN GW selection | |
| CN113891433B (en) | Method for operating a base station device and a terminal for selecting a core network | |
| JP2020198634A (en) | Dedicated core network (DCN) selection | |
| EP3445072B1 (en) | Mobile radio communication network and method for associating a mobile radio terminal device to a network slice instance of a mobile radio communication network | |
| US20220159536A1 (en) | Network function database, mobile communication network component, method for selecting a network function and method for registering a network function | |
| WO2020069938A1 (en) | Communication terminal, method for requesting a connection, network component and method for serving a communication terminal | |
| CN118764926A (en) | Traffic routing towards a local data network based on application function requests | |
| JP7268203B2 (en) | Access control component and method for controlling usage of mobile communication system | |
| CN114189844A (en) | Terminal cross-region communication method, network element equipment and storage medium | |
| WO2020088941A1 (en) | Network component, communication terminal, method for serving a communication terminal and method for using a communication network | |
| CN106341851B (en) | Method for establishing special bearing for specified terminal | |
| CN108141819B (en) | Wireless access network interworking | |
| EP4068848A1 (en) | Communication network arrangement and method for selecting a network function of a communication network | |
| US20240040496A1 (en) | Ue access identity determination for 3gpp and non-3gpp accesses | |
| CN117560651A (en) | Communication method and device and communication equipment | |
| WO2024166061A1 (en) | Access function (af) providing user equipment (ue) route selection policy (ursp) rules for roamers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |